/*

 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

#define UNICODE

#define _UNICODE

#include <windows.h>

#include <stdlib.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#define GSS_DLL_FILE

#define SECURITY_WIN32

#pragma comment(lib, "secur32.lib")

#define DEBUG

#ifdef DEBUG

TCHAR _bb[256];

#define SEC_SUCCESS(Status) \

        ((Status) >= 0 ? TRUE: \

        (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_IGNORE_INSERTS, \

            0, ss, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), _bb, 256, 0), \

        printf("SECURITY_STATUS: (%lx) %ls\n", ss, _bb), \

        FALSE))

#define PP(fmt, ...) \

        fprintf(stdout, "SSPI (%ld): ", __LINE__); \

        fprintf(stdout, fmt, ##__VA_ARGS__); \

        fprintf(stdout, "\n"); \

        fflush(stdout)

#else

#define SEC_SUCCESS(Status) ((Status) >= 0)

#define PP(dmt, ...)

#endif

gss_OID_desc KRB5_OID = {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};

gss_OID_desc SPNEGO_OID = {6, "\x2b\x06\x01\x05\x05\x02"};

gss_OID_desc USER_NAME_OID = {10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x01"};

gss_OID_desc HOST_SERVICE_NAME_OID = {10, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x01\x04"};

gss_OID_desc EXPORT_NAME_OID = {6, "\x2b\x06\x01\x05\x06\x04"};

// gss_name_t is Name*

// gss_cred_id_t is Credentials*. One CredHandle for each mech.

// gss_ctx_id_t is Context*

typedef struct {

    TCHAR PackageName[20];

    SEC_WCHAR* name;

} Name;

typedef struct {

    TCHAR PackageName[20];

    CredHandle* phCred;

    CtxtHandle hCtxt;

    DWORD cbMaxMessage;

    SecPkgContext_Sizes SecPkgContextSizes;

    SecPkgContext_NativeNames nnames;

    BOOLEAN established;

} Context;

typedef struct {

    TCHAR PackageName[20];

    CredHandle* phCred;

} OneCred;

typedef struct {

    int count;

    OneCred* creds;

    long time;

} Credential;

#ifdef __cplusplus

extern "C" {

#endif /* __cplusplus */

/* This section holds supporting functions that are not exported */

void showTime(TimeStamp* ts)

{

    SYSTEMTIME stLocal;

    FileTimeToSystemTime((FILETIME*)ts, &stLocal);

    // Build a string showing the date and time.

    PP("---------------");

    PP("TS low high %ld %ld", ts->LowPart, ts->HighPart);

    PP("Local: %02d/%02d/%d  %02d:%02d",

        stLocal.wMonth, stLocal.wDay, stLocal.wYear,

        stLocal.wHour, stLocal.wMinute);

}

long

SecondsUntil(TimeStamp *time)

{

    // time is local time

    ULARGE_INTEGER uiLocal;

    FILETIME nowUTC, nowLocal;

    GetSystemTimeAsFileTime(&nowUTC);

    if (FileTimeToLocalFileTime(&nowUTC, &nowLocal) == 0) {

        return -1;

    }

    uiLocal.HighPart = nowLocal.dwHighDateTime;

    uiLocal.LowPart = nowLocal.dwLowDateTime;

    long diff = (long)((time->QuadPart - uiLocal.QuadPart) / 10000000);

    if (diff < 0 || diff > 8640000) {

        // AcquireCredentialsHandle returns a strange TimeStamp.

        PP("SecondsUntil is %ld. Change to 1 day", diff);

        diff = 86400;

    }

    return diff;

}

Context*

NewContext(TCHAR* PackageName)

{

    SECURITY_STATUS ss;

    PSecPkgInfo pkgInfo;

    Context* out = new Context;

    if (out == NULL) {

        return NULL;

    }

    ss = QuerySecurityPackageInfo(PackageName, &pkgInfo);

    if (!SEC_SUCCESS(ss)) {

        delete out;

        return NULL;

    }

    out->phCred = NULL;

    out->cbMaxMessage = pkgInfo->cbMaxToken;

    FreeContextBuffer(pkgInfo);

    return out;

}

int

flagSspi2Gss(int fin)

{

    int fout = 0;

    if (fin & ISC_REQ_MUTUAL_AUTH) fout |= GSS_C_MUTUAL_FLAG;

    if (fin & ISC_REQ_CONFIDENTIALITY) fout |= GSS_C_CONF_FLAG;

    if (fin & ISC_REQ_DELEGATE) fout |= GSS_C_DELEG_FLAG;

    if (fin & ISC_REQ_INTEGRITY) fout |= GSS_C_INTEG_FLAG;

    if (fin & ISC_REQ_REPLAY_DETECT) fout |= GSS_C_REPLAY_FLAG;

    if (fin & ISC_REQ_SEQUENCE_DETECT) fout |= GSS_C_SEQUENCE_FLAG;

    return fout;

}

int

flagGss2Sspi(int fin)

{

    int fout = 0;

    if (fin & GSS_C_MUTUAL_FLAG) fout |= ISC_RET_MUTUAL_AUTH;

    if (fin & GSS_C_CONF_FLAG) fout |= ISC_RET_CONFIDENTIALITY;

    if (fin & GSS_C_DELEG_FLAG) fout |= ISC_RET_DELEGATE;

    if (fin & GSS_C_INTEG_FLAG) fout |= ISC_RET_INTEGRITY;

    if (fin & GSS_C_REPLAY_FLAG) fout |= ISC_RET_REPLAY_DETECT;

    if (fin & GSS_C_SEQUENCE_FLAG) fout |= ISC_RET_SEQUENCE_DETECT;

    return fout;

}

BOOLEAN

isKerberosOID(gss_OID mech)

{

    return mech->length == KRB5_OID.length

            && !memcmp(mech->elements, KRB5_OID.elements, KRB5_OID.length);

}

BOOLEAN

isNegotiateOID(gss_OID mech)

{

    return mech->length == SPNEGO_OID.length

            && !memcmp(mech->elements, SPNEGO_OID.elements, SPNEGO_OID.length);

}

void

displayOID(gss_OID mech)

{

    if (isKerberosOID(mech)) {

        PP("Kerberos OID");

    } else if (isNegotiateOID(mech)) {

        PP("SPNEGO OID");

    } else {

        PP("UNKNOWN %d", mech->length);

    }

}

void

displayOidSet(gss_OID_set mechs)

{

    if (mechs == NULL) {

        PP("OID set is NULL");

        return;

    }

    PP("set.count is %d", (int)mechs->count);

    for (int i = 0; i < mechs->count; i++) {

        displayOID(&mechs->elements[i]);

    }

}

/* End support section */

/* This section holds exported functions that currently have no implementation */

__declspec(dllexport) OM_uint32

gss_release_name(OM_uint32 *minor_status,

                 gss_name_t *name)

{

    PP(">>>> Calling gss_release_name %p...", *name);

    if (name != NULL && *name != GSS_C_NO_NAME) {

        Name* name1 = (Name*)*name;

        if (name1->name != NULL) {

            delete[] name1->name;

        }

        delete name1;

        *name = GSS_C_NO_NAME;

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_import_name(OM_uint32 *minor_status,

                gss_buffer_t input_name_buffer,

                gss_OID input_name_type,

                gss_name_t *output_name)

{

    PP(">>>> Calling gss_import_name...");

    Name* name = new Name;

    if (input_name_buffer == NULL || input_name_buffer->value == NULL

            || input_name_buffer->length == 0) {

        return GSS_S_CALL_INACCESSIBLE_READ;

    }

    int len = (int)input_name_buffer->length;

    LPSTR input = (LPSTR)input_name_buffer->value;

    BOOLEAN isNegotiate = true;

    if (input_name_type != NULL

            && input_name_type->length == EXPORT_NAME_OID.length

            && !memcmp(input_name_type->elements, EXPORT_NAME_OID.elements,

                    EXPORT_NAME_OID.length)) {

        len -= (int)input[3] + 8;

        isNegotiate = (int)input[3] == 6;

        input = input + (int)input[3] + 8;

    }

    SEC_WCHAR* value = new SEC_WCHAR[len + 1];

    if (value == NULL) {

        goto err;

    }

    if (MultiByteToWideChar(CP_ACP, 0, input, len, value, len) == 0) {

        goto err;

    }

    value[len] = 0;

    if (input_name_type != NULL

            && input_name_type->length == HOST_SERVICE_NAME_OID.length

            && !memcmp(input_name_type->elements, HOST_SERVICE_NAME_OID.elements,

                    HOST_SERVICE_NAME_OID.length)) {

        for (int i = 0; i < len; i++) {

            if (value[i] == '@') {

                value[i] = '/';

                break;

            }

        }

    }

    name->name = value;

    *output_name = (gss_name_t) name;

    return GSS_S_COMPLETE;

err:

    if (value != NULL) {

        delete[] value;

    }

    delete name;

    return GSS_S_FAILURE;

}

__declspec(dllexport) OM_uint32

gss_compare_name(OM_uint32 *minor_status,

                 gss_name_t name1,

                 gss_name_t name2,

                 int *name_equal)

{

    PP(">>>> Calling gss_compare_name...");

    if (name1 == NULL || name2 == NULL) {

        *name_equal = 0;

        return GSS_S_CALL_INACCESSIBLE_READ;

    }

    SEC_WCHAR* names1 = ((Name*)name1)->name;

    SEC_WCHAR* names2 = ((Name*)name2)->name;

    if (lstrcmp(names1, names2)) {

        *name_equal = 0;

    } else {

        *name_equal = 1;

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_canonicalize_name(OM_uint32 *minor_status,

                      gss_name_t input_name,

                      gss_OID mech_type,

                      gss_name_t *output_name)

{

    PP(">>>> Calling gss_canonicalize_name...");

    Name* names1 = (Name*)input_name;

    Name* names2 = new Name;

    if (names2 == NULL) {

        return GSS_S_FAILURE;

    }

    PP("new name at %p", names2);

    names2->name = new SEC_WCHAR[lstrlen(names1->name) + 1];

    if (names2->name == NULL) {

        delete names2;

        return GSS_S_FAILURE;

    }

            ? L"Negotiate" : L"Kerberos");

    *output_name = (gss_name_t)names2;

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_export_name(OM_uint32 *minor_status,

                gss_name_t input_name,

                gss_buffer_t exported_name)

{

    PP(">>>> Calling gss_export_name...");

    Name* name1 = (Name*)input_name;

    SEC_WCHAR* names = name1->name;

    TCHAR mech = name1->PackageName[0];

    PP("name is %ls %ls", name1->PackageName, name1->name);

    int len = (int)wcslen(names);

    if (len < 256) {

        // 04 01 00 ** 06 ** OID len:int32 name

        int mechLen = mech == 'K' ? KRB5_OID.length : SPNEGO_OID.length;

        char* buffer = new char[10 + mechLen + len];

        if (buffer == NULL) {

            return GSS_S_FAILURE;

        }

        buffer[0] = 4;

        buffer[1] = 1;

        buffer[2] = 0;

        buffer[3] = 2 + mechLen;

        buffer[4] = 6;

        buffer[5] = mechLen;

        buffer[6 + mechLen] = buffer[7 + mechLen] = buffer[8 + mechLen] = 0;

        buffer[9 + mechLen] = (char)len;

        if (WideCharToMultiByte(CP_ACP, 0, names, len,

                    buffer+10+mechLen, len, NULL, NULL) == 0) {

            delete buffer;

            return GSS_S_FAILURE;

        }

        exported_name->length = 10 + mechLen + len;

        exported_name->value = buffer;

        return GSS_S_COMPLETE;

    } else {

        return GSS_S_FAILURE;

    }

}

__declspec(dllexport) OM_uint32

gss_display_name(OM_uint32 *minor_status,

                 gss_name_t input_name,

                 gss_buffer_t output_name_buffer,

                 gss_OID *output_name_type)

{

    PP(">>>> Calling gss_display_name...");

    SEC_WCHAR* names = ((Name*)input_name)->name;

    int len = (int)wcslen(names);

    char* buffer = new char[len+1];

    if (WideCharToMultiByte(CP_ACP, 0, names, len, buffer, len, NULL, NULL) == 0) {

        return GSS_S_FAILURE;

    }

    buffer[len] = 0;

    output_name_buffer->length = len;

    output_name_buffer->value = buffer;

    PP("Name found: %ls", names);

    PP("%d [%s]", len, buffer);

    if (output_name_type != NULL) {

        *output_name_type = &USER_NAME_OID;

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_acquire_cred(OM_uint32 *minor_status,

                 gss_name_t desired_name,

                 OM_uint32 time_req,

                 gss_OID_set desired_mech,

                 gss_cred_usage_t cred_usage,

                 gss_cred_id_t *output_cred_handle,

                 gss_OID_set *actual_mechs,

                 OM_uint32 *time_rec)

{

    PP(">>>> Calling gss_acquire_cred...");

    SECURITY_STATUS ss;

    TimeStamp ts;

    ts.QuadPart = 0;

    cred_usage = 0;

    PP("AcquireCredentialsHandle with %d %p", cred_usage, desired_mech);

    displayOidSet(desired_mech);

    Credential* cred = new Credential();

    cred->count = (int)desired_mech->count;

    cred->creds = new OneCred[cred->count];

    for (int i = 0; i < cred->count; i++) {

        TCHAR* name = isKerberosOID(&desired_mech->elements[i])

                ? L"Kerberos" : L"Negotiate";

        cred->creds[i].phCred = new CredHandle();

        ts.QuadPart = 0;

        ss = AcquireCredentialsHandle(

                NULL,

                name,

                cred_usage == 0 ? SECPKG_CRED_BOTH :

                    (cred_usage == 1 ? SECPKG_CRED_OUTBOUND : SECPKG_CRED_INBOUND),

                NULL,

                NULL,

                NULL,

                NULL,

                cred->creds[i].phCred,

                &ts);

    }

    actual_mechs = &desired_mech; // dup?

    *output_cred_handle = (void*)cred;

    showTime(&ts);

    cred->time = SecondsUntil(&ts);

    if (time_rec != NULL) {

        *time_rec = cred->time;

    }

    if (desired_name != NULL) {

        gss_name_t realname;

        gss_inquire_cred(minor_status, *output_cred_handle, &realname,

                NULL, NULL, NULL);

        SEC_WCHAR* dnames = ((Name*)desired_name)->name;

        SEC_WCHAR* rnames = ((Name*)realname)->name;

        PP("comp name %ls %ls", dnames, rnames);

        int cmp = lstrcmp(dnames, rnames);

        gss_release_name(minor_status, &realname);

        return cmp ? GSS_S_FAILURE : GSS_S_COMPLETE; // Only support default cred

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32

gss_release_cred(OM_uint32 *minor_status,

                 gss_cred_id_t *cred_handle)

{

    PP(">>>> Calling gss_release_cred...");

    if (cred_handle && *cred_handle) {

        Credential* cred = (Credential*)*cred_handle;

        for (int i = 0; i < cred->count; i++) {

            FreeCredentialsHandle(cred->creds[i].phCred);

            delete cred->creds[i].phCred;

        }

        delete cred;

        *cred_handle = GSS_C_NO_CREDENTIAL;

    }

    return GSS_S_COMPLETE;

}

__declspec(dllexport) OM_uint32