secur32: Added Kerberos provider stub implementation.

Signed-off-by: Jacek Caban <jacek@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Jacek Caban 2016-06-27 17:07:38 +02:00 committed by Alexandre Julliard
parent 3b6cb60ea6
commit 0524963d7d
5 changed files with 379 additions and 0 deletions

View File

@ -9,6 +9,7 @@ C_SRCS = \
base64_codec.c \
dispatcher.c \
hmac_md5.c \
kerberos.c \
lsa.c \
negotiate.c \
ntlm.c \

323
dlls/secur32/kerberos.c Normal file
View File

@ -0,0 +1,323 @@
/*
* Copyright 2005, 2006 Kai Blin
* Copyright 2016 Jacek Caban for CodeWeavers
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*/
#include <assert.h>
#include <stdarg.h>
#include <stdio.h>
#include "windef.h"
#include "winbase.h"
#include "rpc.h"
#include "sspi.h"
#include "secur32_priv.h"
#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(secur32);
#define KERBEROS_MAX_BUF 12000
/***********************************************************************
* QueryCredentialsAttributesA
*/
static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer)
{
FIXME("(%p %d %p)\n", phCredential, ulAttribute, pBuffer);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* QueryCredentialsAttributesW
*/
static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer)
{
FIXME("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* AcquireCredentialsHandleW
*/
static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW(SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry)
{
FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
return SEC_E_NO_CREDENTIALS;
}
/***********************************************************************
* AcquireCredentialsHandleA
*/
static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry)
{
FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* InitializeSecurityContextW
*/
static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW(CredHandle *phCredential, CtxtHandle *phContext, SEC_WCHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext,
SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
{
FIXME("(%p %p %s 0x%08x %d %d %p %d %p %p %p %p)\n", phCredential, phContext, debugstr_w(pszTargetName),
fContextReq, Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* InitializeSecurityContextA
*/
static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(CredHandle *phCredential, CtxtHandle *phContext, SEC_CHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext,
SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
{
FIXME("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext, debugstr_a(pszTargetName), fContextReq,
Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* AcceptSecurityContext
*/
static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext(CredHandle *phCredential, CtxtHandle *phContext, SecBufferDesc *pInput,
ULONG fContextReq, ULONG TargetDataRep, CtxtHandle *phNewContext, SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
{
FIXME("(%p %p %p %d %d %p %p %p %p)\n", phCredential, phContext, pInput, fContextReq, TargetDataRep, phNewContext, pOutput,
pfContextAttr, ptsExpiry);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* CompleteAuthToken
*/
static SECURITY_STATUS SEC_ENTRY kerberos_CompleteAuthToken(CtxtHandle *phContext, SecBufferDesc *pToken)
{
FIXME("(%p %p)\n", phContext, pToken);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* DeleteSecurityContext
*/
static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext(CtxtHandle *phContext)
{
FIXME("(%p)\n", phContext);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* QueryContextAttributesW
*/
static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer)
{
FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* QueryContextAttributesA
*/
static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer)
{
FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* ImpersonateSecurityContext
*/
static SECURITY_STATUS SEC_ENTRY kerberos_ImpersonateSecurityContext(CtxtHandle *phContext)
{
FIXME("(%p)\n", phContext);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* RevertSecurityContext
*/
static SECURITY_STATUS SEC_ENTRY kerberos_RevertSecurityContext(CtxtHandle *phContext)
{
FIXME("(%p)\n", phContext);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* MakeSignature
*/
static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo)
{
FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* VerifySignature
*/
static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* FreeCredentialsHandle
*/
static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle(PCredHandle phCredential)
{
FIXME("(%p)\n", phCredential);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* EncryptMessage
*/
static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo)
{
FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* DecryptMessage
*/
static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
return SEC_E_UNSUPPORTED_FUNCTION;
}
static const SecurityFunctionTableA kerberosTableA = {
1,
NULL, /* EnumerateSecurityPackagesA */
kerberos_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
kerberos_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
kerberos_FreeCredentialsHandle, /* FreeCredentialsHandle */
NULL, /* Reserved2 */
kerberos_InitializeSecurityContextA, /* InitializeSecurityContextA */
kerberos_AcceptSecurityContext, /* AcceptSecurityContext */
kerberos_CompleteAuthToken, /* CompleteAuthToken */
kerberos_DeleteSecurityContext, /* DeleteSecurityContext */
NULL, /* ApplyControlToken */
kerberos_QueryContextAttributesA, /* QueryContextAttributesA */
kerberos_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
kerberos_RevertSecurityContext, /* RevertSecurityContext */
kerberos_MakeSignature, /* MakeSignature */
kerberos_VerifySignature, /* VerifySignature */
FreeContextBuffer, /* FreeContextBuffer */
NULL, /* QuerySecurityPackageInfoA */
NULL, /* Reserved3 */
NULL, /* Reserved4 */
NULL, /* ExportSecurityContext */
NULL, /* ImportSecurityContextA */
NULL, /* AddCredentialsA */
NULL, /* Reserved8 */
NULL, /* QuerySecurityContextToken */
kerberos_EncryptMessage, /* EncryptMessage */
kerberos_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributesA */
};
static const SecurityFunctionTableW kerberosTableW = {
1,
NULL, /* EnumerateSecurityPackagesW */
kerberos_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
kerberos_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
kerberos_FreeCredentialsHandle, /* FreeCredentialsHandle */
NULL, /* Reserved2 */
kerberos_InitializeSecurityContextW, /* InitializeSecurityContextW */
kerberos_AcceptSecurityContext, /* AcceptSecurityContext */
kerberos_CompleteAuthToken, /* CompleteAuthToken */
kerberos_DeleteSecurityContext, /* DeleteSecurityContext */
NULL, /* ApplyControlToken */
kerberos_QueryContextAttributesW, /* QueryContextAttributesW */
kerberos_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
kerberos_RevertSecurityContext, /* RevertSecurityContext */
kerberos_MakeSignature, /* MakeSignature */
kerberos_VerifySignature, /* VerifySignature */
FreeContextBuffer, /* FreeContextBuffer */
NULL, /* QuerySecurityPackageInfoW */
NULL, /* Reserved3 */
NULL, /* Reserved4 */
NULL, /* ExportSecurityContext */
NULL, /* ImportSecurityContextW */
NULL, /* AddCredentialsW */
NULL, /* Reserved8 */
NULL, /* QuerySecurityContextToken */
kerberos_EncryptMessage, /* EncryptMessage */
kerberos_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributesW */
};
#define KERBEROS_COMMENT \
{'M','i','c','r','o','s','o','f','t',' ','K','e','r','b','e','r','o','s',' ','V','1','.','0',0}
static CHAR kerberos_comment_A[] = KERBEROS_COMMENT;
static WCHAR kerberos_comment_W[] = KERBEROS_COMMENT;
#define KERBEROS_NAME {'K','e','r','b','e','r','o','s',0}
static char kerberos_name_A[] = KERBEROS_NAME;
static WCHAR kerberos_name_W[] = KERBEROS_NAME;
#define CAPS \
( SECPKG_FLAG_INTEGRITY \
| SECPKG_FLAG_PRIVACY \
| SECPKG_FLAG_TOKEN_ONLY \
| SECPKG_FLAG_DATAGRAM \
| SECPKG_FLAG_CONNECTION \
| SECPKG_FLAG_MULTI_REQUIRED \
| SECPKG_FLAG_EXTENDED_ERROR \
| SECPKG_FLAG_IMPERSONATION \
| SECPKG_FLAG_ACCEPT_WIN32_NAME \
| SECPKG_FLAG_NEGOTIABLE \
| SECPKG_FLAG_GSS_COMPATIBLE \
| SECPKG_FLAG_LOGON \
| SECPKG_FLAG_MUTUAL_AUTH \
| SECPKG_FLAG_DELEGATION \
| SECPKG_FLAG_READONLY_WITH_CHECKSUM \
| SECPKG_FLAG_RESTRICTED_TOKENS \
| SECPKG_FLAG_APPCONTAINER_CHECKS)
static const SecPkgInfoW infoW = {
CAPS,
1,
RPC_C_AUTHN_GSS_KERBEROS,
KERBEROS_MAX_BUF,
kerberos_name_W,
kerberos_comment_W
};
static const SecPkgInfoA infoA = {
CAPS,
1,
RPC_C_AUTHN_GSS_KERBEROS,
KERBEROS_MAX_BUF,
kerberos_name_A,
kerberos_comment_A
};
void SECUR32_initKerberosSP(void)
{
SecureProvider *provider = SECUR32_addProvider(&kerberosTableA, &kerberosTableW, NULL);
SECUR32_addPackages(provider, 1, &infoA, &infoW);
}

View File

@ -564,6 +564,7 @@ static void SECUR32_initializeProviders(void)
/* First load built-in providers */
SECUR32_initSchannelSP();
SECUR32_initNTLMSP();
SECUR32_initKerberosSP();
/* Load the Negotiate provider last so apps stumble over the working NTLM
* provider first. Attempting to fix bug #16905 while keeping the
* application reported on wine-users on 2006-09-12 working. */

View File

@ -136,6 +136,7 @@ PSTR SECUR32_AllocMultiByteFromWide(PCWSTR str) DECLSPEC_HIDDEN;
void SECUR32_initSchannelSP(void) DECLSPEC_HIDDEN;
void SECUR32_initNegotiateSP(void) DECLSPEC_HIDDEN;
void SECUR32_initNTLMSP(void) DECLSPEC_HIDDEN;
void SECUR32_initKerberosSP(void) DECLSPEC_HIDDEN;
/* Cleanup functions for built-in providers */
void SECUR32_deinitSchannelSP(void) DECLSPEC_HIDDEN;

View File

@ -22,6 +22,8 @@
#include <windef.h>
#include <winbase.h>
#include <winnls.h>
#include <rpc.h>
#include <rpcdce.h>
#define SECURITY_WIN32
#include <security.h>
#include <schannel.h>
@ -315,6 +317,55 @@ static void test_SspiEncodeStringsAsAuthIdentity(void)
pSspiFreeAuthIdentity( id );
}
static void test_kerberos(void)
{
SecPkgInfoA *info;
TimeStamp ttl;
CredHandle cred;
SECURITY_STATUS status;
SEC_CHAR provider[] = {'K','e','r','b','e','r','o','s',0};
static const ULONG expected_flags =
SECPKG_FLAG_INTEGRITY
| SECPKG_FLAG_PRIVACY
| SECPKG_FLAG_TOKEN_ONLY
| SECPKG_FLAG_DATAGRAM
| SECPKG_FLAG_CONNECTION
| SECPKG_FLAG_MULTI_REQUIRED
| SECPKG_FLAG_EXTENDED_ERROR
| SECPKG_FLAG_IMPERSONATION
| SECPKG_FLAG_ACCEPT_WIN32_NAME
| SECPKG_FLAG_NEGOTIABLE
| SECPKG_FLAG_GSS_COMPATIBLE
| SECPKG_FLAG_LOGON
| SECPKG_FLAG_MUTUAL_AUTH
| SECPKG_FLAG_DELEGATION
| SECPKG_FLAG_READONLY_WITH_CHECKSUM;
static const ULONG optional_mask =
SECPKG_FLAG_RESTRICTED_TOKENS
| SECPKG_FLAG_APPCONTAINER_CHECKS;
status = QuerySecurityPackageInfoA(provider, &info);
ok(status == SEC_E_OK, "Kerberos package not installed, skipping test\n");
if(status != SEC_E_OK)
return;
ok( (info->fCapabilities & ~optional_mask) == expected_flags, "got %08x, expected %08x\n", info->fCapabilities, expected_flags );
ok( info->wVersion == 1, "got %u\n", info->wVersion );
ok( info->wRPCID == RPC_C_AUTHN_GSS_KERBEROS, "got %u\n", info->wRPCID );
ok( info->cbMaxToken >= 12000, "got %u\n", info->cbMaxToken );
ok( !lstrcmpA( info->Name, "Kerberos" ), "got %s\n", info->Name );
ok( !lstrcmpA( info->Comment, "Microsoft Kerberos V1.0" ), "got %s\n", info->Comment );
FreeContextBuffer( info );
status = AcquireCredentialsHandleA( NULL, provider, SECPKG_CRED_OUTBOUND, NULL,
NULL, NULL, NULL, &cred, &ttl );
todo_wine ok( status == SEC_E_OK, "AcquireCredentialsHandleA returned %08x\n", status );
if(status == SEC_E_OK)
FreeCredentialHandle( &cred );
}
START_TEST(secur32)
{
secdll = LoadLibraryA("secur32.dll");
@ -361,4 +412,6 @@ START_TEST(secur32)
FreeLibrary(secdll);
}
test_kerberos();
}