-
Notifications
You must be signed in to change notification settings - Fork 154
Expand file tree
/
Copy pathsecure.cpp
More file actions
187 lines (158 loc) · 5.73 KB
/
secure.cpp
File metadata and controls
187 lines (158 loc) · 5.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
//#include "common.h"
#ifdef JUNK
#ifdef WIN32
#define WIN32_LEAN_AND_MEAN
#ifndef UNICODE
#define UNICODE
#endif
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#include <windows.h>
#include <winsock2.h>
#include <mstcpip.h>
#include <ws2tcpip.h>
#include <rpc.h>
#include <ntdsapi.h>
#include <stdio.h>
#include <tchar.h>
#define RECV_DATA_BUF_SIZE 256
// Link with ws2_32.lib
#pragma comment(lib, "Ws2_32.lib")
// link with fwpuclnt.lib for Winsock secure socket extensions
#pragma comment(lib, "fwpuclnt.lib")
// link with ntdsapi.lib for DsMakeSpn function
#pragma comment(lib, "ntdsapi.lib")
// The following function assumes that Winsock
// has already been initialized
int
SecureTcpConnect(
unsigned long serverAddrLen,
const wchar_t * serverSPN,
const SOCKET_SECURITY_SETTINGS * securitySettings,
unsigned long settingsLen)
{
SOCKADDR_IN sockaddr;
/**
Routine Description:
This routine creates a TCP client socket, securely connects to the
specified server, sends & receives data from the server, and then closes
the socket
Arguments:
serverAddr - a pointer to the sockaddr structure for the server.
serverAddrLen - length of serverAddr in bytes
serverSPN - a NULL-terminated string representing the SPN
(service principal name) of the server host computer
securitySettings - pointer to the socket security settings that should be
applied to the connection
serverAddrLen - length of securitySettings in bytes
Return Value:
Winsock error code indicating the status of the operation, or NO_ERROR if
the operation succeeded.
--*/
int iresult = NOPROBLEM_BIT;
int sockErr = 0;
SOCKET sock = INVALID_SOCKET;
WSABUF wsaBuf = { 0 };
char *dataBuf = "12345678";
DWORD bytesSent = 0;
char recvBuf[RECV_DATA_BUF_SIZE] = { 0 };
DWORD bytesRecvd = 0;
DWORD flags = 0;
SOCKET_PEER_TARGET_NAME *peerTargetName = NULL;
DWORD serverSpnStringLen = (DWORD) wcslen(serverSPN);
DWORD peerTargetNameLen = sizeof (SOCKET_PEER_TARGET_NAME) +
(serverSpnStringLen * sizeof (wchar_t));
//-----------------------------------------
// Create a TCP socket
sock = WSASocket(sockaddr->sa_family,
SOCK_STREAM, IPPROTO_TCP, NULL, 0, 0);
if (sock == INVALID_SOCKET) {
iResult = WSAGetLastError();
wprintf(L"WSASocket returned error %ld\n", iResult);
goto cleanup;
}
//-----------------------------------------
// Turn on security for the socket.
sockErr = WSASetSocketSecurity(sock,
securitySettings, settingsLen, NULL, NULL);
if (sockErr == SOCKET_ERROR) {
iResult = WSAGetLastError();
wprintf(L"WSASetSocketSecurity returned error %ld\n", iResult);
goto cleanup;
}
//-----------------------------------------
// Specify the server SPN
peerTargetName = (SOCKET_PEER_TARGET_NAME *) HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY, peerTargetNameLen);
if (!peerTargetName) {
iResult = ERROR_NOT_ENOUGH_MEMORY;
wprintf(L"Out of memory\n");
goto cleanup;
}
// Use the security protocol as specified by the settings
peerTargetName->SecurityProtocol = securitySettings->SecurityProtocol;
// Specify the server SPN
peerTargetName->PeerTargetNameStringLen = serverSpnStringLen;
RtlCopyMemory((BYTE *) peerTargetName->AllStrings,
(BYTE *) serverSPN, serverSpnStringLen * sizeof (wchar_t)
);
sockErr = WSASetSocketPeerTargetName(sock,
peerTargetName,
peerTargetNameLen, NULL, NULL);
if (sockErr == SOCKET_ERROR) {
iResult = WSAGetLastError();
wprintf(L"WSASetSocketPeerTargetName returned error %ld\n", iResult);
goto cleanup;
}
//-----------------------------------------
// Connect to the server
sockErr = WSAConnect(sock,
serverAddr, serverAddrLen, NULL, NULL, NULL, NULL);
if (sockErr == SOCKET_ERROR) {
iResult = WSAGetLastError();
wprintf(L"WSAConnect returned error %ld\n", iResult);
goto cleanup;
}
// At this point a secure connection must have been established.
wprintf(L"Secure connection established to the server\n");
//-----------------------------------------
// Send some data securely
wsaBuf.len = (ULONG) strlen(dataBuf);
wsaBuf.buf = dataBuf;
sockErr = WSASend(sock, &wsaBuf, 1, &bytesSent, 0, NULL, NULL);
if (sockErr == SOCKET_ERROR) {
iResult = WSAGetLastError();
wprintf(L"WSASend returned error %ld\n", iResult);
goto cleanup;
}
wprintf(L"Sent %d bytes of data to the server\n", bytesSent);
//-----------------------------------------
// Receive server's response securely
wsaBuf.len = RECV_DATA_BUF_SIZE;
wsaBuf.buf = recvBuf;
sockErr = WSARecv(sock, &wsaBuf, 1, &bytesRecvd, &flags, NULL, NULL);
if (sockErr == SOCKET_ERROR) {
iResult = WSAGetLastError();
wprintf(L"WSARecv returned error %ld\n", iResult);
goto cleanup;
}
wprintf(L"Received %d bytes of data from the server\n", bytesRecvd);
cleanup:
if (sock != INVALID_SOCKET) {
//This will trigger the cleanup of all IPsec filters and policies that
//were added for this socket. The cleanup will happen only after all
//outstanding data has been sent out on the wire.
closesocket(sock);
}
if (peerTargetName) {
HeapFree(GetProcessHeap(), 0, peerTargetName);
}
return iResult;
}
#else
void SecureConnect(char* msg)
{
}
#endif
#endif