2 * Copyright (C) 2004 Juan Lang
3 * Copyright (C) 2007 Kai Blin
4 * Copyright (C) 2017, 2018 Dmitry Timoshkov
6 * Local Security Authority functions, as far as secur32 has them.
8 * This library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License as published by the Free Software Foundation; either
11 * version 2.1 of the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
27 #define WIN32_NO_STATUS
35 #include "ddk/ntddk.h"
38 #include "wine/debug.h"
39 #include "secur32_priv.h"
41 WINE_DEFAULT_DEBUG_CHANNEL(secur32
);
43 #define LSA_MAGIC_CONNECTION ('L' << 24 | 'S' << 16 | 'A' << 8 | '0')
44 #define LSA_MAGIC_CREDENTIALS ('L' << 24 | 'S' << 16 | 'A' << 8 | '1')
45 #define LSA_MAGIC_CONTEXT ('L' << 24 | 'S' << 16 | 'A' << 8 | '2')
47 static const WCHAR
*default_authentication_package
= L
"Negotiate";
54 ULONG lsa_api_version
, lsa_table_count
, user_api_version
, user_table_count
;
55 SECPKG_FUNCTION_TABLE
*lsa_api
;
56 SECPKG_USER_FUNCTION_TABLE
*user_api
;
59 static struct lsa_package
*loaded_packages
;
60 static ULONG loaded_packages_count
;
65 struct lsa_package
*package
;
66 LSA_SEC_HANDLE handle
;
69 static const char *debugstr_as(const LSA_STRING
*str
)
71 if (!str
) return "<null>";
72 return debugstr_an(str
->Buffer
, str
->Length
);
75 SECPKG_FUNCTION_TABLE
*lsa_find_package(const char *name
, SECPKG_USER_FUNCTION_TABLE
**user_api
)
77 LSA_STRING package_name
;
80 RtlInitString(&package_name
, name
);
82 for (i
= 0; i
< loaded_packages_count
; i
++)
84 if (!RtlCompareString(loaded_packages
[i
].name
, &package_name
, FALSE
))
86 *user_api
= loaded_packages
[i
].user_api
;
87 return loaded_packages
[i
].lsa_api
;
93 NTSTATUS WINAPI
LsaCallAuthenticationPackage(HANDLE lsa_handle
, ULONG package_id
,
94 PVOID in_buffer
, ULONG in_buffer_length
,
95 PVOID
*out_buffer
, PULONG out_buffer_length
, PNTSTATUS status
)
99 TRACE("%p,%lu,%p,%lu,%p,%p,%p\n", lsa_handle
, package_id
, in_buffer
,
100 in_buffer_length
, out_buffer
, out_buffer_length
, status
);
102 if (out_buffer
) *out_buffer
= NULL
;
103 if (out_buffer_length
) *out_buffer_length
= 0;
104 if (status
) *status
= STATUS_SUCCESS
;
106 for (i
= 0; i
< loaded_packages_count
; i
++)
108 if (loaded_packages
[i
].package_id
== package_id
)
110 if (loaded_packages
[i
].lsa_api
->CallPackageUntrusted
)
111 return loaded_packages
[i
].lsa_api
->CallPackageUntrusted(NULL
/* FIXME*/,
112 in_buffer
, NULL
, in_buffer_length
, out_buffer
, out_buffer_length
, status
);
114 return SEC_E_UNSUPPORTED_FUNCTION
;
118 return STATUS_NO_SUCH_PACKAGE
;
121 static struct lsa_handle
*alloc_lsa_handle(ULONG magic
)
123 struct lsa_handle
*ret
;
124 if (!(ret
= calloc(1, sizeof(*ret
)))) return NULL
;
129 NTSTATUS WINAPI
LsaConnectUntrusted(PHANDLE LsaHandle
)
131 struct lsa_handle
*lsa_conn
;
133 TRACE("%p\n", LsaHandle
);
135 if (!(lsa_conn
= alloc_lsa_handle(LSA_MAGIC_CONNECTION
))) return STATUS_NO_MEMORY
;
136 *LsaHandle
= lsa_conn
;
137 return STATUS_SUCCESS
;
140 NTSTATUS WINAPI
LsaRegisterLogonProcess(PLSA_STRING LogonProcessName
,
141 PHANDLE LsaHandle
, PLSA_OPERATIONAL_MODE SecurityMode
)
143 struct lsa_handle
*lsa_conn
;
145 FIXME("%s %p %p stub\n", debugstr_as(LogonProcessName
), LsaHandle
, SecurityMode
);
147 if (!(lsa_conn
= alloc_lsa_handle(LSA_MAGIC_CONNECTION
))) return STATUS_NO_MEMORY
;
148 *LsaHandle
= lsa_conn
;
149 return STATUS_SUCCESS
;
152 NTSTATUS WINAPI
LsaDeregisterLogonProcess(HANDLE LsaHandle
)
154 struct lsa_handle
*lsa_conn
= (struct lsa_handle
*)LsaHandle
;
156 TRACE("%p\n", LsaHandle
);
158 if (!lsa_conn
|| lsa_conn
->magic
!= LSA_MAGIC_CONNECTION
) return STATUS_INVALID_HANDLE
;
162 return STATUS_SUCCESS
;
165 NTSTATUS WINAPI
LsaEnumerateLogonSessions(PULONG LogonSessionCount
,
166 PLUID
* LogonSessionList
)
168 FIXME("%p %p stub\n", LogonSessionCount
, LogonSessionList
);
169 *LogonSessionCount
= 0;
170 *LogonSessionList
= NULL
;
172 return STATUS_SUCCESS
;
175 NTSTATUS WINAPI
LsaFreeReturnBuffer(PVOID buffer
)
177 TRACE("%p\n", buffer
);
179 return STATUS_SUCCESS
;
182 NTSTATUS WINAPI
LsaGetLogonSessionData(PLUID LogonId
,
183 PSECURITY_LOGON_SESSION_DATA
* ppLogonSessionData
)
185 SECURITY_LOGON_SESSION_DATA
*data
;
189 FIXME("%p %p semi-stub\n", LogonId
, ppLogonSessionData
);
191 authpkg_len
= wcslen(default_authentication_package
) * sizeof(WCHAR
);
193 data
= calloc(1, sizeof(*data
) + authpkg_len
+ sizeof(WCHAR
));
194 if (!data
) return STATUS_NO_MEMORY
;
196 data
->Size
= sizeof(*data
);
197 data
->LogonId
= *LogonId
;
199 end
= (WCHAR
*)(data
+ 1);
200 wcscpy(end
, default_authentication_package
);
202 data
->AuthenticationPackage
.Length
= authpkg_len
;
203 data
->AuthenticationPackage
.MaximumLength
= authpkg_len
+ sizeof(WCHAR
);
204 data
->AuthenticationPackage
.Buffer
= end
;
206 *ppLogonSessionData
= data
;
208 return STATUS_SUCCESS
;
211 NTSTATUS WINAPI
LsaLogonUser(HANDLE LsaHandle
, PLSA_STRING OriginName
,
212 SECURITY_LOGON_TYPE LogonType
, ULONG AuthenticationPackage
,
213 PVOID AuthenticationInformation
, ULONG AuthenticationInformationLength
,
214 PTOKEN_GROUPS LocalGroups
, PTOKEN_SOURCE SourceContext
,
215 PVOID
* ProfileBuffer
, PULONG ProfileBufferLength
, PLUID LogonId
,
216 PHANDLE Token
, PQUOTA_LIMITS Quotas
, PNTSTATUS SubStatus
)
218 FIXME("%p %s %d %ld %p %ld %p %p %p %p %p %p %p %p stub\n", LsaHandle
,
219 debugstr_as(OriginName
), LogonType
, AuthenticationPackage
,
220 AuthenticationInformation
, AuthenticationInformationLength
,
221 LocalGroups
, SourceContext
, ProfileBuffer
, ProfileBufferLength
,
222 LogonId
, Token
, Quotas
, SubStatus
);
223 return STATUS_SUCCESS
;
226 static NTSTATUS NTAPI
lsa_CreateLogonSession(LUID
*logon_id
)
228 FIXME("%p: stub\n", logon_id
);
229 return STATUS_NOT_IMPLEMENTED
;
232 static NTSTATUS NTAPI
lsa_DeleteLogonSession(LUID
*logon_id
)
234 FIXME("%p: stub\n", logon_id
);
235 return STATUS_NOT_IMPLEMENTED
;
238 static NTSTATUS NTAPI
lsa_AddCredential(LUID
*logon_id
, ULONG package_id
,
239 LSA_STRING
*primary_key
, LSA_STRING
*credentials
)
241 FIXME("%p,%lu,%s,%s: stub\n", logon_id
, package_id
,
242 debugstr_as(primary_key
), debugstr_as(credentials
));
243 return STATUS_NOT_IMPLEMENTED
;
246 static NTSTATUS NTAPI
lsa_GetCredentials(LUID
*logon_id
, ULONG package_id
, ULONG
*context
,
247 BOOLEAN retrieve_all
, LSA_STRING
*primary_key
, ULONG
*primary_key_len
, LSA_STRING
*credentials
)
249 FIXME("%p,%#lx,%p,%d,%p,%p,%p: stub\n", logon_id
, package_id
, context
,
250 retrieve_all
, primary_key
, primary_key_len
, credentials
);
251 return STATUS_NOT_IMPLEMENTED
;
254 static NTSTATUS NTAPI
lsa_DeleteCredential(LUID
*logon_id
, ULONG package_id
, LSA_STRING
*primary_key
)
256 FIXME("%p,%#lx,%s: stub\n", logon_id
, package_id
, debugstr_as(primary_key
));
257 return STATUS_NOT_IMPLEMENTED
;
260 static void * NTAPI
lsa_AllocateLsaHeap(ULONG size
)
262 TRACE("%lu\n", size
);
266 static void NTAPI
lsa_FreeLsaHeap(void *p
)
272 static NTSTATUS NTAPI
lsa_AllocateClientBuffer(PLSA_CLIENT_REQUEST req
, ULONG size
, void **p
)
274 TRACE("%p,%lu,%p\n", req
, size
, p
);
276 return *p
? STATUS_SUCCESS
: STATUS_NO_MEMORY
;
279 static NTSTATUS NTAPI
lsa_FreeClientBuffer(PLSA_CLIENT_REQUEST req
, void *p
)
281 TRACE("%p,%p\n", req
, p
);
283 return STATUS_SUCCESS
;
286 static NTSTATUS NTAPI
lsa_CopyToClientBuffer(PLSA_CLIENT_REQUEST req
, ULONG size
, void *client
, void *buf
)
288 TRACE("%p,%lu,%p,%p\n", req
, size
, client
, buf
);
289 memcpy(client
, buf
, size
);
290 return STATUS_SUCCESS
;
293 static NTSTATUS NTAPI
lsa_CopyFromClientBuffer(PLSA_CLIENT_REQUEST req
, ULONG size
, void *buf
, void *client
)
295 TRACE("%p,%lu,%p,%p\n", req
, size
, buf
, client
);
296 memcpy(buf
, client
, size
);
297 return STATUS_SUCCESS
;
300 static LSA_DISPATCH_TABLE lsa_dispatch
=
302 lsa_CreateLogonSession
,
303 lsa_DeleteLogonSession
,
306 lsa_DeleteCredential
,
309 lsa_AllocateClientBuffer
,
310 lsa_FreeClientBuffer
,
311 lsa_CopyToClientBuffer
,
312 lsa_CopyFromClientBuffer
315 static NTSTATUS NTAPI
lsa_RegisterCallback(ULONG callback_id
, PLSA_CALLBACK_FUNCTION callback
)
317 FIXME("%lu,%p: stub\n", callback_id
, callback
);
318 return STATUS_NOT_IMPLEMENTED
;
321 static SECPKG_DLL_FUNCTIONS lsa_dll_dispatch
=
328 static SECURITY_STATUS
lsa_lookup_package(SEC_WCHAR
*nameW
, struct lsa_package
**lsa_package
)
331 UNICODE_STRING package_name
, name
;
333 for (i
= 0; i
< loaded_packages_count
; i
++)
335 if (RtlAnsiStringToUnicodeString(&package_name
, loaded_packages
[i
].name
, TRUE
))
336 return SEC_E_INSUFFICIENT_MEMORY
;
338 RtlInitUnicodeString(&name
, nameW
);
340 if (RtlEqualUnicodeString(&package_name
, &name
, TRUE
))
342 RtlFreeUnicodeString(&package_name
);
343 *lsa_package
= &loaded_packages
[i
];
347 RtlFreeUnicodeString(&package_name
);
350 return SEC_E_SECPKG_NOT_FOUND
;
353 static SECURITY_STATUS WINAPI
lsa_AcquireCredentialsHandleW(
354 SEC_WCHAR
*principal
, SEC_WCHAR
*package
, ULONG credentials_use
,
355 LUID
*logon_id
, void *auth_data
, SEC_GET_KEY_FN get_key_fn
,
356 void *get_key_arg
, CredHandle
*credential
, TimeStamp
*ts_expiry
)
358 SECURITY_STATUS status
;
359 struct lsa_package
*lsa_package
;
360 struct lsa_handle
*lsa_handle
;
361 UNICODE_STRING principal_us
;
362 LSA_SEC_HANDLE lsa_credential
;
364 TRACE("%s %s %#lx %p %p %p %p %p\n", debugstr_w(principal
), debugstr_w(package
),
365 credentials_use
, auth_data
, get_key_fn
, get_key_arg
, credential
, ts_expiry
);
367 if (!credential
) return SEC_E_INVALID_HANDLE
;
368 if (!package
) return SEC_E_SECPKG_NOT_FOUND
;
370 status
= lsa_lookup_package(package
, &lsa_package
);
371 if (status
!= SEC_E_OK
) return status
;
373 if (!lsa_package
->lsa_api
|| !lsa_package
->lsa_api
->SpAcquireCredentialsHandle
)
374 return SEC_E_UNSUPPORTED_FUNCTION
;
377 RtlInitUnicodeString(&principal_us
, principal
);
379 status
= lsa_package
->lsa_api
->SpAcquireCredentialsHandle(principal
? &principal_us
: NULL
,
380 credentials_use
, logon_id
, auth_data
, get_key_fn
, get_key_arg
, &lsa_credential
, ts_expiry
);
381 if (status
== SEC_E_OK
)
383 if (!(lsa_handle
= alloc_lsa_handle(LSA_MAGIC_CREDENTIALS
))) return STATUS_NO_MEMORY
;
384 lsa_handle
->package
= lsa_package
;
385 lsa_handle
->handle
= lsa_credential
;
386 credential
->dwLower
= (ULONG_PTR
)lsa_handle
;
387 credential
->dwUpper
= 0;
392 static SECURITY_STATUS WINAPI
lsa_AcquireCredentialsHandleA(
393 SEC_CHAR
*principal
, SEC_CHAR
*package
, ULONG credentials_use
,
394 LUID
*logon_id
, void *auth_data
, SEC_GET_KEY_FN get_key_fn
,
395 void *get_key_arg
, CredHandle
*credential
, TimeStamp
*ts_expiry
)
397 SECURITY_STATUS status
= SEC_E_INSUFFICIENT_MEMORY
;
398 SEC_WCHAR
*principalW
= NULL
, *packageW
= NULL
;
399 SEC_WINNT_AUTH_IDENTITY_A
*id
= auth_data
;
400 SEC_WINNT_AUTH_IDENTITY_W idW
= {};
402 TRACE("%s %s %#lx %p %p %p %p %p\n", debugstr_a(principal
), debugstr_a(package
),
403 credentials_use
, auth_data
, get_key_fn
, get_key_arg
, credential
, ts_expiry
);
407 int len
= MultiByteToWideChar( CP_ACP
, 0, principal
, -1, NULL
, 0 );
408 if (!(principalW
= malloc( len
* sizeof(SEC_WCHAR
) ))) goto done
;
409 MultiByteToWideChar( CP_ACP
, 0, principal
, -1, principalW
, len
);
413 int len
= MultiByteToWideChar( CP_ACP
, 0, package
, -1, NULL
, 0 );
414 if (!(packageW
= malloc( len
* sizeof(SEC_WCHAR
) ))) goto done
;
415 MultiByteToWideChar( CP_ACP
, 0, package
, -1, packageW
, len
);
417 if (id
&& (id
->Flags
== SEC_WINNT_AUTH_IDENTITY_ANSI
))
421 idW
.UserLength
= MultiByteToWideChar( CP_ACP
, 0, (char *)id
->User
, id
->UserLength
, NULL
, 0 );
422 if (!(idW
.User
= malloc( idW
.UserLength
* sizeof(SEC_WCHAR
) ))) goto done
;
423 MultiByteToWideChar( CP_ACP
, 0, (char *)id
->User
, id
->UserLength
, idW
.User
, idW
.UserLength
);
425 if (id
->DomainLength
)
427 idW
.DomainLength
= MultiByteToWideChar( CP_ACP
, 0, (char *)id
->Domain
, id
->DomainLength
, NULL
, 0 );
428 if (!(idW
.Domain
= malloc( idW
.DomainLength
* sizeof(SEC_WCHAR
) ))) goto done
;
429 MultiByteToWideChar( CP_ACP
, 0, (char *)id
->Domain
, id
->DomainLength
, idW
.Domain
, idW
.DomainLength
);
431 if (id
->PasswordLength
)
433 idW
.PasswordLength
= MultiByteToWideChar( CP_ACP
, 0, (char *)id
->Password
, id
->PasswordLength
, NULL
, 0 );
434 if (!(idW
.Password
= malloc( idW
.PasswordLength
* sizeof(SEC_WCHAR
) ))) goto done
;
435 MultiByteToWideChar( CP_ACP
, 0, (char *)id
->Password
, id
->PasswordLength
, idW
.Password
, idW
.PasswordLength
);
437 idW
.Flags
= SEC_WINNT_AUTH_IDENTITY_UNICODE
;
441 status
= lsa_AcquireCredentialsHandleW( principalW
, packageW
, credentials_use
, logon_id
, auth_data
, get_key_fn
,
442 get_key_arg
, credential
, ts_expiry
);
448 free( idW
.Password
);
452 static SECURITY_STATUS WINAPI
lsa_FreeCredentialsHandle(CredHandle
*credential
)
454 struct lsa_handle
*lsa_cred
;
455 SECURITY_STATUS status
;
457 TRACE("%p\n", credential
);
458 if (!credential
) return SEC_E_INVALID_HANDLE
;
460 lsa_cred
= (struct lsa_handle
*)credential
->dwLower
;
461 if (!lsa_cred
|| lsa_cred
->magic
!= LSA_MAGIC_CREDENTIALS
) return SEC_E_INVALID_HANDLE
;
463 if (!lsa_cred
->package
->lsa_api
|| !lsa_cred
->package
->lsa_api
->FreeCredentialsHandle
)
464 return SEC_E_UNSUPPORTED_FUNCTION
;
466 status
= lsa_cred
->package
->lsa_api
->FreeCredentialsHandle(lsa_cred
->handle
);
473 static SECURITY_STATUS WINAPI
lsa_InitializeSecurityContextW(
474 CredHandle
*credential
, CtxtHandle
*context
, SEC_WCHAR
*target_name
, ULONG context_req
,
475 ULONG reserved1
, ULONG target_data_rep
, SecBufferDesc
*input
, ULONG reserved2
,
476 CtxtHandle
*new_context
, SecBufferDesc
*output
, ULONG
*context_attr
, TimeStamp
*ts_expiry
)
478 SECURITY_STATUS status
;
479 struct lsa_handle
*lsa_cred
= NULL
, *lsa_ctx
= NULL
, *new_lsa_ctx
;
480 struct lsa_package
*package
= NULL
;
481 UNICODE_STRING target_name_us
;
482 BOOLEAN mapped_context
;
483 LSA_SEC_HANDLE new_handle
;
485 TRACE("%p %p %s %#lx %ld %ld %p %ld %p %p %p %p\n", credential
, context
,
486 debugstr_w(target_name
), context_req
, reserved1
, target_data_rep
, input
,
487 reserved2
, new_context
, output
, context_attr
, ts_expiry
);
491 lsa_ctx
= (struct lsa_handle
*)context
->dwLower
;
492 if (lsa_ctx
->magic
!= LSA_MAGIC_CONTEXT
) return SEC_E_INVALID_HANDLE
;
493 package
= lsa_ctx
->package
;
497 lsa_cred
= (struct lsa_handle
*)credential
->dwLower
;
498 if (lsa_cred
->magic
!= LSA_MAGIC_CREDENTIALS
) return SEC_E_INVALID_HANDLE
;
499 package
= lsa_cred
->package
;
501 if (!package
|| !new_context
) return SEC_E_INVALID_HANDLE
;
503 if (!package
->lsa_api
|| !package
->lsa_api
->InitLsaModeContext
)
504 return SEC_E_UNSUPPORTED_FUNCTION
;
507 RtlInitUnicodeString(&target_name_us
, target_name
);
509 status
= package
->lsa_api
->InitLsaModeContext(lsa_cred
? lsa_cred
->handle
: 0,
510 lsa_ctx
? lsa_ctx
->handle
: 0, target_name
? &target_name_us
: NULL
, context_req
, target_data_rep
,
511 input
, &new_handle
, output
, context_attr
, ts_expiry
, &mapped_context
, NULL
/* FIXME */);
512 if (status
== SEC_E_OK
|| status
== SEC_I_CONTINUE_NEEDED
)
514 if (!(new_lsa_ctx
= alloc_lsa_handle(LSA_MAGIC_CONTEXT
))) return STATUS_NO_MEMORY
;
515 new_lsa_ctx
->package
= package
;
516 new_lsa_ctx
->handle
= new_handle
;
517 new_context
->dwLower
= (ULONG_PTR
)new_lsa_ctx
;
518 new_context
->dwUpper
= 0;
523 static SECURITY_STATUS WINAPI
lsa_InitializeSecurityContextA(
524 CredHandle
*credential
, CtxtHandle
*context
, SEC_CHAR
*target_name
, ULONG context_req
,
525 ULONG reserved1
, ULONG target_data_rep
, SecBufferDesc
*input
, ULONG reserved2
,
526 CtxtHandle
*new_context
, SecBufferDesc
*output
, ULONG
*context_attr
, TimeStamp
*ts_expiry
)
528 SECURITY_STATUS status
;
529 SEC_WCHAR
*targetW
= NULL
;
531 TRACE("%p %p %s %#lx %ld %ld %p %ld %p %p %p %p\n", credential
, context
,
532 debugstr_a(target_name
), context_req
, reserved1
, target_data_rep
, input
,
533 reserved2
, new_context
, output
, context_attr
, ts_expiry
);
537 int len
= MultiByteToWideChar( CP_ACP
, 0, target_name
, -1, NULL
, 0 );
538 if (!(targetW
= malloc( len
* sizeof(SEC_WCHAR
) ))) return SEC_E_INSUFFICIENT_MEMORY
;
539 MultiByteToWideChar( CP_ACP
, 0, target_name
, -1, targetW
, len
);
542 status
= lsa_InitializeSecurityContextW( credential
, context
, targetW
, context_req
, reserved1
, target_data_rep
,
543 input
, reserved2
, new_context
, output
, context_attr
, ts_expiry
);
548 static SECURITY_STATUS WINAPI
lsa_AcceptSecurityContext(
549 CredHandle
*credential
, CtxtHandle
*context
, SecBufferDesc
*input
,
550 ULONG context_req
, ULONG target_data_rep
, CtxtHandle
*new_context
,
551 SecBufferDesc
*output
, ULONG
*context_attr
, TimeStamp
*ts_expiry
)
553 SECURITY_STATUS status
;
554 struct lsa_package
*package
= NULL
;
555 struct lsa_handle
*lsa_cred
= NULL
, *lsa_ctx
= NULL
, *new_lsa_ctx
;
556 BOOLEAN mapped_context
;
557 LSA_SEC_HANDLE new_handle
;
559 TRACE("%p %p %p %#lx %#lx %p %p %p %p\n", credential
, context
, input
,
560 context_req
, target_data_rep
, new_context
, output
, context_attr
, ts_expiry
);
564 lsa_ctx
= (struct lsa_handle
*)context
->dwLower
;
565 if (lsa_ctx
->magic
!= LSA_MAGIC_CONTEXT
) return SEC_E_INVALID_HANDLE
;
566 package
= lsa_ctx
->package
;
570 lsa_cred
= (struct lsa_handle
*)credential
->dwLower
;
571 if (lsa_cred
->magic
!= LSA_MAGIC_CREDENTIALS
) return SEC_E_INVALID_HANDLE
;
572 package
= lsa_cred
->package
;
574 if (!package
|| !new_context
) return SEC_E_INVALID_HANDLE
;
576 if (!package
->lsa_api
|| !package
->lsa_api
->AcceptLsaModeContext
)
577 return SEC_E_UNSUPPORTED_FUNCTION
;
579 status
= package
->lsa_api
->AcceptLsaModeContext(lsa_cred
? lsa_cred
->handle
: 0,
580 lsa_ctx
? lsa_ctx
->handle
: 0, input
, context_req
, target_data_rep
, &new_handle
, output
,
581 context_attr
, ts_expiry
, &mapped_context
, NULL
/* FIXME */);
582 if (status
== SEC_E_OK
|| status
== SEC_I_CONTINUE_NEEDED
)
584 if (!(new_lsa_ctx
= alloc_lsa_handle(LSA_MAGIC_CONTEXT
))) return STATUS_NO_MEMORY
;
585 new_lsa_ctx
->package
= package
;
586 new_lsa_ctx
->handle
= new_handle
;
587 new_context
->dwLower
= (ULONG_PTR
)new_lsa_ctx
;
588 new_context
->dwUpper
= 0;
593 static SECURITY_STATUS WINAPI
lsa_DeleteSecurityContext(CtxtHandle
*context
)
595 struct lsa_handle
*lsa_ctx
;
596 SECURITY_STATUS status
;
598 TRACE("%p\n", context
);
600 if (!context
) return SEC_E_INVALID_HANDLE
;
601 lsa_ctx
= (struct lsa_handle
*)context
->dwLower
;
602 if (!lsa_ctx
|| lsa_ctx
->magic
!= LSA_MAGIC_CONTEXT
) return SEC_E_INVALID_HANDLE
;
604 if (!lsa_ctx
->package
->lsa_api
|| !lsa_ctx
->package
->lsa_api
->DeleteContext
)
605 return SEC_E_UNSUPPORTED_FUNCTION
;
607 status
= lsa_ctx
->package
->lsa_api
->DeleteContext(lsa_ctx
->handle
);
612 static SECURITY_STATUS WINAPI
lsa_QueryContextAttributesW(CtxtHandle
*context
, ULONG attribute
, void *buffer
)
614 struct lsa_handle
*lsa_ctx
;
616 TRACE("%p %ld %p\n", context
, attribute
, buffer
);
618 if (!context
) return SEC_E_INVALID_HANDLE
;
619 lsa_ctx
= (struct lsa_handle
*)context
->dwLower
;
620 if (!lsa_ctx
|| lsa_ctx
->magic
!= LSA_MAGIC_CONTEXT
) return SEC_E_INVALID_HANDLE
;
622 if (!lsa_ctx
->package
->lsa_api
|| !lsa_ctx
->package
->lsa_api
->SpQueryContextAttributes
)
623 return SEC_E_UNSUPPORTED_FUNCTION
;
625 return lsa_ctx
->package
->lsa_api
->SpQueryContextAttributes(lsa_ctx
->handle
, attribute
, buffer
);
628 static SecPkgInfoA
*package_infoWtoA( const SecPkgInfoW
*info
)
631 int size_name
= WideCharToMultiByte( CP_ACP
, 0, info
->Name
, -1, NULL
, 0, NULL
, NULL
);
632 int size_comment
= WideCharToMultiByte( CP_ACP
, 0, info
->Comment
, -1, NULL
, 0, NULL
, NULL
);
634 /* freed with FreeContextBuffer */
635 if (!(ret
= RtlAllocateHeap( GetProcessHeap(), 0, sizeof(*ret
) + size_name
+ size_comment
))) return NULL
;
636 ret
->fCapabilities
= info
->fCapabilities
;
637 ret
->wVersion
= info
->wVersion
;
638 ret
->wRPCID
= info
->wRPCID
;
639 ret
->cbMaxToken
= info
->cbMaxToken
;
640 ret
->Name
= (SEC_CHAR
*)(ret
+ 1);
641 WideCharToMultiByte( CP_ACP
, 0, info
->Name
, -1, ret
->Name
, size_name
, NULL
, NULL
);
642 ret
->Comment
= ret
->Name
+ size_name
;
643 WideCharToMultiByte( CP_ACP
, 0, info
->Comment
, -1, ret
->Comment
, size_comment
, NULL
, NULL
);
647 static SECURITY_STATUS
nego_info_WtoA( const SecPkgContext_NegotiationInfoW
*infoW
,
648 SecPkgContext_NegotiationInfoA
*infoA
)
650 infoA
->NegotiationState
= infoW
->NegotiationState
;
651 if (!(infoA
->PackageInfo
= package_infoWtoA( infoW
->PackageInfo
))) return SEC_E_INSUFFICIENT_MEMORY
;
655 static SECURITY_STATUS
key_info_WtoA( const SecPkgContext_KeyInfoW
*infoW
, SecPkgContext_KeyInfoA
*infoA
)
659 size
= WideCharToMultiByte( CP_ACP
, 0, infoW
->sSignatureAlgorithmName
, -1, NULL
, 0, NULL
, NULL
);
660 if (!(infoA
->sSignatureAlgorithmName
= RtlAllocateHeap( GetProcessHeap(), 0, size
)))
661 return SEC_E_INSUFFICIENT_MEMORY
;
662 WideCharToMultiByte( CP_ACP
, 0, infoW
->sSignatureAlgorithmName
, -1, infoA
->sSignatureAlgorithmName
,
665 size
= WideCharToMultiByte( CP_ACP
, 0, infoW
->sEncryptAlgorithmName
, -1, NULL
, 0, NULL
, NULL
);
666 if (!(infoA
->sEncryptAlgorithmName
= RtlAllocateHeap( GetProcessHeap(), 0, size
)))
668 RtlFreeHeap( GetProcessHeap(), 0, infoA
->sSignatureAlgorithmName
);
669 return SEC_E_INSUFFICIENT_MEMORY
;
671 WideCharToMultiByte( CP_ACP
, 0, infoW
->sEncryptAlgorithmName
, -1, infoA
->sEncryptAlgorithmName
,
674 infoA
->KeySize
= infoW
->KeySize
;
675 infoA
->SignatureAlgorithm
= infoW
->SignatureAlgorithm
;
676 infoA
->EncryptAlgorithm
= infoW
->EncryptAlgorithm
;
680 static SECURITY_STATUS WINAPI
lsa_QueryContextAttributesA(CtxtHandle
*context
, ULONG attribute
, void *buffer
)
682 TRACE("%p %ld %p\n", context
, attribute
, buffer
);
684 if (!context
) return SEC_E_INVALID_HANDLE
;
688 case SECPKG_ATTR_SIZES
:
689 case SECPKG_ATTR_SESSION_KEY
:
690 return lsa_QueryContextAttributesW( context
, attribute
, buffer
);
692 case SECPKG_ATTR_NEGOTIATION_INFO
:
694 SecPkgContext_NegotiationInfoW infoW
;
695 SecPkgContext_NegotiationInfoA
*infoA
= (SecPkgContext_NegotiationInfoA
*)buffer
;
696 SECURITY_STATUS status
= lsa_QueryContextAttributesW( context
, SECPKG_ATTR_NEGOTIATION_INFO
, &infoW
);
698 if (status
!= SEC_E_OK
) return status
;
699 status
= nego_info_WtoA( &infoW
, infoA
);
700 FreeContextBuffer( infoW
.PackageInfo
);
703 case SECPKG_ATTR_KEY_INFO
:
705 SecPkgContext_KeyInfoW infoW
;
706 SecPkgContext_KeyInfoA
*infoA
= (SecPkgContext_KeyInfoA
*)buffer
;
708 SECURITY_STATUS status
= lsa_QueryContextAttributesW( context
, SECPKG_ATTR_KEY_INFO
, &infoW
);
710 if (status
!= SEC_E_OK
) return status
;
711 status
= key_info_WtoA( &infoW
, infoA
);
712 FreeContextBuffer( infoW
.sSignatureAlgorithmName
);
713 FreeContextBuffer( infoW
.sEncryptAlgorithmName
);
717 #define X(x) case (x) : FIXME(#x" stub\n"); break
718 X(SECPKG_ATTR_ACCESS_TOKEN
);
719 X(SECPKG_ATTR_AUTHORITY
);
720 X(SECPKG_ATTR_DCE_INFO
);
721 X(SECPKG_ATTR_LIFESPAN
);
722 X(SECPKG_ATTR_NAMES
);
723 X(SECPKG_ATTR_NATIVE_NAMES
);
724 X(SECPKG_ATTR_PACKAGE_INFO
);
725 X(SECPKG_ATTR_PASSWORD_EXPIRY
);
726 X(SECPKG_ATTR_STREAM_SIZES
);
727 X(SECPKG_ATTR_TARGET_INFORMATION
);
730 FIXME( "unknown attribute %lu\n", attribute
);
734 return SEC_E_UNSUPPORTED_FUNCTION
;
737 static SECURITY_STATUS WINAPI
lsa_MakeSignature(CtxtHandle
*context
, ULONG quality_of_protection
,
738 SecBufferDesc
*message
, ULONG message_seq_no
)
740 struct lsa_handle
*lsa_ctx
;
742 TRACE("%p %#lx %p %lu)\n", context
, quality_of_protection
, message
, message_seq_no
);
744 if (!context
) return SEC_E_INVALID_HANDLE
;
745 lsa_ctx
= (struct lsa_handle
*)context
->dwLower
;
746 if (!lsa_ctx
|| lsa_ctx
->magic
!= LSA_MAGIC_CONTEXT
) return SEC_E_INVALID_HANDLE
;
748 if (!lsa_ctx
->package
->user_api
|| !lsa_ctx
->package
->user_api
->MakeSignature
)
749 return SEC_E_UNSUPPORTED_FUNCTION
;
751 return lsa_ctx
->package
->user_api
->MakeSignature(lsa_ctx
->handle
, quality_of_protection
, message
, message_seq_no
);
754 static SECURITY_STATUS WINAPI
lsa_VerifySignature(CtxtHandle
*context
, SecBufferDesc
*message
,
755 ULONG message_seq_no
, ULONG
*quality_of_protection
)
757 struct lsa_handle
*lsa_ctx
;
759 TRACE("%p %p %lu %p)\n", context
, message
, message_seq_no
, quality_of_protection
);
761 if (!context
) return SEC_E_INVALID_HANDLE
;
762 lsa_ctx
= (struct lsa_handle
*)context
->dwLower
;
763 if (!lsa_ctx
|| lsa_ctx
->magic
!= LSA_MAGIC_CONTEXT
) return SEC_E_INVALID_HANDLE
;
765 if (!lsa_ctx
->package
->user_api
|| !lsa_ctx
->package
->user_api
->VerifySignature
)
766 return SEC_E_UNSUPPORTED_FUNCTION
;
768 return lsa_ctx
->package
->user_api
->VerifySignature(lsa_ctx
->handle
, message
, message_seq_no
, quality_of_protection
);
771 static SECURITY_STATUS WINAPI
lsa_EncryptMessage(CtxtHandle
*context
, ULONG quality_of_protection
,
772 SecBufferDesc
*message
, ULONG message_seq_no
)
774 struct lsa_handle
*lsa_ctx
;
776 TRACE("%p %#lx %p %lu)\n", context
, quality_of_protection
, message
, message_seq_no
);
778 if (!context
) return SEC_E_INVALID_HANDLE
;
779 lsa_ctx
= (struct lsa_handle
*)context
->dwLower
;
780 if (!lsa_ctx
|| lsa_ctx
->magic
!= LSA_MAGIC_CONTEXT
) return SEC_E_INVALID_HANDLE
;
782 if (!lsa_ctx
->package
->user_api
|| !lsa_ctx
->package
->user_api
->SealMessage
)
783 return SEC_E_UNSUPPORTED_FUNCTION
;
785 return lsa_ctx
->package
->user_api
->SealMessage(lsa_ctx
->handle
, quality_of_protection
, message
, message_seq_no
);
788 static SECURITY_STATUS WINAPI
lsa_DecryptMessage(CtxtHandle
*context
, SecBufferDesc
*message
,
789 ULONG message_seq_no
, ULONG
*quality_of_protection
)
791 struct lsa_handle
*lsa_ctx
;
793 TRACE("%p %p %lu %p)\n", context
, message
, message_seq_no
, quality_of_protection
);
795 if (!context
) return SEC_E_INVALID_HANDLE
;
796 lsa_ctx
= (struct lsa_handle
*)context
->dwLower
;
797 if (!lsa_ctx
|| lsa_ctx
->magic
!= LSA_MAGIC_CONTEXT
) return SEC_E_INVALID_HANDLE
;
799 if (!lsa_ctx
->package
->user_api
|| !lsa_ctx
->package
->user_api
->UnsealMessage
)
800 return SEC_E_UNSUPPORTED_FUNCTION
;
802 return lsa_ctx
->package
->user_api
->UnsealMessage(lsa_ctx
->handle
, message
, message_seq_no
, quality_of_protection
);
805 static const SecurityFunctionTableW lsa_sspi_tableW
=
808 NULL
, /* EnumerateSecurityPackagesW */
809 NULL
, /* QueryCredentialsAttributesW */
810 lsa_AcquireCredentialsHandleW
,
811 lsa_FreeCredentialsHandle
,
812 NULL
, /* Reserved2 */
813 lsa_InitializeSecurityContextW
,
814 lsa_AcceptSecurityContext
,
815 NULL
, /* CompleteAuthToken */
816 lsa_DeleteSecurityContext
,
817 NULL
, /* ApplyControlToken */
818 lsa_QueryContextAttributesW
,
819 NULL
, /* ImpersonateSecurityContext */
820 NULL
, /* RevertSecurityContext */
823 NULL
, /* FreeContextBuffer */
824 NULL
, /* QuerySecurityPackageInfoW */
825 NULL
, /* Reserved3 */
826 NULL
, /* Reserved4 */
827 NULL
, /* ExportSecurityContext */
828 NULL
, /* ImportSecurityContextW */
829 NULL
, /* AddCredentialsW */
830 NULL
, /* Reserved8 */
831 NULL
, /* QuerySecurityContextToken */
834 NULL
, /* SetContextAttributesW */
837 static const SecurityFunctionTableA lsa_sspi_tableA
=
840 NULL
, /* EnumerateSecurityPackagesA */
841 NULL
, /* QueryCredentialsAttributesA */
842 lsa_AcquireCredentialsHandleA
,
843 lsa_FreeCredentialsHandle
,
844 NULL
, /* Reserved2 */
845 lsa_InitializeSecurityContextA
,
846 lsa_AcceptSecurityContext
,
847 NULL
, /* CompleteAuthToken */
848 lsa_DeleteSecurityContext
,
849 NULL
, /* ApplyControlToken */
850 lsa_QueryContextAttributesA
,
851 NULL
, /* ImpersonateSecurityContext */
852 NULL
, /* RevertSecurityContext */
855 NULL
, /* FreeContextBuffer */
856 NULL
, /* QuerySecurityPackageInfoA */
857 NULL
, /* Reserved3 */
858 NULL
, /* Reserved4 */
859 NULL
, /* ExportSecurityContext */
860 NULL
, /* ImportSecurityContextA */
861 NULL
, /* AddCredentialsA */
862 NULL
, /* Reserved8 */
863 NULL
, /* QuerySecurityContextToken */
866 NULL
, /* SetContextAttributesA */
869 static void add_package(struct lsa_package
*package
)
871 struct lsa_package
*new_loaded_packages
;
873 if (!loaded_packages
)
874 new_loaded_packages
= malloc(sizeof(*new_loaded_packages
));
876 new_loaded_packages
= realloc(loaded_packages
, sizeof(*new_loaded_packages
) * (loaded_packages_count
+ 1));
878 if (new_loaded_packages
)
880 loaded_packages
= new_loaded_packages
;
881 loaded_packages
[loaded_packages_count
] = *package
;
882 loaded_packages_count
++;
886 static BOOL
initialize_package(struct lsa_package
*package
,
887 NTSTATUS (NTAPI
*pSpLsaModeInitialize
)(ULONG
, PULONG
, PSECPKG_FUNCTION_TABLE
*, PULONG
),
888 NTSTATUS (NTAPI
*pSpUserModeInitialize
)(ULONG
, PULONG
, PSECPKG_USER_FUNCTION_TABLE
*, PULONG
))
892 if (!pSpLsaModeInitialize
|| !pSpUserModeInitialize
)
895 status
= pSpLsaModeInitialize(SECPKG_INTERFACE_VERSION
, &package
->lsa_api_version
, &package
->lsa_api
, &package
->lsa_table_count
);
896 if (status
== STATUS_SUCCESS
)
898 status
= package
->lsa_api
->InitializePackage(package
->package_id
, &lsa_dispatch
, NULL
, NULL
, &package
->name
);
899 if (status
== STATUS_SUCCESS
)
901 TRACE("name %s, version %#lx, api table %p, table count %lu\n",
902 debugstr_an(package
->name
->Buffer
, package
->name
->Length
),
903 package
->lsa_api_version
, package
->lsa_api
, package
->lsa_table_count
);
905 status
= package
->lsa_api
->Initialize(package
->package_id
, NULL
/* FIXME: params */, NULL
);
906 if (status
== STATUS_SUCCESS
)
908 status
= pSpUserModeInitialize(SECPKG_INTERFACE_VERSION
, &package
->user_api_version
, &package
->user_api
, &package
->user_table_count
);
909 if (status
== STATUS_SUCCESS
)
911 package
->user_api
->InstanceInit(SECPKG_INTERFACE_VERSION
, &lsa_dll_dispatch
, NULL
);
921 static BOOL
load_package(const WCHAR
*name
, struct lsa_package
*package
, ULONG package_id
)
923 NTSTATUS (NTAPI
*pSpLsaModeInitialize
)(ULONG
, PULONG
, PSECPKG_FUNCTION_TABLE
*, PULONG
);
924 NTSTATUS (NTAPI
*pSpUserModeInitialize
)(ULONG
, PULONG
, PSECPKG_USER_FUNCTION_TABLE
*, PULONG
);
926 memset(package
, 0, sizeof(*package
));
928 package
->package_id
= package_id
;
929 package
->mod
= LoadLibraryW(name
);
930 if (!package
->mod
) return FALSE
;
932 pSpLsaModeInitialize
= (void *)GetProcAddress(package
->mod
, "SpLsaModeInitialize");
933 pSpUserModeInitialize
= (void *)GetProcAddress(package
->mod
, "SpUserModeInitialize");
935 if (initialize_package(package
, pSpLsaModeInitialize
, pSpUserModeInitialize
))
938 FreeLibrary(package
->mod
);
942 #define MAX_SERVICE_NAME 260
944 void load_auth_packages(void)
948 SecureProvider
*provider
;
949 struct lsa_package package
;
951 memset(&package
, 0, sizeof(package
));
953 /* "Negotiate" has package id 0, .Net depends on this. */
954 package
.package_id
= 0;
955 if (initialize_package(&package
, nego_SpLsaModeInitialize
, nego_SpUserModeInitialize
))
956 add_package(&package
);
958 err
= RegOpenKeyExW(HKEY_LOCAL_MACHINE
, L
"System\\CurrentControlSet\\Control\\Lsa", 0, KEY_READ
, &root
);
959 if (err
!= ERROR_SUCCESS
) return;
964 WCHAR name
[MAX_SERVICE_NAME
];
966 err
= RegEnumKeyW(root
, i
, name
, MAX_SERVICE_NAME
);
967 if (err
== ERROR_NO_MORE_ITEMS
)
970 if (err
!= ERROR_SUCCESS
)
973 if (load_package(name
, &package
, i
+ 1))
974 add_package(&package
);
981 if (!loaded_packages_count
) return;
983 provider
= SECUR32_addProvider(&lsa_sspi_tableA
, &lsa_sspi_tableW
, NULL
);
986 ERR("Failed to add SSP/AP provider\n");
990 for (i
= 0; i
< loaded_packages_count
; i
++)
994 info
= malloc(loaded_packages
[i
].lsa_table_count
* sizeof(*info
));
999 status
= loaded_packages
[i
].lsa_api
->GetInfo(info
);
1000 if (status
== STATUS_SUCCESS
)
1001 SECUR32_addPackages(provider
, loaded_packages
[i
].lsa_table_count
, NULL
, info
);
1008 NTSTATUS WINAPI
LsaLookupAuthenticationPackage(HANDLE lsa_handle
,
1009 PLSA_STRING package_name
, PULONG package_id
)
1013 TRACE("%p %s %p\n", lsa_handle
, debugstr_as(package_name
), package_id
);
1015 for (i
= 0; i
< loaded_packages_count
; i
++)
1017 if (!RtlCompareString(loaded_packages
[i
].name
, package_name
, FALSE
))
1019 *package_id
= loaded_packages
[i
].package_id
;
1020 return STATUS_SUCCESS
;
1024 return STATUS_UNSUCCESSFUL
; /* FIXME */