secur32: dispatcher to start ntlm_auth
Kai Blin
blin at gmx.net
Sat Aug 27 10:23:59 CDT 2005
This dispatcher runs ntlm_auth to do authentication. This will be used
by the NTLM and Negotiate providers. Fixed to close all file
descriptors. Also won't use stdio anymore.
Changelog:
Kai Blin <blin at gmx.net>
A dispatcher to run ntlm_auth. Used for NTLM and Negotiate.
--
Kai Blin, (blin at gmx dot net)
Coward, n.:
One who in a perilous emergency thinks with his legs.
-- Ambrose Bierce, "The Devil's Dictionary"
-------------- next part --------------
--- dlls/secur32/Makefile.in.old 2005-08-27 17:02:00.311904760 +0200
+++ dlls/secur32/Makefile.in 2005-08-27 17:10:55.694514232 +0200
@@ -8,6 +8,7 @@
C_SRCS = \
base64_codec.c \
+ dispatcher.c \
negotiate.c \
ntlm.c \
schannel.c \
--- dlls/secur32/secur32_priv.h.old 2005-08-27 17:07:38.200537880 +0200
+++ dlls/secur32/secur32_priv.h 2005-08-27 17:10:30.118402392 +0200
@@ -21,6 +21,9 @@
#ifndef __SECUR32_PRIV_H__
#define __SECUR32_PRIV_H__
+#include <sys/types.h>
+#include <stdio.h>
+
/* Memory allocation functions for memory accessible by callers of secur32.
* There is no REALLOC, because LocalReAlloc can only work if used in
* conjunction with LMEM_MOVEABLE and LocalLock, but callers aren't using
@@ -47,6 +50,25 @@
SecureProvider *provider;
} SecurePackage;
+typedef enum _helper_mode {
+ NTLM_SERVER,
+ NTLM_CLIENT,
+ NEGO_SERVER,
+ NEGO_CLIENT,
+ NUM_HELPER_MODES
+} HelperMode;
+
+typedef struct _NegoHelper {
+ pid_t helper_pid;
+ HelperMode mode;
+ SEC_CHAR *password;
+ int pwlen;
+ int pipe_in;
+ int pipe_out;
+ int first_time;
+ int version;
+} NegoHelper, *PNegoHelper;
+
/* Allocates space for and initializes a new provider. If fnTableA or fnTableW
* is non-NULL, assumes the provider is built-in (and is thus already loaded.)
* Otherwise moduleName must not be NULL.
@@ -82,6 +104,17 @@
void SECUR32_initNegotiateSP(void);
void SECUR32_initNTLMSP(void);
+/* Functions from dispatcher.c used elsewhere in the code */
+SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
+ char * const argv[]);
+
+SECURITY_STATUS run_helper(PNegoHelper helper, unsigned char *buffer,
+ unsigned int max_buflen, int *buflen);
+
+void cleanup_helper(PNegoHelper helper);
+
+void check_version(PNegoHelper helper);
+
/* Functions from base64_codec.c used elsewhere */
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
int max_len, int *out_len);
--- /dev/null 2005-08-19 11:42:14.099901488 +0200
+++ dlls/secur32/dispatcher.c 2005-08-27 17:03:03.348321768 +0200
@@ -0,0 +1,215 @@
+/*
+ * Copyright 2005 Kai Blin
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * A dispatcher to run ntlm_auth for wine's sspi module.
+ */
+
+#include <stdarg.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include "windef.h"
+#include "winbase.h"
+#include "winerror.h"
+#include "sspi.h"
+#include "secur32_priv.h"
+#include "wine/debug.h"
+
+WINE_DEFAULT_DEBUG_CHANNEL(secur32);
+
+SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
+ char* const argv[])
+{
+ int pipe_in[2];
+ int pipe_out[2];
+ int i;
+
+ TRACE("%s ", debugstr_a(prog));
+ for(i = 0; argv[i] != NULL; ++i)
+ {
+ TRACE("%s ", debugstr_a(argv[i]));
+ }
+ TRACE("\n");
+ PNegoHelper helper = HeapAlloc(GetProcessHeap(), 0, sizeof(NegoHelper));
+
+ if (helper == NULL)
+ {
+ return SEC_E_INSUFFICIENT_MEMORY;
+ }
+
+ *new_helper = helper;
+
+ if( ( pipe(pipe_in) < 0 ) || ( pipe(pipe_out) < 0 ) )
+ {
+ close(pipe_in[0]);
+ close(pipe_in[1]);
+ close(pipe_out[0]);
+ close(pipe_out[1]);
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ helper->first_time = 0;
+ helper->helper_pid = fork();
+
+ if(helper->helper_pid == -1)
+ {
+ close(pipe_in[0]);
+ close(pipe_in[1]);
+ close(pipe_out[0]);
+ close(pipe_out[1]);
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ if(helper->helper_pid == 0)
+ {
+ /* We're in the child now */
+ close(0);
+ close(1);
+
+ dup2(pipe_out[0], 0);
+ close(pipe_out[0]);
+ close(pipe_out[1]);
+
+ dup2(pipe_in[1], 1);
+ close(pipe_in[0]);
+ close(pipe_in[1]);
+
+ execvp(prog, argv);
+
+ /* Whoops, we shouldn't get here. Big badaboom.*/
+ write(STDOUT_FILENO, "BH\n", 3);
+ exit(0x302);
+
+ }
+ else
+ {
+ helper->pipe_in = pipe_in[0];
+ close(pipe_in[1]);
+ helper->pipe_out = pipe_out[1];
+ close(pipe_out[0]);
+ }
+
+ return SEC_E_OK;
+}
+
+SECURITY_STATUS run_helper(PNegoHelper helper, unsigned char *buffer,
+ unsigned int max_buflen, int *buflen)
+{
+ /* ntlm_auth's buffer size is fixed at 2010 chars */
+ if(strlen(buffer) > 2010){
+ return SEC_E_BUFFER_TOO_SMALL;
+ }
+ TRACE("In helper: sending %s\n", debugstr_a(buffer));
+
+ /* buffer + '\n' */
+ int out_len = strlen(buffer) + 1;
+ char *out_buf = HeapAlloc(GetProcessHeap(), 0, out_len+1);
+ lstrcpyA(out_buf, buffer);
+ strcat(out_buf, "\n");
+
+ write(helper->pipe_out, out_buf, out_len);
+ HeapFree(GetProcessHeap(), 0, out_buf);
+
+ if(read(helper->pipe_in, buffer, 3) <= 2)
+ {
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ if(strncmp(buffer, "OK", 2) == 0)
+ {
+ /* if the first two chars are OK, kill OK\n */
+ /* workaround for ntlm_auth v4 bug */
+ if(helper->first_time == 0)
+ read(helper->pipe_in, buffer, max_buflen-1);
+ }
+ else
+ {
+ if(strncmp(buffer, "PW", 2) != 0)
+ read(helper->pipe_in, buffer+3, max_buflen-4);
+ }
+
+ TRACE("In helper: recieved %s\n", debugstr_a(buffer));
+
+ char *newline;
+
+ if((newline = strchr(buffer, '\n'))!= NULL)
+ {
+ *newline = '\0';
+ }
+ *buflen = strlen(buffer);
+
+ if( *buflen < 2 )
+ {
+ return SEC_E_ILLEGAL_MESSAGE;
+ }
+
+ if( (*buflen <= 3) && (strncmp(buffer, "BH", 2) == 0))
+ {
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ return SEC_E_OK;
+}
+
+void cleanup_helper(PNegoHelper helper)
+{
+
+ TRACE("Killing helper %p\n", helper);
+ if( (helper == NULL) || (helper->helper_pid == 0))
+ return;
+
+ kill(helper->helper_pid, SIGTERM);
+ waitpid(helper->helper_pid, NULL, 0);
+
+ HeapFree(GetProcessHeap(), 0, helper->password);
+
+ close(helper->pipe_out);
+ close(helper->pipe_in);
+
+ helper->helper_pid = 0;
+ HeapFree(GetProcessHeap(), 0, helper);
+}
+
+void check_version(PNegoHelper helper)
+{
+ TRACE("Checking version of helper\n");
+ char *temp = HeapAlloc(GetProcessHeap(), 0, 80);
+ char *newline;
+ if(helper != NULL)
+ {
+ read(helper->pipe_in, temp, 79);
+ if((newline = strchr(temp, '\n')) != NULL)
+ *newline = '\0';
+
+ TRACE("Exact version is %s\n", debugstr_a(temp));
+ if(strncmp(temp+8, "3.9", 3) == 0)
+ {
+ helper->version = 4;
+ }
+ else if(strncmp(temp+8, "3.0", 3) == 0)
+ {
+ helper->version = 3;
+ }
+ else
+ {
+ TRACE("Unknown version!\n");
+ helper->version = -1;
+ }
+ }
+}
More information about the wine-patches
mailing list