secur32: Dispatcher for samba's ntlm_auth
Kai Blin
blin at gmx.net
Wed Sep 21 10:56:59 CDT 2005
ntlm_auth takes care of the messy details of the NTLM and Negotiate
protocols for wine's SSPI implementation. The dispatcher will assume
that ntlm_auth is in the path of the user running wine. For client side
authentication, no setup is needed on the wine side.
Changelog:
Kai Blin <blin at gmx.net>
A dispatcher for running ntlm_auth.
--
Kai Blin, (blin at gmx dot net)
Just once, I wish we would encounter an alien menace that wasn't
immune to bullets.
-- The Brigadier, "Dr. Who"
-------------- next part --------------
Index: dlls/secur32/Makefile.in
===================================================================
RCS file: /home/wine/wine/dlls/secur32/Makefile.in,v
retrieving revision 1.7
diff -u -3 -r1.7 Makefile.in
--- dlls/secur32/Makefile.in 21 Sep 2005 11:43:52 -0000 1.7
+++ dlls/secur32/Makefile.in 21 Sep 2005 15:47:38 -0000
@@ -8,6 +8,7 @@
C_SRCS = \
base64_codec.c \
+ dispatcher.c \
negotiate.c \
ntlm.c \
schannel.c \
Index: dlls/secur32/secur32_priv.h
===================================================================
RCS file: /home/wine/wine/dlls/secur32/secur32_priv.h,v
retrieving revision 1.6
diff -u -3 -r1.6 secur32_priv.h
--- dlls/secur32/secur32_priv.h 21 Sep 2005 11:43:52 -0000 1.6
+++ dlls/secur32/secur32_priv.h 21 Sep 2005 15:47:39 -0000
@@ -21,6 +21,7 @@
#ifndef __SECUR32_PRIV_H__
#define __SECUR32_PRIV_H__
+#include <sys/types.h>
#include "wine/list.h"
/* Memory allocation functions for memory accessible by callers of secur32.
@@ -51,6 +52,24 @@
SecureProvider *provider;
} SecurePackage;
+typedef enum _helper_mode {
+ NTLM_SERVER,
+ NTLM_CLIENT,
+ NEGO_SERVER,
+ NEGO_CLIENT,
+ NUM_HELPER_MODES
+} HelperMode;
+
+typedef struct _NegoHelper {
+ pid_t helper_pid;
+ HelperMode mode;
+ SEC_CHAR *password;
+ int pwlen;
+ int pipe_in;
+ int pipe_out;
+ int version;
+} NegoHelper, *PNegoHelper;
+
/* Allocates space for and initializes a new provider. If fnTableA or fnTableW
* is non-NULL, assumes the provider is built-in (and is thus already loaded.)
* Otherwise moduleName must not be NULL.
@@ -86,6 +105,17 @@
void SECUR32_initNegotiateSP(void);
void SECUR32_initNTLMSP(void);
+/* Functions from dispatcher.c used elsewhere in the code */
+SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
+ char * const argv[]);
+
+SECURITY_STATUS run_helper(PNegoHelper helper, unsigned char *buffer,
+ unsigned int max_buflen, int *buflen);
+
+void cleanup_helper(PNegoHelper helper);
+
+void check_version(PNegoHelper helper);
+
/* Functions from base64_codec.c used elsewhere */
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
int max_len, int *out_len);
--- /dev/null 2005-08-30 09:02:02.639199272 +0200
+++ dlls/secur32/dispatcher.c 2005-09-21 17:44:48.853999096 +0200
@@ -0,0 +1,253 @@
+/*
+ * Copyright 2005 Kai Blin
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * A dispatcher to run ntlm_auth for wine's sspi module.
+ */
+
+#include <stdarg.h>
+
+#include "config.h"
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <sys/types.h>
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#include <stdlib.h>
+#include <fcntl.h>
+#include "windef.h"
+#include "winbase.h"
+#include "winerror.h"
+#include "sspi.h"
+#include "secur32_priv.h"
+#include "wine/debug.h"
+
+#define INITIAL_BUFFER_SIZE 200
+
+WINE_DEFAULT_DEBUG_CHANNEL(secur32);
+
+SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
+ char* const argv[])
+{
+ int pipe_in[2];
+ int pipe_out[2];
+ int i;
+ pid_t helper_pid;
+
+ TRACE("%s ", debugstr_a(prog));
+ for(i = 0; argv[i] != NULL; ++i)
+ {
+ TRACE("%s ", debugstr_a(argv[i]));
+ }
+ TRACE("\n");
+
+ if( pipe(pipe_in) < 0 )
+ {
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ if( pipe(pipe_out) < 0 )
+ {
+ close(pipe_in[0]);
+ close(pipe_in[1]);
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ helper_pid = fork();
+
+ if(helper_pid == -1)
+ {
+ close(pipe_in[0]);
+ close(pipe_in[1]);
+ close(pipe_out[0]);
+ close(pipe_out[1]);
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ if(helper_pid == 0)
+ {
+ /* We're in the child now */
+ close(0);
+ close(1);
+
+ dup2(pipe_out[0], 0);
+ close(pipe_out[0]);
+ close(pipe_out[1]);
+
+ dup2(pipe_in[1], 1);
+ close(pipe_in[0]);
+ close(pipe_in[1]);
+
+ execvp(prog, argv);
+
+ /* Whoops, we shouldn't get here. Big badaboom.*/
+ write(STDOUT_FILENO, "BH\n", 3);
+ exit(0x302);
+
+ }
+ else
+ {
+ PNegoHelper helper = HeapAlloc(GetProcessHeap(),0, sizeof(NegoHelper));
+
+ if (helper == NULL)
+ {
+ close(pipe_in[0]);
+ close(pipe_in[1]);
+ close(pipe_out[0]);
+ close(pipe_out[1]);
+ return SEC_E_INSUFFICIENT_MEMORY;
+ }
+
+ *new_helper = helper;
+
+ helper->helper_pid = helper_pid;
+ helper->version = -1;
+ helper->password = NULL;
+ helper->pipe_in = pipe_in[0];
+ close(pipe_in[1]);
+ helper->pipe_out = pipe_out[1];
+ close(pipe_out[0]);
+ }
+
+ return SEC_E_OK;
+}
+
+SECURITY_STATUS run_helper(PNegoHelper helper, unsigned char *buffer,
+ unsigned int max_buflen, int *buflen)
+{
+ int new_size, old_size = INITIAL_BUFFER_SIZE;
+ char *newline;
+ char *in_buffer;
+ int ret;
+
+ TRACE("In helper: sending %s\n", debugstr_a(buffer));
+
+ /* buffer + '\n' */
+ write(helper->pipe_out, buffer, lstrlenA(buffer));
+ write(helper->pipe_out, "\n", 1);
+
+ in_buffer = HeapAlloc(GetProcessHeap(), 0, INITIAL_BUFFER_SIZE);
+
+ if((ret = read(helper->pipe_in, in_buffer, old_size)) <= 0)
+ {
+ HeapFree(GetProcessHeap(), 0, in_buffer);
+ return SEC_E_INTERNAL_ERROR;
+ }
+ newline = memchr(in_buffer, '\n', ret);
+
+ while(newline == NULL)
+ {
+ new_size = old_size + INITIAL_BUFFER_SIZE;
+ /* increment buffer size in INITIAL_BUFFER_SIZE steps */
+ in_buffer = HeapReAlloc(GetProcessHeap(), 0, in_buffer, new_size);
+ if((ret = read(helper->pipe_in, in_buffer + ret,
+ new_size - old_size)) < 0)
+ {
+ HeapFree(GetProcessHeap(), 0, in_buffer);
+ return SEC_E_INTERNAL_ERROR;
+ }
+ TRACE("Resizing buffer!\n");
+ newline = memchr(in_buffer, '\n', old_size + ret);
+ old_size = new_size;
+ }
+
+ *newline = 0;
+ TRACE("In helper: recieved %s\n", debugstr_a(in_buffer));
+ *buflen = lstrlenA(in_buffer);
+
+ if( *buflen > max_buflen)
+ {
+ ERR("Buffer size too small(%d given, %d required) dropping data!\n",
+ max_buflen, *buflen);
+ HeapFree(GetProcessHeap(), 0, in_buffer);
+ return SEC_E_BUFFER_TOO_SMALL;
+ }
+
+ if( *buflen < 2 )
+ {
+ HeapFree(GetProcessHeap(), 0, in_buffer);
+ return SEC_E_ILLEGAL_MESSAGE;
+ }
+
+ if( (*buflen <= 3) && (strncmp(in_buffer, "BH", 2) == 0))
+ {
+ HeapFree(GetProcessHeap(), 0, in_buffer);
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ /* We only get ERR if the input size is too big. On a GENSEC error,
+ * ntlm_auth will return BH */
+ if(strncmp(in_buffer, "ERR", 3) == 0)
+ {
+ HeapFree(GetProcessHeap(), 0, in_buffer);
+ return SEC_E_INVALID_TOKEN;
+ }
+
+ memcpy(buffer, in_buffer, *buflen);
+
+ HeapFree(GetProcessHeap(), 0, in_buffer);
+ return SEC_E_OK;
+}
+
+void cleanup_helper(PNegoHelper helper)
+{
+
+ TRACE("Killing helper %p\n", helper);
+ if( (helper == NULL) || (helper->helper_pid == 0))
+ return;
+
+ HeapFree(GetProcessHeap(), 0, helper->password);
+
+ /* closing stdin will terminate ntlm_auth */
+ close(helper->pipe_out);
+ close(helper->pipe_in);
+
+ waitpid(helper->helper_pid, NULL, 0);
+
+ helper->helper_pid = 0;
+ HeapFree(GetProcessHeap(), 0, helper);
+}
+
+void check_version(PNegoHelper helper)
+{
+ char temp[80];
+ char *newline;
+
+ TRACE("Checking version of helper\n");
+ if(helper != NULL)
+ {
+ read(helper->pipe_in, temp, sizeof(temp)-1);
+ if((newline = strchr(temp, '\n')) != NULL)
+ *newline = '\0';
+
+ TRACE("Exact version is %s\n", debugstr_a(temp));
+ if(strncmp(temp+8, "3.9", 3) == 0)
+ {
+ helper->version = 4;
+ }
+ else if(strncmp(temp+8, "3.0", 3) == 0)
+ {
+ helper->version = 3;
+ }
+ else
+ {
+ TRACE("Unknown version!\n");
+ helper->version = -1;
+ }
+ }
+}
More information about the wine-patches
mailing list