ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

secur32: Implement a Negotiate provider that forwards to NTLM.

This commit is contained in:
Hans Leidekker 2012-05-10 13:06:20 +02:00 committed by Alexandre Julliard
parent 3181577810
commit 19f8c79f9e
3 changed files with 321 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

490
dlls/secur32/negotiate.c
View File

@ -1,5 +1,6 @@
/*
* Copyright 2005 Kai Blin
* Copyright 2012 Hans Leidekker for CodeWeavers
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@ -15,99 +16,40 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
* This file implements the negotiate provider.
* FIXME: So far, this beast doesn't do anything.
* This file implements a Negotiate provider that simply forwards to
* the NTLM provider.
*/
#include <assert.h>
#include <stdarg.h>
#include "windef.h"
#include "winbase.h"
#include "sspi.h"
#include "rpc.h"
#include "wincred.h"
#include "secur32_priv.h"
#include "wine/debug.h"
#include "wine/unicode.h"
WINE_DEFAULT_DEBUG_CHANNEL(secur32);
/* Disable for now, see longer comment for SECUR32_initNegotiateSP below */
#if 0
static char nego_name_A[] = "Negotiate";
static WCHAR nego_name_W[] = {'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', 0};
#endif
static SECURITY_STATUS nego_QueryCredentialsAttributes(PCredHandle phCredential,
ULONG ulAttribute, PVOID pBuffer)
{
SECURITY_STATUS ret;
/* FIXME: More attributes to be added here. Need to fix the sspi.h header
* for that, too.
*/
switch(ulAttribute)
{
default:
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
return ret;
}
/***********************************************************************
* QueryCredentialsAttributesA
*/
static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesA(
PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
{
SECURITY_STATUS ret;
TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
switch(ulAttribute)
{
case SECPKG_CRED_ATTR_NAMES:
FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
ret = SEC_E_UNSUPPORTED_FUNCTION;
break;
default:
ret = nego_QueryCredentialsAttributes(phCredential, ulAttribute,
pBuffer);
}
return ret;
FIXME("%p, %u, %p\n", phCredential, ulAttribute, pBuffer);
return SEC_E_UNSUPPORTED_FUNCTION;
}
/***********************************************************************
* QueryCredentialsAttributesW
*/
static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesW(
PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
{
SECURITY_STATUS ret;
TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
switch(ulAttribute)
{
case SECPKG_CRED_ATTR_NAMES:
FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
ret = SEC_E_UNSUPPORTED_FUNCTION;
break;
default:
ret = nego_QueryCredentialsAttributes(phCredential, ulAttribute,
pBuffer);
}
return ret;
}
/***********************************************************************
* AcquireCredentialsHandleA
*/
static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
{
TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p) stub\n",
debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
FIXME("%p, %u, %p\n", phCredential, ulAttribute, pBuffer);
return SEC_E_UNSUPPORTED_FUNCTION;
}
@ -115,37 +57,110 @@ static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
* AcquireCredentialsHandleW
*/
static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW(
SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
{
TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p) stub\n",
debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
return SEC_E_UNSUPPORTED_FUNCTION;
static SEC_WCHAR ntlmW[] = {'N','T','L','M',0};
SECURITY_STATUS ret;
TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
FIXME("forwarding to NTLM\n");
ret = ntlm_AcquireCredentialsHandleW( pszPrincipal, ntlmW, fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument,
phCredential, ptsExpiry );
if (ret == SEC_E_OK)
{
NtlmCredentials *cred = (NtlmCredentials *)phCredential->dwLower;
cred->no_cached_credentials = (pAuthData == NULL);
}
return ret;
}
/***********************************************************************
* InitializeSecurityContextA
* AcquireCredentialsHandleA
*/
static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA(
PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
{
SECURITY_STATUS ret;
SECURITY_STATUS ret = SEC_E_INSUFFICIENT_MEMORY;
SEC_WCHAR *user = NULL, *domain = NULL, *passwd = NULL, *package = NULL;
SEC_WINNT_AUTH_IDENTITY_W *identityW = NULL;
TRACE("%p %p %s 0x%08x %d %d %p %d %p %p %p %p\n", phCredential, phContext,
debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if(phCredential){
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
if (pszPackage)
{
ret = SEC_E_INVALID_HANDLE;
int package_len = MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, NULL, 0 );
package = HeapAlloc( GetProcessHeap(), 0, package_len * sizeof(SEC_WCHAR) );
if (!package) return SEC_E_INSUFFICIENT_MEMORY;
MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, package, package_len );
}
if (pAuthData)
{
SEC_WINNT_AUTH_IDENTITY_A *identity = pAuthData;
int user_len, domain_len, passwd_len;
if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
{
identityW = HeapAlloc( GetProcessHeap(), 0, sizeof(*identityW) );
if (!identityW) goto done;
if (!identity->UserLength) user_len = 0;
else
{
user_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User,
identity->UserLength, NULL, 0 );
user = HeapAlloc( GetProcessHeap(), 0, user_len * sizeof(SEC_WCHAR) );
if (!user) goto done;
MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User, identity->UserLength,
user, user_len );
}
if (!identity->DomainLength) domain_len = 0;
else
{
domain_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain,
identity->DomainLength, NULL, 0 );
domain = HeapAlloc( GetProcessHeap(), 0, domain_len * sizeof(SEC_WCHAR) );
if (!domain) goto done;
MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain, identity->DomainLength,
domain, domain_len );
}
if (!identity->PasswordLength) passwd_len = 0;
else
{
passwd_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password,
identity->PasswordLength, NULL, 0 );
passwd = HeapAlloc( GetProcessHeap(), 0, passwd_len * sizeof(SEC_WCHAR) );
if (!passwd) goto done;
MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password, identity->PasswordLength,
passwd, passwd_len );
}
identityW->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
identityW->User = user;
identityW->UserLength = user_len;
identityW->Domain = domain;
identityW->DomainLength = domain_len;
identityW->Password = passwd;
identityW->PasswordLength = passwd_len;
}
else identityW = (SEC_WINNT_AUTH_IDENTITY_W *)identity;
}
ret = nego_AcquireCredentialsHandleW( NULL, package, fCredentialUse, pLogonID, identityW,
pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry );
done:
HeapFree( GetProcessHeap(), 0, package );
HeapFree( GetProcessHeap(), 0, user );
HeapFree( GetProcessHeap(), 0, domain );
HeapFree( GetProcessHeap(), 0, passwd );
HeapFree( GetProcessHeap(), 0, identityW );
return ret;
}
@ -153,24 +168,50 @@ static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA(
* InitializeSecurityContextW
*/
static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW(
PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput,ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
{
TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
phCredential, phContext, debugstr_w(pszTargetName), fContextReq,
Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
pfContextAttr, ptsExpiry);
return ntlm_InitializeSecurityContextW( phCredential, phContext, pszTargetName,
fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext,
pOutput, pfContextAttr, ptsExpiry );
}
/***********************************************************************
* InitializeSecurityContextA
*/
static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA(
PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
{
SECURITY_STATUS ret;
SEC_WCHAR *target = NULL;
TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if (phCredential)
TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
phCredential, phContext, debugstr_a(pszTargetName), fContextReq,
Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
pfContextAttr, ptsExpiry);
if (pszTargetName)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
int target_len = MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, NULL, 0 );
target = HeapAlloc(GetProcessHeap(), 0, target_len * sizeof(SEC_WCHAR) );
if (!target) return SEC_E_INSUFFICIENT_MEMORY;
MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, target, target_len );
}
ret = nego_InitializeSecurityContextW( phCredential, phContext, target, fContextReq,
Reserved1, TargetDataRep, pInput, Reserved2,
phNewContext, pOutput, pfContextAttr, ptsExpiry );
HeapFree( GetProcessHeap(), 0, target );
return ret;
}
@ -178,24 +219,17 @@ static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW(
* AcceptSecurityContext
*/
static SECURITY_STATUS SEC_ENTRY nego_AcceptSecurityContext(
PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
{
SECURITY_STATUS ret;
TRACE("%p, %p, %p, 0x%08x, %u, %p, %p, %p, %p\n", phCredential, phContext,
pInput, fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
ptsExpiry);
TRACE("%p %p %p %d %d %p %p %p %p\n", phCredential, phContext, pInput,
fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
ptsExpiry);
if (phCredential)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
return ret;
return ntlm_AcceptSecurityContext( phCredential, phContext, pInput,
fContextReq, TargetDataRep, phNewContext,
pOutput, pfContextAttr, ptsExpiry );
}
/***********************************************************************
@ -223,18 +257,9 @@ static SECURITY_STATUS SEC_ENTRY nego_CompleteAuthToken(PCtxtHandle phContext,
*/
static SECURITY_STATUS SEC_ENTRY nego_DeleteSecurityContext(PCtxtHandle phContext)
{
SECURITY_STATUS ret;
TRACE("%p\n", phContext);
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
return ret;
return ntlm_DeleteSecurityContext( phContext );
}
/***********************************************************************
@ -260,25 +285,32 @@ static SECURITY_STATUS SEC_ENTRY nego_ApplyControlToken(PCtxtHandle phContext,
/***********************************************************************
* QueryContextAttributesW
*/
static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(PCtxtHandle phContext,
ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(
PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
{
SECURITY_STATUS ret;
TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
/* FIXME: From reading wrapper.h, I think the dwUpper part of a context is
* the SecurePackage part and the dwLower part is the actual context
* handle. It should be easy to extract the context attributes from that.
*/
TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer);
if (phContext)
switch (ulAttribute)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
case SECPKG_ATTR_SIZES:
{
ret = SEC_E_INVALID_HANDLE;
SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)pBuffer;
sizes->cbMaxToken = 2888;
sizes->cbMaxSignature = 16;
sizes->cbSecurityTrailer = 16;
sizes->cbBlockSize = 0;
return SEC_E_OK;
}
case SECPKG_ATTR_NEGOTIATION_INFO:
{
SecPkgContext_NegotiationInfoW *info = (SecPkgContext_NegotiationInfoW *)pBuffer;
info->PackageInfo = ntlm_package_infoW;
info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
return SEC_E_OK;
}
default:
return ntlm_QueryContextAttributesW( phContext, ulAttribute, pBuffer );
}
return ret;
}
/***********************************************************************
@ -287,7 +319,29 @@ static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(PCtxtHandle phCont
static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesA(PCtxtHandle phContext,
ULONG ulAttribute, void *pBuffer)
{
return nego_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
switch (ulAttribute)
{
case SECPKG_ATTR_SIZES:
{
SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)pBuffer;
sizes->cbMaxToken = 2888;
sizes->cbMaxSignature = 16;
sizes->cbSecurityTrailer = 16;
sizes->cbBlockSize = 0;
return SEC_E_OK;
}
case SECPKG_ATTR_NEGOTIATION_INFO:
{
SecPkgContext_NegotiationInfoA *info = (SecPkgContext_NegotiationInfoA *)pBuffer;
info->PackageInfo = ntlm_package_infoA;
info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
return SEC_E_OK;
}
default:
return ntlm_QueryContextAttributesA( phContext, ulAttribute, pBuffer );
}
}
/***********************************************************************
@ -331,52 +385,64 @@ static SECURITY_STATUS SEC_ENTRY nego_RevertSecurityContext(PCtxtHandle phContex
/***********************************************************************
* MakeSignature
*/
static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
PSecBufferDesc pMessage, ULONG MessageSeqNo)
static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
SECURITY_STATUS ret;
TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
TRACE("%p %d %p %d\n", phContext, fQOP, pMessage, MessageSeqNo);
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
return ret;
return ntlm_MakeSignature( phContext, fQOP, pMessage, MessageSeqNo );
}
/***********************************************************************
* VerifySignature
*/
static SECURITY_STATUS SEC_ENTRY nego_VerifySignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
SECURITY_STATUS ret;
TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
TRACE("%p %p %d %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
return ret;
return ntlm_VerifySignature( phContext, pMessage, MessageSeqNo, pfQOP );
}
/***********************************************************************
* FreeCredentialsHandle
*/
SECURITY_STATUS SEC_ENTRY nego_FreeCredentialsHandle(PCredHandle phCredential)
{
TRACE("%p\n", phCredential);
return ntlm_FreeCredentialsHandle( phCredential );
}
/***********************************************************************
* EncryptMessage
*/
SECURITY_STATUS SEC_ENTRY nego_EncryptMessage(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
return ntlm_EncryptMessage( phContext, fQOP, pMessage, MessageSeqNo );
}
/***********************************************************************
* DecryptMessage
*/
SECURITY_STATUS SEC_ENTRY nego_DecryptMessage(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
return ntlm_DecryptMessage( phContext, pMessage, MessageSeqNo, pfQOP );
}
static const SecurityFunctionTableA negoTableA = {
1,
NULL, /* EnumerateSecurityPackagesA */
NULL, /* EnumerateSecurityPackagesA */
nego_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
nego_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
FreeCredentialsHandle, /* FreeCredentialsHandle */
NULL, /* Reserved2 */
nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
NULL, /* Reserved2 */
nego_InitializeSecurityContextA, /* InitializeSecurityContextA */
nego_AcceptSecurityContext, /* AcceptSecurityContext */
nego_CompleteAuthToken, /* CompleteAuthToken */
@ -396,18 +462,18 @@ static const SecurityFunctionTableA negoTableA = {
NULL, /* AddCredentialsA */
NULL, /* Reserved8 */
NULL, /* QuerySecurityContextToken */
NULL, /* EncryptMessage */
NULL, /* DecryptMessage */
nego_EncryptMessage, /* EncryptMessage */
nego_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributesA */
};
static const SecurityFunctionTableW negoTableW = {
1,
NULL, /* EnumerateSecurityPackagesW */
NULL, /* EnumerateSecurityPackagesW */
nego_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
nego_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
FreeCredentialsHandle, /* FreeCredentialsHandle */
NULL, /* Reserved2 */
nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
NULL, /* Reserved2 */
nego_InitializeSecurityContextW, /* InitializeSecurityContextW */
nego_AcceptSecurityContext, /* AcceptSecurityContext */
nego_CompleteAuthToken, /* CompleteAuthToken */
@ -427,51 +493,41 @@ static const SecurityFunctionTableW negoTableW = {
NULL, /* AddCredentialsW */
NULL, /* Reserved8 */
NULL, /* QuerySecurityContextToken */
NULL, /* EncryptMessage */
NULL, /* DecryptMessage */
nego_EncryptMessage, /* EncryptMessage */
nego_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributesW */
};
/* Disable for now, see comment below.*/
#if 0
static WCHAR negotiate_comment_W[] = { 'M', 'i', 'c', 'r', 'o', 's', 'o',
'f', 't', ' ', 'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ', 'N', 'e', 'g', 'o',
't', 'i', 'a', 't', 'o', 'r', 0};
#define NEGO_MAX_TOKEN 12000
static WCHAR nego_name_W[] = {'N','e','g','o','t','i','a','t','e',0};
static char nego_name_A[] = "Negotiate";
static WCHAR negotiate_comment_W[] =
{'M','i','c','r','o','s','o','f','t',' ','P','a','c','k','a','g','e',' ',
'N','e','g','o','t','i','a','t','o','r',0};
static CHAR negotiate_comment_A[] = "Microsoft Package Negotiator";
#endif
#define CAPS ( \
SECPKG_FLAG_INTEGRITY | \
SECPKG_FLAG_PRIVACY | \
SECPKG_FLAG_CONNECTION | \
SECPKG_FLAG_MULTI_REQUIRED | \
SECPKG_FLAG_EXTENDED_ERROR | \
SECPKG_FLAG_IMPERSONATION | \
SECPKG_FLAG_ACCEPT_WIN32_NAME | \
SECPKG_FLAG_NEGOTIABLE | \
SECPKG_FLAG_GSS_COMPATIBLE | \
SECPKG_FLAG_LOGON | \
SECPKG_FLAG_RESTRICTED_TOKENS )
void SECUR32_initNegotiateSP(void)
{
/* Disable until we really implement a Negotiate provider.
* For now, the NTLM provider will pretend to be the Negotiate provider as well.
* Windows seems to be able to deal with it, and it makes several programs
* happy. */
#if 0
SecureProvider *provider = SECUR32_addProvider(&negoTableA, &negoTableW,
NULL);
/* According to Windows, Negotiate has the following capabilities.
*/
static const LONG caps =
SECPKG_FLAG_INTEGRITY |
SECPKG_FLAG_PRIVACY |
SECPKG_FLAG_CONNECTION |
SECPKG_FLAG_MULTI_REQUIRED |
SECPKG_FLAG_EXTENDED_ERROR |
SECPKG_FLAG_IMPERSONATION |
SECPKG_FLAG_ACCEPT_WIN32_NAME |
SECPKG_FLAG_READONLY_WITH_CHECKSUM;
static const USHORT version = 1;
static const USHORT rpcid = 15;
static const ULONG max_token = 12000;
const SecPkgInfoW infoW = { caps, version, rpcid, max_token, nego_name_W,
negotiate_comment_W};
const SecPkgInfoA infoA = { caps, version, rpcid, max_token, nego_name_A,
negotiate_comment_A};
SecureProvider *provider = SECUR32_addProvider(&negoTableA, &negoTableW, NULL);
const SecPkgInfoW infoW = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
nego_name_W, negotiate_comment_W};
const SecPkgInfoA infoA = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
nego_name_A, negotiate_comment_A};
SECUR32_addPackages(provider, 1L, &infoA, &infoW);
#endif
}

95
dlls/secur32/ntlm.c
View File

@ -43,18 +43,6 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
static CHAR ntlm_auth[] = "ntlm_auth";
typedef struct _NtlmCredentials
{
HelperMode mode;
/* these are all in the Unix codepage */
char *username_arg;
char *domain_arg;
char *password; /* not nul-terminated */
int pwlen;
int no_cached_credentials; /* don't try to use cached Samba credentials */
} NtlmCredentials, *PNtlmCredentials;
/***********************************************************************
* QueryCredentialsAttributesA
*/
@ -136,7 +124,7 @@ static char *ntlm_GetDomainArg(LPCWSTR domainW, INT domainW_length)
/***********************************************************************
* AcquireCredentialsHandleW
*/
static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
@ -425,7 +413,7 @@ static BOOL ntlm_GetCachedCredential(const SEC_WCHAR *pszTargetName, PCREDENTIAL
/***********************************************************************
* InitializeSecurityContextW
*/
static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
@ -970,7 +958,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
/***********************************************************************
* AcceptSecurityContext
*/
static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
@ -1343,7 +1331,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_CompleteAuthToken(PCtxtHandle phContext,
/***********************************************************************
* DeleteSecurityContext
*/
static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
{
PNegoHelper helper;
@ -1372,7 +1360,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContex
/***********************************************************************
* QueryContextAttributesW
*/
static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext,
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext,
ULONG ulAttribute, void *pBuffer)
{
TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer);
@ -1427,7 +1415,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phCont
/***********************************************************************
* QueryContextAttributesA
*/
static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext,
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext,
ULONG ulAttribute, void *pBuffer)
{
return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
@ -1607,8 +1595,8 @@ static SECURITY_STATUS ntlm_CreateSignature(PNegoHelper helper, PSecBufferDesc p
/***********************************************************************
* MakeSignature
*/
static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
PSecBufferDesc pMessage, ULONG MessageSeqNo)
SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
PNegoHelper helper;
int token_idx;
@ -1642,8 +1630,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, ULONG
/***********************************************************************
* VerifySignature
*/
static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
PNegoHelper helper;
ULONG fQOP = 0;
@ -1714,8 +1702,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
/***********************************************************************
* FreeCredentialsHandle
*/
static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(
PCredHandle phCredential)
SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle phCredential)
{
SECURITY_STATUS ret;
@ -1740,8 +1727,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(
/***********************************************************************
* EncryptMessage
*/
static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
PNegoHelper helper;
int token_idx, data_idx;
@ -1811,8 +1798,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
/***********************************************************************
* DecryptMessage
*/
static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
SECURITY_STATUS ret;
ULONG ntlmssp_flags_save;
@ -1971,50 +1958,8 @@ static const SecPkgInfoA infoA = {
ntlm_comment_A
};
#define NEGO_COMMENT { 'M', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', ' ', \
'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ', \
'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'o', 'r', 0}
static CHAR nego_comment_A[] = NEGO_COMMENT;
static WCHAR nego_comment_W[] = NEGO_COMMENT;
#define NEGO_NAME {'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', 0}
static CHAR nego_name_A[] = NEGO_NAME;
static WCHAR nego_name_W[] = NEGO_NAME;
#define NEGO_CAPS (\
SECPKG_FLAG_INTEGRITY | \
SECPKG_FLAG_PRIVACY | \
SECPKG_FLAG_CONNECTION | \
SECPKG_FLAG_MULTI_REQUIRED | \
SECPKG_FLAG_EXTENDED_ERROR | \
SECPKG_FLAG_IMPERSONATION | \
SECPKG_FLAG_ACCEPT_WIN32_NAME | \
SECPKG_FLAG_READONLY_WITH_CHECKSUM )
/* Not used for now, just kept here for completeness sake. We need to use the
* NTLM_MAX_BUF value. If the hack works, we might want to refactor the code a
* bit. */
#define NEGO_MAX_TOKEN 12000
static const SecPkgInfoW nego_infoW = {
NEGO_CAPS,
1,
RPC_C_AUTHN_GSS_NEGOTIATE,
NTLM_MAX_BUF,
nego_name_W,
nego_comment_W
};
static const SecPkgInfoA nego_infoA = {
NEGO_CAPS,
1,
RPC_C_AUTHN_GSS_NEGOTIATE,
NTLM_MAX_BUF,
nego_name_A,
nego_comment_A
};
SecPkgInfoA *ntlm_package_infoA = (SecPkgInfoA *)&infoA;
SecPkgInfoW *ntlm_package_infoW = (SecPkgInfoW *)&infoW;
void SECUR32_initNTLMSP(void)
{
@ -2040,11 +1985,7 @@ void SECUR32_initNTLMSP(void)
helper->micro >= MIN_NTLM_AUTH_MICRO_VERSION)) )
{
SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
SecureProvider *nego_provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
SECUR32_addPackages(provider, 1L, &infoA, &infoW);
/* HACK: Also pretend this is the Negotiate provider */
SECUR32_addPackages(nego_provider, 1L, &nego_infoA, &nego_infoW);
SECUR32_addPackages(provider, 1L, ntlm_package_infoA, ntlm_package_infoW);
}
else
{

30
dlls/secur32/secur32_priv.h
View File

@ -85,6 +85,18 @@ typedef struct _NegoHelper {
} crypt;
} NegoHelper, *PNegoHelper;
typedef struct _NtlmCredentials
{
HelperMode mode;
/* these are all in the Unix codepage */
char *username_arg;
char *domain_arg;
char *password; /* not nul-terminated */
int pwlen;
int no_cached_credentials; /* don't try to use cached Samba credentials */
} NtlmCredentials, *PNtlmCredentials;
typedef enum _sign_direction {
NTLM_SEND,
NTLM_RECV
@ -176,6 +188,24 @@ void SECUR32_arc4Cleanup(arc4_info *a4i) DECLSPEC_HIDDEN;
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE 0x40000000
#define NTLMSSP_NEGOTIATE_56 0x80000000
SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(SEC_WCHAR *, SEC_WCHAR *,
ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(PCredHandle, PCtxtHandle,
SEC_WCHAR *, ULONG fContextReq, ULONG, ULONG, PSecBufferDesc, ULONG, PCtxtHandle,
PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle, PCtxtHandle, PSecBufferDesc,
ULONG, ULONG, PCtxtHandle, PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN;
SecPkgInfoW *ntlm_package_infoW;
SecPkgInfoA *ntlm_package_infoA;
/* schannel internal interface */
typedef struct schan_imp_session_opaque *schan_imp_session;