projects / u / mdw / putty / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Sebastian Kuschel reports that pfd_closing can be called for a socket
[u/mdw/putty] / windows / wingss.c
1 #ifndef NO_GSSAPI
2
3 #include "putty.h"
4
5 #include <security.h>
6
7 #include "pgssapi.h"
8 #include "sshgss.h"
9 #include "sshgssc.h"
10
11 #include "misc.h"
12
13 /* Windows code to set up the GSSAPI library list. */
14
15 const int ngsslibs = 3;
16 const char *const gsslibnames[3] = {
17 "MIT Kerberos GSSAPI32.DLL",
18 "Microsoft SSPI SECUR32.DLL",
19 "User-specified GSSAPI DLL",
20 };
21 const struct keyvalwhere gsslibkeywords[] = {
22 { "gssapi32", 0, -1, -1 },
23 { "sspi", 1, -1, -1 },
24 { "custom", 2, -1, -1 },
25 };
26
27 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
28 AcquireCredentialsHandleA,
29 (SEC_CHAR *, SEC_CHAR *, ULONG, PLUID,
30 PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp));
31 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
32 InitializeSecurityContextA,
33 (PCredHandle, PCtxtHandle, SEC_CHAR *, ULONG, ULONG,
34 ULONG, PSecBufferDesc, ULONG, PCtxtHandle,
35 PSecBufferDesc, PULONG, PTimeStamp));
36 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
37 FreeContextBuffer,
38 (PVOID));
39 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
40 FreeCredentialsHandle,
41 (PCredHandle));
42 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
43 DeleteSecurityContext,
44 (PCtxtHandle));
45 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
46 QueryContextAttributesA,
47 (PCtxtHandle, ULONG, PVOID));
48 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
49 MakeSignature,
50 (PCtxtHandle, ULONG, PSecBufferDesc, ULONG));
51
52 typedef struct winSsh_gss_ctx {
53 unsigned long maj_stat;
54 unsigned long min_stat;
55 CredHandle cred_handle;
56 CtxtHandle context;
57 PCtxtHandle context_handle;
58 TimeStamp expiry;
59 } winSsh_gss_ctx;
60
61
62 const Ssh_gss_buf gss_mech_krb5={9,"\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
63
64 const char *gsslogmsg = NULL;
65
66 static void ssh_sspi_bind_fns(struct ssh_gss_library *lib);
67
68 struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
69 {
70 HMODULE module;
71 HKEY regkey;
72 struct ssh_gss_liblist *list = snew(struct ssh_gss_liblist);
73 char *path;
74
75 list->libraries = snewn(3, struct ssh_gss_library);
76 list->nlibraries = 0;
77
78 /* MIT Kerberos GSSAPI implementation */
79 /* TODO: For 64-bit builds, check for gssapi64.dll */
80 module = NULL;
81 if (RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\MIT\\Kerberos", &regkey)
82 == ERROR_SUCCESS) {
83 DWORD type, size;
84 LONG ret;
85 char *buffer;
86
87 /* Find out the string length */
88 ret = RegQueryValueEx(regkey, "InstallDir", NULL, &type, NULL, &size);
89
90 if (ret == ERROR_SUCCESS && type == REG_SZ) {
91 buffer = snewn(size + 20, char);
92 ret = RegQueryValueEx(regkey, "InstallDir", NULL,
93 &type, buffer, &size);
94 if (ret == ERROR_SUCCESS && type == REG_SZ) {
95 strcat(buffer, "\\bin\\gssapi32.dll");
96 module = LoadLibrary(buffer);
97 }
98 sfree(buffer);
99 }
100 RegCloseKey(regkey);
101 }
102 if (module) {
103 struct ssh_gss_library *lib =
104 &list->libraries[list->nlibraries++];
105
106 lib->id = 0;
107 lib->gsslogmsg = "Using GSSAPI from GSSAPI32.DLL";
108 lib->handle = (void *)module;
109
110 #define BIND_GSS_FN(name) \
111 lib->u.gssapi.name = (t_gss_##name) GetProcAddress(module, "gss_" #name)
112
113 BIND_GSS_FN(delete_sec_context);
114 BIND_GSS_FN(display_status);
115 BIND_GSS_FN(get_mic);
116 BIND_GSS_FN(import_name);
117 BIND_GSS_FN(init_sec_context);
118 BIND_GSS_FN(release_buffer);
119 BIND_GSS_FN(release_cred);
120 BIND_GSS_FN(release_name);
121
122 #undef BIND_GSS_FN
123
124 ssh_gssapi_bind_fns(lib);
125 }
126
127 /* Microsoft SSPI Implementation */
128 module = load_system32_dll("secur32.dll");
129 if (module) {
130 struct ssh_gss_library *lib =
131 &list->libraries[list->nlibraries++];
132
133 lib->id = 1;
134 lib->gsslogmsg = "Using SSPI from SECUR32.DLL";
135 lib->handle = (void *)module;
136
137 GET_WINDOWS_FUNCTION(module, AcquireCredentialsHandleA);
138 GET_WINDOWS_FUNCTION(module, InitializeSecurityContextA);
139 GET_WINDOWS_FUNCTION(module, FreeContextBuffer);
140 GET_WINDOWS_FUNCTION(module, FreeCredentialsHandle);
141 GET_WINDOWS_FUNCTION(module, DeleteSecurityContext);
142 GET_WINDOWS_FUNCTION(module, QueryContextAttributesA);
143 GET_WINDOWS_FUNCTION(module, MakeSignature);
144
145 ssh_sspi_bind_fns(lib);
146 }
147
148 /*
149 * Custom GSSAPI DLL.
150 */
151 module = NULL;
152 path = conf_get_filename(conf, CONF_ssh_gss_custom)->path;
153 if (*path) {
154 module = LoadLibrary(path);
155 }
156 if (module) {
157 struct ssh_gss_library *lib =
158 &list->libraries[list->nlibraries++];
159
160 lib->id = 2;
161 lib->gsslogmsg = dupprintf("Using GSSAPI from user-specified"
162 " library '%s'", path);
163 lib->handle = (void *)module;
164
165 #define BIND_GSS_FN(name) \
166 lib->u.gssapi.name = (t_gss_##name) GetProcAddress(module, "gss_" #name)
167
168 BIND_GSS_FN(delete_sec_context);
169 BIND_GSS_FN(display_status);
170 BIND_GSS_FN(get_mic);
171 BIND_GSS_FN(import_name);
172 BIND_GSS_FN(init_sec_context);
173 BIND_GSS_FN(release_buffer);
174 BIND_GSS_FN(release_cred);
175 BIND_GSS_FN(release_name);
176
177 #undef BIND_GSS_FN
178
179 ssh_gssapi_bind_fns(lib);
180 }
181
182
183 return list;
184 }
185
186 void ssh_gss_cleanup(struct ssh_gss_liblist *list)
187 {
188 int i;
189
190 /*
191 * LoadLibrary and FreeLibrary are defined to employ reference
192 * counting in the case where the same library is repeatedly
193 * loaded, so even in a multiple-sessions-per-process context
194 * (not that we currently expect ever to have such a thing on
195 * Windows) it's safe to naively FreeLibrary everything here
196 * without worrying about destroying it under the feet of
197 * another SSH instance still using it.
198 */
199 for (i = 0; i < list->nlibraries; i++) {
200 FreeLibrary((HMODULE)list->libraries[i].handle);
201 if (list->libraries[i].id == 2) {
202 /* The 'custom' id involves a dynamically allocated message.
203 * Note that we must cast away the 'const' to free it. */
204 sfree((char *)list->libraries[i].gsslogmsg);
205 }
206 }
207 sfree(list->libraries);
208 sfree(list);
209 }
210
211 static Ssh_gss_stat ssh_sspi_indicate_mech(struct ssh_gss_library *lib,
212 Ssh_gss_buf *mech)
213 {
214 *mech = gss_mech_krb5;
215 return SSH_GSS_OK;
216 }
217
218
219 static Ssh_gss_stat ssh_sspi_import_name(struct ssh_gss_library *lib,
220 char *host, Ssh_gss_name *srv_name)
221 {
222 char *pStr;
223
224 /* Check hostname */
225 if (host == NULL) return SSH_GSS_FAILURE;
226
227 /* copy it into form host/FQDN */
228 pStr = dupcat("host/", host, NULL);
229
230 *srv_name = (Ssh_gss_name) pStr;
231
232 return SSH_GSS_OK;
233 }
234
235 static Ssh_gss_stat ssh_sspi_acquire_cred(struct ssh_gss_library *lib,
236 Ssh_gss_ctx *ctx)
237 {
238 winSsh_gss_ctx *winctx = snew(winSsh_gss_ctx);
239 memset(winctx, 0, sizeof(winSsh_gss_ctx));
240
241 /* prepare our "wrapper" structure */
242 winctx->maj_stat = winctx->min_stat = SEC_E_OK;
243 winctx->context_handle = NULL;
244
245 /* Specifying no principal name here means use the credentials of
246 the current logged-in user */
247
248 winctx->maj_stat = p_AcquireCredentialsHandleA(NULL,
249 "Kerberos",
250 SECPKG_CRED_OUTBOUND,
251 NULL,
252 NULL,
253 NULL,
254 NULL,
255 &winctx->cred_handle,
256 &winctx->expiry);
257
258 if (winctx->maj_stat != SEC_E_OK) return SSH_GSS_FAILURE;
259
260 *ctx = (Ssh_gss_ctx) winctx;
261 return SSH_GSS_OK;
262 }
263
264
265 static Ssh_gss_stat ssh_sspi_init_sec_context(struct ssh_gss_library *lib,
266 Ssh_gss_ctx *ctx,
267 Ssh_gss_name srv_name,
268 int to_deleg,
269 Ssh_gss_buf *recv_tok,
270 Ssh_gss_buf *send_tok)
271 {
272 winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) *ctx;
273 SecBuffer wsend_tok = {send_tok->length,SECBUFFER_TOKEN,send_tok->value};
274 SecBuffer wrecv_tok = {recv_tok->length,SECBUFFER_TOKEN,recv_tok->value};
275 SecBufferDesc output_desc={SECBUFFER_VERSION,1,&wsend_tok};
276 SecBufferDesc input_desc ={SECBUFFER_VERSION,1,&wrecv_tok};
277 unsigned long flags=ISC_REQ_MUTUAL_AUTH|ISC_REQ_REPLAY_DETECT|
278 ISC_REQ_CONFIDENTIALITY|ISC_REQ_ALLOCATE_MEMORY;
279 unsigned long ret_flags=0;
280
281 /* check if we have to delegate ... */
282 if (to_deleg) flags |= ISC_REQ_DELEGATE;
283 winctx->maj_stat = p_InitializeSecurityContextA(&winctx->cred_handle,
284 winctx->context_handle,
285 (char*) srv_name,
286 flags,
287 0, /* reserved */
288 SECURITY_NATIVE_DREP,
289 &input_desc,
290 0, /* reserved */
291 &winctx->context,
292 &output_desc,
293 &ret_flags,
294 &winctx->expiry);
295
296 /* prepare for the next round */
297 winctx->context_handle = &winctx->context;
298 send_tok->value = wsend_tok.pvBuffer;
299 send_tok->length = wsend_tok.cbBuffer;
300
301 /* check & return our status */
302 if (winctx->maj_stat==SEC_E_OK) return SSH_GSS_S_COMPLETE;
303 if (winctx->maj_stat==SEC_I_CONTINUE_NEEDED) return SSH_GSS_S_CONTINUE_NEEDED;
304
305 return SSH_GSS_FAILURE;
306 }
307
308 static Ssh_gss_stat ssh_sspi_free_tok(struct ssh_gss_library *lib,
309 Ssh_gss_buf *send_tok)
310 {
311 /* check input */
312 if (send_tok == NULL) return SSH_GSS_FAILURE;
313
314 /* free Windows buffer */
315 p_FreeContextBuffer(send_tok->value);
316 SSH_GSS_CLEAR_BUF(send_tok);
317
318 return SSH_GSS_OK;
319 }
320
321 static Ssh_gss_stat ssh_sspi_release_cred(struct ssh_gss_library *lib,
322 Ssh_gss_ctx *ctx)
323 {
324 winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) *ctx;
325
326 /* check input */
327 if (winctx == NULL) return SSH_GSS_FAILURE;
328
329 /* free Windows data */
330 p_FreeCredentialsHandle(&winctx->cred_handle);
331 p_DeleteSecurityContext(&winctx->context);
332
333 /* delete our "wrapper" structure */
334 sfree(winctx);
335 *ctx = (Ssh_gss_ctx) NULL;
336
337 return SSH_GSS_OK;
338 }
339
340
341 static Ssh_gss_stat ssh_sspi_release_name(struct ssh_gss_library *lib,
342 Ssh_gss_name *srv_name)
343 {
344 char *pStr= (char *) *srv_name;
345
346 if (pStr == NULL) return SSH_GSS_FAILURE;
347 sfree(pStr);
348 *srv_name = (Ssh_gss_name) NULL;
349
350 return SSH_GSS_OK;
351 }
352
353 static Ssh_gss_stat ssh_sspi_display_status(struct ssh_gss_library *lib,
354 Ssh_gss_ctx ctx, Ssh_gss_buf *buf)
355 {
356 winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) ctx;
357 char *msg;
358
359 if (winctx == NULL) return SSH_GSS_FAILURE;
360
361 /* decode the error code */
362 switch (winctx->maj_stat) {
363 case SEC_E_OK: msg="SSPI status OK"; break;
364 case SEC_E_INVALID_HANDLE: msg="The handle passed to the function"
365 " is invalid.";
366 break;
367 case SEC_E_TARGET_UNKNOWN: msg="The target was not recognized."; break;
368 case SEC_E_LOGON_DENIED: msg="The logon failed."; break;
369 case SEC_E_INTERNAL_ERROR: msg="The Local Security Authority cannot"
370 " be contacted.";
371 break;
372 case SEC_E_NO_CREDENTIALS: msg="No credentials are available in the"
373 " security package.";
374 break;
375 case SEC_E_NO_AUTHENTICATING_AUTHORITY:
376 msg="No authority could be contacted for authentication."
377 "The domain name of the authenticating party could be wrong,"
378 " the domain could be unreachable, or there might have been"
379 " a trust relationship failure.";
380 break;
381 case SEC_E_INSUFFICIENT_MEMORY:
382 msg="One or more of the SecBufferDesc structures passed as"
383 " an OUT parameter has a buffer that is too small.";
384 break;
385 case SEC_E_INVALID_TOKEN:
386 msg="The error is due to a malformed input token, such as a"
387 " token corrupted in transit, a token"
388 " of incorrect size, or a token passed into the wrong"
389 " security package. Passing a token to"
390 " the wrong package can happen if client and server did not"
391 " negotiate the proper security package.";
392 break;
393 default:
394 msg = "Internal SSPI error";
395 break;
396 }
397
398 buf->value = dupstr(msg);
399 buf->length = strlen(buf->value);
400
401 return SSH_GSS_OK;
402 }
403
404 static Ssh_gss_stat ssh_sspi_get_mic(struct ssh_gss_library *lib,
405 Ssh_gss_ctx ctx, Ssh_gss_buf *buf,
406 Ssh_gss_buf *hash)
407 {
408 winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) ctx;
409 SecPkgContext_Sizes ContextSizes;
410 SecBufferDesc InputBufferDescriptor;
411 SecBuffer InputSecurityToken[2];
412
413 if (winctx == NULL) return SSH_GSS_FAILURE;
414
415 winctx->maj_stat = 0;
416
417 memset(&ContextSizes, 0, sizeof(ContextSizes));
418
419 winctx->maj_stat = p_QueryContextAttributesA(&winctx->context,
420 SECPKG_ATTR_SIZES,
421 &ContextSizes);
422
423 if (winctx->maj_stat != SEC_E_OK ||
424 ContextSizes.cbMaxSignature == 0)
425 return winctx->maj_stat;
426
427 InputBufferDescriptor.cBuffers = 2;
428 InputBufferDescriptor.pBuffers = InputSecurityToken;
429 InputBufferDescriptor.ulVersion = SECBUFFER_VERSION;
430 InputSecurityToken[0].BufferType = SECBUFFER_DATA;
431 InputSecurityToken[0].cbBuffer = buf->length;
432 InputSecurityToken[0].pvBuffer = buf->value;
433 InputSecurityToken[1].BufferType = SECBUFFER_TOKEN;
434 InputSecurityToken[1].cbBuffer = ContextSizes.cbMaxSignature;
435 InputSecurityToken[1].pvBuffer = snewn(ContextSizes.cbMaxSignature, char);
436
437 winctx->maj_stat = p_MakeSignature(&winctx->context,
438 0,
439 &InputBufferDescriptor,
440 0);
441
442 if (winctx->maj_stat == SEC_E_OK) {
443 hash->length = InputSecurityToken[1].cbBuffer;
444 hash->value = InputSecurityToken[1].pvBuffer;
445 }
446
447 return winctx->maj_stat;
448 }
449
450 static Ssh_gss_stat ssh_sspi_free_mic(struct ssh_gss_library *lib,
451 Ssh_gss_buf *hash)
452 {
453 sfree(hash->value);
454 return SSH_GSS_OK;
455 }
456
457 static void ssh_sspi_bind_fns(struct ssh_gss_library *lib)
458 {
459 lib->indicate_mech = ssh_sspi_indicate_mech;
460 lib->import_name = ssh_sspi_import_name;
461 lib->release_name = ssh_sspi_release_name;
462 lib->init_sec_context = ssh_sspi_init_sec_context;
463 lib->free_tok = ssh_sspi_free_tok;
464 lib->acquire_cred = ssh_sspi_acquire_cred;
465 lib->release_cred = ssh_sspi_release_cred;
466 lib->get_mic = ssh_sspi_get_mic;
467 lib->free_mic = ssh_sspi_free_mic;
468 lib->display_status = ssh_sspi_display_status;
469 }
470
471 #else
472
473 /* Dummy function so this source file defines something if NO_GSSAPI
474 is defined. */
475
476 void ssh_gss_init(void)
477 {
478 }
479
480 #endif
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator