search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
winebus.sys: Add SDL to CriticalDeviceDatabase.
[wine.git] / dlls / secur32 / negotiate.c
blob0df950093e4ce741a805cf737cd1c41e419497e6
1 /*
2 * Copyright 2005 Kai Blin
3 * Copyright 2012 Hans Leidekker for CodeWeavers
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 */
19
20 #include <stdarg.h>
21 #include "windef.h"
22 #include "winbase.h"
23 #include "sspi.h"
24 #include "rpc.h"
25 #include "wincred.h"
26 #include "secur32_priv.h"
27
28 #include "wine/debug.h"
29 #include "wine/unicode.h"
30
31 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
32
33 /***********************************************************************
34 * QueryCredentialsAttributesA
35 */
36 static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesA(
37 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
38 {
39 FIXME("%p, %u, %p\n", phCredential, ulAttribute, pBuffer);
40 return SEC_E_UNSUPPORTED_FUNCTION;
41 }
42
43 /***********************************************************************
44 * QueryCredentialsAttributesW
45 */
46 static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesW(
47 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
48 {
49 FIXME("%p, %u, %p\n", phCredential, ulAttribute, pBuffer);
50 return SEC_E_UNSUPPORTED_FUNCTION;
51 }
52
53 struct sec_handle
54 {
55 SecureProvider *krb;
56 SecureProvider *ntlm;
57 SecHandle handle_krb;
58 SecHandle handle_ntlm;
59 };
60
61 /***********************************************************************
62 * AcquireCredentialsHandleW
63 */
64 static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW(
65 SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
66 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
67 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
68 {
69 static SEC_WCHAR ntlmW[] = {'N','T','L','M',0};
70 static SEC_WCHAR kerberosW[] = {'K','e','r','b','e','r','o','s',0};
71 SECURITY_STATUS ret = SEC_E_NO_CREDENTIALS;
72 struct sec_handle *cred;
73 SecurePackage *package;
74
75 TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
76 debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
77 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
78
79 if (!pszPackage) return SEC_E_SECPKG_NOT_FOUND;
80 if (!(cred = heap_alloc_zero( sizeof(*cred) ))) return SEC_E_INSUFFICIENT_MEMORY;
81
82 if ((package = SECUR32_findPackageW( kerberosW )))
83 {
84 ret = package->provider->fnTableW.AcquireCredentialsHandleW( pszPrincipal, kerberosW,
85 fCredentialUse, pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, &cred->handle_krb, ptsExpiry );
86 if (ret == SEC_E_OK) cred->krb = package->provider;
87 }
88
89 if ((package = SECUR32_findPackageW( ntlmW )))
90 {
91 ret = package->provider->fnTableW.AcquireCredentialsHandleW( pszPrincipal, ntlmW,
92 fCredentialUse, pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, &cred->handle_ntlm, ptsExpiry );
93 if (ret == SEC_E_OK)
94 {
95 NtlmCredentials *ntlm_cred = (NtlmCredentials *)cred->handle_ntlm.dwLower;
96 ntlm_cred->no_cached_credentials = (pAuthData == NULL);
97 cred->ntlm = package->provider;
98 }
99 }
100
101 if (cred->krb || cred->ntlm)
102 {
103 phCredential->dwLower = (ULONG_PTR)cred;
104 phCredential->dwUpper = 0;
105 return SEC_E_OK;
106 }
107
108 heap_free( cred );
109 return ret;
110 }
111
112 /***********************************************************************
113 * AcquireCredentialsHandleA
114 */
115 static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
116 SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
117 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
118 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
119 {
120 SECURITY_STATUS ret = SEC_E_INSUFFICIENT_MEMORY;
121 SEC_WCHAR *user = NULL, *domain = NULL, *passwd = NULL, *package = NULL;
122 SEC_WINNT_AUTH_IDENTITY_W *identityW = NULL;
123
124 TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
125 debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
126 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
127
128 if (pszPackage)
129 {
130 int package_len = MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, NULL, 0 );
131 if (!(package = heap_alloc( package_len * sizeof(SEC_WCHAR) ))) return SEC_E_INSUFFICIENT_MEMORY;
132 MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, package, package_len );
133 }
134 if (pAuthData)
135 {
136 SEC_WINNT_AUTH_IDENTITY_A *identity = pAuthData;
137 int user_len, domain_len, passwd_len;
138
139 if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
140 {
141 if (!(identityW = heap_alloc( sizeof(*identityW) ))) goto done;
142
143 if (!identity->UserLength) user_len = 0;
144 else
145 {
146 user_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User,
147 identity->UserLength, NULL, 0 );
148 if (!(user = heap_alloc( user_len * sizeof(SEC_WCHAR) ))) goto done;
149 MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User, identity->UserLength,
150 user, user_len );
151 }
152 if (!identity->DomainLength) domain_len = 0;
153 else
154 {
155 domain_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain,
156 identity->DomainLength, NULL, 0 );
157 if (!(domain = heap_alloc( domain_len * sizeof(SEC_WCHAR) ))) goto done;
158 MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain, identity->DomainLength,
159 domain, domain_len );
160 }
161 if (!identity->PasswordLength) passwd_len = 0;
162 else
163 {
164 passwd_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password,
165 identity->PasswordLength, NULL, 0 );
166 if (!(passwd = heap_alloc( passwd_len * sizeof(SEC_WCHAR) ))) goto done;
167 MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password, identity->PasswordLength,
168 passwd, passwd_len );
169 }
170 identityW->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
171 identityW->User = user;
172 identityW->UserLength = user_len;
173 identityW->Domain = domain;
174 identityW->DomainLength = domain_len;
175 identityW->Password = passwd;
176 identityW->PasswordLength = passwd_len;
177 }
178 else identityW = (SEC_WINNT_AUTH_IDENTITY_W *)identity;
179 }
180 ret = nego_AcquireCredentialsHandleW( NULL, package, fCredentialUse, pLogonID, identityW,
181 pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry );
182 done:
183 heap_free( package );
184 heap_free( user );
185 heap_free( domain );
186 heap_free( passwd );
187 heap_free( identityW );
188 return ret;
189 }
190
191 /***********************************************************************
192 * InitializeSecurityContextW
193 */
194 static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW(
195 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
196 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
197 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
198 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
199 {
200 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
201 struct sec_handle *handle = NULL, *ctxt, *new_ctxt = NULL, *cred = NULL;
202
203 TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
204 phCredential, phContext, debugstr_w(pszTargetName), fContextReq,
205 Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
206 pfContextAttr, ptsExpiry);
207
208 if (phContext)
209 {
210 handle = ctxt = (struct sec_handle *)phContext->dwLower;
211 }
212 else if (phCredential)
213 {
214 handle = cred = (struct sec_handle *)phCredential->dwLower;
215 if (!(new_ctxt = ctxt = heap_alloc_zero( sizeof(*ctxt) ))) return SEC_E_INSUFFICIENT_MEMORY;
216 ctxt->krb = cred->krb;
217 ctxt->ntlm = cred->ntlm;
218 }
219 if (!handle) return SEC_E_INVALID_HANDLE;
220
221 if (handle->krb)
222 {
223 ret = handle->krb->fnTableW.InitializeSecurityContextW( phCredential ? &cred->handle_krb : NULL,
224 phContext ? &ctxt->handle_krb : NULL, pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput,
225 Reserved2, phNewContext ? &ctxt->handle_krb : NULL, pOutput, pfContextAttr, ptsExpiry );
226 if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
227 {
228 ctxt->ntlm = NULL;
229 phNewContext->dwLower = (ULONG_PTR)ctxt;
230 phNewContext->dwUpper = 0;
231 if (new_ctxt == ctxt) new_ctxt = NULL;
232 }
233 }
234
235 if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED && handle->ntlm)
236 {
237 ret = handle->ntlm->fnTableW.InitializeSecurityContextW( phCredential ? &cred->handle_ntlm : NULL,
238 phContext ? &ctxt->handle_ntlm : NULL, pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput,
239 Reserved2, phNewContext ? &ctxt->handle_ntlm : NULL, pOutput, pfContextAttr, ptsExpiry );
240 if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
241 {
242 ctxt->krb = NULL;
243 phNewContext->dwLower = (ULONG_PTR)ctxt;
244 phNewContext->dwUpper = 0;
245 if (new_ctxt == ctxt) new_ctxt = NULL;
246 }
247 }
248
249 heap_free( new_ctxt );
250 return ret;
251 }
252
253 /***********************************************************************
254 * InitializeSecurityContextA
255 */
256 static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA(
257 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
258 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
259 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
260 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
261 {
262 SECURITY_STATUS ret;
263 SEC_WCHAR *target = NULL;
264
265 TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
266 phCredential, phContext, debugstr_a(pszTargetName), fContextReq,
267 Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
268 pfContextAttr, ptsExpiry);
269
270 if (pszTargetName)
271 {
272 int target_len = MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, NULL, 0 );
273 if (!(target = heap_alloc( target_len * sizeof(SEC_WCHAR) ))) return SEC_E_INSUFFICIENT_MEMORY;
274 MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, target, target_len );
275 }
276 ret = nego_InitializeSecurityContextW( phCredential, phContext, target, fContextReq,
277 Reserved1, TargetDataRep, pInput, Reserved2,
278 phNewContext, pOutput, pfContextAttr, ptsExpiry );
279 heap_free( target );
280 return ret;
281 }
282
283 /***********************************************************************
284 * AcceptSecurityContext
285 */
286 static SECURITY_STATUS SEC_ENTRY nego_AcceptSecurityContext(
287 PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
288 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
289 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
290 {
291 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
292 struct sec_handle *handle = NULL, *ctxt, *new_ctxt = NULL, *cred = NULL;
293
294 TRACE("%p, %p, %p, 0x%08x, %u, %p, %p, %p, %p\n", phCredential, phContext,
295 pInput, fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
296 ptsExpiry);
297
298 if (phContext)
299 {
300 handle = ctxt = (struct sec_handle *)phContext->dwLower;
301 }
302 else if (phCredential)
303 {
304 handle = cred = (struct sec_handle *)phCredential->dwLower;
305 if (!(new_ctxt = ctxt = heap_alloc_zero( sizeof(*ctxt) ))) return SEC_E_INSUFFICIENT_MEMORY;
306 ctxt->krb = cred->krb;
307 ctxt->ntlm = cred->ntlm;
308 }
309 if (!handle) return SEC_E_INVALID_HANDLE;
310
311 if (handle->krb)
312 {
313 ret = handle->krb->fnTableW.AcceptSecurityContext( phCredential ? &cred->handle_krb : NULL,
314 phContext ? &ctxt->handle_krb : NULL, pInput, fContextReq, TargetDataRep,
315 phNewContext ? &ctxt->handle_krb : NULL, pOutput, pfContextAttr, ptsExpiry );
316 if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
317 {
318 ctxt->ntlm = NULL;
319 phNewContext->dwLower = (ULONG_PTR)ctxt;
320 phNewContext->dwUpper = 0;
321 if (new_ctxt == ctxt) new_ctxt = NULL;
322 }
323 }
324
325 if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED && handle->ntlm)
326 {
327 ret = handle->ntlm->fnTableW.AcceptSecurityContext( phCredential ? &cred->handle_ntlm : NULL,
328 phContext ? &ctxt->handle_ntlm : NULL, pInput, fContextReq, TargetDataRep,
329 phNewContext ? &ctxt->handle_ntlm : NULL, pOutput, pfContextAttr, ptsExpiry );
330 if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
331 {
332 ctxt->krb = NULL;
333 phNewContext->dwLower = (ULONG_PTR)ctxt;
334 phNewContext->dwUpper = 0;
335 if (new_ctxt == ctxt) new_ctxt = NULL;
336 }
337 }
338
339 heap_free( new_ctxt );
340 return ret;
341 }
342
343 /***********************************************************************
344 * CompleteAuthToken
345 */
346 static SECURITY_STATUS SEC_ENTRY nego_CompleteAuthToken(PCtxtHandle phContext,
347 PSecBufferDesc pToken)
348 {
349 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
350
351 TRACE("%p %p\n", phContext, pToken);
352
353 if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
354 return ret;
355 }
356
357 /***********************************************************************
358 * DeleteSecurityContext
359 */
360 static SECURITY_STATUS SEC_ENTRY nego_DeleteSecurityContext(PCtxtHandle phContext)
361 {
362 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
363 struct sec_handle *ctxt;
364
365 TRACE("%p\n", phContext);
366
367 if (!phContext) return SEC_E_INVALID_HANDLE;
368
369 ctxt = (struct sec_handle *)phContext->dwLower;
370 if (ctxt->krb)
371 {
372 ret = ctxt->krb->fnTableW.DeleteSecurityContext( &ctxt->handle_krb );
373 }
374 else if (ctxt->ntlm)
375 {
376 ret = ctxt->ntlm->fnTableW.DeleteSecurityContext( &ctxt->handle_ntlm );
377 }
378 TRACE( "freeing %p\n", ctxt );
379 heap_free( ctxt );
380 return ret;
381 }
382
383 /***********************************************************************
384 * ApplyControlToken
385 */
386 static SECURITY_STATUS SEC_ENTRY nego_ApplyControlToken(PCtxtHandle phContext,
387 PSecBufferDesc pInput)
388 {
389 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
390
391 TRACE("%p %p\n", phContext, pInput);
392
393 if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
394 return ret;
395 }
396
397 /***********************************************************************
398 * QueryContextAttributesW
399 */
400 static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(
401 PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
402 {
403 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
404 struct sec_handle *ctxt;
405
406 TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
407
408 if (!phContext) return SEC_E_INVALID_HANDLE;
409
410 ctxt = (struct sec_handle *)phContext->dwLower;
411 if (ctxt->krb)
412 {
413 ret = ctxt->krb->fnTableW.QueryContextAttributesW( &ctxt->handle_krb, ulAttribute, pBuffer );
414 }
415 else if (ctxt->ntlm)
416 {
417 ret = ctxt->ntlm->fnTableW.QueryContextAttributesW( &ctxt->handle_ntlm, ulAttribute, pBuffer );
418 }
419 return ret;
420 }
421
422 /***********************************************************************
423 * QueryContextAttributesA
424 */
425 static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesA(PCtxtHandle phContext,
426 ULONG ulAttribute, void *pBuffer)
427 {
428 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
429 struct sec_handle *ctxt;
430
431 TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
432
433 if (!phContext) return SEC_E_INVALID_HANDLE;
434
435 ctxt = (struct sec_handle *)phContext->dwLower;
436 if (ctxt->krb)
437 {
438 ret = ctxt->krb->fnTableA.QueryContextAttributesA( &ctxt->handle_krb, ulAttribute, pBuffer );
439 }
440 else if (ctxt->ntlm)
441 {
442 ret = ctxt->ntlm->fnTableA.QueryContextAttributesA( &ctxt->handle_ntlm, ulAttribute, pBuffer );
443 }
444 return ret;
445 }
446
447 /***********************************************************************
448 * ImpersonateSecurityContext
449 */
450 static SECURITY_STATUS SEC_ENTRY nego_ImpersonateSecurityContext(PCtxtHandle phContext)
451 {
452 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
453
454 TRACE("%p\n", phContext);
455
456 if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
457 return ret;
458 }
459
460 /***********************************************************************
461 * RevertSecurityContext
462 */
463 static SECURITY_STATUS SEC_ENTRY nego_RevertSecurityContext(PCtxtHandle phContext)
464 {
465 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
466
467 TRACE("%p\n", phContext);
468
469 if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
470 return ret;
471 }
472
473 /***********************************************************************
474 * MakeSignature
475 */
476 static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext,
477 ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
478 {
479 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
480 struct sec_handle *ctxt;
481
482 TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
483
484 if (!phContext) return SEC_E_INVALID_HANDLE;
485
486 ctxt = (struct sec_handle *)phContext->dwLower;
487 if (ctxt->krb)
488 {
489 ret = ctxt->krb->fnTableW.MakeSignature( &ctxt->handle_krb, fQOP, pMessage, MessageSeqNo );
490 }
491 else if (ctxt->ntlm)
492 {
493 ret = ctxt->ntlm->fnTableW.MakeSignature( &ctxt->handle_ntlm, fQOP, pMessage, MessageSeqNo );
494 }
495 return ret;
496 }
497
498 /***********************************************************************
499 * VerifySignature
500 */
501 static SECURITY_STATUS SEC_ENTRY nego_VerifySignature(PCtxtHandle phContext,
502 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
503 {
504 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
505 struct sec_handle *ctxt;
506
507 TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
508
509 if (!phContext) return SEC_E_INVALID_HANDLE;
510
511 ctxt = (struct sec_handle *)phContext->dwLower;
512 if (ctxt->krb)
513 {
514 ret = ctxt->krb->fnTableW.VerifySignature( &ctxt->handle_krb, pMessage, MessageSeqNo, pfQOP );
515 }
516 else if (ctxt->ntlm)
517 {
518 ret = ctxt->ntlm->fnTableW.VerifySignature( &ctxt->handle_ntlm, pMessage, MessageSeqNo, pfQOP );
519 }
520 return ret;
521 }
522
523 /***********************************************************************
524 * FreeCredentialsHandle
525 */
526 static SECURITY_STATUS SEC_ENTRY nego_FreeCredentialsHandle(PCredHandle phCredential)
527 {
528 struct sec_handle *cred;
529
530 TRACE("%p\n", phCredential);
531
532 if (!phCredential) return SEC_E_INVALID_HANDLE;
533
534 cred = (struct sec_handle *)phCredential->dwLower;
535 if (cred->krb) cred->krb->fnTableW.FreeCredentialsHandle( &cred->handle_krb );
536 if (cred->ntlm) cred->ntlm->fnTableW.FreeCredentialsHandle( &cred->handle_ntlm );
537
538 heap_free( cred );
539 return SEC_E_OK;
540 }
541
542 /***********************************************************************
543 * EncryptMessage
544 */
545 static SECURITY_STATUS SEC_ENTRY nego_EncryptMessage(PCtxtHandle phContext,
546 ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
547 {
548 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
549 struct sec_handle *ctxt;
550
551 TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
552
553 if (!phContext) return SEC_E_INVALID_HANDLE;
554
555 ctxt = (struct sec_handle *)phContext->dwLower;
556 if (ctxt->krb)
557 {
558 ret = ctxt->krb->fnTableW.EncryptMessage( &ctxt->handle_krb, fQOP, pMessage, MessageSeqNo );
559 }
560 else if (ctxt->ntlm)
561 {
562 ret = ctxt->ntlm->fnTableW.EncryptMessage( &ctxt->handle_ntlm, fQOP, pMessage, MessageSeqNo );
563 }
564 return ret;
565 }
566
567 /***********************************************************************
568 * DecryptMessage
569 */
570 static SECURITY_STATUS SEC_ENTRY nego_DecryptMessage(PCtxtHandle phContext,
571 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
572 {
573 SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
574 struct sec_handle *ctxt;
575
576 TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
577
578 if (!phContext) return SEC_E_INVALID_HANDLE;
579
580 ctxt = (struct sec_handle *)phContext->dwLower;
581 if (ctxt->krb)
582 {
583 ret = ctxt->krb->fnTableW.DecryptMessage( &ctxt->handle_krb, pMessage, MessageSeqNo, pfQOP );
584 }
585 else if (ctxt->ntlm)
586 {
587 ret = ctxt->ntlm->fnTableW.DecryptMessage( &ctxt->handle_ntlm, pMessage, MessageSeqNo, pfQOP );
588 }
589 return ret;
590 }
591
592 static const SecurityFunctionTableA negoTableA = {
593 1,
594 NULL, /* EnumerateSecurityPackagesA */
595 nego_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
596 nego_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
597 nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
598 NULL, /* Reserved2 */
599 nego_InitializeSecurityContextA, /* InitializeSecurityContextA */
600 nego_AcceptSecurityContext, /* AcceptSecurityContext */
601 nego_CompleteAuthToken, /* CompleteAuthToken */
602 nego_DeleteSecurityContext, /* DeleteSecurityContext */
603 nego_ApplyControlToken, /* ApplyControlToken */
604 nego_QueryContextAttributesA, /* QueryContextAttributesA */
605 nego_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
606 nego_RevertSecurityContext, /* RevertSecurityContext */
607 nego_MakeSignature, /* MakeSignature */
608 nego_VerifySignature, /* VerifySignature */
609 FreeContextBuffer, /* FreeContextBuffer */
610 NULL, /* QuerySecurityPackageInfoA */
611 NULL, /* Reserved3 */
612 NULL, /* Reserved4 */
613 NULL, /* ExportSecurityContext */
614 NULL, /* ImportSecurityContextA */
615 NULL, /* AddCredentialsA */
616 NULL, /* Reserved8 */
617 NULL, /* QuerySecurityContextToken */
618 nego_EncryptMessage, /* EncryptMessage */
619 nego_DecryptMessage, /* DecryptMessage */
620 NULL, /* SetContextAttributesA */
621 };
622
623 static const SecurityFunctionTableW negoTableW = {
624 1,
625 NULL, /* EnumerateSecurityPackagesW */
626 nego_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
627 nego_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
628 nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
629 NULL, /* Reserved2 */
630 nego_InitializeSecurityContextW, /* InitializeSecurityContextW */
631 nego_AcceptSecurityContext, /* AcceptSecurityContext */
632 nego_CompleteAuthToken, /* CompleteAuthToken */
633 nego_DeleteSecurityContext, /* DeleteSecurityContext */
634 nego_ApplyControlToken, /* ApplyControlToken */
635 nego_QueryContextAttributesW, /* QueryContextAttributesW */
636 nego_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
637 nego_RevertSecurityContext, /* RevertSecurityContext */
638 nego_MakeSignature, /* MakeSignature */
639 nego_VerifySignature, /* VerifySignature */
640 FreeContextBuffer, /* FreeContextBuffer */
641 NULL, /* QuerySecurityPackageInfoW */
642 NULL, /* Reserved3 */
643 NULL, /* Reserved4 */
644 NULL, /* ExportSecurityContext */
645 NULL, /* ImportSecurityContextW */
646 NULL, /* AddCredentialsW */
647 NULL, /* Reserved8 */
648 NULL, /* QuerySecurityContextToken */
649 nego_EncryptMessage, /* EncryptMessage */
650 nego_DecryptMessage, /* DecryptMessage */
651 NULL, /* SetContextAttributesW */
652 };
653
654 #define NEGO_MAX_TOKEN 12000
655
656 static WCHAR nego_name_W[] = {'N','e','g','o','t','i','a','t','e',0};
657 static char nego_name_A[] = "Negotiate";
658
659 static WCHAR negotiate_comment_W[] =
660 {'M','i','c','r','o','s','o','f','t',' ','P','a','c','k','a','g','e',' ',
661 'N','e','g','o','t','i','a','t','o','r',0};
662 static CHAR negotiate_comment_A[] = "Microsoft Package Negotiator";
663
664 #define CAPS ( \
665 SECPKG_FLAG_INTEGRITY | \
666 SECPKG_FLAG_PRIVACY | \
667 SECPKG_FLAG_CONNECTION | \
668 SECPKG_FLAG_MULTI_REQUIRED | \
669 SECPKG_FLAG_EXTENDED_ERROR | \
670 SECPKG_FLAG_IMPERSONATION | \
671 SECPKG_FLAG_ACCEPT_WIN32_NAME | \
672 SECPKG_FLAG_NEGOTIABLE | \
673 SECPKG_FLAG_GSS_COMPATIBLE | \
674 SECPKG_FLAG_LOGON | \
675 SECPKG_FLAG_RESTRICTED_TOKENS )
676
677 void SECUR32_initNegotiateSP(void)
678 {
679 SecureProvider *provider = SECUR32_addProvider(&negoTableA, &negoTableW, NULL);
680
681 const SecPkgInfoW infoW = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
682 nego_name_W, negotiate_comment_W};
683 const SecPkgInfoA infoA = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
684 nego_name_A, negotiate_comment_A};
685 SECUR32_addPackages(provider, 1L, &infoA, &infoW);
686 }
Windows API implementation