search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
secur32: Copy helper buffer to output buffer before reusing helper buffer.
[wine/multimedia.git] / dlls / secur32 / ntlm.c
blob44e8ac079c7fd9f3b3d72ade25c2169851e5fab6
1 /*
2 * Copyright 2005, 2006 Kai Blin
3 *
4 * This library is free software; you can redistribute it and/or
5 * modify it under the terms of the GNU Lesser General Public
6 * License as published by the Free Software Foundation; either
7 * version 2.1 of the License, or (at your option) any later version.
8 *
9 * This library is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * Lesser General Public License for more details.
13 *
14 * You should have received a copy of the GNU Lesser General Public
15 * License along with this library; if not, write to the Free Software
16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
17 *
18 * This file implements the NTLM security provider.
19 */
20
21 #include <assert.h>
22 #include <stdarg.h>
23 #include <stdio.h>
24 #include "windef.h"
25 #include "winbase.h"
26 #include "winnls.h"
27 #include "rpc.h"
28 #include "sspi.h"
29 #include "lm.h"
30 #include "secur32_priv.h"
31 #include "wine/debug.h"
32
33 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
34
35 #define NTLM_MAX_BUF 1904
36
37
38 /***********************************************************************
39 * QueryCredentialsAttributesA
40 */
41 static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesA(
42 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
43 {
44 SECURITY_STATUS ret;
45
46 TRACE("(%p, %ld, %p)\n", phCredential, ulAttribute, pBuffer);
47
48 if(ulAttribute == SECPKG_ATTR_NAMES)
49 {
50 FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
51 ret = SEC_E_UNSUPPORTED_FUNCTION;
52 }
53 else
54 ret = SEC_E_UNSUPPORTED_FUNCTION;
55
56 return ret;
57 }
58
59 /***********************************************************************
60 * QueryCredentialsAttributesW
61 */
62 static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesW(
63 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
64 {
65 SECURITY_STATUS ret;
66
67 TRACE("(%p, %ld, %p)\n", phCredential, ulAttribute, pBuffer);
68
69 if(ulAttribute == SECPKG_ATTR_NAMES)
70 {
71 FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
72 ret = SEC_E_UNSUPPORTED_FUNCTION;
73 }
74 else
75 ret = SEC_E_UNSUPPORTED_FUNCTION;
76
77 return ret;
78 }
79
80 /***********************************************************************
81 * AcquireCredentialsHandleW
82 */
83 static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
84 SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
85 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
86 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
87 {
88 SECURITY_STATUS ret;
89 PNegoHelper helper = NULL;
90 static CHAR ntlm_auth[] = "ntlm_auth",
91 helper_protocol[] = "--helper-protocol=squid-2.5-ntlmssp";
92
93 SEC_CHAR *client_user_arg = NULL;
94 SEC_CHAR *client_domain_arg = NULL;
95 SEC_WCHAR *username = NULL, *domain = NULL;
96
97 SEC_CHAR *client_argv[5];
98 SEC_CHAR *server_argv[] = { ntlm_auth,
99 helper_protocol,
100 NULL };
101
102 TRACE("(%s, %s, 0x%08lx, %p, %p, %p, %p, %p, %p)\n",
103 debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
104 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
105
106
107 switch(fCredentialUse)
108 {
109 case SECPKG_CRED_INBOUND:
110 if( (ret = fork_helper(&helper, "ntlm_auth", server_argv)) !=
111 SEC_E_OK)
112 {
113 phCredential = NULL;
114 break;
115 }
116 else
117 {
118 helper->mode = NTLM_SERVER;
119 phCredential->dwUpper = fCredentialUse;
120 phCredential->dwLower = (ULONG_PTR)helper;
121 }
122 ret = SEC_E_OK;
123 break;
124 case SECPKG_CRED_OUTBOUND:
125 {
126 static const char username_arg[] = "--username=";
127 static const char domain_arg[] = "--domain=";
128 static char ntlm_auth[] = "ntlm_auth";
129 static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
130 int unixcp_size;
131
132 if(pAuthData == NULL)
133 {
134 LPWKSTA_USER_INFO_1 ui = NULL;
135 NET_API_STATUS status;
136
137 status = NetWkstaUserGetInfo(NULL, 1, (LPBYTE *)&ui);
138 if (status != NERR_Success || ui == NULL)
139 {
140 ret = SEC_E_NO_CREDENTIALS;
141 phCredential = NULL;
142 break;
143 }
144
145 username = HeapAlloc(GetProcessHeap(), 0,
146 (lstrlenW(ui->wkui1_username)+1) *
147 sizeof(SEC_WCHAR));
148 lstrcpyW(username, ui->wkui1_username);
149
150 /* same for the domain */
151 domain = HeapAlloc(GetProcessHeap(), 0,
152 (lstrlenW(ui->wkui1_logon_domain)+1) *
153 sizeof(SEC_WCHAR));
154 lstrcpyW(domain, ui->wkui1_logon_domain);
155 NetApiBufferFree(ui);
156 }
157 else
158 {
159 PSEC_WINNT_AUTH_IDENTITY_W auth_data =
160 (PSEC_WINNT_AUTH_IDENTITY_W)pAuthData;
161
162 if (!auth_data->UserLength || !auth_data->DomainLength)
163 {
164 ret = SEC_E_NO_CREDENTIALS;
165 phCredential = NULL;
166 break;
167 }
168 /* Get username and domain from pAuthData */
169 username = HeapAlloc(GetProcessHeap(), 0,
170 (auth_data->UserLength + 1) * sizeof(SEC_WCHAR));
171 lstrcpyW(username, auth_data->User);
172
173 domain = HeapAlloc(GetProcessHeap(), 0,
174 (auth_data->DomainLength + 1) * sizeof(SEC_WCHAR));
175 lstrcpyW(domain, auth_data->Domain);
176 }
177 TRACE("Username is %s\n", debugstr_w(username));
178 unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
179 username, -1, NULL, 0, NULL, NULL) + sizeof(username_arg);
180 client_user_arg = HeapAlloc(GetProcessHeap(), 0, unixcp_size);
181 lstrcpyA(client_user_arg, username_arg);
182 WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, username, -1,
183 client_user_arg + sizeof(username_arg) - 1,
184 unixcp_size - sizeof(username_arg) + 1, NULL, NULL);
185
186 TRACE("Domain name is %s\n", debugstr_w(domain));
187 unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
188 domain, -1, NULL, 0, NULL, NULL) + sizeof(domain_arg);
189 client_domain_arg = HeapAlloc(GetProcessHeap(), 0, unixcp_size);
190 lstrcpyA(client_domain_arg, domain_arg);
191 WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, domain,
192 -1, client_domain_arg + sizeof(domain_arg) - 1,
193 unixcp_size - sizeof(domain) + 1, NULL, NULL);
194
195 client_argv[0] = ntlm_auth;
196 client_argv[1] = helper_protocol;
197 client_argv[2] = client_user_arg;
198 client_argv[3] = client_domain_arg;
199 client_argv[4] = NULL;
200
201 if((ret = fork_helper(&helper, "ntlm_auth", client_argv)) !=
202 SEC_E_OK)
203 {
204 phCredential = NULL;
205 break;
206 }
207 else
208 {
209 helper->mode = NTLM_CLIENT;
210
211 if(pAuthData != NULL)
212 {
213 PSEC_WINNT_AUTH_IDENTITY_W auth_data =
214 (PSEC_WINNT_AUTH_IDENTITY_W)pAuthData;
215
216 if(auth_data->PasswordLength != 0)
217 {
218 helper->pwlen = WideCharToMultiByte(CP_UNIXCP,
219 WC_NO_BEST_FIT_CHARS, auth_data->Password,
220 auth_data->PasswordLength+1, NULL, 0, NULL, NULL);
221
222 helper->password = HeapAlloc(GetProcessHeap(), 0,
223 helper->pwlen);
224
225 WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
226 auth_data->Password, auth_data->PasswordLength+1,
227 helper->password, helper->pwlen, NULL, NULL);
228 }
229 }
230
231 phCredential->dwUpper = fCredentialUse;
232 phCredential->dwLower = (ULONG_PTR)helper;
233 TRACE("ACH phCredential->dwUpper: 0x%08lx, dwLower: 0x%08lx\n",
234 phCredential->dwUpper, phCredential->dwLower);
235 }
236 ret = SEC_E_OK;
237 break;
238 }
239 case SECPKG_CRED_BOTH:
240 FIXME("AcquireCredentialsHandle: SECPKG_CRED_BOTH stub\n");
241 ret = SEC_E_UNSUPPORTED_FUNCTION;
242 phCredential = NULL;
243 break;
244 default:
245 phCredential = NULL;
246 ret = SEC_E_UNKNOWN_CREDENTIALS;
247 }
248
249
250 HeapFree(GetProcessHeap(), 0, client_user_arg);
251 HeapFree(GetProcessHeap(), 0, client_domain_arg);
252 HeapFree(GetProcessHeap(), 0, username);
253 HeapFree(GetProcessHeap(), 0, domain);
254
255 return ret;
256 }
257
258 /***********************************************************************
259 * AcquireCredentialsHandleA
260 */
261 static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleA(
262 SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
263 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
264 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
265 {
266 SECURITY_STATUS ret;
267 int user_sizeW, domain_sizeW, passwd_sizeW;
268
269 SEC_WCHAR *user = NULL, *domain = NULL, *passwd = NULL, *package = NULL;
270
271 PSEC_WINNT_AUTH_IDENTITY_W pAuthDataW = NULL;
272 PSEC_WINNT_AUTH_IDENTITY_A identity = NULL;
273
274 TRACE("(%s, %s, 0x%08lx, %p, %p, %p, %p, %p, %p)\n",
275 debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
276 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
277
278 if(pszPackage != NULL)
279 {
280 int package_sizeW = MultiByteToWideChar(CP_ACP, 0, pszPackage, -1,
281 NULL, 0);
282
283 package = HeapAlloc(GetProcessHeap(), 0, package_sizeW *
284 sizeof(SEC_WCHAR));
285 MultiByteToWideChar(CP_ACP, 0, pszPackage, -1, package, package_sizeW);
286 }
287
288
289 if(pAuthData != NULL)
290 {
291 identity = (PSEC_WINNT_AUTH_IDENTITY_A)pAuthData;
292
293 if(identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
294 {
295 pAuthDataW = HeapAlloc(GetProcessHeap(), 0,
296 sizeof(SEC_WINNT_AUTH_IDENTITY_W));
297
298 if(identity->UserLength != 0)
299 {
300 user_sizeW = MultiByteToWideChar(CP_ACP, 0,
301 (LPCSTR)identity->User, identity->UserLength+1, NULL, 0);
302 user = HeapAlloc(GetProcessHeap(), 0, user_sizeW *
303 sizeof(SEC_WCHAR));
304 MultiByteToWideChar(CP_ACP, 0, (LPCSTR)identity->User,
305 identity->UserLength+1, user, user_sizeW);
306 }
307 else
308 {
309 user_sizeW = 0;
310 }
311
312 if(identity->DomainLength != 0)
313 {
314 domain_sizeW = MultiByteToWideChar(CP_ACP, 0,
315 (LPCSTR)identity->Domain, identity->DomainLength+1, NULL, 0);
316 domain = HeapAlloc(GetProcessHeap(), 0, domain_sizeW
317 * sizeof(SEC_WCHAR));
318 MultiByteToWideChar(CP_ACP, 0, (LPCSTR)identity->Domain,
319 identity->DomainLength+1, domain, domain_sizeW);
320 }
321 else
322 {
323 domain_sizeW = 0;
324 }
325
326 if(identity->PasswordLength != 0)
327 {
328 passwd_sizeW = MultiByteToWideChar(CP_ACP, 0,
329 (LPCSTR)identity->Password, identity->PasswordLength+1,
330 NULL, 0);
331 passwd = HeapAlloc(GetProcessHeap(), 0, passwd_sizeW
332 * sizeof(SEC_WCHAR));
333 MultiByteToWideChar(CP_ACP, 0, (LPCSTR)identity->Password,
334 identity->PasswordLength+1, passwd, passwd_sizeW);
335 }
336 else
337 {
338 passwd_sizeW = 0;
339 }
340
341 pAuthDataW->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
342 pAuthDataW->User = user;
343 pAuthDataW->UserLength = user_sizeW;
344 pAuthDataW->Domain = domain;
345 pAuthDataW->DomainLength = domain_sizeW;
346 pAuthDataW->Password = passwd;
347 pAuthDataW->PasswordLength = passwd_sizeW;
348 }
349 else
350 {
351 pAuthDataW = (PSEC_WINNT_AUTH_IDENTITY_W)identity;
352 }
353 }
354
355 ret = ntlm_AcquireCredentialsHandleW(NULL, package, fCredentialUse,
356 pLogonID, pAuthDataW, pGetKeyFn, pGetKeyArgument, phCredential,
357 ptsExpiry);
358
359 HeapFree(GetProcessHeap(), 0, package);
360 HeapFree(GetProcessHeap(), 0, user);
361 HeapFree(GetProcessHeap(), 0, domain);
362 HeapFree(GetProcessHeap(), 0, passwd);
363 if(pAuthDataW != (PSEC_WINNT_AUTH_IDENTITY_W)identity)
364 HeapFree(GetProcessHeap(), 0, pAuthDataW);
365
366 return ret;
367 }
368
369 /***********************************************************************
370 * InitializeSecurityContextW
371 */
372 static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
373 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
374 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
375 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
376 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
377 {
378 SECURITY_STATUS ret;
379 PNegoHelper helper;
380 ULONG ctxt_attr = 0;
381 char* buffer, *want_flags = NULL;
382 PBYTE bin;
383 int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
384
385 TRACE("%p %p %s %ld %ld %ld %p %ld %p %p %p %p\n", phCredential, phContext,
386 debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
387 Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
388
389 if(!phCredential)
390 return SEC_E_INVALID_HANDLE;
391
392 /* As the server side of sspi never calls this, make sure that
393 * the handler is a client handler.
394 */
395 helper = (PNegoHelper)phCredential->dwLower;
396 if(helper->mode != NTLM_CLIENT)
397 {
398 TRACE("Helper mode = %d\n", helper->mode);
399 return SEC_E_INVALID_HANDLE;
400 }
401
402 /****************************************
403 * When communicating with the client, there can be the
404 * following reply packets:
405 * YR <base64 blob> should be sent to the server
406 * PW should be sent back to helper with
407 * base64 encoded password
408 * AF <base64 blob> client is done, blob should be
409 * sent to server with KK prefixed
410 * GF <string list> A string list of negotiated flags
411 * GK <base64 blob> base64 encoded session key
412 * BH <char reason> something broke
413 */
414 /* The squid cache size is 2010 chars, and that's what ntlm_auth uses */
415
416 if (pszTargetName)
417 {
418 TRACE("According to a MS whitepaper pszTargetName is ignored.\n");
419 }
420
421 if(TargetDataRep == SECURITY_NETWORK_DREP){
422 TRACE("Setting SECURITY_NETWORK_DREP\n");
423 }
424
425 buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(char) * NTLM_MAX_BUF);
426 bin = HeapAlloc(GetProcessHeap(), 0, sizeof(BYTE) * NTLM_MAX_BUF);
427
428 if((phContext == NULL) && (pInput == NULL))
429 {
430 TRACE("First time in ISC()\n");
431 /* Allocate space for a maximal string of
432 * "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
433 * NTLMSSP_FEATURE_SESSION_KEY"
434 */
435 want_flags = HeapAlloc(GetProcessHeap(), 0, 73);
436 if(want_flags == NULL)
437 {
438 ret = SEC_E_INSUFFICIENT_MEMORY;
439 goto isc_end;
440 }
441 lstrcpyA(want_flags, "SF");
442 if(fContextReq & ISC_REQ_CONFIDENTIALITY)
443 lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
444 if(fContextReq & ISC_REQ_CONNECTION)
445 {
446 /* This is default, so we'll enable it */
447 ctxt_attr |= ISC_RET_CONNECTION;
448 lstrcatA(want_flags, " NTLMSSP_FEATURE_SESSION_KEY");
449 }
450 if(fContextReq & ISC_REQ_EXTENDED_ERROR)
451 FIXME("ISC_REQ_EXTENDED_ERROR\n");
452 if(fContextReq & ISC_REQ_INTEGRITY)
453 lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
454 if(fContextReq & ISC_REQ_MUTUAL_AUTH)
455 FIXME("ISC_REQ_MUTUAL_AUTH\n");
456 if(fContextReq & ISC_REQ_REPLAY_DETECT)
457 FIXME("ISC_REQ_REPLAY_DETECT\n");
458 if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
459 FIXME("ISC_REQ_SEQUENCE_DETECT\n");
460 if(fContextReq & ISC_REQ_STREAM)
461 FIXME("ISC_REQ_STREAM\n");
462
463 /* Request a challenge request from ntlm_auth */
464 if(helper->password == NULL)
465 {
466 FIXME("Using empty password for now.\n");
467 lstrcpynA(buffer, "PW AA==", max_len-1);
468 }
469 else
470 {
471 lstrcpynA(buffer, "PW ", max_len-1);
472 if((ret = encodeBase64((unsigned char*)helper->password,
473 helper->pwlen-2, buffer+3,
474 max_len-3, &buffer_len)) != SEC_E_OK)
475 {
476 TRACE("Deleting password!\n");
477 memset(helper->password, 0, helper->pwlen-2);
478 HeapFree(GetProcessHeap(), 0, helper->password);
479 goto isc_end;
480 }
481
482 }
483
484 TRACE("Sending to helper: %s\n", debugstr_a(buffer));
485 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
486 goto isc_end;
487
488 TRACE("Helper returned %s\n", debugstr_a(buffer));
489
490 if(lstrlenA(want_flags) > 2)
491 {
492 TRACE("Want flags are '%s'\n", debugstr_a(want_flags));
493 lstrcpynA(buffer, want_flags, max_len-1);
494 if((ret = run_helper(helper, buffer, max_len, &buffer_len))
495 != SEC_E_OK)
496 goto isc_end;
497 if(!strncmp(buffer, "BH", 2))
498 TRACE("Helper doesn't understand new command set\n");
499 }
500
501 lstrcpynA(buffer, "YR", max_len-1);
502
503 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
504 goto isc_end;
505
506 TRACE("%s\n", buffer);
507
508 if(strncmp(buffer, "YR ", 3) != 0)
509 {
510 /* Something borked */
511 TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
512 ret = SEC_E_INTERNAL_ERROR;
513 goto isc_end;
514 }
515 if((ret = decodeBase64(buffer+3, buffer_len-3, bin,
516 max_len-1, &bin_len)) != SEC_E_OK)
517 goto isc_end;
518
519 /* put the decoded client blob into the out buffer */
520
521 ret = SEC_I_CONTINUE_NEEDED;
522 }
523 else
524 {
525 /* handle second call here */
526 /* encode server data to base64 */
527 if (!pInput || !pInput->cBuffers)
528 {
529 ret = SEC_E_INCOMPLETE_MESSAGE;
530 goto isc_end;
531 }
532
533 if (!pInput->pBuffers[0].pvBuffer)
534 {
535 ret = SEC_E_INTERNAL_ERROR;
536 goto isc_end;
537 }
538
539 if(pInput->pBuffers[0].cbBuffer > max_len)
540 {
541 TRACE("pInput->pBuffers[0].cbBuffer is: %ld\n",
542 pInput->pBuffers[0].cbBuffer);
543 ret = SEC_E_INVALID_TOKEN;
544 goto isc_end;
545 }
546 else
547 bin_len = pInput->pBuffers[0].cbBuffer;
548
549 memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
550
551 lstrcpynA(buffer, "TT ", max_len-1);
552
553 if((ret = encodeBase64(bin, bin_len, buffer+3,
554 max_len-3, &buffer_len)) != SEC_E_OK)
555 goto isc_end;
556
557 TRACE("Server sent: %s\n", debugstr_a(buffer));
558
559 /* send TT base64 blob to ntlm_auth */
560 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
561 goto isc_end;
562
563 TRACE("Helper replied: %s\n", debugstr_a(buffer));
564
565 if( (strncmp(buffer, "KK ", 3) != 0) &&
566 (strncmp(buffer, "AF ", 3) !=0))
567 {
568 TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
569 ret = SEC_E_INVALID_TOKEN;
570 goto isc_end;
571 }
572
573 /* decode the blob and send it to server */
574 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
575 &bin_len)) != SEC_E_OK)
576 {
577 goto isc_end;
578 }
579
580 phNewContext->dwUpper = ctxt_attr;
581 phNewContext->dwLower = (ULONG_PTR)helper;
582
583 ret = SEC_E_OK;
584 }
585
586 /* put the decoded client blob into the out buffer */
587
588 if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
589 {
590 if (pOutput)
591 {
592 pOutput->cBuffers = 1;
593 pOutput->pBuffers[0].pvBuffer = SECUR32_ALLOC(bin_len);
594 pOutput->pBuffers[0].cbBuffer = bin_len;
595 }
596 }
597
598 if (!pOutput || !pOutput->cBuffers || pOutput->pBuffers[0].cbBuffer < bin_len)
599 {
600 TRACE("out buffer is NULL or has not enough space\n");
601 ret = SEC_E_BUFFER_TOO_SMALL;
602 goto isc_end;
603 }
604
605 if (!pOutput->pBuffers[0].pvBuffer)
606 {
607 TRACE("out buffer is NULL\n");
608 ret = SEC_E_INTERNAL_ERROR;
609 goto isc_end;
610 }
611
612 pOutput->pBuffers[0].cbBuffer = bin_len;
613 pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
614 memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
615
616 if(ret == SEC_E_OK)
617 {
618 TRACE("Getting negotiated flags\n");
619 lstrcpynA(buffer, "GF", max_len - 1);
620 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
621 goto isc_end;
622
623 if(buffer_len < 3)
624 {
625 TRACE("No flags negotiated, or helper does not support GF command\n");
626 }
627 else
628 {
629 TRACE("Negotiated %s\n", debugstr_a(buffer));
630 sscanf(buffer + 3, "%lx", &(helper->neg_flags));
631 TRACE("Stored 0x%08lx as flags\n", helper->neg_flags);
632 }
633
634 TRACE("Getting session key\n");
635 lstrcpynA(buffer, "GK", max_len - 1);
636 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
637 goto isc_end;
638
639 if(buffer_len < 3)
640 TRACE("Helper does not support GK command\n");
641 else
642 {
643 if(strncmp(buffer, "BH ", 3) == 0)
644 {
645 TRACE("Helper sent %s\n", debugstr_a(buffer+3));
646 helper->valid_session_key = FALSE;
647 helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
648 /*FIXME: Generate the dummy session key = MD4(MD4(password))*/
649 memset(helper->session_key, 0 , 16);
650 }
651 else if(strncmp(buffer, "GK ", 3) == 0)
652 {
653 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
654 &bin_len)) != SEC_E_OK)
655 {
656 TRACE("Failed to decode session key\n");
657 }
658 TRACE("Session key is %s\n", debugstr_a(buffer+3));
659 helper->valid_session_key = TRUE;
660 if(!helper->session_key)
661 helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
662 if(!helper->session_key)
663 {
664 TRACE("Failed to allocate memory for session key\n");
665 ret = SEC_E_INTERNAL_ERROR;
666 goto isc_end;
667 }
668 memcpy(helper->session_key, bin, bin_len);
669 }
670 }
671 }
672
673 if(ret != SEC_I_CONTINUE_NEEDED)
674 {
675 TRACE("Deleting password!\n");
676 if(helper->password)
677 memset(helper->password, 0, helper->pwlen-2);
678 HeapFree(GetProcessHeap(), 0, helper->password);
679 }
680 isc_end:
681 HeapFree(GetProcessHeap(), 0, want_flags);
682 HeapFree(GetProcessHeap(), 0, buffer);
683 HeapFree(GetProcessHeap(), 0, bin);
684 return ret;
685 }
686
687 /***********************************************************************
688 * InitializeSecurityContextA
689 */
690 static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
691 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
692 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
693 PSecBufferDesc pInput,ULONG Reserved2, PCtxtHandle phNewContext,
694 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
695 {
696 SECURITY_STATUS ret;
697
698 TRACE("%p %p %s %ld %ld %ld %p %ld %p %p %p %p\n", phCredential, phContext,
699 debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
700 Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
701
702 if (phCredential)
703 {
704 SEC_WCHAR *target = NULL;
705 if(pszTargetName != NULL)
706 {
707 int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName,
708 strlen(pszTargetName)+1, NULL, 0);
709 target = HeapAlloc(GetProcessHeap(), 0, target_size *
710 sizeof(SEC_WCHAR));
711 MultiByteToWideChar(CP_ACP, 0, pszTargetName, strlen(pszTargetName)+1,
712 target, target_size);
713 }
714
715 ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
716 fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
717 phNewContext, pOutput, pfContextAttr, ptsExpiry);
718
719 HeapFree(GetProcessHeap(), 0, target);
720 }
721 else
722 {
723 ret = SEC_E_INVALID_HANDLE;
724 }
725 return ret;
726 }
727
728 /***********************************************************************
729 * AcceptSecurityContext
730 */
731 static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
732 PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
733 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
734 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
735 {
736 SECURITY_STATUS ret;
737 char *buffer;
738 PBYTE bin;
739 int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
740 ULONG ctxt_attr = 0;
741 PNegoHelper helper;
742
743 TRACE("%p %p %p %ld %ld %p %p %p %p\n", phCredential, phContext, pInput,
744 fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
745 ptsExpiry);
746
747 if (!phCredential)
748 return SEC_E_INVALID_HANDLE;
749
750 helper = (PNegoHelper)phCredential->dwLower;
751
752 buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(char) * NTLM_MAX_BUF);
753 bin = HeapAlloc(GetProcessHeap(),0, sizeof(BYTE) * NTLM_MAX_BUF);
754
755 if(helper->mode != NTLM_SERVER)
756 {
757 ret = SEC_E_INVALID_HANDLE;
758 goto asc_end;
759 }
760
761 if(TargetDataRep == SECURITY_NETWORK_DREP){
762 TRACE("Using SECURITY_NETWORK_DREP\n");
763 }
764
765 if(phContext == NULL)
766 {
767 /* This is the first call to AcceptSecurityHandle */
768 if(pInput == NULL)
769 {
770 ret = SEC_E_INCOMPLETE_MESSAGE;
771 goto asc_end;
772 }
773
774 if(pInput->cBuffers < 1)
775 {
776 ret = SEC_E_INCOMPLETE_MESSAGE;
777 goto asc_end;
778 }
779
780 if(pInput->pBuffers[0].cbBuffer > max_len)
781 {
782 ret = SEC_E_INVALID_TOKEN;
783 goto asc_end;
784 }
785 else
786 bin_len = pInput->pBuffers[0].cbBuffer;
787
788 /* Handle all the flags */
789 if(fContextReq & ASC_REQ_ALLOCATE_MEMORY)
790 {
791 FIXME("ASC_REQ_ALLOCATE_MEMORY stub\n");
792 }
793 if(fContextReq & ASC_REQ_CONFIDENTIALITY)
794 {
795 FIXME("ASC_REQ_CONFIDENTIALITY stub\n");
796 }
797 if(fContextReq & ASC_REQ_CONNECTION)
798 {
799 /* This is default, so we'll enable it */
800 ctxt_attr |= ASC_RET_CONNECTION;
801 }
802 if(fContextReq & ASC_REQ_EXTENDED_ERROR)
803 {
804 FIXME("ASC_REQ_EXTENDED_ERROR stub\n");
805 }
806 if(fContextReq & ASC_REQ_INTEGRITY)
807 {
808 FIXME("ASC_REQ_INTEGRITY stub\n");
809 }
810 if(fContextReq & ASC_REQ_MUTUAL_AUTH)
811 {
812 FIXME("ASC_REQ_MUTUAL_AUTH stub\n");
813 }
814 if(fContextReq & ASC_REQ_REPLAY_DETECT)
815 {
816 FIXME("ASC_REQ_REPLAY_DETECT stub\n");
817 }
818 if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
819 {
820 FIXME("ASC_REQ_SEQUENCE_DETECT stub\n");
821 }
822 if(fContextReq & ISC_REQ_STREAM)
823 {
824 FIXME("ASC_REQ_STREAM stub\n");
825 }
826 /* Done with the flags */
827
828 /* This is the YR request from the client, encode to base64 */
829
830 memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
831
832 lstrcpynA(buffer, "YR ", max_len-1);
833
834 if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
835 &buffer_len)) != SEC_E_OK)
836 {
837 goto asc_end;
838 }
839
840 TRACE("Client sent: %s\n", debugstr_a(buffer));
841
842 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
843 SEC_E_OK)
844 {
845 goto asc_end;
846 }
847
848 TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
849 /* The expected answer is TT <base64 blob> */
850
851 if(strncmp(buffer, "TT ", 3) != 0)
852 {
853 ret = SEC_E_INTERNAL_ERROR;
854 goto asc_end;
855 }
856
857 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
858 &bin_len)) != SEC_E_OK)
859 {
860 goto asc_end;
861 }
862
863 /* send this to the client */
864 if(pOutput == NULL)
865 {
866 ret = SEC_E_INSUFFICIENT_MEMORY;
867 goto asc_end;
868 }
869
870 if(pOutput->cBuffers < 1)
871 {
872 ret = SEC_E_INSUFFICIENT_MEMORY;
873 goto asc_end;
874 }
875
876 pOutput->pBuffers[0].cbBuffer = bin_len;
877 pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
878 memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
879 ret = SEC_I_CONTINUE_NEEDED;
880
881 }
882 else
883 {
884 /* we expect a KK request from client */
885 if(pInput == NULL)
886 {
887 ret = SEC_E_INCOMPLETE_MESSAGE;
888 goto asc_end;
889 }
890
891 if(pInput->cBuffers < 1)
892 {
893 ret = SEC_E_INCOMPLETE_MESSAGE;
894 goto asc_end;
895 }
896
897 if(pInput->pBuffers[0].cbBuffer > max_len)
898 {
899 ret = SEC_E_INVALID_TOKEN;
900 goto asc_end;
901 }
902 else
903 bin_len = pInput->pBuffers[0].cbBuffer;
904
905 memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
906
907 lstrcpynA(buffer, "KK ", max_len-1);
908
909 if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
910 &buffer_len)) != SEC_E_OK)
911 {
912 goto asc_end;
913 }
914
915 TRACE("Client sent: %s\n", debugstr_a(buffer));
916
917 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
918 SEC_E_OK)
919 {
920 goto asc_end;
921 }
922
923 TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
924
925 if(strncmp(buffer, "AF ", 3) != 0)
926 {
927 if(strncmp(buffer, "NA ", 3) == 0)
928 {
929 ret = SEC_E_LOGON_DENIED;
930 goto asc_end;
931 }
932 else
933 {
934 ret = SEC_E_INTERNAL_ERROR;
935 goto asc_end;
936 }
937 }
938 pOutput->pBuffers[0].cbBuffer = 0;
939 ret = SEC_E_OK;
940 }
941
942 phNewContext->dwUpper = ctxt_attr;
943 phNewContext->dwLower = (ULONG_PTR)helper;
944
945 asc_end:
946 HeapFree(GetProcessHeap(), 0, buffer);
947 HeapFree(GetProcessHeap(), 0, bin);
948 return ret;
949 }
950
951 /***********************************************************************
952 * CompleteAuthToken
953 */
954 static SECURITY_STATUS SEC_ENTRY ntlm_CompleteAuthToken(PCtxtHandle phContext,
955 PSecBufferDesc pToken)
956 {
957 /* We never need to call CompleteAuthToken anyway */
958 TRACE("%p %p\n", phContext, pToken);
959 if (!phContext)
960 return SEC_E_INVALID_HANDLE;
961
962 return SEC_E_OK;
963 }
964
965 /***********************************************************************
966 * DeleteSecurityContext
967 */
968 static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
969 {
970 SECURITY_STATUS ret;
971
972 TRACE("%p\n", phContext);
973 if (phContext)
974 {
975 phContext->dwUpper = 0;
976 phContext->dwLower = 0;
977 ret = SEC_E_OK;
978 }
979 else
980 {
981 ret = SEC_E_INVALID_HANDLE;
982 }
983 return ret;
984 }
985
986 /***********************************************************************
987 * QueryContextAttributesW
988 */
989 static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext,
990 unsigned long ulAttribute, void *pBuffer)
991 {
992 TRACE("%p %ld %p\n", phContext, ulAttribute, pBuffer);
993 if (!phContext)
994 return SEC_E_INVALID_HANDLE;
995
996 switch(ulAttribute)
997 {
998 #define _x(x) case (x) : FIXME(#x" stub\n"); break
999 _x(SECPKG_ATTR_ACCESS_TOKEN);
1000 _x(SECPKG_ATTR_AUTHORITY);
1001 _x(SECPKG_ATTR_DCE_INFO);
1002 case SECPKG_ATTR_FLAGS:
1003 {
1004 PSecPkgContext_Flags spcf = (PSecPkgContext_Flags)pBuffer;
1005 PNegoHelper helper = (PNegoHelper)phContext->dwLower;
1006
1007 spcf->Flags = 0;
1008 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
1009 spcf->Flags |= ISC_RET_INTEGRITY;
1010 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
1011 spcf->Flags |= ISC_RET_CONFIDENTIALITY;
1012 return SEC_E_OK;
1013 }
1014 _x(SECPKG_ATTR_KEY_INFO);
1015 _x(SECPKG_ATTR_LIFESPAN);
1016 _x(SECPKG_ATTR_NAMES);
1017 _x(SECPKG_ATTR_NATIVE_NAMES);
1018 _x(SECPKG_ATTR_NEGOTIATION_INFO);
1019 _x(SECPKG_ATTR_PACKAGE_INFO);
1020 _x(SECPKG_ATTR_PASSWORD_EXPIRY);
1021 _x(SECPKG_ATTR_SESSION_KEY);
1022 case SECPKG_ATTR_SIZES:
1023 {
1024 PSecPkgContext_Sizes spcs = (PSecPkgContext_Sizes)pBuffer;
1025 spcs->cbMaxToken = NTLM_MAX_BUF;
1026 spcs->cbMaxSignature = 16;
1027 spcs->cbBlockSize = 0;
1028 spcs->cbSecurityTrailer = 16;
1029 return SEC_E_OK;
1030 }
1031 _x(SECPKG_ATTR_STREAM_SIZES);
1032 _x(SECPKG_ATTR_TARGET_INFORMATION);
1033 #undef _x
1034 default:
1035 TRACE("Unknown value %ld passed for ulAttribute\n", ulAttribute);
1036 }
1037
1038 return SEC_E_UNSUPPORTED_FUNCTION;
1039 }
1040
1041 /***********************************************************************
1042 * QueryContextAttributesA
1043 */
1044 static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext,
1045 unsigned long ulAttribute, void *pBuffer)
1046 {
1047 return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
1048 }
1049
1050 /***********************************************************************
1051 * ImpersonateSecurityContext
1052 */
1053 static SECURITY_STATUS SEC_ENTRY ntlm_ImpersonateSecurityContext(PCtxtHandle phContext)
1054 {
1055 SECURITY_STATUS ret;
1056
1057 TRACE("%p\n", phContext);
1058 if (phContext)
1059 {
1060 ret = SEC_E_UNSUPPORTED_FUNCTION;
1061 }
1062 else
1063 {
1064 ret = SEC_E_INVALID_HANDLE;
1065 }
1066 return ret;
1067 }
1068
1069 /***********************************************************************
1070 * RevertSecurityContext
1071 */
1072 static SECURITY_STATUS SEC_ENTRY ntlm_RevertSecurityContext(PCtxtHandle phContext)
1073 {
1074 SECURITY_STATUS ret;
1075
1076 TRACE("%p\n", phContext);
1077 if (phContext)
1078 {
1079 ret = SEC_E_UNSUPPORTED_FUNCTION;
1080 }
1081 else
1082 {
1083 ret = SEC_E_INVALID_HANDLE;
1084 }
1085 return ret;
1086 }
1087
1088 /***********************************************************************
1089 * MakeSignature
1090 */
1091 static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
1092 PSecBufferDesc pMessage, ULONG MessageSeqNo)
1093 {
1094 PNegoHelper helper;
1095
1096 TRACE("%p %ld %p %ld\n", phContext, fQOP, pMessage, MessageSeqNo);
1097 if (!phContext)
1098 return SEC_E_INVALID_HANDLE;
1099
1100 if(fQOP)
1101 FIXME("Ignoring fQOP 0x%08lx", fQOP);
1102
1103 if(MessageSeqNo)
1104 FIXME("Ignoring MessageSeqNo");
1105
1106 if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2 ||
1107 pMessage->pBuffers[0].BufferType != SECBUFFER_TOKEN ||
1108 !pMessage->pBuffers[0].pvBuffer)
1109 return SEC_E_INVALID_TOKEN;
1110
1111 if(pMessage->pBuffers[0].cbBuffer < 16)
1112 return SEC_E_BUFFER_TOO_SMALL;
1113
1114 helper = (PNegoHelper)phContext->dwLower;
1115 TRACE("Negotiated flags are: 0x%08lx\n", helper->neg_flags);
1116 if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
1117 {
1118 FIXME("Can't handle NTLMv2 signing yet. Aborting.\n");
1119 return SEC_E_UNSUPPORTED_FUNCTION;
1120 }
1121 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
1122 {
1123 FIXME("Can't handle real signing yet. Aborting.\n");
1124 return SEC_E_UNSUPPORTED_FUNCTION;
1125 }
1126
1127 if(helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
1128 {
1129 FIXME("Can't handle encrypted session key yet. Aborting.\n");
1130 return SEC_E_UNSUPPORTED_FUNCTION;
1131 }
1132
1133 if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
1134 {
1135 TRACE("Generating dummy signature\n");
1136 /* A dummy signature is 0x01 followed by 15 bytes of 0x00 */
1137 memset(pMessage->pBuffers[0].pvBuffer, 0, 16);
1138 memset(pMessage->pBuffers[0].pvBuffer, 0x01, 1);
1139 pMessage->pBuffers[0].cbBuffer = 16;
1140 return SEC_E_OK;
1141 }
1142
1143 return SEC_E_UNSUPPORTED_FUNCTION;
1144 }
1145
1146 /***********************************************************************
1147 * VerifySignature
1148 */
1149 static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
1150 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
1151 {
1152 PNegoHelper helper;
1153 ULONG fQOP = 0;
1154
1155 TRACE("%p %p %ld %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
1156 if(!phContext)
1157 return SEC_E_INVALID_HANDLE;
1158
1159 if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2 ||
1160 pMessage->pBuffers[0].BufferType != SECBUFFER_TOKEN ||
1161 !pMessage->pBuffers[0].pvBuffer)
1162 return SEC_E_INVALID_TOKEN;
1163
1164 if(pMessage->pBuffers[0].cbBuffer < 16)
1165 return SEC_E_BUFFER_TOO_SMALL;
1166
1167 if(MessageSeqNo)
1168 FIXME("Ignoring MessageSeqNo\n");
1169
1170 helper = (PNegoHelper)phContext->dwLower;
1171 TRACE("Negotiated flags: 0x%08lx\n", helper->neg_flags);
1172
1173 if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2)
1174 {
1175 FIXME("Can't handle NTLMv2 signing yet. Aborting.\n");
1176 return SEC_E_UNSUPPORTED_FUNCTION;
1177 }
1178
1179 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
1180 {
1181 FIXME("Can't handle real signing yet. Aborting.\n");
1182 return SEC_E_UNSUPPORTED_FUNCTION;
1183 }
1184
1185 if(helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
1186 {
1187 FIXME("Can't handle encrypted session keys yet. Aborting.\n");
1188 return SEC_E_UNSUPPORTED_FUNCTION;
1189 }
1190
1191 if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
1192 {
1193 const BYTE dummy_sig[] = {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1194 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
1195 TRACE("Assuming dummy signature.\n");
1196 if(memcmp(pMessage->pBuffers[0].pvBuffer, dummy_sig, sizeof(dummy_sig)) != 0)
1197 {
1198 TRACE("Failed to verify the packet signature. Not a dummy signature?\n");
1199 return SEC_E_MESSAGE_ALTERED;
1200 }
1201 else
1202 {
1203 pfQOP = &fQOP;
1204 return SEC_E_OK;
1205 }
1206 }
1207
1208 return SEC_E_UNSUPPORTED_FUNCTION;
1209 }
1210
1211 /***********************************************************************
1212 * FreeCredentialsHandle
1213 */
1214 static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(
1215 PCredHandle phCredential)
1216 {
1217 SECURITY_STATUS ret;
1218
1219 if(phCredential){
1220 PNegoHelper helper = (PNegoHelper) phCredential->dwLower;
1221 phCredential->dwUpper = 0;
1222 phCredential->dwLower = 0;
1223 HeapFree(GetProcessHeap(), 0, helper->session_key);
1224 cleanup_helper(helper);
1225 ret = SEC_E_OK;
1226 }
1227 else
1228 ret = SEC_E_OK;
1229
1230 return ret;
1231 }
1232
1233 /***********************************************************************
1234 * EncryptMessage
1235 */
1236 static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
1237 ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
1238 {
1239 TRACE("%p %ld %p %ld stub\n", phContext, fQOP, pMessage, MessageSeqNo);
1240
1241 if(!phContext)
1242 return SEC_E_INVALID_HANDLE;
1243
1244 return SEC_E_UNSUPPORTED_FUNCTION;
1245 }
1246
1247 /***********************************************************************
1248 * DecryptMessage
1249 */
1250 static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext,
1251 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
1252 {
1253 TRACE("%p %p %ld %p stub\n", phContext, pMessage, MessageSeqNo, pfQOP);
1254
1255 if(!phContext)
1256 return SEC_E_INVALID_HANDLE;
1257
1258 return SEC_E_UNSUPPORTED_FUNCTION;
1259 }
1260
1261 static SecurityFunctionTableA ntlmTableA = {
1262 1,
1263 NULL, /* EnumerateSecurityPackagesA */
1264 ntlm_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
1265 ntlm_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
1266 ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
1267 NULL, /* Reserved2 */
1268 ntlm_InitializeSecurityContextA, /* InitializeSecurityContextA */
1269 ntlm_AcceptSecurityContext, /* AcceptSecurityContext */
1270 ntlm_CompleteAuthToken, /* CompleteAuthToken */
1271 ntlm_DeleteSecurityContext, /* DeleteSecurityContext */
1272 NULL, /* ApplyControlToken */
1273 ntlm_QueryContextAttributesA, /* QueryContextAttributesA */
1274 ntlm_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
1275 ntlm_RevertSecurityContext, /* RevertSecurityContext */
1276 ntlm_MakeSignature, /* MakeSignature */
1277 ntlm_VerifySignature, /* VerifySignature */
1278 FreeContextBuffer, /* FreeContextBuffer */
1279 NULL, /* QuerySecurityPackageInfoA */
1280 NULL, /* Reserved3 */
1281 NULL, /* Reserved4 */
1282 NULL, /* ExportSecurityContext */
1283 NULL, /* ImportSecurityContextA */
1284 NULL, /* AddCredentialsA */
1285 NULL, /* Reserved8 */
1286 NULL, /* QuerySecurityContextToken */
1287 ntlm_EncryptMessage, /* EncryptMessage */
1288 ntlm_DecryptMessage, /* DecryptMessage */
1289 NULL, /* SetContextAttributesA */
1290 };
1291
1292 static SecurityFunctionTableW ntlmTableW = {
1293 1,
1294 NULL, /* EnumerateSecurityPackagesW */
1295 ntlm_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
1296 ntlm_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
1297 ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
1298 NULL, /* Reserved2 */
1299 ntlm_InitializeSecurityContextW, /* InitializeSecurityContextW */
1300 ntlm_AcceptSecurityContext, /* AcceptSecurityContext */
1301 ntlm_CompleteAuthToken, /* CompleteAuthToken */
1302 ntlm_DeleteSecurityContext, /* DeleteSecurityContext */
1303 NULL, /* ApplyControlToken */
1304 ntlm_QueryContextAttributesW, /* QueryContextAttributesW */
1305 ntlm_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
1306 ntlm_RevertSecurityContext, /* RevertSecurityContext */
1307 ntlm_MakeSignature, /* MakeSignature */
1308 ntlm_VerifySignature, /* VerifySignature */
1309 FreeContextBuffer, /* FreeContextBuffer */
1310 NULL, /* QuerySecurityPackageInfoW */
1311 NULL, /* Reserved3 */
1312 NULL, /* Reserved4 */
1313 NULL, /* ExportSecurityContext */
1314 NULL, /* ImportSecurityContextW */
1315 NULL, /* AddCredentialsW */
1316 NULL, /* Reserved8 */
1317 NULL, /* QuerySecurityContextToken */
1318 ntlm_EncryptMessage, /* EncryptMessage */
1319 ntlm_DecryptMessage, /* DecryptMessage */
1320 NULL, /* SetContextAttributesW */
1321 };
1322
1323 #define NTLM_COMMENT \
1324 { 'N', 'T', 'L', 'M', ' ', \
1325 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', ' ', \
1326 'P', 'a', 'c', 'k', 'a', 'g', 'e', 0}
1327
1328 static CHAR ntlm_comment_A[] = NTLM_COMMENT;
1329 static WCHAR ntlm_comment_W[] = NTLM_COMMENT;
1330
1331 #define NTLM_NAME {'N', 'T', 'L', 'M', 0}
1332
1333 static char ntlm_name_A[] = NTLM_NAME;
1334 static WCHAR ntlm_name_W[] = NTLM_NAME;
1335
1336 /* According to Windows, NTLM has the following capabilities. */
1337 #define CAPS ( \
1338 SECPKG_FLAG_INTEGRITY | \
1339 SECPKG_FLAG_PRIVACY | \
1340 SECPKG_FLAG_TOKEN_ONLY | \
1341 SECPKG_FLAG_CONNECTION | \
1342 SECPKG_FLAG_MULTI_REQUIRED | \
1343 SECPKG_FLAG_IMPERSONATION | \
1344 SECPKG_FLAG_ACCEPT_WIN32_NAME | \
1345 SECPKG_FLAG_READONLY_WITH_CHECKSUM)
1346
1347 static const SecPkgInfoW infoW = {
1348 CAPS,
1349 1,
1350 RPC_C_AUTHN_WINNT,
1351 NTLM_MAX_BUF,
1352 ntlm_name_W,
1353 ntlm_comment_W
1354 };
1355
1356 static const SecPkgInfoA infoA = {
1357 CAPS,
1358 1,
1359 RPC_C_AUTHN_WINNT,
1360 NTLM_MAX_BUF,
1361 ntlm_name_A,
1362 ntlm_comment_A
1363 };
1364
1365 void SECUR32_initNTLMSP(void)
1366 {
1367 SECURITY_STATUS ret;
1368 PNegoHelper helper;
1369 static CHAR ntlm_auth[] = "ntlm_auth",
1370 version[] = "--version";
1371
1372 SEC_CHAR *args[] = {
1373 ntlm_auth,
1374 version,
1375 NULL };
1376
1377 if((ret = fork_helper(&helper, "ntlm_auth", args)) != SEC_E_OK)
1378 {
1379 /* Cheat and allocate a helper anyway, so cleanup later will work. */
1380 helper = HeapAlloc(GetProcessHeap(),0, sizeof(PNegoHelper));
1381 helper->version = -1;
1382 }
1383 else
1384 check_version(helper);
1385
1386 if(helper->version > 2)
1387 {
1388 SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
1389 SECUR32_addPackages(provider, 1L, &infoA, &infoW);
1390 }
1391 cleanup_helper(helper);
1392 }
Maarten's multimedia branch