Skip to content

Commit

Permalink
use SecurityFunctionTable version 3 with SetCredentialsAttributes fun…
Browse files Browse the repository at this point in the history
…ction pointer
  • Loading branch information
awakecoding authored and hardening committed Sep 30, 2022
1 parent c7af6fa commit 3224a43
Showing 6 changed files with 99 additions and 13 deletions.
20 changes: 20 additions & 0 deletions winpr/include/winpr/sspi.h
Original file line number Diff line number Diff line change
@@ -1258,6 +1258,26 @@ extern "C"
/* Extended SECPKG_CRED_ATTR IDs begin at 500 */
#define SECPKG_CRED_ATTR_KDC_URL 501

typedef struct
{
SEC_CHAR* KdcUrl;
} SecPkgCredentials_KdcUrlA;
typedef SecPkgCredentials_KdcUrlA* PSecPkgCredentials_KdcUrlA;

typedef struct
{
SEC_WCHAR* KdcUrl;
} SecPkgCredentials_KdcUrlW;
typedef SecPkgCredentials_KdcUrlW* PSecPkgCredentials_KdcUrlW;

#ifdef UNICODE
#define SecPkgCredentials_KdcUrl SecPkgCredentials_KdcUrlW
#define PSecPkgCredentials_KdcUrl PSecPkgCredentials_KdcUrlW
#else
#define SecPkgCredentials_KdcUrl SecPkgCredentials_KdcUrlA
#define PSecPkgCredentials_KdcUrl PSecPkgCredentials_KdcUrlA
#endif

/* Extended SECPKG_ATTR IDs begin at 1000 */
#define SECPKG_ATTR_AUTH_IDENTITY 1001
#define SECPKG_ATTR_AUTH_PASSWORD 1002
6 changes: 4 additions & 2 deletions winpr/libwinpr/sspi/CredSSP/credssp.c
Original file line number Diff line number Diff line change
@@ -223,7 +223,7 @@ static SECURITY_STATUS SEC_ENTRY credssp_VerifySignature(PCtxtHandle phContext,
}

const SecurityFunctionTableA CREDSSP_SecurityFunctionTableA = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
credssp_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
credssp_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
@@ -251,10 +251,11 @@ const SecurityFunctionTableA CREDSSP_SecurityFunctionTableA = {
credssp_EncryptMessage, /* EncryptMessage */
credssp_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributes */
NULL, /* SetCredentialsAttributes */
};

const SecurityFunctionTableW CREDSSP_SecurityFunctionTableW = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
credssp_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
credssp_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
@@ -282,6 +283,7 @@ const SecurityFunctionTableW CREDSSP_SecurityFunctionTableW = {
credssp_EncryptMessage, /* EncryptMessage */
credssp_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributes */
NULL, /* SetCredentialsAttributes */
};

const SecPkgInfoA CREDSSP_SecPkgInfoA = {
38 changes: 34 additions & 4 deletions winpr/libwinpr/sspi/Kerberos/kerberos.c
Original file line number Diff line number Diff line change
@@ -1224,6 +1224,34 @@ static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW(PCtxtHandle ph
return kerberos_QueryContextAttributesA(phContext, ulAttribute, pBuffer);
}

static SECURITY_STATUS SEC_ENTRY kerberos_SetContextAttributesW(PCtxtHandle phContext,
ULONG ulAttribute, void* pBuffer,
ULONG cbBuffer)
{
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY kerberos_SetContextAttributesA(PCtxtHandle phContext,
ULONG ulAttribute, void* pBuffer,
ULONG cbBuffer)
{
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY kerberos_SetCredentialsAttributesW(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer,
ULONG cbBuffer)
{
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY kerberos_SetCredentialsAttributesA(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer,
ULONG cbBuffer)
{
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
PSecBufferDesc pMessage,
ULONG MessageSeqNo)
@@ -1574,7 +1602,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(PCtxtHandle phContext,
}

const SecurityFunctionTableA KERBEROS_SecurityFunctionTableA = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
kerberos_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
kerberos_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
@@ -1601,11 +1629,12 @@ const SecurityFunctionTableA KERBEROS_SecurityFunctionTableA = {
NULL, /* QuerySecurityContextToken */
kerberos_EncryptMessage, /* EncryptMessage */
kerberos_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributes */
kerberos_SetContextAttributesA, /* SetContextAttributes */
kerberos_SetCredentialsAttributesA, /* SetCredentialsAttributes */
};

const SecurityFunctionTableW KERBEROS_SecurityFunctionTableW = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
kerberos_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
kerberos_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
@@ -1632,5 +1661,6 @@ const SecurityFunctionTableW KERBEROS_SecurityFunctionTableW = {
NULL, /* QuerySecurityContextToken */
kerberos_EncryptMessage, /* EncryptMessage */
kerberos_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributes */
kerberos_SetContextAttributesW, /* SetContextAttributes */
kerberos_SetCredentialsAttributesW, /* SetCredentialsAttributes */
};
22 changes: 19 additions & 3 deletions winpr/libwinpr/sspi/NTLM/ntlm.c
Original file line number Diff line number Diff line change
@@ -963,6 +963,20 @@ static SECURITY_STATUS SEC_ENTRY ntlm_SetContextAttributesA(PCtxtHandle phContex
return ntlm_SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
}

static SECURITY_STATUS SEC_ENTRY ntlm_SetCredentialsAttributesW(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer,
ULONG cbBuffer)
{
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY ntlm_SetCredentialsAttributesA(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer,
ULONG cbBuffer)
{
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY ntlm_RevertSecurityContext(PCtxtHandle phContext)
{
return SEC_E_OK;
@@ -1264,7 +1278,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
}

const SecurityFunctionTableA NTLM_SecurityFunctionTableA = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
ntlm_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
ntlm_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
@@ -1292,10 +1306,11 @@ const SecurityFunctionTableA NTLM_SecurityFunctionTableA = {
ntlm_EncryptMessage, /* EncryptMessage */
ntlm_DecryptMessage, /* DecryptMessage */
ntlm_SetContextAttributesA, /* SetContextAttributes */
ntlm_SetCredentialsAttributesA, /* SetCredentialsAttributes */
};

const SecurityFunctionTableW NTLM_SecurityFunctionTableW = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
ntlm_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
ntlm_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
@@ -1322,7 +1337,8 @@ const SecurityFunctionTableW NTLM_SecurityFunctionTableW = {
NULL, /* QuerySecurityContextToken */
ntlm_EncryptMessage, /* EncryptMessage */
ntlm_DecryptMessage, /* DecryptMessage */
ntlm_SetContextAttributesA, /* SetContextAttributes */
ntlm_SetContextAttributesW, /* SetContextAttributes */
ntlm_SetCredentialsAttributesW, /* SetCredentialsAttributes */
};

const SecPkgInfoA NTLM_SecPkgInfoA = {
20 changes: 18 additions & 2 deletions winpr/libwinpr/sspi/Negotiate/negotiate.c
Original file line number Diff line number Diff line change
@@ -1202,6 +1202,20 @@ static SECURITY_STATUS SEC_ENTRY negotiate_SetContextAttributesA(PCtxtHandle phC
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY negotiate_SetCredentialsAttributesW(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer,
ULONG cbBuffer)
{
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY negotiate_SetCredentialsAttributesA(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer,
ULONG cbBuffer)
{
return SEC_E_UNSUPPORTED_FUNCTION;
}

static SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW(
SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
@@ -1413,7 +1427,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_VerifySignature(PCtxtHandle phContext
}

const SecurityFunctionTableA NEGOTIATE_SecurityFunctionTableA = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
negotiate_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
negotiate_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
@@ -1441,10 +1455,11 @@ const SecurityFunctionTableA NEGOTIATE_SecurityFunctionTableA = {
negotiate_EncryptMessage, /* EncryptMessage */
negotiate_DecryptMessage, /* DecryptMessage */
negotiate_SetContextAttributesA, /* SetContextAttributes */
negotiate_SetCredentialsAttributesA, /* SetCredentialsAttributes */
};

const SecurityFunctionTableW NEGOTIATE_SecurityFunctionTableW = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
negotiate_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
negotiate_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
@@ -1472,4 +1487,5 @@ const SecurityFunctionTableW NEGOTIATE_SecurityFunctionTableW = {
negotiate_EncryptMessage, /* EncryptMessage */
negotiate_DecryptMessage, /* DecryptMessage */
negotiate_SetContextAttributesW, /* SetContextAttributes */
negotiate_SetCredentialsAttributesW, /* SetCredentialsAttributes */
};
6 changes: 4 additions & 2 deletions winpr/libwinpr/sspi/Schannel/schannel.c
Original file line number Diff line number Diff line change
@@ -358,7 +358,7 @@ static SECURITY_STATUS SEC_ENTRY schannel_DecryptMessage(PCtxtHandle phContext,
}

const SecurityFunctionTableA SCHANNEL_SecurityFunctionTableA = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
schannel_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
schannel_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
@@ -386,10 +386,11 @@ const SecurityFunctionTableA SCHANNEL_SecurityFunctionTableA = {
schannel_EncryptMessage, /* EncryptMessage */
schannel_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributes */
NULL, /* SetCredentialsAttributes */
};

const SecurityFunctionTableW SCHANNEL_SecurityFunctionTableW = {
1, /* dwVersion */
3, /* dwVersion */
NULL, /* EnumerateSecurityPackages */
schannel_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
schannel_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
@@ -417,6 +418,7 @@ const SecurityFunctionTableW SCHANNEL_SecurityFunctionTableW = {
schannel_EncryptMessage, /* EncryptMessage */
schannel_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributes */
NULL, /* SetCredentialsAttributes */
};

const SecPkgInfoA SCHANNEL_SecPkgInfoA = {

0 comments on commit 3224a43

Please sign in to comment.