mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2953 lines
79 KiB
2953 lines
79 KiB
/*++
|
|
|
|
Copyright (C) Microsoft Corporation, 1991 - 1999
|
|
|
|
Module Name:
|
|
|
|
secclnt.cxx
|
|
|
|
Abstract:
|
|
|
|
Implementation of security objects.
|
|
|
|
Author:
|
|
|
|
Michael Montague (mikemon) 11-Apr-1992
|
|
|
|
Revision History:
|
|
|
|
21-Feb-1997 jroberts Added some SSL support.
|
|
|
|
--*/
|
|
|
|
|
|
#include <precomp.hxx>
|
|
#include <wincrypt.h>
|
|
#include <rpcssl.h>
|
|
#include <cryptimp.hxx>
|
|
#include <rpccfg.h>
|
|
#include <spseal.h>
|
|
#include <schnlsp.h>
|
|
#include <hndlsvr.hxx>
|
|
|
|
int SecuritySupportLoaded = 0;
|
|
int FailedToLoad = 0;
|
|
|
|
unsigned long NumberOfProviders = 0;
|
|
unsigned long LoadedProviders = 0;
|
|
unsigned long AvailableProviders = 0;
|
|
SECURITY_PROVIDER_INFO PAPI * ProviderList = 0;
|
|
MUTEX * SecurityCritSect; // Mutex for the Server credentials cache.
|
|
|
|
// Incremented each time we leak SECURITY_CONTEXT::SecurityContext
|
|
// due to RpcSecurityInterface->DeleteSecurityContext
|
|
// returning SEC_E_INSUFFICIENT_MEMORY.
|
|
unsigned int nSecurityContextsLeaked = 0;
|
|
|
|
struct PACKAGE_LEG_INFO
|
|
{
|
|
DWORD Package;
|
|
PACKAGE_LEG_COUNT Legs;
|
|
};
|
|
|
|
const PACKAGE_LEG_INFO PredefinedPackageLegInfo[] =
|
|
{
|
|
{ RPC_C_AUTHN_WINNT, ThreeLegs },
|
|
{ RPC_C_AUTHN_GSS_NEGOTIATE,EvenNumberOfLegs },
|
|
{ RPC_C_AUTHN_GSS_KERBEROS, EvenNumberOfLegs },
|
|
{ RPC_C_AUTHN_GSS_SCHANNEL, EvenNumberOfLegs },
|
|
{ RPC_C_AUTHN_DPA, ThreeLegs },
|
|
{ RPC_C_AUTHN_DCE_PRIVATE, ThreeLegs },
|
|
{ 0x44, ThreeLegs }, // RPC_C_AUTHN_NETLOGON from net\svcdlls\logonsrv\nlbind.h
|
|
{ 0, LegsUnknown }
|
|
};
|
|
|
|
// defined in principal.cxx
|
|
//
|
|
extern
|
|
DWORD
|
|
RpcCertMatchPrincipalName(
|
|
PCCERT_CONTEXT Context,
|
|
RPC_CHAR PrincipalName[]
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define SEC_TCHAR SEC_WCHAR
|
|
#else
|
|
#define SEC_TCHAR SEC_CHAR
|
|
#endif
|
|
|
|
|
|
RPC_STATUS
|
|
FindSecurityPackage (
|
|
IN unsigned long AuthenticationService,
|
|
IN unsigned long AuthenticationLevel,
|
|
OUT unsigned int __RPC_FAR * ProviderIndex,
|
|
OUT unsigned int __RPC_FAR * PackageIndex
|
|
);
|
|
|
|
|
|
|
|
RPC_STATUS
|
|
InsureSecuritySupportLoaded (
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine insures that the security support is loaded; if it is not
|
|
loaded, then we go ahead and load it.
|
|
|
|
Return Value:
|
|
|
|
A zero result indicates that security support has successfully been
|
|
loaded, and is ready to go.
|
|
|
|
--*/
|
|
{
|
|
RPC_STATUS Status = RPC_S_OK;
|
|
|
|
if ( SecuritySupportLoaded != 0 )
|
|
{
|
|
return(0);
|
|
}
|
|
|
|
RequestGlobalMutex();
|
|
if ( SecuritySupportLoaded != 0 )
|
|
{
|
|
ClearGlobalMutex();
|
|
return(0);
|
|
}
|
|
|
|
SecurityCritSect = new MUTEX(&Status,
|
|
TRUE // pre-allocate semaphore
|
|
);
|
|
|
|
if (SecurityCritSect == 0)
|
|
{
|
|
Status = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
|
|
if (Status == RPC_S_OK)
|
|
{
|
|
SecuritySupportLoaded = 1;
|
|
}
|
|
|
|
ClearGlobalMutex();
|
|
return (Status);
|
|
}
|
|
|
|
|
|
|
|
RPC_STATUS
|
|
IsAuthenticationServiceSupported (
|
|
IN unsigned long AuthenticationService
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine is used to determine whether or not an authentication
|
|
service is supported by the current configuration.
|
|
|
|
Arguments:
|
|
|
|
AuthenticationService - Supplies a proposed authentication service.
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - The supplied authentication service is supported by the
|
|
current configuration.
|
|
|
|
RPC_S_UNKNOWN_AUTHN_SERVICE - The supplied authentication service
|
|
is unknown, and not supported by the current configuration.
|
|
|
|
--*/
|
|
{
|
|
unsigned int PackageIndex, ProviderIndex;
|
|
|
|
// First make sure that the security support has been loaded.
|
|
|
|
if ( InsureSecuritySupportLoaded() != RPC_S_OK )
|
|
{
|
|
return(RPC_S_OUT_OF_MEMORY);
|
|
}
|
|
|
|
|
|
return ( FindSecurityPackage(
|
|
AuthenticationService,
|
|
RPC_C_AUTHN_LEVEL_CONNECT,
|
|
&ProviderIndex,
|
|
&PackageIndex
|
|
) );
|
|
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
FindSecurityPackage (
|
|
IN unsigned long AuthenticationService,
|
|
IN unsigned long AuthenticationLevel,
|
|
OUT unsigned int __RPC_FAR * ProviderIndex,
|
|
OUT unsigned int __RPC_FAR * PackageIndex
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
The methods used to acquire credentials for the client and the server use
|
|
this routine to find a security package, given the an authentication
|
|
service.
|
|
|
|
Arguments:
|
|
|
|
AuthenticationService - Supplies the authentication service to be used
|
|
(for the credentials and for the context).
|
|
|
|
AuthenticationLevel - Supplies the authentication level to be used by
|
|
these credentials. It will already have been mapped by the protocol
|
|
module into the final level.
|
|
|
|
RpcStatus - Returns the status of the operation. It will be one of the
|
|
following values.
|
|
|
|
RPC_S_OK - The return value from this routine is the index of
|
|
the appropriate security package.
|
|
|
|
RPC_S_UNKNOWN_AUTHN_SERVICE - The specified authentication service is
|
|
not supported by the current configuration.
|
|
|
|
RPC_S_UNKNOWN_AUTHN_LEVEL - The specified authentication level is not
|
|
supported by the requested authentication service.
|
|
|
|
Return Value:
|
|
|
|
If RpcStatus contains RPC_S_OK, then the index of the appropriate
|
|
security package will be returned.
|
|
|
|
--*/
|
|
{
|
|
unsigned int Index, i;
|
|
INIT_SECURITY_INTERFACE InitSecurityInterface;
|
|
PSecurityFunctionTable SecurityInterface = 0;
|
|
SecPkgInfo PAPI * tmpPkgList;
|
|
SECURITY_PACKAGE_INFO * SecurityPackages;
|
|
SECURITY_PROVIDER_INFO PAPI * List;
|
|
unsigned long NumberOfPackages, Total;
|
|
RPC_CHAR * DllName = NULL;
|
|
DLL * ProviderDll;
|
|
RPC_STATUS Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
|
|
// First make sure that the security support has been loaded.
|
|
|
|
if ( InsureSecuritySupportLoaded() != RPC_S_OK )
|
|
{
|
|
return(RPC_S_OUT_OF_MEMORY);
|
|
}
|
|
|
|
// 0xFFFF ia a "not-an-RPC-ID", indicating that the protocol
|
|
// is not for use by RPC.
|
|
if (AuthenticationService == 0xFFFF)
|
|
{
|
|
return(RPC_S_UNKNOWN_AUTHN_SERVICE);
|
|
}
|
|
|
|
SecurityCritSect->Request();
|
|
|
|
List = ProviderList;
|
|
for (i = 0; i < LoadedProviders; i ++)
|
|
{
|
|
|
|
SecurityPackages = List->SecurityPackages;
|
|
NumberOfPackages = List->Count;
|
|
|
|
for (Index = 0;Index < (unsigned int) NumberOfPackages;Index++)
|
|
{
|
|
if ( SecurityPackages[Index].PackageInfo.wRPCID == AuthenticationService )
|
|
{
|
|
if ( (AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
|
|
|| ( AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT) )
|
|
{
|
|
if ( (SecurityPackages[Index].PackageInfo.fCapabilities
|
|
& SECPKG_FLAG_INTEGRITY) == 0 )
|
|
{
|
|
Status = RPC_S_UNKNOWN_AUTHN_LEVEL;
|
|
goto Cleanup;
|
|
}
|
|
}
|
|
if ( AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY )
|
|
{
|
|
if ( (SecurityPackages[Index].PackageInfo.fCapabilities
|
|
& SECPKG_FLAG_PRIVACY) == 0 )
|
|
{
|
|
Status = RPC_S_UNKNOWN_AUTHN_LEVEL;
|
|
goto Cleanup;
|
|
}
|
|
}
|
|
Status = RPC_S_OK;
|
|
*ProviderIndex = i;
|
|
*PackageIndex = Index;
|
|
break;
|
|
}
|
|
} //For over all packages in one provider(dll)
|
|
|
|
if (Status == RPC_S_OK)
|
|
{
|
|
SecurityCritSect->Clear();
|
|
return(Status);
|
|
}
|
|
List++;
|
|
} //For over all providers(dll)
|
|
|
|
if ((LoadedProviders == AvailableProviders) && (LoadedProviders != 0))
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
Status = RpcGetSecurityProviderInfo (
|
|
AuthenticationService, &DllName, &Total);
|
|
|
|
ASSERT(!RpcpCheckHeap());
|
|
|
|
if (Status != RPC_S_OK)
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
if (ProviderList == 0)
|
|
{
|
|
ProviderList = (SECURITY_PROVIDER_INFO PAPI *)
|
|
new char [sizeof(SECURITY_PROVIDER_INFO) * Total];
|
|
if (ProviderList == 0)
|
|
{
|
|
Status = RPC_S_OUT_OF_MEMORY;
|
|
goto Cleanup;
|
|
}
|
|
AvailableProviders = Total;
|
|
}
|
|
else
|
|
{
|
|
List = ProviderList;
|
|
for (i = 0; i < LoadedProviders; i ++)
|
|
{
|
|
if (RpcpStringCompare(DllName, List->ProviderDllName) == 0)
|
|
{
|
|
delete DllName;
|
|
Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
goto Cleanup;
|
|
}
|
|
List++;
|
|
}
|
|
}
|
|
|
|
ProviderDll = new DLL(DllName, &Status);
|
|
|
|
if ((ProviderDll == NULL) && (Status == RPC_S_INVALID_ARG))
|
|
{
|
|
Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
}
|
|
|
|
if (Status != RPC_S_OK)
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
ASSERT(!RpcpCheckHeap());
|
|
|
|
InitSecurityInterface = (INIT_SECURITY_INTERFACE_W)
|
|
ProviderDll->GetEntryPoint(SECURITY_ENTRYPOINT_ANSIW);
|
|
|
|
if ( InitSecurityInterface == 0 )
|
|
{
|
|
delete ProviderDll;
|
|
Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
goto Cleanup;
|
|
}
|
|
|
|
SecurityInterface = (*InitSecurityInterface)();
|
|
if ( (SecurityInterface == 0)
|
|
|| (SecurityInterface->dwVersion
|
|
< SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION) )
|
|
{
|
|
delete ProviderDll;
|
|
Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
goto Cleanup;
|
|
}
|
|
|
|
Status = (*SecurityInterface->EnumerateSecurityPackages)(
|
|
&NumberOfPackages, &tmpPkgList);
|
|
|
|
if ( Status != SEC_E_OK)
|
|
{
|
|
delete ProviderDll;
|
|
|
|
if (Status == SEC_E_INSUFFICIENT_MEMORY)
|
|
{
|
|
Status = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
else
|
|
{
|
|
VALIDATE(Status) {
|
|
SEC_E_SECPKG_NOT_FOUND
|
|
} END_VALIDATE;
|
|
Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
}
|
|
|
|
goto Cleanup;
|
|
}
|
|
|
|
ProviderList[LoadedProviders].Count = NumberOfPackages;
|
|
ProviderList[LoadedProviders].RpcSecurityInterface = SecurityInterface;
|
|
ProviderList[LoadedProviders].ProviderDll = ProviderDll;
|
|
ProviderList[LoadedProviders].ProviderDllName = DllName;
|
|
*ProviderIndex = LoadedProviders;
|
|
|
|
//
|
|
// Fill in the SecurityPackages member for this Provider.
|
|
//
|
|
ProviderList[LoadedProviders].SecurityPackages =
|
|
(SECURITY_PACKAGE_INFO *) new char
|
|
[sizeof(SECURITY_PACKAGE_INFO) * NumberOfPackages];
|
|
if (ProviderList[LoadedProviders].SecurityPackages == NULL)
|
|
{
|
|
Status = RPC_S_OUT_OF_MEMORY;
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// Save the SecPkgInfo array to the SecurityPackages structure.
|
|
//
|
|
for (i = 0; i < NumberOfPackages; i++)
|
|
{
|
|
ProviderList[LoadedProviders].
|
|
SecurityPackages[i].
|
|
PackageInfo = tmpPkgList[i];
|
|
|
|
ProviderList[LoadedProviders].
|
|
SecurityPackages[i].
|
|
ServerSecurityCredentials = NULL;
|
|
}
|
|
|
|
|
|
SecurityPackages = ProviderList[LoadedProviders].SecurityPackages;
|
|
Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
for (i = 0; i < NumberOfPackages; i++)
|
|
{
|
|
if ( SecurityPackages[i].PackageInfo.wRPCID == AuthenticationService )
|
|
{
|
|
if ( ( AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY )
|
|
||( AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT) )
|
|
{
|
|
if ( (SecurityPackages[i].PackageInfo.fCapabilities
|
|
& SECPKG_FLAG_INTEGRITY) == 0 )
|
|
{
|
|
Status = RPC_S_UNKNOWN_AUTHN_LEVEL;
|
|
continue;
|
|
}
|
|
}
|
|
if ( AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY )
|
|
{
|
|
if ( (SecurityPackages[i].PackageInfo.fCapabilities
|
|
& SECPKG_FLAG_PRIVACY) == 0 )
|
|
{
|
|
Status = RPC_S_UNKNOWN_AUTHN_LEVEL;
|
|
continue;
|
|
}
|
|
}
|
|
*PackageIndex = i;
|
|
Status = RPC_S_OK;
|
|
break;
|
|
}
|
|
}
|
|
LoadedProviders++;
|
|
|
|
Cleanup:
|
|
SecurityCritSect->Clear();
|
|
return(Status);
|
|
}
|
|
|
|
|
|
|
|
|
|
RPC_STATUS
|
|
FindServerCredentials (
|
|
IN RPC_AUTH_KEY_RETRIEVAL_FN GetKeyFn,
|
|
IN void __RPC_FAR * Arg,
|
|
IN unsigned long AuthenticationService,
|
|
IN unsigned long AuthenticationLevel,
|
|
IN RPC_CHAR __RPC_FAR * Principal,
|
|
IN OUT SECURITY_CREDENTIALS ** SecurityCredentials
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
The method is used to find cached server credentials for use by the
|
|
server.
|
|
|
|
Arguments:
|
|
|
|
AuthenticationService - Supplies the authentication service to be used
|
|
(for the credentials and for the context).
|
|
|
|
AuthenticationLevel - Supplies the authentication level to be used by
|
|
these credentials. It will already have been mapped by the protocol
|
|
module into the final level.
|
|
|
|
SecurityCredentials - TBS
|
|
|
|
RpcStatus - Returns the status of the operation. It will be one of the
|
|
following values.
|
|
|
|
RPC_S_OK - The return value from this routine is the index of
|
|
the appropriate security package.
|
|
|
|
RPC_S_UNKNOWN_AUTHN_SERVICE - The specified authentication service is
|
|
not supported by the current configuration.
|
|
|
|
RPC_S_UNKNOWN_AUTHN_LEVEL - The specified authentication level is not
|
|
supported by the requested authentication service.
|
|
|
|
Return Value:
|
|
|
|
If RpcStatus contains RPC_S_OK, then valid credentials are passed
|
|
back.
|
|
|
|
--*/
|
|
{
|
|
|
|
SECURITY_STATUS SecurityStatus;
|
|
TimeStamp TimeStamp;
|
|
RPC_STATUS RpcStatus, CredStatus = RPC_S_OK;
|
|
PSecurityFunctionTable RpcSecurityInterface;
|
|
SECURITY_PACKAGE_INFO *pPackageInfo = 0;
|
|
SECURITY_CREDENTIALS *pSecCredentials = 0;
|
|
CredHandle tmpCredHandle;
|
|
unsigned int ProviderIndex;
|
|
unsigned int PackageIndex;
|
|
|
|
//
|
|
// NULL out the OUT parameters.
|
|
//
|
|
*SecurityCredentials = NULL;
|
|
|
|
//
|
|
// Find the right security package
|
|
//
|
|
RpcStatus = FindSecurityPackage(
|
|
AuthenticationService,
|
|
AuthenticationLevel,
|
|
&ProviderIndex,
|
|
&PackageIndex
|
|
);
|
|
if (RpcStatus != RPC_S_OK)
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
RpcStatus,
|
|
EEInfoDLFindServerCredentials10,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
return (RpcStatus);
|
|
}
|
|
|
|
//
|
|
// Now, get the server-credentials for this security package.
|
|
//
|
|
pPackageInfo = &(ProviderList[ProviderIndex].
|
|
SecurityPackages[PackageIndex]
|
|
);
|
|
|
|
|
|
// Protect the access
|
|
SecurityCritSect->Request();
|
|
|
|
//
|
|
// Check to see if credentials have already been acquired for this
|
|
// package. If yes, return them.
|
|
//
|
|
if (pPackageInfo->ServerSecurityCredentials)
|
|
{
|
|
*SecurityCredentials = pPackageInfo->ServerSecurityCredentials;
|
|
// Add a reference for the caller.
|
|
pPackageInfo->ServerSecurityCredentials->ReferenceCredentials();
|
|
SecurityCritSect->Clear();
|
|
return (RPC_S_OK);
|
|
}
|
|
|
|
//
|
|
// Allocate a new set of credentials. Ref count is 1, if successful.
|
|
//
|
|
pSecCredentials = new SECURITY_CREDENTIALS(&CredStatus);
|
|
if (pSecCredentials == NULL)
|
|
{
|
|
SecurityCritSect->Clear();
|
|
return (RPC_S_OUT_OF_MEMORY);
|
|
}
|
|
if (CredStatus != RPC_S_OK)
|
|
{
|
|
delete pSecCredentials;
|
|
SecurityCritSect->Clear();
|
|
return (CredStatus);
|
|
}
|
|
|
|
//
|
|
// This is the first time Credentials are being acquired for this
|
|
// package. Acquire them now.
|
|
//
|
|
RpcSecurityInterface = ProviderList[ProviderIndex].RpcSecurityInterface;
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->AcquireCredentialsHandle)(
|
|
(SEC_TCHAR __SEC_FAR *) Principal,
|
|
pPackageInfo->PackageInfo.Name,
|
|
SECPKG_CRED_INBOUND,
|
|
0,
|
|
Arg,
|
|
(SEC_GET_KEY_FN) GetKeyFn,
|
|
Arg,
|
|
&(pSecCredentials->CredentialsHandle),
|
|
&TimeStamp
|
|
);
|
|
|
|
if (SecurityStatus != SEC_E_OK)
|
|
{
|
|
SetExtendedError(SecurityStatus);
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLFindServerCredentials20,
|
|
Principal,
|
|
pPackageInfo->PackageInfo.Name);
|
|
|
|
SecurityCritSect->Clear();
|
|
delete pSecCredentials;
|
|
|
|
switch (SecurityStatus)
|
|
{
|
|
case SEC_E_INSUFFICIENT_MEMORY:
|
|
RpcStatus = RPC_S_OUT_OF_MEMORY;
|
|
break;
|
|
|
|
case SEC_E_SHUTDOWN_IN_PROGRESS:
|
|
RpcStatus = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
break;
|
|
|
|
case SEC_E_SECPKG_NOT_FOUND:
|
|
RpcStatus = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
break;
|
|
|
|
case SEC_E_NO_SPM:
|
|
RpcStatus = RPC_S_SEC_PKG_ERROR;
|
|
break;
|
|
|
|
default:
|
|
{
|
|
#if DBG
|
|
if ((SecurityStatus != SEC_E_NO_CREDENTIALS) &&
|
|
(SecurityStatus != SEC_E_UNKNOWN_CREDENTIALS))
|
|
{
|
|
PrintToDebugger("RPC SEC: AcquireCredentialsForServer "
|
|
"Returned 0x%x\n", SecurityStatus);
|
|
}
|
|
#endif
|
|
RpcStatus = RPC_S_INVALID_AUTH_IDENTITY;
|
|
}
|
|
} // end of switch
|
|
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
RpcStatus,
|
|
EEInfoDLFindServerCredentials30,
|
|
SecurityStatus);
|
|
|
|
return RpcStatus;
|
|
}
|
|
|
|
//
|
|
// Setup the new Credentials.
|
|
//
|
|
pSecCredentials->Valid = TRUE;
|
|
pSecCredentials->bServerCredentials = TRUE;
|
|
pSecCredentials->AuthenticationService = AuthenticationService;
|
|
pSecCredentials->ProviderIndex = ProviderIndex;
|
|
pSecCredentials->PackageIndex = PackageIndex;
|
|
|
|
//
|
|
// Cache the new credentials.
|
|
//
|
|
pPackageInfo->ServerSecurityCredentials = pSecCredentials;
|
|
|
|
// Add a reference for the Cache.
|
|
pPackageInfo->ServerSecurityCredentials->ReferenceCredentials();
|
|
|
|
*SecurityCredentials = pSecCredentials;
|
|
|
|
SecurityCritSect->Clear();
|
|
|
|
return (RPC_S_OK);
|
|
}
|
|
|
|
|
|
|
|
|
|
RPC_STATUS
|
|
RemoveCredentialsFromCache (
|
|
IN unsigned long AuthenticationService
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
An RPC server can call RpcRegisterAuthInfo() a second time on the same
|
|
Authentication Service to update the GetKeyFunction and Arg values.
|
|
In this case, we need to flush our credentials cache so that when
|
|
the server tries to acquires credentials again, the credentials can
|
|
be acquired using the new values.
|
|
|
|
Arguments:
|
|
|
|
AuthenticationService - Supplies the authentication service to be used
|
|
(for the credentials and for the context).
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK, If Cache has been successfully flushed.
|
|
Return Value from FindSecurityPackage(), if not
|
|
|
|
--*/
|
|
{
|
|
unsigned int ProviderIndex;
|
|
unsigned int PackageIndex;
|
|
SECURITY_PACKAGE_INFO *pPackageInfo = 0;
|
|
RPC_STATUS RpcStatus;
|
|
|
|
//
|
|
// First, find the right security package
|
|
//
|
|
RpcStatus = FindSecurityPackage(
|
|
AuthenticationService,
|
|
RPC_C_AUTHN_LEVEL_DEFAULT, // Doesn't matter
|
|
&ProviderIndex,
|
|
&PackageIndex
|
|
);
|
|
|
|
ASSERT(RpcStatus == RPC_S_OK);
|
|
|
|
if (RpcStatus != RPC_S_OK)
|
|
{
|
|
return (RpcStatus);
|
|
}
|
|
|
|
pPackageInfo = &(ProviderList[ProviderIndex].SecurityPackages[PackageIndex]);
|
|
|
|
//
|
|
// Flush the credentials.
|
|
//
|
|
SecurityCritSect->Request();
|
|
|
|
if (pPackageInfo->ServerSecurityCredentials)
|
|
{
|
|
// Remove the reference maintained by the cache.
|
|
pPackageInfo->ServerSecurityCredentials->DereferenceCredentials(TRUE);
|
|
pPackageInfo->ServerSecurityCredentials = NULL;
|
|
}
|
|
|
|
SecurityCritSect->Clear();
|
|
|
|
return (RPC_S_OK);
|
|
}
|
|
|
|
|
|
#define INVALID_INDEX 0xFFFF
|
|
|
|
|
|
SECURITY_CREDENTIALS::SECURITY_CREDENTIALS (
|
|
IN OUT RPC_STATUS PAPI * Status
|
|
) : CredentialsMutex(Status)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
We need this here to keep the compiler happy.
|
|
|
|
--*/
|
|
{
|
|
DefaultPrincName = NULL;
|
|
|
|
ReferenceCount = 1;
|
|
Valid = FALSE;
|
|
|
|
bServerCredentials = FALSE;
|
|
fDeleted = FALSE;
|
|
|
|
// Initialize to invalid values.
|
|
ProviderIndex = INVALID_INDEX;
|
|
PackageIndex = INVALID_INDEX;
|
|
}
|
|
|
|
SECURITY_CREDENTIALS::~SECURITY_CREDENTIALS (
|
|
)
|
|
{
|
|
PSecurityFunctionTable RpcSecurityInterface;
|
|
|
|
if (DefaultPrincName != NULL)
|
|
{
|
|
RpcSecurityInterface = InquireProviderFunctionTable();
|
|
|
|
ASSERT(RpcSecurityInterface != NULL);
|
|
|
|
(*RpcSecurityInterface->FreeContextBuffer)(DefaultPrincName);
|
|
}
|
|
}
|
|
|
|
|
|
|
|
void
|
|
SECURITY_CREDENTIALS::ReferenceCredentials(
|
|
)
|
|
{
|
|
|
|
CredentialsMutex.Request();
|
|
ReferenceCount++;
|
|
CredentialsMutex.Clear();
|
|
|
|
}
|
|
|
|
|
|
void
|
|
SECURITY_CREDENTIALS::DereferenceCredentials(
|
|
BOOL fRemoveIt OPTIONAL
|
|
)
|
|
{
|
|
CredentialsMutex.Request();
|
|
ReferenceCount--;
|
|
|
|
ASSERT(((long)ReferenceCount) >= 0);
|
|
|
|
if (fRemoveIt)
|
|
{
|
|
fDeleted = TRUE;
|
|
}
|
|
|
|
if (ReferenceCount == 0)
|
|
{
|
|
//
|
|
// Server side SCENARIOS when (ReferenceCount == 0)
|
|
//
|
|
// a. RemoveCredentialsFromCache() removes the extra reference
|
|
// held by the cache. It does so holding the cache Mutex ie.,
|
|
// SecurityCritSect. So, no other thread can get a reference
|
|
// on the credentials in the cache.
|
|
//
|
|
// b. DereferenceCredentials() has been called by one of the
|
|
// threads possessing the cached credentials AND the cache
|
|
// has already removed it's reference. Cache will remove it's
|
|
// reference only when it removes this credential from the
|
|
// cache. This implies no other thread could have gotten a
|
|
// reference on the credentials in the cache, in the meantime.
|
|
//
|
|
// These two imply that ReferenceCount cannot change here. Also,
|
|
// in case (a), credentials will soon be removed from the cache.
|
|
// In case (b), credentials have already been removed.
|
|
//
|
|
|
|
if (bServerCredentials)
|
|
{
|
|
ASSERT(fDeleted);
|
|
}
|
|
|
|
CredentialsMutex.Clear();
|
|
FreeCredentials();
|
|
delete this;
|
|
} // if (ReferenceCount == 0)
|
|
else
|
|
{
|
|
CredentialsMutex.Clear();
|
|
}
|
|
}
|
|
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CREDENTIALS::AcquireCredentialsForClient (
|
|
IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity,
|
|
IN unsigned long AuthenticationService,
|
|
IN unsigned long AuthenticationLevel
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
We need to use this method in order to acquire security credentials. We
|
|
need the security credentials so that we (as a client) can initialize
|
|
a security context with a server. This method, with
|
|
SECURITY_CREDENTIALS::FreeCredentials may cache security credentials,
|
|
but that is transparent to clients of this class.
|
|
|
|
Arguments:
|
|
|
|
AuthIdentity - Supplies the security identity for which we wish to obtain
|
|
credentials. If this argument is not supplied, then we use the
|
|
security identity of this process.
|
|
|
|
AuthenticationService - Supplies the authentication service to be used
|
|
(for the credentials and for the context).
|
|
|
|
AuthenticationLevel - Supplies the authentication level to be used by
|
|
these credentials. It will already have been mapped by the protocol
|
|
module into the final level.
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - We now have security credentials for the requested
|
|
authentication service.
|
|
|
|
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to perform the
|
|
operation.
|
|
|
|
RPC_S_UNKNOWN_AUTHN_SERVICE - The specified authentication service is
|
|
not supported by the current configuration.
|
|
|
|
RPC_S_INVALID_AUTH_IDENTITY - The specified identity is not known to
|
|
the requested authentication service.
|
|
|
|
RPC_S_UNKNOWN_AUTHN_LEVEL - The specified authentication level is not
|
|
supported by the requested authentication service.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
TimeStamp TimeStamp;
|
|
RPC_STATUS RpcStatus;
|
|
PSecurityFunctionTable RpcSecurityInterface;
|
|
|
|
unsigned Flags = SCH_CRED_USE_DEFAULT_CREDS;
|
|
|
|
RpcStatus = FindSecurityPackage(
|
|
AuthenticationService,
|
|
AuthenticationLevel,
|
|
&ProviderIndex,
|
|
&PackageIndex
|
|
);
|
|
|
|
if ( RpcStatus != RPC_S_OK )
|
|
{
|
|
RpcpErrorAddRecord(EEInfoGCRuntime,
|
|
RpcStatus,
|
|
EEInfoDLAcquireCredentialsForClient20,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
return(RpcStatus);
|
|
}
|
|
|
|
RpcSecurityInterface = ProviderList[ProviderIndex].RpcSecurityInterface;
|
|
|
|
if (AuthIdentity == RPC_C_NO_CREDENTIALS)
|
|
{
|
|
Flags = 0;
|
|
AuthIdentity = 0;
|
|
}
|
|
|
|
//
|
|
// RPC does its own name checking using msstd or fullsic names.
|
|
// This requires the ability to disable schannel's name checking,
|
|
// a feature available only with credentials version-4 or better.
|
|
//
|
|
#define MINIMUM_SCHANNEL_CRED_VERSION 4
|
|
|
|
if (AuthenticationService == RPC_C_AUTHN_GSS_SCHANNEL &&
|
|
AuthIdentity != NULL)
|
|
{
|
|
SCHANNEL_CRED * cred = (SCHANNEL_CRED *) AuthIdentity;
|
|
|
|
Flags |= SCH_CRED_NO_SERVERNAME_CHECK;
|
|
|
|
if (cred->dwVersion < MINIMUM_SCHANNEL_CRED_VERSION)
|
|
{
|
|
RpcpErrorAddRecord(EEInfoGCRuntime,
|
|
ERROR_INVALID_PARAMETER,
|
|
EEInfoDLAcquireCredentialsForClient30,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
return RPC_S_INVALID_AUTH_IDENTITY;
|
|
}
|
|
|
|
cred->dwFlags |= Flags;
|
|
}
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->AcquireCredentialsHandle)(
|
|
0,
|
|
ProviderList[ProviderIndex].SecurityPackages[PackageIndex].PackageInfo.Name,
|
|
SECPKG_CRED_OUTBOUND,
|
|
0,
|
|
AuthIdentity, 0, 0, &CredentialsHandle, &TimeStamp);
|
|
|
|
if ( SecurityStatus != SEC_E_OK )
|
|
{
|
|
RpcpErrorAddRecord(EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLAcquireCredentialsForClient10,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
}
|
|
|
|
if (SecurityStatus != SEC_E_OK)
|
|
{
|
|
if ( SecurityStatus == SEC_E_INSUFFICIENT_MEMORY )
|
|
{
|
|
RpcStatus = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_SECPKG_NOT_FOUND )
|
|
{
|
|
RpcStatus = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
RpcStatus = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_NO_SPM)
|
|
{
|
|
RpcStatus = RPC_S_SEC_PKG_ERROR;
|
|
}
|
|
else
|
|
{
|
|
|
|
VALIDATE(SecurityStatus)
|
|
{
|
|
SEC_E_NO_CREDENTIALS,
|
|
SEC_E_UNKNOWN_CREDENTIALS,
|
|
SEC_E_NO_AUTHENTICATING_AUTHORITY,
|
|
SEC_E_INVALID_TOKEN
|
|
}
|
|
END_VALIDATE;
|
|
|
|
RpcStatus = RPC_S_INVALID_AUTH_IDENTITY;
|
|
}
|
|
|
|
RpcpErrorAddRecord(EEInfoGCRuntime,
|
|
RpcStatus,
|
|
EEInfoDLAcquireCredentialsForClient30,
|
|
SecurityStatus);
|
|
|
|
return RpcStatus;
|
|
}
|
|
|
|
this->AuthenticationService = AuthenticationService;
|
|
Valid = TRUE;
|
|
return(RPC_S_OK);
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CREDENTIALS::InquireDefaultPrincName(
|
|
OUT SEC_CHAR __SEC_FAR **MyDefaultPrincName
|
|
)
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
SecPkgCredentials_NamesA CredentialsNames;
|
|
PSecurityFunctionTable RpcSecurityInterface;
|
|
RPC_STATUS Status;
|
|
|
|
if (DefaultPrincName == NULL)
|
|
{
|
|
RpcSecurityInterface = InquireProviderFunctionTable();
|
|
if (RpcSecurityInterface == NULL) {
|
|
return (RPC_S_OUT_OF_MEMORY);
|
|
}
|
|
if (RpcSecurityInterface->QueryCredentialsAttributes == NULL) {
|
|
return (RPC_S_CANNOT_SUPPORT);
|
|
}
|
|
SecurityStatus = (*RpcSecurityInterface->QueryCredentialsAttributes)(
|
|
InquireCredHandle(), SECPKG_CRED_ATTR_NAMES, &CredentialsNames);
|
|
|
|
if (SecurityStatus != SEC_E_OK)
|
|
{
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLInquireDefaultPrincName10,
|
|
AuthenticationService);
|
|
|
|
if (SecurityStatus == SEC_E_INSUFFICIENT_MEMORY)
|
|
{
|
|
Status = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
Status = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
else
|
|
{
|
|
Status = RPC_S_SEC_PKG_ERROR;
|
|
}
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
Status,
|
|
EEInfoDLInquireDefaultPrincName20,
|
|
SecurityStatus);
|
|
|
|
return Status;
|
|
}
|
|
|
|
if (CredentialsNames.sUserName == NULL)
|
|
{
|
|
return RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
|
|
DefaultPrincName = CredentialsNames.sUserName;
|
|
}
|
|
|
|
*MyDefaultPrincName = DefaultPrincName;
|
|
|
|
return (RPC_S_OK);
|
|
}
|
|
|
|
|
|
|
|
void
|
|
SECURITY_CREDENTIALS::FreeCredentials (
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
When we are done using the credentials, we call this routine to free
|
|
them.
|
|
|
|
--*/
|
|
{
|
|
if (Valid)
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
|
|
PSecurityFunctionTable RpcSecurityInterface
|
|
= ProviderList[ProviderIndex].RpcSecurityInterface;
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->FreeCredentialHandle)(
|
|
&CredentialsHandle);
|
|
ASSERT( SecurityStatus == SEC_E_OK ||
|
|
SecurityStatus == SEC_E_SECPKG_NOT_FOUND ||
|
|
SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS );
|
|
}
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::SetMaximumLengths (
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine initializes the maximum header length and maximum signature
|
|
length fields of this object.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
SecPkgContext_Sizes ContextSizes;
|
|
RPC_STATUS Status;
|
|
|
|
if (FailedContext != 0)
|
|
{
|
|
// We cheat if 3rd Leg Failed as we dont really have a true Context
|
|
// Provider is going to really complain if we call QueryContextAttr()
|
|
// .. we get around that by picking large values.
|
|
// The rest of the code prevents these values to be really used
|
|
// We do this because we do not want to block 3rd Leg, rather fail the
|
|
// first request!
|
|
|
|
MaxSignatureLength = 256;
|
|
MaxHeaderLength = 256;
|
|
cbBlockSize = 64;
|
|
return RPC_S_OK;
|
|
}
|
|
|
|
ASSERT( FullyConstructed() );
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext, SECPKG_ATTR_SIZES, &ContextSizes);
|
|
|
|
if (SecurityStatus != SEC_E_OK)
|
|
{
|
|
#ifdef DEBUGRPC
|
|
PrintToDebugger("RPC: secclnt.cxx: QueryContextAttributes returned: %lx\n",
|
|
SecurityStatus);
|
|
#endif
|
|
Status = GetLastError();
|
|
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
RPC_S_OUT_OF_MEMORY,
|
|
EEInfoDLSetMaximumLengths10,
|
|
SecurityStatus,
|
|
Status,
|
|
AuthenticationService,
|
|
(ULONGLONG)&SecurityContext
|
|
);
|
|
|
|
return RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
|
|
MaxSignatureLength = (unsigned int) ContextSizes.cbMaxSignature;
|
|
MaxHeaderLength = (unsigned int) ContextSizes.cbSecurityTrailer;
|
|
cbBlockSize = (unsigned int) ContextSizes.cbBlockSize;
|
|
|
|
ASSERT(ContextSizes.cbBlockSize <= MAXIMUM_SECURITY_BLOCK_SIZE );
|
|
|
|
return RPC_S_OK;
|
|
}
|
|
|
|
|
|
SECURITY_CONTEXT::SECURITY_CONTEXT (
|
|
CLIENT_AUTH_INFO *myAuthInfo,
|
|
unsigned myAuthContextId,
|
|
BOOL fUseDatagram,
|
|
RPC_STATUS __RPC_FAR * pStatus
|
|
)
|
|
: CLIENT_AUTH_INFO (myAuthInfo, pStatus),
|
|
AuthContextId (myAuthContextId),
|
|
fDatagram ((boolean) fUseDatagram),
|
|
fFullyConstructed (FALSE),
|
|
Legs (LegsUnknown),
|
|
ContextAttributes (0)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
We need to set the flag indicating that there is no security context
|
|
to be deleted.
|
|
|
|
--*/
|
|
{
|
|
ASSERT( AuthenticationLevel != 0 );
|
|
|
|
DontForgetToDelete = 0;
|
|
FailedContext = 0;
|
|
FailedContextEEInfo = NULL;
|
|
AuthzClientContext = NULL;
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::CompleteSecurityToken (
|
|
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
|
|
)
|
|
/*++
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
RPC_STATUS Status;
|
|
|
|
ASSERT( ( SecuritySupportLoaded != 0 )
|
|
&& ( FailedToLoad == 0 ) );
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->CompleteAuthToken)(
|
|
&SecurityContext, BufferDescriptor);
|
|
if (SecurityStatus == SEC_E_OK)
|
|
{
|
|
return (RPC_S_OK);
|
|
}
|
|
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLCompleteSecurityToken10,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
if ( (SecurityStatus == SEC_E_NO_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_LOGON_DENIED)
|
|
|| (SecurityStatus == SEC_E_INVALID_TOKEN)
|
|
|| (SecurityStatus == SEC_E_UNKNOWN_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_WRONG_PRINCIPAL)
|
|
|| (SecurityStatus == SEC_E_TIME_SKEW))
|
|
{
|
|
Status = RPC_S_ACCESS_DENIED;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_INSUFFICIENT_MEMORY )
|
|
{
|
|
Status = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
Status = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
else
|
|
{
|
|
#if DBG
|
|
PrintToDebugger("RPC: CompleteSecurityContext Returned %lx\n",
|
|
SecurityStatus);
|
|
#endif
|
|
Status = RPC_S_SEC_PKG_ERROR;
|
|
}
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
Status,
|
|
EEInfoDLCompleteSecurityToken20,
|
|
SecurityStatus);
|
|
return Status;
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::SignOrSeal (
|
|
IN unsigned long Sequence,
|
|
IN unsigned int SignNotSealFlag,
|
|
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
A protocol module will use this routine to prepare a message to be
|
|
sent so that it can be verified that the message has not been tampered
|
|
with, and that it has not been exchanged out of sequence. The sender
|
|
will use this routine to prepare the message; the receiver will use
|
|
SECURITY_CONTEXT::VerifyOrUnseal to verify the message. Typically,
|
|
the security package will generate a cryptographic checksum of the
|
|
message and include sequencing information.
|
|
|
|
Arguments:
|
|
|
|
SignNotSealFlag - Supplies a flag indicating that MakeSignature should
|
|
be called rather than SealMessage.
|
|
|
|
BufferDescriptor - Supplies the message to to signed or sealed and returns
|
|
the resulting message (after being signed or sealed).
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - This routine will always succeed.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
SEAL_MESSAGE_FN SealMessage;
|
|
|
|
{
|
|
DWORD Status = 0;
|
|
|
|
CallTestHook( TH_SECURITY_FN_SIGN, this, &Status );
|
|
|
|
if (Status)
|
|
{
|
|
return Status;
|
|
}
|
|
}
|
|
|
|
if ( SignNotSealFlag == 0 )
|
|
{
|
|
SealMessage = (SEAL_MESSAGE_FN) RpcSecurityInterface->Reserved3;
|
|
SecurityStatus = (*SealMessage)(&SecurityContext,
|
|
0, BufferDescriptor, Sequence);
|
|
}
|
|
else
|
|
{
|
|
SecurityStatus = (*RpcSecurityInterface->MakeSignature)(
|
|
&SecurityContext, 0, BufferDescriptor, Sequence);
|
|
}
|
|
|
|
#if DBG
|
|
if ( (SecurityStatus != SEC_E_OK)
|
|
&&(SecurityStatus != SEC_E_CONTEXT_EXPIRED)
|
|
&&(SecurityStatus != SEC_E_QOP_NOT_SUPPORTED) )
|
|
{
|
|
PrintToDebugger("Sign/Seal Returned [%lx]\n", SecurityStatus);
|
|
}
|
|
#endif
|
|
|
|
if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
SecurityStatus = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
|
|
if (SecurityStatus != SEC_E_OK)
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLSignOrSeal10,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
}
|
|
|
|
return(SecurityStatus);
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::VerifyOrUnseal (
|
|
IN unsigned long Sequence,
|
|
IN unsigned int VerifyNotUnsealFlag,
|
|
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine works with SECURITY_CONTEXT::SignOrSeal. A sender will
|
|
prepare a message using SignOrSeal, and then the receiver will use
|
|
this routine to verify that the message has not been tampered with, and
|
|
that it has not been exchanged out of sequence.
|
|
|
|
Arguments:
|
|
|
|
VerifyNotUnsealFlag - Supplies a flag indicating that VerifySignature
|
|
should be called rather than UnsealMessage.
|
|
|
|
BufferDescriptor - Supplies the message to be verified or unsealed.
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - The message has not been tampered with, and it is from the
|
|
expected client.
|
|
|
|
RPC_S_ACCESS_DENIED - A security violation occured.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
unsigned long QualityOfProtection;
|
|
UNSEAL_MESSAGE_FN UnsealMessage;
|
|
|
|
{
|
|
DWORD Status = 0;
|
|
|
|
CallTestHook( TH_SECURITY_FN_VERIFY, this, &Status );
|
|
|
|
if (Status)
|
|
{
|
|
return Status;
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the context had failed previously..
|
|
// Just go ahead and return an error..
|
|
// This is only for connetion-oriented RPC.
|
|
//
|
|
if (FailedContext != 0 || !FullyConstructed() )
|
|
{
|
|
RpcpSetEEInfo(FailedContextEEInfo);
|
|
FailedContextEEInfo = NULL;
|
|
SetLastError(FailedContext);
|
|
|
|
if ((FailedContext == ERROR_PASSWORD_MUST_CHANGE)
|
|
|| (FailedContext == ERROR_PASSWORD_EXPIRED)
|
|
|| (FailedContext == ERROR_ACCOUNT_DISABLED)
|
|
|| (FailedContext == ERROR_INVALID_LOGON_HOURS))
|
|
{
|
|
return FailedContext;
|
|
}
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
RPC_S_ACCESS_DENIED,
|
|
EEInfoDLVerifyOrUnseal20,
|
|
FailedContext);
|
|
|
|
return (RPC_S_ACCESS_DENIED);
|
|
}
|
|
|
|
if ( VerifyNotUnsealFlag == 0 )
|
|
{
|
|
UnsealMessage = (UNSEAL_MESSAGE_FN) RpcSecurityInterface->Reserved4;
|
|
SecurityStatus = (*UnsealMessage)(
|
|
&SecurityContext, BufferDescriptor, Sequence,
|
|
&QualityOfProtection);
|
|
}
|
|
else
|
|
{
|
|
SecurityStatus = (*RpcSecurityInterface->VerifySignature)(
|
|
&SecurityContext, BufferDescriptor, Sequence,
|
|
&QualityOfProtection);
|
|
}
|
|
|
|
if ( SecurityStatus != SEC_E_OK )
|
|
{
|
|
|
|
#if DBG
|
|
if ((SecurityStatus != SEC_E_MESSAGE_ALTERED)
|
|
&&(SecurityStatus != SEC_E_OUT_OF_SEQUENCE)
|
|
&&(SecurityStatus != SEC_E_SECPKG_NOT_FOUND)) // on system shutdown, if the security
|
|
{ // package is already uninitialized, we may get this error
|
|
PrintToDebugger("Verify/UnSeal Returned Unexp. Code [%lx]\n",
|
|
SecurityStatus);
|
|
}
|
|
#endif
|
|
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
SecurityStatus = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
RPC_S_ACCESS_DENIED,
|
|
EEInfoDLVerifyOrUnseal10,
|
|
SecurityStatus,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
ASSERT( (SecurityStatus == SEC_E_MESSAGE_ALTERED) ||
|
|
(SecurityStatus == SEC_E_OUT_OF_SEQUENCE) ||
|
|
(SecurityStatus == SEC_E_SECPKG_NOT_FOUND) );
|
|
SetLastError(RPC_S_ACCESS_DENIED);
|
|
|
|
return(RPC_S_ACCESS_DENIED);
|
|
}
|
|
return(RPC_S_OK);
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::InitializeFirstTime (
|
|
IN SECURITY_CREDENTIALS * Credentials,
|
|
IN RPC_CHAR * ServerPrincipalName,
|
|
IN unsigned long AuthenticationLevel,
|
|
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor,
|
|
IN OUT unsigned char *NewAuthType
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Arguments:
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - Send the token to the server; everything worked fine so
|
|
far.
|
|
|
|
RPC_P_CONTINUE_NEEDED - Indicates that that everything is ok, but that
|
|
we need to call into the security package again when we have
|
|
received a token back from the server.
|
|
|
|
RPC_P_COMPLETE_NEEDED - Indicates that everyting is ok, but that we
|
|
need to call CompleteAuthToken before sending the message.
|
|
|
|
RPC_P_COMPLETE_AND_CONTINUE - Needs both a complete and a continue.
|
|
|
|
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to perform the
|
|
operation.
|
|
|
|
RPC_S_ACCESS_DENIED - Access is denied.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
TimeStamp TimeStamp;
|
|
unsigned long ContextRequirements;
|
|
RPC_STATUS Status;
|
|
RPC_STATUS Status2;
|
|
unsigned char RetrievedAuthType;
|
|
BOOL fDone;
|
|
|
|
ASSERT( ( SecuritySupportLoaded != 0 )
|
|
&& ( FailedToLoad == 0 ) );
|
|
|
|
RpcSecurityInterface = Credentials->InquireProviderFunctionTable();
|
|
|
|
switch ( AuthenticationLevel )
|
|
{
|
|
case RPC_C_AUTHN_LEVEL_CONNECT :
|
|
ContextRequirements = 0;
|
|
break;
|
|
|
|
case RPC_C_AUTHN_LEVEL_PKT :
|
|
ContextRequirements = ISC_REQ_REPLAY_DETECT;
|
|
break;
|
|
|
|
case RPC_C_AUTHN_LEVEL_PKT_INTEGRITY :
|
|
ContextRequirements = ISC_REQ_REPLAY_DETECT
|
|
| ISC_REQ_SEQUENCE_DETECT
|
|
| ISC_REQ_INTEGRITY;
|
|
break;
|
|
|
|
case RPC_C_AUTHN_LEVEL_PKT_PRIVACY :
|
|
ContextRequirements = ISC_REQ_REPLAY_DETECT
|
|
| ISC_REQ_SEQUENCE_DETECT
|
|
| ISC_REQ_CONFIDENTIALITY
|
|
| ISC_REQ_INTEGRITY;
|
|
break;
|
|
|
|
default :
|
|
ASSERT( ( AuthenticationLevel == RPC_C_AUTHN_LEVEL_CONNECT )
|
|
|| ( AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT )
|
|
|| ( AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY )
|
|
|| ( AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY ) );
|
|
return RPC_S_INTERNAL_ERROR;
|
|
}
|
|
|
|
|
|
if (fDatagram)
|
|
{
|
|
ContextRequirements |= ISC_REQ_DATAGRAM;
|
|
}
|
|
else
|
|
{
|
|
ContextRequirements |= ISC_REQ_CONNECTION;
|
|
}
|
|
|
|
switch(ImpersonationType)
|
|
{
|
|
case RPC_C_IMP_LEVEL_IDENTIFY:
|
|
ContextRequirements |= ISC_REQ_IDENTIFY;
|
|
break;
|
|
|
|
case RPC_C_IMP_LEVEL_IMPERSONATE:
|
|
break;
|
|
|
|
case RPC_C_IMP_LEVEL_DELEGATE:
|
|
ContextRequirements |= ISC_REQ_DELEGATE;
|
|
break;
|
|
|
|
default:
|
|
ASSERT( ImpersonationType == RPC_C_IMP_LEVEL_ANONYMOUS
|
|
|| ImpersonationType == RPC_C_IMP_LEVEL_IDENTIFY
|
|
|| ImpersonationType == RPC_C_IMP_LEVEL_IMPERSONATE
|
|
|| ImpersonationType == RPC_C_IMP_LEVEL_DELEGATE );
|
|
ContextRequirements |= ISC_REQ_IDENTIFY;
|
|
break;
|
|
}
|
|
|
|
if (Capabilities == RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH)
|
|
{
|
|
ContextRequirements |= ISC_REQ_MUTUAL_AUTH;
|
|
}
|
|
|
|
if (Credentials->AuthenticationService == RPC_C_AUTHN_GSS_SCHANNEL)
|
|
{
|
|
#if MANUAL_CERT_CHECK
|
|
ContextRequirements |= ISC_REQ_MANUAL_CRED_VALIDATION;
|
|
#endif
|
|
}
|
|
else
|
|
{
|
|
ContextRequirements |= ISC_REQ_USE_DCE_STYLE;
|
|
}
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->InitializeSecurityContext)(
|
|
Credentials->InquireCredHandle(),
|
|
0,
|
|
(SEC_TCHAR __SEC_FAR *) ServerPrincipalName,
|
|
ContextRequirements,
|
|
0,
|
|
0,
|
|
(fDatagram ? BufferDescriptor : 0),
|
|
0,
|
|
&SecurityContext,
|
|
(fDatagram ? 0 : BufferDescriptor),
|
|
&ContextAttributes,
|
|
&TimeStamp
|
|
);
|
|
|
|
if ( ( SecurityStatus != SEC_E_OK )
|
|
&& ( SecurityStatus != SEC_I_CONTINUE_NEEDED )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_NEEDED )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_AND_CONTINUE ) )
|
|
{
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLInitializeFirstTime10,
|
|
AuthenticationService,
|
|
AuthenticationLevel,
|
|
ServerPrincipalName,
|
|
ContextRequirements);
|
|
|
|
if ((SecurityStatus == SEC_E_NO_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_LOGON_DENIED)
|
|
|| (SecurityStatus == SEC_E_INVALID_TOKEN)
|
|
|| (SecurityStatus == SEC_E_UNKNOWN_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_NO_KERB_KEY)
|
|
|| (SecurityStatus == SEC_E_TIME_SKEW) )
|
|
{
|
|
Status = RPC_S_ACCESS_DENIED;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
Status = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
else if (SecurityStatus == SEC_E_SECPKG_NOT_FOUND)
|
|
{
|
|
Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_INSUFFICIENT_MEMORY )
|
|
{
|
|
Status = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
else
|
|
{
|
|
#if DBG
|
|
PrintToDebugger("RPC: InitializeFirstTime Returned %lx\n", SecurityStatus);
|
|
#endif
|
|
//
|
|
// Originally the default for all providers was SEC_PKG_ERROR. This seems less
|
|
// helpful than ACCESS_DENIED, but we can't change it for NTLM and Kerberos because
|
|
// it might break old app code.
|
|
//
|
|
// SCHANNEL is new, so we can return ACCESS_DENIED.
|
|
//
|
|
if (AuthenticationService == RPC_C_AUTHN_GSS_SCHANNEL)
|
|
{
|
|
Status = RPC_S_ACCESS_DENIED;
|
|
}
|
|
else
|
|
{
|
|
Status = RPC_S_SEC_PKG_ERROR;
|
|
}
|
|
}
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
Status,
|
|
EEInfoDLInitializeFirstTime20,
|
|
SecurityStatus);
|
|
|
|
return Status;
|
|
}
|
|
|
|
RetrievedAuthType = 0;
|
|
|
|
DontForgetToDelete = 1;
|
|
|
|
if (NewAuthType)
|
|
{
|
|
ASSERT(*NewAuthType == this->AuthenticationService);
|
|
|
|
if (*NewAuthType == RPC_C_AUTHN_GSS_NEGOTIATE)
|
|
{
|
|
SecPkgContext_NegotiationInfo NegoInfo;
|
|
SECURITY_STATUS Status;
|
|
|
|
Status = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext,
|
|
SECPKG_ATTR_NEGOTIATION_INFO,
|
|
&NegoInfo);
|
|
if (Status == SEC_E_OK)
|
|
{
|
|
if (NegoInfo.NegotiationState == SECPKG_NEGOTIATION_COMPLETE)
|
|
{
|
|
RetrievedAuthType = (unsigned char) NegoInfo.PackageInfo->wRPCID;
|
|
}
|
|
(*RpcSecurityInterface->FreeContextBuffer)(NegoInfo.PackageInfo);
|
|
}
|
|
else
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
RPC_S_OUT_OF_MEMORY,
|
|
EEInfoDLInitializeFirstTime30,
|
|
Status,
|
|
(ULONG)AuthenticationService,
|
|
AuthenticationLevel,
|
|
(ULONG)ContextRequirements);
|
|
|
|
return RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
}
|
|
}
|
|
|
|
Flags = ContextRequirements;
|
|
|
|
fDone = TRUE;
|
|
|
|
if ( SecurityStatus == SEC_I_CONTINUE_NEEDED )
|
|
{
|
|
if (!fDatagram)
|
|
{
|
|
fDone = FALSE;
|
|
}
|
|
Status = RPC_P_CONTINUE_NEEDED;
|
|
}
|
|
|
|
else if ( SecurityStatus == SEC_I_COMPLETE_NEEDED )
|
|
{
|
|
// Can't set the maximum lengths on a partly completed connection.
|
|
|
|
Status = RPC_P_COMPLETE_NEEDED;
|
|
}
|
|
else if ( SecurityStatus == SEC_I_COMPLETE_AND_CONTINUE )
|
|
{
|
|
if (!fDatagram)
|
|
{
|
|
fDone = FALSE;
|
|
}
|
|
Status = RPC_P_COMPLETE_AND_CONTINUE;
|
|
}
|
|
else
|
|
{
|
|
Status = RPC_S_OK;
|
|
}
|
|
|
|
if (fDone)
|
|
{
|
|
fFullyConstructed = TRUE;
|
|
|
|
Status2 = SetMaximumLengths();
|
|
if (Status2 != RPC_S_OK)
|
|
{
|
|
return Status2;
|
|
}
|
|
}
|
|
|
|
if (RetrievedAuthType)
|
|
*NewAuthType = RetrievedAuthType;
|
|
|
|
return(Status);
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::InitializeThirdLeg (
|
|
IN SECURITY_CREDENTIALS * Credentials,
|
|
IN unsigned long DataRepresentation,
|
|
IN SECURITY_BUFFER_DESCRIPTOR PAPI * InputBufferDescriptor,
|
|
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutputBufferDescriptor
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Arguments:
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - Send the token to the server; everything worked fine so
|
|
far.
|
|
|
|
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to perform the
|
|
operation.
|
|
|
|
RPC_S_ACCESS_DENIED - Access is denied.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
TimeStamp TimeStamp;
|
|
RPC_STATUS Status;
|
|
|
|
ASSERT( (SecuritySupportLoaded != 0)
|
|
&& (FailedToLoad == 0) );
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->InitializeSecurityContext)(
|
|
Credentials->InquireCredHandle(),
|
|
&SecurityContext,
|
|
0,
|
|
Flags,
|
|
0,
|
|
DataRepresentation,
|
|
InputBufferDescriptor,
|
|
0,
|
|
&SecurityContext,
|
|
OutputBufferDescriptor,
|
|
&ContextAttributes,
|
|
&TimeStamp
|
|
);
|
|
|
|
if ( ( SecurityStatus != SEC_E_OK )
|
|
&& ( SecurityStatus != SEC_I_CONTINUE_NEEDED )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_NEEDED )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_AND_CONTINUE ) )
|
|
{
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLInitializeThirdLeg10,
|
|
AuthenticationService,
|
|
AuthenticationLevel,
|
|
ContextAttributes);
|
|
|
|
if ( (SecurityStatus == SEC_E_NO_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_LOGON_DENIED)
|
|
|| (SecurityStatus == SEC_E_INVALID_TOKEN)
|
|
|| (SecurityStatus == SEC_E_UNKNOWN_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_NO_KERB_KEY)
|
|
|| (SecurityStatus == SEC_E_TIME_SKEW) )
|
|
{
|
|
Status = RPC_S_ACCESS_DENIED;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
Status = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
else if (SecurityStatus == SEC_E_SECPKG_NOT_FOUND)
|
|
{
|
|
Status = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_INSUFFICIENT_MEMORY )
|
|
{
|
|
Status = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
else
|
|
{
|
|
#if DBG
|
|
PrintToDebugger("RPC: InitializeThirdLeg Returned %lx\n",
|
|
SecurityStatus );
|
|
#endif
|
|
//
|
|
// Originally the default for all connection-oriented providers
|
|
// was SEC_PKG_ERROR. This seems less helpful than ACESS_DENIED,
|
|
// but we can't change it for NTLM and Kerberos because it might
|
|
// break old app code. SCHANNEL is new, so we can return ACCESS_DENIED.
|
|
//
|
|
// Datagram returns the bare error code.
|
|
//
|
|
if (AuthenticationService == RPC_C_AUTHN_GSS_SCHANNEL)
|
|
{
|
|
Status = RPC_S_ACCESS_DENIED;
|
|
}
|
|
else if (fDatagram)
|
|
{
|
|
// leave the error code alone
|
|
}
|
|
else
|
|
{
|
|
Status = RPC_S_SEC_PKG_ERROR;
|
|
}
|
|
}
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
Status,
|
|
EEInfoDLInitializeThirdLeg20,
|
|
SecurityStatus);
|
|
|
|
return Status;
|
|
}
|
|
|
|
if ( SecurityStatus == SEC_I_CONTINUE_NEEDED )
|
|
{
|
|
return(RPC_P_CONTINUE_NEEDED);
|
|
}
|
|
|
|
if ( SecurityStatus == SEC_I_COMPLETE_AND_CONTINUE )
|
|
{
|
|
return(RPC_P_COMPLETE_AND_CONTINUE);
|
|
}
|
|
|
|
ASSERT(SecurityStatus == SEC_E_OK
|
|
|| SecurityStatus == SEC_I_COMPLETE_NEEDED);
|
|
|
|
if ( (ImpersonationType == RPC_C_IMP_LEVEL_IDENTIFY) &&
|
|
(!(ContextAttributes & ISC_RET_IDENTIFY)) )
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
RPC_S_SEC_PKG_ERROR,
|
|
EEInfoDLInitializeThirdLeg30,
|
|
SEC_E_SECURITY_QOS_FAILED,
|
|
ImpersonationType,
|
|
ContextAttributes);
|
|
SetExtendedError(SEC_E_SECURITY_QOS_FAILED);
|
|
return (RPC_S_SEC_PKG_ERROR);
|
|
}
|
|
|
|
if ( (ImpersonationType == RPC_C_IMP_LEVEL_DELEGATE) &&
|
|
(!(ContextAttributes & ISC_RET_DELEGATE)) )
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
RPC_S_SEC_PKG_ERROR,
|
|
EEInfoDLInitializeThirdLeg40,
|
|
SEC_E_SECURITY_QOS_FAILED,
|
|
ImpersonationType,
|
|
ContextAttributes);
|
|
SetExtendedError(SEC_E_SECURITY_QOS_FAILED);
|
|
return (RPC_S_SEC_PKG_ERROR);
|
|
}
|
|
|
|
if ( (!(ContextAttributes & ISC_RET_MUTUAL_AUTH) )&&
|
|
(Capabilities == RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH) )
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
RPC_S_SEC_PKG_ERROR,
|
|
EEInfoDLInitializeThirdLeg50,
|
|
SEC_E_SECURITY_QOS_FAILED,
|
|
ImpersonationType,
|
|
ContextAttributes);
|
|
SetExtendedError(SEC_E_SECURITY_QOS_FAILED);
|
|
return (RPC_S_SEC_PKG_ERROR);
|
|
}
|
|
|
|
if ( SecurityStatus == SEC_I_COMPLETE_NEEDED )
|
|
{
|
|
fFullyConstructed = TRUE;
|
|
|
|
Status = SetMaximumLengths();
|
|
if (Status != RPC_S_OK)
|
|
return Status;
|
|
return(RPC_P_COMPLETE_NEEDED);
|
|
}
|
|
|
|
fFullyConstructed = TRUE;
|
|
|
|
Status = SetMaximumLengths();
|
|
if (Status != RPC_S_OK)
|
|
return Status;
|
|
|
|
if (AuthenticationService == RPC_C_AUTHN_GSS_SCHANNEL)
|
|
{
|
|
return VerifyCertificate();
|
|
}
|
|
|
|
return(RPC_S_OK);
|
|
}
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::GetWireIdForSnego(
|
|
OUT unsigned char *WireId
|
|
)
|
|
{
|
|
SecPkgContext_NegotiationInfo NegoInfo;
|
|
SECURITY_STATUS SecStatus;
|
|
RPC_STATUS RpcStatus = RPC_S_OK;
|
|
|
|
if (AuthenticationService != RPC_C_AUTHN_GSS_NEGOTIATE)
|
|
return RPC_S_INVALID_BINDING;
|
|
|
|
ASSERT(RpcSecurityInterface != NULL);
|
|
|
|
SecStatus = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext,
|
|
SECPKG_ATTR_NEGOTIATION_INFO,
|
|
&NegoInfo);
|
|
if (SecStatus == SEC_E_OK)
|
|
{
|
|
if (NegoInfo.NegotiationState == SECPKG_NEGOTIATION_COMPLETE)
|
|
{
|
|
*WireId = (unsigned char) NegoInfo.PackageInfo->wRPCID;
|
|
}
|
|
else
|
|
RpcStatus = RPC_S_SEC_PKG_ERROR;
|
|
|
|
(*RpcSecurityInterface->FreeContextBuffer)(NegoInfo.PackageInfo);
|
|
}
|
|
else
|
|
{
|
|
SetExtendedError(SecStatus);
|
|
RpcStatus = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
|
|
return RpcStatus;
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::AcceptFirstTime (
|
|
IN SECURITY_CREDENTIALS * NewCredentials,
|
|
IN SECURITY_BUFFER_DESCRIPTOR PAPI * InputBufferDescriptor,
|
|
IN OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutputBufferDescriptor,
|
|
IN unsigned long AuthenticationLevel,
|
|
IN unsigned long DataRepresentation,
|
|
IN unsigned long NewContextNeededFlag
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Arguments:
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - Everything worked just fine.
|
|
|
|
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to complete the
|
|
operation.
|
|
|
|
RPC_P_CONTINUE_NEEDED - Indicates that everything is ok, but that we
|
|
need to send the output token back to the client, and then wait
|
|
for a token back from the client.
|
|
|
|
RPC_P_COMPLETE_NEEDED - Indicates that everyting is ok, but that we
|
|
need to call CompleteAuthToken before sending the message.
|
|
|
|
RPC_P_COMPLETE_AND_CONTINUE - Needs both a complete and a continue.
|
|
|
|
RPC_S_ACCESS_DENIED - Access is denied.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
TimeStamp TimeStamp;
|
|
unsigned long ContextRequirements;
|
|
RPC_STATUS RpcStatus;
|
|
DWORD Status = 0;
|
|
|
|
ASSERT( (SecuritySupportLoaded != 0)
|
|
&& (FailedToLoad == 0) );
|
|
|
|
if (Credentials)
|
|
{
|
|
Credentials->DereferenceCredentials();
|
|
}
|
|
Credentials = NewCredentials;
|
|
Credentials->ReferenceCredentials();
|
|
|
|
RpcSecurityInterface = Credentials->InquireProviderFunctionTable();
|
|
|
|
if (NewContextNeededFlag == 1)
|
|
{
|
|
DeleteSecurityContext();
|
|
}
|
|
|
|
switch ( AuthenticationLevel )
|
|
{
|
|
case RPC_C_AUTHN_LEVEL_CONNECT :
|
|
ContextRequirements = ASC_REQ_MUTUAL_AUTH;
|
|
break;
|
|
|
|
case RPC_C_AUTHN_LEVEL_PKT :
|
|
ContextRequirements = ASC_REQ_MUTUAL_AUTH
|
|
| ASC_REQ_REPLAY_DETECT;
|
|
break;
|
|
|
|
case RPC_C_AUTHN_LEVEL_PKT_INTEGRITY :
|
|
ContextRequirements = ASC_REQ_MUTUAL_AUTH
|
|
| ASC_REQ_REPLAY_DETECT | ASC_REQ_SEQUENCE_DETECT;
|
|
break;
|
|
|
|
case RPC_C_AUTHN_LEVEL_PKT_PRIVACY :
|
|
ContextRequirements = ASC_REQ_MUTUAL_AUTH
|
|
| ASC_REQ_REPLAY_DETECT | ASC_REQ_SEQUENCE_DETECT
|
|
| ASC_REQ_CONFIDENTIALITY;
|
|
break;
|
|
|
|
default :
|
|
ASSERT(AuthenticationLevel == RPC_C_AUTHN_LEVEL_CONNECT ||
|
|
AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT ||
|
|
AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY ||
|
|
AuthenticationLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY );
|
|
return RPC_S_INTERNAL_ERROR;
|
|
}
|
|
|
|
if (fDatagram)
|
|
{
|
|
ContextRequirements |= ASC_REQ_DATAGRAM;
|
|
}
|
|
else
|
|
{
|
|
ContextRequirements |= ASC_REQ_CONNECTION;
|
|
}
|
|
|
|
if (Credentials->AuthenticationService == RPC_C_AUTHN_WINNT ||
|
|
Credentials->AuthenticationService == RPC_C_AUTHN_DCE_PRIVATE ||
|
|
Credentials->AuthenticationService == RPC_C_AUTHN_GSS_KERBEROS ||
|
|
Credentials->AuthenticationService == RPC_C_AUTHN_GSS_NEGOTIATE)
|
|
{
|
|
ContextRequirements |= ASC_REQ_USE_DCE_STYLE | ASC_REQ_DELEGATE;
|
|
}
|
|
|
|
if (AuthenticationService == RPC_C_AUTHN_WINNT
|
|
|| AuthenticationService == RPC_C_AUTHN_GSS_NEGOTIATE)
|
|
{
|
|
ContextRequirements |= ASC_REQ_ALLOW_NON_USER_LOGONS;
|
|
}
|
|
|
|
CallTestHook( TH_SECURITY_FN_ACCEPT1, this, &Status );
|
|
|
|
if (Status)
|
|
{
|
|
SetExtendedError(Status);
|
|
return Status;
|
|
}
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->AcceptSecurityContext)(
|
|
Credentials->InquireCredHandle(), 0, InputBufferDescriptor,
|
|
ContextRequirements, DataRepresentation, &SecurityContext,
|
|
OutputBufferDescriptor, &ContextAttributes, &TimeStamp);
|
|
|
|
if ( ( SecurityStatus != SEC_E_OK )
|
|
&& ( SecurityStatus != SEC_I_CONTINUE_NEEDED )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_NEEDED )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_AND_CONTINUE ) )
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLAcceptFirstTime10,
|
|
AuthenticationService,
|
|
AuthenticationLevel,
|
|
ContextRequirements);
|
|
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
if ( (SecurityStatus == SEC_E_NO_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_LOGON_DENIED)
|
|
|| (SecurityStatus == SEC_E_INVALID_TOKEN)
|
|
|| (SecurityStatus == SEC_E_NO_AUTHENTICATING_AUTHORITY)
|
|
|| (SecurityStatus == SEC_E_UNKNOWN_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_CONTEXT_EXPIRED)
|
|
|| (SecurityStatus == SEC_E_TIME_SKEW))
|
|
{
|
|
RpcStatus = RPC_S_ACCESS_DENIED;
|
|
}
|
|
else if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
RpcStatus = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
else if (SecurityStatus == SEC_E_SECPKG_NOT_FOUND)
|
|
{
|
|
RpcStatus = RPC_S_UNKNOWN_AUTHN_SERVICE;
|
|
}
|
|
else
|
|
RpcStatus = RPC_S_OUT_OF_MEMORY;
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
RpcStatus,
|
|
EEInfoDLAcceptFirstTime20,
|
|
SecurityStatus);
|
|
|
|
return RpcStatus;
|
|
}
|
|
|
|
DontForgetToDelete = 1;
|
|
|
|
Flags = ContextRequirements;
|
|
|
|
if ( SecurityStatus == SEC_I_CONTINUE_NEEDED )
|
|
{
|
|
return(RPC_P_CONTINUE_NEEDED);
|
|
}
|
|
if ( SecurityStatus == SEC_I_COMPLETE_AND_CONTINUE )
|
|
{
|
|
return(RPC_P_COMPLETE_AND_CONTINUE);
|
|
}
|
|
|
|
ASSERT((SecurityStatus == SEC_I_COMPLETE_NEEDED)
|
|
|| (SecurityStatus == SEC_E_OK));
|
|
|
|
|
|
fFullyConstructed = TRUE;
|
|
|
|
RpcStatus = SetMaximumLengths();
|
|
if (RpcStatus != RPC_S_OK)
|
|
return RpcStatus;
|
|
|
|
Credentials->DereferenceCredentials();
|
|
Credentials = 0;
|
|
if ( SecurityStatus == SEC_I_COMPLETE_NEEDED )
|
|
return(RPC_P_COMPLETE_NEEDED);
|
|
else
|
|
return(RPC_S_OK);
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::AcceptThirdLeg (
|
|
IN unsigned long DataRepresentation,
|
|
IN SECURITY_BUFFER_DESCRIPTOR PAPI * BufferDescriptor,
|
|
OUT SECURITY_BUFFER_DESCRIPTOR PAPI * OutBufferDescriptor
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Arguments:
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - Everything worked just fine.
|
|
|
|
RPC_S_OUT_OF_MEMORY - Insufficient memory is available to complete the
|
|
operation.
|
|
|
|
RPC_S_ACCESS_DENIED - Access is denied.
|
|
|
|
RPC_P_COMPLETE_NEEDED - Indicates that everyting is ok, but that we
|
|
need to call CompleteAuthToken before sending the message.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
TimeStamp TimeStamp;
|
|
RPC_STATUS RpcStatus;
|
|
|
|
ASSERT( (SecuritySupportLoaded != 0)
|
|
&& (FailedToLoad == 0) );
|
|
|
|
SetLastError(0);
|
|
|
|
|
|
{
|
|
DWORD Status = 0;
|
|
|
|
CallTestHook( TH_SECURITY_FN_ACCEPT3, this, &Status );
|
|
|
|
if (Status)
|
|
{
|
|
FailedContext = Status;
|
|
|
|
SetExtendedError(Status);
|
|
|
|
return Status;
|
|
}
|
|
}
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->AcceptSecurityContext)(
|
|
Credentials->InquireCredHandle(),
|
|
&SecurityContext,
|
|
BufferDescriptor,
|
|
Flags,
|
|
DataRepresentation,
|
|
&SecurityContext,
|
|
OutBufferDescriptor,
|
|
&ContextAttributes,
|
|
&TimeStamp
|
|
);
|
|
|
|
//
|
|
// If 3rd Leg Failed Bit is set, map all errors other than out of memory
|
|
// to SUCCESS
|
|
//
|
|
if (
|
|
(
|
|
( SecurityStatus != SEC_E_OK )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_NEEDED)
|
|
&& ( SecurityStatus != SEC_I_CONTINUE_NEEDED)
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_AND_CONTINUE)
|
|
&& ( SecurityStatus != SEC_E_INSUFFICIENT_MEMORY )
|
|
&& ( ContextAttributes & ASC_RET_THIRD_LEG_FAILED )
|
|
)
|
|
||
|
|
(
|
|
( SecurityStatus == SEC_E_LOGON_DENIED )
|
|
|| ( SecurityStatus == SEC_E_NO_CREDENTIALS )
|
|
|| ( SecurityStatus == SEC_E_INVALID_TOKEN )
|
|
|| ( SecurityStatus == SEC_E_UNKNOWN_CREDENTIALS )
|
|
|| ( SecurityStatus == SEC_E_NO_AUTHENTICATING_AUTHORITY )
|
|
|| ( SecurityStatus == SEC_E_TIME_SKEW )
|
|
)
|
|
)
|
|
{
|
|
FailedContext = GetLastError();
|
|
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLAcceptThirdLeg10,
|
|
AuthenticationService,
|
|
AuthenticationLevel,
|
|
FailedContext);
|
|
|
|
if (!fDatagram)
|
|
{
|
|
SecurityStatus = SEC_E_OK;
|
|
}
|
|
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
if ( (FailedContext != ERROR_PASSWORD_MUST_CHANGE)
|
|
&& (FailedContext != ERROR_PASSWORD_EXPIRED)
|
|
&& (FailedContext != ERROR_ACCOUNT_DISABLED)
|
|
&& (FailedContext != ERROR_INVALID_LOGON_HOURS) )
|
|
{
|
|
FailedContext = RPC_S_ACCESS_DENIED;
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
FailedContext,
|
|
EEInfoDLAcceptThirdLeg30);
|
|
}
|
|
|
|
ASSERT(FailedContextEEInfo == NULL);
|
|
FailedContextEEInfo = RpcpGetEEInfo();
|
|
RpcpClearEEInfo();
|
|
}
|
|
|
|
if ( ( SecurityStatus != SEC_E_OK )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_NEEDED )
|
|
&& ( SecurityStatus != SEC_I_CONTINUE_NEEDED )
|
|
&& ( SecurityStatus != SEC_I_COMPLETE_AND_CONTINUE ) )
|
|
{
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
SecurityStatus,
|
|
EEInfoDLAcceptThirdLeg20,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
DontForgetToDelete = 0;
|
|
|
|
if ( SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS )
|
|
{
|
|
RpcStatus = ERROR_SHUTDOWN_IN_PROGRESS;
|
|
}
|
|
else if ( (SecurityStatus == SEC_E_SECPKG_NOT_FOUND)
|
|
|| (SecurityStatus == SEC_E_NO_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_LOGON_DENIED)
|
|
|| (SecurityStatus == SEC_E_INVALID_TOKEN)
|
|
|| (SecurityStatus == SEC_E_UNKNOWN_CREDENTIALS)
|
|
|| (SecurityStatus == SEC_E_NO_AUTHENTICATING_AUTHORITY)
|
|
|| (SecurityStatus == SEC_E_CONTEXT_EXPIRED)
|
|
|| (SecurityStatus == SEC_E_TIME_SKEW))
|
|
{
|
|
RpcStatus = RPC_S_ACCESS_DENIED;
|
|
}
|
|
else
|
|
{
|
|
ASSERT( SecurityStatus == SEC_E_INSUFFICIENT_MEMORY );
|
|
RpcStatus = RPC_S_OUT_OF_MEMORY;
|
|
}
|
|
|
|
RpcpErrorAddRecord (EEInfoGCRuntime,
|
|
RpcStatus,
|
|
EEInfoDLAcceptThirdLeg40,
|
|
SecurityStatus);
|
|
|
|
return RpcStatus;
|
|
}
|
|
|
|
if ( SecurityStatus == SEC_I_CONTINUE_NEEDED )
|
|
{
|
|
return(RPC_P_CONTINUE_NEEDED);
|
|
}
|
|
if ( SecurityStatus == SEC_I_COMPLETE_AND_CONTINUE )
|
|
{
|
|
return(RPC_P_COMPLETE_AND_CONTINUE);
|
|
}
|
|
|
|
|
|
ASSERT ( (SecurityStatus == SEC_I_COMPLETE_NEEDED)
|
|
|| (SecurityStatus == SEC_E_OK));
|
|
|
|
fFullyConstructed = TRUE;
|
|
|
|
RpcStatus = SetMaximumLengths();
|
|
if (RpcStatus)
|
|
{
|
|
FailedContext = RpcStatus;
|
|
|
|
ASSERT(FailedContextEEInfo == NULL);
|
|
FailedContextEEInfo = RpcpGetEEInfo();
|
|
RpcpClearEEInfo();
|
|
|
|
//
|
|
// We don't want to block third leg - mimic success
|
|
// Failed context has already been set
|
|
//
|
|
MaxSignatureLength = 256;
|
|
MaxHeaderLength = 256;
|
|
cbBlockSize = 64;
|
|
}
|
|
|
|
if (SecurityStatus == SEC_I_COMPLETE_NEEDED)
|
|
return(RPC_P_COMPLETE_NEEDED);
|
|
else
|
|
return RPC_S_OK;
|
|
}
|
|
|
|
|
|
|
|
unsigned long
|
|
SECURITY_CONTEXT::InquireAuthorizationService (
|
|
)
|
|
/*++
|
|
|
|
Return Value:
|
|
|
|
The authorization service for this security context will be returned.
|
|
|
|
--*/
|
|
{
|
|
SecPkgContext_DceInfo DceInfo;
|
|
SECURITY_STATUS SecurityStatus;
|
|
SecurityStatus = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext, SECPKG_ATTR_DCE_INFO, &DceInfo);
|
|
ASSERT( SecurityStatus == SEC_E_OK );
|
|
return(DceInfo.AuthzSvc);
|
|
}
|
|
|
|
|
|
RPC_AUTHZ_HANDLE
|
|
SECURITY_CONTEXT::InquirePrivileges (
|
|
)
|
|
/*++
|
|
|
|
Return Value:
|
|
|
|
The privileges of the client at the other end of this security context
|
|
will be returned.
|
|
|
|
--*/
|
|
{
|
|
SecPkgContext_DceInfo DceInfo;
|
|
SECURITY_STATUS SecurityStatus;
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext, SECPKG_ATTR_DCE_INFO, &DceInfo);
|
|
ASSERT( SecurityStatus == SEC_E_OK );
|
|
return(DceInfo.pPac);
|
|
}
|
|
|
|
|
|
DWORD
|
|
SECURITY_CONTEXT::GetDceInfo (
|
|
RPC_AUTHZ_HANDLE __RPC_FAR * PacHandle,
|
|
unsigned long __RPC_FAR * AuthzSvc
|
|
)
|
|
|
|
/*++
|
|
|
|
Return Value:
|
|
|
|
The privileges of the client at the other end of this security context
|
|
will be returned.
|
|
|
|
--*/
|
|
{
|
|
SecPkgContext_DceInfo DceInfo;
|
|
SECURITY_STATUS SecurityStatus;
|
|
|
|
*PacHandle = 0;
|
|
*AuthzSvc = 0;
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext, SECPKG_ATTR_DCE_INFO, &DceInfo);
|
|
|
|
ASSERT( (SecurityStatus == SEC_E_OK)
|
|
|| (SecurityStatus == SEC_E_UNSUPPORTED_FUNCTION)
|
|
|| (SecurityStatus == SEC_E_INVALID_HANDLE));
|
|
|
|
if (SecurityStatus == SEC_E_OK)
|
|
{
|
|
*PacHandle = DceInfo.pPac;
|
|
*AuthzSvc = DceInfo.AuthzSvc;
|
|
return 0;
|
|
}
|
|
|
|
if (AuthenticationService == RPC_C_AUTHN_GSS_SCHANNEL)
|
|
{
|
|
SecurityStatus = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext, SECPKG_ATTR_REMOTE_CERT_CONTEXT, PacHandle);
|
|
|
|
if (SecurityStatus != SEC_E_OK)
|
|
{
|
|
*PacHandle = 0;
|
|
}
|
|
}
|
|
|
|
return SecurityStatus;
|
|
}
|
|
|
|
|
|
void
|
|
SECURITY_CONTEXT::DeleteSecurityContext (
|
|
void
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
If there is a valid security context, we need to delete it.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
unsigned int nRetries = 0;
|
|
|
|
if ( DontForgetToDelete != 0 )
|
|
{
|
|
if (AuthzClientContext)
|
|
{
|
|
AuthzFreeContextFn(AuthzClientContext);
|
|
AuthzClientContext = NULL;
|
|
}
|
|
|
|
// SEC_E_INSUFFICIENT_MEMORY may be returned under extremely low
|
|
// memory conditions. We will do the following:
|
|
// - Retry 10 times to delete the security context.
|
|
// - Raise a flag in the process that we have leaked one or more security contexts.
|
|
do
|
|
{
|
|
SecurityStatus = (*RpcSecurityInterface->DeleteSecurityContext)(
|
|
&SecurityContext );
|
|
nRetries++;
|
|
}
|
|
while (SecurityStatus == SEC_E_INSUFFICIENT_MEMORY && nRetries < 10);
|
|
|
|
if (SecurityStatus == SEC_E_INSUFFICIENT_MEMORY)
|
|
{
|
|
nSecurityContextsLeaked++;
|
|
}
|
|
|
|
// when the process shutdowns, the security system may return SEC_E_SECPKG_NOT_FOUND
|
|
// since it is uninitialized. This is the only time when this error will be
|
|
// returned, so it is safe to ignore.
|
|
if (SecurityStatus == SEC_E_SECPKG_NOT_FOUND)
|
|
SecurityStatus = SEC_E_OK;
|
|
|
|
#if DBG
|
|
if ((SecurityStatus != SEC_E_OK) && (SecurityStatus != SEC_E_SHUTDOWN_IN_PROGRESS))
|
|
{
|
|
PrintToDebugger("DeleteSecurityContext(0x%x) Returned [%lx]\n",
|
|
&SecurityContext,
|
|
SecurityStatus);
|
|
}
|
|
if (SecurityStatus == SEC_E_INSUFFICIENT_MEMORY)
|
|
{
|
|
PrintToDebugger("SecurityContext(0x%x) leaked\n",
|
|
&SecurityContext);
|
|
}
|
|
#endif
|
|
|
|
ASSERT( SecurityStatus == SEC_E_OK ||
|
|
SecurityStatus == SEC_E_SHUTDOWN_IN_PROGRESS ||
|
|
SecurityStatus == SEC_E_INSUFFICIENT_MEMORY);
|
|
|
|
DontForgetToDelete = 0;
|
|
}
|
|
|
|
if (FailedContextEEInfo)
|
|
{
|
|
FreeEEInfoChain(FailedContextEEInfo);
|
|
FailedContextEEInfo = NULL;
|
|
}
|
|
}
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::CheckForFailedThirdLeg (
|
|
void
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
If the third leg has failed, we will return the error code
|
|
and restore the eeinfo.
|
|
|
|
--*/
|
|
{
|
|
ASSERT( ( SecuritySupportLoaded != 0 )
|
|
&& ( FailedToLoad == 0 ) );
|
|
|
|
if (FailedContext != 0)
|
|
{
|
|
if (FailedContextEEInfo)
|
|
{
|
|
RpcpSetEEInfo(FailedContextEEInfo);
|
|
FailedContextEEInfo = NULL;
|
|
}
|
|
return (RPC_S_ACCESS_DENIED);
|
|
}
|
|
|
|
return RPC_S_OK;
|
|
}
|
|
|
|
|
|
void
|
|
SECURITY_CONTEXT::DeletePac(
|
|
void __RPC_FAR * PacHandle
|
|
)
|
|
|
|
/*++
|
|
|
|
Return Value:
|
|
|
|
|
|
--*/
|
|
{
|
|
if (AuthenticationService == RPC_C_AUTHN_GSS_SCHANNEL)
|
|
{
|
|
if (!LoadCrypt32Imports())
|
|
{
|
|
return;
|
|
}
|
|
|
|
CertFreeCertificateContext( (PCERT_CONTEXT) PacHandle );
|
|
}
|
|
else
|
|
{
|
|
(*RpcSecurityInterface->FreeContextBuffer)( PacHandle );
|
|
}
|
|
}
|
|
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::ImpersonateClient (
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
The server thread calling this routine will impersonate the client at the
|
|
other end of this security context.
|
|
|
|
Return Value:
|
|
|
|
RPC_S_OK - The impersonation successfully occured.
|
|
|
|
RPC_S_NO_CONTEXT_AVAILABLE - There is no security context available to
|
|
be impersonated.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
|
|
ASSERT( ( SecuritySupportLoaded != 0 )
|
|
&& ( FailedToLoad == 0 ) );
|
|
|
|
if (FailedContext != 0)
|
|
{
|
|
if (FailedContextEEInfo)
|
|
{
|
|
RpcpSetEEInfo(FailedContextEEInfo);
|
|
FailedContextEEInfo = NULL;
|
|
}
|
|
return (RPC_S_ACCESS_DENIED);
|
|
}
|
|
|
|
ASSERT( FullyConstructed() );
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->ImpersonateSecurityContext)(
|
|
&SecurityContext);
|
|
|
|
if ( SecurityStatus != SEC_E_OK )
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
RPC_S_NO_CONTEXT_AVAILABLE,
|
|
EEInfoDLImpersonateClient10,
|
|
SecurityStatus,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
ASSERT( SecurityStatus == SEC_E_NO_IMPERSONATION );
|
|
return(RPC_S_NO_CONTEXT_AVAILABLE);
|
|
}
|
|
|
|
return(RPC_S_OK);
|
|
}
|
|
|
|
|
|
void
|
|
SECURITY_CONTEXT::RevertToSelf (
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
The server thread calling this routine will stop impersonating. If the
|
|
thread is not impersonating, then this is a noop.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
|
|
ASSERT( ( SecuritySupportLoaded != 0 )
|
|
&& ( FailedToLoad == 0 ) );
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->RevertSecurityContext)(
|
|
&SecurityContext);
|
|
|
|
ASSERT( SecurityStatus == SEC_E_OK );
|
|
}
|
|
|
|
RPC_STATUS
|
|
SECURITY_CONTEXT::GetAccessToken (
|
|
OUT HANDLE *ImpersonationToken,
|
|
OUT BOOL *fNeedToCloseToken
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Gets the access token maintained by the security provider.
|
|
|
|
Arguments:
|
|
|
|
ImpersonationToken - contains the impersonation token on success
|
|
fNeedToCloseToken - true if the resulting token needs closing.
|
|
False otherwise. Some security providers support handing off
|
|
of the token itself (faster). Some don't. All support handing
|
|
off a copy of the token. Depending on what security provider
|
|
we have, we'll get the token, and set this variable. This
|
|
parameter is undefined in case of failure.
|
|
|
|
Return Value:
|
|
RPC_S_OK on success, or RPC_S_* on failure. Supports EEInfo.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecurityStatus;
|
|
HANDLE Token;
|
|
|
|
ASSERT( ( SecuritySupportLoaded != 0 )
|
|
&& ( FailedToLoad == 0 ) );
|
|
|
|
ASSERT( FullyConstructed() );
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext,
|
|
SECPKG_ATTR_ACCESS_TOKEN,
|
|
&Token);
|
|
|
|
if ( (SecurityStatus != SEC_E_OK)
|
|
&& (SecurityStatus != SEC_E_UNSUPPORTED_FUNCTION) )
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
RPC_S_NO_CONTEXT_AVAILABLE,
|
|
EEInfoDLSECURITY_CONTEXT__GetAccessToken10,
|
|
SecurityStatus,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
ASSERT( 0 );
|
|
return(RPC_S_NO_CONTEXT_AVAILABLE);
|
|
}
|
|
|
|
if (SecurityStatus != SEC_E_OK)
|
|
{
|
|
ASSERT(SecurityStatus == SEC_E_UNSUPPORTED_FUNCTION);
|
|
|
|
// the security provider does not provide quick retrieval
|
|
// of token - go the long way
|
|
SecurityStatus = (*RpcSecurityInterface->QuerySecurityContextToken)(
|
|
&SecurityContext, &Token);
|
|
|
|
if (SecurityStatus != SEC_E_OK)
|
|
{
|
|
RpcpErrorAddRecord (EEInfoGCSecurityProvider,
|
|
RPC_S_NO_CONTEXT_AVAILABLE,
|
|
EEInfoDLSECURITY_CONTEXT__GetAccessToken20,
|
|
SecurityStatus,
|
|
AuthenticationService,
|
|
AuthenticationLevel);
|
|
|
|
ASSERT( SecurityStatus == SEC_E_NO_IMPERSONATION );
|
|
return(RPC_S_NO_CONTEXT_AVAILABLE);
|
|
}
|
|
|
|
*fNeedToCloseToken = TRUE;
|
|
}
|
|
else
|
|
{
|
|
*fNeedToCloseToken = FALSE;
|
|
}
|
|
|
|
*ImpersonationToken = Token;
|
|
return RPC_S_OK;
|
|
}
|
|
|
|
|
|
PACKAGE_LEG_COUNT
|
|
GetPackageLegCount(
|
|
DWORD id
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This fn determines whether the given security package is a 3- or 4-leg
|
|
protocol. The relevance of this information is described in
|
|
ReadPackageLegInfo(). This fn. first searches the hardcoded entries in
|
|
PredefinedPackageLegInfo[], and if the package is not found it turns to the
|
|
registry information stored in FourLeggedPackages[].
|
|
|
|
Return Values:
|
|
|
|
LegsUnknown = the fn cannot give a reliable answer
|
|
|
|
ThreeLegs = this is a 3-leg protocol
|
|
|
|
EvenNumberOfLegs = this is not a 3-leg protocol
|
|
|
|
--*/
|
|
{
|
|
int i;
|
|
|
|
if ( InsureSecuritySupportLoaded() != RPC_S_OK )
|
|
{
|
|
return LegsUnknown;
|
|
}
|
|
|
|
for (i=0; PredefinedPackageLegInfo[i].Package != 0; ++i)
|
|
{
|
|
if (PredefinedPackageLegInfo[i].Package == id)
|
|
{
|
|
return PredefinedPackageLegInfo[i].Legs;
|
|
}
|
|
}
|
|
|
|
CLAIM_MUTEX Lock( *SecurityCritSect );
|
|
|
|
if (!FourLeggedPackages)
|
|
{
|
|
if (!ReadPackageLegInfo())
|
|
{
|
|
return LegsUnknown;
|
|
}
|
|
}
|
|
|
|
ASSERT(FourLeggedPackages);
|
|
|
|
for (i=0; FourLeggedPackages[i] != 0; ++i)
|
|
{
|
|
if (FourLeggedPackages[i] == id)
|
|
{
|
|
return EvenNumberOfLegs;
|
|
}
|
|
}
|
|
|
|
return ThreeLegs;
|
|
}
|
|
|
|
DWORD
|
|
SECURITY_CONTEXT::VerifyCertificate()
|
|
{
|
|
DWORD SecurityStatus = 0;
|
|
|
|
//
|
|
// Compare the name on the certificate against the expected principal name.
|
|
//
|
|
if (ServerPrincipalName)
|
|
{
|
|
//
|
|
// Get a copy of the raw certificate.
|
|
//
|
|
if (!LoadCrypt32Imports())
|
|
{
|
|
return GetLastError();
|
|
}
|
|
|
|
PCERT_CONTEXT ClientContext;
|
|
|
|
SecurityStatus = (*RpcSecurityInterface->QueryContextAttributes)(
|
|
&SecurityContext,
|
|
SECPKG_ATTR_REMOTE_CERT_CONTEXT,
|
|
&ClientContext
|
|
);
|
|
if (SecurityStatus)
|
|
{
|
|
RpcpErrorAddRecord ( EEInfoGCSecurityProvider,
|
|
RPC_S_OUT_OF_MEMORY,
|
|
EEInfoDLInitializeThirdLeg60,
|
|
SecurityStatus );
|
|
|
|
ASSERT( SecurityStatus == SEC_E_INSUFFICIENT_MEMORY );
|
|
return SecurityStatus;
|
|
}
|
|
|
|
SecurityStatus = RpcCertMatchPrincipalName( ClientContext, ServerPrincipalName );
|
|
switch (SecurityStatus)
|
|
{
|
|
case 0:
|
|
case ERROR_NOT_ENOUGH_MEMORY:
|
|
break;
|
|
|
|
default:
|
|
|
|
//
|
|
// we are supposed to have verified the princ name earlier.
|
|
//
|
|
ASSERT( SecurityStatus != ERROR_INVALID_PARAMETER );
|
|
|
|
SetExtendedError(SecurityStatus);
|
|
|
|
SecurityStatus = RPC_S_ACCESS_DENIED;
|
|
break;
|
|
}
|
|
|
|
CertFreeCertificateContext( ClientContext );
|
|
}
|
|
|
|
return SecurityStatus;
|
|
}
|