ReactOS  0.4.14-dev-77-gd9e7c48
auth_sspi.c
Go to the documentation of this file.
1 /* NFSv4.1 client for Windows
2  * Copyright © 2012 The Regents of the University of Michigan
3  *
4  * Olga Kornievskaia <aglo@umich.edu>
5  * Casey Bodley <cbodley@umich.edu>
6  *
7  * This library is free software; you can redistribute it and/or modify it
8  * under the terms of the GNU Lesser General Public License as published by
9  * the Free Software Foundation; either version 2.1 of the License, or (at
10  * your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful, but
13  * without any warranty; without even the implied warranty of merchantability
14  * or fitness for a particular purpose. See the GNU Lesser General Public
15  * License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public License
18  * along with this library; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20  */
21 
22 #include <wintirpc.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 //#include <unistd.h>
26 #include <string.h>
27 #include <errno.h>
28 #include <rpc/types.h>
29 #include <rpc/xdr.h>
30 #include <rpc/auth.h>
31 #include <rpc/auth_sspi.h>
32 #include <rpc/clnt.h>
33 
34 static void authsspi_nextverf(AUTH *auth);
35 static bool_t authsspi_marshal(AUTH *auth, XDR *xdrs, u_int *seq);
36 static bool_t authsspi_refresh(AUTH *auth, void *);
37 static bool_t authsspi_validate(AUTH *auth, struct opaque_auth *verf, u_int seq);
38 static void authsspi_destroy(AUTH *auth);
39 static void authsspi_destroy_context(AUTH *auth);
40 static bool_t authsspi_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr);
41 static bool_t authsspi_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, u_int seq);
42 
43 static struct auth_ops authsspi_ops = {
44  authsspi_nextverf,
45  authsspi_marshal,
46  authsspi_validate,
47  authsspi_refresh,
48  authsspi_destroy,
49  authsspi_wrap,
50  authsspi_unwrap
51 };
52 
53 struct rpc_sspi_data {
54  bool_t established; /* context established */
55  bool_t inprogress;
56  sspi_buffer_desc gc_wire_verf; /* save GSS_S_COMPLETE NULL RPC verfier
57  * to process at end of context negotiation*/
58  CLIENT *clnt; /* client handle */
59  sspi_name_t name; /* service name */
60  struct rpc_sspi_sec *sec; /* security tuple */
61  CtxtHandle ctx; /* context id */
62  struct rpc_sspi_cred gc; /* client credentials */
63  u_int win; /* sequence window */
64  TimeStamp expiry;
65 };
66 
67 #define AUTH_PRIVATE(auth) ((struct rpc_sspi_data *)auth->ah_private)
68 
69 static struct timeval AUTH_TIMEOUT = { 25, 0 };
70 void print_rpc_gss_sec(struct rpc_sspi_sec *ptr);
71 void print_negotiated_attrs(PCtxtHandle ctx);
72 
73 AUTH *
74 authsspi_create(CLIENT *clnt, sspi_name_t name, struct rpc_sspi_sec *sec)
75 {
76  AUTH *auth, *save_auth;
77  struct rpc_sspi_data *gd;
78 
79  log_debug("in authgss_create()");
80 
81  memset(&rpc_createerr, 0, sizeof(rpc_createerr));
82 
83  if ((auth = calloc(sizeof(*auth), 1)) == NULL) {
84  rpc_createerr.cf_stat = RPC_SYSTEMERROR;
85  rpc_createerr.cf_error.re_errno = ENOMEM;
86  return (NULL);
87  }
88  if ((gd = calloc(sizeof(*gd), 1)) == NULL) {
89  rpc_createerr.cf_stat = RPC_SYSTEMERROR;
90  rpc_createerr.cf_error.re_errno = ENOMEM;
91  free(auth);
92  return (NULL);
93  }
94 
95 #if 0
96  if (name != SSPI_C_NO_NAME) {
97  if (gss_duplicate_name(&min_stat, name, &gd->name)
98  != GSS_S_COMPLETE) {
99  rpc_createerr.cf_stat = RPC_SYSTEMERROR;
100  rpc_createerr.cf_error.re_errno = ENOMEM;
101  free(auth);
102  return (NULL);
103  }
104  }
105  else
106 #else
107  gd->name = strdup(name);
108 #endif
109 
110  gd->clnt = clnt;
111  SecInvalidateHandle(&gd->ctx);
112  gd->sec = sec;
113 
114  gd->gc.gc_v = RPCSEC_SSPI_VERSION;
115  gd->gc.gc_proc = RPCSEC_SSPI_INIT;
116  gd->gc.gc_svc = gd->sec->svc;
117 
118  auth->ah_ops = &authsspi_ops;
119  auth->ah_private = (caddr_t)gd;
120 
121  save_auth = clnt->cl_auth;
122  clnt->cl_auth = auth;
123 
124  if (!authsspi_refresh(auth, NULL))
125  auth = NULL;
126 
127  clnt->cl_auth = save_auth;
128 
129  return (auth);
130 }
131 
132 AUTH *
133 authsspi_create_default(CLIENT *clnt, char *service, int svc)
134 {
135  AUTH *auth = NULL;
136  uint32_t maj_stat = 0;
137  sspi_buffer_desc sname;
138  sspi_name_t name = SSPI_C_NO_NAME;
139  unsigned char sec_pkg_name[] = "Kerberos";
140  struct rpc_sspi_sec *sec;
141 
142  log_debug("in authgss_create_default() for %s", service);
143 
144  sname.value = service;
145  sname.length = (int)strlen(service);
146 #if 0
147  maj_stat = gss_import_name(&min_stat, &sname,
148  (gss_OID)GSS_C_NT_HOSTBASED_SERVICE,
149  &name);
150 #else
151  maj_stat = sspi_import_name(&sname, &name);
152 #endif
153  if (maj_stat != SEC_E_OK) {
154  log_debug("authgss_create_default: sspi_import_name failed with %x", maj_stat);
155  return (NULL);
156  }
157  sec = calloc(1, sizeof(struct rpc_sspi_sec));
158  if (sec == NULL)
159  goto out_err;
160  sec->svc = svc;
161  // Let's acquire creds here for now
162  maj_stat = AcquireCredentialsHandleA(NULL, sec_pkg_name, SECPKG_CRED_BOTH,
163  NULL, NULL, NULL, NULL, &sec->cred, &sec->expiry);
164  if (maj_stat != SEC_E_OK) {
165  log_debug("authgss_create_default: AcquireCredentialsHandleA failed with %x", maj_stat);
166  free(sec);
167  goto out;
168  }
169 
170  auth = authsspi_create(clnt, name, sec);
171  if (auth == NULL)
172  goto out_free_sec;
173 
174 out:
175  if (name != SSPI_C_NO_NAME) {
176 #if 0
177  gss_release_name(&min_stat, &name);
178 #else
179  free(name);
180 #endif
181  }
182 
183  return (auth);
184 out_free_sec:
185  if (rpc_createerr.cf_error.re_errno == ENOMEM) {
186  FreeCredentialsHandle(&sec->cred);
187  free(sec);
188  }
189 out_err:
190  rpc_createerr.cf_stat = RPC_SYSTEMERROR;
191  rpc_createerr.cf_error.re_errno = ENOMEM;
192  goto out;
193 }
194 
195 static void
196 authsspi_nextverf(AUTH *auth)
197 {
198  log_debug("in authgss_nextverf()");
199  /* no action necessary */
200 }
201 
202 static bool_t
203 authsspi_marshal(AUTH *auth, XDR *xdrs, u_int *seq)
204 {
205  XDR tmpxdrs;
206  char tmp[MAX_AUTH_BYTES];
207  struct rpc_sspi_data *gd;
208  sspi_buffer_desc rpcbuf, checksum;
209  uint32_t maj_stat;
210  bool_t xdr_stat;
211 
212  log_debug("in authgss_marshal()");
213 
214  gd = AUTH_PRIVATE(auth);
215 
216  if (gd->established) {
217  gd->gc.gc_seq++;
218  *seq = gd->gc.gc_seq;
219  }
220 
221  xdrmem_create(&tmpxdrs, tmp, sizeof(tmp), XDR_ENCODE);
222 
223  if (!xdr_rpc_sspi_cred(&tmpxdrs, &gd->gc)) {
224  log_debug("authsspi_marshal: xdr_rpc_sspi_cred failed");
225  XDR_DESTROY(&tmpxdrs);
226  return (FALSE);
227  }
228  auth->ah_cred.oa_flavor = RPCSEC_GSS;
229  auth->ah_cred.oa_base = tmp;
230  auth->ah_cred.oa_length = XDR_GETPOS(&tmpxdrs);
231 
232  XDR_DESTROY(&tmpxdrs);
233 
234  if (!xdr_opaque_auth(xdrs, &auth->ah_cred)) {
235  log_debug("authsspi_marshal: failed to xdr GSS CRED");
236  return (FALSE);
237  }
238  if (gd->gc.gc_proc == RPCSEC_SSPI_INIT ||
239  gd->gc.gc_proc == RPCSEC_SSPI_CONTINUE_INIT) {
240  return (xdr_opaque_auth(xdrs, &_null_auth));
241  }
242  /* Checksum serialized RPC header, up to and including credential. */
243  rpcbuf.length = XDR_GETPOS(xdrs) - 4;
244  //XDR_SETPOS(xdrs, 0);
245  //rpcbuf.value = XDR_INLINE(xdrs, rpcbuf.length);
246  rpcbuf.value = xdrrec_getoutbase(xdrs) + 1;
247 
248 #if 0
249  maj_stat = gss_get_mic(&min_stat, gd->ctx, gd->sec.qop,
250  &rpcbuf, &checksum);
251 #else
252  maj_stat = sspi_get_mic(&gd->ctx, 0, gd->gc.gc_seq, &rpcbuf, &checksum);
253 #endif
254  if (maj_stat != SEC_E_OK) {
255  log_debug("authsspi_marshal: sspi_get_mic failed with %x", maj_stat);
256  if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
257  gd->established = FALSE;
258  authsspi_destroy_context(auth);
259  }
260  return (FALSE);
261  }
262  auth->ah_verf.oa_flavor = RPCSEC_GSS;
263  auth->ah_verf.oa_base = checksum.value;
264  auth->ah_verf.oa_length = checksum.length;
265  xdr_stat = xdr_opaque_auth(xdrs, &auth->ah_verf);
266 #if 0
267  gss_release_buffer(&min_stat, &checksum);
268 #else
269  sspi_release_buffer(&checksum);
270 #endif
271  return (xdr_stat);
272 }
273 
274 static bool_t
275 authsspi_validate(AUTH *auth, struct opaque_auth *verf, u_int seq)
276 {
277  struct rpc_sspi_data *gd;
278  u_int num, qop_state, cur_seq;
279  sspi_buffer_desc signbuf, checksum;
280  uint32_t maj_stat;
281 
282  log_debug("in authgss_validate(for seq=%d)", seq);
283 
284  gd = AUTH_PRIVATE(auth);
285 
286  if (gd->established == FALSE) {
287  /* would like to do this only on NULL rpc --
288  * gc->established is good enough.
289  * save the on the wire verifier to validate last
290  * INIT phase packet after decode if the major
291  * status is GSS_S_COMPLETE
292  */
293  if ((gd->gc_wire_verf.value =
294  mem_alloc(verf->oa_length)) == NULL) {
295  return (FALSE);
296  }
297  memcpy(gd->gc_wire_verf.value, verf->oa_base, verf->oa_length);
298  gd->gc_wire_verf.length = verf->oa_length;
299  return (TRUE);
300  }
301 
302  if (gd->gc.gc_proc == RPCSEC_SSPI_DESTROY)
303  return TRUE;
304 
305  if (gd->gc.gc_proc == RPCSEC_SSPI_INIT ||
306  gd->gc.gc_proc == RPCSEC_SSPI_CONTINUE_INIT) {
307  num = htonl(gd->win);
308  }
309  else {
310  if (seq == -1) {
311  num = htonl(gd->gc.gc_seq);
312  cur_seq = gd->gc.gc_seq;
313  }
314  else {
315  num = htonl(seq);
316  cur_seq = seq;
317  }
318  }
319 
320  signbuf.value = &num;
321  signbuf.length = sizeof(num);
322 
323  checksum.value = verf->oa_base;
324  checksum.length = verf->oa_length;
325 #if 0
326  maj_stat = gss_verify_mic(&min_stat, gd->ctx, &signbuf,
327  &checksum, &qop_state);
328 #else
329  maj_stat = sspi_verify_mic(&gd->ctx, cur_seq, &signbuf, &checksum, &qop_state);
330 #endif
331  if (maj_stat != SEC_E_OK) {
332  log_debug("authsspi_validate: VerifySignature failed with %x", maj_stat);
333  if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
334  gd->established = FALSE;
335  authsspi_destroy_context(auth);
336  }
337  return (FALSE);
338  }
339  return (TRUE);
340 }
341 
342 static bool_t
343 authsspi_refresh(AUTH *auth, void *tmp)
344 {
345  struct rpc_sspi_data *gd;
346  struct rpc_sspi_init_res gr;
347  sspi_buffer_desc *recv_tokenp, send_token;
348  uint32_t maj_stat, call_stat, ret_flags, i;
349  unsigned long flags =
350  ISC_REQ_MUTUAL_AUTH|ISC_REQ_INTEGRITY|ISC_REQ_ALLOCATE_MEMORY;
351  SecBufferDesc out_desc, in_desc;
352  SecBuffer wtkn[1], rtkn[1];
353 
354  log_debug("in authgss_refresh()");
355 
356  gd = AUTH_PRIVATE(auth);
357 
358  if ((gd->established && tmp == NULL) || gd->inprogress)
359  return (TRUE);
360  else if (tmp) {
361  log_debug("trying to refresh credentials\n");
362  DeleteSecurityContext(&gd->ctx);
363  sspi_release_buffer(&gd->gc.gc_ctx);
364  SecInvalidateHandle(&gd->ctx);
365  mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
366  gd->gc_wire_verf.value = NULL;
367  gd->gc_wire_verf.length = 0;
368  gd->established = FALSE;
369  gd->gc.gc_proc = RPCSEC_SSPI_INIT;
370  }
371 
372  /* GSS context establishment loop. */
373  memset(&gr, 0, sizeof(gr));
374  recv_tokenp = SSPI_C_NO_BUFFER;
375  send_token.length = 0;
376  send_token.value = NULL;
377 
378  print_rpc_gss_sec(gd->sec);
379 
380  if (gd->sec->svc == RPCSEC_SSPI_SVC_PRIVACY)
381  flags |= ISC_REQ_CONFIDENTIALITY;
382 
383  for (i=0;;i++) {
384  /* print the token we just received */
385  if (recv_tokenp != SSPI_C_NO_BUFFER) {
386  log_debug("The token we just received (length %d):",
387  recv_tokenp->length);
388  log_hexdump(0, "", recv_tokenp->value, recv_tokenp->length, 0);
389  }
390 #if 0
391  maj_stat = gss_init_sec_context(&min_stat,
392  gd->sec.cred,
393  &gd->ctx,
394  gd->name,
395  gd->sec.mech,
396  gd->sec.req_flags,
397  0, /* time req */
398  NULL, /* channel */
399  recv_tokenp,
400  NULL, /* used mech */
401  &send_token,
402  &ret_flags,
403  NULL); /* time rec */
404 #else
405  gd->inprogress = TRUE;
406  out_desc.cBuffers = 1;
407  out_desc.pBuffers = wtkn;
408  out_desc.ulVersion = SECBUFFER_VERSION;
409  wtkn[0].BufferType = SECBUFFER_TOKEN;
410  wtkn[0].cbBuffer = send_token.length;
411  wtkn[0].pvBuffer = send_token.value;
412  log_debug("calling InitializeSecurityContextA for %s", gd->name);
413 
414  maj_stat = InitializeSecurityContextA(
415  &gd->sec->cred,
416  ((i==0)?NULL:&gd->ctx),
417  gd->name,
418  flags,
419  0,
420  SECURITY_NATIVE_DREP,
421  ((i==0)?NULL:&in_desc),
422  0,
423  &gd->ctx,
424  &out_desc,
425  &ret_flags,
426  &gd->expiry);
427 #endif
428  if (recv_tokenp != SSPI_C_NO_BUFFER) {
429 #if 0
430  gss_release_buffer(&min_stat, &gr.gr_token);
431 #else
432  sspi_release_buffer(&gr.gr_token);
433 #endif
434  recv_tokenp = SSPI_C_NO_BUFFER;
435  }
436  if (maj_stat != SEC_E_OK && maj_stat != SEC_I_CONTINUE_NEEDED) {
437  log_debug("InitializeSecurityContext failed with %x", maj_stat);
438  break;
439  }
440  send_token.length = wtkn[0].cbBuffer;
441  send_token.value = wtkn[0].pvBuffer;
442  if (send_token.length != 0) {
443  memset(&gr, 0, sizeof(gr));
444 
445  /* print the token we are about to send */
446  log_debug("The token being sent (length %d):",
447  send_token.length);
448  log_hexdump(0, "", send_token.value, send_token.length, 0);
449 
450  call_stat = clnt_call(gd->clnt, NULLPROC,
451  (xdrproc_t)xdr_rpc_sspi_init_args,
452  &send_token,
453  (xdrproc_t)xdr_rpc_sspi_init_res,
454  (caddr_t)&gr, AUTH_TIMEOUT);
455 #if 0
456  gss_release_buffer(&min_stat, &send_token);
457 #else
458  // 11/29/2010 [aglo] can't call sspi_relase_buffer, causes heap
459  // corruption (later) to try and free the buffer directly.
460  FreeContextBuffer(send_token.value);
461 #endif
462  if (call_stat != RPC_SUCCESS ||
463  (gr.gr_major != SEC_E_OK &&
464  gr.gr_major != SEC_I_CONTINUE_NEEDED))
465  break;
466 
467  if (gr.gr_ctx.length != 0) {
468 #if 0
469  if (gd->gc.gc_ctx.value)
470  gss_release_buffer(&min_stat,
471  &gd->gc.gc_ctx);
472 #else
473  sspi_release_buffer(&gd->gc.gc_ctx);
474 #endif
475  gd->gc.gc_ctx = gr.gr_ctx;
476  }
477  if (gr.gr_token.length != 0) {
478  if (maj_stat != SEC_I_CONTINUE_NEEDED)
479  break;
480  recv_tokenp = &gr.gr_token;
481  in_desc.cBuffers = 1;
482  in_desc.pBuffers = rtkn;
483  in_desc.ulVersion = SECBUFFER_VERSION;
484  rtkn[0].BufferType = SECBUFFER_TOKEN;
485  rtkn[0].cbBuffer = gr.gr_token.length;
486  rtkn[0].pvBuffer = gr.gr_token.value;
487  }
488  gd->gc.gc_proc = RPCSEC_SSPI_CONTINUE_INIT;
489  }
490 
491  /* GSS_S_COMPLETE => check gss header verifier,
492  * usually checked in gss_validate
493  */
494  if (maj_stat == SEC_E_OK) {
495  sspi_buffer_desc bufin;
496  u_int seq, qop_state = 0;
497 
498  print_negotiated_attrs(&gd->ctx);
499 
500  seq = htonl(gr.gr_win);
501  bufin.value = (unsigned char *)&seq;
502  bufin.length = sizeof(seq);
503 #if 0
504  maj_stat = gss_verify_mic(&min_stat, gd->ctx,
505  &bufin, &bufout, &qop_state);
506 #else
507  maj_stat = sspi_verify_mic(&gd->ctx, 0, &bufin, &gd->gc_wire_verf, &qop_state);
508 #endif
509  if (maj_stat != SEC_E_OK) {
510  log_debug("authgss_refresh: sspi_verify_mic failed with %x", maj_stat);
511  if (maj_stat == SEC_E_NO_AUTHENTICATING_AUTHORITY) {
512  gd->established = FALSE;
513  authsspi_destroy_context(auth);
514  }
515  break;
516  }
517  gd->established = TRUE;
518  gd->inprogress = FALSE;
519  gd->gc.gc_proc = RPCSEC_SSPI_DATA;
520  gd->gc.gc_seq = 0;
521  gd->win = gr.gr_win;
522  log_debug("authgss_refresh: established GSS context");
523  break;
524  }
525  }
526  /* End context negotiation loop. */
527  if (gd->gc.gc_proc != RPCSEC_SSPI_DATA) {
528  if (gr.gr_token.length != 0)
529 #if 0
530  gss_release_buffer(&min_stat, &gr.gr_token);
531 #else
532  sspi_release_buffer(&gr.gr_token);
533 #endif
534  authsspi_destroy(auth);
535  auth = NULL;
536  rpc_createerr.cf_stat = RPC_AUTHERROR;
537 
538  return (FALSE);
539  }
540  return (TRUE);
541 }
542 
543 bool_t
544 authsspi_service(AUTH *auth, int svc)
545 {
546  struct rpc_sspi_data *gd;
547 
548  log_debug("in authgss_service()");
549 
550  if (!auth)
551  return(FALSE);
552  gd = AUTH_PRIVATE(auth);
553  if (!gd || !gd->established)
554  return (FALSE);
555  gd->sec->svc = svc;
556  gd->gc.gc_svc = svc;
557  return (TRUE);
558 }
559 
560 static void
561 authsspi_destroy_context(AUTH *auth)
562 {
563  struct rpc_sspi_data *gd;
564 
565  log_debug("in authgss_destroy_context()");
566 
567  gd = AUTH_PRIVATE(auth);
568  if (gd == NULL) return;
569 
570  if (SecIsValidHandle(&gd->ctx)) {
571  if (gd->established) {
572  gd->gc.gc_proc = RPCSEC_SSPI_DESTROY;
573  clnt_call(gd->clnt, NULLPROC, (xdrproc_t)xdr_void, NULL,
574  (xdrproc_t)xdr_void, NULL, AUTH_TIMEOUT);
575  DeleteSecurityContext(&gd->ctx);
576  }
577  sspi_release_buffer(&gd->gc.gc_ctx);
578  SecInvalidateHandle(&gd->ctx);
579 #if 0
580  gss_release_buffer(&min_stat, &gd->gc.gc_ctx);
581  /* XXX ANDROS check size of context - should be 8 */
582  memset(&gd->gc.gc_ctx, 0, sizeof(gd->gc.gc_ctx));
583  gss_delete_sec_context(&min_stat, &gd->ctx, NULL);
584 #endif
585  }
586 
587  /* free saved wire verifier (if any) */
588  mem_free(gd->gc_wire_verf.value, gd->gc_wire_verf.length);
589  gd->gc_wire_verf.value = NULL;
590  gd->gc_wire_verf.length = 0;
591 
592  gd->established = FALSE;
593 }
594 
595 static void
596 authsspi_destroy(AUTH *auth)
597 {
598  struct rpc_sspi_data *gd;
599 
600  log_debug("in authgss_destroy()");
601 
602  gd = AUTH_PRIVATE(auth);
603  if (gd == NULL) return;
604 
605  authsspi_destroy_context(auth);
606 
607 #if 0
608  if (gd->name != SSPI_C_NO_NAME)
609  gss_release_name(&min_stat, &gd->name);
610 #else
611  free(gd->name);
612 #endif
613  FreeCredentialsHandle(&gd->sec->cred);
614  free(gd->sec);
615  free(gd);
616  free(auth);
617 }
618 
619 bool_t
620 authsspi_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
621 {
622  struct rpc_sspi_data *gd;
623 
624  log_debug("in authgss_wrap()");
625 
626  gd = AUTH_PRIVATE(auth);
627 
628  if (!gd->established || gd->sec->svc == RPCSEC_SSPI_SVC_NONE) {
629  return ((*xdr_func)(xdrs, xdr_ptr));
630  }
631  return (xdr_rpc_sspi_data(xdrs, xdr_func, xdr_ptr,
632  &gd->ctx, gd->sec->qop,
633  gd->sec->svc, gd->gc.gc_seq));
634 }
635 
636 bool_t
637 authsspi_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, u_int seq)
638 {
639  struct rpc_sspi_data *gd;
640 
641  log_debug("in authgss_unwrap()");
642 
643  gd = AUTH_PRIVATE(auth);
644 
645  if (!gd->established || gd->sec->svc == RPCSEC_SSPI_SVC_NONE) {
646  return ((*xdr_func)(xdrs, xdr_ptr));
647  }
648  return (xdr_rpc_sspi_data(xdrs, xdr_func, xdr_ptr,
649  &gd->ctx, gd->sec->qop,
650  gd->sec->svc, seq));
651 }
652 
653 #ifdef __REACTOS__
654 uint32_t sspi_get_mic(void *dummy, u_int qop, u_int seq,
655  sspi_buffer_desc *bufin, sspi_buffer_desc *bufout)
656 {
657  PCtxtHandle ctx = dummy;
658 #else
659 uint32_t sspi_get_mic(PCtxtHandle ctx, u_int qop, u_int seq,
660  sspi_buffer_desc *bufin, sspi_buffer_desc *bufout)
661 {
662 #endif
663  uint32_t maj_stat;
664  SecPkgContext_Sizes ContextSizes;
665  SecBufferDesc desc;
666  SecBuffer sec_tkn[2];
667 
668  log_hexdump(0, "sspi_get_mic: calculating checksum of", bufin->value, bufin->length, 0);
669 
670  memset(&ContextSizes, 0, sizeof(ContextSizes));
671  maj_stat = QueryContextAttributesA(ctx, SECPKG_ATTR_SIZES, &ContextSizes);
672  if (maj_stat != SEC_E_OK) return maj_stat;
673 
674  if (ContextSizes.cbMaxSignature == 0) return SEC_E_INTERNAL_ERROR;
675 
676  desc.cBuffers = 2;
677  desc.pBuffers = sec_tkn;
678  desc.ulVersion = SECBUFFER_VERSION;
679  sec_tkn[0].BufferType = SECBUFFER_DATA;
680  sec_tkn[0].cbBuffer = bufin->length;
681  sec_tkn[0].pvBuffer = bufin->value;
682  sec_tkn[1].BufferType = SECBUFFER_TOKEN;
683  sec_tkn[1].cbBuffer = ContextSizes.cbMaxSignature;
684  sec_tkn[1].pvBuffer = calloc(ContextSizes.cbMaxSignature, sizeof(char));
685  if (sec_tkn[1].pvBuffer == NULL) return SEC_E_INSUFFICIENT_MEMORY;
686 
687  maj_stat = MakeSignature(ctx, 0, &desc, seq);
688  if (maj_stat == SEC_E_OK) {
689  bufout->length = sec_tkn[1].cbBuffer;
690  bufout->value = sec_tkn[1].pvBuffer;
691  log_hexdump(0, "sspi_get_mic: verifier is", bufout->value, bufout->length, 0);
692  } else
693  free(sec_tkn[1].pvBuffer);
694 
695  return maj_stat;
696 }
697 
698 #ifndef __REACTOS__
699 uint32_t sspi_verify_mic(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin,
700  sspi_buffer_desc *bufout, u_int *qop_state)
701 {
702 #else
703 uint32_t sspi_verify_mic(void *dummy, u_int seq, sspi_buffer_desc *bufin,
704  sspi_buffer_desc *bufout, u_int *qop_state)
705 {
706  PCtxtHandle ctx = dummy;
707 #endif
708  SecBufferDesc desc;
709  SecBuffer sec_tkn[2];
710 
711  desc.cBuffers = 2;
712  desc.pBuffers = sec_tkn;
713  desc.ulVersion = SECBUFFER_VERSION;
714  sec_tkn[0].BufferType = SECBUFFER_DATA;
715  sec_tkn[0].cbBuffer = bufin->length;
716  sec_tkn[0].pvBuffer = bufin->value;
717  sec_tkn[1].BufferType = SECBUFFER_TOKEN;
718  sec_tkn[1].cbBuffer = bufout->length;
719  sec_tkn[1].pvBuffer = bufout->value;
720 
721  log_hexdump(0, "sspi_verify_mic: calculating checksum over", bufin->value, bufin->length, 0);
722  log_hexdump(0, "sspi_verify_mic: received checksum ", bufout->value, bufout->length, 0);
723 
724  return VerifySignature(ctx, &desc, seq, qop_state);
725 }
726 
727 void sspi_release_buffer(sspi_buffer_desc *buf)
728 {
729  if (buf->value)
730  free(buf->value);
731  buf->value = NULL;
732  buf->length = 0;
733 }
734 
735 uint32_t sspi_import_name(sspi_buffer_desc *name_in, sspi_name_t *name_out)
736 {
737  *name_out = calloc(name_in->length + 5, sizeof(char));
738  if (*name_out == NULL)
739  return SEC_E_INSUFFICIENT_MEMORY;
740 
741  strcpy(*name_out, "nfs/");
742  strncat(*name_out, name_in->value, name_in->length);
743 
744  log_debug("imported service name is: %s\n", *name_out);
745 
746  return SEC_E_OK;
747 }
748 
749 #ifndef __REACTOS__
750 uint32_t sspi_wrap(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin,
751  sspi_buffer_desc *bufout, u_int *conf_state)
752 {
753 #else
754 uint32_t sspi_wrap(void *dummy, u_int seq, sspi_buffer_desc *bufin,
755  sspi_buffer_desc *bufout, u_int *conf_state)
756 {
757  PCtxtHandle ctx = dummy;
758 #endif
759  uint32_t maj_stat;
760  SecBufferDesc BuffDesc;
761  SecBuffer SecBuff[3];
762  ULONG ulQop = 0;
763  SecPkgContext_Sizes ContextSizes;
764  PBYTE p;
765 
766  maj_stat = QueryContextAttributes(ctx, SECPKG_ATTR_SIZES,
767  &ContextSizes);
768  if (maj_stat != SEC_E_OK)
769  goto out;
770 
771  BuffDesc.ulVersion = 0;
772  BuffDesc.cBuffers = 3;
773  BuffDesc.pBuffers = SecBuff;
774 
775  SecBuff[0].cbBuffer = ContextSizes.cbSecurityTrailer;
776  SecBuff[0].BufferType = SECBUFFER_TOKEN;
777  SecBuff[0].pvBuffer = malloc(ContextSizes.cbSecurityTrailer);
778 
779  SecBuff[1].cbBuffer = bufin->length;
780  SecBuff[1].BufferType = SECBUFFER_DATA;
781  SecBuff[1].pvBuffer = bufin->value;
782  log_hexdump(0, "plaintext:", bufin->value, bufin->length, 0);
783 
784  SecBuff[2].cbBuffer = ContextSizes.cbBlockSize;
785  SecBuff[2].BufferType = SECBUFFER_PADDING;
786  SecBuff[2].pvBuffer = malloc(ContextSizes.cbBlockSize);
787 
788  maj_stat = EncryptMessage(ctx, ulQop, &BuffDesc, seq);
789  if (maj_stat != SEC_E_OK)
790  goto out_free;
791 
792  bufout->length = SecBuff[0].cbBuffer + SecBuff[1].cbBuffer + SecBuff[2].cbBuffer;
793  p = bufout->value = malloc(bufout->length);
794  memcpy(p, SecBuff[0].pvBuffer, SecBuff[0].cbBuffer);
795  p += SecBuff[0].cbBuffer;
796  memcpy(p, SecBuff[1].pvBuffer, SecBuff[1].cbBuffer);
797  p += SecBuff[1].cbBuffer;
798  memcpy(p, SecBuff[2].pvBuffer, SecBuff[2].cbBuffer);
799 out_free:
800  free(SecBuff[0].pvBuffer);
801  free(SecBuff[2].pvBuffer);
802 
803  if (!maj_stat)
804  log_hexdump(0, "cipher:", bufout->value, bufout->length, 0);
805 out:
806  return maj_stat;
807 }
808 
809 #ifndef __REACTOS__
810 uint32_t sspi_unwrap(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin,
811  sspi_buffer_desc *bufout, u_int *conf_state,
812  u_int *qop_state)
813 {
814 #else
815 uint32_t sspi_unwrap(void *dummy, u_int seq, sspi_buffer_desc *bufin,
816  sspi_buffer_desc *bufout, u_int *conf_state,
817  u_int *qop_state)
818 {
819  PCtxtHandle ctx = dummy;
820 #endif
821  uint32_t maj_stat;
822  SecBufferDesc BuffDesc;
823  SecBuffer SecBuff[2];
824  ULONG ulQop = 0;
825 
826  BuffDesc.ulVersion = 0;
827  BuffDesc.cBuffers = 2;
828  BuffDesc.pBuffers = SecBuff;
829 
830  SecBuff[0].cbBuffer = bufin->length;
831  SecBuff[0].BufferType = SECBUFFER_STREAM;
832  SecBuff[0].pvBuffer = bufin->value;
833 
834  SecBuff[1].cbBuffer = 0;
835  SecBuff[1].BufferType = SECBUFFER_DATA;
836  SecBuff[1].pvBuffer = NULL;
837 
838  log_hexdump(0, "cipher:", bufin->value, bufin->length, 0);
839 
840  maj_stat = DecryptMessage(ctx, &BuffDesc, seq, &ulQop);
841  if (maj_stat != SEC_E_OK) return maj_stat;
842 
843  bufout->length = SecBuff[1].cbBuffer;
844  bufout->value = malloc(bufout->length);
845  memcpy(bufout->value, SecBuff[1].pvBuffer, bufout->length);
846 
847  log_hexdump(0, "data:", bufout->value, bufout->length, 0);
848 
849  *conf_state = 1;
850  *qop_state = 0;
851 
852  return SEC_E_OK;
853 }
854 
855 /* useful as i add more mechanisms */
856 #define DEBUG
857 #ifdef DEBUG
858 #define fd_out stdout
859 void print_rpc_gss_sec(struct rpc_sspi_sec *ptr)
860 {
861  int i;
862  char *p;
863 
864  fprintf(fd_out, "rpc_gss_sec:");
865  if(ptr->mech == NULL)
866  fprintf(fd_out, "NULL gss_OID mech");
867  else {
868  fprintf(fd_out, " mechanism_OID: {");
869  p = (char *)ptr->mech->elements;
870  for (i=0; i < ptr->mech->length; i++)
871  /* First byte of OIDs encoded to save a byte */
872  if (i == 0) {
873  int first, second;
874  if (*p < 40) {
875  first = 0;
876  second = *p;
877  }
878  else if (40 <= *p && *p < 80) {
879  first = 1;
880  second = *p - 40;
881  }
882  else if (80 <= *p && *p < 127) {
883  first = 2;
884  second = *p - 80;
885  }
886  else {
887  /* Invalid value! */
888  first = -1;
889  second = -1;
890  }
891  fprintf(fd_out, " %u %u", first, second);
892  p++;
893  }
894  else {
895  fprintf(fd_out, " %u", (unsigned char)*p++);
896  }
897  fprintf(fd_out, " }\n");
898  }
899  fprintf(fd_out, " qop: %d\n", ptr->qop);
900  fprintf(fd_out, " service: %d\n", ptr->svc);
901  fprintf(fd_out, " cred: %p\n", ptr->cred);
902 }
903 
904 void print_negotiated_attrs(PCtxtHandle ctx)
905 {
906  SecPkgContext_Sizes ContextSizes;
907  unsigned long flags;
908  uint32_t maj_stat;
909 
910  maj_stat = QueryContextAttributesA(ctx, SECPKG_ATTR_FLAGS, &flags);
911  if (maj_stat != SEC_E_OK) return;
912 
913  log_debug("negotiated flags %x\n", flags);
914  if (flags & ISC_REQ_DELEGATE) log_debug("ISC_REQ_DELEGATE");
915  if (flags & ISC_REQ_MUTUAL_AUTH) log_debug("ISC_REQ_MUTUAL_AUTH");
916  if (flags & ISC_REQ_REPLAY_DETECT) log_debug("ISC_REQ_REPLAY_DETECT");
917  if (flags & ISC_REQ_SEQUENCE_DETECT) log_debug("ISC_REQ_SEQUENCE_DETECT");
918  if (flags & ISC_REQ_CONFIDENTIALITY) log_debug("ISC_REQ_CONFIDENTIALITY");
919  if (flags & ISC_REQ_USE_SESSION_KEY) log_debug("ISC_REQ_USE_SESSION_KEY");
920  if (flags & ISC_REQ_PROMPT_FOR_CREDS) log_debug("ISC_REQ_PROMPT_FOR_CREDS");
921  if (flags & ISC_REQ_USE_SUPPLIED_CREDS) log_debug("ISC_REQ_USE_SUPPLIED_CREDS");
922  if (flags & ISC_REQ_ALLOCATE_MEMORY) log_debug("ISC_REQ_ALLOCATE_MEMORY");
923  if (flags & ISC_REQ_USE_DCE_STYLE) log_debug("ISC_REQ_USE_DCE_STYLE");
924  if (flags & ISC_REQ_DATAGRAM) log_debug("ISC_REQ_DATAGRAM");
925  if (flags & ISC_REQ_CONNECTION) log_debug("ISC_REQ_CONNECTION");
926  if (flags & ISC_REQ_CALL_LEVEL) log_debug("ISC_REQ_CALL_LEVEL");
927  if (flags & ISC_REQ_FRAGMENT_SUPPLIED) log_debug("ISC_REQ_FRAGMENT_SUPPLIED");
928  if (flags & ISC_REQ_EXTENDED_ERROR) log_debug("ISC_REQ_EXTENDED_ERROR");
929  if (flags & ISC_REQ_STREAM) log_debug("ISC_REQ_STREAM");
930  if (flags & ISC_REQ_INTEGRITY) log_debug("ISC_REQ_INTEGRITY");
931  if (flags & ISC_REQ_IDENTIFY) log_debug("ISC_REQ_IDENTIFY");
932  if (flags & ISC_REQ_NULL_SESSION) log_debug("ISC_REQ_NULL_SESSION");
933  if (flags & ISC_REQ_MANUAL_CRED_VALIDATION) log_debug("ISC_REQ_MANUAL_CRED_VALIDATION");
934 
935  maj_stat = QueryContextAttributesA(ctx, SECPKG_ATTR_SIZES, &ContextSizes);
936  if (maj_stat != SEC_E_OK) return;
937 
938  log_debug("signature size is %d\n", ContextSizes.cbMaxSignature);
939 
940 }
941 
942 void log_hexdump(bool_t on, const u_char *title, const u_char *buf,
943  int len, int offset)
944 {
945  int i, j, jm, c;
946 
947  if (!on) return;
948 
949  fprintf(fd_out, "%04x: %s (len=%d)\n", GetCurrentThreadId(), title, len);
950  for (i = 0; i < len; i += 0x10) {
951  fprintf(fd_out, " %04x: ", (u_int)(i + offset));
952  jm = len - i;
953  jm = jm > 16 ? 16 : jm;
954 
955  for (j = 0; j < jm; j++) {
956  if ((j % 2) == 1)
957  fprintf(fd_out, "%02x ", (u_int) buf[i+j]);
958  else
959  fprintf(fd_out, "%02x", (u_int) buf[i+j]);
960  }
961  for (; j < 16; j++) {
962  if ((j % 2) == 1) fprintf(fd_out, " ");
963  else fprintf(fd_out, " ");
964  }
965  fprintf(fd_out, " ");
966 
967  for (j = 0; j < jm; j++) {
968  c = buf[i+j];
969  c = isprint(c) ? c : '.';
970  fprintf(fd_out, "%c", c);
971  }
972  fprintf(fd_out, "\n");
973  }
974  fflush(fd_out);
975 }
976 
977 void log_debug(const char *fmt, ...)
978 {
979  va_list ap;
980 
981  va_start(ap, fmt);
982  fprintf(fd_out, "%04x: rpcsec_gss: ", GetCurrentThreadId());
983  vfprintf(fd_out, fmt, ap);
984  fprintf(fd_out, "\n");
985  fflush(fd_out);
986  va_end(ap);
987 }
988 #else
989 void print_rpc_gss_sec(struct rpc_sspi_sec *ptr) { return; }
990 void print_negotiated_flags(unsigned long flags) {return; }
991 void log_hexdump(bool_t on, const u_char *title, const u_char *buf,
992  int len, int offset) { return; }
993 void log_debug(const char *fmt, ...) { return; }
994 #endif
ISC_REQ_SEQUENCE_DETECT
#define ISC_REQ_SEQUENCE_DETECT
Definition: sspi.h:351
SEC_E_INTERNAL_ERROR
#define SEC_E_INTERNAL_ERROR
Definition: winerror.h:2913
SSPI_C_NO_BUFFER
#define SSPI_C_NO_BUFFER
Definition: auth_sspi.h:60
xdr_rpc_sspi_data
bool_t xdr_rpc_sspi_data(XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, PCtxtHandle ctx, sspi_qop_t qop, rpc_sspi_svc_t svc, u_int seq)
Definition: authsspi_prot.c:288
RPC_SYSTEMERROR
Definition: clnt_stat.h:43
xdr_rpc_sspi_cred
bool_t xdr_rpc_sspi_cred(XDR *xdrs, struct rpc_sspi_cred *p)
Definition: authsspi_prot.c:34
AUTH_PRIVATE
#define AUTH_PRIVATE(auth)
Definition: auth_sspi.c:67
MAX_AUTH_BYTES
#define MAX_AUTH_BYTES
Definition: auth.h:77
TRUE
#define TRUE
Definition: types.h:120
XDR_GETPOS
#define XDR_GETPOS(xdrs)
Definition: xdr.h:199
authsspi_ops
static struct auth_ops authsspi_ops
Definition: auth_sspi.c:43
RPCSEC_SSPI_DESTROY
Definition: auth_sspi.h:34
opaque_auth::oa_length
u_int oa_length
Definition: auth.h:198
_SecHandle
Definition: sspi.h:51
rpc_sspi_sec::svc
rpc_sspi_svc_t svc
Definition: auth_sspi.h:67
strncat
char * strncat(char *DstString, const char *SrcString, ACPI_SIZE Count)
Definition: utclib.c:605
ISC_REQ_PROMPT_FOR_CREDS
#define ISC_REQ_PROMPT_FOR_CREDS
Definition: sspi.h:354
rpc_sspi_sec::cred
CredHandle cred
Definition: auth_sspi.h:68
ISC_REQ_EXTENDED_ERROR
#define ISC_REQ_EXTENDED_ERROR
Definition: sspi.h:362
htonl
#define htonl(x)
Definition: module.h:212
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
buf
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
FreeContextBuffer
SECURITY_STATUS WINAPI FreeContextBuffer(PVOID pv)
Definition: sspi.c:699
bool_t
int32_t bool_t
Definition: types.h:101
SECBUFFER_STREAM
#define SECBUFFER_STREAM
Definition: sspi.h:155
_SecBufferDesc::ulVersion
ULONG ulVersion
Definition: sspi.h:167
ISC_REQ_STREAM
#define ISC_REQ_STREAM
Definition: sspi.h:363
SecIsValidHandle
#define SecIsValidHandle(x)
Definition: sspi.h:63
free
#define free
Definition: debug_ros.c:5
opaque_auth::oa_base
caddr_t oa_base
Definition: auth.h:197
first
const GLint * first
Definition: glext.h:5794
offset
GLintptr offset
Definition: glext.h:5920
sspi_verify_mic
uint32_t sspi_verify_mic(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *qop_state)
Definition: auth_sspi.c:699
_SecBufferDesc
Definition: sspi.h:166
_SECURITY_INTEGER
Definition: sspi.h:73
__auth
Definition: auth.h:205
print_negotiated_attrs
void print_negotiated_attrs(PCtxtHandle ctx)
Definition: auth_sspi.c:904
SECBUFFER_DATA
#define SECBUFFER_DATA
Definition: sspi.h:146
rpc_sspi_data::clnt
CLIENT * clnt
Definition: auth_sspi.c:58
SSPI_C_NO_NAME
#define SSPI_C_NO_NAME
Definition: auth_sspi.h:59
FreeCredentialsHandle
SECURITY_STATUS WINAPI FreeCredentialsHandle(PCredHandle phCredential)
Definition: wrapper.c:151
define::value
char * value
Definition: wpp.c:37
ISC_REQ_DELEGATE
#define ISC_REQ_DELEGATE
Definition: sspi.h:348
rpc_sspi_data
Definition: auth_sspi.c:53
log_hexdump
void log_hexdump(bool_t on, const u_char *title, const u_char *buf, int len, int offset)
Definition: auth_sspi.c:942
_SecPkgContext_Sizes::cbBlockSize
ULONG cbBlockSize
Definition: sspi.h:549
caddr_t
char * caddr_t
Definition: rosdhcp.h:36
__rpc_xdr
Definition: xdr.h:103
ENOMEM
Definition: arc.h:48
_sspi_buffer_desc::value
void * value
Definition: auth_sspi.h:56
sec_pkg_name
static char sec_pkg_name[]
Definition: ntlm.c:180
authsspi_unwrap
static bool_t authsspi_unwrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr, u_int seq)
Definition: auth_sspi.c:637
authsspi_create
AUTH * authsspi_create(CLIENT *clnt, sspi_name_t name, struct rpc_sspi_sec *sec)
Definition: auth_sspi.c:74
rpc_sspi_data::gc
struct rpc_sspi_cred gc
Definition: auth_sspi.c:62
_SecPkgContext_Sizes::cbMaxSignature
ULONG cbMaxSignature
Definition: sspi.h:548
ISC_REQ_MANUAL_CRED_VALIDATION
#define ISC_REQ_MANUAL_CRED_VALIDATION
Definition: sspi.h:367
SecInvalidateHandle
#define SecInvalidateHandle(x)
Definition: sspi.h:58
xdr_rpc_sspi_init_res
bool_t xdr_rpc_sspi_init_res(XDR *xdrs, struct rpc_sspi_init_res *p)
Definition: authsspi_prot.c:72
SECURITY_NATIVE_DREP
#define SECURITY_NATIVE_DREP
Definition: sspi.h:459
ISC_REQ_USE_SUPPLIED_CREDS
#define ISC_REQ_USE_SUPPLIED_CREDS
Definition: sspi.h:355
xdrproc_t
bool_t(* xdrproc_t)(XDR *,...)
Definition: xdr.h:144
authsspi_service
bool_t authsspi_service(AUTH *auth, int svc)
Definition: auth_sspi.c:544
RPCSEC_SSPI_SVC_NONE
Definition: auth_sspi.h:39
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
sspi_unwrap
uint32_t sspi_unwrap(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state, u_int *qop_state)
Definition: auth_sspi.c:810
SECPKG_ATTR_SIZES
#define SECPKG_ATTR_SIZES
Definition: sspi.h:507
mem_alloc
#define mem_alloc(bsize)
Definition: types.h:123
print_rpc_gss_sec
void print_rpc_gss_sec(struct rpc_sspi_sec *ptr)
Definition: auth_sspi.c:859
_null_auth
struct opaque_auth _null_auth
Definition: rpc_commondata.c:37
va_end
#define va_end(ap)
Definition: acmsvcex.h:90
authsspi_validate
static bool_t authsspi_validate(AUTH *auth, struct opaque_auth *verf, u_int seq)
Definition: auth_sspi.c:275
SEC_E_INSUFFICIENT_MEMORY
#define SEC_E_INSUFFICIENT_MEMORY
Definition: winerror.h:2909
fprintf
_Check_return_opt_ _CRTIMP int __cdecl fprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format,...)
SECBUFFER_PADDING
#define SECBUFFER_PADDING
Definition: sspi.h:154
strdup
_Check_return_ _CRTIMP char *__cdecl strdup(_In_opt_z_ const char *_Src)
ptr
static PVOID ptr
Definition: dispmode.c:27
sspi_get_mic
uint32_t sspi_get_mic(PCtxtHandle ctx, u_int qop, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout)
Definition: auth_sspi.c:659
authsspi_wrap
static bool_t authsspi_wrap(AUTH *auth, XDR *xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr)
Definition: auth_sspi.c:620
desc
const struct builtin_class_descr * desc
Definition: regcontrol.c:48
VerifySignature
SECURITY_STATUS WINAPI VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
Definition: wrapper.c:653
_SecPkgContext_Sizes
Definition: sspi.h:545
NULL
smooth NULL
Definition: ftsmooth.c:416
auth_sspi.h
rpc_sspi_sec
Definition: auth_sspi.h:64
authsspi_create_default
AUTH * authsspi_create_default(CLIENT *clnt, char *service, int svc)
Definition: auth_sspi.c:133
rpc_sspi_data::name
sspi_name_t name
Definition: auth_sspi.c:59
va_list
char * va_list
Definition: acmsvcex.h:78
SEC_I_CONTINUE_NEEDED
#define SEC_I_CONTINUE_NEEDED
Definition: winerror.h:2927
__auth::ah_private
void * ah_private
Definition: auth.h:225
authsspi_nextverf
static void authsspi_nextverf(AUTH *auth)
Definition: auth_sspi.c:196
__rpc_client::cl_auth
AUTH * cl_auth
Definition: clnt.h:122
GetCurrentThreadId
DWORD WINAPI GetCurrentThreadId(VOID)
Definition: thread.c:458
ISC_REQ_INTEGRITY
#define ISC_REQ_INTEGRITY
Definition: sspi.h:364
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
authsspi_destroy
static void authsspi_destroy(AUTH *auth)
Definition: auth_sspi.c:596
NULLPROC
#define NULLPROC
Definition: clnt.h:294
ISC_REQ_NULL_SESSION
#define ISC_REQ_NULL_SESSION
Definition: sspi.h:366
log_debug
void log_debug(const char *fmt,...)
Definition: auth_sspi.c:977
authsspi_marshal
static bool_t authsspi_marshal(AUTH *auth, XDR *xdrs, u_int *seq)
Definition: auth_sspi.c:203
RPCSEC_SSPI_CONTINUE_INIT
Definition: auth_sspi.h:33
RPC_AUTHERROR
Definition: clnt_stat.h:38
rpc_sspi_data::inprogress
bool_t inprogress
Definition: auth_sspi.c:55
sspi_name_t
#define sspi_name_t
Definition: auth_sspi.h:46
ISC_REQ_FRAGMENT_SUPPLIED
#define ISC_REQ_FRAGMENT_SUPPLIED
Definition: sspi.h:361
__auth::ah_verf
struct opaque_auth ah_verf
Definition: auth.h:207
AcquireCredentialsHandleA
SECURITY_STATUS WINAPI AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialsUse, PLUID pvLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn, PVOID pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
Definition: wrapper.c:59
sspi_import_name
uint32_t sspi_import_name(sspi_buffer_desc *name_in, sspi_name_t *name_out)
Definition: auth_sspi.c:735
rpc_createerr::cf_stat
enum clnt_stat cf_stat
Definition: clnt.h:496
c
const GLubyte * c
Definition: glext.h:8905
RPCSEC_SSPI_DATA
Definition: auth_sspi.h:31
InitializeSecurityContextA
SECURITY_STATUS WINAPI InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
Definition: wrapper.c:237
out
static FILE * out
Definition: regtests2xml.c:44
for
#define for
Definition: utility.h:88
num
GLuint GLuint num
Definition: glext.h:9618
rpc_sspi_data::ctx
CtxtHandle ctx
Definition: auth_sspi.c:61
__rpc_client
Definition: clnt.h:121
ISC_REQ_USE_SESSION_KEY
#define ISC_REQ_USE_SESSION_KEY
Definition: sspi.h:353
flags
GLbitfield flags
Definition: glext.h:7161
sspi_wrap
uint32_t sspi_wrap(PCtxtHandle ctx, u_int seq, sspi_buffer_desc *bufin, sspi_buffer_desc *bufout, u_int *conf_state)
Definition: auth_sspi.c:750
AUTH_TIMEOUT
static struct timeval AUTH_TIMEOUT
Definition: auth_sspi.c:69
ISC_REQ_ALLOCATE_MEMORY
#define ISC_REQ_ALLOCATE_MEMORY
Definition: sspi.h:356
_SecBuffer
Definition: sspi.h:138
_SecPkgContext_Sizes::cbSecurityTrailer
ULONG cbSecurityTrailer
Definition: sspi.h:550
QueryContextAttributesA
SECURITY_STATUS WINAPI QueryContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
Definition: wrapper.c:505
XDR_ENCODE
Definition: xdr.h:85
SECBUFFER_TOKEN
#define SECBUFFER_TOKEN
Definition: sspi.h:147
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
len
GLenum GLsizei len
Definition: glext.h:6722
ISC_REQ_DATAGRAM
#define ISC_REQ_DATAGRAM
Definition: sspi.h:358
_SecBuffer::BufferType
ULONG BufferType
Definition: sspi.h:140
authsspi_refresh
static bool_t authsspi_refresh(AUTH *auth, void *)
Definition: auth_sspi.c:343
ISC_REQ_USE_DCE_STYLE
#define ISC_REQ_USE_DCE_STYLE
Definition: sspi.h:357
opaque_auth
Definition: auth.h:195
checksum
static cab_ULONG checksum(const cab_UBYTE *data, cab_UWORD bytes, cab_ULONG csum)
Definition: fdi.c:353
ISC_REQ_IDENTIFY
#define ISC_REQ_IDENTIFY
Definition: sspi.h:365
RPCSEC_SSPI_VERSION
#define RPCSEC_SSPI_VERSION
Definition: auth_sspi.h:44
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
xdr_void
bool_t xdr_void(void)
Definition: xdr.c:92
QueryContextAttributes
#define QueryContextAttributes
Definition: sspi.h:498
ISC_REQ_CONNECTION
#define ISC_REQ_CONNECTION
Definition: sspi.h:359
RPC_SUCCESS
Definition: clnt_stat.h:22
authsspi_destroy_context
static void authsspi_destroy_context(AUTH *auth)
Definition: auth_sspi.c:561
rpc_sspi_init_res::gr_win
u_int gr_win
Definition: auth_sspi.h:87
rpc_sspi_data::established
bool_t established
Definition: auth_sspi.c:54
_sspi_buffer_desc::length
int length
Definition: auth_sspi.h:55
sspi_release_buffer
void sspi_release_buffer(sspi_buffer_desc *buf)
Definition: auth_sspi.c:727
SECPKG_CRED_BOTH
#define SECPKG_CRED_BOTH
Definition: sspi.h:278
caddr_t
#define caddr_t
Definition: ftp.c:24
SEC_E_NO_AUTHENTICATING_AUTHORITY
#define SEC_E_NO_AUTHENTICATING_AUTHORITY
Definition: winerror.h:2926
SECBUFFER_VERSION
#define SECBUFFER_VERSION
Definition: sspi.h:173
fflush
_Check_return_opt_ _CRTIMP int __cdecl fflush(_Inout_opt_ FILE *_File)
_SecBuffer::cbBuffer
ULONG cbBuffer
Definition: sspi.h:139
u_int
UINT32 u_int
Definition: types.h:82
xdr_rpc_sspi_init_args
bool_t xdr_rpc_sspi_init_args(XDR *xdrs, sspi_buffer_desc *p)
Definition: authsspi_prot.c:56
dummy
unsigned char dummy
Definition: maze.c:118
SECPKG_ATTR_FLAGS
#define SECPKG_ATTR_FLAGS
Definition: sspi.h:521
rpc_sspi_data::sec
struct rpc_sspi_sec * sec
Definition: auth_sspi.c:60
clnt_call
#define clnt_call(rh, proc, xargs, argsp, xres, resp, secs)
Definition: clnt.h:202
__auth::ah_ops
struct __auth::auth_ops * ah_ops
va_start
#define va_start(ap, A)
Definition: acmsvcex.h:91
ISC_REQ_CALL_LEVEL
#define ISC_REQ_CALL_LEVEL
Definition: sspi.h:360
xdrmem_create
void xdrmem_create(XDR *xdrs, char *addr, u_int size, enum xdr_op op)
Definition: xdr_mem.c:94
rpc_createerr
Definition: clnt.h:495
DecryptMessage
SECURITY_STATUS WINAPI DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
Definition: wrapper.c:1036
ISC_REQ_MUTUAL_AUTH
#define ISC_REQ_MUTUAL_AUTH
Definition: sspi.h:349
uint32_t
UINT32 uint32_t
Definition: types.h:75
fd_out
#define fd_out
Definition: auth_sspi.c:858
xdr_opaque_auth
bool_t xdr_opaque_auth()
RPCSEC_SSPI_INIT
Definition: auth_sspi.h:32
rpc_sspi_data::win
u_int win
Definition: auth_sspi.c:63
isprint
#define isprint(c)
Definition: acclib.h:73
rpc_createerr::cf_error
struct rpc_err cf_error
Definition: clnt.h:497
name
Definition: name.c:36
calloc
#define calloc
Definition: rosglue.h:14
ap
void int int ULONGLONG int va_list * ap
Definition: winesup.h:32
rpc_sspi_init_res
Definition: auth_sspi.h:83
xdrrec_getoutbase
int32_t * xdrrec_getoutbase(XDR *xdrs)
Definition: xdr_rec.c:415
strcpy
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
c
#define c
Definition: ke_i.h:80
__auth::ah_cred
struct opaque_auth ah_cred
Definition: auth.h:206
ULONG
unsigned int ULONG
Definition: retypes.h:1
RPCSEC_SSPI_SVC_PRIVACY
Definition: auth_sspi.h:41
mem_free
#define mem_free(ptr, bsize)
Definition: types.h:124
ISC_REQ_CONFIDENTIALITY
#define ISC_REQ_CONFIDENTIALITY
Definition: sspi.h:352
malloc
#define malloc
Definition: debug_ros.c:4
ISC_REQ_REPLAY_DETECT
#define ISC_REQ_REPLAY_DETECT
Definition: sspi.h:350
p
GLfloat GLfloat p
Definition: glext.h:8902
rpc_sspi_cred
Definition: auth_sspi.h:74
vfprintf
_Check_return_opt_ _CRTIMP int __cdecl vfprintf(_Inout_ FILE *_File, _In_z_ _Printf_format_string_ const char *_Format, va_list _ArgList)
u_char
UCHAR u_char
Definition: types.h:80
rpc_sspi_sec::expiry
TimeStamp expiry
Definition: auth_sspi.h:70
_SecBufferDesc::cBuffers
ULONG cBuffers
Definition: sspi.h:168
memset
#define memset(x, y, z)
Definition: compat.h:39
MakeSignature
SECURITY_STATUS WINAPI MakeSignature(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
Definition: wrapper.c:623
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
title
static char title[]
Definition: ps.c:92
fmt
Definition: dsound.c:943
_sspi_buffer_desc
Definition: auth_sspi.h:54
EncryptMessage
SECURITY_STATUS WINAPI EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
Definition: wrapper.c:1006
rpc_sspi_data::expiry
TimeStamp expiry
Definition: auth_sspi.c:64
XDR_DESTROY
#define XDR_DESTROY(xdrs)
Definition: xdr.h:214
rpc_sspi_init_res::gr_token
sspi_buffer_desc gr_token
Definition: auth_sspi.h:88
RPCSEC_GSS
#define RPCSEC_GSS
Definition: nfs41_ops.h:867
DeleteSecurityContext
SECURITY_STATUS WINAPI DeleteSecurityContext(PCtxtHandle phContext)
Definition: wrapper.c:450
rpc_sspi_data::gc_wire_verf
sspi_buffer_desc gc_wire_verf
Definition: auth_sspi.c:56
int
unsigned int(__cdecl typeof(jpeg_read_scanlines))(struct jpeg_decompress_struct *
Definition: typeof.h:31