Context Navigation

source: protocols/ssl_sspi.c @ eecccf1

Last change on this file since eecccf1 was b1bd100, checked in by Jelmer Vernooij <jelmer@…>, at 2006-05-25T16:09:15Z
[merge] integration
Property mode set to `100644`
File size: 6.3 KB

Rev	Line
[e3fb678]	1	/********************************************************************\
	2	* BitlBee -- An IRC to other IM-networks gateway *
	3	* *
	4	* Copyright 2002-2004 Wilmer van der Gaast and others *
	5	\********************************************************************/
	6
	7	/* SSL module - SSPI backend */
	8
	9	/* Copyright (C) 2005 Jelmer Vernooij <jelmer@samba.org> */
	10
	11	/*
	12	This program is free software; you can redistribute it and/or modify
	13	it under the terms of the GNU General Public License as published by
	14	the Free Software Foundation; either version 2 of the License, or
	15	(at your option) any later version.
	16
	17	This program is distributed in the hope that it will be useful,
	18	but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	GNU General Public License for more details.
	21
	22	You should have received a copy of the GNU General Public License with
	23	the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
	24	if not, write to the Free Software Foundation, Inc., 59 Temple Place,
	25	Suite 330, Boston, MA 02111-1307 USA
	26	*/
	27
	28	#include "ssl_client.h"
	29	#include <windows.h>
	30	#define SECURITY_WIN32
	31	#include <security.h>
	32	#include <sspi.h>
	33	#include <schannel.h>
	34
	35	static gboolean initialized = FALSE;
	36	int ssl_errno;
	37
	38	struct scd
	39	{
	40	int fd;
[80c1e4d]	41	ssl_input_function func;
[e3fb678]	42	gpointer data;
	43	gboolean established;
	44	int inpa;
	45	CredHandle cred; /* SSL credentials */
	46	CtxtHandle context; /* SSL context */
	47	SecPkgContext_StreamSizes sizes;
	48	};
	49
[b1bd100]	50	static void ssl_connected(gpointer, gint, GaimInputCondition);
[e3fb678]	51
	52	void sspi_global_init( void )
	53	{
	54	/* FIXME */
	55	}
	56
	57	void sspi_global_deinit( void )
	58	{
	59	/* FIXME */
	60	}
	61
[80c1e4d]	62	void ssl_connect( char host, int port, ssl_input_function func, gpointer data )
[e3fb678]	63	{
	64	struct scd *conn = g_new0( struct scd, 1 );
[b1bd100]	65
[e3fb678]	66	conn->fd = proxy_connect( host, port, ssl_connected, conn );
	67	conn->func = func;
	68	conn->data = data;
	69	conn->inpa = -1;
	70
	71	if( conn->fd < 0 )
	72	{
	73	g_free( conn );
	74	return( NULL );
	75	}
	76
	77	if( !initialized )
	78	{
	79	sspi_global_init();
	80	initialized = TRUE;
	81	atexit( sspi_global_deinit );
	82	}
	83
[b1bd100]	84	return conn;
	85	}
	86
	87	static void ssl_connected(gpointer data, gint fd, GaimInputCondition cond)
	88	{
	89	struct scd *conn = data;
	90	SCHANNEL_CRED ssl_cred;
	91	TimeStamp timestamp;
	92	SecBuffer ibuf[2],obuf[1];
	93	SecBufferDesc ibufs,obufs;
	94	ULONG req = ISC_REQ_REPLAY_DETECT \| ISC_REQ_SEQUENCE_DETECT \|
	95	ISC_REQ_CONFIDENTIALITY \| ISC_REQ_USE_SESSION_KEY \|
	96	ISC_REQ_ALLOCATE_MEMORY \| ISC_REQ_STREAM \| ISC_REQ_EXTENDED_ERROR \|
	97	ISC_REQ_MANUAL_CRED_VALIDATION;
	98	ULONG a;
	99
[e3fb678]	100	memset(&ssl_cred, 0, sizeof(SCHANNEL_CRED));
	101	ssl_cred.dwVersion = SCHANNEL_CRED_VERSION;
	102	ssl_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
	103
	104	SECURITY_STATUS st = AcquireCredentialsHandle(NULL, UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &ssl_cred, NULL, NULL, &conn->cred, &timestamp);
[51a4ffb]	105
[b1bd100]	106	if (st != SEC_E_OK) {
	107	conn->func( conn->data, NULL, cond );
	108	return;
	109
[51a4ffb]	110
	111	do {
	112	/* initialize buffers */
	113	ibuf[0].cbBuffer = size; ibuf[0].pvBuffer = buf;
[b1bd100]	114	ibuf[1].cbBuffer = 0; ibuf[1].pvBuffer = NULL;
	115	obuf[0].cbBuffer = 0; obuf[0].pvBuffer = NULL;
[51a4ffb]	116	ibuf[0].BufferType = obuf[0].BufferType = SECBUFFER_TOKEN;
	117	ibuf[1].BufferType = SECBUFFER_EMPTY;
	118
	119	/* initialize buffer descriptors */
	120	ibufs.ulVersion = obufs.ulVersion = SECBUFFER_VERSION;
	121	ibufs.cBuffers = 2; obufs.cBuffers = 1;
	122	ibufs.pBuffers = ibuf; obufs.pBuffers = obuf;
	123
	124	st = InitializeSecurityContext(&conn->cred, size?&conn->context:NULL, host, req, 0, SECURITY_NETWORK_DREP, size?&ibufs:NULL, 0, &conn->context, &obufs, &a, &timestamp);
	125	if (obuf[0].pvBuffer && obuf[0].cbBuffer) {
	126	send(conn->fd, obuf[0].pvBuffer, obuf[0].cbBuffer, 0);
	127	}
	128
	129	switch (st) {
	130	case SEC_I_INCOMPLETE_CREDENTIALS:
	131	break;
	132	case SEC_I_CONTINUE_NEEDED:
	133
	134	}
[e3fb678]	135
	136
[51a4ffb]	137	QueryContextAttributes(&conn->context, SECPKG_ATTR_STREAM_SIZES, &conn->sizes);
[b1bd100]	138	} while (1);
[e3fb678]	139
[b1bd100]	140	conn->func( conn->data, conn, cond );
[e3fb678]	141	}
	142
	143	int ssl_read( void conn, char retdata, int len )
	144	{
	145	struct scd *scd = conn;
	146	SecBufferDesc msg;
	147	SecBuffer buf[4];
	148	int ret = -1, i;
	149	char *data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
	150
	151	/* FIXME: Try to read some data */
	152
	153	msg.ulVersion = SECBUFFER_VERSION;
	154	msg.cBuffers = 4;
	155	msg.pBuffers = buf;
	156
	157	buf[0].BufferType = SECBUFFER_DATA;
	158	buf[0].cbBuffer = len;
	159	buf[0].pvBuffer = data;
	160
	161	buf[1].BufferType = SECBUFFER_EMPTY;
	162	buf[2].BufferType = SECBUFFER_EMPTY;
	163	buf[3].BufferType = SECBUFFER_EMPTY;
	164
	165	SECURITY_STATUS st = DecryptMessage(&scd->context, &msg, 0, NULL);
	166
	167	for (i = 0; i < 4; i++) {
	168	if (buf[i].BufferType == SECBUFFER_DATA) {
	169	memcpy(retdata, buf[i].pvBuffer, len);
	170	ret = len;
	171	}
	172	}
	173
	174	g_free(data);
	175	return( -1 );
	176	}
	177
	178	int ssl_write( void conn, const char userdata, int len )
	179	{
	180	struct scd *scd = conn;
	181	SecBuffer buf[4];
	182	SecBufferDesc msg;
	183	char *data;
	184	int ret;
	185
	186	msg.ulVersion = SECBUFFER_VERSION;
	187	msg.cBuffers = 4;
	188	msg.pBuffers = buf;
	189
	190	data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
	191	memcpy(data + scd->sizes.cbHeader, userdata, len);
	192
	193	buf[0].BufferType = SECBUFFER_STREAM_HEADER;
	194	buf[0].cbBuffer = scd->sizes.cbHeader;
	195	buf[0].pvBuffer = data;
	196
	197	buf[1].BufferType = SECBUFFER_DATA;
	198	buf[1].cbBuffer = len;
	199	buf[1].pvBuffer = data + scd->sizes.cbHeader;
	200
	201	buf[2].BufferType = SECBUFFER_STREAM_TRAILER;
	202	buf[2].cbBuffer = scd->sizes.cbTrailer;
	203	buf[2].pvBuffer = data + scd->sizes.cbHeader + len;
	204	buf[3].BufferType = SECBUFFER_EMPTY;
	205
	206	SECURITY_STATUS st = EncryptMessage(&scd->context, 0, &msg, 0);
	207
	208	ret = send(scd->fd, data,
	209	buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer, 0);
	210
	211	g_free(data);
	212
	213	return ret;
	214	}
	215
	216	void ssl_disconnect( void *conn )
	217	{
	218	struct scd *scd = conn;
	219
	220	SecBufferDesc msg;
	221	SecBuffer buf;
	222	DWORD dw;
	223
	224	dw = SCHANNEL_SHUTDOWN;
	225	buf.cbBuffer = sizeof(dw);
	226	buf.BufferType = SECBUFFER_TOKEN;
	227	buf.pvBuffer = &dw;
	228
	229	msg.ulVersion = SECBUFFER_VERSION;
	230	msg.cBuffers = 1;
	231	msg.pBuffers = &buf;
	232
	233	SECURITY_STATUS st = ApplyControlToken(&scd->context, &msg);
	234
	235	if (st != SEC_E_OK) {
	236	/* FIXME */
	237	}
	238
	239	/* FIXME: call InitializeSecurityContext(Schannel), passing
	240	* in empty buffers*/
	241
	242	DeleteSecurityContext(&scd->context);
	243
[b1bd100]	244	FreeCredentialsHandle(&scd->cred);
[51a4ffb]	245
[e3fb678]	246	closesocket( scd->fd );
	247	g_free(scd);
	248	}
	249
	250	int ssl_getfd( void *conn )
	251	{
	252	return( ((struct scd*)conn)->fd );
	253	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: