[1/2] rpcrt4: Add support for NTLM and Negotiate.
Hans Leidekker
hans at codeweavers.com
Wed Sep 4 08:01:10 CDT 2013
---
dlls/rpcrt4/rpc_transport.c | 550 +++++++++++++++++++++++++++++++++++++-------
1 file changed, 472 insertions(+), 78 deletions(-)
diff --git a/dlls/rpcrt4/rpc_transport.c b/dlls/rpcrt4/rpc_transport.c
index c004f66..d0857fa 100644
--- a/dlls/rpcrt4/rpc_transport.c
+++ b/dlls/rpcrt4/rpc_transport.c
@@ -101,6 +101,8 @@
#define DEFAULT_NCACN_HTTP_TIMEOUT (60 * 1000)
+#define ARRAYSIZE(a) (sizeof((a)) / sizeof((a)[0]))
+
WINE_DEFAULT_DEBUG_CHANNEL(rpc);
static RPC_STATUS RPCRT4_SpawnConnection(RpcConnection** Connection, RpcConnection* OldConnection);
@@ -1907,6 +1909,19 @@ static RPC_STATUS wait_async_request(RpcHttpAsyncData *async_data, BOOL call_ret
return RPC_S_OK;
}
+struct authinfo
+{
+ DWORD scheme;
+ CredHandle cred;
+ CtxtHandle ctx;
+ TimeStamp exp;
+ ULONG attr;
+ ULONG max_token;
+ char *data;
+ unsigned int data_len;
+ BOOL finished; /* finished authenticating */
+};
+
typedef struct _RpcConnection_http
{
RpcConnection common;
@@ -1914,6 +1929,7 @@ typedef struct _RpcConnection_http
HINTERNET session;
HINTERNET in_request;
HINTERNET out_request;
+ WCHAR *servername;
HANDLE timer_cancelled;
HANDLE cancel_event;
DWORD last_sent_time;
@@ -2174,14 +2190,14 @@ static RPC_STATUS rpcrt4_http_internet_connect(RpcConnection_http *httpc)
HeapFree(GetProcessHeap(), 0, password);
HeapFree(GetProcessHeap(), 0, user);
HeapFree(GetProcessHeap(), 0, proxy);
- HeapFree(GetProcessHeap(), 0, servername);
if (!httpc->session)
{
ERR("InternetConnectW failed with error %d\n", GetLastError());
+ HeapFree(GetProcessHeap(), 0, servername);
return RPC_S_SERVER_UNAVAILABLE;
}
-
+ httpc->servername = servername;
return RPC_S_OK;
}
@@ -2192,6 +2208,8 @@ static RPC_STATUS send_echo_request(HINTERNET req, RpcHttpAsyncData *async_data,
BOOL ret;
RPC_STATUS status;
+ TRACE("sending echo request to server\n");
+
prepare_async_request(async_data);
ret = HttpSendRequestW(req, NULL, 0, NULL, 0);
status = wait_async_request(async_data, ret, cancel_event);
@@ -2208,9 +2226,8 @@ static RPC_STATUS send_echo_request(HINTERNET req, RpcHttpAsyncData *async_data,
/* prepare the in pipe for use by RPC packets */
static RPC_STATUS rpcrt4_http_prepare_in_pipe(HINTERNET in_request, RpcHttpAsyncData *async_data, HANDLE cancel_event,
- const UUID *connection_uuid,
- const UUID *in_pipe_uuid,
- const UUID *association_uuid)
+ const UUID *connection_uuid, const UUID *in_pipe_uuid,
+ const UUID *association_uuid, BOOL authorized)
{
BOOL ret;
RPC_STATUS status;
@@ -2218,10 +2235,12 @@ static RPC_STATUS rpcrt4_http_prepare_in_pipe(HINTERNET in_request, RpcHttpAsync
INTERNET_BUFFERSW buffers_in;
DWORD bytes_written;
- /* prepare in pipe */
- status = send_echo_request(in_request, async_data, cancel_event);
- if (status != RPC_S_OK) return status;
-
+ if (!authorized)
+ {
+ /* ask wininet to authorize, if necessary */
+ status = send_echo_request(in_request, async_data, cancel_event);
+ if (status != RPC_S_OK) return status;
+ }
memset(&buffers_in, 0, sizeof(buffers_in));
buffers_in.dwStructSize = sizeof(buffers_in);
/* FIXME: get this from the registry */
@@ -2291,12 +2310,10 @@ static RPC_STATUS rpcrt4_http_read_http_packet(HINTERNET request, RpcPktHdr *hdr
}
/* prepare the out pipe for use by RPC packets */
-static RPC_STATUS rpcrt4_http_prepare_out_pipe(HINTERNET out_request,
- RpcHttpAsyncData *async_data,
- HANDLE cancel_event,
- const UUID *connection_uuid,
- const UUID *out_pipe_uuid,
- ULONG *flow_control_increment)
+static RPC_STATUS rpcrt4_http_prepare_out_pipe(HINTERNET out_request, RpcHttpAsyncData *async_data,
+ HANDLE cancel_event, const UUID *connection_uuid,
+ const UUID *out_pipe_uuid, ULONG *flow_control_increment,
+ BOOL authorized)
{
BOOL ret;
RPC_STATUS status;
@@ -2304,13 +2321,22 @@ static RPC_STATUS rpcrt4_http_prepare_out_pipe(HINTERNET out_request,
BYTE *data_from_server;
RpcPktHdr pkt_from_server;
ULONG field1, field3;
+ DWORD bytes_read;
+ BYTE buf[20];
- status = send_echo_request(out_request, async_data, cancel_event);
- if (status != RPC_S_OK) return status;
+ if (!authorized)
+ {
+ /* ask wininet to authorize, if necessary */
+ status = send_echo_request(out_request, async_data, cancel_event);
+ if (status != RPC_S_OK) return status;
+ }
+ else
+ InternetReadFile(out_request, buf, sizeof(buf), &bytes_read);
hdr = RPCRT4_BuildHttpConnectHeader(TRUE, connection_uuid, out_pipe_uuid, NULL);
if (!hdr) return RPC_S_OUT_OF_RESOURCES;
+ TRACE("sending HTTP connect header to server\n");
prepare_async_request(async_data);
ret = HttpSendRequestW(out_request, NULL, 0, hdr, hdr->common.frag_len);
status = wait_async_request(async_data, ret, cancel_event);
@@ -2395,55 +2421,390 @@ static UINT encode_base64(const char *bin, unsigned int len, WCHAR *base64)
return i;
}
-static RPC_STATUS insert_authorization_header(HINTERNET request, RpcQualityOfService *qos)
+static inline char decode_char( WCHAR c )
{
- static const WCHAR basicW[] =
- {'A','u','t','h','o','r','i','z','a','t','i','o','n',':',' ','B','a','s','i','c',' '};
- RPC_HTTP_TRANSPORT_CREDENTIALS_W *creds;
- SEC_WINNT_AUTH_IDENTITY_W *id;
- int len, datalen, userlen, passlen;
- WCHAR *header, *ptr;
- char *data;
+ if (c >= 'A' && c <= 'Z') return c - 'A';
+ if (c >= 'a' && c <= 'z') return c - 'a' + 26;
+ if (c >= '0' && c <= '9') return c - '0' + 52;
+ if (c == '+') return 62;
+ if (c == '/') return 63;
+ return 64;
+}
+
+static unsigned int decode_base64( const WCHAR *base64, unsigned int len, char *buf )
+{
+ unsigned int i = 0;
+ char c0, c1, c2, c3;
+ const WCHAR *p = base64;
+
+ while (len > 4)
+ {
+ if ((c0 = decode_char( p[0] )) > 63) return 0;
+ if ((c1 = decode_char( p[1] )) > 63) return 0;
+ if ((c2 = decode_char( p[2] )) > 63) return 0;
+ if ((c3 = decode_char( p[3] )) > 63) return 0;
+
+ if (buf)
+ {
+ buf[i + 0] = (c0 << 2) | (c1 >> 4);
+ buf[i + 1] = (c1 << 4) | (c2 >> 2);
+ buf[i + 2] = (c2 << 6) | c3;
+ }
+ len -= 4;
+ i += 3;
+ p += 4;
+ }
+ if (p[2] == '=')
+ {
+ if ((c0 = decode_char( p[0] )) > 63) return 0;
+ if ((c1 = decode_char( p[1] )) > 63) return 0;
+
+ if (buf) buf[i] = (c0 << 2) | (c1 >> 4);
+ i++;
+ }
+ else if (p[3] == '=')
+ {
+ if ((c0 = decode_char( p[0] )) > 63) return 0;
+ if ((c1 = decode_char( p[1] )) > 63) return 0;
+ if ((c2 = decode_char( p[2] )) > 63) return 0;
+
+ if (buf)
+ {
+ buf[i + 0] = (c0 << 2) | (c1 >> 4);
+ buf[i + 1] = (c1 << 4) | (c2 >> 2);
+ }
+ i += 2;
+ }
+ else
+ {
+ if ((c0 = decode_char( p[0] )) > 63) return 0;
+ if ((c1 = decode_char( p[1] )) > 63) return 0;
+ if ((c2 = decode_char( p[2] )) > 63) return 0;
+ if ((c3 = decode_char( p[3] )) > 63) return 0;
+
+ if (buf)
+ {
+ buf[i + 0] = (c0 << 2) | (c1 >> 4);
+ buf[i + 1] = (c1 << 4) | (c2 >> 2);
+ buf[i + 2] = (c2 << 6) | c3;
+ }
+ i += 3;
+ }
+ return i;
+}
+
+static struct authinfo *alloc_authinfo(void)
+{
+ struct authinfo *ret;
+
+ if (!(ret = HeapAlloc(GetProcessHeap(), 0, sizeof(*ret) ))) return NULL;
+
+ SecInvalidateHandle(&ret->cred);
+ SecInvalidateHandle(&ret->ctx);
+ memset(&ret->exp, 0, sizeof(ret->exp));
+ ret->scheme = 0;
+ ret->attr = 0;
+ ret->max_token = 0;
+ ret->data = NULL;
+ ret->data_len = 0;
+ ret->finished = FALSE;
+ return ret;
+}
+
+static void destroy_authinfo(struct authinfo *info)
+{
+ if (!info) return;
+
+ if (SecIsValidHandle(&info->ctx))
+ DeleteSecurityContext(&info->ctx);
+ if (SecIsValidHandle(&info->cred))
+ FreeCredentialsHandle(&info->cred);
+
+ HeapFree(GetProcessHeap(), 0, info->data);
+ HeapFree(GetProcessHeap(), 0, info);
+}
+
+static const WCHAR basicW[] = {'B','a','s','i','c',0};
+static const WCHAR ntlmW[] = {'N','T','L','M',0};
+static const WCHAR passportW[] = {'P','a','s','s','p','o','r','t',0};
+static const WCHAR digestW[] = {'D','i','g','e','s','t',0};
+static const WCHAR negotiateW[] = {'N','e','g','o','t','i','a','t','e',0};
+
+static const struct
+{
+ const WCHAR *str;
+ unsigned int len;
+ DWORD scheme;
+}
+auth_schemes[] =
+{
+ { basicW, ARRAYSIZE(basicW) - 1, RPC_C_HTTP_AUTHN_SCHEME_BASIC },
+ { ntlmW, ARRAYSIZE(ntlmW) - 1, RPC_C_HTTP_AUTHN_SCHEME_NTLM },
+ { passportW, ARRAYSIZE(passportW) - 1, RPC_C_HTTP_AUTHN_SCHEME_PASSPORT },
+ { digestW, ARRAYSIZE(digestW) - 1, RPC_C_HTTP_AUTHN_SCHEME_DIGEST },
+ { negotiateW, ARRAYSIZE(negotiateW) - 1, RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE }
+};
+static const unsigned int num_auth_schemes = sizeof(auth_schemes)/sizeof(auth_schemes[0]);
+
+static DWORD auth_scheme_from_header( const WCHAR *header )
+{
+ unsigned int i;
+ for (i = 0; i < num_auth_schemes; i++)
+ {
+ if (!strncmpiW( header, auth_schemes[i].str, auth_schemes[i].len ) &&
+ (header[auth_schemes[i].len] == ' ' || !header[auth_schemes[i].len])) return auth_schemes[i].scheme;
+ }
+ return 0;
+}
+
+static BOOL get_authvalue(HINTERNET request, DWORD scheme, WCHAR *buffer, DWORD buflen)
+{
+ DWORD len, index = 0;
+ for (;;)
+ {
+ len = buflen;
+ if (!HttpQueryInfoW(request, HTTP_QUERY_WWW_AUTHENTICATE, buffer, &len, &index)) return FALSE;
+ if (auth_scheme_from_header(buffer) == scheme) break;
+ }
+ return TRUE;
+}
+
+static RPC_STATUS do_authorization(HINTERNET request, SEC_WCHAR *servername,
+ const RPC_HTTP_TRANSPORT_CREDENTIALS_W *creds, struct authinfo **auth_ptr)
+{
+ struct authinfo *info = *auth_ptr;
+ SEC_WINNT_AUTH_IDENTITY_W *id = creds->TransportCredentials;
RPC_STATUS status = RPC_S_SERVER_UNAVAILABLE;
- if (!qos || qos->qos->AdditionalSecurityInfoType != RPC_C_AUTHN_INFO_TYPE_HTTP)
- return RPC_S_OK;
+ if ((!info && !(info = alloc_authinfo()))) return RPC_S_SERVER_UNAVAILABLE;
- creds = qos->qos->u.HttpCredentials;
- if (creds->AuthenticationTarget != RPC_C_HTTP_AUTHN_TARGET_SERVER || !creds->NumberOfAuthnSchemes)
- return RPC_S_OK;
+ switch (creds->AuthnSchemes[0])
+ {
+ case RPC_C_HTTP_AUTHN_SCHEME_BASIC:
+ {
+ int userlen = WideCharToMultiByte(CP_UTF8, 0, id->User, id->UserLength, NULL, 0, NULL, NULL);
+ int passlen = WideCharToMultiByte(CP_UTF8, 0, id->Password, id->PasswordLength, NULL, 0, NULL, NULL);
- if (creds->AuthnSchemes[0] != RPC_C_HTTP_AUTHN_SCHEME_BASIC)
+ info->data_len = userlen + passlen + 1;
+ if (!(info->data = HeapAlloc(GetProcessHeap(), 0, info->data_len)))
+ {
+ status = RPC_S_OUT_OF_MEMORY;
+ break;
+ }
+ WideCharToMultiByte(CP_UTF8, 0, id->User, id->UserLength, info->data, userlen, NULL, NULL);
+ info->data[userlen] = ':';
+ WideCharToMultiByte(CP_UTF8, 0, id->Password, id->PasswordLength, info->data + userlen + 1, passlen, NULL, NULL);
+
+ info->scheme = RPC_C_HTTP_AUTHN_SCHEME_BASIC;
+ info->finished = TRUE;
+ status = RPC_S_OK;
+ break;
+ }
+ case RPC_C_HTTP_AUTHN_SCHEME_NTLM:
+ case RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE:
{
+
+ static SEC_WCHAR ntlmW[] = {'N','T','L','M',0}, negotiateW[] = {'N','e','g','o','t','i','a','t','e',0};
+ SECURITY_STATUS ret;
+ SecBufferDesc out_desc, in_desc;
+ SecBuffer out, in;
+ ULONG flags = ISC_REQ_CONNECTION|ISC_REQ_USE_DCE_STYLE|ISC_REQ_MUTUAL_AUTH|ISC_REQ_DELEGATE;
+ SEC_WCHAR *scheme;
+ int scheme_len;
+ const WCHAR *p;
+ WCHAR auth_value[2048];
+ DWORD size = sizeof(auth_value);
+ BOOL first = FALSE;
+
+ if (creds->AuthnSchemes[0] == RPC_C_HTTP_AUTHN_SCHEME_NTLM) scheme = ntlmW;
+ else scheme = negotiateW;
+ scheme_len = strlenW( scheme );
+
+ if (!*auth_ptr)
+ {
+ TimeStamp exp;
+ SecPkgInfoW *pkg_info;
+
+ ret = AcquireCredentialsHandleW(NULL, scheme, SECPKG_CRED_OUTBOUND, NULL, id, NULL, NULL, &info->cred, &exp);
+ if (ret != SEC_E_OK) break;
+
+ ret = QuerySecurityPackageInfoW(scheme, &pkg_info);
+ if (ret != SEC_E_OK) break;
+
+ info->max_token = pkg_info->cbMaxToken;
+ FreeContextBuffer(pkg_info);
+ first = TRUE;
+ }
+ else
+ {
+ if (info->finished || !get_authvalue(request, creds->AuthnSchemes[0], auth_value, size)) break;
+ if (auth_scheme_from_header(auth_value) != info->scheme)
+ {
+ ERR("authentication scheme changed\n");
+ break;
+ }
+ }
+ in.BufferType = SECBUFFER_TOKEN;
+ in.cbBuffer = 0;
+ in.pvBuffer = NULL;
+
+ in_desc.ulVersion = 0;
+ in_desc.cBuffers = 1;
+ in_desc.pBuffers = ∈
+
+ p = auth_value + scheme_len;
+ if (*p == ' ')
+ {
+ int len = strlenW(++p);
+ in.cbBuffer = decode_base64(p, len, NULL);
+ if (!(in.pvBuffer = HeapAlloc(GetProcessHeap(), 0, in.cbBuffer))) break;
+ decode_base64(p, len, in.pvBuffer);
+ }
+ out.BufferType = SECBUFFER_TOKEN;
+ out.cbBuffer = info->max_token;
+ if (!(out.pvBuffer = HeapAlloc(GetProcessHeap(), 0, out.cbBuffer)))
+ {
+ HeapFree(GetProcessHeap(), 0, in.pvBuffer);
+ break;
+ }
+ out_desc.ulVersion = 0;
+ out_desc.cBuffers = 1;
+ out_desc.pBuffers = &out;
+
+ ret = InitializeSecurityContextW(first ? &info->cred : NULL, first ? NULL : &info->ctx,
+ first ? servername : NULL, flags, 0, SECURITY_NETWORK_DREP,
+ in.pvBuffer ? &in_desc : NULL, 0, &info->ctx, &out_desc,
+ &info->attr, &info->exp);
+ HeapFree(GetProcessHeap(), 0, in.pvBuffer);
+ if (ret == SEC_E_OK)
+ {
+ HeapFree(GetProcessHeap(), 0, info->data);
+ info->data = out.pvBuffer;
+ info->data_len = out.cbBuffer;
+ info->finished = TRUE;
+ TRACE("sending last auth packet\n");
+ status = RPC_S_OK;
+ }
+ else if (ret == SEC_I_CONTINUE_NEEDED)
+ {
+ HeapFree(GetProcessHeap(), 0, info->data);
+ info->data = out.pvBuffer;
+ info->data_len = out.cbBuffer;
+ TRACE("sending next auth packet\n");
+ status = RPC_S_OK;
+ }
+ else
+ {
+ ERR("InitializeSecurityContextW failed with error 0x%08x\n", ret);
+ HeapFree(GetProcessHeap(), 0, out.pvBuffer);
+ break;
+ }
+ info->scheme = creds->AuthnSchemes[0];
+ break;
+ }
+ default:
FIXME("scheme %u not supported\n", creds->AuthnSchemes[0]);
- return RPC_S_OK;
+ break;
}
- id = creds->TransportCredentials;
- if (!id->User || !id->Password) return RPC_S_OK;
- userlen = WideCharToMultiByte(CP_UTF8, 0, id->User, id->UserLength, NULL, 0, NULL, NULL);
- passlen = WideCharToMultiByte(CP_UTF8, 0, id->Password, id->PasswordLength, NULL, 0, NULL, NULL);
-
- datalen = userlen + passlen + 1;
- if (!(data = HeapAlloc(GetProcessHeap(), 0, datalen))) return RPC_S_OUT_OF_MEMORY;
+ if (status != RPC_S_OK)
+ {
+ destroy_authinfo(info);
+ *auth_ptr = NULL;
+ return status;
+ }
+ *auth_ptr = info;
+ return RPC_S_OK;
+}
- WideCharToMultiByte(CP_UTF8, 0, id->User, id->UserLength, data, userlen, NULL, NULL);
- data[userlen] = ':';
- WideCharToMultiByte(CP_UTF8, 0, id->Password, id->PasswordLength, data + userlen + 1, passlen, NULL, NULL);
+static RPC_STATUS insert_authorization_header(HINTERNET request, ULONG scheme, char *data, int data_len)
+{
+ static const WCHAR authW[] = {'A','u','t','h','o','r','i','z','a','t','i','o','n',':',' '};
+ static const WCHAR basicW[] = {'B','a','s','i','c',' '};
+ static const WCHAR negotiateW[] = {'N','e','g','o','t','i','a','t','e',' '};
+ static const WCHAR ntlmW[] = {'N','T','L','M',' '};
+ int scheme_len, auth_len = sizeof(authW) / sizeof(authW[0]), len = ((data_len + 2) * 4) / 3;
+ const WCHAR *scheme_str;
+ WCHAR *header, *ptr;
+ RPC_STATUS status = RPC_S_SERVER_UNAVAILABLE;
- len = ((datalen + 2) * 4) / 3;
- if ((header = HeapAlloc(GetProcessHeap(), 0, sizeof(basicW) + (len + 2) * sizeof(WCHAR))))
+ switch (scheme)
+ {
+ case RPC_C_HTTP_AUTHN_SCHEME_BASIC:
+ scheme_str = basicW;
+ scheme_len = sizeof(basicW) / sizeof(basicW[0]);
+ break;
+ case RPC_C_HTTP_AUTHN_SCHEME_NEGOTIATE:
+ scheme_str = negotiateW;
+ scheme_len = sizeof(negotiateW) / sizeof(negotiateW[0]);
+ break;
+ case RPC_C_HTTP_AUTHN_SCHEME_NTLM:
+ scheme_str = ntlmW;
+ scheme_len = sizeof(ntlmW) / sizeof(ntlmW[0]);
+ break;
+ default:
+ ERR("unknown scheme %u\n", scheme);
+ return RPC_S_SERVER_UNAVAILABLE;
+ }
+ if ((header = HeapAlloc(GetProcessHeap(), 0, (auth_len + scheme_len + len + 2) * sizeof(WCHAR))))
{
- memcpy(header, basicW, sizeof(basicW));
- ptr = header + sizeof(basicW) / sizeof(basicW[0]);
- len = encode_base64(data, datalen, ptr);
+ memcpy(header, authW, auth_len * sizeof(WCHAR));
+ ptr = header + auth_len;
+ memcpy(ptr, scheme_str, scheme_len * sizeof(WCHAR));
+ ptr += scheme_len;
+ len = encode_base64(data, data_len, ptr);
ptr[len++] = '\r';
ptr[len++] = '\n';
ptr[len] = 0;
- if ((HttpAddRequestHeadersW(request, header, -1, HTTP_ADDREQ_FLAG_ADD_IF_NEW))) status = RPC_S_OK;
+ if (HttpAddRequestHeadersW(request, header, -1, HTTP_ADDREQ_FLAG_ADD|HTTP_ADDREQ_FLAG_REPLACE))
+ status = RPC_S_OK;
HeapFree(GetProcessHeap(), 0, header);
}
- HeapFree(GetProcessHeap(), 0, data);
+ return status;
+}
+
+static void drain_content(HINTERNET request)
+{
+ DWORD count, len = 0, size = sizeof(len);
+ char buf[2048];
+
+ HttpQueryInfoW(request, HTTP_QUERY_FLAG_NUMBER|HTTP_QUERY_CONTENT_LENGTH, &len, &size, NULL);
+ if (!len) return;
+ for (;;)
+ {
+ count = min(sizeof(buf), len);
+ if (!InternetReadFile(request, buf, count, &count) || !count) return;
+ len -= count;
+ }
+}
+
+static RPC_STATUS authorize_request(RpcConnection_http *httpc, HINTERNET request)
+{
+ static const WCHAR authW[] = {'A','u','t','h','o','r','i','z','a','t','i','o','n',':','\r','\n',0};
+ struct authinfo *info = NULL;
+ RPC_STATUS status;
+ BOOL ret;
+
+ for (;;)
+ {
+ status = do_authorization(request, httpc->servername, httpc->common.QOS->qos->u.HttpCredentials, &info);
+ if (status != RPC_S_OK) break;
+
+ status = insert_authorization_header(request, info->scheme, info->data, info->data_len);
+ if (status != RPC_S_OK) break;
+
+ prepare_async_request(httpc->async_data);
+ ret = HttpSendRequestW(request, NULL, 0, NULL, 0);
+ status = wait_async_request(httpc->async_data, ret, httpc->cancel_event);
+ if (status != RPC_S_OK || info->finished) break;
+
+ status = rpcrt4_http_check_response(request);
+ if (status != RPC_S_OK && status != ERROR_ACCESS_DENIED) break;
+ drain_content(request);
+ }
+
+ HttpAddRequestHeadersW(request, authW, -1, HTTP_ADDREQ_FLAG_REPLACE);
+ destroy_authinfo(info);
return status;
}
@@ -2471,6 +2832,31 @@ static RPC_STATUS insert_cookie_header(HINTERNET request, const WCHAR *value)
return status;
}
+static BOOL has_credentials(RpcConnection_http *httpc)
+{
+ RPC_HTTP_TRANSPORT_CREDENTIALS_W *creds;
+ SEC_WINNT_AUTH_IDENTITY_W *id;
+
+ if (!httpc->common.QOS || httpc->common.QOS->qos->AdditionalSecurityInfoType != RPC_C_AUTHN_INFO_TYPE_HTTP)
+ return FALSE;
+
+ creds = httpc->common.QOS->qos->u.HttpCredentials;
+ if (creds->AuthenticationTarget != RPC_C_HTTP_AUTHN_TARGET_SERVER || !creds->NumberOfAuthnSchemes)
+ return FALSE;
+
+ id = creds->TransportCredentials;
+ if (!id || !id->User || !id->Password) return FALSE;
+
+ return TRUE;
+}
+
+static BOOL is_secure(RpcConnection_http *httpc)
+{
+ return httpc->common.QOS &&
+ (httpc->common.QOS->qos->AdditionalSecurityInfoType == RPC_C_AUTHN_INFO_TYPE_HTTP) &&
+ (httpc->common.QOS->qos->u.HttpCredentials->Flags & RPC_C_HTTP_FLAG_USE_SSL);
+}
+
static RPC_STATUS rpcrt4_ncacn_http_open(RpcConnection* Connection)
{
RpcConnection_http *httpc = (RpcConnection_http *)Connection;
@@ -2483,7 +2869,7 @@ static RPC_STATUS rpcrt4_ncacn_http_open(RpcConnection* Connection)
DWORD flags;
WCHAR *url;
RPC_STATUS status;
- BOOL secure;
+ BOOL secure, credentials;
HttpTimerThreadData *timer_data;
HANDLE thread;
@@ -2516,13 +2902,13 @@ static RPC_STATUS rpcrt4_ncacn_http_open(RpcConnection* Connection)
strcatW(url, wszColon);
MultiByteToWideChar(CP_ACP, 0, Connection->Endpoint, -1, url+strlenW(url), strlen(Connection->Endpoint)+1);
- secure = httpc->common.QOS &&
- (httpc->common.QOS->qos->AdditionalSecurityInfoType == RPC_C_AUTHN_INFO_TYPE_HTTP) &&
- (httpc->common.QOS->qos->u.HttpCredentials->Flags & RPC_C_HTTP_FLAG_USE_SSL);
+ secure = is_secure(httpc);
+ credentials = has_credentials(httpc);
flags = INTERNET_FLAG_KEEP_CONNECTION | INTERNET_FLAG_PRAGMA_NOCACHE | INTERNET_FLAG_NO_CACHE_WRITE |
INTERNET_FLAG_NO_AUTO_REDIRECT;
if (secure) flags |= INTERNET_FLAG_SECURE;
+ if (credentials) flags |= INTERNET_FLAG_NO_AUTH;
httpc->in_request = HttpOpenRequestW(httpc->session, wszVerbIn, url, NULL, NULL, wszAcceptTypes,
flags, (DWORD_PTR)httpc->async_data);
@@ -2532,17 +2918,28 @@ static RPC_STATUS rpcrt4_ncacn_http_open(RpcConnection* Connection)
HeapFree(GetProcessHeap(), 0, url);
return RPC_S_SERVER_UNAVAILABLE;
}
- status = insert_authorization_header(httpc->in_request, httpc->common.QOS);
- if (status != RPC_S_OK) {
- HeapFree(GetProcessHeap(), 0, url);
- return status;
- }
-
status = insert_cookie_header(httpc->in_request, Connection->CookieAuth);
- if (status != RPC_S_OK) {
+ if (status != RPC_S_OK)
+ {
HeapFree(GetProcessHeap(), 0, url);
return status;
}
+ if (credentials)
+ {
+ status = authorize_request(httpc, httpc->in_request);
+ if (status != RPC_S_OK)
+ {
+ HeapFree(GetProcessHeap(), 0, url);
+ return status;
+ }
+ status = rpcrt4_http_check_response(httpc->in_request);
+ if (status != RPC_S_OK)
+ {
+ HeapFree(GetProcessHeap(), 0, url);
+ return status;
+ }
+ drain_content(httpc->in_request);
+ }
httpc->out_request = HttpOpenRequestW(httpc->session, wszVerbOut, url, NULL, NULL, wszAcceptTypes,
flags, (DWORD_PTR)httpc->async_data);
@@ -2552,29 +2949,26 @@ static RPC_STATUS rpcrt4_ncacn_http_open(RpcConnection* Connection)
ERR("HttpOpenRequestW failed with error %d\n", GetLastError());
return RPC_S_SERVER_UNAVAILABLE;
}
- status = insert_authorization_header(httpc->out_request, httpc->common.QOS);
- if (status != RPC_S_OK)
- return status;
-
status = insert_cookie_header(httpc->out_request, Connection->CookieAuth);
if (status != RPC_S_OK)
return status;
- status = rpcrt4_http_prepare_in_pipe(httpc->in_request,
- httpc->async_data,
- httpc->cancel_event,
- &httpc->connection_uuid,
- &httpc->in_pipe_uuid,
- &Connection->assoc->http_uuid);
+ if (credentials)
+ {
+ status = authorize_request(httpc, httpc->out_request);
+ if (status != RPC_S_OK)
+ return status;
+ }
+
+ status = rpcrt4_http_prepare_in_pipe(httpc->in_request, httpc->async_data, httpc->cancel_event,
+ &httpc->connection_uuid, &httpc->in_pipe_uuid,
+ &Connection->assoc->http_uuid, credentials);
if (status != RPC_S_OK)
return status;
- status = rpcrt4_http_prepare_out_pipe(httpc->out_request,
- httpc->async_data,
- httpc->cancel_event,
- &httpc->connection_uuid,
- &httpc->out_pipe_uuid,
- &httpc->flow_control_increment);
+ status = rpcrt4_http_prepare_out_pipe(httpc->out_request, httpc->async_data, httpc->cancel_event,
+ &httpc->connection_uuid, &httpc->out_pipe_uuid,
+ &httpc->flow_control_increment, credentials);
if (status != RPC_S_OK)
return status;
@@ -2837,6 +3231,8 @@ static int rpcrt4_ncacn_http_close(RpcConnection *Connection)
RpcHttpAsyncData_Release(httpc->async_data);
if (httpc->cancel_event)
CloseHandle(httpc->cancel_event);
+ HeapFree(GetProcessHeap(), 0, httpc->servername);
+ httpc->servername = NULL;
return 0;
}
@@ -2994,8 +3390,6 @@ static const struct protseq_ops protseq_list[] =
},
};
-#define ARRAYSIZE(a) (sizeof((a)) / sizeof((a)[0]))
-
const struct protseq_ops *rpcrt4_get_protseq_ops(const char *protseq)
{
unsigned int i;
--
1.8.4.rc3
More information about the wine-patches
mailing list