diff options
Diffstat (limited to 'src/modules/netlib/netlibsecurity.cpp')
-rw-r--r-- | src/modules/netlib/netlibsecurity.cpp | 75 |
1 files changed, 24 insertions, 51 deletions
diff --git a/src/modules/netlib/netlibsecurity.cpp b/src/modules/netlib/netlibsecurity.cpp index eb96625a01..218cc2aafa 100644 --- a/src/modules/netlib/netlibsecurity.cpp +++ b/src/modules/netlib/netlibsecurity.cpp @@ -32,7 +32,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. static HMODULE g_hSecurity = NULL;
static PSecurityFunctionTable g_pSSPI = NULL;
-typedef struct
+struct NtlmHandleType
{
CtxtHandle hClientContext;
CredHandle hClientCredential;
@@ -40,18 +40,16 @@ typedef struct TCHAR* szPrincipal;
unsigned cbMaxToken;
bool hasDomain;
-}
- NtlmHandleType;
+};
-typedef struct
+struct NTLM_String
{
WORD len;
WORD allocedSpace;
DWORD offset;
-}
- NTLM_String;
+};
-typedef struct
+struct NtlmType2packet
{
char sign[8];
DWORD type; // == 2
@@ -60,8 +58,7 @@ typedef struct BYTE challenge[8];
BYTE context[8];
NTLM_String targetInfo;
-}
- NtlmType2packet;
+};
static unsigned secCnt = 0, ntlmCnt = 0;
static HANDLE hSecMutex;
@@ -233,11 +230,11 @@ char* CompleteGssapi(HANDLE hSecurity, unsigned char *szChallenge, unsigned chls }
unsigned i, ressz = 0;
- for (i=0; i < outBuffersDesc.cBuffers; i++)
+ for (i = 0; i < outBuffersDesc.cBuffers; i++)
ressz += outBuffersDesc.pBuffers[i].cbBuffer;
unsigned char *response = (unsigned char*)alloca(ressz), *p = response;
- for (i=0; i < outBuffersDesc.cBuffers; i++) {
+ for (i = 0; i < outBuffersDesc.cBuffers; i++) {
memcpy(p, outBuffersDesc.pBuffers[i].pvBuffer, outBuffersDesc.pBuffers[i].cbBuffer);
p += outBuffersDesc.pBuffers[i].cbBuffer;
}
@@ -257,13 +254,11 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, char *szOutputToken;
NtlmHandleType* hNtlm = (NtlmHandleType*)hSecurity;
- if (_tcsicmp(hNtlm->szProvider, _T("Basic")))
- {
+ if (_tcsicmp(hNtlm->szProvider, _T("Basic"))) {
bool isGSSAPI = _tcsicmp(hNtlm->szProvider, _T("GSSAPI")) == 0;
TCHAR *szProvider = isGSSAPI ? _T("Kerberos") : hNtlm->szProvider;
bool hasChallenge = szChallenge != NULL && szChallenge[0] != '\0';
- if (hasChallenge)
- {
+ if (hasChallenge) {
unsigned tokenLen;
BYTE *token = (BYTE*)mir_base64_decode(szChallenge, &tokenLen);
if (token == NULL)
@@ -280,28 +275,23 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, inputSecurityToken.pvBuffer = token;
// try to decode the domain name from the NTLM challenge
- if (login != NULL && login[0] != '\0' && !hNtlm->hasDomain)
- {
+ if (login != NULL && login[0] != '\0' && !hNtlm->hasDomain) {
NtlmType2packet* pkt = (NtlmType2packet*)token;
- if (!strncmp(pkt->sign, "NTLMSSP", 8) && pkt->type == 2)
- {
+ if (!strncmp(pkt->sign, "NTLMSSP", 8) && pkt->type == 2) {
wchar_t* domainName = (wchar_t*)&token[pkt->targetName.offset];
int domainLen = pkt->targetName.len;
// Negotiate ANSI? if yes, convert the ANSI name to unicode
- if ((pkt->flags & 1) == 0)
- {
+ if ((pkt->flags & 1) == 0) {
int bufsz = MultiByteToWideChar(CP_ACP, 0, (char*)domainName, domainLen, NULL, 0);
wchar_t* buf = (wchar_t*)alloca(bufsz * sizeof(wchar_t));
domainLen = MultiByteToWideChar(CP_ACP, 0, (char*)domainName, domainLen, buf, bufsz) - 1;
domainName = buf;
}
- else
- domainLen /= sizeof(wchar_t);
+ else domainLen /= sizeof(wchar_t);
- if (domainLen)
- {
+ if (domainLen) {
size_t newLoginLen = _tcslen(login) + domainLen + 1;
TCHAR *newLogin = (TCHAR*)alloca(newLoginLen * sizeof(TCHAR));
@@ -315,15 +305,13 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, }
}
}
- else
- {
+ else {
if (SecIsValidHandle(&hNtlm->hClientContext)) g_pSSPI->DeleteSecurityContext(&hNtlm->hClientContext);
if (SecIsValidHandle(&hNtlm->hClientCredential)) g_pSSPI->FreeCredentialsHandle(&hNtlm->hClientCredential);
SEC_WINNT_AUTH_IDENTITY auth;
- if (login != NULL && login[0] != '\0')
- {
+ if (login != NULL && login[0] != '\0') {
memset(&auth, 0, sizeof(auth));
NetlibLogf(NULL, "Security login requested, user: %S pssw: %s", login, psw ? "(exist)" : "(no psw)");
@@ -358,8 +346,7 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, SECURITY_STATUS sc = g_pSSPI->AcquireCredentialsHandle(NULL, szProvider,
SECPKG_CRED_OUTBOUND, NULL, hNtlm->hasDomain ? &auth : NULL, NULL, NULL,
&hNtlm->hClientCredential, &tokenExpiration);
- if (sc != SEC_E_OK)
- {
+ if (sc != SEC_E_OK) {
ReportSecError(sc, __LINE__);
return NULL;
}
@@ -413,7 +400,7 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, if (!http)
return szOutputToken;
- ptrA szProvider( mir_t2a(hNtlm->szProvider));
+ ptrA szProvider(mir_t2a(hNtlm->szProvider));
size_t resLen = strlen(szOutputToken) + strlen(szProvider) + 10;
char *result = (char*)mir_alloc(resLen);
mir_snprintf(result, resLen, "%s %s", szProvider, szOutputToken);
@@ -435,14 +422,9 @@ static INT_PTR InitSecurityProviderService2(WPARAM, LPARAM lParam) if (req == NULL || req->cbSize < sizeof(*req))
return 0;
- HANDLE hSecurity;
-
if (req->flags & NNR_UNICODE)
- hSecurity = NetlibInitSecurityProvider(req->szProviderName, req->szPrincipal);
- else
- hSecurity = NetlibInitSecurityProvider((char*)req->szProviderName, (char*)req->szPrincipal);
-
- return (INT_PTR)hSecurity;
+ return (INT_PTR)NetlibInitSecurityProvider(req->szProviderName, req->szPrincipal);
+ return (INT_PTR)NetlibInitSecurityProvider((char*)req->szProviderName, (char*)req->szPrincipal);
}
static INT_PTR DestroySecurityProviderService(WPARAM, LPARAM lParam)
@@ -458,10 +440,7 @@ static INT_PTR NtlmCreateResponseService(WPARAM wParam, LPARAM lParam) return 0;
unsigned complete = 0;
-
- char *response = NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge,
- StrConvT(req->userName), StrConvT(req->password), false, complete);
-
+ char *response = NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, StrConvT(req->userName), StrConvT(req->password), false, complete);
return (INT_PTR)response;
}
@@ -471,16 +450,10 @@ static INT_PTR NtlmCreateResponseService2(WPARAM wParam, LPARAM lParam) if (req == NULL || req->cbSize < sizeof(*req))
return 0;
- char* response;
-
if (req->flags & NNR_UNICODE)
- response = NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge,
- req->szUserName, req->szPassword, false, req->complete);
- else
- response = NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge,
- _A2T((char*)req->szUserName), _A2T((char*)req->szPassword), false, req->complete);
+ return (INT_PTR)NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, req->szUserName, req->szPassword, false, req->complete);
- return (INT_PTR)response;
+ return (INT_PTR)NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, _A2T((char*)req->szUserName), _A2T((char*)req->szPassword), false, req->complete);
}
void NetlibSecurityInit(void)
|