search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmime: Implement band track IDirectMusicTrack_Play.
[wine.git] / dlls / secur32 / lsa.c
blob7af9c285d866ae95f820e974f149d429b0c0781f
1 /*
2 * Copyright (C) 2004 Juan Lang
3 * Copyright (C) 2007 Kai Blin
4 * Copyright (C) 2017, 2018 Dmitry Timoshkov
5 *
6 * Local Security Authority functions, as far as secur32 has them.
7 *
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 */
22
23 #include <stdarg.h>
24 #include <stdlib.h>
25
26 #include "ntstatus.h"
27 #define WIN32_NO_STATUS
28 #include "windef.h"
29 #include "winbase.h"
30 #include "winreg.h"
31 #include "sspi.h"
32 #include "ntsecapi.h"
33 #include "ntsecpkg.h"
34 #include "winternl.h"
35 #include "ddk/ntddk.h"
36 #include "rpc.h"
37
38 #include "wine/debug.h"
39 #include "secur32_priv.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
42
43 #define LSA_MAGIC_CONNECTION ('L' << 24 | 'S' << 16 | 'A' << 8 | '0')
44 #define LSA_MAGIC_CREDENTIALS ('L' << 24 | 'S' << 16 | 'A' << 8 | '1')
45 #define LSA_MAGIC_CONTEXT ('L' << 24 | 'S' << 16 | 'A' << 8 | '2')
46
47 static const WCHAR *default_authentication_package = L"Negotiate";
48
49 struct lsa_package
50 {
51 ULONG package_id;
52 HMODULE mod;
53 LSA_STRING *name;
54 ULONG lsa_api_version, lsa_table_count, user_api_version, user_table_count;
55 SECPKG_FUNCTION_TABLE *lsa_api;
56 SECPKG_USER_FUNCTION_TABLE *user_api;
57 };
58
59 static struct lsa_package *loaded_packages;
60 static ULONG loaded_packages_count;
61
62 struct lsa_handle
63 {
64 DWORD magic;
65 struct lsa_package *package;
66 LSA_SEC_HANDLE handle;
67 };
68
69 static const char *debugstr_as(const LSA_STRING *str)
70 {
71 if (!str) return "<null>";
72 return debugstr_an(str->Buffer, str->Length);
73 }
74
75 SECPKG_FUNCTION_TABLE *lsa_find_package(const char *name, SECPKG_USER_FUNCTION_TABLE **user_api)
76 {
77 LSA_STRING package_name;
78 ULONG i;
79
80 RtlInitString(&package_name, name);
81
82 for (i = 0; i < loaded_packages_count; i++)
83 {
84 if (!RtlCompareString(loaded_packages[i].name, &package_name, FALSE))
85 {
86 *user_api = loaded_packages[i].user_api;
87 return loaded_packages[i].lsa_api;
88 }
89 }
90 return NULL;
91 }
92
93 NTSTATUS WINAPI LsaCallAuthenticationPackage(HANDLE lsa_handle, ULONG package_id,
94 PVOID in_buffer, ULONG in_buffer_length,
95 PVOID *out_buffer, PULONG out_buffer_length, PNTSTATUS status)
96 {
97 ULONG i;
98
99 TRACE("%p,%lu,%p,%lu,%p,%p,%p\n", lsa_handle, package_id, in_buffer,
100 in_buffer_length, out_buffer, out_buffer_length, status);
101
102 if (out_buffer) *out_buffer = NULL;
103 if (out_buffer_length) *out_buffer_length = 0;
104 if (status) *status = STATUS_SUCCESS;
105
106 for (i = 0; i < loaded_packages_count; i++)
107 {
108 if (loaded_packages[i].package_id == package_id)
109 {
110 if (loaded_packages[i].lsa_api->CallPackageUntrusted)
111 return loaded_packages[i].lsa_api->CallPackageUntrusted(NULL /* FIXME*/,
112 in_buffer, NULL, in_buffer_length, out_buffer, out_buffer_length, status);
113
114 return SEC_E_UNSUPPORTED_FUNCTION;
115 }
116 }
117
118 return STATUS_NO_SUCH_PACKAGE;
119 }
120
121 static struct lsa_handle *alloc_lsa_handle(ULONG magic)
122 {
123 struct lsa_handle *ret;
124 if (!(ret = calloc(1, sizeof(*ret)))) return NULL;
125 ret->magic = magic;
126 return ret;
127 }
128
129 NTSTATUS WINAPI LsaConnectUntrusted(PHANDLE LsaHandle)
130 {
131 struct lsa_handle *lsa_conn;
132
133 TRACE("%p\n", LsaHandle);
134
135 if (!(lsa_conn = alloc_lsa_handle(LSA_MAGIC_CONNECTION))) return STATUS_NO_MEMORY;
136 *LsaHandle = lsa_conn;
137 return STATUS_SUCCESS;
138 }
139
140 NTSTATUS WINAPI LsaRegisterLogonProcess(PLSA_STRING LogonProcessName,
141 PHANDLE LsaHandle, PLSA_OPERATIONAL_MODE SecurityMode)
142 {
143 struct lsa_handle *lsa_conn;
144
145 FIXME("%s %p %p stub\n", debugstr_as(LogonProcessName), LsaHandle, SecurityMode);
146
147 if (!(lsa_conn = alloc_lsa_handle(LSA_MAGIC_CONNECTION))) return STATUS_NO_MEMORY;
148 *LsaHandle = lsa_conn;
149 return STATUS_SUCCESS;
150 }
151
152 NTSTATUS WINAPI LsaDeregisterLogonProcess(HANDLE LsaHandle)
153 {
154 struct lsa_handle *lsa_conn = (struct lsa_handle *)LsaHandle;
155
156 TRACE("%p\n", LsaHandle);
157
158 if (!lsa_conn || lsa_conn->magic != LSA_MAGIC_CONNECTION) return STATUS_INVALID_HANDLE;
159 lsa_conn->magic = 0;
160 free(lsa_conn);
161
162 return STATUS_SUCCESS;
163 }
164
165 NTSTATUS WINAPI LsaEnumerateLogonSessions(PULONG LogonSessionCount,
166 PLUID* LogonSessionList)
167 {
168 FIXME("%p %p stub\n", LogonSessionCount, LogonSessionList);
169 *LogonSessionCount = 0;
170 *LogonSessionList = NULL;
171
172 return STATUS_SUCCESS;
173 }
174
175 NTSTATUS WINAPI LsaFreeReturnBuffer(PVOID buffer)
176 {
177 TRACE("%p\n", buffer);
178 free(buffer);
179 return STATUS_SUCCESS;
180 }
181
182 NTSTATUS WINAPI LsaGetLogonSessionData(PLUID LogonId,
183 PSECURITY_LOGON_SESSION_DATA* ppLogonSessionData)
184 {
185 SECURITY_LOGON_SESSION_DATA *data;
186 int authpkg_len;
187 WCHAR *end;
188
189 FIXME("%p %p semi-stub\n", LogonId, ppLogonSessionData);
190
191 authpkg_len = wcslen(default_authentication_package) * sizeof(WCHAR);
192
193 data = calloc(1, sizeof(*data) + authpkg_len + sizeof(WCHAR));
194 if (!data) return STATUS_NO_MEMORY;
195
196 data->Size = sizeof(*data);
197 data->LogonId = *LogonId;
198
199 end = (WCHAR *)(data + 1);
200 wcscpy(end, default_authentication_package);
201
202 data->AuthenticationPackage.Length = authpkg_len;
203 data->AuthenticationPackage.MaximumLength = authpkg_len + sizeof(WCHAR);
204 data->AuthenticationPackage.Buffer = end;
205
206 *ppLogonSessionData = data;
207
208 return STATUS_SUCCESS;
209 }
210
211 NTSTATUS WINAPI LsaLogonUser(HANDLE LsaHandle, PLSA_STRING OriginName,
212 SECURITY_LOGON_TYPE LogonType, ULONG AuthenticationPackage,
213 PVOID AuthenticationInformation, ULONG AuthenticationInformationLength,
214 PTOKEN_GROUPS LocalGroups, PTOKEN_SOURCE SourceContext,
215 PVOID* ProfileBuffer, PULONG ProfileBufferLength, PLUID LogonId,
216 PHANDLE Token, PQUOTA_LIMITS Quotas, PNTSTATUS SubStatus)
217 {
218 FIXME("%p %s %d %ld %p %ld %p %p %p %p %p %p %p %p stub\n", LsaHandle,
219 debugstr_as(OriginName), LogonType, AuthenticationPackage,
220 AuthenticationInformation, AuthenticationInformationLength,
221 LocalGroups, SourceContext, ProfileBuffer, ProfileBufferLength,
222 LogonId, Token, Quotas, SubStatus);
223 return STATUS_SUCCESS;
224 }
225
226 static NTSTATUS NTAPI lsa_CreateLogonSession(LUID *logon_id)
227 {
228 FIXME("%p: stub\n", logon_id);
229 return STATUS_NOT_IMPLEMENTED;
230 }
231
232 static NTSTATUS NTAPI lsa_DeleteLogonSession(LUID *logon_id)
233 {
234 FIXME("%p: stub\n", logon_id);
235 return STATUS_NOT_IMPLEMENTED;
236 }
237
238 static NTSTATUS NTAPI lsa_AddCredential(LUID *logon_id, ULONG package_id,
239 LSA_STRING *primary_key, LSA_STRING *credentials)
240 {
241 FIXME("%p,%lu,%s,%s: stub\n", logon_id, package_id,
242 debugstr_as(primary_key), debugstr_as(credentials));
243 return STATUS_NOT_IMPLEMENTED;
244 }
245
246 static NTSTATUS NTAPI lsa_GetCredentials(LUID *logon_id, ULONG package_id, ULONG *context,
247 BOOLEAN retrieve_all, LSA_STRING *primary_key, ULONG *primary_key_len, LSA_STRING *credentials)
248 {
249 FIXME("%p,%#lx,%p,%d,%p,%p,%p: stub\n", logon_id, package_id, context,
250 retrieve_all, primary_key, primary_key_len, credentials);
251 return STATUS_NOT_IMPLEMENTED;
252 }
253
254 static NTSTATUS NTAPI lsa_DeleteCredential(LUID *logon_id, ULONG package_id, LSA_STRING *primary_key)
255 {
256 FIXME("%p,%#lx,%s: stub\n", logon_id, package_id, debugstr_as(primary_key));
257 return STATUS_NOT_IMPLEMENTED;
258 }
259
260 static void * NTAPI lsa_AllocateLsaHeap(ULONG size)
261 {
262 TRACE("%lu\n", size);
263 return malloc(size);
264 }
265
266 static void NTAPI lsa_FreeLsaHeap(void *p)
267 {
268 TRACE("%p\n", p);
269 free(p);
270 }
271
272 static NTSTATUS NTAPI lsa_AllocateClientBuffer(PLSA_CLIENT_REQUEST req, ULONG size, void **p)
273 {
274 TRACE("%p,%lu,%p\n", req, size, p);
275 *p = malloc(size);
276 return *p ? STATUS_SUCCESS : STATUS_NO_MEMORY;
277 }
278
279 static NTSTATUS NTAPI lsa_FreeClientBuffer(PLSA_CLIENT_REQUEST req, void *p)
280 {
281 TRACE("%p,%p\n", req, p);
282 free(p);
283 return STATUS_SUCCESS;
284 }
285
286 static NTSTATUS NTAPI lsa_CopyToClientBuffer(PLSA_CLIENT_REQUEST req, ULONG size, void *client, void *buf)
287 {
288 TRACE("%p,%lu,%p,%p\n", req, size, client, buf);
289 memcpy(client, buf, size);
290 return STATUS_SUCCESS;
291 }
292
293 static NTSTATUS NTAPI lsa_CopyFromClientBuffer(PLSA_CLIENT_REQUEST req, ULONG size, void *buf, void *client)
294 {
295 TRACE("%p,%lu,%p,%p\n", req, size, buf, client);
296 memcpy(buf, client, size);
297 return STATUS_SUCCESS;
298 }
299
300 static LSA_DISPATCH_TABLE lsa_dispatch =
301 {
302 lsa_CreateLogonSession,
303 lsa_DeleteLogonSession,
304 lsa_AddCredential,
305 lsa_GetCredentials,
306 lsa_DeleteCredential,
307 lsa_AllocateLsaHeap,
308 lsa_FreeLsaHeap,
309 lsa_AllocateClientBuffer,
310 lsa_FreeClientBuffer,
311 lsa_CopyToClientBuffer,
312 lsa_CopyFromClientBuffer
313 };
314
315 static NTSTATUS NTAPI lsa_RegisterCallback(ULONG callback_id, PLSA_CALLBACK_FUNCTION callback)
316 {
317 FIXME("%lu,%p: stub\n", callback_id, callback);
318 return STATUS_NOT_IMPLEMENTED;
319 }
320
321 static SECPKG_DLL_FUNCTIONS lsa_dll_dispatch =
322 {
323 lsa_AllocateLsaHeap,
324 lsa_FreeLsaHeap,
325 lsa_RegisterCallback
326 };
327
328 static SECURITY_STATUS lsa_lookup_package(SEC_WCHAR *nameW, struct lsa_package **lsa_package)
329 {
330 ULONG i;
331 UNICODE_STRING package_name, name;
332
333 for (i = 0; i < loaded_packages_count; i++)
334 {
335 if (RtlAnsiStringToUnicodeString(&package_name, loaded_packages[i].name, TRUE))
336 return SEC_E_INSUFFICIENT_MEMORY;
337
338 RtlInitUnicodeString(&name, nameW);
339
340 if (RtlEqualUnicodeString(&package_name, &name, TRUE))
341 {
342 RtlFreeUnicodeString(&package_name);
343 *lsa_package = &loaded_packages[i];
344 return SEC_E_OK;
345 }
346
347 RtlFreeUnicodeString(&package_name);
348 }
349
350 return SEC_E_SECPKG_NOT_FOUND;
351 }
352
353 static SECURITY_STATUS WINAPI lsa_AcquireCredentialsHandleW(
354 SEC_WCHAR *principal, SEC_WCHAR *package, ULONG credentials_use,
355 LUID *logon_id, void *auth_data, SEC_GET_KEY_FN get_key_fn,
356 void *get_key_arg, CredHandle *credential, TimeStamp *ts_expiry)
357 {
358 SECURITY_STATUS status;
359 struct lsa_package *lsa_package;
360 struct lsa_handle *lsa_handle;
361 UNICODE_STRING principal_us;
362 LSA_SEC_HANDLE lsa_credential;
363
364 TRACE("%s %s %#lx %p %p %p %p %p\n", debugstr_w(principal), debugstr_w(package),
365 credentials_use, auth_data, get_key_fn, get_key_arg, credential, ts_expiry);
366
367 if (!credential) return SEC_E_INVALID_HANDLE;
368 if (!package) return SEC_E_SECPKG_NOT_FOUND;
369
370 status = lsa_lookup_package(package, &lsa_package);
371 if (status != SEC_E_OK) return status;
372
373 if (!lsa_package->lsa_api || !lsa_package->lsa_api->SpAcquireCredentialsHandle)
374 return SEC_E_UNSUPPORTED_FUNCTION;
375
376 if (principal)
377 RtlInitUnicodeString(&principal_us, principal);
378
379 status = lsa_package->lsa_api->SpAcquireCredentialsHandle(principal ? &principal_us : NULL,
380 credentials_use, logon_id, auth_data, get_key_fn, get_key_arg, &lsa_credential, ts_expiry);
381 if (status == SEC_E_OK)
382 {
383 if (!(lsa_handle = alloc_lsa_handle(LSA_MAGIC_CREDENTIALS))) return STATUS_NO_MEMORY;
384 lsa_handle->package = lsa_package;
385 lsa_handle->handle = lsa_credential;
386 credential->dwLower = (ULONG_PTR)lsa_handle;
387 credential->dwUpper = 0;
388 }
389 return status;
390 }
391
392 static SECURITY_STATUS WINAPI lsa_AcquireCredentialsHandleA(
393 SEC_CHAR *principal, SEC_CHAR *package, ULONG credentials_use,
394 LUID *logon_id, void *auth_data, SEC_GET_KEY_FN get_key_fn,
395 void *get_key_arg, CredHandle *credential, TimeStamp *ts_expiry)
396 {
397 SECURITY_STATUS status = SEC_E_INSUFFICIENT_MEMORY;
398 SEC_WCHAR *principalW = NULL, *packageW = NULL;
399 SEC_WINNT_AUTH_IDENTITY_A *id = auth_data;
400 SEC_WINNT_AUTH_IDENTITY_W idW = {};
401
402 TRACE("%s %s %#lx %p %p %p %p %p\n", debugstr_a(principal), debugstr_a(package),
403 credentials_use, auth_data, get_key_fn, get_key_arg, credential, ts_expiry);
404
405 if (principal)
406 {
407 int len = MultiByteToWideChar( CP_ACP, 0, principal, -1, NULL, 0 );
408 if (!(principalW = malloc( len * sizeof(SEC_WCHAR) ))) goto done;
409 MultiByteToWideChar( CP_ACP, 0, principal, -1, principalW, len );
410 }
411 if (package)
412 {
413 int len = MultiByteToWideChar( CP_ACP, 0, package, -1, NULL, 0 );
414 if (!(packageW = malloc( len * sizeof(SEC_WCHAR) ))) goto done;
415 MultiByteToWideChar( CP_ACP, 0, package, -1, packageW, len );
416 }
417 if (id && (id->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI))
418 {
419 if (id->UserLength)
420 {
421 idW.UserLength = MultiByteToWideChar( CP_ACP, 0, (char *)id->User, id->UserLength, NULL, 0 );
422 if (!(idW.User = malloc( idW.UserLength * sizeof(SEC_WCHAR) ))) goto done;
423 MultiByteToWideChar( CP_ACP, 0, (char *)id->User, id->UserLength, idW.User, idW.UserLength );
424 }
425 if (id->DomainLength)
426 {
427 idW.DomainLength = MultiByteToWideChar( CP_ACP, 0, (char *)id->Domain, id->DomainLength, NULL, 0 );
428 if (!(idW.Domain = malloc( idW.DomainLength * sizeof(SEC_WCHAR) ))) goto done;
429 MultiByteToWideChar( CP_ACP, 0, (char *)id->Domain, id->DomainLength, idW.Domain, idW.DomainLength );
430 }
431 if (id->PasswordLength)
432 {
433 idW.PasswordLength = MultiByteToWideChar( CP_ACP, 0, (char *)id->Password, id->PasswordLength, NULL, 0 );
434 if (!(idW.Password = malloc( idW.PasswordLength * sizeof(SEC_WCHAR) ))) goto done;
435 MultiByteToWideChar( CP_ACP, 0, (char *)id->Password, id->PasswordLength, idW.Password, idW.PasswordLength );
436 }
437 idW.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
438 auth_data = &idW;
439 }
440
441 status = lsa_AcquireCredentialsHandleW( principalW, packageW, credentials_use, logon_id, auth_data, get_key_fn,
442 get_key_arg, credential, ts_expiry );
443 done:
444 free( packageW );
445 free( principalW );
446 free( idW.User );
447 free( idW.Domain );
448 free( idW.Password );
449 return status;
450 }
451
452 static SECURITY_STATUS WINAPI lsa_FreeCredentialsHandle(CredHandle *credential)
453 {
454 struct lsa_handle *lsa_cred;
455 SECURITY_STATUS status;
456
457 TRACE("%p\n", credential);
458 if (!credential) return SEC_E_INVALID_HANDLE;
459
460 lsa_cred = (struct lsa_handle *)credential->dwLower;
461 if (!lsa_cred || lsa_cred->magic != LSA_MAGIC_CREDENTIALS) return SEC_E_INVALID_HANDLE;
462
463 if (!lsa_cred->package->lsa_api || !lsa_cred->package->lsa_api->FreeCredentialsHandle)
464 return SEC_E_UNSUPPORTED_FUNCTION;
465
466 status = lsa_cred->package->lsa_api->FreeCredentialsHandle(lsa_cred->handle);
467
468 lsa_cred->magic = 0;
469 free(lsa_cred);
470 return status;
471 }
472
473 static SECURITY_STATUS WINAPI lsa_InitializeSecurityContextW(
474 CredHandle *credential, CtxtHandle *context, SEC_WCHAR *target_name, ULONG context_req,
475 ULONG reserved1, ULONG target_data_rep, SecBufferDesc *input, ULONG reserved2,
476 CtxtHandle *new_context, SecBufferDesc *output, ULONG *context_attr, TimeStamp *ts_expiry)
477 {
478 SECURITY_STATUS status;
479 struct lsa_handle *lsa_cred = NULL, *lsa_ctx = NULL, *new_lsa_ctx;
480 struct lsa_package *package = NULL;
481 UNICODE_STRING target_name_us;
482 BOOLEAN mapped_context;
483 LSA_SEC_HANDLE new_handle;
484
485 TRACE("%p %p %s %#lx %ld %ld %p %ld %p %p %p %p\n", credential, context,
486 debugstr_w(target_name), context_req, reserved1, target_data_rep, input,
487 reserved2, new_context, output, context_attr, ts_expiry);
488
489 if (context)
490 {
491 lsa_ctx = (struct lsa_handle *)context->dwLower;
492 if (lsa_ctx->magic != LSA_MAGIC_CONTEXT) return SEC_E_INVALID_HANDLE;
493 package = lsa_ctx->package;
494 }
495 else if (credential)
496 {
497 lsa_cred = (struct lsa_handle *)credential->dwLower;
498 if (lsa_cred->magic != LSA_MAGIC_CREDENTIALS) return SEC_E_INVALID_HANDLE;
499 package = lsa_cred->package;
500 }
501 if (!package || !new_context) return SEC_E_INVALID_HANDLE;
502
503 if (!package->lsa_api || !package->lsa_api->InitLsaModeContext)
504 return SEC_E_UNSUPPORTED_FUNCTION;
505
506 if (target_name)
507 RtlInitUnicodeString(&target_name_us, target_name);
508
509 status = package->lsa_api->InitLsaModeContext(lsa_cred ? lsa_cred->handle : 0,
510 lsa_ctx ? lsa_ctx->handle : 0, target_name ? &target_name_us : NULL, context_req, target_data_rep,
511 input, &new_handle, output, context_attr, ts_expiry, &mapped_context, NULL /* FIXME */);
512 if (status == SEC_E_OK || status == SEC_I_CONTINUE_NEEDED)
513 {
514 if (!(new_lsa_ctx = alloc_lsa_handle(LSA_MAGIC_CONTEXT))) return STATUS_NO_MEMORY;
515 new_lsa_ctx->package = package;
516 new_lsa_ctx->handle = new_handle;
517 new_context->dwLower = (ULONG_PTR)new_lsa_ctx;
518 new_context->dwUpper = 0;
519 }
520 return status;
521 }
522
523 static SECURITY_STATUS WINAPI lsa_InitializeSecurityContextA(
524 CredHandle *credential, CtxtHandle *context, SEC_CHAR *target_name, ULONG context_req,
525 ULONG reserved1, ULONG target_data_rep, SecBufferDesc *input, ULONG reserved2,
526 CtxtHandle *new_context, SecBufferDesc *output, ULONG *context_attr, TimeStamp *ts_expiry)
527 {
528 SECURITY_STATUS status;
529 SEC_WCHAR *targetW = NULL;
530
531 TRACE("%p %p %s %#lx %ld %ld %p %ld %p %p %p %p\n", credential, context,
532 debugstr_a(target_name), context_req, reserved1, target_data_rep, input,
533 reserved2, new_context, output, context_attr, ts_expiry);
534
535 if (target_name)
536 {
537 int len = MultiByteToWideChar( CP_ACP, 0, target_name, -1, NULL, 0 );
538 if (!(targetW = malloc( len * sizeof(SEC_WCHAR) ))) return SEC_E_INSUFFICIENT_MEMORY;
539 MultiByteToWideChar( CP_ACP, 0, target_name, -1, targetW, len );
540 }
541
542 status = lsa_InitializeSecurityContextW( credential, context, targetW, context_req, reserved1, target_data_rep,
543 input, reserved2, new_context, output, context_attr, ts_expiry );
544 free( targetW );
545 return status;
546 }
547
548 static SECURITY_STATUS WINAPI lsa_AcceptSecurityContext(
549 CredHandle *credential, CtxtHandle *context, SecBufferDesc *input,
550 ULONG context_req, ULONG target_data_rep, CtxtHandle *new_context,
551 SecBufferDesc *output, ULONG *context_attr, TimeStamp *ts_expiry)
552 {
553 SECURITY_STATUS status;
554 struct lsa_package *package = NULL;
555 struct lsa_handle *lsa_cred = NULL, *lsa_ctx = NULL, *new_lsa_ctx;
556 BOOLEAN mapped_context;
557 LSA_SEC_HANDLE new_handle;
558
559 TRACE("%p %p %p %#lx %#lx %p %p %p %p\n", credential, context, input,
560 context_req, target_data_rep, new_context, output, context_attr, ts_expiry);
561
562 if (context)
563 {
564 lsa_ctx = (struct lsa_handle *)context->dwLower;
565 if (lsa_ctx->magic != LSA_MAGIC_CONTEXT) return SEC_E_INVALID_HANDLE;
566 package = lsa_ctx->package;
567 }
568 else if (credential)
569 {
570 lsa_cred = (struct lsa_handle *)credential->dwLower;
571 if (lsa_cred->magic != LSA_MAGIC_CREDENTIALS) return SEC_E_INVALID_HANDLE;
572 package = lsa_cred->package;
573 }
574 if (!package || !new_context) return SEC_E_INVALID_HANDLE;
575
576 if (!package->lsa_api || !package->lsa_api->AcceptLsaModeContext)
577 return SEC_E_UNSUPPORTED_FUNCTION;
578
579 status = package->lsa_api->AcceptLsaModeContext(lsa_cred ? lsa_cred->handle : 0,
580 lsa_ctx ? lsa_ctx->handle : 0, input, context_req, target_data_rep, &new_handle, output,
581 context_attr, ts_expiry, &mapped_context, NULL /* FIXME */);
582 if (status == SEC_E_OK || status == SEC_I_CONTINUE_NEEDED)
583 {
584 if (!(new_lsa_ctx = alloc_lsa_handle(LSA_MAGIC_CONTEXT))) return STATUS_NO_MEMORY;
585 new_lsa_ctx->package = package;
586 new_lsa_ctx->handle = new_handle;
587 new_context->dwLower = (ULONG_PTR)new_lsa_ctx;
588 new_context->dwUpper = 0;
589 }
590 return status;
591 }
592
593 static SECURITY_STATUS WINAPI lsa_DeleteSecurityContext(CtxtHandle *context)
594 {
595 struct lsa_handle *lsa_ctx;
596 SECURITY_STATUS status;
597
598 TRACE("%p\n", context);
599
600 if (!context) return SEC_E_INVALID_HANDLE;
601 lsa_ctx = (struct lsa_handle *)context->dwLower;
602 if (!lsa_ctx || lsa_ctx->magic != LSA_MAGIC_CONTEXT) return SEC_E_INVALID_HANDLE;
603
604 if (!lsa_ctx->package->lsa_api || !lsa_ctx->package->lsa_api->DeleteContext)
605 return SEC_E_UNSUPPORTED_FUNCTION;
606
607 status = lsa_ctx->package->lsa_api->DeleteContext(lsa_ctx->handle);
608 free(lsa_ctx);
609 return status;
610 }
611
612 static SECURITY_STATUS WINAPI lsa_QueryContextAttributesW(CtxtHandle *context, ULONG attribute, void *buffer)
613 {
614 struct lsa_handle *lsa_ctx;
615
616 TRACE("%p %ld %p\n", context, attribute, buffer);
617
618 if (!context) return SEC_E_INVALID_HANDLE;
619 lsa_ctx = (struct lsa_handle *)context->dwLower;
620 if (!lsa_ctx || lsa_ctx->magic != LSA_MAGIC_CONTEXT) return SEC_E_INVALID_HANDLE;
621
622 if (!lsa_ctx->package->lsa_api || !lsa_ctx->package->lsa_api->SpQueryContextAttributes)
623 return SEC_E_UNSUPPORTED_FUNCTION;
624
625 return lsa_ctx->package->lsa_api->SpQueryContextAttributes(lsa_ctx->handle, attribute, buffer);
626 }
627
628 static SecPkgInfoA *package_infoWtoA( const SecPkgInfoW *info )
629 {
630 SecPkgInfoA *ret;
631 int size_name = WideCharToMultiByte( CP_ACP, 0, info->Name, -1, NULL, 0, NULL, NULL );
632 int size_comment = WideCharToMultiByte( CP_ACP, 0, info->Comment, -1, NULL, 0, NULL, NULL );
633
634 /* freed with FreeContextBuffer */
635 if (!(ret = RtlAllocateHeap( GetProcessHeap(), 0, sizeof(*ret) + size_name + size_comment ))) return NULL;
636 ret->fCapabilities = info->fCapabilities;
637 ret->wVersion = info->wVersion;
638 ret->wRPCID = info->wRPCID;
639 ret->cbMaxToken = info->cbMaxToken;
640 ret->Name = (SEC_CHAR *)(ret + 1);
641 WideCharToMultiByte( CP_ACP, 0, info->Name, -1, ret->Name, size_name, NULL, NULL );
642 ret->Comment = ret->Name + size_name;
643 WideCharToMultiByte( CP_ACP, 0, info->Comment, -1, ret->Comment, size_comment, NULL, NULL );
644 return ret;
645 }
646
647 static SECURITY_STATUS nego_info_WtoA( const SecPkgContext_NegotiationInfoW *infoW,
648 SecPkgContext_NegotiationInfoA *infoA )
649 {
650 infoA->NegotiationState = infoW->NegotiationState;
651 if (!(infoA->PackageInfo = package_infoWtoA( infoW->PackageInfo ))) return SEC_E_INSUFFICIENT_MEMORY;
652 return SEC_E_OK;
653 }
654
655 static SECURITY_STATUS key_info_WtoA( const SecPkgContext_KeyInfoW *infoW, SecPkgContext_KeyInfoA *infoA )
656 {
657 int size;
658
659 size = WideCharToMultiByte( CP_ACP, 0, infoW->sSignatureAlgorithmName, -1, NULL, 0, NULL, NULL );
660 if (!(infoA->sSignatureAlgorithmName = RtlAllocateHeap( GetProcessHeap(), 0, size )))
661 return SEC_E_INSUFFICIENT_MEMORY;
662 WideCharToMultiByte( CP_ACP, 0, infoW->sSignatureAlgorithmName, -1, infoA->sSignatureAlgorithmName,
663 size, NULL, NULL );
664
665 size = WideCharToMultiByte( CP_ACP, 0, infoW->sEncryptAlgorithmName, -1, NULL, 0, NULL, NULL );
666 if (!(infoA->sEncryptAlgorithmName = RtlAllocateHeap( GetProcessHeap(), 0, size )))
667 {
668 RtlFreeHeap( GetProcessHeap(), 0, infoA->sSignatureAlgorithmName );
669 return SEC_E_INSUFFICIENT_MEMORY;
670 }
671 WideCharToMultiByte( CP_ACP, 0, infoW->sEncryptAlgorithmName, -1, infoA->sEncryptAlgorithmName,
672 size, NULL, NULL );
673
674 infoA->KeySize = infoW->KeySize;
675 infoA->SignatureAlgorithm = infoW->SignatureAlgorithm;
676 infoA->EncryptAlgorithm = infoW->EncryptAlgorithm;
677 return SEC_E_OK;
678 }
679
680 static SECURITY_STATUS WINAPI lsa_QueryContextAttributesA(CtxtHandle *context, ULONG attribute, void *buffer)
681 {
682 TRACE("%p %ld %p\n", context, attribute, buffer);
683
684 if (!context) return SEC_E_INVALID_HANDLE;
685
686 switch (attribute)
687 {
688 case SECPKG_ATTR_SIZES:
689 case SECPKG_ATTR_SESSION_KEY:
690 return lsa_QueryContextAttributesW( context, attribute, buffer );
691
692 case SECPKG_ATTR_NEGOTIATION_INFO:
693 {
694 SecPkgContext_NegotiationInfoW infoW;
695 SecPkgContext_NegotiationInfoA *infoA = (SecPkgContext_NegotiationInfoA *)buffer;
696 SECURITY_STATUS status = lsa_QueryContextAttributesW( context, SECPKG_ATTR_NEGOTIATION_INFO, &infoW );
697
698 if (status != SEC_E_OK) return status;
699 status = nego_info_WtoA( &infoW, infoA );
700 FreeContextBuffer( infoW.PackageInfo );
701 return status;
702 }
703 case SECPKG_ATTR_KEY_INFO:
704 {
705 SecPkgContext_KeyInfoW infoW;
706 SecPkgContext_KeyInfoA *infoA = (SecPkgContext_KeyInfoA *)buffer;
707
708 SECURITY_STATUS status = lsa_QueryContextAttributesW( context, SECPKG_ATTR_KEY_INFO, &infoW );
709
710 if (status != SEC_E_OK) return status;
711 status = key_info_WtoA( &infoW, infoA );
712 FreeContextBuffer( infoW.sSignatureAlgorithmName );
713 FreeContextBuffer( infoW.sEncryptAlgorithmName );
714 return status;
715 }
716
717 #define X(x) case (x) : FIXME(#x" stub\n"); break
718 X(SECPKG_ATTR_ACCESS_TOKEN);
719 X(SECPKG_ATTR_AUTHORITY);
720 X(SECPKG_ATTR_DCE_INFO);
721 X(SECPKG_ATTR_LIFESPAN);
722 X(SECPKG_ATTR_NAMES);
723 X(SECPKG_ATTR_NATIVE_NAMES);
724 X(SECPKG_ATTR_PACKAGE_INFO);
725 X(SECPKG_ATTR_PASSWORD_EXPIRY);
726 X(SECPKG_ATTR_STREAM_SIZES);
727 X(SECPKG_ATTR_TARGET_INFORMATION);
728 #undef X
729 default:
730 FIXME( "unknown attribute %lu\n", attribute );
731 break;
732 }
733
734 return SEC_E_UNSUPPORTED_FUNCTION;
735 }
736
737 static SECURITY_STATUS WINAPI lsa_MakeSignature(CtxtHandle *context, ULONG quality_of_protection,
738 SecBufferDesc *message, ULONG message_seq_no)
739 {
740 struct lsa_handle *lsa_ctx;
741
742 TRACE("%p %#lx %p %lu)\n", context, quality_of_protection, message, message_seq_no);
743
744 if (!context) return SEC_E_INVALID_HANDLE;
745 lsa_ctx = (struct lsa_handle *)context->dwLower;
746 if (!lsa_ctx || lsa_ctx->magic != LSA_MAGIC_CONTEXT) return SEC_E_INVALID_HANDLE;
747
748 if (!lsa_ctx->package->user_api || !lsa_ctx->package->user_api->MakeSignature)
749 return SEC_E_UNSUPPORTED_FUNCTION;
750
751 return lsa_ctx->package->user_api->MakeSignature(lsa_ctx->handle, quality_of_protection, message, message_seq_no);
752 }
753
754 static SECURITY_STATUS WINAPI lsa_VerifySignature(CtxtHandle *context, SecBufferDesc *message,
755 ULONG message_seq_no, ULONG *quality_of_protection)
756 {
757 struct lsa_handle *lsa_ctx;
758
759 TRACE("%p %p %lu %p)\n", context, message, message_seq_no, quality_of_protection);
760
761 if (!context) return SEC_E_INVALID_HANDLE;
762 lsa_ctx = (struct lsa_handle *)context->dwLower;
763 if (!lsa_ctx || lsa_ctx->magic != LSA_MAGIC_CONTEXT) return SEC_E_INVALID_HANDLE;
764
765 if (!lsa_ctx->package->user_api || !lsa_ctx->package->user_api->VerifySignature)
766 return SEC_E_UNSUPPORTED_FUNCTION;
767
768 return lsa_ctx->package->user_api->VerifySignature(lsa_ctx->handle, message, message_seq_no, quality_of_protection);
769 }
770
771 static SECURITY_STATUS WINAPI lsa_EncryptMessage(CtxtHandle *context, ULONG quality_of_protection,
772 SecBufferDesc *message, ULONG message_seq_no)
773 {
774 struct lsa_handle *lsa_ctx;
775
776 TRACE("%p %#lx %p %lu)\n", context, quality_of_protection, message, message_seq_no);
777
778 if (!context) return SEC_E_INVALID_HANDLE;
779 lsa_ctx = (struct lsa_handle *)context->dwLower;
780 if (!lsa_ctx || lsa_ctx->magic != LSA_MAGIC_CONTEXT) return SEC_E_INVALID_HANDLE;
781
782 if (!lsa_ctx->package->user_api || !lsa_ctx->package->user_api->SealMessage)
783 return SEC_E_UNSUPPORTED_FUNCTION;
784
785 return lsa_ctx->package->user_api->SealMessage(lsa_ctx->handle, quality_of_protection, message, message_seq_no);
786 }
787
788 static SECURITY_STATUS WINAPI lsa_DecryptMessage(CtxtHandle *context, SecBufferDesc *message,
789 ULONG message_seq_no, ULONG *quality_of_protection)
790 {
791 struct lsa_handle *lsa_ctx;
792
793 TRACE("%p %p %lu %p)\n", context, message, message_seq_no, quality_of_protection);
794
795 if (!context) return SEC_E_INVALID_HANDLE;
796 lsa_ctx = (struct lsa_handle *)context->dwLower;
797 if (!lsa_ctx || lsa_ctx->magic != LSA_MAGIC_CONTEXT) return SEC_E_INVALID_HANDLE;
798
799 if (!lsa_ctx->package->user_api || !lsa_ctx->package->user_api->UnsealMessage)
800 return SEC_E_UNSUPPORTED_FUNCTION;
801
802 return lsa_ctx->package->user_api->UnsealMessage(lsa_ctx->handle, message, message_seq_no, quality_of_protection);
803 }
804
805 static const SecurityFunctionTableW lsa_sspi_tableW =
806 {
807 1,
808 NULL, /* EnumerateSecurityPackagesW */
809 NULL, /* QueryCredentialsAttributesW */
810 lsa_AcquireCredentialsHandleW,
811 lsa_FreeCredentialsHandle,
812 NULL, /* Reserved2 */
813 lsa_InitializeSecurityContextW,
814 lsa_AcceptSecurityContext,
815 NULL, /* CompleteAuthToken */
816 lsa_DeleteSecurityContext,
817 NULL, /* ApplyControlToken */
818 lsa_QueryContextAttributesW,
819 NULL, /* ImpersonateSecurityContext */
820 NULL, /* RevertSecurityContext */
821 lsa_MakeSignature,
822 lsa_VerifySignature,
823 NULL, /* FreeContextBuffer */
824 NULL, /* QuerySecurityPackageInfoW */
825 NULL, /* Reserved3 */
826 NULL, /* Reserved4 */
827 NULL, /* ExportSecurityContext */
828 NULL, /* ImportSecurityContextW */
829 NULL, /* AddCredentialsW */
830 NULL, /* Reserved8 */
831 NULL, /* QuerySecurityContextToken */
832 lsa_EncryptMessage,
833 lsa_DecryptMessage,
834 NULL, /* SetContextAttributesW */
835 };
836
837 static const SecurityFunctionTableA lsa_sspi_tableA =
838 {
839 1,
840 NULL, /* EnumerateSecurityPackagesA */
841 NULL, /* QueryCredentialsAttributesA */
842 lsa_AcquireCredentialsHandleA,
843 lsa_FreeCredentialsHandle,
844 NULL, /* Reserved2 */
845 lsa_InitializeSecurityContextA,
846 lsa_AcceptSecurityContext,
847 NULL, /* CompleteAuthToken */
848 lsa_DeleteSecurityContext,
849 NULL, /* ApplyControlToken */
850 lsa_QueryContextAttributesA,
851 NULL, /* ImpersonateSecurityContext */
852 NULL, /* RevertSecurityContext */
853 lsa_MakeSignature,
854 lsa_VerifySignature,
855 NULL, /* FreeContextBuffer */
856 NULL, /* QuerySecurityPackageInfoA */
857 NULL, /* Reserved3 */
858 NULL, /* Reserved4 */
859 NULL, /* ExportSecurityContext */
860 NULL, /* ImportSecurityContextA */
861 NULL, /* AddCredentialsA */
862 NULL, /* Reserved8 */
863 NULL, /* QuerySecurityContextToken */
864 lsa_EncryptMessage,
865 lsa_DecryptMessage,
866 NULL, /* SetContextAttributesA */
867 };
868
869 static void add_package(struct lsa_package *package)
870 {
871 struct lsa_package *new_loaded_packages;
872
873 if (!loaded_packages)
874 new_loaded_packages = malloc(sizeof(*new_loaded_packages));
875 else
876 new_loaded_packages = realloc(loaded_packages, sizeof(*new_loaded_packages) * (loaded_packages_count + 1));
877
878 if (new_loaded_packages)
879 {
880 loaded_packages = new_loaded_packages;
881 loaded_packages[loaded_packages_count] = *package;
882 loaded_packages_count++;
883 }
884 }
885
886 static BOOL initialize_package(struct lsa_package *package,
887 NTSTATUS (NTAPI *pSpLsaModeInitialize)(ULONG, PULONG, PSECPKG_FUNCTION_TABLE *, PULONG),
888 NTSTATUS (NTAPI *pSpUserModeInitialize)(ULONG, PULONG, PSECPKG_USER_FUNCTION_TABLE *, PULONG))
889 {
890 NTSTATUS status;
891
892 if (!pSpLsaModeInitialize || !pSpUserModeInitialize)
893 return FALSE;
894
895 status = pSpLsaModeInitialize(SECPKG_INTERFACE_VERSION, &package->lsa_api_version, &package->lsa_api, &package->lsa_table_count);
896 if (status == STATUS_SUCCESS)
897 {
898 status = package->lsa_api->InitializePackage(package->package_id, &lsa_dispatch, NULL, NULL, &package->name);
899 if (status == STATUS_SUCCESS)
900 {
901 TRACE("name %s, version %#lx, api table %p, table count %lu\n",
902 debugstr_an(package->name->Buffer, package->name->Length),
903 package->lsa_api_version, package->lsa_api, package->lsa_table_count);
904
905 status = package->lsa_api->Initialize(package->package_id, NULL /* FIXME: params */, NULL);
906 if (status == STATUS_SUCCESS)
907 {
908 status = pSpUserModeInitialize(SECPKG_INTERFACE_VERSION, &package->user_api_version, &package->user_api, &package->user_table_count);
909 if (status == STATUS_SUCCESS)
910 {
911 package->user_api->InstanceInit(SECPKG_INTERFACE_VERSION, &lsa_dll_dispatch, NULL);
912 return TRUE;
913 }
914 }
915 }
916 }
917
918 return FALSE;
919 }
920
921 static BOOL load_package(const WCHAR *name, struct lsa_package *package, ULONG package_id)
922 {
923 NTSTATUS (NTAPI *pSpLsaModeInitialize)(ULONG, PULONG, PSECPKG_FUNCTION_TABLE *, PULONG);
924 NTSTATUS (NTAPI *pSpUserModeInitialize)(ULONG, PULONG, PSECPKG_USER_FUNCTION_TABLE *, PULONG);
925
926 memset(package, 0, sizeof(*package));
927
928 package->package_id = package_id;
929 package->mod = LoadLibraryW(name);
930 if (!package->mod) return FALSE;
931
932 pSpLsaModeInitialize = (void *)GetProcAddress(package->mod, "SpLsaModeInitialize");
933 pSpUserModeInitialize = (void *)GetProcAddress(package->mod, "SpUserModeInitialize");
934
935 if (initialize_package(package, pSpLsaModeInitialize, pSpUserModeInitialize))
936 return TRUE;
937
938 FreeLibrary(package->mod);
939 return FALSE;
940 }
941
942 #define MAX_SERVICE_NAME 260
943
944 void load_auth_packages(void)
945 {
946 DWORD err, i;
947 HKEY root;
948 SecureProvider *provider;
949 struct lsa_package package;
950
951 memset(&package, 0, sizeof(package));
952
953 /* "Negotiate" has package id 0, .Net depends on this. */
954 package.package_id = 0;
955 if (initialize_package(&package, nego_SpLsaModeInitialize, nego_SpUserModeInitialize))
956 add_package(&package);
957
958 err = RegOpenKeyExW(HKEY_LOCAL_MACHINE, L"System\\CurrentControlSet\\Control\\Lsa", 0, KEY_READ, &root);
959 if (err != ERROR_SUCCESS) return;
960
961 i = 0;
962 for (;;)
963 {
964 WCHAR name[MAX_SERVICE_NAME];
965
966 err = RegEnumKeyW(root, i, name, MAX_SERVICE_NAME);
967 if (err == ERROR_NO_MORE_ITEMS)
968 break;
969
970 if (err != ERROR_SUCCESS)
971 continue;
972
973 if (load_package(name, &package, i + 1))
974 add_package(&package);
975
976 i++;
977 }
978
979 RegCloseKey(root);
980
981 if (!loaded_packages_count) return;
982
983 provider = SECUR32_addProvider(&lsa_sspi_tableA, &lsa_sspi_tableW, NULL);
984 if (!provider)
985 {
986 ERR("Failed to add SSP/AP provider\n");
987 return;
988 }
989
990 for (i = 0; i < loaded_packages_count; i++)
991 {
992 SecPkgInfoW *info;
993
994 info = malloc(loaded_packages[i].lsa_table_count * sizeof(*info));
995 if (info)
996 {
997 NTSTATUS status;
998
999 status = loaded_packages[i].lsa_api->GetInfo(info);
1000 if (status == STATUS_SUCCESS)
1001 SECUR32_addPackages(provider, loaded_packages[i].lsa_table_count, NULL, info);
1002
1003 free(info);
1004 }
1005 }
1006 }
1007
1008 NTSTATUS WINAPI LsaLookupAuthenticationPackage(HANDLE lsa_handle,
1009 PLSA_STRING package_name, PULONG package_id)
1010 {
1011 ULONG i;
1012
1013 TRACE("%p %s %p\n", lsa_handle, debugstr_as(package_name), package_id);
1014
1015 for (i = 0; i < loaded_packages_count; i++)
1016 {
1017 if (!RtlCompareString(loaded_packages[i].name, package_name, FALSE))
1018 {
1019 *package_id = loaded_packages[i].package_id;
1020 return STATUS_SUCCESS;
1021 }
1022 }
1023
1024 return STATUS_UNSUCCESSFUL; /* FIXME */
1025 }
Windows API implementation