source: protocols/ssl_sspi.c @ b1bd100

Last change on this file since b1bd100 was b1bd100, checked in by Jelmer Vernooij <jelmer@…>, at 2006-05-25T16:09:15Z

[merge] integration

  • Property mode set to 100644
File size: 6.3 KB
Line 
1  /********************************************************************\
2  * BitlBee -- An IRC to other IM-networks gateway                     *
3  *                                                                    *
4  * Copyright 2002-2004 Wilmer van der Gaast and others                *
5  \********************************************************************/
6
7/* SSL module - SSPI backend */
8
9/* Copyright (C) 2005 Jelmer Vernooij <jelmer@samba.org> */
10
11/*
12  This program is free software; you can redistribute it and/or modify
13  it under the terms of the GNU General Public License as published by
14  the Free Software Foundation; either version 2 of the License, or
15  (at your option) any later version.
16
17  This program is distributed in the hope that it will be useful,
18  but WITHOUT ANY WARRANTY; without even the implied warranty of
19  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20  GNU General Public License for more details.
21
22  You should have received a copy of the GNU General Public License with
23  the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
24  if not, write to the Free Software Foundation, Inc., 59 Temple Place,
25  Suite 330, Boston, MA  02111-1307  USA
26*/
27
28#include "ssl_client.h"
29#include <windows.h>
30#define SECURITY_WIN32
31#include <security.h>
32#include <sspi.h>
33#include <schannel.h>
34
35static gboolean initialized = FALSE;
36int ssl_errno;
37
38struct scd
39{
40        int fd;
41        ssl_input_function func;
42        gpointer data;
43        gboolean established;
44        int inpa;
45        CredHandle cred;                /* SSL credentials */
46        CtxtHandle context;             /* SSL context */
47        SecPkgContext_StreamSizes sizes;
48};
49
50static void ssl_connected(gpointer, gint, GaimInputCondition);
51
52void sspi_global_init( void )
53{
54        /* FIXME */
55}
56
57void sspi_global_deinit( void )
58{
59        /* FIXME */
60}
61
62void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data )
63{
64        struct scd *conn = g_new0( struct scd, 1 );
65               
66        conn->fd = proxy_connect( host, port, ssl_connected, conn );
67        conn->func = func;
68        conn->data = data;
69        conn->inpa = -1;
70       
71        if( conn->fd < 0 )
72        {
73                g_free( conn );
74                return( NULL );
75        }
76       
77        if( !initialized )
78        {
79                sspi_global_init();
80                initialized = TRUE;
81                atexit( sspi_global_deinit );
82        }
83
84        return conn;
85}
86
87static void ssl_connected(gpointer data, gint fd, GaimInputCondition cond)
88{
89        struct scd *conn = data;
90        SCHANNEL_CRED ssl_cred;
91        TimeStamp timestamp;
92        SecBuffer ibuf[2],obuf[1];
93        SecBufferDesc ibufs,obufs;
94        ULONG req = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT |
95        ISC_REQ_CONFIDENTIALITY | ISC_REQ_USE_SESSION_KEY |
96        ISC_REQ_ALLOCATE_MEMORY | ISC_REQ_STREAM | ISC_REQ_EXTENDED_ERROR |
97                ISC_REQ_MANUAL_CRED_VALIDATION;
98        ULONG a;
99
100        memset(&ssl_cred, 0, sizeof(SCHANNEL_CRED));
101        ssl_cred.dwVersion = SCHANNEL_CRED_VERSION;
102        ssl_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
103
104        SECURITY_STATUS st = AcquireCredentialsHandle(NULL, UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &ssl_cred, NULL, NULL, &conn->cred, &timestamp);
105
106        if (st != SEC_E_OK) {
107                conn->func( conn->data, NULL, cond );
108                return;
109       
110       
111        do {
112                /* initialize buffers */
113            ibuf[0].cbBuffer = size; ibuf[0].pvBuffer = buf;
114            ibuf[1].cbBuffer = 0; ibuf[1].pvBuffer = NULL;
115            obuf[0].cbBuffer = 0; obuf[0].pvBuffer = NULL;
116        ibuf[0].BufferType = obuf[0].BufferType = SECBUFFER_TOKEN;
117            ibuf[1].BufferType = SECBUFFER_EMPTY;
118
119                /* initialize buffer descriptors */
120            ibufs.ulVersion = obufs.ulVersion = SECBUFFER_VERSION;
121            ibufs.cBuffers = 2; obufs.cBuffers = 1;
122            ibufs.pBuffers = ibuf; obufs.pBuffers = obuf;
123
124                st = InitializeSecurityContext(&conn->cred, size?&conn->context:NULL, host, req, 0, SECURITY_NETWORK_DREP, size?&ibufs:NULL, 0, &conn->context, &obufs, &a, &timestamp); 
125        if (obuf[0].pvBuffer && obuf[0].cbBuffer) {
126                        send(conn->fd, obuf[0].pvBuffer, obuf[0].cbBuffer, 0);
127                }
128
129                switch (st) {
130                case SEC_I_INCOMPLETE_CREDENTIALS:
131                        break;
132                case SEC_I_CONTINUE_NEEDED:
133
134                }
135       
136
137                QueryContextAttributes(&conn->context, SECPKG_ATTR_STREAM_SIZES, &conn->sizes);
138        } while (1);
139
140        conn->func( conn->data, conn, cond );
141}
142
143int ssl_read( void *conn, char *retdata, int len )
144{
145        struct scd *scd = conn;
146        SecBufferDesc msg;
147        SecBuffer buf[4];
148        int ret = -1, i;
149        char *data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
150
151        /* FIXME: Try to read some data */
152
153        msg.ulVersion = SECBUFFER_VERSION;
154        msg.cBuffers = 4;
155        msg.pBuffers = buf;
156       
157        buf[0].BufferType = SECBUFFER_DATA;
158        buf[0].cbBuffer = len;
159        buf[0].pvBuffer = data;
160
161        buf[1].BufferType = SECBUFFER_EMPTY;
162        buf[2].BufferType = SECBUFFER_EMPTY;
163        buf[3].BufferType = SECBUFFER_EMPTY;
164
165        SECURITY_STATUS st = DecryptMessage(&scd->context, &msg, 0, NULL);
166
167        for (i = 0; i < 4; i++) {
168                if (buf[i].BufferType == SECBUFFER_DATA) {
169                        memcpy(retdata, buf[i].pvBuffer, len);
170                        ret = len;
171                }       
172        }
173
174        g_free(data);
175        return( -1 );
176}
177
178int ssl_write( void *conn, const char *userdata, int len )
179{
180        struct scd *scd = conn;
181        SecBuffer buf[4];
182        SecBufferDesc msg;
183        char *data;
184        int ret;
185
186        msg.ulVersion = SECBUFFER_VERSION;
187        msg.cBuffers = 4;
188        msg.pBuffers = buf;
189
190        data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
191        memcpy(data + scd->sizes.cbHeader, userdata, len);
192
193        buf[0].BufferType = SECBUFFER_STREAM_HEADER;
194        buf[0].cbBuffer = scd->sizes.cbHeader;
195        buf[0].pvBuffer = data;
196
197        buf[1].BufferType = SECBUFFER_DATA;
198        buf[1].cbBuffer = len;
199        buf[1].pvBuffer = data + scd->sizes.cbHeader;
200
201        buf[2].BufferType = SECBUFFER_STREAM_TRAILER;
202        buf[2].cbBuffer = scd->sizes.cbTrailer;
203        buf[2].pvBuffer = data + scd->sizes.cbHeader + len;
204        buf[3].BufferType = SECBUFFER_EMPTY;
205
206        SECURITY_STATUS st = EncryptMessage(&scd->context, 0, &msg, 0);
207
208        ret = send(scd->fd, data, 
209                                buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer, 0);
210
211        g_free(data);
212
213        return ret;
214}
215
216void ssl_disconnect( void *conn )
217{
218        struct scd *scd = conn;
219
220        SecBufferDesc msg;
221        SecBuffer buf;
222        DWORD dw;
223
224        dw = SCHANNEL_SHUTDOWN;
225        buf.cbBuffer = sizeof(dw);
226        buf.BufferType = SECBUFFER_TOKEN;
227        buf.pvBuffer = &dw;
228       
229        msg.ulVersion = SECBUFFER_VERSION;
230        msg.cBuffers = 1;
231        msg.pBuffers = &buf;
232
233        SECURITY_STATUS st = ApplyControlToken(&scd->context, &msg);
234
235        if (st != SEC_E_OK) {
236                /* FIXME */
237        }
238       
239        /* FIXME: call InitializeSecurityContext(Schannel), passing
240         * in empty buffers*/
241
242        DeleteSecurityContext(&scd->context);
243
244        FreeCredentialsHandle(&scd->cred);
245
246        closesocket( scd->fd );
247        g_free(scd);
248}
249
250int ssl_getfd( void *conn )
251{
252        return( ((struct scd*)conn)->fd );
253}
Note: See TracBrowser for help on using the repository browser.