14 /* Windows code to set up the GSSAPI library list. */
16 const int ngsslibs = 3;
17 const char *const gsslibnames[3] = {
18 "MIT Kerberos GSSAPI32.DLL",
19 "Microsoft SSPI SECUR32.DLL",
20 "User-specified GSSAPI DLL",
22 const struct keyvalwhere gsslibkeywords[] = {
23 { "gssapi32", 0, -1, -1 },
24 { "sspi", 1, -1, -1 },
25 { "custom", 2, -1, -1 },
28 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
29 AcquireCredentialsHandleA,
30 (SEC_CHAR *, SEC_CHAR *, ULONG, PLUID,
31 PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp));
32 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
33 InitializeSecurityContextA,
34 (PCredHandle, PCtxtHandle, SEC_CHAR *, ULONG, ULONG,
35 ULONG, PSecBufferDesc, ULONG, PCtxtHandle,
36 PSecBufferDesc, PULONG, PTimeStamp));
37 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
40 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
41 FreeCredentialsHandle,
43 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
44 DeleteSecurityContext,
46 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
47 QueryContextAttributesA,
48 (PCtxtHandle, ULONG, PVOID));
49 DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
51 (PCtxtHandle, ULONG, PSecBufferDesc, ULONG));
53 typedef struct winSsh_gss_ctx {
54 unsigned long maj_stat;
55 unsigned long min_stat;
56 CredHandle cred_handle;
58 PCtxtHandle context_handle;
63 const Ssh_gss_buf gss_mech_krb5={9,"\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
65 const char *gsslogmsg = NULL;
67 static void ssh_sspi_bind_fns(struct ssh_gss_library *lib);
69 struct ssh_gss_liblist *ssh_gss_setup(Conf *conf)
73 struct ssh_gss_liblist *list = snew(struct ssh_gss_liblist);
76 list->libraries = snewn(3, struct ssh_gss_library);
79 /* MIT Kerberos GSSAPI implementation */
80 /* TODO: For 64-bit builds, check for gssapi64.dll */
82 if (RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\MIT\\Kerberos", ®key)
88 /* Find out the string length */
89 ret = RegQueryValueEx(regkey, "InstallDir", NULL, &type, NULL, &size);
91 if (ret == ERROR_SUCCESS && type == REG_SZ) {
92 buffer = snewn(size + 20, char);
93 ret = RegQueryValueEx(regkey, "InstallDir", NULL,
94 &type, buffer, &size);
95 if (ret == ERROR_SUCCESS && type == REG_SZ) {
96 strcat(buffer, "\\bin\\gssapi32.dll");
97 module = LoadLibrary(buffer);
104 struct ssh_gss_library *lib =
105 &list->libraries[list->nlibraries++];
108 lib->gsslogmsg = "Using GSSAPI from GSSAPI32.DLL";
109 lib->handle = (void *)module;
111 #define BIND_GSS_FN(name) \
112 lib->u.gssapi.name = (t_gss_##name) GetProcAddress(module, "gss_" #name)
114 BIND_GSS_FN(delete_sec_context);
115 BIND_GSS_FN(display_status);
116 BIND_GSS_FN(get_mic);
117 BIND_GSS_FN(import_name);
118 BIND_GSS_FN(init_sec_context);
119 BIND_GSS_FN(release_buffer);
120 BIND_GSS_FN(release_cred);
121 BIND_GSS_FN(release_name);
125 ssh_gssapi_bind_fns(lib);
128 /* Microsoft SSPI Implementation */
129 module = load_system32_dll("secur32.dll");
131 struct ssh_gss_library *lib =
132 &list->libraries[list->nlibraries++];
135 lib->gsslogmsg = "Using SSPI from SECUR32.DLL";
136 lib->handle = (void *)module;
138 GET_WINDOWS_FUNCTION(module, AcquireCredentialsHandleA);
139 GET_WINDOWS_FUNCTION(module, InitializeSecurityContextA);
140 GET_WINDOWS_FUNCTION(module, FreeContextBuffer);
141 GET_WINDOWS_FUNCTION(module, FreeCredentialsHandle);
142 GET_WINDOWS_FUNCTION(module, DeleteSecurityContext);
143 GET_WINDOWS_FUNCTION(module, QueryContextAttributesA);
144 GET_WINDOWS_FUNCTION(module, MakeSignature);
146 ssh_sspi_bind_fns(lib);
153 path = conf_get_filename(conf, CONF_ssh_gss_custom)->path;
155 module = LoadLibrary(path);
158 struct ssh_gss_library *lib =
159 &list->libraries[list->nlibraries++];
162 lib->gsslogmsg = dupprintf("Using GSSAPI from user-specified"
163 " library '%s'", path);
164 lib->handle = (void *)module;
166 #define BIND_GSS_FN(name) \
167 lib->u.gssapi.name = (t_gss_##name) GetProcAddress(module, "gss_" #name)
169 BIND_GSS_FN(delete_sec_context);
170 BIND_GSS_FN(display_status);
171 BIND_GSS_FN(get_mic);
172 BIND_GSS_FN(import_name);
173 BIND_GSS_FN(init_sec_context);
174 BIND_GSS_FN(release_buffer);
175 BIND_GSS_FN(release_cred);
176 BIND_GSS_FN(release_name);
180 ssh_gssapi_bind_fns(lib);
187 void ssh_gss_cleanup(struct ssh_gss_liblist *list)
192 * LoadLibrary and FreeLibrary are defined to employ reference
193 * counting in the case where the same library is repeatedly
194 * loaded, so even in a multiple-sessions-per-process context
195 * (not that we currently expect ever to have such a thing on
196 * Windows) it's safe to naively FreeLibrary everything here
197 * without worrying about destroying it under the feet of
198 * another SSH instance still using it.
200 for (i = 0; i < list->nlibraries; i++) {
201 FreeLibrary((HMODULE)list->libraries[i].handle);
202 if (list->libraries[i].id == 2) {
203 /* The 'custom' id involves a dynamically allocated message.
204 * Note that we must cast away the 'const' to free it. */
205 sfree((char *)list->libraries[i].gsslogmsg);
208 sfree(list->libraries);
212 static Ssh_gss_stat ssh_sspi_indicate_mech(struct ssh_gss_library *lib,
215 *mech = gss_mech_krb5;
220 static Ssh_gss_stat ssh_sspi_import_name(struct ssh_gss_library *lib,
221 char *host, Ssh_gss_name *srv_name)
226 if (host == NULL) return SSH_GSS_FAILURE;
228 /* copy it into form host/FQDN */
229 pStr = dupcat("host/", host, NULL);
231 *srv_name = (Ssh_gss_name) pStr;
236 static Ssh_gss_stat ssh_sspi_acquire_cred(struct ssh_gss_library *lib,
239 winSsh_gss_ctx *winctx = snew(winSsh_gss_ctx);
240 memset(winctx, 0, sizeof(winSsh_gss_ctx));
242 /* prepare our "wrapper" structure */
243 winctx->maj_stat = winctx->min_stat = SEC_E_OK;
244 winctx->context_handle = NULL;
246 /* Specifying no principal name here means use the credentials of
247 the current logged-in user */
249 winctx->maj_stat = p_AcquireCredentialsHandleA(NULL,
251 SECPKG_CRED_OUTBOUND,
256 &winctx->cred_handle,
259 if (winctx->maj_stat != SEC_E_OK) return SSH_GSS_FAILURE;
261 *ctx = (Ssh_gss_ctx) winctx;
266 static Ssh_gss_stat ssh_sspi_init_sec_context(struct ssh_gss_library *lib,
268 Ssh_gss_name srv_name,
270 Ssh_gss_buf *recv_tok,
271 Ssh_gss_buf *send_tok)
273 winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) *ctx;
274 SecBuffer wsend_tok = {send_tok->length,SECBUFFER_TOKEN,send_tok->value};
275 SecBuffer wrecv_tok = {recv_tok->length,SECBUFFER_TOKEN,recv_tok->value};
276 SecBufferDesc output_desc={SECBUFFER_VERSION,1,&wsend_tok};
277 SecBufferDesc input_desc ={SECBUFFER_VERSION,1,&wrecv_tok};
278 unsigned long flags=ISC_REQ_MUTUAL_AUTH|ISC_REQ_REPLAY_DETECT|
279 ISC_REQ_CONFIDENTIALITY|ISC_REQ_ALLOCATE_MEMORY;
280 unsigned long ret_flags=0;
282 /* check if we have to delegate ... */
283 if (to_deleg) flags |= ISC_REQ_DELEGATE;
284 winctx->maj_stat = p_InitializeSecurityContextA(&winctx->cred_handle,
285 winctx->context_handle,
289 SECURITY_NATIVE_DREP,
297 /* prepare for the next round */
298 winctx->context_handle = &winctx->context;
299 send_tok->value = wsend_tok.pvBuffer;
300 send_tok->length = wsend_tok.cbBuffer;
302 /* check & return our status */
303 if (winctx->maj_stat==SEC_E_OK) return SSH_GSS_S_COMPLETE;
304 if (winctx->maj_stat==SEC_I_CONTINUE_NEEDED) return SSH_GSS_S_CONTINUE_NEEDED;
306 return SSH_GSS_FAILURE;
309 static Ssh_gss_stat ssh_sspi_free_tok(struct ssh_gss_library *lib,
310 Ssh_gss_buf *send_tok)
313 if (send_tok == NULL) return SSH_GSS_FAILURE;
315 /* free Windows buffer */
316 p_FreeContextBuffer(send_tok->value);
317 SSH_GSS_CLEAR_BUF(send_tok);
322 static Ssh_gss_stat ssh_sspi_release_cred(struct ssh_gss_library *lib,
325 winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) *ctx;
328 if (winctx == NULL) return SSH_GSS_FAILURE;
330 /* free Windows data */
331 p_FreeCredentialsHandle(&winctx->cred_handle);
332 p_DeleteSecurityContext(&winctx->context);
334 /* delete our "wrapper" structure */
336 *ctx = (Ssh_gss_ctx) NULL;
342 static Ssh_gss_stat ssh_sspi_release_name(struct ssh_gss_library *lib,
343 Ssh_gss_name *srv_name)
345 char *pStr= (char *) *srv_name;
347 if (pStr == NULL) return SSH_GSS_FAILURE;
349 *srv_name = (Ssh_gss_name) NULL;
354 static Ssh_gss_stat ssh_sspi_display_status(struct ssh_gss_library *lib,
355 Ssh_gss_ctx ctx, Ssh_gss_buf *buf)
357 winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) ctx;
360 if (winctx == NULL) return SSH_GSS_FAILURE;
362 /* decode the error code */
363 switch (winctx->maj_stat) {
364 case SEC_E_OK: msg="SSPI status OK"; break;
365 case SEC_E_INVALID_HANDLE: msg="The handle passed to the function"
368 case SEC_E_TARGET_UNKNOWN: msg="The target was not recognized."; break;
369 case SEC_E_LOGON_DENIED: msg="The logon failed."; break;
370 case SEC_E_INTERNAL_ERROR: msg="The Local Security Authority cannot"
373 case SEC_E_NO_CREDENTIALS: msg="No credentials are available in the"
374 " security package.";
376 case SEC_E_NO_AUTHENTICATING_AUTHORITY:
377 msg="No authority could be contacted for authentication."
378 "The domain name of the authenticating party could be wrong,"
379 " the domain could be unreachable, or there might have been"
380 " a trust relationship failure.";
382 case SEC_E_INSUFFICIENT_MEMORY:
383 msg="One or more of the SecBufferDesc structures passed as"
384 " an OUT parameter has a buffer that is too small.";
386 case SEC_E_INVALID_TOKEN:
387 msg="The error is due to a malformed input token, such as a"
388 " token corrupted in transit, a token"
389 " of incorrect size, or a token passed into the wrong"
390 " security package. Passing a token to"
391 " the wrong package can happen if client and server did not"
392 " negotiate the proper security package.";
395 msg = "Internal SSPI error";
399 buf->value = dupstr(msg);
400 buf->length = strlen(buf->value);
405 static Ssh_gss_stat ssh_sspi_get_mic(struct ssh_gss_library *lib,
406 Ssh_gss_ctx ctx, Ssh_gss_buf *buf,
409 winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) ctx;
410 SecPkgContext_Sizes ContextSizes;
411 SecBufferDesc InputBufferDescriptor;
412 SecBuffer InputSecurityToken[2];
414 if (winctx == NULL) return SSH_GSS_FAILURE;
416 winctx->maj_stat = 0;
418 memset(&ContextSizes, 0, sizeof(ContextSizes));
420 winctx->maj_stat = p_QueryContextAttributesA(&winctx->context,
424 if (winctx->maj_stat != SEC_E_OK ||
425 ContextSizes.cbMaxSignature == 0)
426 return winctx->maj_stat;
428 InputBufferDescriptor.cBuffers = 2;
429 InputBufferDescriptor.pBuffers = InputSecurityToken;
430 InputBufferDescriptor.ulVersion = SECBUFFER_VERSION;
431 InputSecurityToken[0].BufferType = SECBUFFER_DATA;
432 InputSecurityToken[0].cbBuffer = buf->length;
433 InputSecurityToken[0].pvBuffer = buf->value;
434 InputSecurityToken[1].BufferType = SECBUFFER_TOKEN;
435 InputSecurityToken[1].cbBuffer = ContextSizes.cbMaxSignature;
436 InputSecurityToken[1].pvBuffer = snewn(ContextSizes.cbMaxSignature, char);
438 winctx->maj_stat = p_MakeSignature(&winctx->context,
440 &InputBufferDescriptor,
443 if (winctx->maj_stat == SEC_E_OK) {
444 hash->length = InputSecurityToken[1].cbBuffer;
445 hash->value = InputSecurityToken[1].pvBuffer;
448 return winctx->maj_stat;
451 static Ssh_gss_stat ssh_sspi_free_mic(struct ssh_gss_library *lib,
458 static void ssh_sspi_bind_fns(struct ssh_gss_library *lib)
460 lib->indicate_mech = ssh_sspi_indicate_mech;
461 lib->import_name = ssh_sspi_import_name;
462 lib->release_name = ssh_sspi_release_name;
463 lib->init_sec_context = ssh_sspi_init_sec_context;
464 lib->free_tok = ssh_sspi_free_tok;
465 lib->acquire_cred = ssh_sspi_acquire_cred;
466 lib->release_cred = ssh_sspi_release_cred;
467 lib->get_mic = ssh_sspi_get_mic;
468 lib->free_mic = ssh_sspi_free_mic;
469 lib->display_status = ssh_sspi_display_status;
474 /* Dummy function so this source file defines something if NO_GSSAPI
477 void ssh_gss_init(void)