archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetcore/winhttp/v5/auth/digest.cxx

537 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include <wininetp.h>
  2. #include <splugin.hxx>
  3. #include <security.h>
  4. #include "auth.h"
  6. #define SSP_SPM_NT_DLL "security.dll"
  8. #define MAX_SILENT_RETRIES 3
  9. #define OUTPUT_BUFFER_LEN 10000
  11. #define HEADER_IDX 0
  12. #define REALM_IDX 1
  13. #define HOST_IDX 2
  14. #define URL_IDX 3
  15. #define METHOD_IDX 4
  16. #define USER_IDX 5
  17. #define PASS_IDX 6
  18. #define NONCE_IDX 7
  19. #define NC_IDX 8
  20. #define HWND_IDX 9
  21. #define NUM_BUFF 10
  23. #define ISC_MODE_AUTH 0
  24. #define ISC_MODE_PREAUTH 1
  25. #define ISC_MODE_UI 2
  27. struct DIGEST_PKG_DATA
  28. {
  29. LPSTR szAppCtx;
  30. LPSTR szUserCtx;
  31. };
  33. /*-----------------------------------------------------------------------------
  34. DIGEST_CTX
  35. -----------------------------------------------------------------------------*/
  37. // Globals
  38. PSecurityFunctionTable DIGEST_CTX::g_pFuncTbl = NULL;
  39. CredHandle DIGEST_CTX::g_hCred;
  42. /*---------------------------------------------------------------------------
  43. DIGEST_CTX::GetFuncTbl
  44. ---------------------------------------------------------------------------*/
  45. VOID DIGEST_CTX::GetFuncTbl()
  46. {
  47. HINSTANCE hSecLib;
  48. INIT_SECURITY_INTERFACE addrProcISI = NULL;
  49. OSVERSIONINFO VerInfo;
  51. VerInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
  53. GetVersionEx (&VerInfo);
  55. if (VerInfo.dwPlatformId == VER_PLATFORM_WIN32_NT)
  56. {
  57. hSecLib = LoadLibrary (SSP_SPM_NT_DLL);
  58. }
  60. addrProcISI = (INIT_SECURITY_INTERFACE) GetProcAddress(hSecLib,
  61. SECURITY_ENTRYPOINT_ANSI);
  63. g_pFuncTbl = (*addrProcISI)();
  64. }
  66. /*---------------------------------------------------------------------------
  67. DIGEST_CTX::GetRequestUri
  68. ---------------------------------------------------------------------------*/
  69. LPSTR DIGEST_CTX::GetRequestUri()
  70. {
  71. LPSTR szUrl;
  72. DWORD cbUrl;
  74. URL_COMPONENTS sUrl;
  76. memset(&sUrl, 0, sizeof(sUrl));
  77. sUrl.dwStructSize = sizeof(sUrl);
  78. sUrl.dwHostNameLength = -1;
  79. sUrl.dwUrlPathLength = -1;
  80. sUrl.dwExtraInfoLength = -1;
  82. szUrl = _pRequest->GetURL();
  84. // Generate request-uri
  85. if (WinHttpCrackUrlA(szUrl, strlen(szUrl), 0, &sUrl))
  86. {
  87. cbUrl = sUrl.dwUrlPathLength;
  88. szUrl = New CHAR[cbUrl+1];
  90. if (!szUrl)
  91. {
  92. // Alloc failure. Return NULL. We will
  93. // use _pRequest->GetURL instead.
  94. return NULL;
  95. }
  97. memcpy(szUrl, sUrl.lpszUrlPath, cbUrl);
  98. szUrl[cbUrl] = '\0';
  99. }
  100. else
  101. {
  102. // ICU failed. Return NULL which
  103. // will cause _pRequest->GetURL
  104. // to be used.
  105. return NULL;
  106. }
  108. return szUrl;
  109. }
  112. /*---------------------------------------------------------------------------
  113. DIGEST_CTX::InitSecurityBuffers
  114. ---------------------------------------------------------------------------*/
  115. VOID DIGEST_CTX::InitSecurityBuffers(LPSTR szOutBuf, DWORD cbOutBuf,
  116. LPDWORD pdwSecFlags, DWORD dwISCMode)
  117. {
  118. // Input Buffer.
  119. _SecBuffInDesc.cBuffers = NUM_BUFF;
  120. _SecBuffInDesc.pBuffers = _SecBuffIn;
  122. // Set Header
  123. _SecBuffIn[HEADER_IDX].pvBuffer = _szData;
  124. _SecBuffIn[HEADER_IDX].cbBuffer = _cbData;
  125. _SecBuffIn[HEADER_IDX].BufferType = SECBUFFER_TOKEN;
  127. // If credentials are supplied will be set to
  128. // ISC_REQ_USE_SUPPLIED_CREDS.
  129. // If prompting for auth dialog will be set to
  130. // ISC_REQ_PROMPT_FOR_CREDS.
  131. *pdwSecFlags = 0;
  133. // Set realm if no header, otherwise NULL.
  134. if (_SecBuffIn[HEADER_IDX].pvBuffer)
  135. {
  136. _SecBuffIn[REALM_IDX].pvBuffer = NULL;
  137. _SecBuffIn[REALM_IDX].cbBuffer = 0;
  138. }
  139. else
  140. {
  141. // We are preauthenticating using the realm
  142. _SecBuffIn[REALM_IDX].pvBuffer = _pCreds->lpszRealm;
  143. _SecBuffIn[REALM_IDX].cbBuffer = strlen(_pCreds->lpszRealm);
  144. }
  146. // Host.
  147. _SecBuffIn[HOST_IDX].pvBuffer = _pCreds->lpszHost;
  148. _SecBuffIn[HOST_IDX].cbBuffer = strlen(_pCreds->lpszHost);
  149. _SecBuffIn[HOST_IDX].BufferType = SECBUFFER_TOKEN;
  152. // Request URI.
  153. if (!_szRequestUri)
  154. {
  155. _szRequestUri = GetRequestUri();
  156. if (_szRequestUri)
  157. _SecBuffIn[URL_IDX].pvBuffer = _szRequestUri;
  158. else
  159. _SecBuffIn[URL_IDX].pvBuffer = _pRequest->GetURL();
  160. }
  162. _SecBuffIn[URL_IDX].cbBuffer = strlen((LPSTR) _SecBuffIn[URL_IDX].pvBuffer);
  163. _SecBuffIn[URL_IDX].BufferType = SECBUFFER_TOKEN;
  166. // HTTP method.
  167. _SecBuffIn[METHOD_IDX].cbBuffer =
  168. MapHttpMethodType(_pRequest->GetMethodType(), (LPCSTR*) &_SecBuffIn[METHOD_IDX].pvBuffer);
  169. _SecBuffIn[METHOD_IDX].BufferType = SECBUFFER_TOKEN;
  171. // User and pass might be provided from Creds entry. Use only if
  172. // we have a challenge header (we don't pre-auth using supplied creds).
  173. if (dwISCMode == ISC_MODE_AUTH && _pCreds->lpszUser && *_pCreds->lpszUser
  174. && _pCreds->lpszPass && *_pCreds->lpszPass)
  175. {
  176. // User.
  177. _SecBuffIn[USER_IDX].pvBuffer = _pCreds->lpszUser;
  178. _SecBuffIn[USER_IDX].cbBuffer = strlen(_pCreds->lpszUser);
  179. _SecBuffIn[USER_IDX].BufferType = SECBUFFER_TOKEN;
  181. // Pass.
  182. _SecBuffIn[PASS_IDX].pvBuffer = _pCreds->lpszPass;
  183. _SecBuffIn[PASS_IDX].cbBuffer = strlen(_pCreds->lpszPass);
  184. _SecBuffIn[PASS_IDX].BufferType = SECBUFFER_TOKEN;
  185. *pdwSecFlags = ISC_REQ_USE_SUPPLIED_CREDS;
  186. }
  187. else
  188. {
  189. // User.
  190. _SecBuffIn[USER_IDX].pvBuffer = NULL;
  191. _SecBuffIn[USER_IDX].cbBuffer = 0;
  192. _SecBuffIn[USER_IDX].BufferType = SECBUFFER_TOKEN;
  194. // Pass.
  195. _SecBuffIn[PASS_IDX].pvBuffer = NULL;
  196. _SecBuffIn[PASS_IDX].cbBuffer = 0;
  197. _SecBuffIn[PASS_IDX].BufferType = SECBUFFER_TOKEN;
  198. }
  200. if (dwISCMode == ISC_MODE_UI)
  201. *pdwSecFlags = ISC_REQ_PROMPT_FOR_CREDS;
  203. // Out Buffer.
  204. _SecBuffOutDesc.cBuffers = 1;
  205. _SecBuffOutDesc.pBuffers = _SecBuffOut;
  206. _SecBuffOut[0].pvBuffer = szOutBuf;
  207. _SecBuffOut[0].cbBuffer = cbOutBuf;
  208. _SecBuffOut[0].BufferType = SECBUFFER_TOKEN;
  209. }
  212. /*---------------------------------------------------------------------------
  213. Constructor
  214. ---------------------------------------------------------------------------*/
  215. DIGEST_CTX::DIGEST_CTX(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy,
  216. SPMData *pSPM, AUTH_CREDS* pCreds)
  217. : AUTHCTX(pSPM, pCreds)
  218. {
  219. SECURITY_STATUS ssResult;
  220. _fIsProxy = fIsProxy;
  221. _pRequest = pRequest;
  223. _szAlloc = NULL;
  224. _szData = NULL;
  225. _pvContext = NULL;
  226. _szRequestUri = NULL;
  227. _cbData = 0;
  228. _cbContext = 0;
  229. _nRetries = 0;
  232. // Zero out the security buffers and request context.
  233. memset(&_SecBuffInDesc, 0, sizeof(_SecBuffInDesc));
  234. memset(&_SecBuffOutDesc, 0, sizeof(_SecBuffInDesc));
  235. memset(_SecBuffIn, 0, sizeof(_SecBuffIn));
  236. memset(_SecBuffOut, 0, sizeof(_SecBuffOut));
  237. memset(&_hCtxt, 0, sizeof(_hCtxt));
  239. // Is this the first time that the digest SSPI package
  240. // is being called for this process.
  241. if (!g_pFuncTbl)
  242. {
  243. // Get the global SSPI dispatch table.
  244. GetFuncTbl();
  246. DIGEST_PKG_DATA PkgData;
  247. SEC_WINNT_AUTH_IDENTITY_EXA SecIdExA;
  249. // Logon with szAppCtx = szUserCtx = NULL.
  250. PkgData.szAppCtx = PkgData.szUserCtx = NULL;
  251. memset(&SecIdExA, 0, sizeof(SEC_WINNT_AUTH_IDENTITY_EXA));
  253. SecIdExA.Version = sizeof(SEC_WINNT_AUTH_IDENTITY_EXA);
  254. SecIdExA.User = (unsigned char*) &PkgData;
  255. SecIdExA.UserLength = sizeof(DIGEST_PKG_DATA);
  257. // Get the global credentials handle.
  258. ssResult = (*(g_pFuncTbl->AcquireCredentialsHandleA))
  259. (NULL, "Digest", SECPKG_CRED_OUTBOUND, NULL, &SecIdExA, NULL, 0, &g_hCred, NULL);
  260. }
  261. }
  264. /*---------------------------------------------------------------------------
  265. DIGEST_CTX::PromptForCreds
  266. ---------------------------------------------------------------------------*/
  267. DWORD DIGEST_CTX::PromptForCreds(HWND hWnd)
  268. {
  269. SECURITY_STATUS ssResult;
  271. // Prompt for the credentials.
  272. INET_ASSERT(_pvContext);
  273. _cbContext = OUTPUT_BUFFER_LEN;
  275. DWORD sf;
  276. InitSecurityBuffers((LPSTR) _pvContext, _cbContext, &sf, ISC_MODE_UI);
  278. _SecBuffIn[HWND_IDX].pvBuffer = &hWnd;
  279. _SecBuffIn[HWND_IDX].cbBuffer = sizeof(HWND);
  281. ssResult = (*(g_pFuncTbl->InitializeSecurityContextA))(&g_hCred, &_hCtxt, NULL, sf,
  282. 0, 0, &_SecBuffInDesc, 0, &_hCtxt, &_SecBuffOutDesc, NULL, NULL);
  284. _cbContext = _SecBuffOutDesc.pBuffers[0].cbBuffer;
  286. if (ssResult == SEC_E_NO_CREDENTIALS)
  287. return ERROR_CANCELLED;
  289. return (DWORD) ssResult;
  290. }
  293. /*---------------------------------------------------------------------------
  294. Destructor
  295. ---------------------------------------------------------------------------*/
  296. DIGEST_CTX::~DIGEST_CTX()
  297. {
  298. if (_szAlloc)
  299. delete _szAlloc;
  301. if (_pvContext)
  302. delete _pvContext;
  304. if (_szRequestUri)
  305. delete _szRequestUri;
  306. }
  309. /*---------------------------------------------------------------------------
  310. PreAuthUser
  311. ---------------------------------------------------------------------------*/
  312. DWORD DIGEST_CTX::PreAuthUser(OUT LPSTR pBuff, IN OUT LPDWORD pcbBuff)
  313. {
  314. SECURITY_STATUS ssResult = SEC_E_OK;
  315. INET_ASSERT(_pSPMData == _pCreds->pSPM);
  317. if (AuthLock())
  318. {
  319. // If a response has been generated copy into output buffer.
  320. if (_cbContext)
  321. {
  322. memcpy(pBuff, _pvContext, _cbContext);
  323. *pcbBuff = _cbContext;
  324. }
  325. // Otherwise attempt to preauthenticate.
  326. else
  327. {
  328. // Call into the SSPI package.
  329. DWORD sf;
  330. InitSecurityBuffers(pBuff, *pcbBuff, &sf, ISC_MODE_PREAUTH);
  332. ssResult = (*(g_pFuncTbl->InitializeSecurityContext))(&g_hCred, NULL, NULL, sf,
  333. 0, 0, &_SecBuffInDesc, 0, &_hCtxt, &_SecBuffOutDesc, NULL, NULL);
  335. *pcbBuff = _SecBuffOut[0].cbBuffer;
  336. }
  338. AuthUnlock();
  339. }
  341. return (DWORD) ssResult;
  342. }
  344. /*---------------------------------------------------------------------------
  345. UpdateFromHeaders
  346. ---------------------------------------------------------------------------*/
  347. DWORD DIGEST_CTX::UpdateFromHeaders(HTTP_REQUEST_HANDLE_OBJECT *pRequest, BOOL fIsProxy)
  348. {
  349. if (!AuthLock())
  350. {
  351. return ERROR_NOT_ENOUGH_MEMORY;
  352. }
  354. DWORD dwError, cbExtra, dwAuthIdx;
  355. LPSTR szAuthHeader, szExtra, szScheme;
  356. LPSTR szRealm;
  357. DWORD cbRealm;
  359. // Get the associated header.
  360. if ((dwError = FindHdrIdxFromScheme(&dwAuthIdx)) != ERROR_SUCCESS)
  361. goto exit;
  363. // If this auth ctx does not have Creds then it has been
  364. // just been constructed in response to a 401.
  365. if (!_pCreds)
  366. {
  367. // Get any realm.
  368. dwError = GetAuthHeaderData(pRequest, fIsProxy, "Realm",
  369. &szRealm, &cbRealm, ALLOCATE_BUFFER, dwAuthIdx);
  371. _pCreds = CreateCreds(pRequest, fIsProxy, _pSPMData, szRealm);
  373. if (pRequest->_pszRealm)
  374. {
  375. FREE_MEMORY(pRequest->_pszRealm);
  376. }
  377. pRequest->_pszRealm = szRealm;
  378. szRealm = NULL;
  380. if (_pCreds)
  381. {
  382. INET_ASSERT(_pCreds->pSPM == _pSPMData);
  383. }
  384. else
  385. {
  386. dwError = ERROR_WINHTTP_INTERNAL_ERROR;
  387. goto exit;
  388. }
  389. }
  391. // Updating the buffer - delete old one if necessary.
  392. if (_szAlloc)
  393. {
  394. delete _szAlloc;
  395. _szAlloc = _szData = NULL;
  396. _cbData = 0;
  397. }
  399. // Get the entire authentication header.
  400. dwError = GetAuthHeaderData(pRequest, fIsProxy, NULL,
  401. &_szAlloc, &_cbData, ALLOCATE_BUFFER, dwAuthIdx);
  403. if (dwError != ERROR_SUCCESS)
  404. {
  405. goto exit;
  406. }
  408. // Point just past scheme
  409. _szData = _szAlloc;
  410. while (*_szData != ' ')
  411. {
  412. _szData++;
  413. _cbData--;
  414. }
  416. // The request will be retried.
  417. dwError = ERROR_SUCCESS;
  419. exit:
  420. AuthUnlock();
  421. return dwError;
  422. }
  426. /*---------------------------------------------------------------------------
  427. PostAuthUser
  428. ---------------------------------------------------------------------------*/
  429. DWORD DIGEST_CTX::PostAuthUser()
  430. {
  431. if (!AuthLock())
  432. {
  433. return ERROR_NOT_ENOUGH_MEMORY;
  434. }
  436. INET_ASSERT(_pSPMData == _pCreds->pSPM);
  438. DWORD dwError;
  439. SECURITY_STATUS ssResult;
  441. // Allocate an output buffer if not done so already.
  442. if (!_pvContext)
  443. {
  444. _pvContext = New CHAR[OUTPUT_BUFFER_LEN];
  445. if (!_pvContext)
  446. {
  447. dwError = ERROR_NOT_ENOUGH_MEMORY;
  448. goto exit;
  449. }
  450. }
  452. _cbContext = OUTPUT_BUFFER_LEN;
  455. if (_nRetries++ < MAX_SILENT_RETRIES)
  456. {
  457. // If we pre-authenticated, treat as second
  458. // or subsequent attempt. We depend on the
  459. // server correctly sending stale=FALSE (or no stale)
  460. // if the credentials sent during pre-auth were bad.
  461. // In this case the digest pkg will return SEC_E_NO_CREDENTIALS
  462. // and we will prompt for credentials.
  463. // BUGBUG - Use ApplyControlToken
  464. if (_nRetries == 1 && _pRequest->GetCreds())
  465. {
  466. // Increment num of retries to 2
  467. _nRetries++;
  469. // The dwLower member has to have the correct value
  470. // so that secur32.dll can route to correct provider.
  471. _hCtxt.dwLower = g_hCred.dwLower;
  472. }
  474. // Call into the SSPI package.
  476. DWORD sf;
  477. InitSecurityBuffers((LPSTR) _pvContext, _cbContext, &sf, ISC_MODE_AUTH);
  478. ssResult = (*(g_pFuncTbl->InitializeSecurityContext))
  479. (&g_hCred, (_nRetries == 1 ? NULL : &_hCtxt), NULL, sf,
  480. 0, 0, &_SecBuffInDesc, 0, &_hCtxt, &_SecBuffOutDesc, NULL, NULL);
  481. _cbContext = _SecBuffOutDesc.pBuffers[0].cbBuffer;
  483. switch(ssResult)
  484. {
  485. case SEC_E_OK:
  486. {
  487. dwError = ERROR_WINHTTP_FORCE_RETRY;
  488. break;
  489. }
  490. case SEC_E_NO_CREDENTIALS:
  491. {
  492. dwError = ERROR_WINHTTP_INCORRECT_PASSWORD;
  493. break;
  494. }
  495. default:
  496. dwError = ERROR_WINHTTP_LOGIN_FAILURE;
  497. }
  498. }
  499. else
  500. {
  501. _cbContext = 0;
  502. _nRetries = 0;
  503. dwError = ERROR_WINHTTP_INCORRECT_PASSWORD;
  504. }
  506. exit:
  507. _pRequest->SetCreds(NULL);
  508. AuthUnlock();
  509. return dwError;
  510. }
  512. /*---------------------------------------------------------------------------
  513. Flush creds
  514. ---------------------------------------------------------------------------*/
  515. VOID DIGEST_CTX::FlushCreds()
  516. {
  517. DWORD ssResult;
  518. if (g_pFuncTbl)
  519. {
  520. DWORD sf = ISC_REQ_NULL_SESSION;
  521. ssResult = (*(g_pFuncTbl->InitializeSecurityContext))(&g_hCred, NULL, NULL, sf,
  522. 0, 0, NULL, 0, NULL, NULL, NULL, NULL);
  523. }
  524. }
  526. /*---------------------------------------------------------------------------
  527. Logoff
  528. ---------------------------------------------------------------------------*/
  529. VOID DIGEST_CTX::Logoff()
  530. {
  531. DWORD ssResult;
  532. if (g_pFuncTbl)
  533. {
  534. ssResult = (*(g_pFuncTbl->FreeCredentialsHandle))(&g_hCred);
  535. }
  536. }