BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, LPCTSTR user, LPCTSTR domain, LPCTSTR password,
SecPkgContext_Bindings* Bindings)
{
SECURITY_STATUS status;
ntlm->http = http;
ntlm->Bindings = Bindings;
ntlm->table = InitSecurityInterfaceEx(0);
if (!ntlm->table)
return FALSE;
sspi_SetAuthIdentity(&(ntlm->identity), user, domain, password);
status = ntlm->table->QuerySecurityPackageInfo(NTLM_SSP_NAME, &ntlm->pPackageInfo);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
return FALSE;
}
ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken;
status = ntlm->table->AcquireCredentialsHandle(NULL, NTLM_SSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL,
&ntlm->credentials, &ntlm->expiration);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
return FALSE;
}
ntlm->haveContext = FALSE;
ntlm->haveInputBuffer = FALSE;
ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
ntlm->fContextReq = 0;
if (ntlm->http)
{
/* flags for HTTP authentication */
ntlm->fContextReq |= ISC_REQ_CONFIDENTIALITY;
}
else
{
/**
* flags for RPC authentication:
* RPC_C_AUTHN_LEVEL_PKT_INTEGRITY:
* ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH |
* ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT
*/
ntlm->fContextReq |= ISC_REQ_USE_DCE_STYLE;
ntlm->fContextReq |= ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH;
ntlm->fContextReq |= ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT;
}
return TRUE;
}
static SECURITY_STATUS SEC_ENTRY winpr_ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags,
PSecBuffer pPackedContext, HANDLE* pToken)
{
SEC_CHAR* Name;
SECURITY_STATUS status;
SecurityFunctionTableW* table;
Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableWByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->ExportSecurityContext)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->ExportSecurityContext(phContext, fFlags, pPackedContext, pToken);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "ExportSecurityContext status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredential,
PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
{
SECURITY_STATUS status;
NEGOTIATE_CONTEXT* context;
context = (NEGOTIATE_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);
if (!context)
{
context = negotiate_ContextNew();
if (!context)
return SEC_E_INTERNAL_ERROR;
sspi_SecureHandleSetLowerPointer(phNewContext, context);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME);
}
negotiate_SetSubPackage(context,
(const char*) NTLM_SSP_NAME); /* server-side Kerberos not yet implemented */
status = context->sspiA->AcceptSecurityContext(phCredential, &(context->SubContext),
pInput, fContextReq, TargetDataRep, &(context->SubContext),
pOutput, pfContextAttr, ptsTimeStamp);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "AcceptSecurityContext status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_init_sec_context(
UINT32* minor_status,
sspi_gss_cred_id_t claimant_cred_handle,
sspi_gss_ctx_id_t* context_handle,
sspi_gss_name_t target_name,
sspi_gss_OID mech_type,
UINT32 req_flags,
UINT32 time_req,
sspi_gss_channel_bindings_t input_chan_bindings,
sspi_gss_buffer_t input_token,
sspi_gss_OID* actual_mech_type,
sspi_gss_buffer_t output_token,
UINT32* ret_flags,
UINT32* time_rec)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_init_sec_context))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_init_sec_context(minor_status, claimant_cred_handle, context_handle,
target_name, mech_type, req_flags, time_req, input_chan_bindings,
input_token, actual_mech_type, output_token, ret_flags, time_rec);
WLog_DBG(TAG, "gss_init_sec_context: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_ImportSecurityContextA(SEC_CHAR* pszPackage,
PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext)
{
char* Name = NULL;
SECURITY_STATUS status;
SecurityFunctionTableA* table;
Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableAByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->ImportSecurityContextA)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->ImportSecurityContextA(pszPackage, pPackedContext, pToken, phContext);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "ImportSecurityContextA status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal,
SEC_CHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
{
SECURITY_STATUS status;
SecurityFunctionTableA* table = sspi_GetSecurityFunctionTableAByNameA(pszPackage);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->AcquireCredentialsHandleA)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->AcquireCredentialsHandleA(pszPrincipal, pszPackage, fCredentialUse,
pvLogonID, pAuthData, pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "AcquireCredentialsHandleA status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_accept_sec_context(
UINT32* minor_status,
sspi_gss_ctx_id_t* context_handle,
sspi_gss_cred_id_t acceptor_cred_handle,
sspi_gss_buffer_t input_token_buffer,
sspi_gss_channel_bindings_t input_chan_bindings,
sspi_gss_name_t* src_name,
sspi_gss_OID* mech_type,
sspi_gss_buffer_t output_token,
UINT32* ret_flags,
UINT32* time_rec,
sspi_gss_cred_id_t* delegated_cred_handle)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_accept_sec_context))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_accept_sec_context(minor_status, context_handle, acceptor_cred_handle,
input_token_buffer, input_chan_bindings, src_name, mech_type, output_token,
ret_flags, time_rec, delegated_cred_handle);
WLog_DBG(TAG, "gss_accept_sec_context: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
char* Name;
SECURITY_STATUS status;
SecurityFunctionTableA* table;
Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableAByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->EncryptMessage)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->EncryptMessage(phContext, fQOP, pMessage, MessageSeqNo);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "EncryptMessage status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_VerifySignature(PCtxtHandle phContext,
PSecBufferDesc pMessage,
ULONG MessageSeqNo, PULONG pfQOP)
{
char* Name;
SECURITY_STATUS status;
SecurityFunctionTableA* table;
Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableAByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->VerifySignature)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "VerifySignature status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_InitializeSecurityContextA(PCredHandle phCredential,
PCtxtHandle phContext,
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
{
SEC_CHAR* Name;
SECURITY_STATUS status;
SecurityFunctionTableA* table;
Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phCredential);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableAByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->InitializeSecurityContextA)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->InitializeSecurityContextA(phCredential, phContext,
pszTargetName, fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "InitializeSecurityContextA status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext,
ULONG ulAttribute,
void* pBuffer, ULONG cbBuffer)
{
SEC_CHAR* Name;
SECURITY_STATUS status;
SecurityFunctionTableW* table;
Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableWByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->SetContextAttributesW)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "SetContextAttributesW status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_CompleteAuthToken(PCtxtHandle phContext,
PSecBufferDesc pToken)
{
char* Name = NULL;
SECURITY_STATUS status;
SecurityFunctionTableA* table;
Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableAByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->CompleteAuthToken)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->CompleteAuthToken(phContext, pToken);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "CompleteAuthToken status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_ImpersonateSecurityContext(PCtxtHandle phContext)
{
SEC_CHAR* Name;
SECURITY_STATUS status;
SecurityFunctionTableW* table;
Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableWByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->ImpersonateSecurityContext)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->ImpersonateSecurityContext(phContext);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "ImpersonateSecurityContext status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_AcceptSecurityContext(PCredHandle phCredential,
PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
{
char* Name;
SECURITY_STATUS status;
SecurityFunctionTableA* table;
Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableAByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->AcceptSecurityContext)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->AcceptSecurityContext(phCredential, phContext, pInput, fContextReq,
TargetDataRep, phNewContext, pOutput, pfContextAttr, ptsTimeStamp);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "AcceptSecurityContext status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
{
SECURITY_STATUS status;
NEGOTIATE_CONTEXT* context;
context = (NEGOTIATE_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);
if (!context)
{
context = negotiate_ContextNew();
if (!context)
return SEC_E_INTERNAL_ERROR;
sspi_SecureHandleSetLowerPointer(phNewContext, context);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOTIATE_PACKAGE_NAME);
}
status = context->sspiA->AcceptSecurityContext(phCredential, &(context->SubContext),
pInput, fContextReq, TargetDataRep, &(context->SubContext),
pOutput, pfContextAttr, ptsTimeStamp);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "AcceptSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_add_cred(
UINT32* minor_status,
sspi_gss_cred_id_t input_cred_handle,
sspi_gss_name_t desired_name,
sspi_gss_OID desired_mech,
sspi_gss_cred_usage_t cred_usage,
UINT32 initiator_time_req,
UINT32 acceptor_time_req,
sspi_gss_cred_id_t* output_cred_handle,
sspi_gss_OID_set* actual_mechs,
UINT32* initiator_time_rec,
UINT32* acceptor_time_rec)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_add_cred))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_add_cred(minor_status, input_cred_handle, desired_name, desired_mech,
cred_usage,
initiator_time_req, acceptor_time_req, output_cred_handle, actual_mechs, initiator_time_rec,
acceptor_time_rec);
WLog_DBG(TAG, "gss_add_cred: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_QueryCredentialsAttributesA(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer)
{
char* Name;
SECURITY_STATUS status;
SecurityFunctionTableA* table;
Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableAByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->QueryCredentialsAttributesA)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->QueryCredentialsAttributesA(phCredential, ulAttribute, pBuffer);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "QueryCredentialsAttributesA status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static SECURITY_STATUS SEC_ENTRY winpr_FreeCredentialsHandle(PCredHandle phCredential)
{
char* Name;
SECURITY_STATUS status;
SecurityFunctionTableA* table;
Name = (char*) sspi_SecureHandleGetUpperPointer(phCredential);
if (!Name)
return SEC_E_SECPKG_NOT_FOUND;
table = sspi_GetSecurityFunctionTableAByNameA(Name);
if (!table)
return SEC_E_SECPKG_NOT_FOUND;
if (!table->FreeCredentialsHandle)
return SEC_E_UNSUPPORTED_FUNCTION;
status = table->FreeCredentialsHandle(phCredential);
if (IsSecurityStatusError(status))
{
WLog_WARN(TAG, "FreeCredentialsHandle status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
return status;
}
static void ntlm_client_uninit(rdpNtlm* ntlm)
{
free(ntlm->identity.User);
ntlm->identity.User = NULL;
free(ntlm->identity.Domain);
ntlm->identity.Domain = NULL;
free(ntlm->identity.Password);
ntlm->identity.Password = NULL;
free(ntlm->ServicePrincipalName);
ntlm->ServicePrincipalName = NULL;
if (ntlm->table)
{
SECURITY_STATUS status;
status = ntlm->table->FreeCredentialsHandle(&ntlm->credentials);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "FreeCredentialsHandle status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
status = ntlm->table->FreeContextBuffer(ntlm->pPackageInfo);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "FreeContextBuffer status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
status = ntlm->table->DeleteSecurityContext(&ntlm->context);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "DeleteSecurityContext status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
}
ntlm->table = NULL;
}
}
SECURITY_STATUS nla_decrypt_ts_credentials(rdpNla* nla)
{
int length;
BYTE* buffer;
ULONG pfQOP;
SecBuffer Buffers[2];
SecBufferDesc Message;
SECURITY_STATUS status;
Buffers[0].BufferType = SECBUFFER_TOKEN; /* Signature */
Buffers[1].BufferType = SECBUFFER_DATA; /* TSCredentials */
if (nla->authInfo.cbBuffer < 1)
{
WLog_ERR(TAG, "nla_decrypt_ts_credentials missing authInfo buffer");
return SEC_E_INVALID_TOKEN;
}
length = nla->authInfo.cbBuffer;
buffer = (BYTE*) malloc(length);
if (!buffer)
return SEC_E_INSUFFICIENT_MEMORY;
CopyMemory(buffer, nla->authInfo.pvBuffer, length);
Buffers[0].cbBuffer = nla->ContextSizes.cbSecurityTrailer;
Buffers[0].pvBuffer = buffer;
Buffers[1].cbBuffer = length - nla->ContextSizes.cbSecurityTrailer;
Buffers[1].pvBuffer = &buffer[nla->ContextSizes.cbSecurityTrailer];
Message.cBuffers = 2;
Message.ulVersion = SECBUFFER_VERSION;
Message.pBuffers = (PSecBuffer) &Buffers;
status = nla->table->DecryptMessage(&nla->context, &Message, nla->recvSeqNum++, &pfQOP);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "DecryptMessage failure %s [%08X]",
GetSecurityStatusString(status), status);
return status;
}
if(!nla_read_ts_credentials(nla, &Buffers[1]))
{
free(buffer);
return SEC_E_INSUFFICIENT_MEMORY;
}
free(buffer);
return SEC_E_OK;
}
UINT32 SSPI_GSSAPI sspi_gss_create_empty_oid_set(
UINT32* minor_status,
sspi_gss_OID_set* oid_set)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_create_empty_oid_set))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_create_empty_oid_set(minor_status, oid_set);
WLog_DBG(TAG, "gss_create_empty_oid_set: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_release_buffer(
UINT32* minor_status,
sspi_gss_buffer_t buffer)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_release_buffer))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_release_buffer(minor_status, buffer);
WLog_DBG(TAG, "gss_release_buffer: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_import_sec_context(
UINT32* minor_status,
sspi_gss_buffer_t interprocess_token,
sspi_gss_ctx_id_t* context_handle)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_import_sec_context))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_import_sec_context(minor_status, interprocess_token, context_handle);
WLog_DBG(TAG, "gss_import_sec_context: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
SECURITY_STATUS SEC_ENTRY sspi_VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
SECURITY_STATUS status;
if (!g_Initialized)
InitializeSspiModule(0);
if (!(g_SspiW && g_SspiW->VerifySignature))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_SspiW->VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
WLog_Print(g_Log, WLOG_DEBUG, "VerifySignature: %s (0x%04X)", GetSecurityStatusString(status), status);
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_context_time(
UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
UINT32* time_rec)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_context_time))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_context_time(minor_status, context_handle, time_rec);
WLog_DBG(TAG, "gss_context_time: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_inquire_names_for_mech(
UINT32* minor_status,
sspi_gss_OID mechanism,
sspi_gss_OID_set* name_types)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_inquire_names_for_mech))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_inquire_names_for_mech(minor_status, mechanism, name_types);
WLog_DBG(TAG, "gss_inquire_names_for_mech: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
SECURITY_STATUS SEC_ENTRY sspi_RevertSecurityContext(PCtxtHandle phContext)
{
SECURITY_STATUS status;
if (!g_Initialized)
InitializeSspiModule(0);
if (!(g_SspiW && g_SspiW->RevertSecurityContext))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_SspiW->RevertSecurityContext(phContext);
WLog_Print(g_Log, WLOG_DEBUG, "RevertSecurityContext: %s (0x%04X)", GetSecurityStatusString(status), status);
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_set_neg_mechs(
UINT32* minor_status,
sspi_gss_cred_id_t cred_handle,
const sspi_gss_OID_set mech_set)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_set_neg_mechs))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_set_neg_mechs(minor_status, cred_handle, mech_set);
WLog_DBG(TAG, "gss_set_neg_mechs: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
UINT32 SSPI_GSSAPI sspi_gss_duplicate_name(
UINT32* minor_status,
const sspi_gss_name_t input_name,
sspi_gss_name_t* dest_name)
{
SECURITY_STATUS status;
InitOnceExecuteOnce(&g_Initialized, sspi_GssApiInit, NULL, NULL);
if (!(g_GssApi && g_GssApi->gss_duplicate_name))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_GssApi->gss_duplicate_name(minor_status, input_name, dest_name);
WLog_DBG(TAG, "gss_duplicate_name: %s (0x%08"PRIX32")",
GetSecurityStatusString(status), status);
return status;
}
SECURITY_STATUS SEC_ENTRY sspi_SetContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer)
{
SECURITY_STATUS status;
if (!g_Initialized)
InitializeSspiModule(0);
if (!(g_SspiA && g_SspiA->SetContextAttributesA))
return SEC_E_UNSUPPORTED_FUNCTION;
status = g_SspiA->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
WLog_Print(g_Log, WLOG_DEBUG, "SetContextAttributesA: %s (0x%04X)", GetSecurityStatusString(status), status);
return status;
}
