From 3b9477da30fc2ca24b91c7d7530cc8faf9945789 Mon Sep 17 00:00:00 2001 From: George Hazan Date: Sun, 21 Dec 2014 19:13:17 +0000 Subject: static version of the kernel ssl driver git-svn-id: http://svn.miranda-ng.org/main/trunk@11562 1316c22d-e87f-b044-9b9b-93d7a3e3ba9c --- src/modules/netlib/netlibsecurity.cpp | 75 +++++++++++------------------------ 1 file changed, 24 insertions(+), 51 deletions(-) (limited to 'src/modules/netlib/netlibsecurity.cpp') diff --git a/src/modules/netlib/netlibsecurity.cpp b/src/modules/netlib/netlibsecurity.cpp index eb96625a01..218cc2aafa 100644 --- a/src/modules/netlib/netlibsecurity.cpp +++ b/src/modules/netlib/netlibsecurity.cpp @@ -32,7 +32,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. static HMODULE g_hSecurity = NULL; static PSecurityFunctionTable g_pSSPI = NULL; -typedef struct +struct NtlmHandleType { CtxtHandle hClientContext; CredHandle hClientCredential; @@ -40,18 +40,16 @@ typedef struct TCHAR* szPrincipal; unsigned cbMaxToken; bool hasDomain; -} - NtlmHandleType; +}; -typedef struct +struct NTLM_String { WORD len; WORD allocedSpace; DWORD offset; -} - NTLM_String; +}; -typedef struct +struct NtlmType2packet { char sign[8]; DWORD type; // == 2 @@ -60,8 +58,7 @@ typedef struct BYTE challenge[8]; BYTE context[8]; NTLM_String targetInfo; -} - NtlmType2packet; +}; static unsigned secCnt = 0, ntlmCnt = 0; static HANDLE hSecMutex; @@ -233,11 +230,11 @@ char* CompleteGssapi(HANDLE hSecurity, unsigned char *szChallenge, unsigned chls } unsigned i, ressz = 0; - for (i=0; i < outBuffersDesc.cBuffers; i++) + for (i = 0; i < outBuffersDesc.cBuffers; i++) ressz += outBuffersDesc.pBuffers[i].cbBuffer; unsigned char *response = (unsigned char*)alloca(ressz), *p = response; - for (i=0; i < outBuffersDesc.cBuffers; i++) { + for (i = 0; i < outBuffersDesc.cBuffers; i++) { memcpy(p, outBuffersDesc.pBuffers[i].pvBuffer, outBuffersDesc.pBuffers[i].cbBuffer); p += outBuffersDesc.pBuffers[i].cbBuffer; } @@ -257,13 +254,11 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, char *szOutputToken; NtlmHandleType* hNtlm = (NtlmHandleType*)hSecurity; - if (_tcsicmp(hNtlm->szProvider, _T("Basic"))) - { + if (_tcsicmp(hNtlm->szProvider, _T("Basic"))) { bool isGSSAPI = _tcsicmp(hNtlm->szProvider, _T("GSSAPI")) == 0; TCHAR *szProvider = isGSSAPI ? _T("Kerberos") : hNtlm->szProvider; bool hasChallenge = szChallenge != NULL && szChallenge[0] != '\0'; - if (hasChallenge) - { + if (hasChallenge) { unsigned tokenLen; BYTE *token = (BYTE*)mir_base64_decode(szChallenge, &tokenLen); if (token == NULL) @@ -280,28 +275,23 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, inputSecurityToken.pvBuffer = token; // try to decode the domain name from the NTLM challenge - if (login != NULL && login[0] != '\0' && !hNtlm->hasDomain) - { + if (login != NULL && login[0] != '\0' && !hNtlm->hasDomain) { NtlmType2packet* pkt = (NtlmType2packet*)token; - if (!strncmp(pkt->sign, "NTLMSSP", 8) && pkt->type == 2) - { + if (!strncmp(pkt->sign, "NTLMSSP", 8) && pkt->type == 2) { wchar_t* domainName = (wchar_t*)&token[pkt->targetName.offset]; int domainLen = pkt->targetName.len; // Negotiate ANSI? if yes, convert the ANSI name to unicode - if ((pkt->flags & 1) == 0) - { + if ((pkt->flags & 1) == 0) { int bufsz = MultiByteToWideChar(CP_ACP, 0, (char*)domainName, domainLen, NULL, 0); wchar_t* buf = (wchar_t*)alloca(bufsz * sizeof(wchar_t)); domainLen = MultiByteToWideChar(CP_ACP, 0, (char*)domainName, domainLen, buf, bufsz) - 1; domainName = buf; } - else - domainLen /= sizeof(wchar_t); + else domainLen /= sizeof(wchar_t); - if (domainLen) - { + if (domainLen) { size_t newLoginLen = _tcslen(login) + domainLen + 1; TCHAR *newLogin = (TCHAR*)alloca(newLoginLen * sizeof(TCHAR)); @@ -315,15 +305,13 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, } } } - else - { + else { if (SecIsValidHandle(&hNtlm->hClientContext)) g_pSSPI->DeleteSecurityContext(&hNtlm->hClientContext); if (SecIsValidHandle(&hNtlm->hClientCredential)) g_pSSPI->FreeCredentialsHandle(&hNtlm->hClientCredential); SEC_WINNT_AUTH_IDENTITY auth; - if (login != NULL && login[0] != '\0') - { + if (login != NULL && login[0] != '\0') { memset(&auth, 0, sizeof(auth)); NetlibLogf(NULL, "Security login requested, user: %S pssw: %s", login, psw ? "(exist)" : "(no psw)"); @@ -358,8 +346,7 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, SECURITY_STATUS sc = g_pSSPI->AcquireCredentialsHandle(NULL, szProvider, SECPKG_CRED_OUTBOUND, NULL, hNtlm->hasDomain ? &auth : NULL, NULL, NULL, &hNtlm->hClientCredential, &tokenExpiration); - if (sc != SEC_E_OK) - { + if (sc != SEC_E_OK) { ReportSecError(sc, __LINE__); return NULL; } @@ -413,7 +400,7 @@ char* NtlmCreateResponseFromChallenge(HANDLE hSecurity, const char *szChallenge, if (!http) return szOutputToken; - ptrA szProvider( mir_t2a(hNtlm->szProvider)); + ptrA szProvider(mir_t2a(hNtlm->szProvider)); size_t resLen = strlen(szOutputToken) + strlen(szProvider) + 10; char *result = (char*)mir_alloc(resLen); mir_snprintf(result, resLen, "%s %s", szProvider, szOutputToken); @@ -435,14 +422,9 @@ static INT_PTR InitSecurityProviderService2(WPARAM, LPARAM lParam) if (req == NULL || req->cbSize < sizeof(*req)) return 0; - HANDLE hSecurity; - if (req->flags & NNR_UNICODE) - hSecurity = NetlibInitSecurityProvider(req->szProviderName, req->szPrincipal); - else - hSecurity = NetlibInitSecurityProvider((char*)req->szProviderName, (char*)req->szPrincipal); - - return (INT_PTR)hSecurity; + return (INT_PTR)NetlibInitSecurityProvider(req->szProviderName, req->szPrincipal); + return (INT_PTR)NetlibInitSecurityProvider((char*)req->szProviderName, (char*)req->szPrincipal); } static INT_PTR DestroySecurityProviderService(WPARAM, LPARAM lParam) @@ -458,10 +440,7 @@ static INT_PTR NtlmCreateResponseService(WPARAM wParam, LPARAM lParam) return 0; unsigned complete = 0; - - char *response = NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, - StrConvT(req->userName), StrConvT(req->password), false, complete); - + char *response = NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, StrConvT(req->userName), StrConvT(req->password), false, complete); return (INT_PTR)response; } @@ -471,16 +450,10 @@ static INT_PTR NtlmCreateResponseService2(WPARAM wParam, LPARAM lParam) if (req == NULL || req->cbSize < sizeof(*req)) return 0; - char* response; - if (req->flags & NNR_UNICODE) - response = NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, - req->szUserName, req->szPassword, false, req->complete); - else - response = NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, - _A2T((char*)req->szUserName), _A2T((char*)req->szPassword), false, req->complete); + return (INT_PTR)NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, req->szUserName, req->szPassword, false, req->complete); - return (INT_PTR)response; + return (INT_PTR)NtlmCreateResponseFromChallenge((HANDLE)wParam, req->szChallenge, _A2T((char*)req->szUserName), _A2T((char*)req->szPassword), false, req->complete); } void NetlibSecurityInit(void) -- cgit v1.2.3