source: protocols/ssl_sspi.c @ e3fb678

Last change on this file since e3fb678 was e3fb678, checked in by Jelmer Vernooij <jelmer@…>, at 2005-12-18T16:10:24Z

Initial work on a SSPI SSL backend

  • Property mode set to 100644
File size: 5.0 KB
Line 
1  /********************************************************************\
2  * BitlBee -- An IRC to other IM-networks gateway                     *
3  *                                                                    *
4  * Copyright 2002-2004 Wilmer van der Gaast and others                *
5  \********************************************************************/
6
7/* SSL module - SSPI backend */
8
9/* Copyright (C) 2005 Jelmer Vernooij <jelmer@samba.org> */
10
11/*
12  This program is free software; you can redistribute it and/or modify
13  it under the terms of the GNU General Public License as published by
14  the Free Software Foundation; either version 2 of the License, or
15  (at your option) any later version.
16
17  This program is distributed in the hope that it will be useful,
18  but WITHOUT ANY WARRANTY; without even the implied warranty of
19  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20  GNU General Public License for more details.
21
22  You should have received a copy of the GNU General Public License with
23  the Debian GNU/Linux distribution in /usr/share/common-licenses/GPL;
24  if not, write to the Free Software Foundation, Inc., 59 Temple Place,
25  Suite 330, Boston, MA  02111-1307  USA
26*/
27
28#include "ssl_client.h"
29#include <windows.h>
30#define SECURITY_WIN32
31#include <security.h>
32#include <sspi.h>
33#include <schannel.h>
34
35static gboolean initialized = FALSE;
36int ssl_errno;
37
38struct scd
39{
40        int fd;
41        SslInputFunction func;
42        gpointer data;
43        gboolean established;
44        int inpa;
45        CredHandle cred;                /* SSL credentials */
46        CtxtHandle context;             /* SSL context */
47        SecPkgContext_StreamSizes sizes;
48};
49
50static void ssl_connected( gpointer data, gint source, GaimInputCondition cond );
51
52void sspi_global_init( void )
53{
54        /* FIXME */
55}
56
57void sspi_global_deinit( void )
58{
59        /* FIXME */
60}
61
62void *ssl_connect( char *host, int port, SslInputFunction func, gpointer data )
63{
64        struct scd *conn = g_new0( struct scd, 1 );
65        SCHANNEL_CRED ssl_cred;
66        TimeStamp timestamp;
67       
68        conn->fd = proxy_connect( host, port, ssl_connected, conn );
69        conn->func = func;
70        conn->data = data;
71        conn->inpa = -1;
72       
73        if( conn->fd < 0 )
74        {
75                g_free( conn );
76                return( NULL );
77        }
78       
79        if( !initialized )
80        {
81                sspi_global_init();
82                initialized = TRUE;
83                atexit( sspi_global_deinit );
84        }
85
86        conn->context = NULL;
87
88        memset(&ssl_cred, 0, sizeof(SCHANNEL_CRED));
89        ssl_cred.dwVersion = SCHANNEL_CRED_VERSION;
90        ssl_cred.grbitEnabledProtocols = SP_PROT_SSL3_CLIENT;
91
92        SECURITY_STATUS st = AcquireCredentialsHandle(NULL, UNISP_NAME, SECPKG_CRED_OUTBOUND, NULL, &ssl_cred, NULL, NULL, &conn->cred, &timestamp);
93       
94        InitializeSecurityContext(&conn->cred, &conn->context, host, FIXME, 1, FIXME); 
95
96        QueryContextAttributes(&conn->context, SECPKG_ATTR_STREAM_SIZES, &conn->sizes);
97
98       
99        return( conn );
100}
101
102int ssl_read( void *conn, char *retdata, int len )
103{
104        struct scd *scd = conn;
105        SecBufferDesc msg;
106        SecBuffer buf[4];
107        int ret = -1, i;
108        char *data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
109
110        /* FIXME: Try to read some data */
111
112        msg.ulVersion = SECBUFFER_VERSION;
113        msg.cBuffers = 4;
114        msg.pBuffers = buf;
115       
116        buf[0].BufferType = SECBUFFER_DATA;
117        buf[0].cbBuffer = len;
118        buf[0].pvBuffer = data;
119
120        buf[1].BufferType = SECBUFFER_EMPTY;
121        buf[2].BufferType = SECBUFFER_EMPTY;
122        buf[3].BufferType = SECBUFFER_EMPTY;
123
124        SECURITY_STATUS st = DecryptMessage(&scd->context, &msg, 0, NULL);
125
126        for (i = 0; i < 4; i++) {
127                if (buf[i].BufferType == SECBUFFER_DATA) {
128                        memcpy(retdata, buf[i].pvBuffer, len);
129                        ret = len;
130                }       
131        }
132
133        g_free(data);
134        return( -1 );
135}
136
137int ssl_write( void *conn, const char *userdata, int len )
138{
139        struct scd *scd = conn;
140        SecBuffer buf[4];
141        SecBufferDesc msg;
142        char *data;
143        int ret;
144
145        msg.ulVersion = SECBUFFER_VERSION;
146        msg.cBuffers = 4;
147        msg.pBuffers = buf;
148
149        data = g_malloc(scd->sizes.cbHeader + scd->sizes.cbMaximumMessage + scd->sizes.cbTrailer);
150        memcpy(data + scd->sizes.cbHeader, userdata, len);
151
152        buf[0].BufferType = SECBUFFER_STREAM_HEADER;
153        buf[0].cbBuffer = scd->sizes.cbHeader;
154        buf[0].pvBuffer = data;
155
156        buf[1].BufferType = SECBUFFER_DATA;
157        buf[1].cbBuffer = len;
158        buf[1].pvBuffer = data + scd->sizes.cbHeader;
159
160        buf[2].BufferType = SECBUFFER_STREAM_TRAILER;
161        buf[2].cbBuffer = scd->sizes.cbTrailer;
162        buf[2].pvBuffer = data + scd->sizes.cbHeader + len;
163        buf[3].BufferType = SECBUFFER_EMPTY;
164
165        SECURITY_STATUS st = EncryptMessage(&scd->context, 0, &msg, 0);
166
167        ret = send(scd->fd, data, 
168                                buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer, 0);
169
170        g_free(data);
171
172        return ret;
173}
174
175void ssl_disconnect( void *conn )
176{
177        struct scd *scd = conn;
178
179        SecBufferDesc msg;
180        SecBuffer buf;
181        DWORD dw;
182
183        dw = SCHANNEL_SHUTDOWN;
184        buf.cbBuffer = sizeof(dw);
185        buf.BufferType = SECBUFFER_TOKEN;
186        buf.pvBuffer = &dw;
187       
188        msg.ulVersion = SECBUFFER_VERSION;
189        msg.cBuffers = 1;
190        msg.pBuffers = &buf;
191
192        SECURITY_STATUS st = ApplyControlToken(&scd->context, &msg);
193
194        if (st != SEC_E_OK) {
195                /* FIXME */
196        }
197       
198        /* FIXME: call InitializeSecurityContext(Schannel), passing
199         * in empty buffers*/
200
201        DeleteSecurityContext(&scd->context);
202
203        closesocket( scd->fd );
204        g_free(scd);
205}
206
207int ssl_getfd( void *conn )
208{
209        return( ((struct scd*)conn)->fd );
210}
Note: See TracBrowser for help on using the repository browser.