Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2707 lines
76 KiB

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1995.
//
// File: credapi.c
//
// Contents:
//
// Classes:
//
// Functions:
//
// History: 9-18-96 RichardW Created
//
//----------------------------------------------------------------------------
#include "sslp.h"
#include "mapper.h"
#include "rpc.h"
#include <sslwow64.h>
typedef struct _SCH_CRED_SECRET {
union {
SCH_CRED_SECRET_CAPI Capi;
SCH_CRED_SECRET_PRIVKEY PrivKey;
} u;
} SCH_CRED_SECRET, * PSCH_CRED_SECRET ;
extern CHAR CertTag[ 13 ];
//+-------------------------------------------------------------------------
//
// Function: CopyClientString
//
// Synopsis: copies a client string to local memory, including
// allocating space for it locally.
//
// Arguments:
// SourceString - Could be Ansi or Wchar in client process
// SourceLength - bytes
// DoUnicode - whether the string is Wchar
//
// Returns:
// DestinationString - Unicode String in Lsa Process
//
// Notes:
//
//--------------------------------------------------------------------------
HRESULT
CopyClientString(
IN PWSTR SourceString,
IN ULONG SourceLength,
IN BOOLEAN DoUnicode,
OUT PUNICODE_STRING DestinationString
)
{
NTSTATUS Status = STATUS_SUCCESS;
STRING TemporaryString;
ULONG SourceSize = 0;
ULONG CharacterSize = sizeof(CHAR);
//
// First initialize the string to zero, in case the source is a null
// string
//
DestinationString->Length = DestinationString->MaximumLength = 0;
DestinationString->Buffer = NULL;
TemporaryString.Buffer = NULL;
if (SourceString != NULL)
{
//
// If the length is zero, allocate one byte for a "\0" terminator
//
if (SourceLength == 0)
{
DestinationString->Buffer = (LPWSTR) LocalAlloc(LPTR, sizeof(WCHAR));
if (DestinationString->Buffer == NULL)
{
Status = SP_LOG_RESULT(STATUS_NO_MEMORY);
goto Cleanup;
}
DestinationString->MaximumLength = sizeof(WCHAR);
*DestinationString->Buffer = L'\0';
}
else
{
//
// Allocate a temporary buffer to hold the client string. We may
// then create a buffer for the unicode version. The length
// is the length in characters, so possible expand to hold unicode
// characters and a null terminator.
//
if (DoUnicode)
{
CharacterSize = sizeof(WCHAR);
}
SourceSize = (SourceLength + 1) * CharacterSize;
//
// insure no overflow aggainst UNICODE_STRING
//
if ( (SourceSize > 0xFFFF) ||
((SourceSize - CharacterSize) > 0xFFFF)
)
{
Status = SP_LOG_RESULT(STATUS_INVALID_PARAMETER);
goto Cleanup;
}
TemporaryString.Buffer = (LPSTR) LocalAlloc(LPTR, SourceSize);
if (TemporaryString.Buffer == NULL)
{
Status = SP_LOG_RESULT(STATUS_NO_MEMORY);
goto Cleanup;
}
TemporaryString.Length = (USHORT) (SourceSize - CharacterSize);
TemporaryString.MaximumLength = (USHORT) SourceSize;
//
// Finally copy the string from the client
//
Status = LsaTable->CopyFromClientBuffer(
NULL,
SourceSize - CharacterSize,
TemporaryString.Buffer,
SourceString
);
if (!NT_SUCCESS(Status))
{
SP_LOG_RESULT(Status);
goto Cleanup;
}
//
// If we are doing unicode, finish up now
//
if (DoUnicode)
{
DestinationString->Buffer = (LPWSTR) TemporaryString.Buffer;
DestinationString->Length = (USHORT) (SourceSize - CharacterSize);
DestinationString->MaximumLength = (USHORT) SourceSize;
}
else
{
NTSTATUS Status1;
Status1 = RtlAnsiStringToUnicodeString(
DestinationString,
&TemporaryString,
TRUE
); // allocate destination
if (!NT_SUCCESS(Status1))
{
Status = SP_LOG_RESULT(STATUS_NO_MEMORY);
goto Cleanup;
}
}
}
}
Cleanup:
if (TemporaryString.Buffer != NULL)
{
//
// Free this if we failed and were doing unicode or if we weren't
// doing unicode
//
if ((DoUnicode && !NT_SUCCESS(Status)) || !DoUnicode)
{
LocalFree(TemporaryString.Buffer);
}
}
return(Status);
}
//+---------------------------------------------------------------------------
//
// Function: SpAcceptCredentials
//
// Synopsis: Accept Credentials - logon notification
//
// Arguments: [LogonType] --
// [UserName] --
// [PrimaryCred] --
// [SupplementalCreds] --
//
// History: 10-04-96 RichardW Created
//
// Notes:
//
//----------------------------------------------------------------------------
SECURITY_STATUS
SEC_ENTRY
SpAcceptCredentials(
IN SECURITY_LOGON_TYPE LogonType,
IN PUNICODE_STRING UserName,
IN PSECPKG_PRIMARY_CRED PrimaryCred,
IN PSECPKG_SUPPLEMENTAL_CRED SupplementalCreds)
{
UNREFERENCED_PARAMETER(LogonType);
UNREFERENCED_PARAMETER(UserName);
UNREFERENCED_PARAMETER(PrimaryCred);
UNREFERENCED_PARAMETER(SupplementalCreds);
return( SEC_E_OK );
}
//+---------------------------------------------------------------------------
//
// Function: SpMapSchPublic
//
// Synopsis: Maps a public key credential into LSA memory
//
// Arguments: [pRemotePubs] --
//
// History: 10-06-96 RichardW Created
//
// Notes:
//
//----------------------------------------------------------------------------
PVOID
SpMapSchPublic(
PVOID pRemotePubs
)
{
SECURITY_STATUS Status ;
SCH_CRED_PUBLIC_CERTCHAIN Pub, * pPub ;
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( SCH_CRED_PUBLIC_CERTCHAIN ),
&Pub,
pRemotePubs );
if ( !NT_SUCCESS( Status ) )
{
return( NULL );
}
// Reality check
if(Pub.cbCertChain > 0x00100000)
{
return( NULL );
}
pPub = SPExternalAlloc( sizeof( SCH_CRED_PUBLIC_CERTCHAIN ) +
Pub.cbCertChain );
if ( pPub )
{
pPub->dwType = Pub.dwType ;
pPub->cbCertChain = Pub.cbCertChain ;
pPub->pCertChain = (PUCHAR) ( pPub + 1 );
Status = LsaTable->CopyFromClientBuffer( NULL,
Pub.cbCertChain,
pPub->pCertChain,
Pub.pCertChain );
}
else
{
Status = SEC_E_INSUFFICIENT_MEMORY ;
}
if ( NT_SUCCESS( Status ) )
{
return( pPub );
}
if ( pPub )
{
SPExternalFree( pPub );
}
return( NULL );
}
#ifdef _WIN64
PVOID
SpWow64MapSchPublic(
SSLWOW64_PVOID pRemotePubs)
{
SECURITY_STATUS Status;
SSLWOW64_SCH_CRED_PUBLIC_CERTCHAIN Pub;
SCH_CRED_PUBLIC_CERTCHAIN * pPub;
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( SSLWOW64_SCH_CRED_PUBLIC_CERTCHAIN ),
&Pub,
ULongToPtr(pRemotePubs));
if ( !NT_SUCCESS( Status ) )
{
return( NULL );
}
// Reality check
if(Pub.cbCertChain > 0x00100000)
{
return( NULL );
}
pPub = SPExternalAlloc( sizeof( SCH_CRED_PUBLIC_CERTCHAIN ) +
Pub.cbCertChain );
if ( pPub )
{
pPub->dwType = Pub.dwType ;
pPub->cbCertChain = Pub.cbCertChain ;
pPub->pCertChain = (PUCHAR) ( pPub + 1 );
Status = LsaTable->CopyFromClientBuffer( NULL,
Pub.cbCertChain,
pPub->pCertChain,
ULongToPtr(Pub.pCertChain));
}
else
{
Status = SEC_E_INSUFFICIENT_MEMORY ;
}
if ( NT_SUCCESS( Status ) )
{
return( pPub );
}
if ( pPub )
{
SPExternalFree( pPub );
}
return( NULL );
}
#endif // _WIN64
PVOID
SpMapSchCred(
PVOID pRemoteCred )
{
SCH_CRED_SECRET Cred ;
SECURITY_STATUS Status ;
DWORD Size ;
DWORD dwType;
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( DWORD ),
&Cred,
pRemoteCred );
if ( !NT_SUCCESS( Status ) )
{
return( NULL );
}
dwType = Cred.u.Capi.dwType;
switch ( dwType )
{
case SCHANNEL_SECRET_TYPE_CAPI:
Size = sizeof( SCH_CRED_SECRET_CAPI );
break;
case SCHANNEL_SECRET_PRIVKEY:
Size = sizeof( SCH_CRED_SECRET_PRIVKEY );
break;
default:
DebugOut(( DEB_ERROR, "Caller specified an unknown cred type\n" ));
return( NULL );
}
if ( Size )
{
Status = LsaTable->CopyFromClientBuffer(NULL,
Size,
&Cred,
pRemoteCred );
}
else
{
Status = SEC_E_INVALID_HANDLE ;
}
if(dwType != Cred.u.Capi.dwType)
{
Status = SEC_E_INVALID_HANDLE ;
}
if ( !NT_SUCCESS( Status ) )
{
return( NULL );
}
if(Cred.u.Capi.dwType == SCHANNEL_SECRET_TYPE_CAPI)
{
SCH_CRED_SECRET_CAPI *pCapiCred;
pCapiCred = SPExternalAlloc( Size );
if ( !pCapiCred )
{
return( NULL );
}
pCapiCred->dwType = Cred.u.Capi.dwType;
pCapiCred->hProv = Cred.u.Capi.hProv;
return( pCapiCred );
}
if(Cred.u.Capi.dwType == SCHANNEL_SECRET_PRIVKEY)
{
UCHAR Password[ MAX_PATH + 1 ];
DWORD PasswordLen = 0;
SCH_CRED_SECRET_PRIVKEY *pCred;
//
// The password is the painful part. Since it is a string, we don't know
// how long it is. So, we have to take a stab at it:
//
Status = LsaTable->CopyFromClientBuffer( NULL,
MAX_PATH,
Password,
Cred.u.PrivKey.pszPassword );
if ( !NT_SUCCESS( Status ) )
{
return( NULL );
}
Password[ MAX_PATH ] = '\0';
PasswordLen = lstrlenA( (LPSTR)Password );
// Reality check private key length.
if(Cred.u.PrivKey.cbPrivateKey > 0x10000)
{
return( NULL );
}
Size = PasswordLen + 1 + Cred.u.PrivKey.cbPrivateKey +
sizeof( SCH_CRED_SECRET_PRIVKEY ) ;
pCred = SPExternalAlloc( Size );
if ( !pCred )
{
return( NULL );
}
pCred->dwType = Cred.u.PrivKey.dwType ;
pCred->cbPrivateKey = Cred.u.PrivKey.cbPrivateKey ;
pCred->pPrivateKey = (PBYTE) ( pCred + 1 );
pCred->pszPassword = (LPSTR) (pCred->pPrivateKey + pCred->cbPrivateKey );
RtlCopyMemory( pCred->pszPassword, Password, PasswordLen + 1 );
Status = LsaTable->CopyFromClientBuffer( NULL,
pCred->cbPrivateKey,
pCred->pPrivateKey,
Cred.u.PrivKey.pPrivateKey );
if ( !NT_SUCCESS( Status ) )
{
SPExternalFree( pCred );
return( NULL );
}
return( pCred );
}
return( NULL );
}
#ifdef _WIN64
PVOID
SpWow64MapSchCred(
SSLWOW64_PVOID pRemoteCred )
{
SSLWOW64_SCH_CRED_SECRET_PRIVKEY LocalCred;
SCH_CRED_SECRET_PRIVKEY *pCred;
CHAR Password[MAX_PATH + 1];
DWORD PasswordLen = 0;
SECURITY_STATUS Status ;
DWORD dwType;
DWORD Size;
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( DWORD ),
&dwType,
ULongToPtr(pRemoteCred));
if ( !NT_SUCCESS( Status ) )
{
return( NULL );
}
if(dwType != SCHANNEL_SECRET_PRIVKEY)
{
DebugOut(( DEB_ERROR, "Caller specified an unknown cred type\n" ));
return( NULL );
}
Status = LsaTable->CopyFromClientBuffer(NULL,
sizeof(SSLWOW64_SCH_CRED_SECRET_PRIVKEY),
&LocalCred,
ULongToPtr(pRemoteCred));
if ( !NT_SUCCESS( Status ) )
{
return( NULL );
}
//
// The password is the painful part. Since it is a string, we don't know
// how long it is. So, we have to take a stab at it:
//
Status = LsaTable->CopyFromClientBuffer( NULL,
MAX_PATH,
Password,
ULongToPtr(LocalCred.pszPassword));
if ( !NT_SUCCESS( Status ) )
{
return( NULL );
}
Password[ MAX_PATH ] = '\0';
PasswordLen = lstrlenA( Password );
// Reality check private key length.
if(LocalCred.cbPrivateKey > 0x10000)
{
return( NULL );
}
Size = PasswordLen + 1 + LocalCred.cbPrivateKey +
sizeof( SCH_CRED_SECRET_PRIVKEY ) ;
pCred = SPExternalAlloc( Size );
if ( !pCred )
{
return( NULL );
}
pCred->dwType = SCHANNEL_SECRET_PRIVKEY;
pCred->cbPrivateKey = LocalCred.cbPrivateKey ;
pCred->pPrivateKey = (PBYTE) ( pCred + 1 );
pCred->pszPassword = (LPSTR) (pCred->pPrivateKey + pCred->cbPrivateKey );
RtlCopyMemory( pCred->pszPassword, Password, PasswordLen + 1 );
Status = LsaTable->CopyFromClientBuffer( NULL,
pCred->cbPrivateKey,
pCred->pPrivateKey,
ULongToPtr(LocalCred.pPrivateKey));
if ( !NT_SUCCESS( Status ) )
{
SPExternalFree( pCred );
return( NULL );
}
return( pCred );
}
#endif // _WIN64
VOID
SpFreeVersion2Certificate(
SCH_CRED * pCred
)
{
DWORD i;
for ( i = 0 ; i < pCred->cCreds ; i++ )
{
if ( pCred->paSecret[ i ] )
{
SPExternalFree( pCred->paSecret[ i ] );
}
if ( pCred->paPublic[ i ] )
{
SPExternalFree( pCred->paPublic[ i ] );
}
}
SPExternalFree( pCred );
}
VOID
SpFreeVersion3Certificate(
PLSA_SCHANNEL_CRED pSchannelCred)
{
DWORD i;
if(pSchannelCred->paSubCred)
{
for(i = 0; i < pSchannelCred->cSubCreds; i++)
{
PLSA_SCHANNEL_SUB_CRED pSubCred = pSchannelCred->paSubCred + i;
if(pSubCred->pCert)
{
CertFreeCertificateContext(pSubCred->pCert);
}
if(pSubCred->pszPin)
{
SPExternalFree(pSubCred->pszPin);
}
if(pSubCred->pPrivateKey)
{
SPExternalFree(pSubCred->pPrivateKey);
}
if(pSubCred->pszPassword)
{
SPExternalFree(pSubCred->pszPassword);
}
memset(pSubCred, 0, sizeof(LSA_SCHANNEL_SUB_CRED));
}
SPExternalFree((PVOID)pSchannelCred->paSubCred);
pSchannelCred->paSubCred = NULL;
}
if(pSchannelCred->hRootStore)
{
CertCloseStore(pSchannelCred->hRootStore, 0);
pSchannelCred->hRootStore = 0;
}
if(pSchannelCred->palgSupportedAlgs)
{
SPExternalFree(pSchannelCred->palgSupportedAlgs);
pSchannelCred->palgSupportedAlgs = 0;
}
ZeroMemory(pSchannelCred, sizeof(SCHANNEL_CRED));
}
SECURITY_STATUS
SpMapProtoCredential(
SSL_CREDENTIAL_CERTIFICATE *pSslCert,
PSCH_CRED *ppSchCred)
{
SCH_CRED * pCred = NULL;
SCH_CRED_PUBLIC_CERTCHAIN * pPub = NULL;
SCH_CRED_SECRET_PRIVKEY * pPriv = NULL;
CHAR Password[ MAX_PATH + 1 ];
DWORD PasswordLen = 0;
SECURITY_STATUS Status ;
DWORD Size;
#if DBG
DebugLog((DEB_TRACE, "SpMapProtoCredential\n"));
DBG_HEX_STRING(DEB_TRACE, (PBYTE)pSslCert, sizeof(SSL_CREDENTIAL_CERTIFICATE));
#endif
//
// Map over the certificate.
//
// Reality check
if(pSslCert->cbCertificate > 0x00100000)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
pPub = SPExternalAlloc( sizeof( SCH_CRED_PUBLIC_CERTCHAIN ) +
pSslCert->cbCertificate );
if ( pPub == NULL)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
pPub->dwType = SCH_CRED_X509_CERTCHAIN;
pPub->cbCertChain = pSslCert->cbCertificate;
pPub->pCertChain = (PUCHAR) ( pPub + 1 );
Status = LsaTable->CopyFromClientBuffer( NULL,
pSslCert->cbCertificate,
pPub->pCertChain,
pSslCert->pCertificate );
if ( !NT_SUCCESS( Status ) )
{
goto error;
}
//
// Map over the private key and password.
//
//
// The password is the painful part. Since it is a string, we don't know
// how long it is. So, we have to take a stab at it:
//
Status = LsaTable->CopyFromClientBuffer( NULL,
MAX_PATH,
Password,
pSslCert->pszPassword );
if ( !NT_SUCCESS( Status ) )
{
goto error;
}
Password[ MAX_PATH ] = '\0';
PasswordLen = lstrlenA( Password );
// Reality check private key length.
if(pSslCert->cbPrivateKey > 0x100000)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
Size = PasswordLen + 1 + pSslCert->cbPrivateKey +
sizeof( SCH_CRED_SECRET_PRIVKEY ) ;
pPriv = SPExternalAlloc( Size );
if(pPriv == NULL)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
pPriv->dwType = SCHANNEL_SECRET_PRIVKEY;
pPriv->cbPrivateKey = pSslCert->cbPrivateKey ;
pPriv->pPrivateKey = (PBYTE) ( pPriv + 1 );
pPriv->pszPassword = (LPSTR) (pPriv->pPrivateKey + pPriv->cbPrivateKey );
RtlCopyMemory( pPriv->pszPassword, Password, PasswordLen + 1 );
Status = LsaTable->CopyFromClientBuffer( NULL,
pSslCert->cbPrivateKey,
pPriv->pPrivateKey,
pSslCert->pPrivateKey );
if ( !NT_SUCCESS( Status ) )
{
goto error;
}
//
// Allocate SCH_CRED structure.
//
pCred = SPExternalAlloc(sizeof(SCH_CRED) + 2 * sizeof(PVOID));
if(pCred == NULL)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
pCred->dwVersion = SCH_CRED_VERSION ;
pCred->cCreds = 1 ;
pCred->paSecret = (PVOID) ( pCred + 1 );
pCred->paPublic = (PVOID) ( pCred->paSecret + 1 );
pCred->paSecret[0] = pPriv;
pCred->paPublic[0] = pPub;
*ppSchCred = pCred;
return SEC_E_OK;
error:
if(pCred) SPExternalFree(pCred);
if(pPub) SPExternalFree(pPub);
if(pPriv) SPExternalFree(pPriv);
return Status;
}
#ifdef _WIN64
SECURITY_STATUS
SpWow64MapProtoCredential(
SSLWOW64_CREDENTIAL_CERTIFICATE *pSslCert,
PSCH_CRED *ppSchCred)
{
SCH_CRED * pCred = NULL;
SCH_CRED_PUBLIC_CERTCHAIN * pPub = NULL;
SCH_CRED_SECRET_PRIVKEY * pPriv = NULL;
CHAR Password[ MAX_PATH + 1 ];
DWORD PasswordLen = 0;
SECURITY_STATUS Status ;
DWORD Size;
#if DBG
DebugLog((DEB_TRACE, "SpWow64MapProtoCredential\n"));
DBG_HEX_STRING(DEB_TRACE, (PBYTE)pSslCert, sizeof(SSLWOW64_CREDENTIAL_CERTIFICATE));
#endif
//
// Map over the certificate.
//
// Reality check
if(pSslCert->cbCertificate > 0x00100000)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
pPub = SPExternalAlloc( sizeof( SCH_CRED_PUBLIC_CERTCHAIN ) +
pSslCert->cbCertificate );
if ( pPub == NULL)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
pPub->dwType = SCH_CRED_X509_CERTCHAIN;
pPub->cbCertChain = pSslCert->cbCertificate;
pPub->pCertChain = (PUCHAR) ( pPub + 1 );
Status = LsaTable->CopyFromClientBuffer( NULL,
pSslCert->cbCertificate,
pPub->pCertChain,
ULongToPtr(pSslCert->pCertificate));
if ( !NT_SUCCESS( Status ) )
{
goto error;
}
//
// Map over the private key and password.
//
//
// The password is the painful part. Since it is a string, we don't know
// how long it is. So, we have to take a stab at it:
//
Status = LsaTable->CopyFromClientBuffer( NULL,
MAX_PATH,
Password,
ULongToPtr(pSslCert->pszPassword));
if ( !NT_SUCCESS( Status ) )
{
goto error;
}
Password[ MAX_PATH ] = '\0';
PasswordLen = lstrlenA( Password );
// Reality check private key length.
if(pSslCert->cbPrivateKey > 0x100000)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
Size = PasswordLen + 1 + pSslCert->cbPrivateKey +
sizeof( SCH_CRED_SECRET_PRIVKEY ) ;
pPriv = SPExternalAlloc( Size );
if(pPriv == NULL)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
pPriv->dwType = SCHANNEL_SECRET_PRIVKEY;
pPriv->cbPrivateKey = pSslCert->cbPrivateKey ;
pPriv->pPrivateKey = (PBYTE) ( pPriv + 1 );
pPriv->pszPassword = (LPSTR) (pPriv->pPrivateKey + pPriv->cbPrivateKey );
RtlCopyMemory( pPriv->pszPassword, Password, PasswordLen + 1 );
Status = LsaTable->CopyFromClientBuffer( NULL,
pSslCert->cbPrivateKey,
pPriv->pPrivateKey,
ULongToPtr(pSslCert->pPrivateKey));
if ( !NT_SUCCESS( Status ) )
{
goto error;
}
//
// Allocate SCH_CRED structure.
//
pCred = SPExternalAlloc(sizeof(SCH_CRED) + 2 * sizeof(PVOID));
if(pCred == NULL)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto error;
}
pCred->dwVersion = SCH_CRED_VERSION ;
pCred->cCreds = 1 ;
pCred->paSecret = (PVOID) ( pCred + 1 );
pCred->paPublic = (PVOID) ( pCred->paSecret + 1 );
pCred->paSecret[0] = pPriv;
pCred->paPublic[0] = pPub;
*ppSchCred = pCred;
return SEC_E_OK;
error:
if(pCred) SPExternalFree(pCred);
if(pPub) SPExternalFree(pPub);
if(pPriv) SPExternalFree(pPriv);
return Status;
}
#endif // _WIN64
SECURITY_STATUS
SpMapVersion2Certificate(
PVOID pvAuthData,
SCH_CRED * *ppCred
)
{
SECURITY_STATUS Status ;
SCH_CRED Cred;
PSCH_CRED pCred;
DWORD Size;
DWORD i;
BOOL Failed = FALSE ;
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( SCH_CRED ),
&Cred,
pvAuthData );
if ( !NT_SUCCESS( Status ) )
{
return( Status );
}
#if DBG
DebugLog((DEB_TRACE, "SpMapVersion2Certificate: %d certificates in cred\n", Cred.cCreds));
DBG_HEX_STRING(DEB_TRACE, (PBYTE)&Cred, sizeof(SCH_CRED));
#endif
// Reality check credential count.
if(Cred.cCreds > 100)
{
return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
}
Size = sizeof( SCH_CRED ) + (2 * Cred.cCreds * sizeof( PVOID ) );
pCred = SPExternalAlloc( Size );
if(pCred == NULL)
{
return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
}
pCred->dwVersion = Cred.dwVersion ;
pCred->cCreds = Cred.cCreds ;
pCred->paSecret = (PVOID) ( pCred + 1 );
pCred->paPublic = (PVOID) ( pCred->paSecret + Cred.cCreds );
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( PVOID ) * Cred.cCreds,
pCred->paSecret,
Cred.paSecret );
if ( NT_SUCCESS( Status ) )
{
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( PVOID ) * Cred.cCreds,
pCred->paPublic,
Cred.paPublic );
}
if ( !NT_SUCCESS( Status ) )
{
SPExternalFree( pCred );
return( Status );
}
//
// Ok. We have pCred in local memory, with a chain of cert/private key
// stuff hanging off of it. We now have to map in each one. Happy, happy.
//
for ( i = 0 ; i < Cred.cCreds ; i++ )
{
pCred->paSecret[i] = SpMapSchCred( pCred->paSecret[i] );
if ( pCred->paSecret[i] == NULL )
{
Failed = TRUE ;
}
}
for ( i = 0 ; i < Cred.cCreds ; i++ )
{
pCred->paPublic[i] = SpMapSchPublic( pCred->paPublic[i] );
if ( pCred->paPublic[i] == NULL )
{
Failed = TRUE ;
}
}
if ( Failed )
{
SpFreeVersion2Certificate( pCred );
pCred = NULL ;
Status = SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS) ;
}
*ppCred = pCred ;
return( Status );
}
#ifdef _WIN64
SECURITY_STATUS
SpWow64MapVersion2Certificate(
PVOID pvAuthData,
SCH_CRED * *ppCred
)
{
SECURITY_STATUS Status ;
SSLWOW64_SCH_CRED Cred;
PSCH_CRED pCred;
DWORD Size;
BOOL Failed = FALSE ;
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( SSLWOW64_SCH_CRED ),
&Cred,
pvAuthData );
if ( !NT_SUCCESS( Status ) )
{
return( Status );
}
#if DBG
DebugLog((DEB_TRACE, "SpMapVersion2Certificate: %d certificates in cred\n", Cred.cCreds));
DBG_HEX_STRING(DEB_TRACE, (PBYTE)&Cred, sizeof(SCH_CRED));
#endif
if(Cred.cCreds > 100)
{
return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
}
if(Cred.cCreds > 1)
{
// Only support a single certificate, which is all that anyone
// ever uses anyway.
Cred.cCreds = 1;
}
Size = sizeof( SCH_CRED ) + (2 * Cred.cCreds * sizeof( PVOID ) );
pCred = SPExternalAlloc( Size );
if(pCred == NULL)
{
return SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
}
pCred->dwVersion = Cred.dwVersion;
pCred->cCreds = Cred.cCreds;
if(pCred->cCreds > 0)
{
SSLWOW64_PVOID ClientSecret = 0;
SSLWOW64_PVOID ClientPublic = 0;
pCred->paSecret = (PVOID) ( pCred + 1 );
pCred->paPublic = (PVOID) ( pCred->paSecret + Cred.cCreds );
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof(SSLWOW64_PVOID),
&ClientSecret,
ULongToPtr(Cred.paSecret));
if ( NT_SUCCESS( Status ) )
{
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof(SSLWOW64_PVOID),
&ClientPublic,
ULongToPtr(Cred.paPublic));
}
if ( !NT_SUCCESS( Status ) )
{
SPExternalFree( pCred );
return( Status );
}
pCred->paSecret[0] = SpWow64MapSchCred(ClientSecret);
if ( pCred->paSecret[0] == NULL )
{
Failed = TRUE ;
}
pCred->paPublic[0] = SpWow64MapSchPublic(ClientPublic);
if ( pCred->paPublic[0] == NULL )
{
Failed = TRUE ;
}
}
if ( Failed )
{
SpFreeVersion2Certificate( pCred );
pCred = NULL ;
Status = SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS) ;
}
*ppCred = pCred ;
return( Status );
}
#endif // _WIN64
// Selectively enable the unified protocol.
DWORD
EnableUnifiedProtocol(DWORD dwPackageType, DWORD dwProtocol)
{
DWORD cProts = 0;
// Disable unified.
dwProtocol &= ~SP_PROT_UNI;
if(dwPackageType & SP_PROT_UNI)
{
// Count enabled protocols.
if(dwProtocol & SP_PROT_PCT1) cProts++;
if(dwProtocol & SP_PROT_SSL2) cProts++;
if(dwProtocol & (SP_PROT_SSL3 | SP_PROT_TLS1)) cProts++;
// Enable unified if multiple protocols enabled.
if(cProts > 1)
{
if(dwPackageType & SP_PROT_CLIENTS)
{
dwProtocol |= SP_PROT_UNI_CLIENT;
}
else
{
dwProtocol |= SP_PROT_UNI_SERVER;
}
}
}
return dwProtocol;
}
typedef struct _V3_SCHANNEL_CRED
{
DWORD dwVersion; // always SCHANNEL_CRED_VERSION
DWORD cCreds;
PCCERT_CONTEXT *paCred;
HCERTSTORE hRootStore;
DWORD cMappers;
struct _HMAPPER **aphMappers;
DWORD cSupportedAlgs;
ALG_ID * palgSupportedAlgs;
DWORD grbitEnabledProtocols;
DWORD dwMinimumCipherStrength;
DWORD dwMaximumCipherStrength;
DWORD dwSessionLifespan;
} V3_SCHANNEL_CRED;
//+---------------------------------------------------------------------------
//
// Function: SpMapVersion3Certificate
//
// Synopsis: Maps a version 3 schannel credential into LSA memory
//
// Arguments: [pvAuthData] -- pointer to cred in application process
// [pCred] -- pointer to cred in LSA process
//
// History: 09-23-97 jbanes Created
//
// Notes: The credential consists of the following structure. Note
// that all CryptoAPI 2.0 handles must be mapped over as well,
// via the callback mechanism.
//
// typedef struct _SCHANNEL_CRED
// {
// DWORD dwVersion;
// DWORD cCreds;
// PCCERT_CONTEXT *paCred;
// HCERTSTORE hRootStore;
//
// DWORD cMappers;
// struct _HMAPPER **aphMappers;
//
// DWORD cSupportedAlgs;
// ALG_ID *palgSupportedAlgs;
//
// DWORD grbitEnabledProtocols;
// DWORD dwMinimumCipherStrength;
// DWORD dwMaximumCipherStrength;
// DWORD dwSessionLifespan;
//
// } SCHANNEL_CRED, *PSCHANNEL_CRED;
//
//----------------------------------------------------------------------------
SECURITY_STATUS
SpMapVersion3Certificate(
PVOID pvAuthData, // in
DWORD dwVersion, // in
PLSA_SCHANNEL_CRED pCred) // out
{
PCERT_CONTEXT * pLocalCredList = NULL;
HCERTSTORE hStore = NULL;
CRYPT_DATA_BLOB Serialized;
SCHANNEL_CRED LocalCred;
SecBuffer Input;
SecBuffer Output;
PBYTE pbBuffer;
DWORD cbBuffer;
DWORD cbData;
SECURITY_STATUS scRet;
DWORD Size;
DWORD iCred;
Output.pvBuffer = NULL;
//
// Copy over the SCHANNEL_CRED structure.
//
if(dwVersion == SCH_CRED_V3)
{
scRet = LsaTable->CopyFromClientBuffer(NULL,
sizeof(V3_SCHANNEL_CRED),
&LocalCred,
pvAuthData);
if(!NT_SUCCESS(scRet))
{
goto cleanup;
}
LocalCred.dwFlags = 0;
LocalCred.reserved = 0;
#if DBG
DebugLog((DEB_TRACE, "SpMapVersion3Certificate: %d certificates in cred\n", LocalCred.cCreds));
DBG_HEX_STRING(DEB_TRACE, (PBYTE)&LocalCred, sizeof(V3_SCHANNEL_CRED));
#endif
}
else
{
scRet = LsaTable->CopyFromClientBuffer(NULL,
sizeof(SCHANNEL_CRED),
&LocalCred,
pvAuthData);
if(!NT_SUCCESS(scRet))
{
goto cleanup;
}
#if DBG
DebugLog((DEB_TRACE, "SpMapVersion4Certificate: %d certificates in cred\n", LocalCred.cCreds));
DBG_HEX_STRING(DEB_TRACE, (PBYTE)&LocalCred, sizeof(SCHANNEL_CRED));
#endif
}
//
// DWORD dwVersion;
//
memset(pCred, 0, sizeof(LSA_SCHANNEL_CRED));
pCred->dwVersion = LocalCred.dwVersion;
//
// DWORD cCreds;
// PCCERT_CONTEXT *paCred;
//
if(LocalCred.cCreds && LocalCred.paCred)
{
Size = LocalCred.cCreds * sizeof(PVOID);
// Reality check credential count.
if(LocalCred.cCreds > 1000)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
// Make local copy of application cred list.
pLocalCredList = SPExternalAlloc(Size);
if(pLocalCredList == NULL)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
scRet = LsaTable->CopyFromClientBuffer(
NULL,
Size,
pLocalCredList,
(PCERT_CONTEXT *)LocalCred.paCred);
if(!NT_SUCCESS(scRet))
{
goto cleanup;
}
// Allocate memory for our cred list.
pCred->cSubCreds = LocalCred.cCreds;
pCred->paSubCred = SPExternalAlloc(pCred->cSubCreds * sizeof(LSA_SCHANNEL_SUB_CRED));
if(pCred->paSubCred == NULL)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
// Create an in-memory certificate store.
hStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
0, 0,
CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG,
0);
if(hStore == NULL)
{
SP_LOG_RESULT(GetLastError());
scRet = SEC_E_INSUFFICIENT_MEMORY;
goto cleanup;
}
// Copy over each certificate context.
for(iCred = 0; iCred < LocalCred.cCreds; iCred++)
{
PLSA_SCHANNEL_SUB_CRED pSubCred;
pSubCred = pCred->paSubCred + iCred;
Input.BufferType = SECBUFFER_DATA;
Input.cbBuffer = sizeof(PVOID);
Input.pvBuffer = (PVOID)&pLocalCredList[iCred];
scRet = PerformApplicationCallback(SCH_UPLOAD_CREDENTIAL_CALLBACK,
0, 0,
&Input,
&Output,
TRUE);
if(!NT_SUCCESS(scRet))
{
Output.pvBuffer = NULL;
goto cleanup;
}
pbBuffer = Output.pvBuffer;
cbBuffer = Output.cbBuffer;
if(pbBuffer == NULL ||
cbBuffer < sizeof(HCRYPTPROV) + sizeof(DWORD))
{
scRet = SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
goto cleanup;
}
// Parse hProv.
pSubCred->hRemoteProv = *(HCRYPTPROV *)pbBuffer;
pbBuffer += sizeof(HCRYPTPROV);
cbBuffer -= sizeof(HCRYPTPROV);
// Parse certificate context length.
cbData = *(DWORD *)pbBuffer;
pbBuffer += sizeof(DWORD);
cbBuffer -= sizeof(DWORD);
// Parse certificate context.
if(cbBuffer < cbData)
{
scRet = SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
goto cleanup;
}
if(!CertAddSerializedElementToStore(hStore,
pbBuffer,
cbData,
CERT_STORE_ADD_ALWAYS,
0,
CERT_STORE_CERTIFICATE_CONTEXT_FLAG,
NULL,
&pSubCred->pCert))
{
scRet = SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS);
goto cleanup;
}
// Free the output buffer.
SPExternalFree(Output.pvBuffer);
Output.pvBuffer = NULL;
}
}
//
// HCERTSTORE hRootStore;
//
if(LocalCred.hRootStore != NULL)
{
Input.BufferType = SECBUFFER_DATA;
Input.cbBuffer = sizeof(HCERTSTORE);
Input.pvBuffer = (PVOID)&LocalCred.hRootStore;
scRet = PerformApplicationCallback(SCH_UPLOAD_CERT_STORE_CALLBACK,
0, 0,
&Input,
&Output,
TRUE);
if(scRet != SEC_E_OK)
{
goto cleanup;
}
pbBuffer = Output.pvBuffer;
cbBuffer = Output.cbBuffer;
if(pbBuffer == NULL || cbBuffer < sizeof(DWORD))
{
scRet = SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
goto cleanup;
}
// Parse certificate store.
Serialized.cbData = *(DWORD *)pbBuffer;
Serialized.pbData = pbBuffer + sizeof(DWORD);
if(cbBuffer - sizeof(DWORD) < Serialized.cbData)
{
scRet = SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
goto cleanup;
}
pCred->hRootStore = CertOpenStore( CERT_STORE_PROV_SERIALIZED,
X509_ASN_ENCODING,
0, 0,
&Serialized);
if(pCred->hRootStore == NULL)
{
scRet = SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS);
goto cleanup;
}
// Free the output buffer.
SPExternalFree(Output.pvBuffer);
Output.pvBuffer = NULL;
}
//
// DWORD cSupportedAlgs;
// ALG_ID *palgSupportedAlgs;
//
if(LocalCred.cSupportedAlgs && LocalCred.palgSupportedAlgs)
{
// Reality check.
if(LocalCred.cSupportedAlgs > 1000)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
Size = LocalCred.cSupportedAlgs * sizeof(ALG_ID);
pCred->cSupportedAlgs = LocalCred.cSupportedAlgs;
pCred->palgSupportedAlgs = SPExternalAlloc(Size);
if(pCred->palgSupportedAlgs == NULL)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
scRet = LsaTable->CopyFromClientBuffer(NULL,
Size,
pCred->palgSupportedAlgs,
LocalCred.palgSupportedAlgs);
if(!NT_SUCCESS(scRet))
{
goto cleanup;
}
}
//
// DWORD grbitEnabledProtocols;
// DWORD dwMinimumCipherStrength;
// DWORD dwMaximumCipherStrength;
// DWORD dwSessionLifespan;
// DWORD dwFlags;
// DWORD reserved;
//
pCred->grbitEnabledProtocols = LocalCred.grbitEnabledProtocols;
pCred->dwMinimumCipherStrength = LocalCred.dwMinimumCipherStrength;
pCred->dwMaximumCipherStrength = LocalCred.dwMaximumCipherStrength;
pCred->dwSessionLifespan = LocalCred.dwSessionLifespan;
pCred->dwFlags = LocalCred.dwFlags;
pCred->reserved = LocalCred.reserved;
scRet = SEC_E_OK;
cleanup:
if(Output.pvBuffer)
{
SPExternalFree(Output.pvBuffer);
}
if(pLocalCredList)
{
SPExternalFree(pLocalCredList);
}
if(hStore)
{
CertCloseStore(hStore, 0);
}
if(!NT_SUCCESS(scRet))
{
SpFreeVersion3Certificate(pCred);
}
return scRet;
}
#ifdef _WIN64
SECURITY_STATUS
SpWow64MapVersion3Certificate(
PVOID pvAuthData, // in
DWORD dwVersion, // in
PLSA_SCHANNEL_CRED pCred) // out
{
SSLWOW64_PCCERT_CONTEXT *pLocalCredList = NULL;
HCERTSTORE hStore = NULL;
CRYPT_DATA_BLOB Serialized;
SSLWOW64_SCHANNEL_CRED LocalCred;
SecBuffer Input;
SecBuffer Output;
PBYTE pbBuffer;
DWORD cbBuffer;
DWORD cbData;
SECURITY_STATUS scRet;
DWORD Size;
DWORD iCred;
Output.pvBuffer = NULL;
//
// Copy over the SCHANNEL_CRED structure.
//
if(dwVersion == SCH_CRED_V3)
{
scRet = LsaTable->CopyFromClientBuffer(NULL,
sizeof(SSLWOW64_SCHANNEL3_CRED),
&LocalCred,
pvAuthData);
if(!NT_SUCCESS(scRet))
{
goto cleanup;
}
LocalCred.dwFlags = 0;
LocalCred.reserved = 0;
#if DBG
DebugLog((DEB_TRACE, "SpMapVersion3Certificate: %d certificates in cred\n", LocalCred.cCreds));
DBG_HEX_STRING(DEB_TRACE, (PBYTE)&LocalCred, sizeof(SSLWOW64_SCHANNEL_CRED));
#endif
}
else
{
scRet = LsaTable->CopyFromClientBuffer(NULL,
sizeof(SSLWOW64_SCHANNEL_CRED),
&LocalCred,
pvAuthData);
if(!NT_SUCCESS(scRet))
{
goto cleanup;
}
#if DBG
DebugLog((DEB_TRACE, "SpMapVersion4Certificate: %d certificates in cred\n", LocalCred.cCreds));
DBG_HEX_STRING(DEB_TRACE, (PBYTE)&LocalCred, sizeof(SSLWOW64_SCHANNEL_CRED));
#endif
}
//
// DWORD dwVersion;
//
memset(pCred, 0, sizeof(LSA_SCHANNEL_CRED));
pCred->dwVersion = LocalCred.dwVersion;
//
// DWORD cCreds;
// PCCERT_CONTEXT *paCred;
//
if(LocalCred.cCreds && LocalCred.paCred)
{
Size = LocalCred.cCreds * sizeof(SSLWOW64_PCCERT_CONTEXT);
// Reality check credential count.
if(LocalCred.cCreds > 1000)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
// Make local copy of application cred list.
pLocalCredList = SPExternalAlloc(Size);
if(pLocalCredList == NULL)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
scRet = LsaTable->CopyFromClientBuffer(
NULL,
Size,
pLocalCredList,
ULongToPtr(LocalCred.paCred));
if(!NT_SUCCESS(scRet))
{
goto cleanup;
}
// Allocate memory for our cred list.
pCred->cSubCreds = LocalCred.cCreds;
pCred->paSubCred = SPExternalAlloc(pCred->cSubCreds * sizeof(LSA_SCHANNEL_SUB_CRED));
if(pCred->paSubCred == NULL)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
// Create an in-memory certificate store.
hStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
0, 0,
CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG,
0);
if(hStore == NULL)
{
SP_LOG_RESULT(GetLastError());
scRet = SEC_E_INSUFFICIENT_MEMORY;
goto cleanup;
}
// Copy over each certificate context.
for(iCred = 0; iCred < LocalCred.cCreds; iCred++)
{
PLSA_SCHANNEL_SUB_CRED pSubCred;
pSubCred = pCred->paSubCred + iCred;
Input.BufferType = SECBUFFER_DATA;
Input.cbBuffer = sizeof(SSLWOW64_PCCERT_CONTEXT);
Input.pvBuffer = (PVOID)&pLocalCredList[iCred];
scRet = PerformApplicationCallback(SCH_UPLOAD_CREDENTIAL_CALLBACK,
0, 0,
&Input,
&Output,
TRUE);
if(!NT_SUCCESS(scRet))
{
Output.pvBuffer = NULL;
goto cleanup;
}
pbBuffer = Output.pvBuffer;
cbBuffer = Output.cbBuffer;
if(pbBuffer == NULL ||
cbBuffer < sizeof(HCRYPTPROV) + sizeof(DWORD))
{
scRet = SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
goto cleanup;
}
// Parse hProv.
pSubCred->hRemoteProv = *(SSLWOW64_HCRYPTPROV *)pbBuffer;
pbBuffer += sizeof(SSLWOW64_HCRYPTPROV);
cbBuffer -= sizeof(SSLWOW64_HCRYPTPROV);
// Parse certificate context length.
cbData = *(DWORD *)pbBuffer;
pbBuffer += sizeof(DWORD);
cbBuffer -= sizeof(DWORD);
// Parse certificate context.
if(cbBuffer < cbData)
{
scRet = SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
goto cleanup;
}
if(!CertAddSerializedElementToStore(hStore,
pbBuffer,
cbData,
CERT_STORE_ADD_ALWAYS,
0,
CERT_STORE_CERTIFICATE_CONTEXT_FLAG,
NULL,
&pSubCred->pCert))
{
SP_LOG_RESULT(GetLastError());
scRet = SEC_E_UNKNOWN_CREDENTIALS;
goto cleanup;
}
// Free the output buffer.
SPExternalFree(Output.pvBuffer);
Output.pvBuffer = NULL;
}
}
//
// HCERTSTORE hRootStore;
//
if(LocalCred.hRootStore)
{
Input.BufferType = SECBUFFER_DATA;
Input.cbBuffer = sizeof(SSLWOW64_HCERTSTORE);
Input.pvBuffer = (PVOID)&LocalCred.hRootStore;
scRet = PerformApplicationCallback(SCH_UPLOAD_CERT_STORE_CALLBACK,
0, 0,
&Input,
&Output,
TRUE);
if(scRet != SEC_E_OK)
{
goto cleanup;
}
pbBuffer = Output.pvBuffer;
cbBuffer = Output.cbBuffer;
if(pbBuffer == NULL || cbBuffer < sizeof(DWORD))
{
scRet = SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
goto cleanup;
}
// Parse certificate store.
Serialized.cbData = *(DWORD *)pbBuffer;
Serialized.pbData = pbBuffer + sizeof(DWORD);
if(cbBuffer - sizeof(DWORD) < Serialized.cbData)
{
scRet = SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
goto cleanup;
}
pCred->hRootStore = CertOpenStore( CERT_STORE_PROV_SERIALIZED,
X509_ASN_ENCODING,
0, 0,
&Serialized);
if(pCred->hRootStore == NULL)
{
scRet = SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS);
goto cleanup;
}
// Free the output buffer.
SPExternalFree(Output.pvBuffer);
Output.pvBuffer = NULL;
}
//
// DWORD cSupportedAlgs;
// ALG_ID *palgSupportedAlgs;
//
if(LocalCred.cSupportedAlgs && LocalCred.palgSupportedAlgs)
{
// Reality check.
if(LocalCred.cSupportedAlgs > 1000)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
Size = LocalCred.cSupportedAlgs * sizeof(ALG_ID);
pCred->cSupportedAlgs = LocalCred.cSupportedAlgs;
pCred->palgSupportedAlgs = SPExternalAlloc(Size);
if(pCred->palgSupportedAlgs == NULL)
{
scRet = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
scRet = LsaTable->CopyFromClientBuffer(NULL,
Size,
pCred->palgSupportedAlgs,
ULongToPtr(LocalCred.palgSupportedAlgs));
if(!NT_SUCCESS(scRet))
{
goto cleanup;
}
}
//
// DWORD grbitEnabledProtocols;
// DWORD dwMinimumCipherStrength;
// DWORD dwMaximumCipherStrength;
// DWORD dwSessionLifespan;
// DWORD dwFlags;
// DWORD reserved;
//
pCred->grbitEnabledProtocols = LocalCred.grbitEnabledProtocols;
pCred->dwMinimumCipherStrength = LocalCred.dwMinimumCipherStrength;
pCred->dwMaximumCipherStrength = LocalCred.dwMaximumCipherStrength;
pCred->dwSessionLifespan = LocalCred.dwSessionLifespan;
pCred->dwFlags = LocalCred.dwFlags;
pCred->reserved = LocalCred.reserved;
scRet = SEC_E_OK;
cleanup:
if(Output.pvBuffer)
{
SPExternalFree(Output.pvBuffer);
}
if(pLocalCredList)
{
SPExternalFree(pLocalCredList);
}
if(hStore)
{
CertCloseStore(hStore, 0);
}
if(!NT_SUCCESS(scRet))
{
SpFreeVersion3Certificate(pCred);
}
return scRet;
}
#endif // _WIN64
SECURITY_STATUS
SpMapAuthIdentity(
PVOID pAuthData,
PLSA_SCHANNEL_CRED pSchannelCred)
{
PSEC_WINNT_AUTH_IDENTITY_EXW pAuthIdentity = NULL;
SEC_WINNT_AUTH_IDENTITY_EX32 AuthIdentity32 = {0};
BOOLEAN DoUnicode = TRUE;
UNICODE_STRING UserName;
UNICODE_STRING Password;
NTSTATUS Status;
CRED_MARSHAL_TYPE CredType;
PCERT_CREDENTIAL_INFO pCertInfo = NULL;
PCCERT_CONTEXT pCertContext = NULL;
HCERTSTORE hStore = 0;
CRYPT_HASH_BLOB HashBlob;
BOOL fImpersonating = FALSE;
BOOL fWow64Client = FALSE;
#ifdef _WIN64
SECPKG_CALL_INFO CallInfo;
if(!LsaTable->GetCallInfo(&CallInfo))
{
Status = STATUS_INTERNAL_ERROR;
return SP_LOG_RESULT(Status);
}
fWow64Client = (CallInfo.Attributes & SECPKG_CALL_WOWCLIENT) != 0;
#endif
DebugLog((DEB_TRACE, "SpMapAuthIdentity\n"));
//
// Initialize.
//
RtlInitUnicodeString(
&UserName,
NULL);
RtlInitUnicodeString(
&Password,
NULL);
//
// Copy over the SEC_WINNT_AUTH_IDENTITY_EX structure from client memory.
//
pAuthIdentity = (PSEC_WINNT_AUTH_IDENTITY_EXW)SPExternalAlloc(sizeof(SEC_WINNT_AUTH_IDENTITY_EXW));
if(pAuthIdentity == NULL)
{
Status = SEC_E_INSUFFICIENT_MEMORY;
goto cleanup;
}
if(fWow64Client)
{
Status = LsaTable->CopyFromClientBuffer(
NULL,
sizeof(SEC_WINNT_AUTH_IDENTITY_EX32),
&AuthIdentity32,
pAuthData);
if (!NT_SUCCESS(Status))
{
SP_LOG_RESULT(Status);
goto cleanup;
}
pAuthIdentity->Version = AuthIdentity32.Version;
pAuthIdentity->Length = (AuthIdentity32.Length < sizeof(SEC_WINNT_AUTH_IDENTITY_EX) ?
sizeof(SEC_WINNT_AUTH_IDENTITY_EX) : AuthIdentity32.Length);
pAuthIdentity->UserLength = AuthIdentity32.UserLength;
pAuthIdentity->User = (PWSTR) UlongToPtr(AuthIdentity32.User);
pAuthIdentity->DomainLength = AuthIdentity32.DomainLength ;
pAuthIdentity->Domain = (PWSTR) UlongToPtr( AuthIdentity32.Domain );
pAuthIdentity->PasswordLength = AuthIdentity32.PasswordLength ;
pAuthIdentity->Password = (PWSTR) UlongToPtr( AuthIdentity32.Password );
pAuthIdentity->Flags = AuthIdentity32.Flags ;
pAuthIdentity->PackageListLength = AuthIdentity32.PackageListLength ;
pAuthIdentity->PackageList = (PWSTR) UlongToPtr( AuthIdentity32.PackageList );
}
else
{
Status = LsaTable->CopyFromClientBuffer(
NULL,
sizeof(SEC_WINNT_AUTH_IDENTITY_EXW),
pAuthIdentity,
pAuthData);
if (!NT_SUCCESS(Status))
{
SP_LOG_RESULT(Status);
goto cleanup;
}
}
if ((pAuthIdentity->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI) != 0)
{
DoUnicode = FALSE;
}
//
// Copy over the user name and password.
//
if (pAuthIdentity->User != NULL)
{
Status = CopyClientString(
pAuthIdentity->User,
pAuthIdentity->UserLength,
DoUnicode,
&UserName);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR, "SpAcquireCredentialsHandle, Error from CopyClientString is 0x%lx\n", Status));
goto cleanup;
}
}
if (pAuthIdentity->Password != NULL)
{
Status = CopyClientString(
pAuthIdentity->Password,
pAuthIdentity->PasswordLength,
DoUnicode,
&Password);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR, "SpAcquireCredentialsHandle, Error from CopyClientString is 0x%lx\n", Status));
goto cleanup;
}
}
//
// Extract the certificate thumbprint.
//
if(!CredIsMarshaledCredentialW(UserName.Buffer))
{
Status = SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS);
goto cleanup;
}
if(!CredUnmarshalCredentialW(UserName.Buffer,
&CredType,
&pCertInfo))
{
Status = SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS);
goto cleanup;
}
if(CredType != CertCredential)
{
Status = SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS);
goto cleanup;
}
//
// Look up the certificate in the MY certificate store.
//
fImpersonating = SslImpersonateClient();
hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_W,
X509_ASN_ENCODING, 0,
CERT_SYSTEM_STORE_CURRENT_USER |
CERT_STORE_DEFER_CLOSE_UNTIL_LAST_FREE_FLAG,
L"MY");
if(!hStore)
{
SP_LOG_RESULT(GetLastError());
Status = SEC_E_NO_CREDENTIALS;
goto cleanup;
}
HashBlob.cbData = sizeof(pCertInfo->rgbHashOfCert);
HashBlob.pbData = pCertInfo->rgbHashOfCert;
pCertContext = CertFindCertificateInStore(hStore,
X509_ASN_ENCODING,
0,
CERT_FIND_HASH,
&HashBlob,
NULL);
if(pCertContext == NULL)
{
DebugLog((DEB_ERROR, "Certificate designated by authority info was not found in certificate store (0x%x).\n", GetLastError()));
Status = SEC_E_NO_CREDENTIALS;
goto cleanup;
}
//
// Build sub cred structure and attach it to the credential.
//
pSchannelCred->paSubCred = SPExternalAlloc(sizeof(LSA_SCHANNEL_SUB_CRED));
if(pSchannelCred->paSubCred == NULL)
{
Status = SP_LOG_RESULT(SEC_E_INSUFFICIENT_MEMORY);
goto cleanup;
}
pSchannelCred->paSubCred[0].pCert = pCertContext;
pSchannelCred->paSubCred[0].pszPin = Password.Buffer;
Password.Buffer = NULL;
pSchannelCred->cSubCreds = 1;
Status = STATUS_SUCCESS;
cleanup:
if(pAuthIdentity)
{
SPExternalFree(pAuthIdentity);
}
if(UserName.Buffer)
{
LocalFree(UserName.Buffer);
}
if(Password.Buffer)
{
LocalFree(Password.Buffer);
}
if(pCertInfo)
{
CredFree(pCertInfo);
}
if(hStore)
{
CertCloseStore(hStore, 0);
}
if(fImpersonating)
{
RevertToSelf();
}
return Status;
}
//+---------------------------------------------------------------------------
//
// Function: SpCommonAcquireCredentialsHandle
//
// Synopsis: Common AcquireCredentialsHandle function.
//
// Arguments: [Type] -- Type expected (Unified v. specific)
// [pLogonID] --
// [pvAuthData] --
// [pvGetKeyFn] --
// [pvGetKeyArgument] --
// [pdwHandle] --
// [ptsExpiry] --
//
// History: 10-06-96 RichardW Created
//
// Notes:
//
//----------------------------------------------------------------------------
SECURITY_STATUS
SpCommonAcquireCredentialsHandle(
ULONG Type,
PLUID pLogonID,
PVOID pvAuthData,
PVOID pvGetKeyFn,
PVOID pvGetKeyArgument,
PLSA_SEC_HANDLE pdwHandle,
PTimeStamp ptsExpiry)
{
SP_STATUS pctRet;
PSPCredentialGroup pCredGroup;
LSA_SCHANNEL_CRED SchannelCred;
PSCH_CRED pSchCred;
SECURITY_STATUS Status;
SSL_CREDENTIAL_CERTIFICATE SslCert;
DWORD dwVersion;
SECPKG_CLIENT_INFO ClientInfo;
#ifdef _WIN64
SECPKG_CALL_INFO CallInfo;
BOOL fWow64Client = FALSE;
#endif
UNREFERENCED_PARAMETER(pLogonID);
UNREFERENCED_PARAMETER(pvGetKeyFn);
UNREFERENCED_PARAMETER(pvGetKeyArgument);
TRACE_ENTER( SpCommonAcquireCredentialsHandle );
if(!SchannelInit(FALSE))
{
return SP_LOG_RESULT(SEC_E_INTERNAL_ERROR);
}
#ifdef _WIN64
if(!LsaTable->GetCallInfo(&CallInfo))
{
Status = STATUS_INTERNAL_ERROR;
return SP_LOG_RESULT(Status);
}
fWow64Client = (CallInfo.Attributes & SECPKG_CALL_WOWCLIENT) != 0;
#endif
Status = LsaTable->GetClientInfo( &ClientInfo );
if (!NT_SUCCESS( Status ))
{
Status = STATUS_INTERNAL_ERROR;
return SP_LOG_RESULT(Status);
}
//
// Got to have an impersonation level token in order to call ACH.
// This check used to be in lsa, but moved here to enable
// some S4Uproxy scenarios to work w/o tcb.
//
if (ClientInfo.ImpersonationLevel <= SecurityIdentification)
{
Status = SEC_E_NO_CREDENTIALS;
return SP_LOG_RESULT(Status);
}
__try
{
// Default to null credential
memset(&SchannelCred, 0, sizeof(SchannelCred));
SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;
if ( pvAuthData )
{
//
// Read in the first few bytes of data so we can see what's there.
//
Status = LsaTable->CopyFromClientBuffer( NULL,
sizeof( SSL_CREDENTIAL_CERTIFICATE ),
&SslCert,
pvAuthData );
if ( !NT_SUCCESS( Status ) )
{
return( Status );
}
dwVersion = SslCert.cbPrivateKey;
//
// Ok, see what kind of blob we got:
//
switch(dwVersion)
{
case SEC_WINNT_AUTH_IDENTITY_VERSION:
//
// The application passed in a SEC_WINNT_AUTH_IDENTITY_EXW
// structure.
//
Status = SpMapAuthIdentity(pvAuthData, &SchannelCred);
if(!NT_SUCCESS(Status))
{
return Status;
}
break;
case SCH_CRED_V3:
case SCHANNEL_CRED_VERSION:
//
// The application is using modern (version 3) credentials.
//
#ifdef _WIN64
if(fWow64Client)
{
Status = SpWow64MapVersion3Certificate(pvAuthData, dwVersion, &SchannelCred);
}
else
#endif
{
Status = SpMapVersion3Certificate(pvAuthData, dwVersion, &SchannelCred);
}
if(!NT_SUCCESS(Status))
{
return Status;
}
// Selectively enable the unified protocol.
SchannelCred.grbitEnabledProtocols = EnableUnifiedProtocol(
Type,
SchannelCred.grbitEnabledProtocols);
break;
case SCH_CRED_V1:
case SCH_CRED_V2:
//
// Okay, it's a V1 or V2 style request. Map it in, following
// its scary chains.
//
#ifdef _WIN64
if(fWow64Client)
{
Status = SpWow64MapVersion2Certificate(pvAuthData, &pSchCred);
}
else
#endif
{
Status = SpMapVersion2Certificate(pvAuthData, &pSchCred);
}
if(!NT_SUCCESS(Status))
{
return Status;
}
//
// Convert this version 2 credential to a version 3 credential.
//
Status = UpdateCredentialFormat(pSchCred, &SchannelCred);
SpFreeVersion2Certificate( pSchCred );
if(!NT_SUCCESS(Status))
{
return Status;
}
break;
default:
//
// A really old-style credential.
//
#ifdef _WIN64
if(fWow64Client)
{
Status = SpWow64MapProtoCredential((SSLWOW64_CREDENTIAL_CERTIFICATE *)&SslCert, &pSchCred);
}
else
#endif
{
Status = SpMapProtoCredential(&SslCert, &pSchCred);
}
if(!NT_SUCCESS(Status))
{
return Status;
}
//
// Convert this version 2 credential to a version 3 credential.
//
Status = UpdateCredentialFormat(pSchCred, &SchannelCred);
SpFreeVersion2Certificate( pSchCred );
if(!NT_SUCCESS(Status))
{
return Status;
}
break;
}
// Set the legacy flags if this is an old-style credential.
if(dwVersion != SCHANNEL_CRED_VERSION &&
dwVersion != SEC_WINNT_AUTH_IDENTITY_VERSION)
{
SchannelCred.dwFlags |= SCH_CRED_MANUAL_CRED_VALIDATION;
SchannelCred.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS;
}
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return SP_LOG_RESULT(SEC_E_UNKNOWN_CREDENTIALS);
}
if(pvAuthData == NULL && (Type & SP_PROT_SERVERS))
{
//
// A server is creating credential without specifying any
// authentication data, so attempt to acquire a default
// machine credential.
//
Status = FindDefaultMachineCred(&pCredGroup, Type);
if(!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR, "Unable to create default server credential (0x%x)\n", Status));
return Status;
}
ComputeCredExpiry(pCredGroup, ptsExpiry);
*pdwHandle = (LSA_SEC_HANDLE) pCredGroup;
return SEC_E_OK;
}
pctRet = SPCreateCredential( &pCredGroup,
Type,
&SchannelCred );
SpFreeVersion3Certificate( &SchannelCred );
if (PCT_ERR_OK == pctRet)
{
ComputeCredExpiry(pCredGroup, ptsExpiry);
*pdwHandle = (LSA_SEC_HANDLE) pCredGroup;
return SEC_E_OK;
}
return PctTranslateError(pctRet);
}
SECURITY_STATUS
SEC_ENTRY
SpUniAcquireCredentialsHandle(
PSECURITY_STRING psPrincipal,
ULONG fCredentials,
PLUID pLogonID,
PVOID pvAuthData,
PVOID pvGetKeyFn,
PVOID pvGetKeyArgument,
PLSA_SEC_HANDLE pdwHandle,
PTimeStamp ptsExpiry)
{
DWORD Type;
UNREFERENCED_PARAMETER(psPrincipal);
DebugLog((DEB_TRACE, "SpUniAcquireCredentialsHandle(0x%x, 0x%x, 0x%x, 0x%x, 0x%x, 0x%x, 0x%x)\n",
fCredentials, pLogonID, pvAuthData,
pvGetKeyFn, pvGetKeyArgument, pdwHandle, ptsExpiry));
if ( fCredentials & SECPKG_CRED_INBOUND )
{
Type = SP_PROT_UNI_SERVER ;
}
else if ( fCredentials & SECPKG_CRED_OUTBOUND )
{
Type = SP_PROT_UNI_CLIENT ;
}
else
{
return SP_LOG_RESULT(SEC_E_NO_CREDENTIALS);
}
return( SpCommonAcquireCredentialsHandle( Type,
pLogonID,
pvAuthData,
pvGetKeyFn,
pvGetKeyArgument,
pdwHandle,
ptsExpiry ) );
}
SECURITY_STATUS
SEC_ENTRY
SpQueryCredentialsAttributes(
LSA_SEC_HANDLE dwCredHandle,
ULONG dwAttribute,
PVOID Buffer)
{
PSPCredentialGroup pCred;
ULONG Size;
PVOID pvClient = NULL;
DWORD cbClient;
SECURITY_STATUS Status;
BOOL fWow64Client = FALSE;
#ifdef _WIN64
SECPKG_CALL_INFO CallInfo;
#endif
typedef struct _SecPkgCred_SupportedAlgsWow64
{
DWORD cSupportedAlgs;
SSLWOW64_PVOID palgSupportedAlgs;
} SecPkgCred_SupportedAlgsWow64, *PSecPkgCred_SupportedAlgsWow64;
union {
SecPkgCred_SupportedAlgs SupportedAlgs;
SecPkgCred_SupportedAlgsWow64 SupportedAlgsWow64;
SecPkgCred_CipherStrengths CipherStrengths;
SecPkgCred_SupportedProtocols SupportedProtocols;
} LocalBuffer;
pCred = (PSPCredentialGroup)dwCredHandle;
if(pCred == NULL)
{
return(SEC_E_INVALID_HANDLE);
}
#ifdef _WIN64
if(!LsaTable->GetCallInfo(&CallInfo))
{
Status = STATUS_INTERNAL_ERROR;
return SP_LOG_RESULT(Status);
}
fWow64Client = (CallInfo.Attributes & SECPKG_CALL_WOWCLIENT) != 0;
#endif
__try
{
switch (dwAttribute)
{
case SECPKG_ATTR_SUPPORTED_ALGS:
DebugLog((DEB_TRACE, "QueryCredentialsAttributes(SECPKG_ATTR_SUPPORTED_ALGS)\n"));
if(fWow64Client)
{
Size = sizeof(SecPkgCred_SupportedAlgsWow64);
}
else
{
Size = sizeof(SecPkgCred_SupportedAlgs);
}
break;
case SECPKG_ATTR_CIPHER_STRENGTHS:
DebugLog((DEB_TRACE, "QueryCredentialsAttributes(SECPKG_ATTR_CIPHER_STRENGTHS)\n"));
Size = sizeof(SecPkgCred_CipherStrengths);
break;
case SECPKG_ATTR_SUPPORTED_PROTOCOLS:
DebugLog((DEB_TRACE, "QueryCredentialsAttributes(SECPKG_ATTR_SUPPORTED_PROTOCOLS)\n"));
Size = sizeof(SecPkgCred_SupportedProtocols);
break;
default:
DebugLog((DEB_WARN, "QueryCredentialsAttributes(unsupported function %d)\n", dwAttribute));
return SP_LOG_RESULT(SEC_E_UNSUPPORTED_FUNCTION);
}
// Copy structure from client memory, just in case any of this
// stuff is in/out.
Status = LsaTable->CopyFromClientBuffer( NULL,
Size,
&LocalBuffer,
Buffer );
if(FAILED(Status))
{
return Status;
}
switch (dwAttribute)
{
case SECPKG_ATTR_SUPPORTED_ALGS:
{
cbClient = pCred->cSupportedAlgs * sizeof(ALG_ID);
// Allocate client memory for algorithm list.
Status = LsaTable->AllocateClientBuffer(NULL, cbClient, &pvClient);
if(FAILED(Status))
{
return Status;
}
if(fWow64Client)
{
LocalBuffer.SupportedAlgsWow64.cSupportedAlgs = pCred->cSupportedAlgs;
LocalBuffer.SupportedAlgsWow64.palgSupportedAlgs = PtrToUlong(pvClient);
}
else
{
LocalBuffer.SupportedAlgs.cSupportedAlgs = pCred->cSupportedAlgs;
LocalBuffer.SupportedAlgs.palgSupportedAlgs = pvClient;
}
// Copy algorithm list to client memory.
Status = LsaTable->CopyToClientBuffer(
NULL,
cbClient,
pvClient,
pCred->palgSupportedAlgs);
if(FAILED(Status))
{
LsaTable->FreeClientBuffer(NULL, pvClient);
return Status;
}
break;
}
case SECPKG_ATTR_CIPHER_STRENGTHS:
GetDisplayCipherSizes(pCred,
&LocalBuffer.CipherStrengths.dwMinimumCipherStrength,
&LocalBuffer.CipherStrengths.dwMaximumCipherStrength);
break;
case SECPKG_ATTR_SUPPORTED_PROTOCOLS:
LocalBuffer.SupportedProtocols.grbitProtocol = pCred->grbitEnabledProtocols;
break;
}
// Copy structure back to client memory.
Status = LsaTable->CopyToClientBuffer( NULL,
Size,
Buffer,
&LocalBuffer );
if(FAILED(Status))
{
if(pvClient) LsaTable->FreeClientBuffer(NULL, pvClient);
return Status;
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return SP_LOG_RESULT(SEC_E_UNSUPPORTED_FUNCTION);
}
return SEC_E_OK;
}
SECURITY_STATUS
SEC_ENTRY
SpFreeCredentialsHandle(LSA_SEC_HANDLE dwHandle)
{
PSPCredentialGroup pCred;
SECPKG_CALL_INFO CallInfo;
DebugLog((DEB_TRACE, "SpFreeCredentialsHandle(0x%x)\n", dwHandle));
pCred = (PSPCredentialGroup) dwHandle ;
__try
{
if (pCred)
{
// Delete all mention of this credential from the cache.
SPCachePurgeCredential(pCred);
// Was this call made from the LSA cleanup code? In other
// words, did the application terminate without cleaning up
// properly? If so, then throw away all unreferenced zombies
// associated with that process.
if(LsaTable->GetCallInfo(&CallInfo))
{
if(CallInfo.Attributes & SECPKG_CALL_CLEANUP)
{
SPCachePurgeProcessId(pCred->ProcessId);
}
}
pCred->dwFlags |= CRED_FLAG_DELETED;
SPDereferenceCredential(pCred, TRUE);
return(SEC_E_OK);
}
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
return SP_LOG_RESULT(SEC_E_UNSUPPORTED_FUNCTION);
}
return SP_LOG_RESULT(SEC_E_INVALID_HANDLE);
}