source: protocols/ssl_sspi.c @ 51a4ffb

Last change on this file since 51a4ffb was 51a4ffb, checked in by Jelmer Vernooij <jelmer@…>, at 2006-05-25T09:55:00Z

Some more work on SSL on Windows

  • Property mode set to 100644
File size: 6.2 KB
Line 
1  /********************************************************************\
2  * BitlBee -- An IRC to other IM-networks gateway                     *
3  *                                                                    *
4  * Copyright 2002-2004 Wilmer van der Gaast and others                *
5  \********************************************************************/
6
7/* SSL module - SSPI backend */
8
9/* Copyright (C) 2005 Jelmer Vernooij <jelmer@samba.org> */
10
11/*
12  This program is free software; you can redistribute it and/or modify
13  it under the terms of the GNU General Public License as published by
14  the Free Software Foundation; either version 2 of the License, or
15  (at your option) any later version.
16
17  This program is distributed in the hope that it will be useful,
18  but WITHOUT ANY WARRANTY; without even the implied warranty of
19  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20  GNU General Public License for more details.
21
22  You should have received a copy of the GNU General Public License with
23  the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
24  if not, write to the Free Software Foundation, Inc., 59 Temple Place,
25  Suite 330, Boston, MA  02111-1307  USA
26*/
27
28#include "ssl_client.h"
29#include <windows.h>
30#define SECURITY_WIN32
31#include <security.h>
32#include <sspi.h>
33#include <schannel.h>
34
35static gboolean initialized = FALSE;
36int ssl_errno;
37
38struct scd
39{
40        int fd;
41        ssl_input_function func;
42        gpointer data;
43        gboolean established;
44        int inpa;
45        CredHandle cred;                /* SSL credentials */
46        CtxtHandle context;             /* SSL context */
47        SecPkgContext_StreamSizes sizes;
48};
49
50static void ssl_connected( gpointer data, gint source, GaimInputCondition cond );
51
52void sspi_global_init( void )
53{
54        /* FIXME */
55}
56
57void sspi_global_deinit( void )
58{
59        /* FIXME */
60}
61
62void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
63{
64        struct scd *conn = g_new0( struct scd, 1 );
65        SCHANNEL_CRED ssl_cred;
66        TimeStamp timestamp;
67        SecBuffer ibuf[2],obuf[1];
68        SecBufferDesc ibufs,obufs;
69        ULONG req = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT |
70        ISC_REQ_CONFIDENTIALITY | ISC_REQ_USE_SESSION_KEY |
71        ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM | ISC_REQ_EXTENDED_ERROR |
72                ISC_REQ_MANUAL_CRED_VALIDATION;
73        ULONG a;
74       
75        conn->fd = proxy_connect( host, port, ssl_connected, conn );
76        conn->func = func;
77        conn->data = data;
78        conn->inpa = -1;
79       
80        if( conn->fd < 0 )
81        {
82                g_free( conn );
83                return( NULL );
84        }
85       
86        if( !initialized )
87        {
88                sspi_global_init();
89                initialized = TRUE;
90                atexit( sspi_global_deinit );
91        }
92
93        memset(&ssl_cred, 0, sizeof(SCHANNEL_CRED));
94        ssl_cred.dwVersion = SCHANNEL_CRED_VERSION;
95        ssl_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
96
97        SECURITY_STATUS st = AcquireCredentialsHandle(NULL, UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &ssl_cred, NULL, NULL, &conn->cred, &timestamp);
98
99        if (st != SEC_E_OK) 
100                return NULL;
101       
102        do {
103                /* initialize buffers */
104            ibuf[0].cbBuffer = size; ibuf[0].pvBuffer = buf;
105            ibuf[1].cbBuffer = 0; ibuf[1].pvBuffer = NIL;
106            obuf[0].cbBuffer = 0; obuf[0].pvBuffer = NIL;
107        ibuf[0].BufferType = obuf[0].BufferType = SECBUFFER_TOKEN;
108            ibuf[1].BufferType = SECBUFFER_EMPTY;
109
110                /* initialize buffer descriptors */
111            ibufs.ulVersion = obufs.ulVersion = SECBUFFER_VERSION;
112            ibufs.cBuffers = 2; obufs.cBuffers = 1;
113            ibufs.pBuffers = ibuf; obufs.pBuffers = obuf;
114
115                st = InitializeSecurityContext(&conn->cred, size?&conn->context:NULL, host, req, 0, SECURITY_NETWORK_DREP, size?&ibufs:NULL, 0, &conn->context, &obufs, &a, &timestamp); 
116        if (obuf[0].pvBuffer && obuf[0].cbBuffer) {
117                        send(conn->fd, obuf[0].pvBuffer, obuf[0].cbBuffer, 0);
118                }
119
120                switch (st) {
121                case SEC_I_INCOMPLETE_CREDENTIALS:
122                        break;
123                case SEC_I_CONTINUE_NEEDED:
124
125                }
126       
127
128                QueryContextAttributes(&conn->context, SECPKG_ATTR_STREAM_SIZES, &conn->sizes);
129
130       
131        return( conn );
132}
133
134int ssl_read( void *conn, char *retdata, int len )
135{
136        struct scd *scd = conn;
137        SecBufferDesc msg;
138        SecBuffer buf[4];
139        int ret = -1, i;
140        char *data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
141
142        /* FIXME: Try to read some data */
143
144        msg.ulVersion = SECBUFFER_VERSION;
145        msg.cBuffers = 4;
146        msg.pBuffers = buf;
147       
148        buf[0].BufferType = SECBUFFER_DATA;
149        buf[0].cbBuffer = len;
150        buf[0].pvBuffer = data;
151
152        buf[1].BufferType = SECBUFFER_EMPTY;
153        buf[2].BufferType = SECBUFFER_EMPTY;
154        buf[3].BufferType = SECBUFFER_EMPTY;
155
156        SECURITY_STATUS st = DecryptMessage(&scd->context, &msg, 0, NULL);
157
158        for (i = 0; i < 4; i++) {
159                if (buf[i].BufferType == SECBUFFER_DATA) {
160                        memcpy(retdata, buf[i].pvBuffer, len);
161                        ret = len;
162                }       
163        }
164
165        g_free(data);
166        return( -1 );
167}
168
169int ssl_write( void *conn, const char *userdata, int len )
170{
171        struct scd *scd = conn;
172        SecBuffer buf[4];
173        SecBufferDesc msg;
174        char *data;
175        int ret;
176
177        msg.ulVersion = SECBUFFER_VERSION;
178        msg.cBuffers = 4;
179        msg.pBuffers = buf;
180
181        data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
182        memcpy(data + scd->sizes.cbHeader, userdata, len);
183
184        buf[0].BufferType = SECBUFFER_STREAM_HEADER;
185        buf[0].cbBuffer = scd->sizes.cbHeader;
186        buf[0].pvBuffer = data;
187
188        buf[1].BufferType = SECBUFFER_DATA;
189        buf[1].cbBuffer = len;
190        buf[1].pvBuffer = data + scd->sizes.cbHeader;
191
192        buf[2].BufferType = SECBUFFER_STREAM_TRAILER;
193        buf[2].cbBuffer = scd->sizes.cbTrailer;
194        buf[2].pvBuffer = data + scd->sizes.cbHeader + len;
195        buf[3].BufferType = SECBUFFER_EMPTY;
196
197        SECURITY_STATUS st = EncryptMessage(&scd->context, 0, &msg, 0);
198
199        ret = send(scd->fd, data, 
200                                buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer, 0);
201
202        g_free(data);
203
204        return ret;
205}
206
207void ssl_disconnect( void *conn )
208{
209        struct scd *scd = conn;
210
211        SecBufferDesc msg;
212        SecBuffer buf;
213        DWORD dw;
214
215        dw = SCHANNEL_SHUTDOWN;
216        buf.cbBuffer = sizeof(dw);
217        buf.BufferType = SECBUFFER_TOKEN;
218        buf.pvBuffer = &dw;
219       
220        msg.ulVersion = SECBUFFER_VERSION;
221        msg.cBuffers = 1;
222        msg.pBuffers = &buf;
223
224        SECURITY_STATUS st = ApplyControlToken(&scd->context, &msg);
225
226        if (st != SEC_E_OK) {
227                /* FIXME */
228        }
229       
230        /* FIXME: call InitializeSecurityContext(Schannel), passing
231         * in empty buffers*/
232
233        DeleteSecurityContext(&scd->context);
234
235        FreeCredentialHandle(&scd->cred);
236
237        closesocket( scd->fd );
238        g_free(scd);
239}
240
241int ssl_getfd( void *conn )
242{
243        return( ((struct scd*)conn)->fd );
244}
Note: See TracBrowser for help on using the repository browser.