search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
push 5aff8350ceade24f8243f07a9cf7ecb816236fb1
[wine/hacks.git] / dlls / secur32 / schannel.c
blob201304bbcb0dac496b50b5fe735e2b6104c9fef1
1 /* Copyright (C) 2005 Juan Lang
2 * Copyright 2008 Henri Verbeet
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 * This file implements the schannel provider, or, the SSL/TLS implementations.
19 * FIXME: It should be rather obvious that this file is empty of any
20 * implementation.
21 */
22 #include "config.h"
23 #include "wine/port.h"
24
25 #include <stdarg.h>
26 #include <errno.h>
27 #include <limits.h>
28 #ifdef SONAME_LIBGNUTLS
29 #include <gnutls/gnutls.h>
30 #endif
31
32 #include "windef.h"
33 #include "winbase.h"
34 #include "winnls.h"
35 #include "sspi.h"
36 #include "schannel.h"
37 #include "secur32_priv.h"
38 #include "wine/debug.h"
39 #include "wine/library.h"
40
41 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
42
43 #ifdef SONAME_LIBGNUTLS
44
45 static void *libgnutls_handle;
46 #define MAKE_FUNCPTR(f) static typeof(f) * p##f
47 MAKE_FUNCPTR(gnutls_alert_get);
48 MAKE_FUNCPTR(gnutls_alert_get_name);
49 MAKE_FUNCPTR(gnutls_certificate_allocate_credentials);
50 MAKE_FUNCPTR(gnutls_certificate_free_credentials);
51 MAKE_FUNCPTR(gnutls_certificate_get_peers);
52 MAKE_FUNCPTR(gnutls_cipher_get);
53 MAKE_FUNCPTR(gnutls_credentials_set);
54 MAKE_FUNCPTR(gnutls_deinit);
55 MAKE_FUNCPTR(gnutls_global_deinit);
56 MAKE_FUNCPTR(gnutls_global_init);
57 MAKE_FUNCPTR(gnutls_global_set_log_function);
58 MAKE_FUNCPTR(gnutls_global_set_log_level);
59 MAKE_FUNCPTR(gnutls_handshake);
60 MAKE_FUNCPTR(gnutls_init);
61 MAKE_FUNCPTR(gnutls_mac_get);
62 MAKE_FUNCPTR(gnutls_mac_get_key_size);
63 MAKE_FUNCPTR(gnutls_perror);
64 MAKE_FUNCPTR(gnutls_set_default_priority);
65 MAKE_FUNCPTR(gnutls_record_recv);
66 MAKE_FUNCPTR(gnutls_record_send);
67 MAKE_FUNCPTR(gnutls_transport_set_errno);
68 MAKE_FUNCPTR(gnutls_transport_set_ptr);
69 MAKE_FUNCPTR(gnutls_transport_set_pull_function);
70 MAKE_FUNCPTR(gnutls_transport_set_push_function);
71 #undef MAKE_FUNCPTR
72
73 #define SCHAN_INVALID_HANDLE ~0UL
74
75 enum schan_handle_type
76 {
77 SCHAN_HANDLE_CRED,
78 SCHAN_HANDLE_CTX,
79 SCHAN_HANDLE_FREE
80 };
81
82 struct schan_handle
83 {
84 void *object;
85 enum schan_handle_type type;
86 };
87
88 struct schan_credentials
89 {
90 ULONG credential_use;
91 gnutls_certificate_credentials credentials;
92 };
93
94 struct schan_context
95 {
96 gnutls_session_t session;
97 ULONG req_ctx_attr;
98 };
99
100 struct schan_transport;
101
102 struct schan_buffers
103 {
104 SIZE_T offset;
105 const SecBufferDesc *desc;
106 int current_buffer_idx;
107 BOOL allow_buffer_resize;
108 int (*get_next_buffer)(const struct schan_transport *, struct schan_buffers *);
109 };
110
111 struct schan_transport
112 {
113 struct schan_context *ctx;
114 struct schan_buffers in;
115 struct schan_buffers out;
116 };
117
118 static struct schan_handle *schan_handle_table;
119 static struct schan_handle *schan_free_handles;
120 static SIZE_T schan_handle_table_size;
121 static SIZE_T schan_handle_count;
122
123 static ULONG_PTR schan_alloc_handle(void *object, enum schan_handle_type type)
124 {
125 struct schan_handle *handle;
126
127 if (schan_free_handles)
128 {
129 /* Use a free handle */
130 handle = schan_free_handles;
131 if (handle->type != SCHAN_HANDLE_FREE)
132 {
133 ERR("Handle %d(%p) is in the free list, but has type %#x.\n", (handle-schan_handle_table), handle, handle->type);
134 return SCHAN_INVALID_HANDLE;
135 }
136 schan_free_handles = handle->object;
137 handle->object = object;
138 handle->type = type;
139
140 return handle - schan_handle_table;
141 }
142 if (!(schan_handle_count < schan_handle_table_size))
143 {
144 /* Grow the table */
145 SIZE_T new_size = schan_handle_table_size + (schan_handle_table_size >> 1);
146 struct schan_handle *new_table = HeapReAlloc(GetProcessHeap(), 0, schan_handle_table, new_size * sizeof(*schan_handle_table));
147 if (!new_table)
148 {
149 ERR("Failed to grow the handle table\n");
150 return SCHAN_INVALID_HANDLE;
151 }
152 schan_handle_table = new_table;
153 schan_handle_table_size = new_size;
154 }
155
156 handle = &schan_handle_table[schan_handle_count++];
157 handle->object = object;
158 handle->type = type;
159
160 return handle - schan_handle_table;
161 }
162
163 static void *schan_free_handle(ULONG_PTR handle_idx, enum schan_handle_type type)
164 {
165 struct schan_handle *handle;
166 void *object;
167
168 if (handle_idx == SCHAN_INVALID_HANDLE) return NULL;
169 if (handle_idx >= schan_handle_count) return NULL;
170 handle = &schan_handle_table[handle_idx];
171 if (handle->type != type)
172 {
173 ERR("Handle %ld(%p) is not of type %#x\n", handle_idx, handle, type);
174 return NULL;
175 }
176
177 object = handle->object;
178 handle->object = schan_free_handles;
179 handle->type = SCHAN_HANDLE_FREE;
180 schan_free_handles = handle;
181
182 return object;
183 }
184
185 static void *schan_get_object(ULONG_PTR handle_idx, enum schan_handle_type type)
186 {
187 struct schan_handle *handle;
188
189 if (handle_idx == SCHAN_INVALID_HANDLE) return NULL;
190 if (handle_idx >= schan_handle_count) return NULL;
191 handle = &schan_handle_table[handle_idx];
192 if (handle->type != type)
193 {
194 ERR("Handle %ld(%p) is not of type %#x\n", handle_idx, handle, type);
195 return NULL;
196 }
197
198 return handle->object;
199 }
200
201 static SECURITY_STATUS schan_QueryCredentialsAttributes(
202 PCredHandle phCredential, ULONG ulAttribute, VOID *pBuffer)
203 {
204 SECURITY_STATUS ret;
205
206 switch (ulAttribute)
207 {
208 case SECPKG_ATTR_SUPPORTED_ALGS:
209 if (pBuffer)
210 {
211 /* FIXME: get from CryptoAPI */
212 FIXME("SECPKG_ATTR_SUPPORTED_ALGS: stub\n");
213 ret = SEC_E_UNSUPPORTED_FUNCTION;
214 }
215 else
216 ret = SEC_E_INTERNAL_ERROR;
217 break;
218 case SECPKG_ATTR_CIPHER_STRENGTHS:
219 if (pBuffer)
220 {
221 SecPkgCred_CipherStrengths *r = pBuffer;
222
223 /* FIXME: get from CryptoAPI */
224 FIXME("SECPKG_ATTR_CIPHER_STRENGTHS: semi-stub\n");
225 r->dwMinimumCipherStrength = 40;
226 r->dwMaximumCipherStrength = 168;
227 ret = SEC_E_OK;
228 }
229 else
230 ret = SEC_E_INTERNAL_ERROR;
231 break;
232 case SECPKG_ATTR_SUPPORTED_PROTOCOLS:
233 if (pBuffer)
234 {
235 /* FIXME: get from OpenSSL? */
236 FIXME("SECPKG_ATTR_SUPPORTED_PROTOCOLS: stub\n");
237 ret = SEC_E_UNSUPPORTED_FUNCTION;
238 }
239 else
240 ret = SEC_E_INTERNAL_ERROR;
241 break;
242 default:
243 ret = SEC_E_UNSUPPORTED_FUNCTION;
244 }
245 return ret;
246 }
247
248 static SECURITY_STATUS SEC_ENTRY schan_QueryCredentialsAttributesA(
249 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
250 {
251 SECURITY_STATUS ret;
252
253 TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
254
255 switch (ulAttribute)
256 {
257 case SECPKG_CRED_ATTR_NAMES:
258 FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
259 ret = SEC_E_UNSUPPORTED_FUNCTION;
260 break;
261 default:
262 ret = schan_QueryCredentialsAttributes(phCredential, ulAttribute,
263 pBuffer);
264 }
265 return ret;
266 }
267
268 static SECURITY_STATUS SEC_ENTRY schan_QueryCredentialsAttributesW(
269 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
270 {
271 SECURITY_STATUS ret;
272
273 TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
274
275 switch (ulAttribute)
276 {
277 case SECPKG_CRED_ATTR_NAMES:
278 FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
279 ret = SEC_E_UNSUPPORTED_FUNCTION;
280 break;
281 default:
282 ret = schan_QueryCredentialsAttributes(phCredential, ulAttribute,
283 pBuffer);
284 }
285 return ret;
286 }
287
288 static SECURITY_STATUS schan_CheckCreds(const SCHANNEL_CRED *schanCred)
289 {
290 SECURITY_STATUS st;
291 DWORD i;
292
293 TRACE("dwVersion = %d\n", schanCred->dwVersion);
294 TRACE("cCreds = %d\n", schanCred->cCreds);
295 TRACE("hRootStore = %p\n", schanCred->hRootStore);
296 TRACE("cMappers = %d\n", schanCred->cMappers);
297 TRACE("cSupportedAlgs = %d:\n", schanCred->cSupportedAlgs);
298 for (i = 0; i < schanCred->cSupportedAlgs; i++)
299 TRACE("%08x\n", schanCred->palgSupportedAlgs[i]);
300 TRACE("grbitEnabledProtocols = %08x\n", schanCred->grbitEnabledProtocols);
301 TRACE("dwMinimumCipherStrength = %d\n", schanCred->dwMinimumCipherStrength);
302 TRACE("dwMaximumCipherStrength = %d\n", schanCred->dwMaximumCipherStrength);
303 TRACE("dwSessionLifespan = %d\n", schanCred->dwSessionLifespan);
304 TRACE("dwFlags = %08x\n", schanCred->dwFlags);
305 TRACE("dwCredFormat = %d\n", schanCred->dwCredFormat);
306
307 switch (schanCred->dwVersion)
308 {
309 case SCH_CRED_V3:
310 case SCHANNEL_CRED_VERSION:
311 break;
312 default:
313 return SEC_E_INTERNAL_ERROR;
314 }
315
316 if (schanCred->cCreds == 0)
317 st = SEC_E_NO_CREDENTIALS;
318 else if (schanCred->cCreds > 1)
319 st = SEC_E_UNKNOWN_CREDENTIALS;
320 else
321 {
322 DWORD keySpec;
323 HCRYPTPROV csp;
324 BOOL ret, freeCSP;
325
326 ret = CryptAcquireCertificatePrivateKey(schanCred->paCred[0],
327 0, /* FIXME: what flags to use? */ NULL,
328 &csp, &keySpec, &freeCSP);
329 if (ret)
330 {
331 st = SEC_E_OK;
332 if (freeCSP)
333 CryptReleaseContext(csp, 0);
334 }
335 else
336 st = SEC_E_UNKNOWN_CREDENTIALS;
337 }
338 return st;
339 }
340
341 static SECURITY_STATUS schan_AcquireClientCredentials(const SCHANNEL_CRED *schanCred,
342 PCredHandle phCredential, PTimeStamp ptsExpiry)
343 {
344 struct schan_credentials *creds;
345 SECURITY_STATUS st = SEC_E_OK;
346
347 TRACE("schanCred %p, phCredential %p, ptsExpiry %p\n", schanCred, phCredential, ptsExpiry);
348
349 if (schanCred)
350 {
351 st = schan_CheckCreds(schanCred);
352 if (st == SEC_E_NO_CREDENTIALS)
353 st = SEC_E_OK;
354 }
355
356 /* For now, the only thing I'm interested in is the direction of the
357 * connection, so just store it.
358 */
359 if (st == SEC_E_OK)
360 {
361 ULONG_PTR handle;
362 int ret;
363
364 creds = HeapAlloc(GetProcessHeap(), 0, sizeof(*creds));
365 if (!creds) return SEC_E_INSUFFICIENT_MEMORY;
366
367 handle = schan_alloc_handle(creds, SCHAN_HANDLE_CRED);
368 if (handle == SCHAN_INVALID_HANDLE) goto fail;
369
370 creds->credential_use = SECPKG_CRED_OUTBOUND;
371 ret = pgnutls_certificate_allocate_credentials(&creds->credentials);
372 if (ret != GNUTLS_E_SUCCESS)
373 {
374 pgnutls_perror(ret);
375 schan_free_handle(handle, SCHAN_HANDLE_CRED);
376 goto fail;
377 }
378
379 phCredential->dwLower = handle;
380 phCredential->dwUpper = 0;
381
382 /* Outbound credentials have no expiry */
383 if (ptsExpiry)
384 {
385 ptsExpiry->LowPart = 0;
386 ptsExpiry->HighPart = 0;
387 }
388 }
389 return st;
390
391 fail:
392 HeapFree(GetProcessHeap(), 0, creds);
393 return SEC_E_INTERNAL_ERROR;
394 }
395
396 static SECURITY_STATUS schan_AcquireServerCredentials(const SCHANNEL_CRED *schanCred,
397 PCredHandle phCredential, PTimeStamp ptsExpiry)
398 {
399 SECURITY_STATUS st;
400
401 TRACE("schanCred %p, phCredential %p, ptsExpiry %p\n", schanCred, phCredential, ptsExpiry);
402
403 if (!schanCred) return SEC_E_NO_CREDENTIALS;
404
405 st = schan_CheckCreds(schanCred);
406 if (st == SEC_E_OK)
407 {
408 ULONG_PTR handle;
409 struct schan_credentials *creds;
410
411 creds = HeapAlloc(GetProcessHeap(), 0, sizeof(*creds));
412 if (!creds) return SEC_E_INSUFFICIENT_MEMORY;
413 creds->credential_use = SECPKG_CRED_INBOUND;
414
415 handle = schan_alloc_handle(creds, SCHAN_HANDLE_CRED);
416 if (handle == SCHAN_INVALID_HANDLE)
417 {
418 HeapFree(GetProcessHeap(), 0, creds);
419 return SEC_E_INTERNAL_ERROR;
420 }
421
422 phCredential->dwLower = handle;
423 phCredential->dwUpper = 0;
424
425 /* FIXME: get expiry from cert */
426 }
427 return st;
428 }
429
430 static SECURITY_STATUS schan_AcquireCredentialsHandle(ULONG fCredentialUse,
431 const SCHANNEL_CRED *schanCred, PCredHandle phCredential, PTimeStamp ptsExpiry)
432 {
433 SECURITY_STATUS ret;
434
435 if (fCredentialUse == SECPKG_CRED_OUTBOUND)
436 ret = schan_AcquireClientCredentials(schanCred, phCredential,
437 ptsExpiry);
438 else
439 ret = schan_AcquireServerCredentials(schanCred, phCredential,
440 ptsExpiry);
441 return ret;
442 }
443
444 static SECURITY_STATUS SEC_ENTRY schan_AcquireCredentialsHandleA(
445 SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
446 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
447 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
448 {
449 TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p)\n",
450 debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
451 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
452 return schan_AcquireCredentialsHandle(fCredentialUse,
453 pAuthData, phCredential, ptsExpiry);
454 }
455
456 static SECURITY_STATUS SEC_ENTRY schan_AcquireCredentialsHandleW(
457 SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
458 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
459 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
460 {
461 TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p)\n",
462 debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
463 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
464 return schan_AcquireCredentialsHandle(fCredentialUse,
465 pAuthData, phCredential, ptsExpiry);
466 }
467
468 static SECURITY_STATUS SEC_ENTRY schan_FreeCredentialsHandle(
469 PCredHandle phCredential)
470 {
471 struct schan_credentials *creds;
472
473 TRACE("phCredential %p\n", phCredential);
474
475 if (!phCredential) return SEC_E_INVALID_HANDLE;
476
477 creds = schan_free_handle(phCredential->dwLower, SCHAN_HANDLE_CRED);
478 if (!creds) return SEC_E_INVALID_HANDLE;
479
480 if (creds->credential_use == SECPKG_CRED_OUTBOUND)
481 pgnutls_certificate_free_credentials(creds->credentials);
482 HeapFree(GetProcessHeap(), 0, creds);
483
484 return SEC_E_OK;
485 }
486
487 static void init_schan_buffers(struct schan_buffers *s, const PSecBufferDesc desc,
488 int (*get_next_buffer)(const struct schan_transport *, struct schan_buffers *))
489 {
490 s->offset = 0;
491 s->desc = desc;
492 s->current_buffer_idx = -1;
493 s->allow_buffer_resize = FALSE;
494 s->get_next_buffer = get_next_buffer;
495 }
496
497 static int schan_find_sec_buffer_idx(const SecBufferDesc *desc, unsigned int start_idx, ULONG buffer_type)
498 {
499 unsigned int i;
500 PSecBuffer buffer;
501
502 for (i = start_idx; i < desc->cBuffers; ++i)
503 {
504 buffer = &desc->pBuffers[i];
505 if (buffer->BufferType == buffer_type) return i;
506 }
507
508 return -1;
509 }
510
511 static void schan_resize_current_buffer(const struct schan_buffers *s, SIZE_T min_size)
512 {
513 SecBuffer *b = &s->desc->pBuffers[s->current_buffer_idx];
514 SIZE_T new_size = b->cbBuffer ? b->cbBuffer * 2 : 128;
515 void *new_data;
516
517 if (b->cbBuffer >= min_size || !s->allow_buffer_resize || min_size > UINT_MAX / 2) return;
518
519 while (new_size < min_size) new_size *= 2;
520
521 if (b->pvBuffer)
522 new_data = HeapReAlloc(GetProcessHeap(), 0, b->pvBuffer, new_size);
523 else
524 new_data = HeapAlloc(GetProcessHeap(), 0, new_size);
525
526 if (!new_data)
527 {
528 TRACE("Failed to resize %p from %d to %ld\n", b->pvBuffer, b->cbBuffer, new_size);
529 return;
530 }
531
532 b->cbBuffer = new_size;
533 b->pvBuffer = new_data;
534 }
535
536 static char *schan_get_buffer(const struct schan_transport *t, struct schan_buffers *s, size_t *count)
537 {
538 SIZE_T max_count;
539 PSecBuffer buffer;
540
541 if (!s->desc)
542 {
543 TRACE("No desc\n");
544 return NULL;
545 }
546
547 if (s->current_buffer_idx == -1)
548 {
549 /* Initial buffer */
550 int buffer_idx = s->get_next_buffer(t, s);
551 if (buffer_idx == -1)
552 {
553 TRACE("No next buffer\n");
554 return NULL;
555 }
556 s->current_buffer_idx = buffer_idx;
557 }
558
559 buffer = &s->desc->pBuffers[s->current_buffer_idx];
560 TRACE("Using buffer %d: cbBuffer %d, BufferType %#x, pvBuffer %p\n", s->current_buffer_idx, buffer->cbBuffer, buffer->BufferType, buffer->pvBuffer);
561
562 schan_resize_current_buffer(s, s->offset + *count);
563 max_count = buffer->cbBuffer - s->offset;
564 if (!max_count)
565 {
566 int buffer_idx;
567
568 s->allow_buffer_resize = FALSE;
569 buffer_idx = s->get_next_buffer(t, s);
570 if (buffer_idx == -1)
571 {
572 TRACE("No next buffer\n");
573 return NULL;
574 }
575 s->current_buffer_idx = buffer_idx;
576 s->offset = 0;
577 return schan_get_buffer(t, s, count);
578 }
579
580 if (*count > max_count) *count = max_count;
581 return (char *)buffer->pvBuffer + s->offset;
582 }
583
584 static ssize_t schan_pull(gnutls_transport_ptr_t transport, void *buff, size_t buff_len)
585 {
586 struct schan_transport *t = transport;
587 char *b;
588
589 TRACE("Pull %zu bytes\n", buff_len);
590
591 b = schan_get_buffer(t, &t->in, &buff_len);
592 if (!b)
593 {
594 pgnutls_transport_set_errno(t->ctx->session, EAGAIN);
595 return -1;
596 }
597
598 memcpy(buff, b, buff_len);
599 t->in.offset += buff_len;
600
601 TRACE("Read %zu bytes\n", buff_len);
602
603 return buff_len;
604 }
605
606 static ssize_t schan_push(gnutls_transport_ptr_t transport, const void *buff, size_t buff_len)
607 {
608 struct schan_transport *t = transport;
609 char *b;
610
611 TRACE("Push %zu bytes\n", buff_len);
612
613 b = schan_get_buffer(t, &t->out, &buff_len);
614 if (!b)
615 {
616 pgnutls_transport_set_errno(t->ctx->session, EAGAIN);
617 return -1;
618 }
619
620 memcpy(b, buff, buff_len);
621 t->out.offset += buff_len;
622
623 TRACE("Wrote %zu bytes\n", buff_len);
624
625 return buff_len;
626 }
627
628 static int schan_init_sec_ctx_get_next_buffer(const struct schan_transport *t, struct schan_buffers *s)
629 {
630 if (s->current_buffer_idx == -1)
631 {
632 int idx = schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_TOKEN);
633 if (t->ctx->req_ctx_attr & ISC_REQ_ALLOCATE_MEMORY)
634 {
635 if (idx == -1)
636 {
637 idx = schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_EMPTY);
638 if (idx != -1) s->desc->pBuffers[idx].BufferType = SECBUFFER_TOKEN;
639 }
640 if (idx != -1 && !s->desc->pBuffers[idx].pvBuffer)
641 {
642 s->desc->pBuffers[idx].cbBuffer = 0;
643 s->allow_buffer_resize = TRUE;
644 }
645 }
646 return idx;
647 }
648
649 return -1;
650 }
651
652 static void dump_buffer_desc(SecBufferDesc *desc)
653 {
654 unsigned int i;
655
656 if (!desc) return;
657 TRACE("Buffer desc %p:\n", desc);
658 for (i = 0; i < desc->cBuffers; ++i)
659 {
660 SecBuffer *b = &desc->pBuffers[i];
661 TRACE("\tbuffer %u: cbBuffer %d, BufferType %#x pvBuffer %p\n", i, b->cbBuffer, b->BufferType, b->pvBuffer);
662 }
663 }
664
665 /***********************************************************************
666 * InitializeSecurityContextW
667 */
668 static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextW(
669 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
670 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
671 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
672 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
673 {
674 struct schan_context *ctx;
675 struct schan_buffers *out_buffers;
676 struct schan_credentials *cred;
677 struct schan_transport transport;
678 int err;
679
680 TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
681 debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
682 Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
683
684 dump_buffer_desc(pInput);
685 dump_buffer_desc(pOutput);
686
687 if (!phContext)
688 {
689 ULONG_PTR handle;
690
691 if (!phCredential) return SEC_E_INVALID_HANDLE;
692
693 cred = schan_get_object(phCredential->dwLower, SCHAN_HANDLE_CRED);
694 if (!cred) return SEC_E_INVALID_HANDLE;
695
696 if (!(cred->credential_use & SECPKG_CRED_OUTBOUND))
697 {
698 WARN("Invalid credential use %#x\n", cred->credential_use);
699 return SEC_E_INVALID_HANDLE;
700 }
701
702 ctx = HeapAlloc(GetProcessHeap(), 0, sizeof(*ctx));
703 if (!ctx) return SEC_E_INSUFFICIENT_MEMORY;
704
705 handle = schan_alloc_handle(ctx, SCHAN_HANDLE_CTX);
706 if (handle == SCHAN_INVALID_HANDLE)
707 {
708 HeapFree(GetProcessHeap(), 0, ctx);
709 return SEC_E_INTERNAL_ERROR;
710 }
711
712 err = pgnutls_init(&ctx->session, GNUTLS_CLIENT);
713 if (err != GNUTLS_E_SUCCESS)
714 {
715 pgnutls_perror(err);
716 schan_free_handle(handle, SCHAN_HANDLE_CTX);
717 HeapFree(GetProcessHeap(), 0, ctx);
718 return SEC_E_INTERNAL_ERROR;
719 }
720
721 /* FIXME: We should be using the information from the credentials here. */
722 FIXME("Using hardcoded \"NORMAL\" priority\n");
723 err = pgnutls_set_default_priority(ctx->session);
724 if (err != GNUTLS_E_SUCCESS)
725 {
726 pgnutls_perror(err);
727 pgnutls_deinit(ctx->session);
728 schan_free_handle(handle, SCHAN_HANDLE_CTX);
729 HeapFree(GetProcessHeap(), 0, ctx);
730 }
731
732 err = pgnutls_credentials_set(ctx->session, GNUTLS_CRD_CERTIFICATE, cred->credentials);
733 if (err != GNUTLS_E_SUCCESS)
734 {
735 pgnutls_perror(err);
736 pgnutls_deinit(ctx->session);
737 schan_free_handle(handle, SCHAN_HANDLE_CTX);
738 HeapFree(GetProcessHeap(), 0, ctx);
739 }
740
741 pgnutls_transport_set_pull_function(ctx->session, schan_pull);
742 pgnutls_transport_set_push_function(ctx->session, schan_push);
743
744 phNewContext->dwLower = handle;
745 phNewContext->dwUpper = 0;
746 }
747 else
748 {
749 ctx = schan_get_object(phContext->dwLower, SCHAN_HANDLE_CTX);
750 }
751
752 ctx->req_ctx_attr = fContextReq;
753
754 transport.ctx = ctx;
755 init_schan_buffers(&transport.in, pInput, schan_init_sec_ctx_get_next_buffer);
756 init_schan_buffers(&transport.out, pOutput, schan_init_sec_ctx_get_next_buffer);
757 pgnutls_transport_set_ptr(ctx->session, &transport);
758
759 /* Perform the TLS handshake */
760 err = pgnutls_handshake(ctx->session);
761
762 out_buffers = &transport.out;
763 if (out_buffers->current_buffer_idx != -1)
764 {
765 SecBuffer *buffer = &out_buffers->desc->pBuffers[out_buffers->current_buffer_idx];
766 buffer->cbBuffer = out_buffers->offset;
767 }
768
769 *pfContextAttr = 0;
770 if (ctx->req_ctx_attr & ISC_REQ_ALLOCATE_MEMORY)
771 *pfContextAttr |= ISC_RET_ALLOCATED_MEMORY;
772
773 switch(err)
774 {
775 case GNUTLS_E_SUCCESS:
776 TRACE("Handshake completed\n");
777 return SEC_E_OK;
778
779 case GNUTLS_E_AGAIN:
780 TRACE("Continue...\n");
781 return SEC_I_CONTINUE_NEEDED;
782
783 case GNUTLS_E_WARNING_ALERT_RECEIVED:
784 case GNUTLS_E_FATAL_ALERT_RECEIVED:
785 {
786 gnutls_alert_description_t alert = pgnutls_alert_get(ctx->session);
787 const char *alert_name = pgnutls_alert_get_name(alert);
788 WARN("ALERT: %d %s\n", alert, alert_name);
789 return SEC_E_INTERNAL_ERROR;
790 }
791
792 default:
793 pgnutls_perror(err);
794 return SEC_E_INTERNAL_ERROR;
795 }
796 }
797
798 /***********************************************************************
799 * InitializeSecurityContextA
800 */
801 static SECURITY_STATUS SEC_ENTRY schan_InitializeSecurityContextA(
802 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
803 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
804 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
805 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
806 {
807 SECURITY_STATUS ret;
808 SEC_WCHAR *target_name = NULL;
809
810 TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
811 debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
812 Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
813
814 if (pszTargetName)
815 {
816 INT len = MultiByteToWideChar(CP_ACP, 0, pszTargetName, -1, NULL, 0);
817 target_name = HeapAlloc(GetProcessHeap(), 0, len * sizeof(*target_name));
818 MultiByteToWideChar(CP_ACP, 0, pszTargetName, -1, target_name, len);
819 }
820
821 ret = schan_InitializeSecurityContextW(phCredential, phContext, target_name,
822 fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
823 phNewContext, pOutput, pfContextAttr, ptsExpiry);
824
825 HeapFree(GetProcessHeap(), 0, target_name);
826
827 return ret;
828 }
829
830 static unsigned int schannel_get_cipher_block_size(gnutls_cipher_algorithm_t cipher)
831 {
832 const struct
833 {
834 gnutls_cipher_algorithm_t cipher;
835 unsigned int block_size;
836 }
837 algorithms[] =
838 {
839 {GNUTLS_CIPHER_3DES_CBC, 8},
840 {GNUTLS_CIPHER_AES_128_CBC, 16},
841 {GNUTLS_CIPHER_AES_256_CBC, 16},
842 {GNUTLS_CIPHER_ARCFOUR_128, 1},
843 {GNUTLS_CIPHER_ARCFOUR_40, 1},
844 {GNUTLS_CIPHER_DES_CBC, 8},
845 {GNUTLS_CIPHER_NULL, 1},
846 {GNUTLS_CIPHER_RC2_40_CBC, 8},
847 };
848 unsigned int i;
849
850 for (i = 0; i < sizeof(algorithms) / sizeof(*algorithms); ++i)
851 {
852 if (algorithms[i].cipher == cipher)
853 return algorithms[i].block_size;
854 }
855
856 FIXME("Unknown cipher %#x, returning 1\n", cipher);
857
858 return 1;
859 }
860
861 static SECURITY_STATUS SEC_ENTRY schan_QueryContextAttributesW(
862 PCtxtHandle context_handle, ULONG attribute, PVOID buffer)
863 {
864 struct schan_context *ctx;
865
866 TRACE("context_handle %p, attribute %#x, buffer %p\n",
867 context_handle, attribute, buffer);
868
869 if (!context_handle) return SEC_E_INVALID_HANDLE;
870 ctx = schan_get_object(context_handle->dwLower, SCHAN_HANDLE_CTX);
871
872 switch(attribute)
873 {
874 case SECPKG_ATTR_STREAM_SIZES:
875 {
876 SecPkgContext_StreamSizes *stream_sizes = buffer;
877 gnutls_mac_algorithm_t mac = pgnutls_mac_get(ctx->session);
878 size_t mac_size = pgnutls_mac_get_key_size(mac);
879 gnutls_cipher_algorithm_t cipher = pgnutls_cipher_get(ctx->session);
880 unsigned int block_size = schannel_get_cipher_block_size(cipher);
881
882 TRACE("Using %zu mac bytes, block size %u\n", mac_size, block_size);
883
884 /* These are defined by the TLS RFC */
885 stream_sizes->cbHeader = 5;
886 stream_sizes->cbTrailer = mac_size + 256; /* Max 255 bytes padding + 1 for padding size */
887 stream_sizes->cbMaximumMessage = 1 << 14;
888 stream_sizes->cbBuffers = 4;
889 stream_sizes->cbBlockSize = block_size;
890 return SEC_E_OK;
891 }
892 case SECPKG_ATTR_REMOTE_CERT_CONTEXT:
893 {
894 unsigned int list_size;
895 const gnutls_datum_t *datum = pgnutls_certificate_get_peers(
896 ctx->session, &list_size);
897
898 datum = pgnutls_certificate_get_peers(ctx->session, &list_size);
899 if (datum)
900 {
901 PCCERT_CONTEXT *cert = buffer;
902
903 *cert = CertCreateCertificateContext(X509_ASN_ENCODING,
904 datum->data, datum->size);
905 if (!*cert)
906 return GetLastError();
907 else
908 return SEC_E_OK;
909 }
910 else
911 return SEC_E_INTERNAL_ERROR;
912 }
913
914 default:
915 FIXME("Unhandled attribute %#x\n", attribute);
916 return SEC_E_UNSUPPORTED_FUNCTION;
917 }
918 }
919
920 static SECURITY_STATUS SEC_ENTRY schan_QueryContextAttributesA(
921 PCtxtHandle context_handle, ULONG attribute, PVOID buffer)
922 {
923 TRACE("context_handle %p, attribute %#x, buffer %p\n",
924 context_handle, attribute, buffer);
925
926 switch(attribute)
927 {
928 case SECPKG_ATTR_STREAM_SIZES:
929 return schan_QueryContextAttributesW(context_handle, attribute, buffer);
930 case SECPKG_ATTR_REMOTE_CERT_CONTEXT:
931 return schan_QueryContextAttributesW(context_handle, attribute, buffer);
932
933 default:
934 FIXME("Unhandled attribute %#x\n", attribute);
935 return SEC_E_UNSUPPORTED_FUNCTION;
936 }
937 }
938
939 static int schan_encrypt_message_get_next_buffer(const struct schan_transport *t, struct schan_buffers *s)
940 {
941 SecBuffer *b;
942
943 if (s->current_buffer_idx == -1)
944 return schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_STREAM_HEADER);
945
946 b = &s->desc->pBuffers[s->current_buffer_idx];
947
948 if (b->BufferType == SECBUFFER_STREAM_HEADER)
949 return schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_DATA);
950
951 if (b->BufferType == SECBUFFER_DATA)
952 return schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_STREAM_TRAILER);
953
954 return -1;
955 }
956
957 static int schan_encrypt_message_get_next_buffer_token(const struct schan_transport *t, struct schan_buffers *s)
958 {
959 SecBuffer *b;
960
961 if (s->current_buffer_idx == -1)
962 return schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_TOKEN);
963
964 b = &s->desc->pBuffers[s->current_buffer_idx];
965
966 if (b->BufferType == SECBUFFER_TOKEN)
967 {
968 int idx = schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_TOKEN);
969 if (idx != s->current_buffer_idx) return -1;
970 return schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_DATA);
971 }
972
973 if (b->BufferType == SECBUFFER_DATA)
974 {
975 int idx = schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_TOKEN);
976 if (idx != -1)
977 idx = schan_find_sec_buffer_idx(s->desc, idx + 1, SECBUFFER_TOKEN);
978 return idx;
979 }
980
981 return -1;
982 }
983
984 static SECURITY_STATUS SEC_ENTRY schan_EncryptMessage(PCtxtHandle context_handle,
985 ULONG quality, PSecBufferDesc message, ULONG message_seq_no)
986 {
987 struct schan_transport transport;
988 struct schan_context *ctx;
989 struct schan_buffers *b;
990 SecBuffer *buffer;
991 SIZE_T data_size;
992 char *data;
993 ssize_t sent = 0;
994 ssize_t ret;
995 int idx;
996
997 TRACE("context_handle %p, quality %d, message %p, message_seq_no %d\n",
998 context_handle, quality, message, message_seq_no);
999
1000 if (!context_handle) return SEC_E_INVALID_HANDLE;
1001 ctx = schan_get_object(context_handle->dwLower, SCHAN_HANDLE_CTX);
1002
1003 dump_buffer_desc(message);
1004
1005 idx = schan_find_sec_buffer_idx(message, 0, SECBUFFER_DATA);
1006 if (idx == -1)
1007 {
1008 WARN("No data buffer passed\n");
1009 return SEC_E_INTERNAL_ERROR;
1010 }
1011 buffer = &message->pBuffers[idx];
1012
1013 data_size = buffer->cbBuffer;
1014 data = HeapAlloc(GetProcessHeap(), 0, data_size);
1015 memcpy(data, buffer->pvBuffer, data_size);
1016
1017 transport.ctx = ctx;
1018 init_schan_buffers(&transport.in, NULL, NULL);
1019 if (schan_find_sec_buffer_idx(message, 0, SECBUFFER_STREAM_HEADER) != -1)
1020 init_schan_buffers(&transport.out, message, schan_encrypt_message_get_next_buffer);
1021 else
1022 init_schan_buffers(&transport.out, message, schan_encrypt_message_get_next_buffer_token);
1023 pgnutls_transport_set_ptr(ctx->session, &transport);
1024
1025 while (sent < data_size)
1026 {
1027 ret = pgnutls_record_send(ctx->session, data + sent, data_size - sent);
1028 if (ret < 0)
1029 {
1030 if (ret != GNUTLS_E_AGAIN)
1031 {
1032 pgnutls_perror(ret);
1033 HeapFree(GetProcessHeap(), 0, data);
1034 ERR("Returning SEC_E_INTERNAL_ERROR\n");
1035 return SEC_E_INTERNAL_ERROR;
1036 }
1037 else break;
1038 }
1039 sent += ret;
1040 }
1041
1042 TRACE("Sent %zd bytes\n", sent);
1043
1044 b = &transport.out;
1045 b->desc->pBuffers[b->current_buffer_idx].cbBuffer = b->offset;
1046 HeapFree(GetProcessHeap(), 0, data);
1047
1048 return SEC_E_OK;
1049 }
1050
1051 static int schan_decrypt_message_get_next_buffer(const struct schan_transport *t, struct schan_buffers *s)
1052 {
1053 if (s->current_buffer_idx == -1)
1054 return schan_find_sec_buffer_idx(s->desc, 0, SECBUFFER_DATA);
1055
1056 return -1;
1057 }
1058
1059 static SECURITY_STATUS SEC_ENTRY schan_DecryptMessage(PCtxtHandle context_handle,
1060 PSecBufferDesc message, ULONG message_seq_no, PULONG quality)
1061 {
1062 struct schan_transport transport;
1063 struct schan_context *ctx;
1064 SecBuffer *buffer;
1065 SIZE_T data_size;
1066 char *data;
1067 ssize_t received = 0;
1068 ssize_t ret;
1069 int idx;
1070
1071 TRACE("context_handle %p, message %p, message_seq_no %d, quality %p\n",
1072 context_handle, message, message_seq_no, quality);
1073
1074 if (!context_handle) return SEC_E_INVALID_HANDLE;
1075 ctx = schan_get_object(context_handle->dwLower, SCHAN_HANDLE_CTX);
1076
1077 dump_buffer_desc(message);
1078
1079 idx = schan_find_sec_buffer_idx(message, 0, SECBUFFER_DATA);
1080 if (idx == -1)
1081 {
1082 WARN("No data buffer passed\n");
1083 return SEC_E_INTERNAL_ERROR;
1084 }
1085 buffer = &message->pBuffers[idx];
1086
1087 data_size = buffer->cbBuffer;
1088 data = HeapAlloc(GetProcessHeap(), 0, data_size);
1089
1090 transport.ctx = ctx;
1091 init_schan_buffers(&transport.in, message, schan_decrypt_message_get_next_buffer);
1092 init_schan_buffers(&transport.out, NULL, NULL);
1093 pgnutls_transport_set_ptr(ctx->session, (gnutls_transport_ptr_t)&transport);
1094
1095 while (received < data_size)
1096 {
1097 ret = pgnutls_record_recv(ctx->session, data + received, data_size - received);
1098 if (ret < 0)
1099 {
1100 if (ret == GNUTLS_E_AGAIN)
1101 {
1102 if (!received)
1103 {
1104 pgnutls_perror(ret);
1105 HeapFree(GetProcessHeap(), 0, data);
1106 TRACE("Returning SEC_E_INCOMPLETE_MESSAGE\n");
1107 return SEC_E_INCOMPLETE_MESSAGE;
1108 }
1109 break;
1110 }
1111 else
1112 {
1113 pgnutls_perror(ret);
1114 HeapFree(GetProcessHeap(), 0, data);
1115 ERR("Returning SEC_E_INTERNAL_ERROR\n");
1116 return SEC_E_INTERNAL_ERROR;
1117 }
1118 }
1119 received += ret;
1120 }
1121
1122 TRACE("Received %zd bytes\n", received);
1123
1124 memcpy(buffer->pvBuffer, data, received);
1125 buffer->cbBuffer = received;
1126 HeapFree(GetProcessHeap(), 0, data);
1127
1128 return SEC_E_OK;
1129 }
1130
1131 static SECURITY_STATUS SEC_ENTRY schan_DeleteSecurityContext(PCtxtHandle context_handle)
1132 {
1133 struct schan_context *ctx;
1134
1135 TRACE("context_handle %p\n", context_handle);
1136
1137 if (!context_handle) return SEC_E_INVALID_HANDLE;
1138
1139 ctx = schan_free_handle(context_handle->dwLower, SCHAN_HANDLE_CTX);
1140 if (!ctx) return SEC_E_INVALID_HANDLE;
1141
1142 pgnutls_deinit(ctx->session);
1143 HeapFree(GetProcessHeap(), 0, ctx);
1144
1145 return SEC_E_OK;
1146 }
1147
1148 static void schan_gnutls_log(int level, const char *msg)
1149 {
1150 TRACE("<%d> %s", level, msg);
1151 }
1152
1153 static const SecurityFunctionTableA schanTableA = {
1154 1,
1155 NULL, /* EnumerateSecurityPackagesA */
1156 schan_QueryCredentialsAttributesA,
1157 schan_AcquireCredentialsHandleA,
1158 schan_FreeCredentialsHandle,
1159 NULL, /* Reserved2 */
1160 schan_InitializeSecurityContextA,
1161 NULL, /* AcceptSecurityContext */
1162 NULL, /* CompleteAuthToken */
1163 schan_DeleteSecurityContext,
1164 NULL, /* ApplyControlToken */
1165 schan_QueryContextAttributesA,
1166 NULL, /* ImpersonateSecurityContext */
1167 NULL, /* RevertSecurityContext */
1168 NULL, /* MakeSignature */
1169 NULL, /* VerifySignature */
1170 FreeContextBuffer,
1171 NULL, /* QuerySecurityPackageInfoA */
1172 NULL, /* Reserved3 */
1173 NULL, /* Reserved4 */
1174 NULL, /* ExportSecurityContext */
1175 NULL, /* ImportSecurityContextA */
1176 NULL, /* AddCredentialsA */
1177 NULL, /* Reserved8 */
1178 NULL, /* QuerySecurityContextToken */
1179 schan_EncryptMessage,
1180 schan_DecryptMessage,
1181 NULL, /* SetContextAttributesA */
1182 };
1183
1184 static const SecurityFunctionTableW schanTableW = {
1185 1,
1186 NULL, /* EnumerateSecurityPackagesW */
1187 schan_QueryCredentialsAttributesW,
1188 schan_AcquireCredentialsHandleW,
1189 schan_FreeCredentialsHandle,
1190 NULL, /* Reserved2 */
1191 schan_InitializeSecurityContextW,
1192 NULL, /* AcceptSecurityContext */
1193 NULL, /* CompleteAuthToken */
1194 schan_DeleteSecurityContext,
1195 NULL, /* ApplyControlToken */
1196 schan_QueryContextAttributesW,
1197 NULL, /* ImpersonateSecurityContext */
1198 NULL, /* RevertSecurityContext */
1199 NULL, /* MakeSignature */
1200 NULL, /* VerifySignature */
1201 FreeContextBuffer,
1202 NULL, /* QuerySecurityPackageInfoW */
1203 NULL, /* Reserved3 */
1204 NULL, /* Reserved4 */
1205 NULL, /* ExportSecurityContext */
1206 NULL, /* ImportSecurityContextW */
1207 NULL, /* AddCredentialsW */
1208 NULL, /* Reserved8 */
1209 NULL, /* QuerySecurityContextToken */
1210 schan_EncryptMessage,
1211 schan_DecryptMessage,
1212 NULL, /* SetContextAttributesW */
1213 };
1214
1215 static const WCHAR schannelComment[] = { 'S','c','h','a','n','n','e','l',' ',
1216 'S','e','c','u','r','i','t','y',' ','P','a','c','k','a','g','e',0 };
1217 static const WCHAR schannelDllName[] = { 's','c','h','a','n','n','e','l','.','d','l','l',0 };
1218
1219 void SECUR32_initSchannelSP(void)
1220 {
1221 /* This is what Windows reports. This shouldn't break any applications
1222 * even though the functions are missing, because the wrapper will
1223 * return SEC_E_UNSUPPORTED_FUNCTION if our function is NULL.
1224 */
1225 static const long caps =
1226 SECPKG_FLAG_INTEGRITY |
1227 SECPKG_FLAG_PRIVACY |
1228 SECPKG_FLAG_CONNECTION |
1229 SECPKG_FLAG_MULTI_REQUIRED |
1230 SECPKG_FLAG_EXTENDED_ERROR |
1231 SECPKG_FLAG_IMPERSONATION |
1232 SECPKG_FLAG_ACCEPT_WIN32_NAME |
1233 SECPKG_FLAG_STREAM;
1234 static const short version = 1;
1235 static const long maxToken = 16384;
1236 SEC_WCHAR *uniSPName = (SEC_WCHAR *)UNISP_NAME_W,
1237 *schannel = (SEC_WCHAR *)SCHANNEL_NAME_W;
1238 const SecPkgInfoW info[] = {
1239 { caps, version, UNISP_RPC_ID, maxToken, uniSPName, uniSPName },
1240 { caps, version, UNISP_RPC_ID, maxToken, schannel,
1241 (SEC_WCHAR *)schannelComment },
1242 };
1243 SecureProvider *provider;
1244 int ret;
1245
1246 libgnutls_handle = wine_dlopen(SONAME_LIBGNUTLS, RTLD_NOW, NULL, 0);
1247 if (!libgnutls_handle)
1248 {
1249 WARN("Failed to load libgnutls.\n");
1250 return;
1251 }
1252
1253 #define LOAD_FUNCPTR(f) \
1254 if (!(p##f = wine_dlsym(libgnutls_handle, #f, NULL, 0))) \
1255 { \
1256 ERR("Failed to load %s\n", #f); \
1257 goto fail; \
1258 }
1259
1260 LOAD_FUNCPTR(gnutls_alert_get)
1261 LOAD_FUNCPTR(gnutls_alert_get_name)
1262 LOAD_FUNCPTR(gnutls_certificate_allocate_credentials)
1263 LOAD_FUNCPTR(gnutls_certificate_free_credentials)
1264 LOAD_FUNCPTR(gnutls_certificate_get_peers)
1265 LOAD_FUNCPTR(gnutls_cipher_get)
1266 LOAD_FUNCPTR(gnutls_credentials_set)
1267 LOAD_FUNCPTR(gnutls_deinit)
1268 LOAD_FUNCPTR(gnutls_global_deinit)
1269 LOAD_FUNCPTR(gnutls_global_init)
1270 LOAD_FUNCPTR(gnutls_global_set_log_function)
1271 LOAD_FUNCPTR(gnutls_global_set_log_level)
1272 LOAD_FUNCPTR(gnutls_handshake)
1273 LOAD_FUNCPTR(gnutls_init)
1274 LOAD_FUNCPTR(gnutls_mac_get)
1275 LOAD_FUNCPTR(gnutls_mac_get_key_size)
1276 LOAD_FUNCPTR(gnutls_perror)
1277 LOAD_FUNCPTR(gnutls_set_default_priority)
1278 LOAD_FUNCPTR(gnutls_record_recv);
1279 LOAD_FUNCPTR(gnutls_record_send);
1280 LOAD_FUNCPTR(gnutls_transport_set_errno)
1281 LOAD_FUNCPTR(gnutls_transport_set_ptr)
1282 LOAD_FUNCPTR(gnutls_transport_set_pull_function)
1283 LOAD_FUNCPTR(gnutls_transport_set_push_function)
1284 #undef LOAD_FUNCPTR
1285
1286 ret = pgnutls_global_init();
1287 if (ret != GNUTLS_E_SUCCESS)
1288 {
1289 pgnutls_perror(ret);
1290 goto fail;
1291 }
1292
1293 if (TRACE_ON(secur32))
1294 {
1295 pgnutls_global_set_log_level(4);
1296 pgnutls_global_set_log_function(schan_gnutls_log);
1297 }
1298
1299 schan_handle_table = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 64 * sizeof(*schan_handle_table));
1300 if (!schan_handle_table)
1301 {
1302 ERR("Failed to allocate schannel handle table.\n");
1303 goto fail;
1304 }
1305 schan_handle_table_size = 64;
1306
1307 provider = SECUR32_addProvider(&schanTableA, &schanTableW, schannelDllName);
1308 if (!provider)
1309 {
1310 ERR("Failed to add schannel provider.\n");
1311 goto fail;
1312 }
1313
1314 SECUR32_addPackages(provider, sizeof(info) / sizeof(info[0]), NULL, info);
1315
1316 return;
1317
1318 fail:
1319 HeapFree(GetProcessHeap(), 0, schan_handle_table);
1320 schan_handle_table = NULL;
1321 wine_dlclose(libgnutls_handle, NULL, 0);
1322 libgnutls_handle = NULL;
1323 return;
1324 }
1325
1326 void SECUR32_deinitSchannelSP(void)
1327 {
1328 if (!libgnutls_handle) return;
1329
1330 pgnutls_global_deinit();
1331 wine_dlclose(libgnutls_handle, NULL, 0);
1332 }
1333
1334 #else /* SONAME_LIBGNUTLS */
1335
1336 void SECUR32_initSchannelSP(void) {}
1337 void SECUR32_deinitSchannelSP(void) {}
1338
1339 #endif /* SONAME_LIBGNUTLS */
useful hacks and other patches not (yet) suitable for mainline