31 #define SECURITY_WIN32
36 #define SCHANNEL_INITIAL_BUFFER_SIZE 4096
37 #define SCHANNEL_FREE_BUFFER_SIZE 1024
40 #ifndef SECBUFFER_ALERT
41 #define SECBUFFER_ALERT 17
65 SecPkgContext_StreamSizes
sizes;
81 unsigned long buffer_count)
83 desc->ulVersion = SECBUFFER_VERSION;
84 desc->pBuffers = buffers;
85 desc->cBuffers = buffer_count;
95 SecBufferDesc BuffDesc;
97 SECURITY_STATUS sspi_ret;
99 SecBufferDesc outbuf_desc;
101 DWORD dwshut = SCHANNEL_SHUTDOWN;
105 sspi_ret = ApplyControlToken(&
c->ctxt_handle, &BuffDesc);
106 if (sspi_ret != SEC_E_OK)
112 sspi_ret = InitializeSecurityContext(&
c->cred_handle, &
c->ctxt_handle,
s->host,
113 c->request_flags, 0, 0,
NULL, 0, &
c->ctxt_handle,
114 &outbuf_desc, &
c->context_flags, &
c->ctxt_timestamp);
115 if (sspi_ret == SEC_E_OK || sspi_ret == SEC_I_CONTEXT_EXPIRED) {
118 FreeContextBuffer(outbuf.pvBuffer);
119 if (
ret < 0 ||
ret != outbuf.cbBuffer)
134 DeleteSecurityContext(&
c->ctxt_handle);
135 FreeCredentialsHandle(&
c->cred_handle);
138 c->enc_buf_size =
c->enc_buf_offset = 0;
141 c->dec_buf_size =
c->dec_buf_offset = 0;
151 SECURITY_STATUS sspi_ret;
152 SecBuffer outbuf[3] = { 0 };
153 SecBufferDesc outbuf_desc;
155 SecBufferDesc inbuf_desc;
158 if (
c->enc_buf ==
NULL) {
159 c->enc_buf_offset = 0;
166 if (
c->dec_buf ==
NULL) {
167 c->dec_buf_offset = 0;
179 c->enc_buf_size =
c->enc_buf_offset = 0;
186 c->enc_buf_size -
c->enc_buf_offset);
191 c->enc_buf_offset +=
ret;
199 if (inbuf[0].pvBuffer ==
NULL) {
205 memcpy(inbuf[0].pvBuffer,
c->enc_buf,
c->enc_buf_offset);
213 sspi_ret = InitializeSecurityContext(&
c->cred_handle, &
c->ctxt_handle,
s->host,
c->request_flags,
214 0, 0, &inbuf_desc, 0,
NULL, &outbuf_desc, &
c->context_flags,
218 if (sspi_ret == SEC_E_INCOMPLETE_MESSAGE) {
225 if (sspi_ret == SEC_I_INCOMPLETE_CREDENTIALS &&
226 !(
c->request_flags & ISC_REQ_USE_SUPPLIED_CREDS)) {
228 c->request_flags |= ISC_REQ_USE_SUPPLIED_CREDS;
234 if (sspi_ret == SEC_I_CONTINUE_NEEDED || sspi_ret == SEC_E_OK) {
235 for (
i = 0;
i < 3;
i++) {
236 if (outbuf[
i].BufferType == SECBUFFER_TOKEN && outbuf[
i].cbBuffer > 0) {
238 if (
ret < 0 ||
ret != outbuf[
i].cbBuffer) {
245 if (outbuf[
i].pvBuffer !=
NULL) {
246 FreeContextBuffer(outbuf[
i].pvBuffer);
247 outbuf[
i].pvBuffer =
NULL;
251 if (sspi_ret == SEC_E_WRONG_PRINCIPAL)
259 if (inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) {
260 if (
c->enc_buf_offset > inbuf[1].cbBuffer) {
261 memmove(
c->enc_buf, (
c->enc_buf +
c->enc_buf_offset) - inbuf[1].cbBuffer,
263 c->enc_buf_offset = inbuf[1].cbBuffer;
264 if (sspi_ret == SEC_I_CONTINUE_NEEDED) {
270 c->enc_buf_offset = 0;
273 if (sspi_ret == SEC_I_CONTINUE_NEEDED) {
285 for (
i = 0;
i < 3;
i++) {
286 if (outbuf[
i].pvBuffer !=
NULL) {
287 FreeContextBuffer(outbuf[
i].pvBuffer);
288 outbuf[
i].pvBuffer =
NULL;
300 SecBufferDesc outbuf_desc;
301 SECURITY_STATUS sspi_ret;
307 c->request_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
308 ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
311 sspi_ret = InitializeSecurityContext(&
c->cred_handle,
NULL,
s->host,
c->request_flags, 0, 0,
312 NULL, 0, &
c->ctxt_handle, &outbuf_desc, &
c->context_flags,
314 if (sspi_ret != SEC_I_CONTINUE_NEEDED) {
322 FreeContextBuffer(outbuf.pvBuffer);
323 if (
ret < 0 ||
ret != outbuf.cbBuffer) {
332 DeleteSecurityContext(&
c->ctxt_handle);
340 SECURITY_STATUS sspi_ret;
341 SCHANNEL_CRED schannel_cred = { 0 };
354 schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
357 schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
358 SCH_CRED_REVOCATION_CHECK_CHAIN;
360 schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
361 SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
362 SCH_CRED_IGNORE_REVOCATION_OFFLINE;
365 sspi_ret = AcquireCredentialsHandle(
NULL, (TCHAR *)UNISP_NAME, SECPKG_CRED_OUTBOUND,
368 if (sspi_ret != SEC_E_OK) {
391 SECURITY_STATUS sspi_ret = SEC_E_OK;
393 SecBufferDesc inbuf_desc;
402 if (
c->dec_buf_offset > 0)
405 if (
c->sspi_close_notify)
408 if (!
c->connection_closed) {
409 size =
c->enc_buf_size -
c->enc_buf_offset;
410 if (size < SCHANNEL_FREE_BUFFER_SIZE || c->enc_buf_size < min_enc_buf_size) {
412 if (
c->enc_buf_size < min_enc_buf_size)
413 c->enc_buf_size = min_enc_buf_size;
416 c->enc_buf_size =
c->enc_buf_offset = 0;
425 c->enc_buf_size -
c->enc_buf_offset);
427 c->connection_closed = 1;
431 }
else if (
ret < 0) {
436 c->enc_buf_offset +=
ret;
439 while (
c->enc_buf_offset > 0 && sspi_ret == SEC_E_OK) {
449 sspi_ret = DecryptMessage(&
c->ctxt_handle, &inbuf_desc, 0,
NULL);
450 if (sspi_ret == SEC_E_OK || sspi_ret == SEC_I_RENEGOTIATE ||
451 sspi_ret == SEC_I_CONTEXT_EXPIRED) {
453 if (inbuf[1].BufferType == SECBUFFER_DATA) {
457 if (
c->dec_buf_size -
c->dec_buf_offset <
size ||
c->dec_buf_size <
len) {
458 c->dec_buf_size =
c->dec_buf_offset +
size;
459 if (
c->dec_buf_size <
len)
460 c->dec_buf_size =
len;
463 c->dec_buf_size =
c->dec_buf_offset = 0;
469 size = inbuf[1].cbBuffer;
471 memcpy(
c->dec_buf +
c->dec_buf_offset, inbuf[1].pvBuffer,
size);
472 c->dec_buf_offset +=
size;
475 if (inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) {
476 if (
c->enc_buf_offset > inbuf[3].cbBuffer) {
477 memmove(
c->enc_buf, (
c->enc_buf +
c->enc_buf_offset) - inbuf[3].cbBuffer,
479 c->enc_buf_offset = inbuf[3].cbBuffer;
482 c->enc_buf_offset = 0;
484 if (sspi_ret == SEC_I_RENEGOTIATE) {
485 if (
c->enc_buf_offset) {
498 }
else if (sspi_ret == SEC_I_CONTEXT_EXPIRED) {
499 c->sspi_close_notify = 1;
500 if (!
c->connection_closed) {
501 c->connection_closed = 1;
507 }
else if (sspi_ret == SEC_E_INCOMPLETE_MESSAGE) {
522 memcpy(buf,
c->dec_buf,
size);
523 memmove(
c->dec_buf,
c->dec_buf +
size,
c->dec_buf_offset -
size);
524 c->dec_buf_offset -=
size;
529 if (
ret == 0 && !
c->connection_closed)
539 SECURITY_STATUS sspi_ret;
540 int ret = 0, data_size;
543 SecBufferDesc outbuf_desc;
545 if (
c->sizes.cbMaximumMessage == 0) {
546 sspi_ret = QueryContextAttributes(&
c->ctxt_handle, SECPKG_ATTR_STREAM_SIZES, &
c->sizes);
547 if (sspi_ret != SEC_E_OK)
554 data_size =
c->sizes.cbHeader +
len +
c->sizes.cbTrailer;
560 data,
c->sizes.cbHeader);
569 memcpy(outbuf[1].pvBuffer, buf,
len);
571 sspi_ret = EncryptMessage(&
c->ctxt_handle, 0, &outbuf_desc, 0);
572 if (sspi_ret == SEC_E_OK) {
573 len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
588 if (sspi_ret == SEC_E_INSUFFICIENT_MEMORY)
597 return ret < 0 ?
ret : outbuf[1].cbBuffer;