msi: Avoid accessing a freed object.
[wine.git] / dlls / secur32 / dispatcher.c
blob226de79ccabfad7981eb7331c204b08cd8cc5074
1 /*
2 * Copyright 2005, 2006 Kai Blin
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 * A dispatcher to run ntlm_auth for wine's sspi module.
21 #include "config.h"
22 #include <stdarg.h>
23 #include <stdio.h>
24 #ifdef HAVE_UNISTD_H
25 #include <unistd.h>
26 #endif
27 #include <sys/types.h>
28 #ifdef HAVE_SYS_WAIT_H
29 #include <sys/wait.h>
30 #endif
31 #include <stdlib.h>
32 #include <fcntl.h>
33 #include "windef.h"
34 #include "winbase.h"
35 #include "winerror.h"
36 #include "sspi.h"
37 #include "secur32_priv.h"
38 #include "wine/debug.h"
40 #define INITIAL_BUFFER_SIZE 200
42 WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
44 SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
45 char* const argv[])
47 int pipe_in[2];
48 int pipe_out[2];
49 int i;
50 PNegoHelper helper;
52 TRACE("%s ", debugstr_a(prog));
53 for(i = 0; argv[i] != NULL; ++i)
55 TRACE("%s ", debugstr_a(argv[i]));
57 TRACE("\n");
59 if( pipe(pipe_in) < 0 )
61 return SEC_E_INTERNAL_ERROR;
63 if( pipe(pipe_out) < 0 )
65 close(pipe_in[0]);
66 close(pipe_in[1]);
67 return SEC_E_INTERNAL_ERROR;
69 if (!(helper = HeapAlloc(GetProcessHeap(),0, sizeof(NegoHelper))))
71 close(pipe_in[0]);
72 close(pipe_in[1]);
73 close(pipe_out[0]);
74 close(pipe_out[1]);
75 return SEC_E_INSUFFICIENT_MEMORY;
78 helper->helper_pid = fork();
80 if(helper->helper_pid == -1)
82 close(pipe_in[0]);
83 close(pipe_in[1]);
84 close(pipe_out[0]);
85 close(pipe_out[1]);
86 HeapFree( GetProcessHeap(), 0, helper );
87 return SEC_E_INTERNAL_ERROR;
90 if(helper->helper_pid == 0)
92 /* We're in the child now */
93 close(0);
94 close(1);
96 dup2(pipe_out[0], 0);
97 close(pipe_out[0]);
98 close(pipe_out[1]);
100 dup2(pipe_in[1], 1);
101 close(pipe_in[0]);
102 close(pipe_in[1]);
104 execvp(prog, argv);
106 /* Whoops, we shouldn't get here. Big badaboom.*/
107 write(STDOUT_FILENO, "BH\n", 3);
108 _exit(1);
110 else
112 *new_helper = helper;
113 helper->major = helper->minor = helper->micro = -1;
114 helper->com_buf = NULL;
115 helper->com_buf_size = 0;
116 helper->com_buf_offset = 0;
117 helper->session_key = NULL;
118 helper->neg_flags = 0;
119 helper->pipe_in = pipe_in[0];
120 fcntl( pipe_in[0], F_SETFD, 1 );
121 close(pipe_in[1]);
122 helper->pipe_out = pipe_out[1];
123 fcntl( pipe_out[1], F_SETFD, 1 );
124 close(pipe_out[0]);
127 return SEC_E_OK;
130 static SECURITY_STATUS read_line(PNegoHelper helper, int *offset_len)
132 char *newline;
133 int read_size;
135 if(helper->com_buf == NULL)
137 TRACE("Creating a new buffer for the helper\n");
138 if((helper->com_buf = HeapAlloc(GetProcessHeap(), 0, INITIAL_BUFFER_SIZE)) == NULL)
139 return SEC_E_INSUFFICIENT_MEMORY;
141 /* Created a new buffer, size is INITIAL_BUFFER_SIZE, offset is 0 */
142 helper->com_buf_size = INITIAL_BUFFER_SIZE;
143 helper->com_buf_offset = 0;
148 TRACE("offset = %d, size = %d\n", helper->com_buf_offset, helper->com_buf_size);
149 if(helper->com_buf_offset + INITIAL_BUFFER_SIZE > helper->com_buf_size)
151 /* increment buffer size in INITIAL_BUFFER_SIZE steps */
152 char *buf = HeapReAlloc(GetProcessHeap(), 0, helper->com_buf,
153 helper->com_buf_size + INITIAL_BUFFER_SIZE);
154 TRACE("Resizing buffer!\n");
155 if (!buf) return SEC_E_INSUFFICIENT_MEMORY;
156 helper->com_buf_size += INITIAL_BUFFER_SIZE;
157 helper->com_buf = buf;
159 if((read_size = read(helper->pipe_in, helper->com_buf + helper->com_buf_offset,
160 helper->com_buf_size - helper->com_buf_offset)) <= 0)
162 return SEC_E_INTERNAL_ERROR;
165 TRACE("read_size = %d, read: %s\n", read_size,
166 debugstr_a(helper->com_buf + helper->com_buf_offset));
167 helper->com_buf_offset += read_size;
168 newline = memchr(helper->com_buf, '\n', helper->com_buf_offset);
169 }while(newline == NULL);
171 /* Now, if there's a newline character, and we read more than that newline,
172 * we have to store the offset so we can preserve the additional data.*/
173 if( newline != helper->com_buf + helper->com_buf_offset)
175 TRACE("offset_len is calculated from %p - %p\n",
176 (helper->com_buf + helper->com_buf_offset), newline+1);
177 /* the length of the offset is the number of chars after the newline */
178 *offset_len = (helper->com_buf + helper->com_buf_offset) - (newline + 1);
180 else
182 *offset_len = 0;
185 *newline = '\0';
187 return SEC_E_OK;
190 static SECURITY_STATUS preserve_unused(PNegoHelper helper, int offset_len)
192 TRACE("offset_len = %d\n", offset_len);
194 if(offset_len > 0)
196 memmove(helper->com_buf, helper->com_buf + helper->com_buf_offset,
197 offset_len);
198 helper->com_buf_offset = offset_len;
200 else
202 helper->com_buf_offset = 0;
205 TRACE("helper->com_buf_offset was set to: %d\n", helper->com_buf_offset);
206 return SEC_E_OK;
209 SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer,
210 unsigned int max_buflen, int *buflen)
212 int offset_len;
213 SECURITY_STATUS sec_status = SEC_E_OK;
215 TRACE("In helper: sending %s\n", debugstr_a(buffer));
217 /* buffer + '\n' */
218 write(helper->pipe_out, buffer, lstrlenA(buffer));
219 write(helper->pipe_out, "\n", 1);
221 if((sec_status = read_line(helper, &offset_len)) != SEC_E_OK)
223 return sec_status;
226 TRACE("In helper: received %s\n", debugstr_a(helper->com_buf));
227 *buflen = lstrlenA(helper->com_buf);
229 if( *buflen > max_buflen)
231 ERR("Buffer size too small(%d given, %d required) dropping data!\n",
232 max_buflen, *buflen);
233 return SEC_E_BUFFER_TOO_SMALL;
236 if( *buflen < 2 )
238 return SEC_E_ILLEGAL_MESSAGE;
241 /* We only get ERR if the input size is too big. On a GENSEC error,
242 * ntlm_auth will return BH */
243 if(strncmp(helper->com_buf, "ERR", 3) == 0)
245 return SEC_E_INVALID_TOKEN;
248 memcpy(buffer, helper->com_buf, *buflen+1);
250 sec_status = preserve_unused(helper, offset_len);
252 return sec_status;
255 void cleanup_helper(PNegoHelper helper)
258 TRACE("Killing helper %p\n", helper);
259 if( (helper == NULL) || (helper->helper_pid == 0))
260 return;
262 HeapFree(GetProcessHeap(), 0, helper->com_buf);
264 /* closing stdin will terminate ntlm_auth */
265 close(helper->pipe_out);
266 close(helper->pipe_in);
268 waitpid(helper->helper_pid, NULL, 0);
270 helper->helper_pid = 0;
271 HeapFree(GetProcessHeap(), 0, helper);
274 void check_version(PNegoHelper helper)
276 char temp[80];
277 char *newline;
278 int major = 0, minor = 0, micro = 0, ret;
280 TRACE("Checking version of helper\n");
281 if(helper != NULL)
283 int len = read(helper->pipe_in, temp, sizeof(temp)-1);
284 if (len > 8)
286 if((newline = memchr(temp, '\n', len)) != NULL)
287 *newline = '\0';
288 else
289 temp[len] = 0;
291 TRACE("Exact version is %s\n", debugstr_a(temp));
292 ret = sscanf(temp, "Version %d.%d.%d", &major, &minor, &micro);
293 if(ret != 3)
295 ERR("Failed to get the helper version.\n");
296 helper->major = helper->minor = helper->micro = -1;
298 else
300 TRACE("Version recognized: %d.%d.%d\n", major, minor, micro);
301 helper->major = major;
302 helper->minor = minor;
303 helper->micro = micro;