archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/inetcore/wininet/auth/sspspm.c

514 lines
15 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*#----------------------------------------------------------------------------
  2. **
  3. ** File: sspspm.c
  4. **
  5. ** Synopsis: Security Protocol Module for SSPI Authentication providers.
  6. **
  7. ** This module contains major funtions of the SEC_SSPI.DLL which
  8. ** allows the Internet Explorer to use SSPI providers for authentication.
  9. ** The function exported to the Internet Explorer is Ssp_Load() which
  10. ** passes the address of the Ssp__DownCall() function to the Explorer.
  11. ** Then the Explorer will call Ssp__DownCall() when it needs service from
  12. ** this SPM DLL. The two major functions called by Ssp__DownCall() to
  13. ** service Explorer's request are Ssp__PreProcessRequest() and
  14. ** Ssp__ProcessResponse(). In brief, Ssp__PreProcessRequest() is
  15. ** called before the Explorer sends out a request which does not have
  16. ** any 'Authorization' header yet. And Ssp__ProcessResponse() is called
  17. ** whenever the Explorer receives an 401 'Unauthorized' response from the
  18. ** server. This SPM DLL supports all SSPI packages which are installed
  19. ** on the machine. However, MSN will be given higher priority over the
  20. ** other SSPI packages if the user already logon to MSN; in that case,
  21. ** Ssp__PreProcessRequest() will always attach MSN authentication header
  22. ** to the out-going request.
  23. **
  24. ** This SPM DLL is called by the Internet Explorer only for its
  25. ** The Internet Explorer only calls this SPM DLL when it needs
  26. ** authentication data in its request/response. In other words, the
  27. ** Explorer never calls this SPM DLL when an authentication succeeded;
  28. ** it never calls this DLL when it decide to give up on a connection
  29. ** because of server response timeout. Because of this fact, this SPM
  30. ** DLL never has sufficient information on the state of each server
  31. ** connection; it only know its state based on the content of the last
  32. ** request and the content of the current response. For this reason, this
  33. ** SPM DLL does not keep state information for each host it has visited
  34. ** unless the information is essential.
  35. ** The security context handle returned from the first call of
  36. ** InitializeSecurityContext() for NEGOTIATE message generation is
  37. ** always the identical for a SSPI package when the same server host is
  38. ** passed. Since the server host name is always in the request/response
  39. ** header, the only information essential in generating a NEGOTIATE or
  40. ** RESPONSE is already available in the header. So unlike most SSPI
  41. ** application, this DLL will not keep the security context handle which
  42. ** it received from the SSPI function calls. Whenever it needs to call
  43. ** the SSPI function for generating a RESPONSE, it will first call the
  44. ** SSPI function without the CHALLENGE to get a security context handle.
  45. ** Then it calls the SSPI function again with the CHALLENGE to generate
  46. ** a RESPONSE.
  47. **
  48. **
  49. ** Copyright (C) 1995 Microsoft Corporation. All Rights Reserved.
  50. **
  51. ** Authors: LucyC Created 25 Sept. 1995
  52. **
  53. **---------------------------------------------------------------------------*/
  54. #include "msnspmh.h"
  55. #include <ntverp.h>
  56. //
  57. // Global variable where all the SSPI Pkgs data is collected
  58. //
  59. SspData *g_pSspData;
  60. HINSTANCE g_hSecLib;
  61. BOOL g_fIsWhistler = FALSE;
  62. BOOL g_fCanUseCredMgr = FALSE;
  64. /*-----------------------------------------------------------------------------
  65. **
  66. ** Function: SpmAddSSPIPkg
  67. **
  68. ** Synopsis: This function adds a SSPI package to the SPM's package list.
  69. **
  70. ** Arguments: pData - Points to the private SPM data structure containing
  71. ** the package list and the package info.
  72. ** pPkgName - package name
  73. ** cbMaxToken - max size of security token
  74. **
  75. ** Returns: The index in the package list where this new package is added.
  76. ** If failed to add the new package, SSPPKG_ERROR is returned.
  77. **
  78. ** History: LucyC Created 21 Oct. 1995
  79. **
  80. **---------------------------------------------------------------------------*/
  81. UCHAR
  82. SpmAddSSPIPkg (
  83. SspData *pData,
  84. LPTSTR pPkgName,
  85. ULONG cbMaxToken
  86. )
  87. {
  88. if ( !(pData->PkgList[pData->PkgCnt] =
  89. LocalAlloc(0, sizeof(SSPAuthPkg))))
  90. {
  91. return SSPPKG_ERROR;
  92. }
  94. if ( !(pData->PkgList[pData->PkgCnt]->pName =
  95. LocalAlloc(0, lstrlen(pPkgName)+1)))
  96. {
  97. LocalFree(pData->PkgList[pData->PkgCnt]);
  98. pData->PkgList[pData->PkgCnt] = NULL;
  99. return SSPPKG_ERROR;
  100. }
  102. lstrcpy (pData->PkgList[pData->PkgCnt]->pName, pPkgName);
  103. pData->PkgList[ pData->PkgCnt ]->Capabilities = 0 ;
  105. pData->PkgList[ pData->PkgCnt ]->cbMaxToken = cbMaxToken;
  107. //
  108. // Determine if this package supports anything of interest to
  109. // us.
  110. //
  112. if ( lstrcmpi( pPkgName, NTLMSP_NAME_A ) == 0 )
  113. {
  114. //
  115. // NTLM supports the standard credential structure
  116. //
  118. pData->PkgList[ pData->PkgCnt ]->Capabilities |= SSPAUTHPKG_SUPPORT_NTLM_CREDS ;
  119. }
  120. else if ( lstrcmpi( pPkgName, "Negotiate" ) == 0 )
  121. {
  122. //
  123. // Negotiate supports that cred structure too
  124. //
  126. pData->PkgList[ pData->PkgCnt ]->Capabilities |= SSPAUTHPKG_SUPPORT_NTLM_CREDS ;
  128. }
  129. else
  130. {
  131. //
  132. // Add more comparisons here, eventually.
  133. //
  135. ;
  136. }
  138. pData->PkgCnt++;
  139. return (pData->PkgCnt - 1);
  140. }
  142. /*-----------------------------------------------------------------------------
  143. **
  144. ** Function: SpmFreePkgList
  145. **
  146. ** Synopsis: This function frees memory allocated for the package list.
  147. **
  148. ** Arguments: pData - Points to the private SPM data structure containing
  149. ** the package list and the package info.
  150. **
  151. ** Returns: void.
  152. **
  153. ** History: LucyC Created 21 Oct. 1995
  154. **
  155. **---------------------------------------------------------------------------*/
  156. VOID
  157. SpmFreePkgList (
  158. SspData *pData
  159. )
  160. {
  161. int ii;
  163. for (ii = 0; ii < pData->PkgCnt; ii++)
  164. {
  165. LocalFree(pData->PkgList[ii]->pName);
  167. LocalFree(pData->PkgList[ii]);
  168. }
  170. LocalFree(pData->PkgList);
  171. }
  174. /*-----------------------------------------------------------------------------
  175. **
  176. ** Function: Ssp__Unload
  177. **
  178. ** Synopsis: This function is called by the Internet Explorer before
  179. ** the SPM DLL is unloaded from the memory.
  180. **
  181. ** Arguments: fpUI - From Explorer for making all UI_SERVICE call
  182. ** pvOpaqueOS - From Explorer for making all UI_SERVICE call
  183. ** htspm - the SPM structure which contains the global data
  184. ** storage for this SPM DLL.
  185. **
  186. ** Returns: always returns SPM_STATUS_OK, which means successful.
  187. **
  188. ** History: LucyC Created 25 Sept. 1995
  189. **
  190. **---------------------------------------------------------------------------*/
  191. DWORD SSPI_Unload()
  192. {
  193. if (g_pSspData != NULL)
  194. {
  195. SpmFreePkgList(g_pSspData);
  196. LocalFree(g_pSspData);
  197. g_pSspData = NULL;
  198. }
  200. if (g_hSecLib)
  201. {
  202. FreeLibrary (g_hSecLib);
  203. g_hSecLib = NULL;
  204. }
  206. return SPM_STATUS_OK;
  207. }
  211. /*-----------------------------------------------------------------------------
  212. **
  213. ** Function: SspSPM_InitData
  214. **
  215. ** Synopsis: This function allocates and initializes global data structure
  216. ** of the SPM DLL.
  217. **
  218. ** Arguments:
  219. **
  220. ** Returns: Pointer to the allocated global data structure.
  221. **
  222. ** History: LucyC Created 25 Sept. 1995
  223. **
  224. **---------------------------------------------------------------------------*/
  225. LPVOID SSPI_InitGlobals(void)
  226. {
  227. SspData *pData = NULL;
  228. OSVERSIONINFO VerInfo;
  229. UCHAR lpszDLL[SSP_SPM_DLL_NAME_SIZE];
  230. INIT_SECURITY_INTERFACE addrProcISI = NULL;
  232. SECURITY_STATUS sstat;
  233. ULONG ii, cntPkg;
  234. PSecPkgInfo pPkgInfo = NULL;
  235. PSecurityFunctionTable pFuncTbl = NULL;
  237. if (g_pSspData)
  238. return g_pSspData;
  240. //
  241. // Setup registry to enable MSN authentication package
  242. // MSNSetupSspiReg();
  243. //
  245. //
  246. // Initialize SSP SPM Global Data
  247. //
  249. //
  250. // Find out which security DLL to use, depending on
  251. // whether we are on NT or Win95
  252. //
  253. VerInfo.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
  254. if (!GetVersionEx (&VerInfo)) // If this fails, something has gone wrong
  255. {
  256. return (NULL);
  257. }
  259. if (VerInfo.dwPlatformId == VER_PLATFORM_WIN32_NT)
  260. {
  261. lstrcpy (lpszDLL, SSP_SPM_NT_DLL);
  263. if ((VerInfo.dwMajorVersion >= 5) &&
  264. (VerInfo.dwMinorVersion >= 1))
  265. {
  266. DWORD dwMaximumPersist = 0;
  268. g_fIsWhistler = TRUE;
  269. }
  270. else
  271. {
  272. g_fIsWhistler = FALSE;
  273. }
  274. }
  275. else if (VerInfo.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
  276. {
  277. lstrcpy (lpszDLL, SSP_SPM_WIN95_DLL);
  278. }
  279. else if (VerInfo.dwPlatformId == VER_PLATFORM_WIN32_UNIX)
  280. {
  281. lstrcpy (lpszDLL, SSP_SPM_UNIX_DLL);
  282. }
  283. else
  284. {
  285. return (NULL);
  286. }
  288. if (!(pData = (SspData *) LocalAlloc(0, sizeof(SspData)))) {
  290. return(NULL);
  292. }
  294. //
  295. // Keep these information in global SPM
  296. //
  297. ZeroMemory (pData, sizeof(SspData));
  298. pData->MsnPkg = SSPPKG_NO_PKG;
  300. //
  301. // Load Security DLL
  302. //
  303. g_hSecLib = LoadLibrary (lpszDLL);
  304. if (g_hSecLib == NULL)
  305. {
  306. // This should never happen.
  307. goto Cleanup;
  308. }
  310. #ifdef UNIX
  312. // A hack to undo the mistake in the sspi.h file. The change should be made
  313. // to sspi.h
  315. #if !defined(_UNICODE)
  316. #undef SECURITY_ENTRYPOINT_ANSI
  317. #define SECURITY_ENTRYPOINT_ANSI "InitSecurityInterfaceA"
  318. #endif
  320. addrProcISI = (INIT_SECURITY_INTERFACE) GetProcAddress( g_hSecLib,
  321. SECURITY_ENTRYPOINT_ANSI);
  322. #else
  323. addrProcISI = (INIT_SECURITY_INTERFACE) GetProcAddress( g_hSecLib,
  324. SECURITY_ENTRYPOINT);
  325. #endif /* UNIX */
  326. if (addrProcISI == NULL)
  327. {
  328. goto Cleanup;
  329. }
  331. //
  332. // Get the SSPI function table
  333. //
  334. pFuncTbl = (*addrProcISI)();
  336. //
  337. // If we already loaded MSNSSPC.DLL explicitly, PkgCnt will not be zero;
  338. // in that case, we only support MSN SSPI and do not need to call
  339. // EnumerateSecurityPackages.
  340. //
  341. // So if we did not load MSNSSPC.DLL (i.e. PkgCnt is zero), we need to
  342. // get the list of SSPI packages which we support from
  343. // EnumerateSecurityPackages.
  344. //
  345. if (pData->PkgCnt == 0)
  346. {
  347. //
  348. // Get list of packages supported
  349. //
  350. sstat = (*(pFuncTbl->EnumerateSecurityPackages))(&cntPkg, &pPkgInfo);
  351. if (sstat != SEC_E_OK || pPkgInfo == NULL)
  352. {
  353. //
  354. // ??? Should we give up here ???
  355. // EnumerateSecurityPackage() failed
  356. //
  357. goto Cleanup;
  358. }
  360. if (cntPkg)
  361. {
  362. //
  363. // Create the package list
  364. //
  365. if (!(pData->PkgList = (PSSPAuthPkg *)LocalAlloc(0,
  366. cntPkg*sizeof(PSSPAuthPkg))))
  367. {
  368. goto Cleanup;
  369. }
  370. }
  372. for (ii = 0; ii < cntPkg; ii++)
  373. {
  374. if (lstrcmp (pPkgInfo[ii].Name, MSNSP_NAME) == 0)
  375. {
  376. //DebugTrace(SSPSPMID, "Found MSN SSPI package\n");
  377. pData->MsnPkg = SpmAddSSPIPkg (
  378. pData,
  379. MSNSP_NAME,
  380. MAX_AUTH_MSG_SIZE // 11000 hard-coded
  381. );
  382. if (pData->MsnPkg == SSPPKG_ERROR)
  383. {
  384. goto Cleanup;
  385. }
  386. }
  387. else
  388. {
  389. //DebugTrace(SSPSPMID, "Found %s SSPI package\n",
  390. // pPkgInfo[ii].Name);
  392. if (SpmAddSSPIPkg (pData,
  393. pPkgInfo[ii].Name,
  394. pPkgInfo[ii].cbMaxToken
  395. ) == SSPPKG_ERROR)
  396. {
  397. goto Cleanup;
  398. }
  399. }
  400. }
  401. }
  403. pData->pFuncTbl = pFuncTbl;
  404. pData->bKeepList = TRUE; // By default, keep a list of non-MSN servers
  406. if (pData->PkgCnt == 0)
  407. {
  408. goto Cleanup;
  409. }
  411. g_pSspData = pData;
  412. pData = NULL;
  414. Cleanup:
  417. if( pPkgInfo != NULL )
  418. {
  419. //
  420. // Free buffer returned by the enumerate security package function
  421. //
  423. (*(pFuncTbl->FreeContextBuffer))(pPkgInfo);
  424. }
  426. if( pData != NULL )
  427. {
  428. SpmFreePkgList (pData);
  429. }
  431. return (g_pSspData);
  432. }
  434. INT
  435. GetPkgId(LPTSTR lpszPkgName)
  436. {
  438. int ii;
  440. if ( g_pSspData == NULL )
  441. {
  442. return -1;
  443. }
  445. for (ii = 0; ii < g_pSspData->PkgCnt; ii++)
  446. {
  447. #ifdef UNIX
  448. if (!lstrcmpi(g_pSspData->PkgList[ii]->pName, lpszPkgName))
  449. #else
  450. if (!lstrcmp(g_pSspData->PkgList[ii]->pName, lpszPkgName))
  451. #endif /* UNIX */
  452. {
  453. return(ii);
  454. }
  455. }
  457. return(-1);
  458. }
  460. DWORD
  461. GetPkgCapabilities(
  462. INT Package
  463. )
  464. {
  465. if ( Package < g_pSspData->PkgCnt )
  466. {
  467. return g_pSspData->PkgList[ Package ]->Capabilities ;
  468. }
  469. else
  470. return 0 ;
  471. }
  473. ULONG
  474. GetPkgMaxToken(
  475. INT Package
  476. )
  477. {
  478. if ( Package < g_pSspData->PkgCnt )
  479. {
  480. return g_pSspData->PkgList[ Package ]->cbMaxToken;
  481. }
  482. else {
  483. // be compatible with old static buffer size
  484. return MAX_AUTH_MSG_SIZE;
  485. }
  486. }
  488. //
  489. // Calls to this function are serialized
  490. //
  492. DWORD_PTR SSPI_InitScheme (LPCSTR lpszScheme)
  493. {
  494. int ii;
  496. if (!SSPI_InitGlobals())
  497. return 0;
  499. // Once initialized, check to see if this scheme is installed
  500. for (ii = 0; ii < g_pSspData->PkgCnt &&
  501. #ifdef UNIX
  502. lstrcmpi (g_pSspData->PkgList[ii]->pName, lpszScheme); ii++);
  503. #else
  504. lstrcmp (g_pSspData->PkgList[ii]->pName, lpszScheme); ii++);
  505. #endif /* UNIX */
  507. if (ii >= g_pSspData->PkgCnt)
  508. {
  509. // This scheme is not installed on this machine
  510. return (0);
  511. }
  513. return ((DWORD_PTR)g_pSspData);
  514. }