search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
secur32: Add handling of feature flags and session key to AcceptSecurityContext.
[wine.git] / dlls / secur32 / ntlm.c
blobaffc2e5f0caac1162db68707ea10febc36527ca5
1 /*
2 * Copyright 2005, 2006 Kai Blin
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 * This file implements the NTLM security provider.
19 */
20
21 #include <assert.h>
22 #include <stdarg.h>
23 #include <stdio.h>
24 #include "windef.h"
25 #include "winbase.h"
26 #include "winnls.h"
27 #include "rpc.h"
28 #include "sspi.h"
29 #include "lm.h"
30 #include "secur32_priv.h"
31 #include "wine/debug.h"
32
33 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
34
35 #define NTLM_MAX_BUF 1904
36
37
38 /***********************************************************************
39 * QueryCredentialsAttributesA
40 */
41 static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesA(
42 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
43 {
44 SECURITY_STATUS ret;
45
46 TRACE("(%p, %ld, %p)\n", phCredential, ulAttribute, pBuffer);
47
48 if(ulAttribute == SECPKG_ATTR_NAMES)
49 {
50 FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
51 ret = SEC_E_UNSUPPORTED_FUNCTION;
52 }
53 else
54 ret = SEC_E_UNSUPPORTED_FUNCTION;
55
56 return ret;
57 }
58
59 /***********************************************************************
60 * QueryCredentialsAttributesW
61 */
62 static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesW(
63 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
64 {
65 SECURITY_STATUS ret;
66
67 TRACE("(%p, %ld, %p)\n", phCredential, ulAttribute, pBuffer);
68
69 if(ulAttribute == SECPKG_ATTR_NAMES)
70 {
71 FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
72 ret = SEC_E_UNSUPPORTED_FUNCTION;
73 }
74 else
75 ret = SEC_E_UNSUPPORTED_FUNCTION;
76
77 return ret;
78 }
79
80 /***********************************************************************
81 * AcquireCredentialsHandleW
82 */
83 static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
84 SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
85 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
86 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
87 {
88 SECURITY_STATUS ret;
89 PNegoHelper helper = NULL;
90 static CHAR ntlm_auth[] = "ntlm_auth",
91 helper_protocol[] = "--helper-protocol=squid-2.5-ntlmssp";
92
93 SEC_CHAR *client_user_arg = NULL;
94 SEC_CHAR *client_domain_arg = NULL;
95 SEC_WCHAR *username = NULL, *domain = NULL;
96
97 SEC_CHAR *client_argv[5];
98 SEC_CHAR *server_argv[] = { ntlm_auth,
99 helper_protocol,
100 NULL };
101
102 TRACE("(%s, %s, 0x%08lx, %p, %p, %p, %p, %p, %p)\n",
103 debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
104 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
105
106
107 switch(fCredentialUse)
108 {
109 case SECPKG_CRED_INBOUND:
110 if( (ret = fork_helper(&helper, "ntlm_auth", server_argv)) !=
111 SEC_E_OK)
112 {
113 phCredential = NULL;
114 break;
115 }
116 else
117 {
118 helper->mode = NTLM_SERVER;
119 phCredential->dwUpper = fCredentialUse;
120 phCredential->dwLower = (ULONG_PTR)helper;
121 }
122 ret = SEC_E_OK;
123 break;
124 case SECPKG_CRED_OUTBOUND:
125 {
126 static const char username_arg[] = "--username=";
127 static const char domain_arg[] = "--domain=";
128 static char ntlm_auth[] = "ntlm_auth";
129 static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
130 int unixcp_size;
131
132 if(pAuthData == NULL)
133 {
134 LPWKSTA_USER_INFO_1 ui = NULL;
135 NET_API_STATUS status;
136
137 status = NetWkstaUserGetInfo(NULL, 1, (LPBYTE *)&ui);
138 if (status != NERR_Success || ui == NULL)
139 {
140 ret = SEC_E_NO_CREDENTIALS;
141 phCredential = NULL;
142 break;
143 }
144
145 username = HeapAlloc(GetProcessHeap(), 0,
146 (lstrlenW(ui->wkui1_username)+1) *
147 sizeof(SEC_WCHAR));
148 lstrcpyW(username, ui->wkui1_username);
149
150 /* same for the domain */
151 domain = HeapAlloc(GetProcessHeap(), 0,
152 (lstrlenW(ui->wkui1_logon_domain)+1) *
153 sizeof(SEC_WCHAR));
154 lstrcpyW(domain, ui->wkui1_logon_domain);
155 NetApiBufferFree(ui);
156 }
157 else
158 {
159 PSEC_WINNT_AUTH_IDENTITY_W auth_data =
160 (PSEC_WINNT_AUTH_IDENTITY_W)pAuthData;
161
162 if (!auth_data->UserLength || !auth_data->DomainLength)
163 {
164 ret = SEC_E_NO_CREDENTIALS;
165 phCredential = NULL;
166 break;
167 }
168 /* Get username and domain from pAuthData */
169 username = HeapAlloc(GetProcessHeap(), 0,
170 (auth_data->UserLength + 1) * sizeof(SEC_WCHAR));
171 lstrcpyW(username, auth_data->User);
172
173 domain = HeapAlloc(GetProcessHeap(), 0,
174 (auth_data->DomainLength + 1) * sizeof(SEC_WCHAR));
175 lstrcpyW(domain, auth_data->Domain);
176 }
177 TRACE("Username is %s\n", debugstr_w(username));
178 unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
179 username, -1, NULL, 0, NULL, NULL) + sizeof(username_arg);
180 client_user_arg = HeapAlloc(GetProcessHeap(), 0, unixcp_size);
181 lstrcpyA(client_user_arg, username_arg);
182 WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, username, -1,
183 client_user_arg + sizeof(username_arg) - 1,
184 unixcp_size - sizeof(username_arg) + 1, NULL, NULL);
185
186 TRACE("Domain name is %s\n", debugstr_w(domain));
187 unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
188 domain, -1, NULL, 0, NULL, NULL) + sizeof(domain_arg);
189 client_domain_arg = HeapAlloc(GetProcessHeap(), 0, unixcp_size);
190 lstrcpyA(client_domain_arg, domain_arg);
191 WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, domain,
192 -1, client_domain_arg + sizeof(domain_arg) - 1,
193 unixcp_size - sizeof(domain) + 1, NULL, NULL);
194
195 client_argv[0] = ntlm_auth;
196 client_argv[1] = helper_protocol;
197 client_argv[2] = client_user_arg;
198 client_argv[3] = client_domain_arg;
199 client_argv[4] = NULL;
200
201 if((ret = fork_helper(&helper, "ntlm_auth", client_argv)) !=
202 SEC_E_OK)
203 {
204 phCredential = NULL;
205 break;
206 }
207 else
208 {
209 helper->mode = NTLM_CLIENT;
210
211 if(pAuthData != NULL)
212 {
213 PSEC_WINNT_AUTH_IDENTITY_W auth_data =
214 (PSEC_WINNT_AUTH_IDENTITY_W)pAuthData;
215
216 if(auth_data->PasswordLength != 0)
217 {
218 helper->pwlen = WideCharToMultiByte(CP_UNIXCP,
219 WC_NO_BEST_FIT_CHARS, auth_data->Password,
220 auth_data->PasswordLength+1, NULL, 0, NULL, NULL);
221
222 helper->password = HeapAlloc(GetProcessHeap(), 0,
223 helper->pwlen);
224
225 WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
226 auth_data->Password, auth_data->PasswordLength+1,
227 helper->password, helper->pwlen, NULL, NULL);
228 }
229 }
230
231 phCredential->dwUpper = fCredentialUse;
232 phCredential->dwLower = (ULONG_PTR)helper;
233 TRACE("ACH phCredential->dwUpper: 0x%08lx, dwLower: 0x%08lx\n",
234 phCredential->dwUpper, phCredential->dwLower);
235 }
236 ret = SEC_E_OK;
237 break;
238 }
239 case SECPKG_CRED_BOTH:
240 FIXME("AcquireCredentialsHandle: SECPKG_CRED_BOTH stub\n");
241 ret = SEC_E_UNSUPPORTED_FUNCTION;
242 phCredential = NULL;
243 break;
244 default:
245 phCredential = NULL;
246 ret = SEC_E_UNKNOWN_CREDENTIALS;
247 }
248
249
250 HeapFree(GetProcessHeap(), 0, client_user_arg);
251 HeapFree(GetProcessHeap(), 0, client_domain_arg);
252 HeapFree(GetProcessHeap(), 0, username);
253 HeapFree(GetProcessHeap(), 0, domain);
254
255 return ret;
256 }
257
258 /***********************************************************************
259 * AcquireCredentialsHandleA
260 */
261 static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleA(
262 SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
263 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
264 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
265 {
266 SECURITY_STATUS ret;
267 int user_sizeW, domain_sizeW, passwd_sizeW;
268
269 SEC_WCHAR *user = NULL, *domain = NULL, *passwd = NULL, *package = NULL;
270
271 PSEC_WINNT_AUTH_IDENTITY_W pAuthDataW = NULL;
272 PSEC_WINNT_AUTH_IDENTITY_A identity = NULL;
273
274 TRACE("(%s, %s, 0x%08lx, %p, %p, %p, %p, %p, %p)\n",
275 debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
276 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
277
278 if(pszPackage != NULL)
279 {
280 int package_sizeW = MultiByteToWideChar(CP_ACP, 0, pszPackage, -1,
281 NULL, 0);
282
283 package = HeapAlloc(GetProcessHeap(), 0, package_sizeW *
284 sizeof(SEC_WCHAR));
285 MultiByteToWideChar(CP_ACP, 0, pszPackage, -1, package, package_sizeW);
286 }
287
288
289 if(pAuthData != NULL)
290 {
291 identity = (PSEC_WINNT_AUTH_IDENTITY_A)pAuthData;
292
293 if(identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
294 {
295 pAuthDataW = HeapAlloc(GetProcessHeap(), 0,
296 sizeof(SEC_WINNT_AUTH_IDENTITY_W));
297
298 if(identity->UserLength != 0)
299 {
300 user_sizeW = MultiByteToWideChar(CP_ACP, 0,
301 (LPCSTR)identity->User, identity->UserLength+1, NULL, 0);
302 user = HeapAlloc(GetProcessHeap(), 0, user_sizeW *
303 sizeof(SEC_WCHAR));
304 MultiByteToWideChar(CP_ACP, 0, (LPCSTR)identity->User,
305 identity->UserLength+1, user, user_sizeW);
306 }
307 else
308 {
309 user_sizeW = 0;
310 }
311
312 if(identity->DomainLength != 0)
313 {
314 domain_sizeW = MultiByteToWideChar(CP_ACP, 0,
315 (LPCSTR)identity->Domain, identity->DomainLength+1, NULL, 0);
316 domain = HeapAlloc(GetProcessHeap(), 0, domain_sizeW
317 * sizeof(SEC_WCHAR));
318 MultiByteToWideChar(CP_ACP, 0, (LPCSTR)identity->Domain,
319 identity->DomainLength+1, domain, domain_sizeW);
320 }
321 else
322 {
323 domain_sizeW = 0;
324 }
325
326 if(identity->PasswordLength != 0)
327 {
328 passwd_sizeW = MultiByteToWideChar(CP_ACP, 0,
329 (LPCSTR)identity->Password, identity->PasswordLength+1,
330 NULL, 0);
331 passwd = HeapAlloc(GetProcessHeap(), 0, passwd_sizeW
332 * sizeof(SEC_WCHAR));
333 MultiByteToWideChar(CP_ACP, 0, (LPCSTR)identity->Password,
334 identity->PasswordLength+1, passwd, passwd_sizeW);
335 }
336 else
337 {
338 passwd_sizeW = 0;
339 }
340
341 pAuthDataW->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
342 pAuthDataW->User = user;
343 pAuthDataW->UserLength = user_sizeW;
344 pAuthDataW->Domain = domain;
345 pAuthDataW->DomainLength = domain_sizeW;
346 pAuthDataW->Password = passwd;
347 pAuthDataW->PasswordLength = passwd_sizeW;
348 }
349 else
350 {
351 pAuthDataW = (PSEC_WINNT_AUTH_IDENTITY_W)identity;
352 }
353 }
354
355 ret = ntlm_AcquireCredentialsHandleW(NULL, package, fCredentialUse,
356 pLogonID, pAuthDataW, pGetKeyFn, pGetKeyArgument, phCredential,
357 ptsExpiry);
358
359 HeapFree(GetProcessHeap(), 0, package);
360 HeapFree(GetProcessHeap(), 0, user);
361 HeapFree(GetProcessHeap(), 0, domain);
362 HeapFree(GetProcessHeap(), 0, passwd);
363 if(pAuthDataW != (PSEC_WINNT_AUTH_IDENTITY_W)identity)
364 HeapFree(GetProcessHeap(), 0, pAuthDataW);
365
366 return ret;
367 }
368
369 /***********************************************************************
370 * InitializeSecurityContextW
371 */
372 static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
373 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
374 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
375 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
376 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
377 {
378 SECURITY_STATUS ret;
379 PNegoHelper helper;
380 ULONG ctxt_attr = 0;
381 char* buffer, *want_flags = NULL;
382 PBYTE bin;
383 int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
384
385 TRACE("%p %p %s %ld %ld %ld %p %ld %p %p %p %p\n", phCredential, phContext,
386 debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
387 Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
388
389 if(!phCredential)
390 return SEC_E_INVALID_HANDLE;
391
392 /* As the server side of sspi never calls this, make sure that
393 * the handler is a client handler.
394 */
395 helper = (PNegoHelper)phCredential->dwLower;
396 if(helper->mode != NTLM_CLIENT)
397 {
398 TRACE("Helper mode = %d\n", helper->mode);
399 return SEC_E_INVALID_HANDLE;
400 }
401
402 /****************************************
403 * When communicating with the client, there can be the
404 * following reply packets:
405 * YR <base64 blob> should be sent to the server
406 * PW should be sent back to helper with
407 * base64 encoded password
408 * AF <base64 blob> client is done, blob should be
409 * sent to server with KK prefixed
410 * GF <string list> A string list of negotiated flags
411 * GK <base64 blob> base64 encoded session key
412 * BH <char reason> something broke
413 */
414 /* The squid cache size is 2010 chars, and that's what ntlm_auth uses */
415
416 if (pszTargetName)
417 {
418 TRACE("According to a MS whitepaper pszTargetName is ignored.\n");
419 }
420
421 if(TargetDataRep == SECURITY_NETWORK_DREP){
422 TRACE("Setting SECURITY_NETWORK_DREP\n");
423 }
424
425 buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(char) * NTLM_MAX_BUF);
426 bin = HeapAlloc(GetProcessHeap(), 0, sizeof(BYTE) * NTLM_MAX_BUF);
427
428 if((phContext == NULL) && (pInput == NULL))
429 {
430 TRACE("First time in ISC()\n");
431 /* Allocate space for a maximal string of
432 * "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
433 * NTLMSSP_FEATURE_SESSION_KEY"
434 */
435 want_flags = HeapAlloc(GetProcessHeap(), 0, 73);
436 if(want_flags == NULL)
437 {
438 ret = SEC_E_INSUFFICIENT_MEMORY;
439 goto isc_end;
440 }
441 lstrcpyA(want_flags, "SF");
442 if(fContextReq & ISC_REQ_CONFIDENTIALITY)
443 lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
444 if(fContextReq & ISC_REQ_CONNECTION)
445 {
446 /* This is default, so we'll enable it */
447 ctxt_attr |= ISC_RET_CONNECTION;
448 lstrcatA(want_flags, " NTLMSSP_FEATURE_SESSION_KEY");
449 }
450 if(fContextReq & ISC_REQ_EXTENDED_ERROR)
451 FIXME("ISC_REQ_EXTENDED_ERROR\n");
452 if(fContextReq & ISC_REQ_INTEGRITY)
453 lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
454 if(fContextReq & ISC_REQ_MUTUAL_AUTH)
455 FIXME("ISC_REQ_MUTUAL_AUTH\n");
456 if(fContextReq & ISC_REQ_REPLAY_DETECT)
457 FIXME("ISC_REQ_REPLAY_DETECT\n");
458 if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
459 FIXME("ISC_REQ_SEQUENCE_DETECT\n");
460 if(fContextReq & ISC_REQ_STREAM)
461 FIXME("ISC_REQ_STREAM\n");
462
463 /* Request a challenge request from ntlm_auth */
464 if(helper->password == NULL)
465 {
466 FIXME("Using empty password for now.\n");
467 lstrcpynA(buffer, "PW AA==", max_len-1);
468 }
469 else
470 {
471 lstrcpynA(buffer, "PW ", max_len-1);
472 if((ret = encodeBase64((unsigned char*)helper->password,
473 helper->pwlen-2, buffer+3,
474 max_len-3, &buffer_len)) != SEC_E_OK)
475 {
476 TRACE("Deleting password!\n");
477 memset(helper->password, 0, helper->pwlen-2);
478 HeapFree(GetProcessHeap(), 0, helper->password);
479 goto isc_end;
480 }
481
482 }
483
484 TRACE("Sending to helper: %s\n", debugstr_a(buffer));
485 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
486 goto isc_end;
487
488 TRACE("Helper returned %s\n", debugstr_a(buffer));
489
490 if(lstrlenA(want_flags) > 2)
491 {
492 TRACE("Want flags are '%s'\n", debugstr_a(want_flags));
493 lstrcpynA(buffer, want_flags, max_len-1);
494 if((ret = run_helper(helper, buffer, max_len, &buffer_len))
495 != SEC_E_OK)
496 goto isc_end;
497 if(!strncmp(buffer, "BH", 2))
498 TRACE("Helper doesn't understand new command set\n");
499 }
500
501 lstrcpynA(buffer, "YR", max_len-1);
502
503 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
504 goto isc_end;
505
506 TRACE("%s\n", buffer);
507
508 if(strncmp(buffer, "YR ", 3) != 0)
509 {
510 /* Something borked */
511 TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
512 ret = SEC_E_INTERNAL_ERROR;
513 goto isc_end;
514 }
515 if((ret = decodeBase64(buffer+3, buffer_len-3, bin,
516 max_len-1, &bin_len)) != SEC_E_OK)
517 goto isc_end;
518
519 /* put the decoded client blob into the out buffer */
520
521 ret = SEC_I_CONTINUE_NEEDED;
522 }
523 else
524 {
525 /* handle second call here */
526 /* encode server data to base64 */
527 if (!pInput || !pInput->cBuffers)
528 {
529 ret = SEC_E_INCOMPLETE_MESSAGE;
530 goto isc_end;
531 }
532
533 if (!pInput->pBuffers[0].pvBuffer)
534 {
535 ret = SEC_E_INTERNAL_ERROR;
536 goto isc_end;
537 }
538
539 if(pInput->pBuffers[0].cbBuffer > max_len)
540 {
541 TRACE("pInput->pBuffers[0].cbBuffer is: %ld\n",
542 pInput->pBuffers[0].cbBuffer);
543 ret = SEC_E_INVALID_TOKEN;
544 goto isc_end;
545 }
546 else
547 bin_len = pInput->pBuffers[0].cbBuffer;
548
549 memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
550
551 lstrcpynA(buffer, "TT ", max_len-1);
552
553 if((ret = encodeBase64(bin, bin_len, buffer+3,
554 max_len-3, &buffer_len)) != SEC_E_OK)
555 goto isc_end;
556
557 TRACE("Server sent: %s\n", debugstr_a(buffer));
558
559 /* send TT base64 blob to ntlm_auth */
560 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
561 goto isc_end;
562
563 TRACE("Helper replied: %s\n", debugstr_a(buffer));
564
565 if( (strncmp(buffer, "KK ", 3) != 0) &&
566 (strncmp(buffer, "AF ", 3) !=0))
567 {
568 TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
569 ret = SEC_E_INVALID_TOKEN;
570 goto isc_end;
571 }
572
573 /* decode the blob and send it to server */
574 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
575 &bin_len)) != SEC_E_OK)
576 {
577 goto isc_end;
578 }
579
580 phNewContext->dwUpper = ctxt_attr;
581 phNewContext->dwLower = (ULONG_PTR)helper;
582
583 ret = SEC_E_OK;
584 }
585
586 /* put the decoded client blob into the out buffer */
587
588 if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
589 {
590 if (pOutput)
591 {
592 pOutput->cBuffers = 1;
593 pOutput->pBuffers[0].pvBuffer = SECUR32_ALLOC(bin_len);
594 pOutput->pBuffers[0].cbBuffer = bin_len;
595 }
596 }
597
598 if (!pOutput || !pOutput->cBuffers || pOutput->pBuffers[0].cbBuffer < bin_len)
599 {
600 TRACE("out buffer is NULL or has not enough space\n");
601 ret = SEC_E_BUFFER_TOO_SMALL;
602 goto isc_end;
603 }
604
605 if (!pOutput->pBuffers[0].pvBuffer)
606 {
607 TRACE("out buffer is NULL\n");
608 ret = SEC_E_INTERNAL_ERROR;
609 goto isc_end;
610 }
611
612 pOutput->pBuffers[0].cbBuffer = bin_len;
613 pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
614 memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
615
616 if(ret == SEC_E_OK)
617 {
618 TRACE("Getting negotiated flags\n");
619 lstrcpynA(buffer, "GF", max_len - 1);
620 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
621 goto isc_end;
622
623 if(buffer_len < 3)
624 {
625 TRACE("No flags negotiated, or helper does not support GF command\n");
626 }
627 else
628 {
629 TRACE("Negotiated %s\n", debugstr_a(buffer));
630 sscanf(buffer + 3, "%lx", &(helper->neg_flags));
631 TRACE("Stored 0x%08lx as flags\n", helper->neg_flags);
632 }
633
634 TRACE("Getting session key\n");
635 lstrcpynA(buffer, "GK", max_len - 1);
636 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
637 goto isc_end;
638
639 if(buffer_len < 3)
640 TRACE("Helper does not support GK command\n");
641 else
642 {
643 if(strncmp(buffer, "BH ", 3) == 0)
644 {
645 TRACE("Helper sent %s\n", debugstr_a(buffer+3));
646 helper->valid_session_key = FALSE;
647 helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
648 /*FIXME: Generate the dummy session key = MD4(MD4(password))*/
649 memset(helper->session_key, 0 , 16);
650 }
651 else if(strncmp(buffer, "GK ", 3) == 0)
652 {
653 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
654 &bin_len)) != SEC_E_OK)
655 {
656 TRACE("Failed to decode session key\n");
657 }
658 TRACE("Session key is %s\n", debugstr_a(buffer+3));
659 helper->valid_session_key = TRUE;
660 if(!helper->session_key)
661 helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
662 if(!helper->session_key)
663 {
664 TRACE("Failed to allocate memory for session key\n");
665 ret = SEC_E_INTERNAL_ERROR;
666 goto isc_end;
667 }
668 memcpy(helper->session_key, bin, bin_len);
669 }
670 }
671 }
672
673 if(ret != SEC_I_CONTINUE_NEEDED)
674 {
675 TRACE("Deleting password!\n");
676 if(helper->password)
677 memset(helper->password, 0, helper->pwlen-2);
678 HeapFree(GetProcessHeap(), 0, helper->password);
679 }
680 isc_end:
681 HeapFree(GetProcessHeap(), 0, want_flags);
682 HeapFree(GetProcessHeap(), 0, buffer);
683 HeapFree(GetProcessHeap(), 0, bin);
684 return ret;
685 }
686
687 /***********************************************************************
688 * InitializeSecurityContextA
689 */
690 static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
691 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
692 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
693 PSecBufferDesc pInput,ULONG Reserved2, PCtxtHandle phNewContext,
694 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
695 {
696 SECURITY_STATUS ret;
697
698 TRACE("%p %p %s %ld %ld %ld %p %ld %p %p %p %p\n", phCredential, phContext,
699 debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
700 Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
701
702 if (phCredential)
703 {
704 SEC_WCHAR *target = NULL;
705 if(pszTargetName != NULL)
706 {
707 int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
708 strlen(pszTargetName)+1, NULL, 0);
709 target = HeapAlloc(GetProcessHeap(), 0, target_size *
710 sizeof(SEC_WCHAR));
711 MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
712 target, target_size);
713 }
714
715 ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
716 fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
717 phNewContext, pOutput, pfContextAttr, ptsExpiry);
718
719 HeapFree(GetProcessHeap(), 0, target);
720 }
721 else
722 {
723 ret = SEC_E_INVALID_HANDLE;
724 }
725 return ret;
726 }
727
728 /***********************************************************************
729 * AcceptSecurityContext
730 */
731 static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
732 PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
733 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
734 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
735 {
736 SECURITY_STATUS ret;
737 char *buffer, *want_flags = NULL;
738 PBYTE bin;
739 int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
740 ULONG ctxt_attr = 0;
741 PNegoHelper helper;
742
743 TRACE("%p %p %p %ld %ld %p %p %p %p\n", phCredential, phContext, pInput,
744 fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
745 ptsExpiry);
746
747 if (!phCredential)
748 return SEC_E_INVALID_HANDLE;
749
750 helper = (PNegoHelper)phCredential->dwLower;
751
752 buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(char) * NTLM_MAX_BUF);
753 bin = HeapAlloc(GetProcessHeap(),0, sizeof(BYTE) * NTLM_MAX_BUF);
754
755 if(helper->mode != NTLM_SERVER)
756 {
757 ret = SEC_E_INVALID_HANDLE;
758 goto asc_end;
759 }
760
761 if(TargetDataRep == SECURITY_NETWORK_DREP){
762 TRACE("Using SECURITY_NETWORK_DREP\n");
763 }
764
765 if(phContext == NULL)
766 {
767 /* This is the first call to AcceptSecurityHandle */
768 if(pInput == NULL)
769 {
770 ret = SEC_E_INCOMPLETE_MESSAGE;
771 goto asc_end;
772 }
773
774 if(pInput->cBuffers < 1)
775 {
776 ret = SEC_E_INCOMPLETE_MESSAGE;
777 goto asc_end;
778 }
779
780 if(pInput->pBuffers[0].cbBuffer > max_len)
781 {
782 ret = SEC_E_INVALID_TOKEN;
783 goto asc_end;
784 }
785 else
786 bin_len = pInput->pBuffers[0].cbBuffer;
787
788 /* Handle all the flags */
789 want_flags = HeapAlloc(GetProcessHeap(), 0, 73);
790 if(want_flags == NULL)
791 {
792 TRACE("Failed to allocate memory for the want_flags!\n");
793 ret = SEC_E_INSUFFICIENT_MEMORY;
794 goto asc_end;
795 }
796 lstrcpyA(want_flags, "SF");
797 if(fContextReq & ASC_REQ_ALLOCATE_MEMORY)
798 {
799 FIXME("ASC_REQ_ALLOCATE_MEMORY stub\n");
800 }
801 if(fContextReq & ASC_REQ_CONFIDENTIALITY)
802 {
803 lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
804 }
805 if(fContextReq & ASC_REQ_CONNECTION)
806 {
807 /* This is default, so we'll enable it */
808 lstrcatA(want_flags, " NTLMSSP_FEATURE_SESSION_KEY");
809 ctxt_attr |= ASC_RET_CONNECTION;
810 }
811 if(fContextReq & ASC_REQ_EXTENDED_ERROR)
812 {
813 FIXME("ASC_REQ_EXTENDED_ERROR stub\n");
814 }
815 if(fContextReq & ASC_REQ_INTEGRITY)
816 {
817 lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
818 }
819 if(fContextReq & ASC_REQ_MUTUAL_AUTH)
820 {
821 FIXME("ASC_REQ_MUTUAL_AUTH stub\n");
822 }
823 if(fContextReq & ASC_REQ_REPLAY_DETECT)
824 {
825 FIXME("ASC_REQ_REPLAY_DETECT stub\n");
826 }
827 if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
828 {
829 FIXME("ASC_REQ_SEQUENCE_DETECT stub\n");
830 }
831 if(fContextReq & ISC_REQ_STREAM)
832 {
833 FIXME("ASC_REQ_STREAM stub\n");
834 }
835 /* Done with the flags */
836
837 if(lstrlenA(want_flags) > 3)
838 {
839 TRACE("Server set want_flags: %s\n", debugstr_a(want_flags));
840 lstrcpynA(buffer, want_flags, max_len - 1);
841 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
842 SEC_E_OK)
843 goto asc_end;
844 if(!strncmp(buffer, "BH", 2))
845 TRACE("Helper doesn't understand new command set\n");
846 }
847
848 /* This is the YR request from the client, encode to base64 */
849
850 memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
851
852 lstrcpynA(buffer, "YR ", max_len-1);
853
854 if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
855 &buffer_len)) != SEC_E_OK)
856 {
857 goto asc_end;
858 }
859
860 TRACE("Client sent: %s\n", debugstr_a(buffer));
861
862 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
863 SEC_E_OK)
864 {
865 goto asc_end;
866 }
867
868 TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
869 /* The expected answer is TT <base64 blob> */
870
871 if(strncmp(buffer, "TT ", 3) != 0)
872 {
873 ret = SEC_E_INTERNAL_ERROR;
874 goto asc_end;
875 }
876
877 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
878 &bin_len)) != SEC_E_OK)
879 {
880 goto asc_end;
881 }
882
883 /* send this to the client */
884 if(pOutput == NULL)
885 {
886 ret = SEC_E_INSUFFICIENT_MEMORY;
887 goto asc_end;
888 }
889
890 if(pOutput->cBuffers < 1)
891 {
892 ret = SEC_E_INSUFFICIENT_MEMORY;
893 goto asc_end;
894 }
895
896 pOutput->pBuffers[0].cbBuffer = bin_len;
897 pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
898 memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
899 ret = SEC_I_CONTINUE_NEEDED;
900
901 }
902 else
903 {
904 /* we expect a KK request from client */
905 if(pInput == NULL)
906 {
907 ret = SEC_E_INCOMPLETE_MESSAGE;
908 goto asc_end;
909 }
910
911 if(pInput->cBuffers < 1)
912 {
913 ret = SEC_E_INCOMPLETE_MESSAGE;
914 goto asc_end;
915 }
916
917 if(pInput->pBuffers[0].cbBuffer > max_len)
918 {
919 ret = SEC_E_INVALID_TOKEN;
920 goto asc_end;
921 }
922 else
923 bin_len = pInput->pBuffers[0].cbBuffer;
924
925 memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
926
927 lstrcpynA(buffer, "KK ", max_len-1);
928
929 if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
930 &buffer_len)) != SEC_E_OK)
931 {
932 goto asc_end;
933 }
934
935 TRACE("Client sent: %s\n", debugstr_a(buffer));
936
937 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
938 SEC_E_OK)
939 {
940 goto asc_end;
941 }
942
943 TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
944
945 if(strncmp(buffer, "AF ", 3) != 0)
946 {
947 if(strncmp(buffer, "NA ", 3) == 0)
948 {
949 ret = SEC_E_LOGON_DENIED;
950 goto asc_end;
951 }
952 else
953 {
954 ret = SEC_E_INTERNAL_ERROR;
955 goto asc_end;
956 }
957 }
958 pOutput->pBuffers[0].cbBuffer = 0;
959 ret = SEC_E_OK;
960
961 TRACE("Getting negotiated flags\n");
962 lstrcpynA(buffer, "GF", max_len - 1);
963 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
964 goto asc_end;
965
966 if(buffer_len < 3)
967 {
968 TRACE("No flags negotiated, or helper does not support GF command\n");
969 }
970 else
971 {
972 TRACE("Negotiated %s\n", debugstr_a(buffer));
973 sscanf(buffer + 3, "%lx", &(helper->neg_flags));
974 TRACE("Stored 0x%08lx as flags\n", helper->neg_flags);
975 }
976
977 TRACE("Getting session key\n");
978 lstrcpynA(buffer, "GK", max_len - 1);
979 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
980 goto asc_end;
981
982 if(buffer_len < 3)
983 TRACE("Helper does not support GK command\n");
984 else
985 {
986 if(strncmp(buffer, "BH ", 3) == 0)
987 {
988 TRACE("Helper sent %s\n", debugstr_a(buffer+3));
989 helper->valid_session_key = FALSE;
990 helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
991 /*FIXME: Generate the dummy session key = MD4(MD4(password))*/
992 memset(helper->session_key, 0 , 16);
993 }
994 else if(strncmp(buffer, "GK ", 3) == 0)
995 {
996 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
997 &bin_len)) != SEC_E_OK)
998 {
999 TRACE("Failed to decode session key\n");
1000 }
1001 TRACE("Session key is %s\n", debugstr_a(buffer+3));
1002 helper->valid_session_key = TRUE;
1003 if(!helper->session_key)
1004 helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
1005 if(!helper->session_key)
1006 {
1007 TRACE("Failed to allocate memory for session key\n");
1008 ret = SEC_E_INTERNAL_ERROR;
1009 goto asc_end;
1010 }
1011 memcpy(helper->session_key, bin, bin_len);
1012 }
1013 }
1014 }
1015
1016 phNewContext->dwUpper = ctxt_attr;
1017 phNewContext->dwLower = (ULONG_PTR)helper;
1018
1019 asc_end:
1020 HeapFree(GetProcessHeap(), 0, want_flags);
1021 HeapFree(GetProcessHeap(), 0, buffer);
1022 HeapFree(GetProcessHeap(), 0, bin);
1023 return ret;
1024 }
1025
1026 /***********************************************************************
1027 * CompleteAuthToken
1028 */
1029 static SECURITY_STATUS SEC_ENTRY ntlm_CompleteAuthToken(PCtxtHandle phContext,
1030 PSecBufferDesc pToken)
1031 {
1032 /* We never need to call CompleteAuthToken anyway */
1033 TRACE("%p %p\n", phContext, pToken);
1034 if (!phContext)
1035 return SEC_E_INVALID_HANDLE;
1036
1037 return SEC_E_OK;
1038 }
1039
1040 /***********************************************************************
1041 * DeleteSecurityContext
1042 */
1043 static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
1044 {
1045 SECURITY_STATUS ret;
1046
1047 TRACE("%p\n", phContext);
1048 if (phContext)
1049 {
1050 phContext->dwUpper = 0;
1051 phContext->dwLower = 0;
1052 ret = SEC_E_OK;
1053 }
1054 else
1055 {
1056 ret = SEC_E_INVALID_HANDLE;
1057 }
1058 return ret;
1059 }
1060
1061 /***********************************************************************
1062 * QueryContextAttributesW
1063 */
1064 static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext,
1065 unsigned long ulAttribute, void *pBuffer)
1066 {
1067 TRACE("%p %ld %p\n", phContext, ulAttribute, pBuffer);
1068 if (!phContext)
1069 return SEC_E_INVALID_HANDLE;
1070
1071 switch(ulAttribute)
1072 {
1073 #define _x(x) case (x) : FIXME(#x" stub\n"); break
1074 _x(SECPKG_ATTR_ACCESS_TOKEN);
1075 _x(SECPKG_ATTR_AUTHORITY);
1076 _x(SECPKG_ATTR_DCE_INFO);
1077 case SECPKG_ATTR_FLAGS:
1078 {
1079 PSecPkgContext_Flags spcf = (PSecPkgContext_Flags)pBuffer;
1080 PNegoHelper helper = (PNegoHelper)phContext->dwLower;
1081
1082 spcf->Flags = 0;
1083 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
1084 spcf->Flags |= ISC_RET_INTEGRITY;
1085 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
1086 spcf->Flags |= ISC_RET_CONFIDENTIALITY;
1087 return SEC_E_OK;
1088 }
1089 _x(SECPKG_ATTR_KEY_INFO);
1090 _x(SECPKG_ATTR_LIFESPAN);
1091 _x(SECPKG_ATTR_NAMES);
1092 _x(SECPKG_ATTR_NATIVE_NAMES);
1093 _x(SECPKG_ATTR_NEGOTIATION_INFO);
1094 _x(SECPKG_ATTR_PACKAGE_INFO);
1095 _x(SECPKG_ATTR_PASSWORD_EXPIRY);
1096 _x(SECPKG_ATTR_SESSION_KEY);
1097 case SECPKG_ATTR_SIZES:
1098 {
1099 PSecPkgContext_Sizes spcs = (PSecPkgContext_Sizes)pBuffer;
1100 spcs->cbMaxToken = NTLM_MAX_BUF;
1101 spcs->cbMaxSignature = 16;
1102 spcs->cbBlockSize = 0;
1103 spcs->cbSecurityTrailer = 16;
1104 return SEC_E_OK;
1105 }
1106 _x(SECPKG_ATTR_STREAM_SIZES);
1107 _x(SECPKG_ATTR_TARGET_INFORMATION);
1108 #undef _x
1109 default:
1110 TRACE("Unknown value %ld passed for ulAttribute\n", ulAttribute);
1111 }
1112
1113 return SEC_E_UNSUPPORTED_FUNCTION;
1114 }
1115
1116 /***********************************************************************
1117 * QueryContextAttributesA
1118 */
1119 static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext,
1120 unsigned long ulAttribute, void *pBuffer)
1121 {
1122 return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
1123 }
1124
1125 /***********************************************************************
1126 * ImpersonateSecurityContext
1127 */
1128 static SECURITY_STATUS SEC_ENTRY ntlm_ImpersonateSecurityContext(PCtxtHandle phContext)
1129 {
1130 SECURITY_STATUS ret;
1131
1132 TRACE("%p\n", phContext);
1133 if (phContext)
1134 {
1135 ret = SEC_E_UNSUPPORTED_FUNCTION;
1136 }
1137 else
1138 {
1139 ret = SEC_E_INVALID_HANDLE;
1140 }
1141 return ret;
1142 }
1143
1144 /***********************************************************************
1145 * RevertSecurityContext
1146 */
1147 static SECURITY_STATUS SEC_ENTRY ntlm_RevertSecurityContext(PCtxtHandle phContext)
1148 {
1149 SECURITY_STATUS ret;
1150
1151 TRACE("%p\n", phContext);
1152 if (phContext)
1153 {
1154 ret = SEC_E_UNSUPPORTED_FUNCTION;
1155 }
1156 else
1157 {
1158 ret = SEC_E_INVALID_HANDLE;
1159 }
1160 return ret;
1161 }
1162
1163 /***********************************************************************
1164 * MakeSignature
1165 */
1166 static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
1167 PSecBufferDesc pMessage, ULONG MessageSeqNo)
1168 {
1169 PNegoHelper helper;
1170
1171 TRACE("%p %ld %p %ld\n", phContext, fQOP, pMessage, MessageSeqNo);
1172 if (!phContext)
1173 return SEC_E_INVALID_HANDLE;
1174
1175 if(fQOP)
1176 FIXME("Ignoring fQOP 0x%08lx", fQOP);
1177
1178 if(MessageSeqNo)
1179 FIXME("Ignoring MessageSeqNo");
1180
1181 if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2 ||
1182 pMessage->pBuffers[0].BufferType != SECBUFFER_TOKEN ||
1183 !pMessage->pBuffers[0].pvBuffer)
1184 return SEC_E_INVALID_TOKEN;
1185
1186 if(pMessage->pBuffers[0].cbBuffer < 16)
1187 return SEC_E_BUFFER_TOO_SMALL;
1188
1189 helper = (PNegoHelper)phContext->dwLower;
1190 TRACE("Negotiated flags are: 0x%08lx\n", helper->neg_flags);
1191 if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
1192 {
1193 FIXME("Can't handle NTLMv2 signing yet. Aborting.\n");
1194 return SEC_E_UNSUPPORTED_FUNCTION;
1195 }
1196 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
1197 {
1198 FIXME("Can't handle real signing yet. Aborting.\n");
1199 return SEC_E_UNSUPPORTED_FUNCTION;
1200 }
1201
1202 if(helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
1203 {
1204 FIXME("Can't handle encrypted session key yet. Aborting.\n");
1205 return SEC_E_UNSUPPORTED_FUNCTION;
1206 }
1207
1208 if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
1209 {
1210 TRACE("Generating dummy signature\n");
1211 /* A dummy signature is 0x01 followed by 15 bytes of 0x00 */
1212 memset(pMessage->pBuffers[0].pvBuffer, 0, 16);
1213 memset(pMessage->pBuffers[0].pvBuffer, 0x01, 1);
1214 pMessage->pBuffers[0].cbBuffer = 16;
1215 return SEC_E_OK;
1216 }
1217
1218 return SEC_E_UNSUPPORTED_FUNCTION;
1219 }
1220
1221 /***********************************************************************
1222 * VerifySignature
1223 */
1224 static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
1225 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
1226 {
1227 PNegoHelper helper;
1228 ULONG fQOP = 0;
1229
1230 TRACE("%p %p %ld %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
1231 if(!phContext)
1232 return SEC_E_INVALID_HANDLE;
1233
1234 if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2 ||
1235 pMessage->pBuffers[0].BufferType != SECBUFFER_TOKEN ||
1236 !pMessage->pBuffers[0].pvBuffer)
1237 return SEC_E_INVALID_TOKEN;
1238
1239 if(pMessage->pBuffers[0].cbBuffer < 16)
1240 return SEC_E_BUFFER_TOO_SMALL;
1241
1242 if(MessageSeqNo)
1243 FIXME("Ignoring MessageSeqNo\n");
1244
1245 helper = (PNegoHelper)phContext->dwLower;
1246 TRACE("Negotiated flags: 0x%08lx\n", helper->neg_flags);
1247
1248 if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
1249 {
1250 FIXME("Can't handle NTLMv2 signing yet. Aborting.\n");
1251 return SEC_E_UNSUPPORTED_FUNCTION;
1252 }
1253
1254 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
1255 {
1256 FIXME("Can't handle real signing yet. Aborting.\n");
1257 return SEC_E_UNSUPPORTED_FUNCTION;
1258 }
1259
1260 if(helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
1261 {
1262 FIXME("Can't handle encrypted session keys yet. Aborting.\n");
1263 return SEC_E_UNSUPPORTED_FUNCTION;
1264 }
1265
1266 if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
1267 {
1268 const BYTE dummy_sig[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1269 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
1270 TRACE("Assuming dummy signature.\n");
1271 if(memcmp(pMessage->pBuffers[0].pvBuffer, dummy_sig, sizeof(dummy_sig)) != 0)
1272 {
1273 TRACE("Failed to verify the packet signature. Not a dummy signature?\n");
1274 return SEC_E_MESSAGE_ALTERED;
1275 }
1276 else
1277 {
1278 pfQOP = &fQOP;
1279 return SEC_E_OK;
1280 }
1281 }
1282
1283 return SEC_E_UNSUPPORTED_FUNCTION;
1284 }
1285
1286 /***********************************************************************
1287 * FreeCredentialsHandle
1288 */
1289 static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(
1290 PCredHandle phCredential)
1291 {
1292 SECURITY_STATUS ret;
1293
1294 if(phCredential){
1295 PNegoHelper helper = (PNegoHelper) phCredential->dwLower;
1296 phCredential->dwUpper = 0;
1297 phCredential->dwLower = 0;
1298 HeapFree(GetProcessHeap(), 0, helper->session_key);
1299 cleanup_helper(helper);
1300 ret = SEC_E_OK;
1301 }
1302 else
1303 ret = SEC_E_OK;
1304
1305 return ret;
1306 }
1307
1308 /***********************************************************************
1309 * EncryptMessage
1310 */
1311 static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
1312 ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
1313 {
1314 TRACE("%p %ld %p %ld stub\n", phContext, fQOP, pMessage, MessageSeqNo);
1315
1316 if(!phContext)
1317 return SEC_E_INVALID_HANDLE;
1318
1319 return SEC_E_UNSUPPORTED_FUNCTION;
1320 }
1321
1322 /***********************************************************************
1323 * DecryptMessage
1324 */
1325 static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext,
1326 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
1327 {
1328 TRACE("%p %p %ld %p stub\n", phContext, pMessage, MessageSeqNo, pfQOP);
1329
1330 if(!phContext)
1331 return SEC_E_INVALID_HANDLE;
1332
1333 return SEC_E_UNSUPPORTED_FUNCTION;
1334 }
1335
1336 static SecurityFunctionTableA ntlmTableA = {
1337 1,
1338 NULL, /* EnumerateSecurityPackagesA */
1339 ntlm_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
1340 ntlm_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
1341 ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
1342 NULL, /* Reserved2 */
1343 ntlm_InitializeSecurityContextA, /* InitializeSecurityContextA */
1344 ntlm_AcceptSecurityContext, /* AcceptSecurityContext */
1345 ntlm_CompleteAuthToken, /* CompleteAuthToken */
1346 ntlm_DeleteSecurityContext, /* DeleteSecurityContext */
1347 NULL, /* ApplyControlToken */
1348 ntlm_QueryContextAttributesA, /* QueryContextAttributesA */
1349 ntlm_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
1350 ntlm_RevertSecurityContext, /* RevertSecurityContext */
1351 ntlm_MakeSignature, /* MakeSignature */
1352 ntlm_VerifySignature, /* VerifySignature */
1353 FreeContextBuffer, /* FreeContextBuffer */
1354 NULL, /* QuerySecurityPackageInfoA */
1355 NULL, /* Reserved3 */
1356 NULL, /* Reserved4 */
1357 NULL, /* ExportSecurityContext */
1358 NULL, /* ImportSecurityContextA */
1359 NULL, /* AddCredentialsA */
1360 NULL, /* Reserved8 */
1361 NULL, /* QuerySecurityContextToken */
1362 ntlm_EncryptMessage, /* EncryptMessage */
1363 ntlm_DecryptMessage, /* DecryptMessage */
1364 NULL, /* SetContextAttributesA */
1365 };
1366
1367 static SecurityFunctionTableW ntlmTableW = {
1368 1,
1369 NULL, /* EnumerateSecurityPackagesW */
1370 ntlm_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
1371 ntlm_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
1372 ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
1373 NULL, /* Reserved2 */
1374 ntlm_InitializeSecurityContextW, /* InitializeSecurityContextW */
1375 ntlm_AcceptSecurityContext, /* AcceptSecurityContext */
1376 ntlm_CompleteAuthToken, /* CompleteAuthToken */
1377 ntlm_DeleteSecurityContext, /* DeleteSecurityContext */
1378 NULL, /* ApplyControlToken */
1379 ntlm_QueryContextAttributesW, /* QueryContextAttributesW */
1380 ntlm_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
1381 ntlm_RevertSecurityContext, /* RevertSecurityContext */
1382 ntlm_MakeSignature, /* MakeSignature */
1383 ntlm_VerifySignature, /* VerifySignature */
1384 FreeContextBuffer, /* FreeContextBuffer */
1385 NULL, /* QuerySecurityPackageInfoW */
1386 NULL, /* Reserved3 */
1387 NULL, /* Reserved4 */
1388 NULL, /* ExportSecurityContext */
1389 NULL, /* ImportSecurityContextW */
1390 NULL, /* AddCredentialsW */
1391 NULL, /* Reserved8 */
1392 NULL, /* QuerySecurityContextToken */
1393 ntlm_EncryptMessage, /* EncryptMessage */
1394 ntlm_DecryptMessage, /* DecryptMessage */
1395 NULL, /* SetContextAttributesW */
1396 };
1397
1398 #define NTLM_COMMENT \
1399 { 'N', 'T', 'L', 'M', ' ', \
1400 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', ' ', \
1401 'P', 'a', 'c', 'k', 'a', 'g', 'e', 0}
1402
1403 static CHAR ntlm_comment_A[] = NTLM_COMMENT;
1404 static WCHAR ntlm_comment_W[] = NTLM_COMMENT;
1405
1406 #define NTLM_NAME {'N', 'T', 'L', 'M', 0}
1407
1408 static char ntlm_name_A[] = NTLM_NAME;
1409 static WCHAR ntlm_name_W[] = NTLM_NAME;
1410
1411 /* According to Windows, NTLM has the following capabilities. */
1412 #define CAPS ( \
1413 SECPKG_FLAG_INTEGRITY | \
1414 SECPKG_FLAG_PRIVACY | \
1415 SECPKG_FLAG_TOKEN_ONLY | \
1416 SECPKG_FLAG_CONNECTION | \
1417 SECPKG_FLAG_MULTI_REQUIRED | \
1418 SECPKG_FLAG_IMPERSONATION | \
1419 SECPKG_FLAG_ACCEPT_WIN32_NAME | \
1420 SECPKG_FLAG_READONLY_WITH_CHECKSUM)
1421
1422 static const SecPkgInfoW infoW = {
1423 CAPS,
1424 1,
1425 RPC_C_AUTHN_WINNT,
1426 NTLM_MAX_BUF,
1427 ntlm_name_W,
1428 ntlm_comment_W
1429 };
1430
1431 static const SecPkgInfoA infoA = {
1432 CAPS,
1433 1,
1434 RPC_C_AUTHN_WINNT,
1435 NTLM_MAX_BUF,
1436 ntlm_name_A,
1437 ntlm_comment_A
1438 };
1439
1440 void SECUR32_initNTLMSP(void)
1441 {
1442 SECURITY_STATUS ret;
1443 PNegoHelper helper;
1444 static CHAR ntlm_auth[] = "ntlm_auth",
1445 version[] = "--version";
1446
1447 SEC_CHAR *args[] = {
1448 ntlm_auth,
1449 version,
1450 NULL };
1451
1452 if((ret = fork_helper(&helper, "ntlm_auth", args)) != SEC_E_OK)
1453 {
1454 /* Cheat and allocate a helper anyway, so cleanup later will work. */
1455 helper = HeapAlloc(GetProcessHeap(),0, sizeof(PNegoHelper));
1456 helper->version = -1;
1457 }
1458 else
1459 check_version(helper);
1460
1461 if(helper->version > 2)
1462 {
1463 SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
1464 SECUR32_addPackages(provider, 1L, &infoA, &infoW);
1465 }
1466 cleanup_helper(helper);
1467 }
Windows API implementation