|
Packit Service |
fa4841 |
/**
|
|
Packit Service |
fa4841 |
* WinPR: Windows Portable Runtime
|
|
Packit Service |
fa4841 |
* Security Support Provider Interface
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
Packit Service |
fa4841 |
* you may not use this file except in compliance with the License.
|
|
Packit Service |
fa4841 |
* You may obtain a copy of the License at
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit Service |
fa4841 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit Service |
fa4841 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit Service |
fa4841 |
* See the License for the specific language governing permissions and
|
|
Packit Service |
fa4841 |
* limitations under the License.
|
|
Packit Service |
fa4841 |
*/
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#ifdef HAVE_CONFIG_H
|
|
Packit Service |
fa4841 |
#include "config.h"
|
|
Packit Service |
fa4841 |
#endif
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#include <winpr/sspicli.h>
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
/**
|
|
Packit Service |
fa4841 |
* sspicli.dll:
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* EnumerateSecurityPackagesA
|
|
Packit Service |
fa4841 |
* EnumerateSecurityPackagesW
|
|
Packit Service |
fa4841 |
* GetUserNameExW
|
|
Packit Service |
fa4841 |
* ImportSecurityContextA
|
|
Packit Service |
fa4841 |
* LogonUser
|
|
Packit Service |
fa4841 |
* LogonUserEx
|
|
Packit Service |
fa4841 |
* LogonUserExExW
|
|
Packit Service |
fa4841 |
* SspiCompareAuthIdentities
|
|
Packit Service |
fa4841 |
* SspiCopyAuthIdentity
|
|
Packit Service |
fa4841 |
* SspiDecryptAuthIdentity
|
|
Packit Service |
fa4841 |
* SspiEncodeAuthIdentityAsStrings
|
|
Packit Service |
fa4841 |
* SspiEncodeStringsAsAuthIdentity
|
|
Packit Service |
fa4841 |
* SspiEncryptAuthIdentity
|
|
Packit Service |
fa4841 |
* SspiExcludePackage
|
|
Packit Service |
fa4841 |
* SspiFreeAuthIdentity
|
|
Packit Service |
fa4841 |
* SspiGetTargetHostName
|
|
Packit Service |
fa4841 |
* SspiIsAuthIdentityEncrypted
|
|
Packit Service |
fa4841 |
* SspiLocalFree
|
|
Packit Service |
fa4841 |
* SspiMarshalAuthIdentity
|
|
Packit Service |
fa4841 |
* SspiPrepareForCredRead
|
|
Packit Service |
fa4841 |
* SspiPrepareForCredWrite
|
|
Packit Service |
fa4841 |
* SspiUnmarshalAuthIdentity
|
|
Packit Service |
fa4841 |
* SspiValidateAuthIdentity
|
|
Packit Service |
fa4841 |
* SspiZeroAuthIdentity
|
|
Packit Service |
fa4841 |
*/
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#ifndef _WIN32
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#include <winpr/crt.h>
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#ifdef HAVE_UNISTD_H
|
|
Packit Service |
fa4841 |
#include <unistd.h>
|
|
Packit Service |
fa4841 |
#endif
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#include <pthread.h>
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#include <pwd.h>
|
|
Packit Service |
fa4841 |
#include <grp.h>
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#include "../handle/handle.h"
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#include "../security/security.h"
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
static BOOL LogonUserCloseHandle(HANDLE handle);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
static BOOL LogonUserIsHandled(HANDLE handle)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
b1ea74 |
WINPR_ACCESS_TOKEN* pLogonUser = (WINPR_ACCESS_TOKEN*)handle;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!pLogonUser || (pLogonUser->Type != HANDLE_TYPE_ACCESS_TOKEN))
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
SetLastError(ERROR_INVALID_HANDLE);
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
static int LogonUserGetFd(HANDLE handle)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
WINPR_ACCESS_TOKEN* pLogonUser = (WINPR_ACCESS_TOKEN*)handle;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!LogonUserIsHandled(handle))
|
|
Packit Service |
fa4841 |
return -1;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
/* TODO: File fd not supported */
|
|
Packit Service |
fa4841 |
(void)pLogonUser;
|
|
Packit Service |
fa4841 |
return -1;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
BOOL LogonUserCloseHandle(HANDLE handle)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
b1ea74 |
WINPR_ACCESS_TOKEN* token = (WINPR_ACCESS_TOKEN*)handle;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!handle || !LogonUserIsHandled(handle))
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
free(token->Username);
|
|
Packit Service |
fa4841 |
free(token->Domain);
|
|
Packit Service |
fa4841 |
free(token);
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
static HANDLE_OPS ops = { LogonUserIsHandled,
|
|
Packit Service |
b1ea74 |
LogonUserCloseHandle,
|
|
Packit Service |
b1ea74 |
LogonUserGetFd,
|
|
Packit Service |
b1ea74 |
NULL, /* CleanupHandle */
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL,
|
|
Packit Service |
b1ea74 |
NULL };
|
|
Packit Service |
b1ea74 |
|
|
Packit Service |
b1ea74 |
BOOL LogonUserA(LPCSTR lpszUsername, LPCSTR lpszDomain, LPCSTR lpszPassword, DWORD dwLogonType,
|
|
Packit Service |
b1ea74 |
DWORD dwLogonProvider, PHANDLE phToken)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
struct passwd* pw;
|
|
Packit Service |
fa4841 |
WINPR_ACCESS_TOKEN* token;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!lpszUsername)
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
token = (WINPR_ACCESS_TOKEN*)calloc(1, sizeof(WINPR_ACCESS_TOKEN));
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!token)
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
WINPR_HANDLE_SET_TYPE_AND_MODE(token, HANDLE_TYPE_ACCESS_TOKEN, WINPR_FD_READ);
|
|
Packit Service |
fa4841 |
token->ops = &ops;
|
|
Packit Service |
fa4841 |
token->Username = _strdup(lpszUsername);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!token->Username)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
free(token);
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (lpszDomain)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
token->Domain = _strdup(lpszDomain);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!token->Domain)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
free(token->Username);
|
|
Packit Service |
fa4841 |
free(token);
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
pw = getpwnam(lpszUsername);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (pw)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
b1ea74 |
token->UserId = (DWORD)pw->pw_uid;
|
|
Packit Service |
b1ea74 |
token->GroupId = (DWORD)pw->pw_gid;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
*((ULONG_PTR*)phToken) = (ULONG_PTR)token;
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
BOOL LogonUserW(LPCWSTR lpszUsername, LPCWSTR lpszDomain, LPCWSTR lpszPassword, DWORD dwLogonType,
|
|
Packit Service |
b1ea74 |
DWORD dwLogonProvider, PHANDLE phToken)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
BOOL LogonUserExA(LPCSTR lpszUsername, LPCSTR lpszDomain, LPCSTR lpszPassword, DWORD dwLogonType,
|
|
Packit Service |
b1ea74 |
DWORD dwLogonProvider, PHANDLE phToken, PSID* ppLogonSid, PVOID* ppProfileBuffer,
|
|
Packit Service |
b1ea74 |
LPDWORD pdwProfileLength, PQUOTA_LIMITS pQuotaLimits)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
BOOL LogonUserExW(LPCWSTR lpszUsername, LPCWSTR lpszDomain, LPCWSTR lpszPassword, DWORD dwLogonType,
|
|
Packit Service |
b1ea74 |
DWORD dwLogonProvider, PHANDLE phToken, PSID* ppLogonSid, PVOID* ppProfileBuffer,
|
|
Packit Service |
b1ea74 |
LPDWORD pdwProfileLength, PQUOTA_LIMITS pQuotaLimits)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
BOOL GetUserNameExA(EXTENDED_NAME_FORMAT NameFormat, LPSTR lpNameBuffer, PULONG nSize)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
b1ea74 |
size_t length;
|
|
Packit Service |
b1ea74 |
char login[MAX_PATH];
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
switch (NameFormat)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
case NameSamCompatible:
|
|
Packit Service |
b1ea74 |
#ifndef HAVE_GETLOGIN_R
|
|
Packit Service |
b1ea74 |
strncpy(login, getlogin(), sizeof(login));
|
|
Packit Service |
b1ea74 |
#else
|
|
Packit Service |
b1ea74 |
if (getlogin_r(login, sizeof(login)) != 0)
|
|
Packit Service |
b1ea74 |
return FALSE;
|
|
Packit Service |
b1ea74 |
#endif
|
|
Packit Service |
fa4841 |
length = strlen(login);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (*nSize >= length)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
CopyMemory(lpNameBuffer, login, length + 1);
|
|
Packit Service |
b1ea74 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
else
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
*nSize = length + 1;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
break;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
case NameFullyQualifiedDN:
|
|
Packit Service |
fa4841 |
case NameDisplay:
|
|
Packit Service |
fa4841 |
case NameUniqueId:
|
|
Packit Service |
fa4841 |
case NameCanonical:
|
|
Packit Service |
fa4841 |
case NameUserPrincipal:
|
|
Packit Service |
fa4841 |
case NameCanonicalEx:
|
|
Packit Service |
fa4841 |
case NameServicePrincipal:
|
|
Packit Service |
fa4841 |
case NameDnsDomain:
|
|
Packit Service |
fa4841 |
break;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
default:
|
|
Packit Service |
fa4841 |
break;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
return FALSE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
BOOL GetUserNameExW(EXTENDED_NAME_FORMAT NameFormat, LPWSTR lpNameBuffer, PULONG nSize)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
return 0;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#endif
|