Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kerberos smart card credentials handling #143

Merged
merged 86 commits into from
Aug 25, 2023
Merged

Kerberos smart card credentials handling #143

Changes from 2 commits
Commits
Show all changes
86 commits
Select commit Hold shift + click to select a range
bae70b9
feat(sspi): add scard feature;
TheBestTvarynka Jul 16, 2023
f59c379
fix(ntlm): warnings
TheBestTvarynka Jul 16, 2023
ff9b339
feat(ffi): add scrd feature
TheBestTvarynka Jul 16, 2023
2159b19
feat(kerberos): implement certificate extraction by thumbprint
TheBestTvarynka Jul 17, 2023
752de6c
feat(sspi): builders: implement the transform method for accept secur…
TheBestTvarynka Jul 17, 2023
49cbaa0
feat(sspi): builders: implement the transform method for acquire cred…
TheBestTvarynka Jul 17, 2023
5819366
feat(sspi): builders: implement the transform method for init sec con…
TheBestTvarynka Jul 17, 2023
0f64ac4
feat(auth_identity): add and implement Credetials/CredentialsBuffers
TheBestTvarynka Jul 17, 2023
ad4c612
feat(sspi): negotiate: improved credentials passing: now we can pass …
TheBestTvarynka Jul 17, 2023
99b5767
feat(sspi): kerberos: improved credentials passing: now we can pass r…
TheBestTvarynka Jul 17, 2023
bbe8c67
fix(sspi): builders: accept_sec_context: change lifetime too in full_…
TheBestTvarynka Jul 18, 2023
3291998
fix(sspi): builder: acq_cred_handle: change lifetime too in full_tran…
TheBestTvarynka Jul 18, 2023
01f59ec
fix(sspi): builder: init_sec_context: change lifetime too in full_tra…
TheBestTvarynka Jul 18, 2023
28ceadd
fix(sspi): negotiate: mutation and references errors
TheBestTvarynka Jul 18, 2023
ba8d7fa
feat(sspi): credssp: improved credentials passing: now we can pass re…
TheBestTvarynka Jul 18, 2023
9c71619
feat(sspi): sspi_cred_ssp: improved credentials passing: now we can p…
TheBestTvarynka Jul 18, 2023
c913293
feat(ffi): add support of the Credentials/CredentialsBuffers instead …
TheBestTvarynka Jul 18, 2023
b78f390
feat(sspi): auth_identity: add username field to smart card creds;
TheBestTvarynka Jul 21, 2023
075ed41
feat(ffi): handle smart card creds in tsssp;
TheBestTvarynka Jul 27, 2023
e9b12c0
feat(ffi): small refactoring
TheBestTvarynka Jul 27, 2023
5f76d84
feat(ffi): format code;
TheBestTvarynka Jul 27, 2023
53c5e78
feat(cargo.toml): temporary replaces picky-* crates with local ones;
TheBestTvarynka Aug 9, 2023
845832e
feat(credssp): ts_request: improve credentials encoding/decoding: use…
TheBestTvarynka Aug 9, 2023
3591304
feat(credssp): ts_request: tests: improved tests according to the cre…
TheBestTvarynka Aug 9, 2023
195fdaa
feat(sspi): refactor cert_utils and smart card credentials;
TheBestTvarynka Aug 16, 2023
351d746
feat(credssp): improved credentials encryption/decryption;
TheBestTvarynka Aug 9, 2023
ab36b1e
feat(sspi): credssp: format code. improve credentials encoding: remov…
TheBestTvarynka Aug 13, 2023
2699233
feat(sspi): auth_identity: add card_name, container_name, and csp_nam…
TheBestTvarynka Aug 13, 2023
999c400
fix(ffi): auth_identity: compilation error in smart card credentials;
TheBestTvarynka Aug 13, 2023
eaadcb5
feat(sspi): cert_utils: implement smart card info (key container name…
TheBestTvarynka Aug 13, 2023
9407775
feat(sspi): cert_utils: implememt user name extraction from the smart…
TheBestTvarynka Aug 13, 2023
12f50af
feat(ffi): auth_identity: improve credentials gathering;
TheBestTvarynka Aug 13, 2023
88c1062
feat(ffi): format code;
TheBestTvarynka Aug 13, 2023
29cf34b
feat(sspi): cert_utils: format code;
TheBestTvarynka Aug 13, 2023
6a3240c
feat(sspi): cert_utils: improve logging;
TheBestTvarynka Aug 14, 2023
ff77833
fix(sspi): cert_utils: smart card info finalizing;
TheBestTvarynka Aug 14, 2023
ab18461
fix(sspi): credssp: ts_request: smart card credentials encoding;
TheBestTvarynka Aug 14, 2023
9fd02e7
feat(ffi): auth_identity: improve smart card creds handling;
TheBestTvarynka Aug 14, 2023
4f46ddd
feat(sspi): auth_identity: add private_key_file_index field;
TheBestTvarynka Aug 14, 2023
bf56850
feat(sspi): cert_utils: implement private_key_file_index calculation;
TheBestTvarynka Aug 14, 2023
464641f
feat(ffi): auth_identity: improve smart card creds handling;
TheBestTvarynka Aug 14, 2023
a0d7131
feat(sspi): auth_identity: smart card: make scard name optional;
TheBestTvarynka Aug 15, 2023
bb9f5d0
feat(sspi): credssp: improve smart card creds writing;
TheBestTvarynka Aug 15, 2023
055f2e6
feat(ffi): auth_identity: improve smart card credentials handlings;
TheBestTvarynka Aug 15, 2023
df7d1f0
feat(ffi): fix clippy warnings;
TheBestTvarynka Aug 15, 2023
fdbc5fc
feat(sspi): negotiate: fix clippy warnings;
TheBestTvarynka Aug 15, 2023
0880fc0
feat(sspi): builders: fix clippy warnings;
TheBestTvarynka Aug 15, 2023
6de545b
fix(sspi): cert_utils: private_key_index calculation;
TheBestTvarynka Aug 15, 2023
032e1c6
fix(ffi): auth_identity: smart card creds handling: add null byte to …
TheBestTvarynka Aug 15, 2023
d7d949a
feat(sspi): return error from SspiEx::custom_set_auth_identity method;
TheBestTvarynka Aug 15, 2023
622e6d4
feat(sspi): utils: improve string_to_utf16 function;
TheBestTvarynka Aug 15, 2023
75edea3
feat(sspi): auth_identity: add more doc commets. improve conversion;
TheBestTvarynka Aug 15, 2023
c345505
feat(sspi): credssp: small refactoring;
TheBestTvarynka Aug 15, 2023
0707394
fix(sspi): pku2u: return Result from custom_set_auth_identity function;
TheBestTvarynka Aug 16, 2023
dd3f9c9
fix(sspi): kerberos: return Result from custom_set_auth_identity func…
TheBestTvarynka Aug 16, 2023
0614542
feat(sspi): negotiate: small refactoring;
TheBestTvarynka Aug 15, 2023
8f02d9c
feat(sspi): builders: small refactoring. add more comments;
TheBestTvarynka Aug 15, 2023
1171daa
feat(sspi): ntlm: small refactoring;
TheBestTvarynka Aug 15, 2023
30ccb2d
feat(sspi): credssp: small refactoring. improve conditional compilation;
TheBestTvarynka Aug 15, 2023
3b086f4
feat(sspi): cert_utils: code and tests refactoring. add more comments…
TheBestTvarynka Aug 15, 2023
df69f56
feat(ffi): sec_handle: refactor acquire credentials handle;
TheBestTvarynka Aug 15, 2023
9bd7bd3
feat(ffi): utils: remove uneeded function str_to_utf16_bytes;
TheBestTvarynka Aug 15, 2023
ab38e33
feat(ffi): auth_identity: small refactoring;
TheBestTvarynka Aug 15, 2023
5b42210
feat(sspi): Cargo.toml: remove default features;
TheBestTvarynka Aug 15, 2023
793af2e
sspi: refactoring;
TheBestTvarynka Aug 16, 2023
2159a7e
feat(sspi): cert_utils: improved upn extraction from certificate;
TheBestTvarynka Aug 17, 2023
3e5ce34
feat(sspi): format code;
TheBestTvarynka Aug 17, 2023
12e0645
feat(ffi): remove default features. improve conditional compilation;
TheBestTvarynka Aug 17, 2023
4c90b88
feat(sspi): cert_utils: improve conditional compilation;
TheBestTvarynka Aug 18, 2023
4652e80
feat(ffi): auth_identity: improve conditional compilation;
TheBestTvarynka Aug 18, 2023
33aab3e
feat(sspi): update picky-* dependencies: replace local paths with git…
TheBestTvarynka Aug 18, 2023
bcb1c3c
feat(sspi): small refactoring;
TheBestTvarynka Aug 18, 2023
d2d25cb
feat(ffi): format code;
TheBestTvarynka Aug 18, 2023
671a000
revert rust toolchain version: 1.71.0 -> 1.71.1;
TheBestTvarynka Aug 18, 2023
d20660d
feat(sspi): add support of smart card credentials in the credssp clie…
TheBestTvarynka Aug 23, 2023
75845a4
sspi: update picky-* dependencies
TheBestTvarynka Aug 23, 2023
b89ff48
fix: wasm-testcompile compilation
TheBestTvarynka Aug 23, 2023
9e3eb9d
feat(ffi): add comment about SEC_WINNT_AUTH_IDENTITY_UNICODE flag
TheBestTvarynka Aug 23, 2023
ba71154
feat(ffi): revert and improve auth_data_to_identity_buffers function
TheBestTvarynka Aug 25, 2023
eafbbda
fix(ffi): replace auth_data_to_identity_buffers_q/w with auth_data_to…
TheBestTvarynka Aug 25, 2023
9046202
feat(ffi): add comment about auth_data_to_identity_buffers function
TheBestTvarynka Aug 25, 2023
0455a71
fix(sspi): cert_utils module conditional compilation
TheBestTvarynka Aug 25, 2023
49e70c0
sspi: update picky-* dependencies
TheBestTvarynka Aug 25, 2023
55d2f9c
feat(ffi): improve smart card credentials detection
TheBestTvarynka Aug 25, 2023
0de5681
Merge branch 'kerberos-smart-card-credentials' of ssh://jira.dev.loca…
TheBestTvarynka Aug 25, 2023
ade277b
feat(ffi): improve smart card credentials handling. format code
TheBestTvarynka Aug 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions ffi/src/sec_winnt_auth_identity.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ use sspi::{AuthIdentityBuffers, CredentialsBuffers, Error, ErrorKind, Result};
use symbol_rename_macro::rename_symbol;
#[cfg(feature = "tsssp")]
use windows_sys::Win32::Security::Authentication::Identity::SspiIsAuthIdentityEncrypted;
#[cfg(feature = "scard")]
use winapi::um::wincred::CredIsMarshaledCredentialW;

use crate::sspi_data_types::{SecWChar, SecurityStatus};
use crate::utils::{c_w_str_to_string, into_raw_ptr, raw_str_into_bytes};
Expand Down Expand Up @@ -263,7 +265,7 @@ pub unsafe fn auth_data_to_identity_buffers_w(

// only marshaled smart card creds starts with '@' char
#[cfg(feature = "scard")]
if user[0] == b'@' {
if user[0] == b'@' && CredIsMarshaledCredentialW(user.as_ptr() as *const _) != 0 {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

calling CredIsMarshaledCredentialW should be enough, it checks for @@ under the hood anyway. maybe the only potential issue is that CredIsMarshaledCredentialW could return true for types other than 1

Copy link
Collaborator Author

@TheBestTvarynka TheBestTvarynka Aug 25, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

return handle_smart_card_creds(user, password);
}

Expand All @@ -283,7 +285,7 @@ pub unsafe fn auth_data_to_identity_buffers_w(

// only marshaled smart card creds starts with '@' char
#[cfg(feature = "scard")]
if user[0] == b'@' {
if user[0] == b'@' && CredIsMarshaledCredentialW(user.as_ptr() as *const _) != 0 {
return handle_smart_card_creds(user, password);
}

Expand Down Expand Up @@ -526,7 +528,7 @@ pub unsafe fn unpack_sec_winnt_auth_identity_ex2_w(p_auth_data: *const c_void) -

// only marshaled smart card creds starts with '@' char
#[cfg(feature = "scard")]
if username[0] == b'@' {
if username[0] == b'@' && CredIsMarshaledCredentialW(username.as_ptr() as *const _) != 0 {
// remove null
let new_len = password.as_ref().len() - 2;
password.as_mut().truncate(new_len);
Expand Down
Loading