search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dwrite/layout: Constify some internal helpers arguments.
[wine.git] / dlls / secur32 / negotiate.c
bloba63e458750ff7e452a7a3414448b91b192de3920
1 /*
2 * Copyright 2005 Kai Blin
3 * Copyright 2012 Hans Leidekker for CodeWeavers
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 */
19
20 #include <stdarg.h>
21 #include <stdlib.h>
22 #include "windef.h"
23 #include "winbase.h"
24 #include "sspi.h"
25 #include "rpc.h"
26 #include "wincred.h"
27
28 #include "wine/debug.h"
29 #include "secur32_priv.h"
30
31 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
32
33 /***********************************************************************
34 * QueryCredentialsAttributesA
35 */
36 static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesA(
37 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
38 {
39 FIXME("%p, %lu, %p\n", phCredential, ulAttribute, pBuffer);
40 return SEC_E_UNSUPPORTED_FUNCTION;
41 }
42
43 /***********************************************************************
44 * QueryCredentialsAttributesW
45 */
46 static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesW(
47 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
48 {
49 FIXME("%p, %lu, %p\n", phCredential, ulAttribute, pBuffer);
50 return SEC_E_UNSUPPORTED_FUNCTION;
51 }
52
53 struct sec_handle
54 {
55 SecureProvider *krb;
56 SecureProvider *ntlm;
57 SecHandle handle_krb;
58 SecHandle handle_ntlm;
59 };
60
61 #define WINE_NO_CACHED_CREDENTIALS 0x10000000
62
63 /***********************************************************************
64 * AcquireCredentialsHandleW
65 */
66 static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW(
67 SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
68 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
69 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
70 {
71 static SEC_WCHAR ntlmW[] = {'N','T','L','M',0};
72 static SEC_WCHAR kerberosW[] = {'K','e','r','b','e','r','o','s',0};
73 SECURITY_STATUS ret = SEC_E_NO_CREDENTIALS;
74 struct sec_handle *cred;
75 SecurePackage *package;
76
77 TRACE("%s, %s, 0x%08lx, %p, %p, %p, %p, %p, %p\n",
78 debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
79 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
80
81 if (!pszPackage) return SEC_E_SECPKG_NOT_FOUND;
82 if (!(cred = calloc( 1, sizeof(*cred) ))) return SEC_E_INSUFFICIENT_MEMORY;
83
84 if ((package = SECUR32_findPackageW( kerberosW )))
85 {
86 ret = package->provider->fnTableW.AcquireCredentialsHandleW( pszPrincipal, kerberosW,
87 fCredentialUse, pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, &cred->handle_krb, ptsExpiry );
88 if (ret == SEC_E_OK) cred->krb = package->provider;
89 }
90
91 if ((package = SECUR32_findPackageW( ntlmW )))
92 {
93 ULONG cred_use = pAuthData ? fCredentialUse : fCredentialUse | WINE_NO_CACHED_CREDENTIALS;
94
95 ret = package->provider->fnTableW.AcquireCredentialsHandleW( pszPrincipal, ntlmW,
96 cred_use, pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, &cred->handle_ntlm, ptsExpiry );
97 if (ret == SEC_E_OK) cred->ntlm = package->provider;
98 }
99
100 if (cred->krb || cred->ntlm)
101 {
102 phCredential->dwLower = (ULONG_PTR)cred;
103 phCredential->dwUpper = 0;
104 return SEC_E_OK;
105 }
106
107 free( cred );
108 return ret;
109 }
110
111 /***********************************************************************
112 * AcquireCredentialsHandleA
113 */
114 static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
115 SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
116 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
117 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
118 {
119 SECURITY_STATUS ret = SEC_E_INSUFFICIENT_MEMORY;
120 SEC_WCHAR *package = NULL;
121 SEC_WINNT_AUTH_IDENTITY_A *id = pAuthData;
122 SEC_WINNT_AUTH_IDENTITY_W idW = {};
123
124 TRACE("%s, %s, 0x%08lx, %p, %p, %p, %p, %p, %p\n",
125 debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
126 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
127
128 if (pszPackage)
129 {
130 int package_len = MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, NULL, 0 );
131 if (!(package = malloc( package_len * sizeof(SEC_WCHAR) ))) return SEC_E_INSUFFICIENT_MEMORY;
132 MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, package, package_len );
133 }
134 if (id && id->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
135 {
136 idW.UserLength = MultiByteToWideChar( CP_ACP, 0, (const char *)id->User, id->UserLength, NULL, 0 );
137 if (!(idW.User = malloc( idW.UserLength * sizeof(SEC_WCHAR) ))) goto done;
138 MultiByteToWideChar( CP_ACP, 0, (const char *)id->User, id->UserLength, idW.User, idW.UserLength );
139
140 idW.DomainLength = MultiByteToWideChar( CP_ACP, 0, (const char *)id->Domain, id->DomainLength, NULL, 0 );
141 if (!(idW.Domain = malloc( idW.DomainLength * sizeof(SEC_WCHAR) ))) goto done;
142 MultiByteToWideChar( CP_ACP, 0, (const char *)id->Domain, id->DomainLength, idW.Domain, idW.DomainLength );
143
144 idW.PasswordLength = MultiByteToWideChar( CP_ACP, 0, (const char *)id->Password, id->PasswordLength, NULL, 0 );
145 if (!(idW.Password = malloc( idW.PasswordLength * sizeof(SEC_WCHAR) ))) goto done;
146 MultiByteToWideChar( CP_ACP, 0, (const char *)id->Password, id->PasswordLength, idW.Password, idW.PasswordLength );
147
148 idW.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
149 pAuthData = &idW;
150 }
151
152 ret = nego_AcquireCredentialsHandleW( NULL, package, fCredentialUse, pLogonID, pAuthData,
153 pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry );
154 done:
155 free( package );
156 return ret;
157 }
158
159 /***********************************************************************
160 * InitializeSecurityContextW
161 */
162 static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW(
163 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
164 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
165 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
166 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
167 {
168 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
169 struct sec_handle *handle = NULL, *ctxt, *new_ctxt = NULL, *cred = NULL;
170
171 TRACE("%p, %p, %s, 0x%08lx, %lu, %lu, %p, %lu, %p, %p, %p, %p\n",
172 phCredential, phContext, debugstr_w(pszTargetName), fContextReq,
173 Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
174 pfContextAttr, ptsExpiry);
175
176 if (phContext)
177 {
178 handle = ctxt = (struct sec_handle *)phContext->dwLower;
179 }
180 else if (phCredential)
181 {
182 handle = cred = (struct sec_handle *)phCredential->dwLower;
183 if (!(new_ctxt = ctxt = calloc( 1, sizeof(*ctxt) ))) return SEC_E_INSUFFICIENT_MEMORY;
184 ctxt->krb = cred->krb;
185 ctxt->ntlm = cred->ntlm;
186 }
187 if (!handle) return SEC_E_INVALID_HANDLE;
188
189 if (handle->krb)
190 {
191 ret = handle->krb->fnTableW.InitializeSecurityContextW( phCredential ? &cred->handle_krb : NULL,
192 phContext ? &ctxt->handle_krb : NULL, pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput,
193 Reserved2, phNewContext ? &ctxt->handle_krb : NULL, pOutput, pfContextAttr, ptsExpiry );
194 if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
195 {
196 ctxt->ntlm = NULL;
197 phNewContext->dwLower = (ULONG_PTR)ctxt;
198 phNewContext->dwUpper = 0;
199 if (new_ctxt == ctxt) new_ctxt = NULL;
200 }
201 }
202
203 if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED && handle->ntlm)
204 {
205 ret = handle->ntlm->fnTableW.InitializeSecurityContextW( phCredential ? &cred->handle_ntlm : NULL,
206 phContext ? &ctxt->handle_ntlm : NULL, pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput,
207 Reserved2, phNewContext ? &ctxt->handle_ntlm : NULL, pOutput, pfContextAttr, ptsExpiry );
208 if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
209 {
210 ctxt->krb = NULL;
211 phNewContext->dwLower = (ULONG_PTR)ctxt;
212 phNewContext->dwUpper = 0;
213 if (new_ctxt == ctxt) new_ctxt = NULL;
214 }
215 }
216
217 free( new_ctxt );
218 return ret;
219 }
220
221 /***********************************************************************
222 * InitializeSecurityContextA
223 */
224 static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA(
225 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
226 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
227 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
228 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
229 {
230 SECURITY_STATUS ret;
231 SEC_WCHAR *target = NULL;
232
233 TRACE("%p, %p, %s, 0x%08lx, %lu, %lu, %p, %lu, %p, %p, %p, %p\n",
234 phCredential, phContext, debugstr_a(pszTargetName), fContextReq,
235 Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
236 pfContextAttr, ptsExpiry);
237
238 if (pszTargetName)
239 {
240 int target_len = MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, NULL, 0 );
241 if (!(target = malloc( target_len * sizeof(SEC_WCHAR) ))) return SEC_E_INSUFFICIENT_MEMORY;
242 MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, target, target_len );
243 }
244 ret = nego_InitializeSecurityContextW( phCredential, phContext, target, fContextReq,
245 Reserved1, TargetDataRep, pInput, Reserved2,
246 phNewContext, pOutput, pfContextAttr, ptsExpiry );
247 free( target );
248 return ret;
249 }
250
251 /***********************************************************************
252 * AcceptSecurityContext
253 */
254 static SECURITY_STATUS SEC_ENTRY nego_AcceptSecurityContext(
255 PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
256 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
257 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
258 {
259 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
260 struct sec_handle *handle = NULL, *ctxt, *new_ctxt = NULL, *cred = NULL;
261
262 TRACE("%p, %p, %p, 0x%08lx, %lu, %p, %p, %p, %p\n", phCredential, phContext,
263 pInput, fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
264 ptsExpiry);
265
266 if (phContext)
267 {
268 handle = ctxt = (struct sec_handle *)phContext->dwLower;
269 }
270 else if (phCredential)
271 {
272 handle = cred = (struct sec_handle *)phCredential->dwLower;
273 if (!(new_ctxt = ctxt = calloc( 1, sizeof(*ctxt) ))) return SEC_E_INSUFFICIENT_MEMORY;
274 ctxt->krb = cred->krb;
275 ctxt->ntlm = cred->ntlm;
276 }
277 if (!handle) return SEC_E_INVALID_HANDLE;
278
279 if (handle->krb)
280 {
281 ret = handle->krb->fnTableW.AcceptSecurityContext( phCredential ? &cred->handle_krb : NULL,
282 phContext ? &ctxt->handle_krb : NULL, pInput, fContextReq, TargetDataRep,
283 phNewContext ? &ctxt->handle_krb : NULL, pOutput, pfContextAttr, ptsExpiry );
284 if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
285 {
286 ctxt->ntlm = NULL;
287 phNewContext->dwLower = (ULONG_PTR)ctxt;
288 phNewContext->dwUpper = 0;
289 if (new_ctxt == ctxt) new_ctxt = NULL;
290 }
291 }
292
293 if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED && handle->ntlm)
294 {
295 ret = handle->ntlm->fnTableW.AcceptSecurityContext( phCredential ? &cred->handle_ntlm : NULL,
296 phContext ? &ctxt->handle_ntlm : NULL, pInput, fContextReq, TargetDataRep,
297 phNewContext ? &ctxt->handle_ntlm : NULL, pOutput, pfContextAttr, ptsExpiry );
298 if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
299 {
300 ctxt->krb = NULL;
301 phNewContext->dwLower = (ULONG_PTR)ctxt;
302 phNewContext->dwUpper = 0;
303 if (new_ctxt == ctxt) new_ctxt = NULL;
304 }
305 }
306
307 free( new_ctxt );
308 return ret;
309 }
310
311 /***********************************************************************
312 * CompleteAuthToken
313 */
314 static SECURITY_STATUS SEC_ENTRY nego_CompleteAuthToken(PCtxtHandle phContext,
315 PSecBufferDesc pToken)
316 {
317 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
318
319 TRACE("%p %p\n", phContext, pToken);
320
321 if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
322 return ret;
323 }
324
325 /***********************************************************************
326 * DeleteSecurityContext
327 */
328 static SECURITY_STATUS SEC_ENTRY nego_DeleteSecurityContext(PCtxtHandle phContext)
329 {
330 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
331 struct sec_handle *ctxt;
332
333 TRACE("%p\n", phContext);
334
335 if (!phContext) return SEC_E_INVALID_HANDLE;
336
337 ctxt = (struct sec_handle *)phContext->dwLower;
338 if (ctxt->krb)
339 {
340 ret = ctxt->krb->fnTableW.DeleteSecurityContext( &ctxt->handle_krb );
341 }
342 else if (ctxt->ntlm)
343 {
344 ret = ctxt->ntlm->fnTableW.DeleteSecurityContext( &ctxt->handle_ntlm );
345 }
346 TRACE( "freeing %p\n", ctxt );
347 free( ctxt );
348 return ret;
349 }
350
351 /***********************************************************************
352 * ApplyControlToken
353 */
354 static SECURITY_STATUS SEC_ENTRY nego_ApplyControlToken(PCtxtHandle phContext,
355 PSecBufferDesc pInput)
356 {
357 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
358
359 TRACE("%p %p\n", phContext, pInput);
360
361 if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
362 return ret;
363 }
364
365 /***********************************************************************
366 * QueryContextAttributesW
367 */
368 static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(
369 PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
370 {
371 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
372 struct sec_handle *ctxt;
373
374 TRACE("%p, %lu, %p\n", phContext, ulAttribute, pBuffer);
375
376 if (!phContext) return SEC_E_INVALID_HANDLE;
377
378 ctxt = (struct sec_handle *)phContext->dwLower;
379 if (ctxt->krb)
380 {
381 ret = ctxt->krb->fnTableW.QueryContextAttributesW( &ctxt->handle_krb, ulAttribute, pBuffer );
382 }
383 else if (ctxt->ntlm)
384 {
385 ret = ctxt->ntlm->fnTableW.QueryContextAttributesW( &ctxt->handle_ntlm, ulAttribute, pBuffer );
386 }
387 return ret;
388 }
389
390 /***********************************************************************
391 * QueryContextAttributesA
392 */
393 static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesA(PCtxtHandle phContext,
394 ULONG ulAttribute, void *pBuffer)
395 {
396 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
397 struct sec_handle *ctxt;
398
399 TRACE("%p, %lu, %p\n", phContext, ulAttribute, pBuffer);
400
401 if (!phContext) return SEC_E_INVALID_HANDLE;
402
403 ctxt = (struct sec_handle *)phContext->dwLower;
404 if (ctxt->krb)
405 {
406 ret = ctxt->krb->fnTableA.QueryContextAttributesA( &ctxt->handle_krb, ulAttribute, pBuffer );
407 }
408 else if (ctxt->ntlm)
409 {
410 ret = ctxt->ntlm->fnTableA.QueryContextAttributesA( &ctxt->handle_ntlm, ulAttribute, pBuffer );
411 }
412 return ret;
413 }
414
415 /***********************************************************************
416 * ImpersonateSecurityContext
417 */
418 static SECURITY_STATUS SEC_ENTRY nego_ImpersonateSecurityContext(PCtxtHandle phContext)
419 {
420 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
421
422 TRACE("%p\n", phContext);
423
424 if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
425 return ret;
426 }
427
428 /***********************************************************************
429 * RevertSecurityContext
430 */
431 static SECURITY_STATUS SEC_ENTRY nego_RevertSecurityContext(PCtxtHandle phContext)
432 {
433 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
434
435 TRACE("%p\n", phContext);
436
437 if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
438 return ret;
439 }
440
441 /***********************************************************************
442 * MakeSignature
443 */
444 static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext,
445 ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
446 {
447 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
448 struct sec_handle *ctxt;
449
450 TRACE("%p, 0x%08lx, %p, %lu\n", phContext, fQOP, pMessage, MessageSeqNo);
451
452 if (!phContext) return SEC_E_INVALID_HANDLE;
453
454 ctxt = (struct sec_handle *)phContext->dwLower;
455 if (ctxt->krb)
456 {
457 ret = ctxt->krb->fnTableW.MakeSignature( &ctxt->handle_krb, fQOP, pMessage, MessageSeqNo );
458 }
459 else if (ctxt->ntlm)
460 {
461 ret = ctxt->ntlm->fnTableW.MakeSignature( &ctxt->handle_ntlm, fQOP, pMessage, MessageSeqNo );
462 }
463 return ret;
464 }
465
466 /***********************************************************************
467 * VerifySignature
468 */
469 static SECURITY_STATUS SEC_ENTRY nego_VerifySignature(PCtxtHandle phContext,
470 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
471 {
472 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
473 struct sec_handle *ctxt;
474
475 TRACE("%p, %p, %lu, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
476
477 if (!phContext) return SEC_E_INVALID_HANDLE;
478
479 ctxt = (struct sec_handle *)phContext->dwLower;
480 if (ctxt->krb)
481 {
482 ret = ctxt->krb->fnTableW.VerifySignature( &ctxt->handle_krb, pMessage, MessageSeqNo, pfQOP );
483 }
484 else if (ctxt->ntlm)
485 {
486 ret = ctxt->ntlm->fnTableW.VerifySignature( &ctxt->handle_ntlm, pMessage, MessageSeqNo, pfQOP );
487 }
488 return ret;
489 }
490
491 /***********************************************************************
492 * FreeCredentialsHandle
493 */
494 static SECURITY_STATUS SEC_ENTRY nego_FreeCredentialsHandle(PCredHandle phCredential)
495 {
496 struct sec_handle *cred;
497
498 TRACE("%p\n", phCredential);
499
500 if (!phCredential) return SEC_E_INVALID_HANDLE;
501
502 cred = (struct sec_handle *)phCredential->dwLower;
503 if (cred->krb) cred->krb->fnTableW.FreeCredentialsHandle( &cred->handle_krb );
504 if (cred->ntlm) cred->ntlm->fnTableW.FreeCredentialsHandle( &cred->handle_ntlm );
505
506 free( cred );
507 return SEC_E_OK;
508 }
509
510 /***********************************************************************
511 * EncryptMessage
512 */
513 static SECURITY_STATUS SEC_ENTRY nego_EncryptMessage(PCtxtHandle phContext,
514 ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
515 {
516 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
517 struct sec_handle *ctxt;
518
519 TRACE("%p, 0x%08lx, %p, %lu\n", phContext, fQOP, pMessage, MessageSeqNo);
520
521 if (!phContext) return SEC_E_INVALID_HANDLE;
522
523 ctxt = (struct sec_handle *)phContext->dwLower;
524 if (ctxt->krb)
525 {
526 ret = ctxt->krb->fnTableW.EncryptMessage( &ctxt->handle_krb, fQOP, pMessage, MessageSeqNo );
527 }
528 else if (ctxt->ntlm)
529 {
530 ret = ctxt->ntlm->fnTableW.EncryptMessage( &ctxt->handle_ntlm, fQOP, pMessage, MessageSeqNo );
531 }
532 return ret;
533 }
534
535 /***********************************************************************
536 * DecryptMessage
537 */
538 static SECURITY_STATUS SEC_ENTRY nego_DecryptMessage(PCtxtHandle phContext,
539 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
540 {
541 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
542 struct sec_handle *ctxt;
543
544 TRACE("%p, %p, %lu, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
545
546 if (!phContext) return SEC_E_INVALID_HANDLE;
547
548 ctxt = (struct sec_handle *)phContext->dwLower;
549 if (ctxt->krb)
550 {
551 ret = ctxt->krb->fnTableW.DecryptMessage( &ctxt->handle_krb, pMessage, MessageSeqNo, pfQOP );
552 }
553 else if (ctxt->ntlm)
554 {
555 ret = ctxt->ntlm->fnTableW.DecryptMessage( &ctxt->handle_ntlm, pMessage, MessageSeqNo, pfQOP );
556 }
557 return ret;
558 }
559
560 static const SecurityFunctionTableA negoTableA = {
561 1,
562 NULL, /* EnumerateSecurityPackagesA */
563 nego_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
564 nego_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
565 nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
566 NULL, /* Reserved2 */
567 nego_InitializeSecurityContextA, /* InitializeSecurityContextA */
568 nego_AcceptSecurityContext, /* AcceptSecurityContext */
569 nego_CompleteAuthToken, /* CompleteAuthToken */
570 nego_DeleteSecurityContext, /* DeleteSecurityContext */
571 nego_ApplyControlToken, /* ApplyControlToken */
572 nego_QueryContextAttributesA, /* QueryContextAttributesA */
573 nego_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
574 nego_RevertSecurityContext, /* RevertSecurityContext */
575 nego_MakeSignature, /* MakeSignature */
576 nego_VerifySignature, /* VerifySignature */
577 FreeContextBuffer, /* FreeContextBuffer */
578 NULL, /* QuerySecurityPackageInfoA */
579 NULL, /* Reserved3 */
580 NULL, /* Reserved4 */
581 NULL, /* ExportSecurityContext */
582 NULL, /* ImportSecurityContextA */
583 NULL, /* AddCredentialsA */
584 NULL, /* Reserved8 */
585 NULL, /* QuerySecurityContextToken */
586 nego_EncryptMessage, /* EncryptMessage */
587 nego_DecryptMessage, /* DecryptMessage */
588 NULL, /* SetContextAttributesA */
589 };
590
591 static const SecurityFunctionTableW negoTableW = {
592 1,
593 NULL, /* EnumerateSecurityPackagesW */
594 nego_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
595 nego_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
596 nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
597 NULL, /* Reserved2 */
598 nego_InitializeSecurityContextW, /* InitializeSecurityContextW */
599 nego_AcceptSecurityContext, /* AcceptSecurityContext */
600 nego_CompleteAuthToken, /* CompleteAuthToken */
601 nego_DeleteSecurityContext, /* DeleteSecurityContext */
602 nego_ApplyControlToken, /* ApplyControlToken */
603 nego_QueryContextAttributesW, /* QueryContextAttributesW */
604 nego_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
605 nego_RevertSecurityContext, /* RevertSecurityContext */
606 nego_MakeSignature, /* MakeSignature */
607 nego_VerifySignature, /* VerifySignature */
608 FreeContextBuffer, /* FreeContextBuffer */
609 NULL, /* QuerySecurityPackageInfoW */
610 NULL, /* Reserved3 */
611 NULL, /* Reserved4 */
612 NULL, /* ExportSecurityContext */
613 NULL, /* ImportSecurityContextW */
614 NULL, /* AddCredentialsW */
615 NULL, /* Reserved8 */
616 NULL, /* QuerySecurityContextToken */
617 nego_EncryptMessage, /* EncryptMessage */
618 nego_DecryptMessage, /* DecryptMessage */
619 NULL, /* SetContextAttributesW */
620 };
621
622 #define NEGO_MAX_TOKEN 12000
623
624 static WCHAR nego_name_W[] = {'N','e','g','o','t','i','a','t','e',0};
625 static char nego_name_A[] = "Negotiate";
626
627 static WCHAR negotiate_comment_W[] =
628 {'M','i','c','r','o','s','o','f','t',' ','P','a','c','k','a','g','e',' ',
629 'N','e','g','o','t','i','a','t','o','r',0};
630 static CHAR negotiate_comment_A[] = "Microsoft Package Negotiator";
631
632 #define CAPS ( \
633 SECPKG_FLAG_INTEGRITY | \
634 SECPKG_FLAG_PRIVACY | \
635 SECPKG_FLAG_CONNECTION | \
636 SECPKG_FLAG_MULTI_REQUIRED | \
637 SECPKG_FLAG_EXTENDED_ERROR | \
638 SECPKG_FLAG_IMPERSONATION | \
639 SECPKG_FLAG_ACCEPT_WIN32_NAME | \
640 SECPKG_FLAG_NEGOTIABLE | \
641 SECPKG_FLAG_GSS_COMPATIBLE | \
642 SECPKG_FLAG_LOGON | \
643 SECPKG_FLAG_RESTRICTED_TOKENS )
644
645 void SECUR32_initNegotiateSP(void)
646 {
647 SecureProvider *provider = SECUR32_addProvider(&negoTableA, &negoTableW, NULL);
648
649 const SecPkgInfoW infoW = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
650 nego_name_W, negotiate_comment_W};
651 const SecPkgInfoA infoA = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
652 nego_name_A, negotiate_comment_A};
653 SECUR32_addPackages(provider, 1L, &infoA, &infoW);
654 }
Windows API implementation