From 0524963d7d9b26e6d130804f95c99bc2dbb318ad Mon Sep 17 00:00:00 2001 From: Jacek Caban Date: Mon, 27 Jun 2016 17:07:38 +0200 Subject: [PATCH] secur32: Added Kerberos provider stub implementation. Signed-off-by: Jacek Caban Signed-off-by: Alexandre Julliard --- dlls/secur32/Makefile.in | 1 + dlls/secur32/kerberos.c | 323 +++++++++++++++++++++++++++++++++++ dlls/secur32/secur32.c | 1 + dlls/secur32/secur32_priv.h | 1 + dlls/secur32/tests/secur32.c | 53 ++++++ 5 files changed, 379 insertions(+) create mode 100644 dlls/secur32/kerberos.c diff --git a/dlls/secur32/Makefile.in b/dlls/secur32/Makefile.in index c9acdee4572..6548521f53d 100644 --- a/dlls/secur32/Makefile.in +++ b/dlls/secur32/Makefile.in @@ -9,6 +9,7 @@ C_SRCS = \ base64_codec.c \ dispatcher.c \ hmac_md5.c \ + kerberos.c \ lsa.c \ negotiate.c \ ntlm.c \ diff --git a/dlls/secur32/kerberos.c b/dlls/secur32/kerberos.c new file mode 100644 index 00000000000..753e9748d20 --- /dev/null +++ b/dlls/secur32/kerberos.c @@ -0,0 +1,323 @@ +/* + * Copyright 2005, 2006 Kai Blin + * Copyright 2016 Jacek Caban for CodeWeavers + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include + +#include "windef.h" +#include "winbase.h" +#include "rpc.h" +#include "sspi.h" + +#include "secur32_priv.h" + +#include "wine/debug.h" + +WINE_DEFAULT_DEBUG_CHANNEL(secur32); + +#define KERBEROS_MAX_BUF 12000 + +/*********************************************************************** + * QueryCredentialsAttributesA + */ +static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer) +{ + FIXME("(%p %d %p)\n", phCredential, ulAttribute, pBuffer); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * QueryCredentialsAttributesW + */ +static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer) +{ + FIXME("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * AcquireCredentialsHandleW + */ +static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW(SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse, + LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry) +{ + FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse, + pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry); + return SEC_E_NO_CREDENTIALS; +} + +/*********************************************************************** + * AcquireCredentialsHandleA + */ +static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse, + LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry) +{ + FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse, + pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * InitializeSecurityContextW + */ +static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW(CredHandle *phCredential, CtxtHandle *phContext, SEC_WCHAR *pszTargetName, + ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext, + SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry) +{ + FIXME("(%p %p %s 0x%08x %d %d %p %d %p %p %p %p)\n", phCredential, phContext, debugstr_w(pszTargetName), + fContextReq, Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * InitializeSecurityContextA + */ +static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(CredHandle *phCredential, CtxtHandle *phContext, SEC_CHAR *pszTargetName, + ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext, + SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry) +{ + FIXME("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext, debugstr_a(pszTargetName), fContextReq, + Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * AcceptSecurityContext + */ +static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext(CredHandle *phCredential, CtxtHandle *phContext, SecBufferDesc *pInput, + ULONG fContextReq, ULONG TargetDataRep, CtxtHandle *phNewContext, SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry) +{ + FIXME("(%p %p %p %d %d %p %p %p %p)\n", phCredential, phContext, pInput, fContextReq, TargetDataRep, phNewContext, pOutput, + pfContextAttr, ptsExpiry); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * CompleteAuthToken + */ +static SECURITY_STATUS SEC_ENTRY kerberos_CompleteAuthToken(CtxtHandle *phContext, SecBufferDesc *pToken) +{ + FIXME("(%p %p)\n", phContext, pToken); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * DeleteSecurityContext + */ +static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext(CtxtHandle *phContext) +{ + FIXME("(%p)\n", phContext); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * QueryContextAttributesW + */ +static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer) +{ + FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * QueryContextAttributesA + */ +static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer) +{ + FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * ImpersonateSecurityContext + */ +static SECURITY_STATUS SEC_ENTRY kerberos_ImpersonateSecurityContext(CtxtHandle *phContext) +{ + FIXME("(%p)\n", phContext); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * RevertSecurityContext + */ +static SECURITY_STATUS SEC_ENTRY kerberos_RevertSecurityContext(CtxtHandle *phContext) +{ + FIXME("(%p)\n", phContext); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * MakeSignature + */ +static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo) +{ + FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * VerifySignature + */ +static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP) +{ + FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * FreeCredentialsHandle + */ +static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle(PCredHandle phCredential) +{ + FIXME("(%p)\n", phCredential); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * EncryptMessage + */ +static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo) +{ + FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +/*********************************************************************** + * DecryptMessage + */ +static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP) +{ + FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP); + return SEC_E_UNSUPPORTED_FUNCTION; +} + +static const SecurityFunctionTableA kerberosTableA = { + 1, + NULL, /* EnumerateSecurityPackagesA */ + kerberos_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */ + kerberos_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */ + kerberos_FreeCredentialsHandle, /* FreeCredentialsHandle */ + NULL, /* Reserved2 */ + kerberos_InitializeSecurityContextA, /* InitializeSecurityContextA */ + kerberos_AcceptSecurityContext, /* AcceptSecurityContext */ + kerberos_CompleteAuthToken, /* CompleteAuthToken */ + kerberos_DeleteSecurityContext, /* DeleteSecurityContext */ + NULL, /* ApplyControlToken */ + kerberos_QueryContextAttributesA, /* QueryContextAttributesA */ + kerberos_ImpersonateSecurityContext, /* ImpersonateSecurityContext */ + kerberos_RevertSecurityContext, /* RevertSecurityContext */ + kerberos_MakeSignature, /* MakeSignature */ + kerberos_VerifySignature, /* VerifySignature */ + FreeContextBuffer, /* FreeContextBuffer */ + NULL, /* QuerySecurityPackageInfoA */ + NULL, /* Reserved3 */ + NULL, /* Reserved4 */ + NULL, /* ExportSecurityContext */ + NULL, /* ImportSecurityContextA */ + NULL, /* AddCredentialsA */ + NULL, /* Reserved8 */ + NULL, /* QuerySecurityContextToken */ + kerberos_EncryptMessage, /* EncryptMessage */ + kerberos_DecryptMessage, /* DecryptMessage */ + NULL, /* SetContextAttributesA */ +}; + +static const SecurityFunctionTableW kerberosTableW = { + 1, + NULL, /* EnumerateSecurityPackagesW */ + kerberos_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */ + kerberos_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */ + kerberos_FreeCredentialsHandle, /* FreeCredentialsHandle */ + NULL, /* Reserved2 */ + kerberos_InitializeSecurityContextW, /* InitializeSecurityContextW */ + kerberos_AcceptSecurityContext, /* AcceptSecurityContext */ + kerberos_CompleteAuthToken, /* CompleteAuthToken */ + kerberos_DeleteSecurityContext, /* DeleteSecurityContext */ + NULL, /* ApplyControlToken */ + kerberos_QueryContextAttributesW, /* QueryContextAttributesW */ + kerberos_ImpersonateSecurityContext, /* ImpersonateSecurityContext */ + kerberos_RevertSecurityContext, /* RevertSecurityContext */ + kerberos_MakeSignature, /* MakeSignature */ + kerberos_VerifySignature, /* VerifySignature */ + FreeContextBuffer, /* FreeContextBuffer */ + NULL, /* QuerySecurityPackageInfoW */ + NULL, /* Reserved3 */ + NULL, /* Reserved4 */ + NULL, /* ExportSecurityContext */ + NULL, /* ImportSecurityContextW */ + NULL, /* AddCredentialsW */ + NULL, /* Reserved8 */ + NULL, /* QuerySecurityContextToken */ + kerberos_EncryptMessage, /* EncryptMessage */ + kerberos_DecryptMessage, /* DecryptMessage */ + NULL, /* SetContextAttributesW */ +}; + +#define KERBEROS_COMMENT \ + {'M','i','c','r','o','s','o','f','t',' ','K','e','r','b','e','r','o','s',' ','V','1','.','0',0} +static CHAR kerberos_comment_A[] = KERBEROS_COMMENT; +static WCHAR kerberos_comment_W[] = KERBEROS_COMMENT; + +#define KERBEROS_NAME {'K','e','r','b','e','r','o','s',0} +static char kerberos_name_A[] = KERBEROS_NAME; +static WCHAR kerberos_name_W[] = KERBEROS_NAME; + +#define CAPS \ + ( SECPKG_FLAG_INTEGRITY \ + | SECPKG_FLAG_PRIVACY \ + | SECPKG_FLAG_TOKEN_ONLY \ + | SECPKG_FLAG_DATAGRAM \ + | SECPKG_FLAG_CONNECTION \ + | SECPKG_FLAG_MULTI_REQUIRED \ + | SECPKG_FLAG_EXTENDED_ERROR \ + | SECPKG_FLAG_IMPERSONATION \ + | SECPKG_FLAG_ACCEPT_WIN32_NAME \ + | SECPKG_FLAG_NEGOTIABLE \ + | SECPKG_FLAG_GSS_COMPATIBLE \ + | SECPKG_FLAG_LOGON \ + | SECPKG_FLAG_MUTUAL_AUTH \ + | SECPKG_FLAG_DELEGATION \ + | SECPKG_FLAG_READONLY_WITH_CHECKSUM \ + | SECPKG_FLAG_RESTRICTED_TOKENS \ + | SECPKG_FLAG_APPCONTAINER_CHECKS) + +static const SecPkgInfoW infoW = { + CAPS, + 1, + RPC_C_AUTHN_GSS_KERBEROS, + KERBEROS_MAX_BUF, + kerberos_name_W, + kerberos_comment_W +}; + +static const SecPkgInfoA infoA = { + CAPS, + 1, + RPC_C_AUTHN_GSS_KERBEROS, + KERBEROS_MAX_BUF, + kerberos_name_A, + kerberos_comment_A +}; + +void SECUR32_initKerberosSP(void) +{ + SecureProvider *provider = SECUR32_addProvider(&kerberosTableA, &kerberosTableW, NULL); + SECUR32_addPackages(provider, 1, &infoA, &infoW); +} diff --git a/dlls/secur32/secur32.c b/dlls/secur32/secur32.c index 1605c7fad8a..76f6f370ce1 100644 --- a/dlls/secur32/secur32.c +++ b/dlls/secur32/secur32.c @@ -564,6 +564,7 @@ static void SECUR32_initializeProviders(void) /* First load built-in providers */ SECUR32_initSchannelSP(); SECUR32_initNTLMSP(); + SECUR32_initKerberosSP(); /* Load the Negotiate provider last so apps stumble over the working NTLM * provider first. Attempting to fix bug #16905 while keeping the * application reported on wine-users on 2006-09-12 working. */ diff --git a/dlls/secur32/secur32_priv.h b/dlls/secur32/secur32_priv.h index 9985cac8b8c..1baa543fe15 100644 --- a/dlls/secur32/secur32_priv.h +++ b/dlls/secur32/secur32_priv.h @@ -136,6 +136,7 @@ PSTR SECUR32_AllocMultiByteFromWide(PCWSTR str) DECLSPEC_HIDDEN; void SECUR32_initSchannelSP(void) DECLSPEC_HIDDEN; void SECUR32_initNegotiateSP(void) DECLSPEC_HIDDEN; void SECUR32_initNTLMSP(void) DECLSPEC_HIDDEN; +void SECUR32_initKerberosSP(void) DECLSPEC_HIDDEN; /* Cleanup functions for built-in providers */ void SECUR32_deinitSchannelSP(void) DECLSPEC_HIDDEN; diff --git a/dlls/secur32/tests/secur32.c b/dlls/secur32/tests/secur32.c index 97944d1089d..49103bdea3f 100644 --- a/dlls/secur32/tests/secur32.c +++ b/dlls/secur32/tests/secur32.c @@ -22,6 +22,8 @@ #include #include #include +#include +#include #define SECURITY_WIN32 #include #include @@ -315,6 +317,55 @@ static void test_SspiEncodeStringsAsAuthIdentity(void) pSspiFreeAuthIdentity( id ); } +static void test_kerberos(void) +{ + SecPkgInfoA *info; + TimeStamp ttl; + CredHandle cred; + SECURITY_STATUS status; + + SEC_CHAR provider[] = {'K','e','r','b','e','r','o','s',0}; + + static const ULONG expected_flags = + SECPKG_FLAG_INTEGRITY + | SECPKG_FLAG_PRIVACY + | SECPKG_FLAG_TOKEN_ONLY + | SECPKG_FLAG_DATAGRAM + | SECPKG_FLAG_CONNECTION + | SECPKG_FLAG_MULTI_REQUIRED + | SECPKG_FLAG_EXTENDED_ERROR + | SECPKG_FLAG_IMPERSONATION + | SECPKG_FLAG_ACCEPT_WIN32_NAME + | SECPKG_FLAG_NEGOTIABLE + | SECPKG_FLAG_GSS_COMPATIBLE + | SECPKG_FLAG_LOGON + | SECPKG_FLAG_MUTUAL_AUTH + | SECPKG_FLAG_DELEGATION + | SECPKG_FLAG_READONLY_WITH_CHECKSUM; + static const ULONG optional_mask = + SECPKG_FLAG_RESTRICTED_TOKENS + | SECPKG_FLAG_APPCONTAINER_CHECKS; + + status = QuerySecurityPackageInfoA(provider, &info); + ok(status == SEC_E_OK, "Kerberos package not installed, skipping test\n"); + if(status != SEC_E_OK) + return; + + ok( (info->fCapabilities & ~optional_mask) == expected_flags, "got %08x, expected %08x\n", info->fCapabilities, expected_flags ); + ok( info->wVersion == 1, "got %u\n", info->wVersion ); + ok( info->wRPCID == RPC_C_AUTHN_GSS_KERBEROS, "got %u\n", info->wRPCID ); + ok( info->cbMaxToken >= 12000, "got %u\n", info->cbMaxToken ); + ok( !lstrcmpA( info->Name, "Kerberos" ), "got %s\n", info->Name ); + ok( !lstrcmpA( info->Comment, "Microsoft Kerberos V1.0" ), "got %s\n", info->Comment ); + FreeContextBuffer( info ); + + status = AcquireCredentialsHandleA( NULL, provider, SECPKG_CRED_OUTBOUND, NULL, + NULL, NULL, NULL, &cred, &ttl ); + todo_wine ok( status == SEC_E_OK, "AcquireCredentialsHandleA returned %08x\n", status ); + if(status == SEC_E_OK) + FreeCredentialHandle( &cred ); +} + START_TEST(secur32) { secdll = LoadLibraryA("secur32.dll"); @@ -361,4 +412,6 @@ START_TEST(secur32) FreeLibrary(secdll); } + + test_kerberos(); }