search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
buddy: fix use after free in process_buddy_photo_response()
[siplcs.git] / src / core / sip-sec-sspi.c
blob3a713121e830ede8685c4360cc0a406701c4fdb1
1 /**
2 * @file sip-sec-sspi.c
3 *
4 * pidgin-sipe
5 *
6 * Copyright (C) 2011-12 SIPE Project <http://sipe.sourceforge.net/>
7 * Copyright (C) 2009 pier11 <pier11@operamail.com>
8 *
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23 */
24
25 #include <stdio.h>
26 #include <windows.h>
27 #include <rpc.h>
28 #ifndef SECURITY_WIN32
29 #define SECURITY_WIN32 1
30 #endif
31 #include <security.h>
32
33 #include <glib.h>
34
35 #include "sip-sec.h"
36 #include "sip-sec-mech.h"
37 #include "sip-sec-sspi.h"
38 #include "sipe-backend.h"
39 #include "sipe-core.h"
40
41 /* Mechanism names */
42 #define SSPI_MECH_NTLM "NTLM"
43 #define SSPI_MECH_KERBEROS "Kerberos"
44 #define SSPI_MECH_NEGOTIATE "Negotiate"
45 #define SSPI_MECH_TLS_DSK "Schannel" /* SSL/TLS provider, is this correct? */
46
47 #ifndef ISC_REQ_IDENTIFY
48 #define ISC_REQ_IDENTIFY 0x00002000
49 #endif
50
51 typedef struct _context_sspi {
52 struct sip_sec_context common;
53 CredHandle* cred_sspi;
54 CtxtHandle* ctx_sspi;
55 /** Kerberos or NTLM */
56 const char *mech;
57 } *context_sspi;
58
59 static int
60 sip_sec_get_interval_from_now_sec(TimeStamp timestamp);
61
62 void
63 sip_sec_sspi_print_error(const char *func,
64 SECURITY_STATUS ret);
65
66 /** internal method */
67 static void
68 sip_sec_destroy_sspi_context(context_sspi context)
69 {
70 if (context->ctx_sspi)
71 DeleteSecurityContext(context->ctx_sspi);
72 if (context->cred_sspi)
73 FreeCredentialsHandle(context->cred_sspi);
74 }
75
76 /* sip-sec-mech.h API implementation for SSPI - Kerberos and NTLM */
77
78 static sip_uint32
79 sip_sec_acquire_cred__sspi(SipSecContext context,
80 const char *domain,
81 const char *username,
82 const char *password)
83 {
84 SECURITY_STATUS ret;
85 TimeStamp expiry;
86 SEC_WINNT_AUTH_IDENTITY auth_identity;
87 context_sspi ctx = (context_sspi)context;
88
89 if (username) {
90 if (!password) {
91 return SIP_SEC_E_INTERNAL_ERROR;
92 }
93
94 memset(&auth_identity, 0, sizeof(auth_identity));
95 auth_identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
96
97 if ( domain && (strlen(domain) > 0) ) {
98 auth_identity.Domain = (unsigned char*)domain;
99 auth_identity.DomainLength = strlen(domain);
100 }
101
102 auth_identity.User = (unsigned char*)username;
103 auth_identity.UserLength = strlen(username);
104
105 auth_identity.Password = (unsigned char*)password;
106 auth_identity.PasswordLength = strlen(password);
107 }
108
109 ctx->cred_sspi = g_malloc0(sizeof(CredHandle));
110
111 /* @TODO: this does not work for "Schannel" (TLS-DSK) as it expects
112 a SCHANNEL_CRED datastructure, pointing to the private key
113 and the client certificate */
114 ret = AcquireCredentialsHandleA(NULL,
115 (SEC_CHAR *)ctx->mech,
116 SECPKG_CRED_OUTBOUND,
117 NULL,
118 (context->sso || !username) ? NULL : &auth_identity,
119 NULL,
120 NULL,
121 ctx->cred_sspi,
122 &expiry);
123
124 if (ret != SEC_E_OK) {
125 sip_sec_sspi_print_error("sip_sec_acquire_cred__sspi: AcquireCredentialsHandleA", ret);
126 g_free(ctx->cred_sspi);
127 ctx->cred_sspi = NULL;
128 return SIP_SEC_E_INTERNAL_ERROR;
129 } else {
130 return SIP_SEC_E_OK;
131 }
132 }
133
134 static sip_uint32
135 sip_sec_init_sec_context__sspi(SipSecContext context,
136 SipSecBuffer in_buff,
137 SipSecBuffer *out_buff,
138 const char *service_name)
139 {
140 TimeStamp expiry;
141 SecBufferDesc input_desc, output_desc;
142 SecBuffer in_token, out_token;
143 SECURITY_STATUS ret;
144 ULONG req_flags;
145 ULONG ret_flags;
146 context_sspi ctx = (context_sspi)context;
147 CtxtHandle* out_context = g_malloc0(sizeof(CtxtHandle));
148
149 SIPE_DEBUG_INFO_NOFORMAT("sip_sec_init_sec_context__sspi: in use");
150
151 input_desc.cBuffers = 1;
152 input_desc.pBuffers = &in_token;
153 input_desc.ulVersion = SECBUFFER_VERSION;
154
155 /* input token */
156 in_token.BufferType = SECBUFFER_TOKEN;
157 in_token.cbBuffer = in_buff.length;
158 in_token.pvBuffer = in_buff.value;
159
160 output_desc.cBuffers = 1;
161 output_desc.pBuffers = &out_token;
162 output_desc.ulVersion = SECBUFFER_VERSION;
163
164 /* to hold output token */
165 out_token.BufferType = SECBUFFER_TOKEN;
166 out_token.cbBuffer = 0;
167 out_token.pvBuffer = NULL;
168
169 req_flags = (ISC_REQ_ALLOCATE_MEMORY |
170 ISC_REQ_INTEGRITY |
171 ISC_REQ_IDENTIFY);
172
173 if (ctx->mech && !strcmp(ctx->mech, SSPI_MECH_NTLM) &&
174 !context->is_connection_based)
175 {
176 req_flags |= (ISC_REQ_DATAGRAM);
177 }
178
179 ret = InitializeSecurityContextA(ctx->cred_sspi,
180 ctx->ctx_sspi,
181 (SEC_CHAR *)service_name,
182 req_flags,
183 0,
184 SECURITY_NATIVE_DREP,
185 &input_desc,
186 0,
187 out_context,
188 &output_desc,
189 &ret_flags,
190 &expiry);
191
192 if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED) {
193 sip_sec_destroy_sspi_context(ctx);
194 sip_sec_sspi_print_error("sip_sec_init_sec_context__sspi: InitializeSecurityContextA", ret);
195 return SIP_SEC_E_INTERNAL_ERROR;
196 }
197
198 out_buff->length = out_token.cbBuffer;
199 out_buff->value = NULL;
200 if (out_token.cbBuffer) {
201 out_buff->value = g_malloc0(out_token.cbBuffer);
202 memmove(out_buff->value, out_token.pvBuffer, out_token.cbBuffer);
203 FreeContextBuffer(out_token.pvBuffer);
204 }
205
206 ctx->ctx_sspi = out_context;
207 if (ctx->mech && !strcmp(ctx->mech, SSPI_MECH_KERBEROS)) {
208 context->expires = sip_sec_get_interval_from_now_sec(expiry);
209 }
210
211 if (ret == SEC_I_CONTINUE_NEEDED) {
212 return SIP_SEC_I_CONTINUE_NEEDED;
213 } else {
214 return SIP_SEC_E_OK;
215 }
216 }
217
218 static void
219 sip_sec_destroy_sec_context__sspi(SipSecContext context)
220 {
221 sip_sec_destroy_sspi_context((context_sspi)context);
222 g_free(context);
223 }
224
225 /**
226 * @param message a NULL terminated string to sign
227 *
228 */
229 static sip_uint32
230 sip_sec_make_signature__sspi(SipSecContext context,
231 const char *message,
232 SipSecBuffer *signature)
233 {
234 SecBufferDesc buffs_desc;
235 SecBuffer buffs[2];
236 SECURITY_STATUS ret;
237 SecPkgContext_Sizes context_sizes;
238 unsigned char *signature_buff;
239 size_t signature_buff_length;
240 context_sspi ctx = (context_sspi) context;
241
242 ret = QueryContextAttributes(ctx->ctx_sspi,
243 SECPKG_ATTR_SIZES,
244 &context_sizes);
245
246 if (ret != SEC_E_OK) {
247 sip_sec_sspi_print_error("sip_sec_make_signature__sspi: QueryContextAttributes", ret);
248 return SIP_SEC_E_INTERNAL_ERROR;
249 }
250
251 signature_buff_length = context_sizes.cbMaxSignature;
252 signature_buff = g_malloc0(signature_buff_length);
253
254 buffs_desc.cBuffers = 2;
255 buffs_desc.pBuffers = buffs;
256 buffs_desc.ulVersion = SECBUFFER_VERSION;
257
258 /* message to sign */
259 buffs[0].BufferType = SECBUFFER_DATA;
260 buffs[0].cbBuffer = strlen(message);
261 buffs[0].pvBuffer = (PVOID)message;
262
263 /* to hold signature */
264 buffs[1].BufferType = SECBUFFER_TOKEN;
265 buffs[1].cbBuffer = signature_buff_length;
266 buffs[1].pvBuffer = signature_buff;
267
268 ret = MakeSignature(ctx->ctx_sspi,
269 (ULONG)0,
270 &buffs_desc,
271 100);
272 if (ret != SEC_E_OK) {
273 sip_sec_sspi_print_error("sip_sec_make_signature__sspi: MakeSignature", ret);
274 g_free(signature_buff);
275 return SIP_SEC_E_INTERNAL_ERROR;
276 }
277
278 signature->value = signature_buff;
279 signature->length = buffs[1].cbBuffer;
280
281 return SIP_SEC_E_OK;
282 }
283
284 /**
285 * @param message a NULL terminated string to check signature of
286 * @return SIP_SEC_E_OK on success
287 */
288 static sip_uint32
289 sip_sec_verify_signature__sspi(SipSecContext context,
290 const char *message,
291 SipSecBuffer signature)
292 {
293 SecBufferDesc buffs_desc;
294 SecBuffer buffs[2];
295 SECURITY_STATUS ret;
296
297 buffs_desc.cBuffers = 2;
298 buffs_desc.pBuffers = buffs;
299 buffs_desc.ulVersion = SECBUFFER_VERSION;
300
301 /* message to sign */
302 buffs[0].BufferType = SECBUFFER_DATA;
303 buffs[0].cbBuffer = strlen(message);
304 buffs[0].pvBuffer = (PVOID)message;
305
306 /* signature to check */
307 buffs[1].BufferType = SECBUFFER_TOKEN;
308 buffs[1].cbBuffer = signature.length;
309 buffs[1].pvBuffer = signature.value;
310
311 ret = VerifySignature(((context_sspi)context)->ctx_sspi,
312 &buffs_desc,
313 0,
314 0);
315
316 if (ret != SEC_E_OK) {
317 sip_sec_sspi_print_error("sip_sec_verify_signature__sspi: VerifySignature", ret);
318 return SIP_SEC_E_INTERNAL_ERROR;
319 }
320
321 return SIP_SEC_E_OK;
322 }
323
324 SipSecContext
325 sip_sec_create_context__sspi(guint type)
326 {
327 context_sspi context = g_malloc0(sizeof(struct _context_sspi));
328 if (!context) return(NULL);
329
330 context->common.acquire_cred_func = sip_sec_acquire_cred__sspi;
331 context->common.init_context_func = sip_sec_init_sec_context__sspi;
332 context->common.destroy_context_func = sip_sec_destroy_sec_context__sspi;
333 context->common.make_signature_func = sip_sec_make_signature__sspi;
334 context->common.verify_signature_func = sip_sec_verify_signature__sspi;
335 context->mech = (type == SIPE_AUTHENTICATION_TYPE_NTLM) ? SSPI_MECH_NTLM :
336 ((type == SIPE_AUTHENTICATION_TYPE_KERBEROS) ? SSPI_MECH_KERBEROS :
337 ((type == SIPE_AUTHENTICATION_TYPE_NEGOTIATE) ? SSPI_MECH_NEGOTIATE : SSPI_MECH_TLS_DSK));
338
339 return((SipSecContext) context);
340 }
341
342 gboolean sip_sec_password__sspi(void)
343 {
344 /* SSPI supports Single-Sign On */
345 return(FALSE);
346 }
347
348 /* Utility Functions */
349
350 /**
351 * Returns interval in seconds from now till provided value
352 */
353 static int
354 sip_sec_get_interval_from_now_sec(TimeStamp timestamp)
355 {
356 SYSTEMTIME stNow;
357 FILETIME ftNow;
358 ULARGE_INTEGER uliNow, uliTo;
359
360 GetLocalTime(&stNow);
361 SystemTimeToFileTime(&stNow, &ftNow);
362
363 uliNow.LowPart = ftNow.dwLowDateTime;
364 uliNow.HighPart = ftNow.dwHighDateTime;
365
366 uliTo.LowPart = timestamp.LowPart;
367 uliTo.HighPart = timestamp.HighPart;
368
369 return (int)((uliTo.QuadPart - uliNow.QuadPart)/10/1000/1000);
370 }
371
372 void
373 sip_sec_sspi_print_error(const char *func,
374 SECURITY_STATUS ret)
375 {
376 char *error_message;
377 static char *buff;
378 int buff_length;
379
380 buff_length = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
381 FORMAT_MESSAGE_ALLOCATE_BUFFER |
382 FORMAT_MESSAGE_IGNORE_INSERTS,
383 0,
384 ret,
385 0,
386 (LPTSTR)&buff,
387 16384,
388 0);
389 error_message = g_strndup(buff, buff_length);
390 LocalFree(buff);
391
392 printf("SSPI ERROR [%d] in %s: %s", (int)ret, func, error_message);
393 g_free(error_message);
394 }
395
396
397 /*
398 Local Variables:
399 mode: c
400 c-file-style: "bsd"
401 indent-tabs-mode: t
402 tab-width: 8
403 End:
404 */
A third-party Pidgin plugin for Microsoft LCS/OCS