dlls/secur32/schannel.c

   1 /* Copyright (C) 2005 Juan Lang
   2  *
   3  * This library is free software; you can redistribute it and/or
   4  * modify it under the terms of the GNU Lesser General Public
   5  * License as published by the Free Software Foundation; either
   6  * version 2.1 of the License, or (at your option) any later version.
   7  *
   8  * This library is distributed in the hope that it will be useful,
   9  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  11  * Lesser General Public License for more details.
  12  *
  13  * You should have received a copy of the GNU Lesser General Public
  14  * License along with this library; if not, write to the Free Software
  15  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  16  *
  17  * This file implements the schannel provider, or, the SSL/TLS implementations.
  18  * FIXME: It should be rather obvious that this file is empty of any
  19  * implementation.
  20  */
  21 #include <stdarg.h>
  22 #include "windef.h"
  23 #include "winbase.h"
  24 #include "sspi.h"
  25 #include "schannel.h"
  26 #include "secur32_priv.h"
  27 #include "wine/debug.h"
  28
  29 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
  30
  31 static SECURITY_STATUS schan_QueryCredentialsAttributes(
  32  PCredHandle phCredential, ULONG ulAttribute, const VOID *pBuffer)
  33 {
  34     SECURITY_STATUS ret;
  35
  36     switch (ulAttribute)
  37     {
  38     case SECPKG_ATTR_SUPPORTED_ALGS:
  39         if (pBuffer)
  40         {
  41             /* FIXME: get from CryptoAPI */
  42             FIXME("SECPKG_ATTR_SUPPORTED_ALGS: stub\n");
  43             ret = SEC_E_UNSUPPORTED_FUNCTION;
  44         }
  45         else
  46             ret = SEC_E_INTERNAL_ERROR;
  47         break;
  48     case SECPKG_ATTR_CIPHER_STRENGTHS:
  49         if (pBuffer)
  50         {
  51             SecPkgCred_CipherStrengths *r = (SecPkgCred_CipherStrengths*)pBuffer;
  52
  53             /* FIXME: get from CryptoAPI */
  54             FIXME("SECPKG_ATTR_CIPHER_STRENGTHS: semi-stub\n");
  55             r->dwMinimumCipherStrength = 40;
  56             r->dwMaximumCipherStrength = 168;
  57             ret = SEC_E_OK;
  58         }
  59         else
  60             ret = SEC_E_INTERNAL_ERROR;
  61         break;
  62     case SECPKG_ATTR_SUPPORTED_PROTOCOLS:
  63         if (pBuffer)
  64         {
  65             /* FIXME: get from OpenSSL? */
  66             FIXME("SECPKG_ATTR_SUPPORTED_PROTOCOLS: stub\n");
  67             ret = SEC_E_UNSUPPORTED_FUNCTION;
  68         }
  69         else
  70             ret = SEC_E_INTERNAL_ERROR;
  71         break;
  72     default:
  73         ret = SEC_E_UNSUPPORTED_FUNCTION;
  74     }
  75     return ret;
  76 }
  77
  78 static SECURITY_STATUS SEC_ENTRY schan_QueryCredentialsAttributesA(
  79  PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
  80 {
  81     SECURITY_STATUS ret;
  82
  83     TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
  84
  85     switch (ulAttribute)
  86     {
  87     case SECPKG_CRED_ATTR_NAMES:
  88         FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
  89         ret = SEC_E_UNSUPPORTED_FUNCTION;
  90         break;
  91     default:
  92         ret = schan_QueryCredentialsAttributes(phCredential, ulAttribute,
  93          pBuffer);
  94     }
  95     return ret;
  96 }
  97
  98 static SECURITY_STATUS SEC_ENTRY schan_QueryCredentialsAttributesW(
  99  PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
 100 {
 101     SECURITY_STATUS ret;
 102
 103     TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
 104
 105     switch (ulAttribute)
 106     {
 107     case SECPKG_CRED_ATTR_NAMES:
 108         FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
 109         ret = SEC_E_UNSUPPORTED_FUNCTION;
 110         break;
 111     default:
 112         ret = schan_QueryCredentialsAttributes(phCredential, ulAttribute,
 113          pBuffer);
 114     }
 115     return ret;
 116 }
 117
 118 static SECURITY_STATUS schan_CheckCreds(const SCHANNEL_CRED *schanCred)
 119 {
 120     SECURITY_STATUS st;
 121
 122     switch (schanCred->dwVersion)
 123     {
 124     case SCH_CRED_V3:
 125     case SCHANNEL_CRED_VERSION:
 126         break;
 127     default:
 128         return SEC_E_INTERNAL_ERROR;
 129     }
 130
 131     if (schanCred->cCreds == 0)
 132         st = SEC_E_NO_CREDENTIALS;
 133     else if (schanCred->cCreds > 1)
 134         st = SEC_E_UNKNOWN_CREDENTIALS;
 135     else
 136     {
 137         DWORD keySpec;
 138         HCRYPTPROV csp;
 139         BOOL ret, freeCSP;
 140
 141         ret = CryptAcquireCertificatePrivateKey(schanCred->paCred[0],
 142          0, /* FIXME: what flags to use? */ NULL,
 143          &csp, &keySpec, &freeCSP);
 144         if (ret)
 145         {
 146             st = SEC_E_OK;
 147             if (freeCSP)
 148                 CryptReleaseContext(csp, 0);
 149         }
 150         else
 151             st = SEC_E_UNKNOWN_CREDENTIALS;
 152     }
 153     return st;
 154 }
 155
 156 static SECURITY_STATUS schan_AcquireClientCredentials(const SCHANNEL_CRED *schanCred,
 157  PCredHandle phCredential, PTimeStamp ptsExpiry)
 158 {
 159     SECURITY_STATUS st = SEC_E_OK;
 160
 161     if (schanCred)
 162     {
 163         st = schan_CheckCreds(schanCred);
 164         if (st == SEC_E_NO_CREDENTIALS)
 165             st = SEC_E_OK;
 166     }
 167
 168     /* For now, the only thing I'm interested in is the direction of the
 169      * connection, so just store it.
 170      */
 171     if (st == SEC_E_OK)
 172     {
 173         phCredential->dwUpper = SECPKG_CRED_OUTBOUND;
 174         /* Outbound credentials have no expiry */
 175         if (ptsExpiry)
 176         {
 177             ptsExpiry->LowPart = 0;
 178             ptsExpiry->HighPart = 0;
 179         }
 180     }
 181     return st;
 182 }
 183
 184 static SECURITY_STATUS schan_AcquireServerCredentials(const SCHANNEL_CRED *schanCred,
 185  PCredHandle phCredential, PTimeStamp ptsExpiry)
 186 {
 187     SECURITY_STATUS st;
 188
 189     if (!schanCred) return SEC_E_NO_CREDENTIALS;
 190
 191     st = schan_CheckCreds(schanCred);
 192     if (st == SEC_E_OK)
 193     {
 194         phCredential->dwUpper = SECPKG_CRED_INBOUND;
 195         /* FIXME: get expiry from cert */
 196     }
 197     return st;
 198 }
 199
 200 static SECURITY_STATUS schan_AcquireCredentialsHandle(ULONG fCredentialUse,
 201  const SCHANNEL_CRED *schanCred, PCredHandle phCredential, PTimeStamp ptsExpiry)
 202 {
 203     SECURITY_STATUS ret;
 204
 205     if (fCredentialUse == SECPKG_CRED_OUTBOUND)
 206         ret = schan_AcquireClientCredentials(schanCred, phCredential,
 207          ptsExpiry);
 208     else
 209         ret = schan_AcquireServerCredentials(schanCred, phCredential,
 210          ptsExpiry);
 211     return ret;
 212 }
 213
 214 static SECURITY_STATUS SEC_ENTRY schan_AcquireCredentialsHandleA(
 215  SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
 216  PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
 217  PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
 218 {
 219     TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p)\n",
 220      debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
 221      pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
 222     return schan_AcquireCredentialsHandle(fCredentialUse,
 223      (PSCHANNEL_CRED)pAuthData, phCredential, ptsExpiry);
 224 }
 225
 226 static SECURITY_STATUS SEC_ENTRY schan_AcquireCredentialsHandleW(
 227  SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
 228  PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
 229  PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
 230 {
 231     TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p)\n",
 232      debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
 233      pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
 234     return schan_AcquireCredentialsHandle(fCredentialUse,
 235      (PSCHANNEL_CRED)pAuthData, phCredential, ptsExpiry);
 236 }
 237
 238 static SECURITY_STATUS SEC_ENTRY schan_FreeCredentialsHandle(
 239  PCredHandle phCredential)
 240 {
 241     FIXME("(%p): stub\n", phCredential);
 242     return SEC_E_OK;
 243 }
 244
 245 /***********************************************************************
 246  *              InitializeSecurityContextA
 247  */
 248 static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextA(
 249  PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
 250  ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
 251  PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
 252  PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
 253 {
 254     SECURITY_STATUS ret;
 255
 256     TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
 257      debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
 258      Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
 259     if(phCredential)
 260     {
 261         FIXME("stub\n");
 262         ret = SEC_E_UNSUPPORTED_FUNCTION;
 263     }
 264     else
 265     {
 266         ret = SEC_E_INVALID_HANDLE;
 267     }
 268     return ret;
 269 }
 270
 271 /***********************************************************************
 272  *              InitializeSecurityContextW
 273  */
 274 static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextW(
 275  PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
 276  ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
 277  PSecBufferDesc pInput,ULONG Reserved2, PCtxtHandle phNewContext,
 278  PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
 279 {
 280     SECURITY_STATUS ret;
 281
 282     TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
 283      debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
 284      Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
 285     if (phCredential)
 286     {
 287         FIXME("stub\n");
 288         ret = SEC_E_UNSUPPORTED_FUNCTION;
 289     }
 290     else
 291     {
 292         ret = SEC_E_INVALID_HANDLE;
 293     }
 294     return ret;
 295 }
 296
 297 static const SecurityFunctionTableA schanTableA = {
 298     1,
 299     NULL, /* EnumerateSecurityPackagesA */
 300     schan_QueryCredentialsAttributesA,
 301     schan_AcquireCredentialsHandleA,
 302     schan_FreeCredentialsHandle,
 303     NULL, /* Reserved2 */
 304     schan_InitializeSecurityContextA,
 305     NULL, /* AcceptSecurityContext */
 306     NULL, /* CompleteAuthToken */
 307     NULL, /* DeleteSecurityContext */
 308     NULL, /* ApplyControlToken */
 309     NULL, /* QueryContextAttributesA */
 310     NULL, /* ImpersonateSecurityContext */
 311     NULL, /* RevertSecurityContext */
 312     NULL, /* MakeSignature */
 313     NULL, /* VerifySignature */
 314     FreeContextBuffer,
 315     NULL, /* QuerySecurityPackageInfoA */
 316     NULL, /* Reserved3 */
 317     NULL, /* Reserved4 */
 318     NULL, /* ExportSecurityContext */
 319     NULL, /* ImportSecurityContextA */
 320     NULL, /* AddCredentialsA */
 321     NULL, /* Reserved8 */
 322     NULL, /* QuerySecurityContextToken */
 323     NULL, /* EncryptMessage */
 324     NULL, /* DecryptMessage */
 325     NULL, /* SetContextAttributesA */
 326 };
 327
 328 static const SecurityFunctionTableW schanTableW = {
 329     1,
 330     NULL, /* EnumerateSecurityPackagesW */
 331     schan_QueryCredentialsAttributesW,
 332     schan_AcquireCredentialsHandleW,
 333     schan_FreeCredentialsHandle,
 334     NULL, /* Reserved2 */
 335     schan_InitializeSecurityContextW,
 336     NULL, /* AcceptSecurityContext */
 337     NULL, /* CompleteAuthToken */
 338     NULL, /* DeleteSecurityContext */
 339     NULL, /* ApplyControlToken */
 340     NULL, /* QueryContextAttributesW */
 341     NULL, /* ImpersonateSecurityContext */
 342     NULL, /* RevertSecurityContext */
 343     NULL, /* MakeSignature */
 344     NULL, /* VerifySignature */
 345     FreeContextBuffer,
 346     NULL, /* QuerySecurityPackageInfoW */
 347     NULL, /* Reserved3 */
 348     NULL, /* Reserved4 */
 349     NULL, /* ExportSecurityContext */
 350     NULL, /* ImportSecurityContextW */
 351     NULL, /* AddCredentialsW */
 352     NULL, /* Reserved8 */
 353     NULL, /* QuerySecurityContextToken */
 354     NULL, /* EncryptMessage */
 355     NULL, /* DecryptMessage */
 356     NULL, /* SetContextAttributesW */
 357 };
 358
 359 static const WCHAR schannelComment[] = { 'S','c','h','a','n','n','e','l',' ',
 360  'S','e','c','u','r','i','t','y',' ','P','a','c','k','a','g','e',0 };
 361
 362 void SECUR32_initSchannelSP(void)
 363 {
 364     SecureProvider *provider = SECUR32_addProvider(&schanTableA, &schanTableW,
 365      NULL);
 366
 367     if (provider)
 368     {
 369         /* This is what Windows reports.  This shouldn't break any applications
 370          * even though the functions are missing, because the wrapper will
 371          * return SEC_E_UNSUPPORTED_FUNCTION if our function is NULL.
 372          */
 373         static const long caps =
 374          SECPKG_FLAG_INTEGRITY |
 375          SECPKG_FLAG_PRIVACY |
 376          SECPKG_FLAG_CONNECTION |
 377          SECPKG_FLAG_MULTI_REQUIRED |
 378          SECPKG_FLAG_EXTENDED_ERROR |
 379          SECPKG_FLAG_IMPERSONATION |
 380          SECPKG_FLAG_ACCEPT_WIN32_NAME |
 381          SECPKG_FLAG_STREAM;
 382         static const short version = 1;
 383         static const long maxToken = 16384;
 384         SEC_WCHAR *uniSPName = (SEC_WCHAR *)UNISP_NAME_W,
 385          *schannel = (SEC_WCHAR *)SCHANNEL_NAME_W;
 386
 387         const SecPkgInfoW info[] = {
 388          { caps, version, UNISP_RPC_ID, maxToken, uniSPName, uniSPName },
 389          { caps, version, UNISP_RPC_ID, maxToken, schannel,
 390           (SEC_WCHAR *)schannelComment },
 391         };
 392
 393         SECUR32_addPackages(provider, sizeof(info) / sizeof(info[0]), NULL,
 394          info);
 395     }
 396 }