search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
d3d10: Return the read value from read_dword().
[wine.git] / dlls / kerberos / krb5_ap.c
blobefd425dc0ee32e7f7c0bbe3205dcd33438da6d69
1 /*
2 * Copyright 2017 Dmitry Timoshkov
3 * Copyright 2017 George Popoff
4 * Copyright 2008 Robert Shearman for CodeWeavers
5 * Copyright 2017 Hans Leidekker for CodeWeavers
6 *
7 * Kerberos5 Authentication Package
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
22 */
23
24 #include <stdarg.h>
25 #include <stdlib.h>
26 #include "ntstatus.h"
27 #define WIN32_NO_STATUS
28 #include "windef.h"
29 #include "winbase.h"
30 #include "winnls.h"
31 #include "rpc.h"
32 #include "sspi.h"
33 #include "ntsecapi.h"
34 #include "ntsecpkg.h"
35 #include "winternl.h"
36
37 #include "wine/debug.h"
38 #include "unixlib.h"
39
40 WINE_DEFAULT_DEBUG_CHANNEL(kerberos);
41
42 static HINSTANCE instance;
43
44 unixlib_handle_t krb5_handle = 0;
45
46 #define KERBEROS_CAPS \
47 ( SECPKG_FLAG_INTEGRITY \
48 | SECPKG_FLAG_PRIVACY \
49 | SECPKG_FLAG_TOKEN_ONLY \
50 | SECPKG_FLAG_DATAGRAM \
51 | SECPKG_FLAG_CONNECTION \
52 | SECPKG_FLAG_MULTI_REQUIRED \
53 | SECPKG_FLAG_EXTENDED_ERROR \
54 | SECPKG_FLAG_IMPERSONATION \
55 | SECPKG_FLAG_ACCEPT_WIN32_NAME \
56 | SECPKG_FLAG_NEGOTIABLE \
57 | SECPKG_FLAG_GSS_COMPATIBLE \
58 | SECPKG_FLAG_LOGON \
59 | SECPKG_FLAG_MUTUAL_AUTH \
60 | SECPKG_FLAG_DELEGATION \
61 | SECPKG_FLAG_READONLY_WITH_CHECKSUM \
62 | SECPKG_FLAG_RESTRICTED_TOKENS \
63 | SECPKG_FLAG_APPCONTAINER_CHECKS)
64
65 static WCHAR kerberos_name_W[] = L"Kerberos";
66 static WCHAR kerberos_comment_W[] = L"Microsoft Kerberos V1.0";
67 static const SecPkgInfoW infoW =
68 {
69 KERBEROS_CAPS,
70 1,
71 RPC_C_AUTHN_GSS_KERBEROS,
72 KERBEROS_MAX_BUF,
73 kerberos_name_W,
74 kerberos_comment_W
75 };
76
77 static ULONG kerberos_package_id;
78 static LSA_DISPATCH_TABLE lsa_dispatch;
79
80 static const char *debugstr_us( const UNICODE_STRING *us )
81 {
82 if (!us) return "<null>";
83 return debugstr_wn( us->Buffer, us->Length / sizeof(WCHAR) );
84 }
85
86 static void expiry_to_timestamp( ULONG expiry, TimeStamp *timestamp )
87 {
88 LARGE_INTEGER time;
89
90 if (!timestamp) return;
91 NtQuerySystemTime( &time );
92 RtlSystemTimeToLocalTime( &time, &time );
93 time.QuadPart += expiry * (ULONGLONG)10000000;
94 timestamp->LowPart = time.QuadPart;
95 timestamp->HighPart = time.QuadPart >> 32;
96 }
97
98 static NTSTATUS NTAPI kerberos_LsaApInitializePackage(ULONG package_id, PLSA_DISPATCH_TABLE dispatch,
99 PLSA_STRING database, PLSA_STRING confidentiality, PLSA_STRING *package_name)
100 {
101 char *kerberos_name;
102
103 if (!krb5_handle)
104 {
105 if (NtQueryVirtualMemory( GetCurrentProcess(), instance, MemoryWineUnixFuncs,
106 &krb5_handle, sizeof(krb5_handle), NULL ) ||
107 KRB5_CALL( process_attach, NULL ))
108 ERR( "no Kerberos support, expect problems\n" );
109 }
110
111 kerberos_package_id = package_id;
112 lsa_dispatch = *dispatch;
113
114 kerberos_name = lsa_dispatch.AllocateLsaHeap(sizeof(MICROSOFT_KERBEROS_NAME_A));
115 if (!kerberos_name) return STATUS_NO_MEMORY;
116
117 memcpy(kerberos_name, MICROSOFT_KERBEROS_NAME_A, sizeof(MICROSOFT_KERBEROS_NAME_A));
118
119 *package_name = lsa_dispatch.AllocateLsaHeap(sizeof(**package_name));
120 if (!*package_name)
121 {
122 lsa_dispatch.FreeLsaHeap(kerberos_name);
123 return STATUS_NO_MEMORY;
124 }
125
126 RtlInitString(*package_name, kerberos_name);
127
128 return STATUS_SUCCESS;
129 }
130
131 static NTSTATUS copy_to_client( PLSA_CLIENT_REQUEST lsa_req, KERB_QUERY_TKT_CACHE_RESPONSE *resp,
132 void **out, ULONG size )
133 {
134 NTSTATUS status;
135 ULONG i;
136 char *client_str;
137 KERB_QUERY_TKT_CACHE_RESPONSE *client_resp;
138
139 status = lsa_dispatch.AllocateClientBuffer(lsa_req, size, out );
140 if (status != STATUS_SUCCESS) return status;
141
142 client_resp = *out;
143 status = lsa_dispatch.CopyToClientBuffer(lsa_req, offsetof(KERB_QUERY_TKT_CACHE_RESPONSE, Tickets),
144 client_resp, resp);
145 if (status != STATUS_SUCCESS) goto fail;
146
147 client_str = (char *)&client_resp->Tickets[resp->CountOfTickets];
148
149 for (i = 0; i < resp->CountOfTickets; i++)
150 {
151 KERB_TICKET_CACHE_INFO ticket = resp->Tickets[i];
152
153 RtlSecondsSince1970ToTime( resp->Tickets[i].StartTime.QuadPart, &ticket.StartTime );
154 RtlSecondsSince1970ToTime( resp->Tickets[i].EndTime.QuadPart, &ticket.EndTime );
155 RtlSecondsSince1970ToTime( resp->Tickets[i].RenewTime.QuadPart, &ticket.RenewTime );
156
157 status = lsa_dispatch.CopyToClientBuffer(lsa_req, ticket.RealmName.MaximumLength,
158 client_str, ticket.RealmName.Buffer);
159 if (status != STATUS_SUCCESS) goto fail;
160 ticket.RealmName.Buffer = (WCHAR *)client_str;
161 client_str += ticket.RealmName.MaximumLength;
162
163 status = lsa_dispatch.CopyToClientBuffer(lsa_req, ticket.ServerName.MaximumLength,
164 client_str, ticket.ServerName.Buffer);
165 if (status != STATUS_SUCCESS) goto fail;
166 ticket.ServerName.Buffer = (WCHAR *)client_str;
167 client_str += ticket.ServerName.MaximumLength;
168
169 status = lsa_dispatch.CopyToClientBuffer(lsa_req, sizeof(ticket), &client_resp->Tickets[i], &ticket);
170 if (status != STATUS_SUCCESS) goto fail;
171 }
172 return STATUS_SUCCESS;
173
174 fail:
175 lsa_dispatch.FreeClientBuffer(lsa_req, client_resp);
176 return status;
177 }
178
179 static NTSTATUS NTAPI kerberos_LsaApCallPackageUntrusted(PLSA_CLIENT_REQUEST req, void *in_buf,
180 void *client_buf_base, ULONG in_buf_len, void **out_buf, ULONG *out_buf_len, NTSTATUS *ret_status)
181 {
182 KERB_PROTOCOL_MESSAGE_TYPE msg;
183
184 TRACE("%p, %p, %p, %lu, %p, %p, %p\n", req, in_buf, client_buf_base, in_buf_len, out_buf, out_buf_len, ret_status);
185
186 if (!in_buf || in_buf_len < sizeof(msg)) return STATUS_INVALID_PARAMETER;
187
188 msg = *(KERB_PROTOCOL_MESSAGE_TYPE *)in_buf;
189 switch (msg)
190 {
191 case KerbQueryTicketCacheMessage:
192 {
193 KERB_QUERY_TKT_CACHE_REQUEST *query = (KERB_QUERY_TKT_CACHE_REQUEST *)in_buf;
194 NTSTATUS status;
195
196 if (!in_buf || in_buf_len != sizeof(*query) || !out_buf || !out_buf_len) return STATUS_INVALID_PARAMETER;
197 if (query->LogonId.HighPart || query->LogonId.LowPart) return STATUS_ACCESS_DENIED;
198
199 *out_buf_len = 1024;
200 for (;;)
201 {
202 KERB_QUERY_TKT_CACHE_RESPONSE *resp = malloc( *out_buf_len );
203 struct query_ticket_cache_params params = { resp, out_buf_len };
204 status = KRB5_CALL( query_ticket_cache, &params );
205 if (status == STATUS_SUCCESS) status = copy_to_client( req, resp, out_buf, *out_buf_len );
206 free( resp );
207 if (status != STATUS_BUFFER_TOO_SMALL) break;
208 }
209 *ret_status = status;
210 break;
211 }
212 case KerbRetrieveTicketMessage:
213 FIXME("KerbRetrieveTicketMessage stub\n");
214 *ret_status = STATUS_NOT_IMPLEMENTED;
215 break;
216
217 case KerbPurgeTicketCacheMessage:
218 FIXME("KerbPurgeTicketCacheMessage stub\n");
219 *ret_status = STATUS_NOT_IMPLEMENTED;
220 break;
221
222 default: /* All other requests should call LsaApCallPackage */
223 WARN("%u => access denied\n", msg);
224 *ret_status = STATUS_ACCESS_DENIED;
225 break;
226 }
227
228 return *ret_status;
229 }
230
231 static NTSTATUS NTAPI kerberos_SpGetInfo(SecPkgInfoW *info)
232 {
233 TRACE("%p\n", info);
234
235 /* LSA will make a copy before forwarding the structure, so
236 * it's safe to put pointers to dynamic or constant data there.
237 */
238 *info = infoW;
239
240 return STATUS_SUCCESS;
241 }
242
243 static char *get_str_unixcp( const UNICODE_STRING *str )
244 {
245 char *ret;
246 int len = WideCharToMultiByte( CP_UNIXCP, 0, str->Buffer, str->Length / sizeof(WCHAR), NULL, 0, NULL, NULL );
247 if (!(ret = malloc( len + 1 ))) return NULL;
248 WideCharToMultiByte( CP_UNIXCP, 0, str->Buffer, str->Length / sizeof(WCHAR), ret, len, NULL, NULL );
249 ret[len] = 0;
250 return ret;
251 }
252
253 static char *get_username_unixcp( const WCHAR *user, ULONG user_len, const WCHAR *domain, ULONG domain_len )
254 {
255 int len_user, len_domain;
256 char *ret;
257
258 len_user = WideCharToMultiByte( CP_UNIXCP, 0, user, user_len, NULL, 0, NULL, NULL );
259 len_domain = WideCharToMultiByte( CP_UNIXCP, 0, domain, domain_len, NULL, 0, NULL, NULL );
260 if (!(ret = malloc( len_user + len_domain + 2 ))) return NULL;
261
262 WideCharToMultiByte( CP_UNIXCP, 0, user, user_len, ret, len_user, NULL, NULL );
263 ret[len_user] = '@';
264 WideCharToMultiByte( CP_UNIXCP, 0, domain, domain_len, ret + len_user + 1, len_domain, NULL, NULL );
265 ret[len_user + len_domain + 1] = 0;
266 return ret;
267 }
268
269 static char *get_password_unixcp( const WCHAR *passwd, ULONG passwd_len )
270 {
271 int len;
272 char *ret;
273
274 len = WideCharToMultiByte( CP_UNIXCP, WC_NO_BEST_FIT_CHARS, passwd, passwd_len, NULL, 0, NULL, NULL );
275 if (!(ret = malloc( len + 1 ))) return NULL;
276 WideCharToMultiByte( CP_UNIXCP, 0, passwd, passwd_len, ret, len, NULL, NULL );
277 ret[len] = 0;
278 return ret;
279 }
280
281 static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
282 UNICODE_STRING *principal_us, ULONG credential_use, LUID *logon_id, void *auth_data,
283 void *get_key_fn, void *get_key_arg, LSA_SEC_HANDLE *credential, TimeStamp *expiry )
284 {
285 char *principal = NULL, *username = NULL, *password = NULL;
286 SEC_WINNT_AUTH_IDENTITY_W *id = auth_data;
287 NTSTATUS status = SEC_E_INSUFFICIENT_MEMORY;
288 ULONG exptime;
289
290 TRACE( "%s, %#lx, %p, %p, %p, %p, %p, %p\n", debugstr_us(principal_us), credential_use,
291 logon_id, auth_data, get_key_fn, get_key_arg, credential, expiry );
292
293 if (principal_us && !(principal = get_str_unixcp( principal_us ))) return SEC_E_INSUFFICIENT_MEMORY;
294 if (id)
295 {
296 if (id->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI)
297 {
298 FIXME( "ANSI identity not supported\n" );
299 status = SEC_E_UNSUPPORTED_FUNCTION;
300 goto done;
301 }
302 if (!(username = get_username_unixcp( id->User, id->UserLength, id->Domain, id->DomainLength ))) goto done;
303 if (!(password = get_password_unixcp( id->Password, id->PasswordLength ))) goto done;
304 }
305
306 {
307 struct acquire_credentials_handle_params params = { principal, credential_use, username, password,
308 credential, &exptime };
309 status = KRB5_CALL( acquire_credentials_handle, &params );
310 expiry_to_timestamp( exptime, expiry );
311 }
312
313 done:
314 free( principal );
315 free( username );
316 free( password );
317 return status;
318 }
319
320 static NTSTATUS NTAPI kerberos_SpFreeCredentialsHandle( LSA_SEC_HANDLE credential )
321 {
322 TRACE( "%Ix\n", credential );
323 if (!credential) return SEC_E_INVALID_HANDLE;
324 return KRB5_CALL( free_credentials_handle, (void *)credential );
325 }
326
327 static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context,
328 UNICODE_STRING *target_name, ULONG context_req, ULONG target_data_rep, SecBufferDesc *input,
329 LSA_SEC_HANDLE *new_context, SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry,
330 BOOLEAN *mapped_context, SecBuffer *context_data )
331 {
332 static const ULONG supported = ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY | ISC_REQ_SEQUENCE_DETECT |
333 ISC_REQ_REPLAY_DETECT | ISC_REQ_MUTUAL_AUTH | ISC_REQ_USE_DCE_STYLE |
334 ISC_REQ_IDENTIFY | ISC_REQ_CONNECTION;
335 char *target = NULL;
336 NTSTATUS status;
337 ULONG exptime;
338
339 TRACE( "%Ix, %Ix, %s, %#lx, %lu, %p, %p, %p, %p, %p, %p, %p\n", credential, context, debugstr_us(target_name),
340 context_req, target_data_rep, input, new_context, output, context_attr, expiry,
341 mapped_context, context_data );
342 if (context_req & ~supported) FIXME( "flags %#lx not supported\n", context_req & ~supported );
343
344 if (!context && !input && !credential) return SEC_E_INVALID_HANDLE;
345 if (target_name && !(target = get_str_unixcp( target_name ))) return SEC_E_INSUFFICIENT_MEMORY;
346 else
347 {
348 struct initialize_context_params params = { credential, context, target, context_req, input,
349 new_context, output, context_attr, &exptime };
350 status = KRB5_CALL( initialize_context, &params );
351 if (!status)
352 {
353 *mapped_context = TRUE;
354 expiry_to_timestamp( exptime, expiry );
355 }
356 }
357 /* FIXME: initialize context_data */
358 free( target );
359 return status;
360 }
361
362 static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context,
363 SecBufferDesc *input, ULONG context_req, ULONG target_data_rep, LSA_SEC_HANDLE *new_context,
364 SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry, BOOLEAN *mapped_context, SecBuffer *context_data )
365 {
366 NTSTATUS status = SEC_E_INVALID_HANDLE;
367 ULONG exptime;
368
369 TRACE( "%Ix, %Ix, %#lx, %lu, %p, %p, %p, %p, %p, %p, %p\n", credential, context, context_req, target_data_rep,
370 input, new_context, output, context_attr, expiry, mapped_context, context_data );
371 if (context_req) FIXME( "ignoring flags %#lx\n", context_req );
372
373 if (context || input || credential)
374 {
375 struct accept_context_params params = { credential, context, input, new_context, output, context_attr, &exptime };
376 status = KRB5_CALL( accept_context, &params );
377 if (!status)
378 {
379 *mapped_context = TRUE;
380 expiry_to_timestamp( exptime, expiry );
381 }
382 /* FIXME: initialize context_data */
383 }
384 return status;
385 }
386
387 static NTSTATUS NTAPI kerberos_SpDeleteContext( LSA_SEC_HANDLE context )
388 {
389 TRACE( "%Ix\n", context );
390 if (!context) return SEC_E_INVALID_HANDLE;
391 return KRB5_CALL( delete_context, (void *)context );
392 }
393
394 static SecPkgInfoW *build_package_info( const SecPkgInfoW *info )
395 {
396 SecPkgInfoW *ret;
397 DWORD size_name = (wcslen(info->Name) + 1) * sizeof(WCHAR);
398 DWORD size_comment = (wcslen(info->Comment) + 1) * sizeof(WCHAR);
399
400 if (!(ret = malloc( sizeof(*ret) + size_name + size_comment ))) return NULL;
401 ret->fCapabilities = info->fCapabilities;
402 ret->wVersion = info->wVersion;
403 ret->wRPCID = info->wRPCID;
404 ret->cbMaxToken = info->cbMaxToken;
405 ret->Name = (SEC_WCHAR *)(ret + 1);
406 memcpy( ret->Name, info->Name, size_name );
407 ret->Comment = (SEC_WCHAR *)((char *)ret->Name + size_name);
408 memcpy( ret->Comment, info->Comment, size_comment );
409 return ret;
410 }
411
412 static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, ULONG attribute, void *buffer )
413 {
414 TRACE( "%Ix, %lu, %p\n", context, attribute, buffer );
415
416 if (!context) return SEC_E_INVALID_HANDLE;
417
418 switch (attribute)
419 {
420 #define X(x) case (x) : FIXME(#x" stub\n"); break
421 X(SECPKG_ATTR_ACCESS_TOKEN);
422 X(SECPKG_ATTR_AUTHORITY);
423 X(SECPKG_ATTR_DCE_INFO);
424 X(SECPKG_ATTR_KEY_INFO);
425 X(SECPKG_ATTR_LIFESPAN);
426 X(SECPKG_ATTR_NAMES);
427 X(SECPKG_ATTR_NATIVE_NAMES);
428 X(SECPKG_ATTR_PACKAGE_INFO);
429 X(SECPKG_ATTR_PASSWORD_EXPIRY);
430 X(SECPKG_ATTR_SESSION_KEY);
431 X(SECPKG_ATTR_STREAM_SIZES);
432 X(SECPKG_ATTR_TARGET_INFORMATION);
433 case SECPKG_ATTR_SIZES:
434 {
435 struct query_context_attributes_params params = { context, attribute, buffer };
436 return KRB5_CALL( query_context_attributes, &params );
437 }
438 case SECPKG_ATTR_NEGOTIATION_INFO:
439 {
440 SecPkgContext_NegotiationInfoW *info = (SecPkgContext_NegotiationInfoW *)buffer;
441 if (!(info->PackageInfo = build_package_info( &infoW ))) return SEC_E_INSUFFICIENT_MEMORY;
442 info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
443 return SEC_E_OK;
444 }
445 #undef X
446 default:
447 FIXME( "unknown attribute %lu\n", attribute );
448 break;
449 }
450
451 return SEC_E_UNSUPPORTED_FUNCTION;
452 }
453
454 static NTSTATUS NTAPI kerberos_SpInitialize(ULONG_PTR package_id, SECPKG_PARAMETERS *params,
455 LSA_SECPKG_FUNCTION_TABLE *lsa_function_table)
456 {
457 TRACE("%Iu, %p, %p\n", package_id, params, lsa_function_table);
458
459 if (!krb5_handle)
460 {
461 if (NtQueryVirtualMemory( GetCurrentProcess(), instance, MemoryWineUnixFuncs,
462 &krb5_handle, sizeof(krb5_handle), NULL ) ||
463 KRB5_CALL( process_attach, NULL ))
464 WARN( "no Kerberos support\n" );
465 return STATUS_UNSUCCESSFUL;
466 }
467 return STATUS_SUCCESS;
468 }
469
470 static NTSTATUS NTAPI kerberos_SpShutdown(void)
471 {
472 TRACE("\n");
473 return STATUS_SUCCESS;
474 }
475
476 static SECPKG_FUNCTION_TABLE kerberos_table =
477 {
478 kerberos_LsaApInitializePackage, /* InitializePackage */
479 NULL, /* LsaLogonUser */
480 NULL, /* CallPackage */
481 NULL, /* LogonTerminated */
482 kerberos_LsaApCallPackageUntrusted, /* CallPackageUntrusted */
483 NULL, /* CallPackagePassthrough */
484 NULL, /* LogonUserEx */
485 NULL, /* LogonUserEx2 */
486 kerberos_SpInitialize,
487 kerberos_SpShutdown,
488 kerberos_SpGetInfo,
489 NULL, /* AcceptCredentials */
490 kerberos_SpAcquireCredentialsHandle,
491 NULL, /* SpQueryCredentialsAttributes */
492 kerberos_SpFreeCredentialsHandle,
493 NULL, /* SaveCredentials */
494 NULL, /* GetCredentials */
495 NULL, /* DeleteCredentials */
496 kerberos_SpInitLsaModeContext,
497 kerberos_SpAcceptLsaModeContext,
498 kerberos_SpDeleteContext,
499 NULL, /* ApplyControlToken */
500 NULL, /* GetUserInfo */
501 NULL, /* GetExtendedInformation */
502 kerberos_SpQueryContextAttributes,
503 NULL, /* SpAddCredentials */
504 NULL, /* SetExtendedInformation */
505 NULL, /* SetContextAttributes */
506 NULL, /* SetCredentialsAttributes */
507 NULL, /* ChangeAccountPassword */
508 NULL, /* QueryMetaData */
509 NULL, /* ExchangeMetaData */
510 NULL, /* GetCredUIContext */
511 NULL, /* UpdateCredentials */
512 NULL, /* ValidateTargetInfo */
513 NULL, /* PostLogonUser */
514 };
515
516 NTSTATUS NTAPI SpLsaModeInitialize(ULONG lsa_version, PULONG package_version,
517 PSECPKG_FUNCTION_TABLE *table, PULONG table_count)
518 {
519 TRACE("%#lx, %p, %p, %p\n", lsa_version, package_version, table, table_count);
520
521 *package_version = SECPKG_INTERFACE_VERSION;
522 *table = &kerberos_table;
523 *table_count = 1;
524 return STATUS_SUCCESS;
525 }
526
527 static NTSTATUS NTAPI kerberos_SpInstanceInit(ULONG version, SECPKG_DLL_FUNCTIONS *dll_function_table, void **user_functions)
528 {
529 TRACE("%#lx, %p, %p\n", version, dll_function_table, user_functions);
530 return STATUS_SUCCESS;
531 }
532
533 static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULONG quality_of_protection,
534 SecBufferDesc *message, ULONG message_seq_no )
535 {
536 TRACE( "%Ix, %#lx, %p, %lu\n", context, quality_of_protection, message, message_seq_no );
537 if (quality_of_protection) FIXME( "ignoring quality_of_protection %#lx\n", quality_of_protection );
538 if (message_seq_no) FIXME( "ignoring message_seq_no %lu\n", message_seq_no );
539
540 if (context)
541 {
542 struct make_signature_params params = { context, message };
543 return KRB5_CALL( make_signature, &params );
544 }
545 else return SEC_E_INVALID_HANDLE;
546 }
547
548 static NTSTATUS NTAPI kerberos_SpVerifySignature( LSA_SEC_HANDLE context, SecBufferDesc *message,
549 ULONG message_seq_no, ULONG *quality_of_protection )
550 {
551 TRACE( "%Ix, %p, %lu, %p\n", context, message, message_seq_no, quality_of_protection );
552 if (message_seq_no) FIXME( "ignoring message_seq_no %lu\n", message_seq_no );
553
554 if (context)
555 {
556 struct verify_signature_params params = { context, message, quality_of_protection };
557 return KRB5_CALL( verify_signature, &params );
558 }
559 else return SEC_E_INVALID_HANDLE;
560 }
561
562 static NTSTATUS NTAPI kerberos_SpSealMessage( LSA_SEC_HANDLE context, ULONG quality_of_protection,
563 SecBufferDesc *message, ULONG message_seq_no )
564 {
565 TRACE( "%Ix, %#lx, %p, %lu\n", context, quality_of_protection, message, message_seq_no );
566 if (message_seq_no) FIXME( "ignoring message_seq_no %lu\n", message_seq_no );
567
568 if (context)
569 {
570 struct seal_message_params params = { context, message, quality_of_protection };
571 return KRB5_CALL( seal_message, &params );
572 }
573 else return SEC_E_INVALID_HANDLE;
574 }
575
576 static NTSTATUS NTAPI kerberos_SpUnsealMessage( LSA_SEC_HANDLE context, SecBufferDesc *message,
577 ULONG message_seq_no, ULONG *quality_of_protection )
578 {
579 TRACE( "%Ix, %p, %lu, %p\n", context, message, message_seq_no, quality_of_protection );
580 if (message_seq_no) FIXME( "ignoring message_seq_no %lu\n", message_seq_no );
581
582 if (context)
583 {
584 struct unseal_message_params params = { context, message, quality_of_protection };
585 return KRB5_CALL( unseal_message, &params );
586 }
587 else return SEC_E_INVALID_HANDLE;
588 }
589
590 static SECPKG_USER_FUNCTION_TABLE kerberos_user_table =
591 {
592 kerberos_SpInstanceInit,
593 NULL, /* SpInitUserModeContext */
594 kerberos_SpMakeSignature,
595 kerberos_SpVerifySignature,
596 kerberos_SpSealMessage,
597 kerberos_SpUnsealMessage,
598 NULL, /* SpGetContextToken */
599 NULL, /* SpQueryContextAttributes */
600 NULL, /* SpCompleteAuthToken */
601 NULL, /* SpDeleteContext */
602 NULL, /* SpFormatCredentialsFn */
603 NULL, /* SpMarshallSupplementalCreds */
604 NULL, /* SpExportSecurityContext */
605 NULL /* SpImportSecurityContext */
606 };
607
608 NTSTATUS NTAPI SpUserModeInitialize(ULONG lsa_version, PULONG package_version,
609 PSECPKG_USER_FUNCTION_TABLE *table, PULONG table_count)
610 {
611 TRACE("%#lx, %p, %p, %p\n", lsa_version, package_version, table, table_count);
612
613 *package_version = SECPKG_INTERFACE_VERSION;
614 *table = &kerberos_user_table;
615 *table_count = 1;
616 return STATUS_SUCCESS;
617 }
618
619 BOOL WINAPI DllMain( HINSTANCE hinst, DWORD reason, void *reserved )
620 {
621 switch (reason)
622 {
623 case DLL_PROCESS_ATTACH:
624 instance = hinst;
625 DisableThreadLibraryCalls( hinst );
626 break;
627 case DLL_PROCESS_DETACH:
628 break;
629 }
630 return TRUE;
631 }
Windows API implementation