archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/digest/ctxt.cxx

487 lines
13 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 2000
  6. //
  7. // File: ctxt.cxx
  8. //
  9. // Contents: Context manipulation functions
  10. //
  11. //
  12. // History: KDamour 15Mar00 Stolen from NTLM context.cxx
  13. //
  14. //------------------------------------------------------------------------
  15. #include "global.h"
  17. // Globals for manipulating Context Lists
  18. RTL_CRITICAL_SECTION l_ContextCritSect;
  20. LIST_ENTRY l_ContextList;
  22. // Indicate if completed Initialization of Credential Handler
  23. BOOL g_bContextInitialized = FALSE;
  27. //+--------------------------------------------------------------------
  28. //
  29. // Function: SspContextInitialize
  30. //
  31. // Synopsis: Initializes the context manager package
  32. //
  33. // Arguments: none
  34. //
  35. // Returns: NTSTATUS
  36. //
  37. // Notes: Called by SpInitialize
  38. //
  39. //---------------------------------------------------------------------
  40. NTSTATUS
  41. CtxtHandlerInit(VOID)
  42. {
  43. NTSTATUS Status = STATUS_SUCCESS;
  45. //
  46. // Initialize the Context list to be empty.
  47. //
  49. Status = RtlInitializeCriticalSection(&l_ContextCritSect);
  50. if (!NT_SUCCESS(Status))
  51. {
  52. DebugLog((DEB_ERROR, "CtxtHandlerInit: Failed to initialize critsec 0x%x\n", Status));
  53. goto CleanUp;
  54. }
  56. InitializeListHead( &l_ContextList );
  59. // Simple variable test to make sure all initialized;
  60. g_bContextInitialized = TRUE;
  62. CleanUp:
  64. return Status;
  65. }
  68. // Add a Context into the Context List
  69. NTSTATUS
  70. CtxtHandlerInsertCred(
  71. IN PDIGEST_CONTEXT pDigestCtxt
  72. )
  73. {
  74. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerInsertCred: Entering with Context 0x%x RefCount %ld\n", pDigestCtxt, pDigestCtxt->lReferences));
  75. RtlEnterCriticalSection( &l_ContextCritSect );
  76. DebugLog((DEB_TRACE, "CtxtHandlerInsertCred: add into list\n"));
  77. InsertHeadList( &l_ContextList, &pDigestCtxt->Next );
  78. RtlLeaveCriticalSection( &l_ContextCritSect );
  79. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerInsertCred: Leaving with Context 0x%x\n", pDigestCtxt));
  81. return STATUS_SUCCESS;
  82. }
  85. // Initialize a Context into the IdleState with the data from the Credential provided
  86. NTSTATUS NTAPI
  87. ContextInit(
  88. IN OUT PDIGEST_CONTEXT pContext,
  89. IN PDIGEST_CREDENTIAL pCredential
  90. )
  91. {
  93. NTSTATUS Status = STATUS_SUCCESS;
  95. DebugLog((DEB_TRACE_FUNC, "ContextInit: Entering\n"));
  97. if (!pContext || !pCredential)
  98. {
  99. return STATUS_INVALID_PARAMETER;
  100. }
  102. ZeroMemory(pContext, sizeof(DIGEST_CONTEXT));
  104. pContext->typeQOP = QOP_UNDEFINED;
  105. pContext->typeDigest = DIGEST_UNDEFINED;
  106. pContext->typeAlgorithm = ALGORITHM_UNDEFINED;
  107. pContext->typeCipher = CIPHER_UNDEFINED;
  108. pContext->typeCharset = CHARSET_UNDEFINED;
  109. pContext->lReferences = 0;
  110. pContext->ulSendMaxBuf = SASL_MAX_DATA_BUFFER;
  111. pContext->ulRecvMaxBuf = SASL_MAX_DATA_BUFFER;
  112. pContext->TimeCreated = time(NULL);
  113. pContext->ContextHandle = (ULONG_PTR)pContext;
  114. pContext->PasswordExpires = g_TimeForever; // never expire
  116. // Now copy over all the info we need from the supplied credential
  118. pContext->CredentialUseFlags = pCredential->CredentialUseFlags; // Keep the info on inbound/outbound
  120. Status = UnicodeStringDuplicate(&(pContext->ustrAccountName), &(pCredential->ustrAccountName));
  121. if (!NT_SUCCESS(Status))
  122. {
  123. DebugLog((DEB_ERROR, "ContextInit: Failed to copy Domain into Context\n"));
  124. goto CleanUp;
  125. }
  127. Status = UnicodeStringDuplicate(&(pContext->ustrDomain), &(pCredential->ustrDnsDomainName));
  128. if (!NT_SUCCESS(Status))
  129. {
  130. DebugLog((DEB_ERROR, "ContextInit: Failed to copy Domain into Context\n"));
  131. goto CleanUp;
  132. }
  134. // Copy over the Credential Password if known - thread safe - this is encrypted text
  135. Status = CredHandlerPasswdGet(pCredential, &pContext->ustrPassword);
  136. if (!NT_SUCCESS(Status))
  137. {
  138. DebugLog((DEB_ERROR, "ContextInit: CredHandlerPasswdGet error status 0x%x\n", Status));
  139. goto CleanUp;
  140. }
  143. CleanUp:
  144. DebugLog((DEB_TRACE_FUNC, "ContextInit: Leaving\n"));
  145. return Status;
  147. }
  150. // Once done with a context - release the resouces
  151. NTSTATUS NTAPI
  152. ContextFree(
  153. IN PDIGEST_CONTEXT pContext
  154. )
  155. {
  156. NTSTATUS Status = STATUS_SUCCESS;
  157. USHORT iCnt = 0;
  159. DebugLog((DEB_TRACE_FUNC, "ContextFree: Entering with Context 0x%x\n", pContext));
  160. ASSERT(pContext);
  161. ASSERT(0 == pContext->lReferences);
  163. if (!pContext)
  164. {
  165. return STATUS_INVALID_PARAMETER;
  166. }
  168. DebugLog((DEB_TRACE, "ContextFree: Context RefCount %ld\n", pContext->lReferences));
  170. DebugLog((DEB_TRACE, "ContextFree: Checking TokenHandle for LogonID (%x:%lx)\n",
  171. pContext->LoginID.HighPart, pContext->LoginID.LowPart));
  172. if (pContext->TokenHandle)
  173. {
  174. DebugLog((DEB_TRACE, "ContextFree: Closing TokenHandle for LogonID (%x:%lx)\n",
  175. pContext->LoginID.HighPart, pContext->LoginID.LowPart));
  176. NtClose(pContext->TokenHandle);
  177. pContext->TokenHandle = NULL;
  178. }
  180. StringFree(&(pContext->strNonce));
  181. StringFree(&(pContext->strCNonce));
  182. StringFree(&(pContext->strOpaque));
  183. StringFree(&(pContext->strSessionKey));
  184. UnicodeStringFree(&(pContext->ustrDomain));
  185. UnicodeStringFree(&(pContext->ustrPassword));
  186. UnicodeStringFree(&(pContext->ustrAccountName));
  188. StringFree(&(pContext->strResponseAuth));
  190. for (iCnt = 0; iCnt < MD5_AUTH_LAST; iCnt++)
  191. {
  192. StringFree(&(pContext->strDirective[iCnt]));
  193. }
  195. DigestFreeMemory(pContext);
  197. DebugLog((DEB_TRACE_FUNC, "ContextFree: Leaving with Context 0x%x\n", pContext));
  198. return Status;
  200. }
  204. /*++
  206. Routine Description:
  208. This routine checks to see if the Context is for the specified
  209. Client Connection, and references the Context if it is valid.
  211. The caller may optionally request that the Context be
  212. removed from the list of valid Contexts - preventing future
  213. requests from finding this Context.
  215. Arguments:
  217. ContextHandle - Points to the ContextHandle of the Context
  218. to be referenced.
  220. RemoveContext - This boolean value indicates whether the caller
  221. wants the Context to be removed from the list
  222. of Contexts. TRUE indicates the Context is to be removed.
  223. FALSE indicates the Context is not to be removed.
  226. Return Value:
  228. NULL - the Context was not found.
  230. Otherwise - returns a pointer to the referenced Context.
  232. --*/
  233. NTSTATUS NTAPI
  234. CtxtHandlerHandleToContext(
  235. IN ULONG_PTR ContextHandle,
  236. IN BOOLEAN RemoveContext,
  237. OUT PDIGEST_CONTEXT *ppContext
  238. )
  239. {
  240. NTSTATUS Status = STATUS_SUCCESS;
  241. PLIST_ENTRY ListEntry = NULL;
  242. PDIGEST_CONTEXT Context = NULL;
  243. LONG lReferences = 0;
  245. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerHandleToContext: Entering ContextHandle 0x%lx\n", ContextHandle));
  247. //
  248. // Acquire exclusive access to the Context list
  249. //
  251. RtlEnterCriticalSection( &l_ContextCritSect );
  253. //
  254. // Now walk the list of Contexts looking for a match.
  255. //
  257. for ( ListEntry = l_ContextList.Flink;
  258. ListEntry != &l_ContextList;
  259. ListEntry = ListEntry->Flink ) {
  261. Context = CONTAINING_RECORD( ListEntry, DIGEST_CONTEXT, Next );
  263. //
  264. // Found a match ... reference this Context
  265. // (if the Context is being removed, we would increment
  266. // and then decrement the reference, so don't bother doing
  267. // either - since they cancel each other out).
  268. //
  270. if ( Context == (PDIGEST_CONTEXT) ContextHandle)
  271. {
  272. if (!RemoveContext)
  273. {
  274. //
  275. // Timeout this context if caller is not trying to remove it.
  276. // We only timeout contexts that are being setup, not
  277. // fully authenticated contexts.
  278. //
  280. if (CtxtHandlerTimeHasElapsed(Context))
  281. {
  282. DebugLog((DEB_ERROR, "CtxtHandlerHandleToContext: Context 0x%lx has timed out.\n",
  283. ContextHandle ));
  284. Status = SEC_E_CONTEXT_EXPIRED;
  285. goto CleanUp;
  286. }
  288. lReferences = InterlockedIncrement(&Context->lReferences);
  289. }
  290. else
  291. {
  292. RemoveEntryList( &Context->Next );
  293. DebugLog((DEB_TRACE, "CtxtHandlerHandleToContext:Delinked Context 0x%lx\n",Context ));
  294. }
  296. DebugLog((DEB_TRACE, "CtxtHandlerHandleToContext: FOUND Context = 0x%x, RemoveContext = %d, ReferenceCount = %ld\n",
  297. Context, RemoveContext, Context->lReferences));
  298. *ppContext = Context;
  299. goto CleanUp;
  300. }
  302. }
  304. //
  305. // No match found
  306. //
  308. DebugLog((DEB_WARN, "CtxtHandlerHandleToContext: Tried to reference unknown Context 0x%lx\n", ContextHandle ));
  309. Status = STATUS_OBJECT_NAME_NOT_FOUND;
  311. CleanUp:
  313. RtlLeaveCriticalSection( &l_ContextCritSect );
  314. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerHandleToContext: Leaving\n" ));
  316. return(Status);
  317. }
  321. /*++
  323. Routine Description:
  325. This routine checks to see if the LogonId is for the specified
  326. Server Connection, and references the Context if it is valid.
  328. The caller may optionally request that the Context be
  329. removed from the list of valid Contexts - preventing future
  330. requests from finding this Context.
  332. Arguments:
  334. pstrOpaque - Opaque string that uniquely references the SecurityContext
  337. Return Value:
  339. NULL - the Context was not found.
  341. Otherwise - returns a pointer to the referenced Context.
  343. --*/
  344. NTSTATUS NTAPI
  345. CtxtHandlerOpaqueToPtr(
  346. IN PSTRING pstrOpaque,
  347. OUT PDIGEST_CONTEXT *ppContext
  348. )
  349. {
  350. NTSTATUS Status = STATUS_SUCCESS;
  351. PLIST_ENTRY ListEntry = NULL;
  352. PDIGEST_CONTEXT Context = NULL;
  353. LONG rc = 0;
  354. LONG lReferences = 0;
  356. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerOpaqueToPtr: Entering Opaque (%Z)\n", pstrOpaque));
  358. //
  359. // Acquire exclusive access to the Context list
  360. //
  362. RtlEnterCriticalSection( &l_ContextCritSect );
  364. //
  365. // Now walk the list of Contexts looking for a match.
  366. //
  368. for ( ListEntry = l_ContextList.Flink;
  369. ListEntry != &l_ContextList;
  370. ListEntry = ListEntry->Flink ) {
  372. Context = CONTAINING_RECORD( ListEntry, DIGEST_CONTEXT, Next );
  374. //
  375. // Found a match ... reference this Context
  376. // (if the Context is being removed, we would increment
  377. // and then decrement the reference, so don't bother doing
  378. // either - since they cancel each other out).
  379. //
  381. rc = RtlCompareString(pstrOpaque, &(Context->strOpaque), FALSE);
  382. if (!rc)
  383. {
  385. //
  386. // Timeout this context if caller is not trying to remove it.
  387. // We only timeout contexts that are being setup, not
  388. // fully authenticated contexts.
  389. //
  391. if (CtxtHandlerTimeHasElapsed(Context))
  392. {
  393. DebugLog((DEB_ERROR, "CtxtHandlerOpaqueToPtr: Context 0x%x has timed out.\n",
  394. Context ));
  395. Status = SEC_E_CONTEXT_EXPIRED;
  396. goto CleanUp;
  397. }
  399. lReferences = InterlockedIncrement(&Context->lReferences);
  401. DebugLog((DEB_TRACE, "CtxtHandlerOpaqueToPtr: FOUND Context = 0x%x, ReferenceCount = %ld\n",
  402. Context, Context->lReferences));
  403. *ppContext = Context;
  404. goto CleanUp;
  405. }
  407. }
  409. //
  410. // No match found
  411. //
  413. DebugLog((DEB_WARN, "CtxtHandlerOpaqueToPtr: Tried to reference unknown Opaque (%Z)\n", pstrOpaque));
  414. Status = STATUS_OBJECT_NAME_NOT_FOUND;
  416. CleanUp:
  418. RtlLeaveCriticalSection( &l_ContextCritSect );
  419. DebugLog((DEB_TRACE_FUNC, "CtxtHandlerOpaqueToPtr: Leaving\n" ));
  421. return(Status);
  422. }
  426. // Check the Creation time with the Current time.
  427. // If the difference is greater than the MAX allowed, Context is no longer valid
  428. BOOL
  429. CtxtHandlerTimeHasElapsed(
  430. PDIGEST_CONTEXT pContext)
  431. {
  432. BOOL bStatus = FALSE;
  433. DWORD dwTimeElapsed = 0;
  434. time_t timeCurrent = time(NULL);
  436. dwTimeElapsed = (DWORD)(timeCurrent - pContext->TimeCreated);
  438. if (dwTimeElapsed > g_dwParameter_Lifetime)
  439. {
  440. bStatus = TRUE;
  441. }
  443. return(bStatus);
  444. }
  448. //+--------------------------------------------------------------------
  449. //
  450. // Function: CtxtHandlerRelease
  451. //
  452. // Synopsis: Releases the Context by decreasing reference counter
  453. //
  454. // Arguments: pContext - pointer to credential to de-reference
  455. //
  456. // Returns: NTSTATUS
  457. //
  458. // Notes:
  459. //
  460. //---------------------------------------------------------------------
  461. NTSTATUS
  462. CtxtHandlerRelease(
  463. PDIGEST_CONTEXT pContext)
  464. {
  465. NTSTATUS Status = STATUS_SUCCESS;
  466. LONG lReferences = 0;
  468. lReferences = InterlockedDecrement(&pContext->lReferences);
  470. DebugLog((DEB_TRACE, "CtxtHandlerRelease: (RefCount) UserContextInit deref 0x%x references %ld\n",
  471. pContext, lReferences));
  473. ASSERT( lReferences >= 0 );
  475. //
  476. // If the count has dropped to zero, then free all alloced stuff
  477. //
  479. if (lReferences == 0)
  480. {
  481. DebugLog((DEB_TRACE, "CtxtHandlerRelease: (RefCount) UserContextInit freed 0x%x\n", pContext));
  482. Status = ContextFree(pContext);
  483. }
  485. return(Status);
  486. }