ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

secur32: Implement a Negotiate provider that forwards to NTLM.

This commit is contained in:
Hans Leidekker 2012-05-10 13:06:20 +02:00 committed by Alexandre Julliard
parent 3181577810
commit 19f8c79f9e
3 changed files with 321 additions and 294 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

490
dlls/secur32/negotiate.c
View File

@ -1,5 +1,6 @@
/* /*
* Copyright 2005 Kai Blin * Copyright 2005 Kai Blin
* Copyright 2012 Hans Leidekker for CodeWeavers
* *
* This library is free software; you can redistribute it and/or * This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public * modify it under the terms of the GNU Lesser General Public
@ -15,99 +16,40 @@
* License along with this library; if not, write to the Free Software * License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
* *
* This file implements the negotiate provider. * This file implements a Negotiate provider that simply forwards to
* FIXME: So far, this beast doesn't do anything. * the NTLM provider.
*/ */
#include <assert.h>
#include <stdarg.h> #include <stdarg.h>
#include "windef.h" #include "windef.h"
#include "winbase.h" #include "winbase.h"
#include "sspi.h" #include "sspi.h"
#include "rpc.h"
#include "wincred.h"
#include "secur32_priv.h" #include "secur32_priv.h"
#include "wine/debug.h" #include "wine/debug.h"
#include "wine/unicode.h"
WINE_DEFAULT_DEBUG_CHANNEL(secur32); WINE_DEFAULT_DEBUG_CHANNEL(secur32);
/* Disable for now, see longer comment for SECUR32_initNegotiateSP below */
#if 0
static char nego_name_A[] = "Negotiate";
static WCHAR nego_name_W[] = {'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', 0};
#endif
static SECURITY_STATUS nego_QueryCredentialsAttributes(PCredHandle phCredential,
ULONG ulAttribute, PVOID pBuffer)
{
SECURITY_STATUS ret;
/* FIXME: More attributes to be added here. Need to fix the sspi.h header
* for that, too.
*/
switch(ulAttribute)
{
default:
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
return ret;
}
/*********************************************************************** /***********************************************************************
* QueryCredentialsAttributesA * QueryCredentialsAttributesA
*/ */
static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesA( static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesA(
PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer) PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
{ {
SECURITY_STATUS ret; FIXME("%p, %u, %p\n", phCredential, ulAttribute, pBuffer);
return SEC_E_UNSUPPORTED_FUNCTION;
TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
switch(ulAttribute)
{
case SECPKG_CRED_ATTR_NAMES:
FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
ret = SEC_E_UNSUPPORTED_FUNCTION;
break;
default:
ret = nego_QueryCredentialsAttributes(phCredential, ulAttribute,
pBuffer);
}
return ret;
} }
/*********************************************************************** /***********************************************************************
* QueryCredentialsAttributesW * QueryCredentialsAttributesW
*/ */
static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesW( static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesW(
PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer) PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
{ {
SECURITY_STATUS ret; FIXME("%p, %u, %p\n", phCredential, ulAttribute, pBuffer);
TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
switch(ulAttribute)
{
case SECPKG_CRED_ATTR_NAMES:
FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
ret = SEC_E_UNSUPPORTED_FUNCTION;
break;
default:
ret = nego_QueryCredentialsAttributes(phCredential, ulAttribute,
pBuffer);
}
return ret;
}
/***********************************************************************
* AcquireCredentialsHandleA
*/
static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
{
TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p) stub\n",
debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
return SEC_E_UNSUPPORTED_FUNCTION; return SEC_E_UNSUPPORTED_FUNCTION;
} }
@ -115,37 +57,110 @@ static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
* AcquireCredentialsHandleW * AcquireCredentialsHandleW
*/ */
static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW( static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW(
SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse, SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn, PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry) PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
{ {
TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p) stub\n", static SEC_WCHAR ntlmW[] = {'N','T','L','M',0};
debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse, SECURITY_STATUS ret;
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
return SEC_E_UNSUPPORTED_FUNCTION; TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
FIXME("forwarding to NTLM\n");
ret = ntlm_AcquireCredentialsHandleW( pszPrincipal, ntlmW, fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument,
phCredential, ptsExpiry );
if (ret == SEC_E_OK)
{
NtlmCredentials *cred = (NtlmCredentials *)phCredential->dwLower;
cred->no_cached_credentials = (pAuthData == NULL);
}
return ret;
} }
/*********************************************************************** /***********************************************************************
* InitializeSecurityContextA * AcquireCredentialsHandleA
*/ */
static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA( static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName, SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
{ {
SECURITY_STATUS ret; SECURITY_STATUS ret = SEC_E_INSUFFICIENT_MEMORY;
SEC_WCHAR *user = NULL, *domain = NULL, *passwd = NULL, *package = NULL;
SEC_WINNT_AUTH_IDENTITY_W *identityW = NULL;
TRACE("%p %p %s 0x%08x %d %d %p %d %p %p %p %p\n", phCredential, phContext, TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput, debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry); pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
if(phCredential){
ret = SEC_E_UNSUPPORTED_FUNCTION; if (pszPackage)
}
else
{ {
ret = SEC_E_INVALID_HANDLE; int package_len = MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, NULL, 0 );
package = HeapAlloc( GetProcessHeap(), 0, package_len * sizeof(SEC_WCHAR) );
if (!package) return SEC_E_INSUFFICIENT_MEMORY;
MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, package, package_len );
} }
if (pAuthData)
{
SEC_WINNT_AUTH_IDENTITY_A *identity = pAuthData;
int user_len, domain_len, passwd_len;
if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
{
identityW = HeapAlloc( GetProcessHeap(), 0, sizeof(*identityW) );
if (!identityW) goto done;
if (!identity->UserLength) user_len = 0;
else
{
user_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User,
identity->UserLength, NULL, 0 );
user = HeapAlloc( GetProcessHeap(), 0, user_len * sizeof(SEC_WCHAR) );
if (!user) goto done;
MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User, identity->UserLength,
user, user_len );
}
if (!identity->DomainLength) domain_len = 0;
else
{
domain_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain,
identity->DomainLength, NULL, 0 );
domain = HeapAlloc( GetProcessHeap(), 0, domain_len * sizeof(SEC_WCHAR) );
if (!domain) goto done;
MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain, identity->DomainLength,
domain, domain_len );
}
if (!identity->PasswordLength) passwd_len = 0;
else
{
passwd_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password,
identity->PasswordLength, NULL, 0 );
passwd = HeapAlloc( GetProcessHeap(), 0, passwd_len * sizeof(SEC_WCHAR) );
if (!passwd) goto done;
MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password, identity->PasswordLength,
passwd, passwd_len );
}
identityW->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
identityW->User = user;
identityW->UserLength = user_len;
identityW->Domain = domain;
identityW->DomainLength = domain_len;
identityW->Password = passwd;
identityW->PasswordLength = passwd_len;
}
else identityW = (SEC_WINNT_AUTH_IDENTITY_W *)identity;
}
ret = nego_AcquireCredentialsHandleW( NULL, package, fCredentialUse, pLogonID, identityW,
pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry );
done:
HeapFree( GetProcessHeap(), 0, package );
HeapFree( GetProcessHeap(), 0, user );
HeapFree( GetProcessHeap(), 0, domain );
HeapFree( GetProcessHeap(), 0, passwd );
HeapFree( GetProcessHeap(), 0, identityW );
return ret; return ret;
} }
@ -153,24 +168,50 @@ static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA(
* InitializeSecurityContextW * InitializeSecurityContextW
*/ */
static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW( static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW(
PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName, PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput,ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry) PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
{
TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
phCredential, phContext, debugstr_w(pszTargetName), fContextReq,
Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
pfContextAttr, ptsExpiry);
return ntlm_InitializeSecurityContextW( phCredential, phContext, pszTargetName,
fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext,
pOutput, pfContextAttr, ptsExpiry );
}
/***********************************************************************
* InitializeSecurityContextA
*/
static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA(
PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
{ {
SECURITY_STATUS ret; SECURITY_STATUS ret;
SEC_WCHAR *target = NULL;
TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext, TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput, phCredential, phContext, debugstr_a(pszTargetName), fContextReq,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry); Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
if (phCredential) pfContextAttr, ptsExpiry);
if (pszTargetName)
{ {
ret = SEC_E_UNSUPPORTED_FUNCTION; int target_len = MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, NULL, 0 );
} target = HeapAlloc(GetProcessHeap(), 0, target_len * sizeof(SEC_WCHAR) );
else if (!target) return SEC_E_INSUFFICIENT_MEMORY;
{ MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, target, target_len );
ret = SEC_E_INVALID_HANDLE;
} }
ret = nego_InitializeSecurityContextW( phCredential, phContext, target, fContextReq,
Reserved1, TargetDataRep, pInput, Reserved2,
phNewContext, pOutput, pfContextAttr, ptsExpiry );
HeapFree( GetProcessHeap(), 0, target );
return ret; return ret;
} }
@ -178,24 +219,17 @@ static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW(
* AcceptSecurityContext * AcceptSecurityContext
*/ */
static SECURITY_STATUS SEC_ENTRY nego_AcceptSecurityContext( static SECURITY_STATUS SEC_ENTRY nego_AcceptSecurityContext(
PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry) PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
{ {
SECURITY_STATUS ret; TRACE("%p, %p, %p, 0x%08x, %u, %p, %p, %p, %p\n", phCredential, phContext,
pInput, fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
ptsExpiry);
TRACE("%p %p %p %d %d %p %p %p %p\n", phCredential, phContext, pInput, return ntlm_AcceptSecurityContext( phCredential, phContext, pInput,
fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr, fContextReq, TargetDataRep, phNewContext,
ptsExpiry); pOutput, pfContextAttr, ptsExpiry );
if (phCredential)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
return ret;
} }
/*********************************************************************** /***********************************************************************
@ -223,18 +257,9 @@ static SECURITY_STATUS SEC_ENTRY nego_CompleteAuthToken(PCtxtHandle phContext,
*/ */
static SECURITY_STATUS SEC_ENTRY nego_DeleteSecurityContext(PCtxtHandle phContext) static SECURITY_STATUS SEC_ENTRY nego_DeleteSecurityContext(PCtxtHandle phContext)
{ {
SECURITY_STATUS ret;
TRACE("%p\n", phContext); TRACE("%p\n", phContext);
if (phContext)
{ return ntlm_DeleteSecurityContext( phContext );
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
return ret;
} }
/*********************************************************************** /***********************************************************************
@ -260,25 +285,32 @@ static SECURITY_STATUS SEC_ENTRY nego_ApplyControlToken(PCtxtHandle phContext,
/*********************************************************************** /***********************************************************************
* QueryContextAttributesW * QueryContextAttributesW
*/ */
static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(PCtxtHandle phContext, static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(
ULONG ulAttribute, void *pBuffer) PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
{ {
SECURITY_STATUS ret; TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
/* FIXME: From reading wrapper.h, I think the dwUpper part of a context is switch (ulAttribute)
* the SecurePackage part and the dwLower part is the actual context
* handle. It should be easy to extract the context attributes from that.
*/
TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer);
if (phContext)
{ {
ret = SEC_E_UNSUPPORTED_FUNCTION; case SECPKG_ATTR_SIZES:
}
else
{ {
ret = SEC_E_INVALID_HANDLE; SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)pBuffer;
sizes->cbMaxToken = 2888;
sizes->cbMaxSignature = 16;
sizes->cbSecurityTrailer = 16;
sizes->cbBlockSize = 0;
return SEC_E_OK;
}
case SECPKG_ATTR_NEGOTIATION_INFO:
{
SecPkgContext_NegotiationInfoW *info = (SecPkgContext_NegotiationInfoW *)pBuffer;
info->PackageInfo = ntlm_package_infoW;
info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
return SEC_E_OK;
}
default:
return ntlm_QueryContextAttributesW( phContext, ulAttribute, pBuffer );
} }
return ret;
} }
/*********************************************************************** /***********************************************************************
@ -287,7 +319,29 @@ static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(PCtxtHandle phCont
static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesA(PCtxtHandle phContext, static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesA(PCtxtHandle phContext,
ULONG ulAttribute, void *pBuffer) ULONG ulAttribute, void *pBuffer)
{ {
return nego_QueryContextAttributesW(phContext, ulAttribute, pBuffer); TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
switch (ulAttribute)
{
case SECPKG_ATTR_SIZES:
{
SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)pBuffer;
sizes->cbMaxToken = 2888;
sizes->cbMaxSignature = 16;
sizes->cbSecurityTrailer = 16;
sizes->cbBlockSize = 0;
return SEC_E_OK;
}
case SECPKG_ATTR_NEGOTIATION_INFO:
{
SecPkgContext_NegotiationInfoA *info = (SecPkgContext_NegotiationInfoA *)pBuffer;
info->PackageInfo = ntlm_package_infoA;
info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
return SEC_E_OK;
}
default:
return ntlm_QueryContextAttributesA( phContext, ulAttribute, pBuffer );
}
} }
/*********************************************************************** /***********************************************************************
@ -331,52 +385,64 @@ static SECURITY_STATUS SEC_ENTRY nego_RevertSecurityContext(PCtxtHandle phContex
/*********************************************************************** /***********************************************************************
* MakeSignature * MakeSignature
*/ */
static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext, ULONG fQOP, static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo) ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{ {
SECURITY_STATUS ret; TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
TRACE("%p %d %p %d\n", phContext, fQOP, pMessage, MessageSeqNo); return ntlm_MakeSignature( phContext, fQOP, pMessage, MessageSeqNo );
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
return ret;
} }
/*********************************************************************** /***********************************************************************
* VerifySignature * VerifySignature
*/ */
static SECURITY_STATUS SEC_ENTRY nego_VerifySignature(PCtxtHandle phContext, static SECURITY_STATUS SEC_ENTRY nego_VerifySignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP) PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{ {
SECURITY_STATUS ret; TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
TRACE("%p %p %d %p\n", phContext, pMessage, MessageSeqNo, pfQOP); return ntlm_VerifySignature( phContext, pMessage, MessageSeqNo, pfQOP );
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
return ret;
} }
/***********************************************************************
* FreeCredentialsHandle
*/
SECURITY_STATUS SEC_ENTRY nego_FreeCredentialsHandle(PCredHandle phCredential)
{
TRACE("%p\n", phCredential);
return ntlm_FreeCredentialsHandle( phCredential );
}
/***********************************************************************
* EncryptMessage
*/
SECURITY_STATUS SEC_ENTRY nego_EncryptMessage(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
return ntlm_EncryptMessage( phContext, fQOP, pMessage, MessageSeqNo );
}
/***********************************************************************
* DecryptMessage
*/
SECURITY_STATUS SEC_ENTRY nego_DecryptMessage(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
return ntlm_DecryptMessage( phContext, pMessage, MessageSeqNo, pfQOP );
}
static const SecurityFunctionTableA negoTableA = { static const SecurityFunctionTableA negoTableA = {
1, 1,
NULL, /* EnumerateSecurityPackagesA */ NULL, /* EnumerateSecurityPackagesA */
nego_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */ nego_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
nego_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */ nego_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
FreeCredentialsHandle, /* FreeCredentialsHandle */ nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
NULL, /* Reserved2 */ NULL, /* Reserved2 */
nego_InitializeSecurityContextA, /* InitializeSecurityContextA */ nego_InitializeSecurityContextA, /* InitializeSecurityContextA */
nego_AcceptSecurityContext, /* AcceptSecurityContext */ nego_AcceptSecurityContext, /* AcceptSecurityContext */
nego_CompleteAuthToken, /* CompleteAuthToken */ nego_CompleteAuthToken, /* CompleteAuthToken */
@ -396,18 +462,18 @@ static const SecurityFunctionTableA negoTableA = {
NULL, /* AddCredentialsA */ NULL, /* AddCredentialsA */
NULL, /* Reserved8 */ NULL, /* Reserved8 */
NULL, /* QuerySecurityContextToken */ NULL, /* QuerySecurityContextToken */
NULL, /* EncryptMessage */ nego_EncryptMessage, /* EncryptMessage */
NULL, /* DecryptMessage */ nego_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributesA */ NULL, /* SetContextAttributesA */
}; };
static const SecurityFunctionTableW negoTableW = { static const SecurityFunctionTableW negoTableW = {
1, 1,
NULL, /* EnumerateSecurityPackagesW */ NULL, /* EnumerateSecurityPackagesW */
nego_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */ nego_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
nego_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */ nego_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
FreeCredentialsHandle, /* FreeCredentialsHandle */ nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
NULL, /* Reserved2 */ NULL, /* Reserved2 */
nego_InitializeSecurityContextW, /* InitializeSecurityContextW */ nego_InitializeSecurityContextW, /* InitializeSecurityContextW */
nego_AcceptSecurityContext, /* AcceptSecurityContext */ nego_AcceptSecurityContext, /* AcceptSecurityContext */
nego_CompleteAuthToken, /* CompleteAuthToken */ nego_CompleteAuthToken, /* CompleteAuthToken */
@ -427,51 +493,41 @@ static const SecurityFunctionTableW negoTableW = {
NULL, /* AddCredentialsW */ NULL, /* AddCredentialsW */
NULL, /* Reserved8 */ NULL, /* Reserved8 */
NULL, /* QuerySecurityContextToken */ NULL, /* QuerySecurityContextToken */
NULL, /* EncryptMessage */ nego_EncryptMessage, /* EncryptMessage */
NULL, /* DecryptMessage */ nego_DecryptMessage, /* DecryptMessage */
NULL, /* SetContextAttributesW */ NULL, /* SetContextAttributesW */
}; };
/* Disable for now, see comment below.*/ #define NEGO_MAX_TOKEN 12000
#if 0
static WCHAR negotiate_comment_W[] = { 'M', 'i', 'c', 'r', 'o', 's', 'o',
'f', 't', ' ', 'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ', 'N', 'e', 'g', 'o',
't', 'i', 'a', 't', 'o', 'r', 0};
static WCHAR nego_name_W[] = {'N','e','g','o','t','i','a','t','e',0};
static char nego_name_A[] = "Negotiate";
static WCHAR negotiate_comment_W[] =
{'M','i','c','r','o','s','o','f','t',' ','P','a','c','k','a','g','e',' ',
'N','e','g','o','t','i','a','t','o','r',0};
static CHAR negotiate_comment_A[] = "Microsoft Package Negotiator"; static CHAR negotiate_comment_A[] = "Microsoft Package Negotiator";
#endif
#define CAPS ( \
SECPKG_FLAG_INTEGRITY | \
SECPKG_FLAG_PRIVACY | \
SECPKG_FLAG_CONNECTION | \
SECPKG_FLAG_MULTI_REQUIRED | \
SECPKG_FLAG_EXTENDED_ERROR | \
SECPKG_FLAG_IMPERSONATION | \
SECPKG_FLAG_ACCEPT_WIN32_NAME | \
SECPKG_FLAG_NEGOTIABLE | \
SECPKG_FLAG_GSS_COMPATIBLE | \
SECPKG_FLAG_LOGON | \
SECPKG_FLAG_RESTRICTED_TOKENS )
void SECUR32_initNegotiateSP(void) void SECUR32_initNegotiateSP(void)
{ {
/* Disable until we really implement a Negotiate provider. SecureProvider *provider = SECUR32_addProvider(&negoTableA, &negoTableW, NULL);
* For now, the NTLM provider will pretend to be the Negotiate provider as well.
* Windows seems to be able to deal with it, and it makes several programs
* happy. */
#if 0
SecureProvider *provider = SECUR32_addProvider(&negoTableA, &negoTableW,
NULL);
/* According to Windows, Negotiate has the following capabilities.
*/
static const LONG caps =
SECPKG_FLAG_INTEGRITY |
SECPKG_FLAG_PRIVACY |
SECPKG_FLAG_CONNECTION |
SECPKG_FLAG_MULTI_REQUIRED |
SECPKG_FLAG_EXTENDED_ERROR |
SECPKG_FLAG_IMPERSONATION |
SECPKG_FLAG_ACCEPT_WIN32_NAME |
SECPKG_FLAG_READONLY_WITH_CHECKSUM;
static const USHORT version = 1;
static const USHORT rpcid = 15;
static const ULONG max_token = 12000;
const SecPkgInfoW infoW = { caps, version, rpcid, max_token, nego_name_W,
negotiate_comment_W};
const SecPkgInfoA infoA = { caps, version, rpcid, max_token, nego_name_A,
negotiate_comment_A};
const SecPkgInfoW infoW = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
nego_name_W, negotiate_comment_W};
const SecPkgInfoA infoA = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
nego_name_A, negotiate_comment_A};
SECUR32_addPackages(provider, 1L, &infoA, &infoW); SECUR32_addPackages(provider, 1L, &infoA, &infoW);
#endif
} }

95
dlls/secur32/ntlm.c
View File

@ -43,18 +43,6 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
static CHAR ntlm_auth[] = "ntlm_auth"; static CHAR ntlm_auth[] = "ntlm_auth";
typedef struct _NtlmCredentials
{
HelperMode mode;
/* these are all in the Unix codepage */
char *username_arg;
char *domain_arg;
char *password; /* not nul-terminated */
int pwlen;
int no_cached_credentials; /* don't try to use cached Samba credentials */
} NtlmCredentials, *PNtlmCredentials;
/*********************************************************************** /***********************************************************************
* QueryCredentialsAttributesA * QueryCredentialsAttributesA
*/ */
@ -136,7 +124,7 @@ static char *ntlm_GetDomainArg(LPCWSTR domainW, INT domainW_length)
/*********************************************************************** /***********************************************************************
* AcquireCredentialsHandleW * AcquireCredentialsHandleW
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW( SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse, SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn, PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry) PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
@ -425,7 +413,7 @@ static BOOL ntlm_GetCachedCredential(const SEC_WCHAR *pszTargetName, PCREDENTIAL
/*********************************************************************** /***********************************************************************
* InitializeSecurityContextW * InitializeSecurityContextW
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW( SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName, PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
@ -970,7 +958,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
/*********************************************************************** /***********************************************************************
* AcceptSecurityContext * AcceptSecurityContext
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext( SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry) PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
@ -1343,7 +1331,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_CompleteAuthToken(PCtxtHandle phContext,
/*********************************************************************** /***********************************************************************
* DeleteSecurityContext * DeleteSecurityContext
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext) SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
{ {
PNegoHelper helper; PNegoHelper helper;
@ -1372,7 +1360,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContex
/*********************************************************************** /***********************************************************************
* QueryContextAttributesW * QueryContextAttributesW
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext, SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext,
ULONG ulAttribute, void *pBuffer) ULONG ulAttribute, void *pBuffer)
{ {
TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer); TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer);
@ -1427,7 +1415,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phCont
/*********************************************************************** /***********************************************************************
* QueryContextAttributesA * QueryContextAttributesA
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext, SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext,
ULONG ulAttribute, void *pBuffer) ULONG ulAttribute, void *pBuffer)
{ {
return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer); return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
@ -1607,8 +1595,8 @@ static SECURITY_STATUS ntlm_CreateSignature(PNegoHelper helper, PSecBufferDesc p
/*********************************************************************** /***********************************************************************
* MakeSignature * MakeSignature
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, ULONG fQOP, SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo) ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{ {
PNegoHelper helper; PNegoHelper helper;
int token_idx; int token_idx;
@ -1642,8 +1630,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, ULONG
/*********************************************************************** /***********************************************************************
* VerifySignature * VerifySignature
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext, SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP) PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{ {
PNegoHelper helper; PNegoHelper helper;
ULONG fQOP = 0; ULONG fQOP = 0;
@ -1714,8 +1702,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
/*********************************************************************** /***********************************************************************
* FreeCredentialsHandle * FreeCredentialsHandle
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle( SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle phCredential)
PCredHandle phCredential)
{ {
SECURITY_STATUS ret; SECURITY_STATUS ret;
@ -1740,8 +1727,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(
/*********************************************************************** /***********************************************************************
* EncryptMessage * EncryptMessage
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo) ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{ {
PNegoHelper helper; PNegoHelper helper;
int token_idx, data_idx; int token_idx, data_idx;
@ -1811,8 +1798,8 @@ static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
/*********************************************************************** /***********************************************************************
* DecryptMessage * DecryptMessage
*/ */
static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP) PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{ {
SECURITY_STATUS ret; SECURITY_STATUS ret;
ULONG ntlmssp_flags_save; ULONG ntlmssp_flags_save;
@ -1971,50 +1958,8 @@ static const SecPkgInfoA infoA = {
ntlm_comment_A ntlm_comment_A
}; };
#define NEGO_COMMENT { 'M', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', ' ', \ SecPkgInfoA *ntlm_package_infoA = (SecPkgInfoA *)&infoA;
'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ', \ SecPkgInfoW *ntlm_package_infoW = (SecPkgInfoW *)&infoW;
'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'o', 'r', 0}
static CHAR nego_comment_A[] = NEGO_COMMENT;
static WCHAR nego_comment_W[] = NEGO_COMMENT;
#define NEGO_NAME {'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', 0}
static CHAR nego_name_A[] = NEGO_NAME;
static WCHAR nego_name_W[] = NEGO_NAME;
#define NEGO_CAPS (\
SECPKG_FLAG_INTEGRITY | \
SECPKG_FLAG_PRIVACY | \
SECPKG_FLAG_CONNECTION | \
SECPKG_FLAG_MULTI_REQUIRED | \
SECPKG_FLAG_EXTENDED_ERROR | \
SECPKG_FLAG_IMPERSONATION | \
SECPKG_FLAG_ACCEPT_WIN32_NAME | \
SECPKG_FLAG_READONLY_WITH_CHECKSUM )
/* Not used for now, just kept here for completeness sake. We need to use the
* NTLM_MAX_BUF value. If the hack works, we might want to refactor the code a
* bit. */
#define NEGO_MAX_TOKEN 12000
static const SecPkgInfoW nego_infoW = {
NEGO_CAPS,
1,
RPC_C_AUTHN_GSS_NEGOTIATE,
NTLM_MAX_BUF,
nego_name_W,
nego_comment_W
};
static const SecPkgInfoA nego_infoA = {
NEGO_CAPS,
1,
RPC_C_AUTHN_GSS_NEGOTIATE,
NTLM_MAX_BUF,
nego_name_A,
nego_comment_A
};
void SECUR32_initNTLMSP(void) void SECUR32_initNTLMSP(void)
{ {
@ -2040,11 +1985,7 @@ void SECUR32_initNTLMSP(void)
helper->micro >= MIN_NTLM_AUTH_MICRO_VERSION)) ) helper->micro >= MIN_NTLM_AUTH_MICRO_VERSION)) )
{ {
SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL); SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
SecureProvider *nego_provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL); SECUR32_addPackages(provider, 1L, ntlm_package_infoA, ntlm_package_infoW);
SECUR32_addPackages(provider, 1L, &infoA, &infoW);
/* HACK: Also pretend this is the Negotiate provider */
SECUR32_addPackages(nego_provider, 1L, &nego_infoA, &nego_infoW);
} }
else else
{ {

30
dlls/secur32/secur32_priv.h
View File

@ -85,6 +85,18 @@ typedef struct _NegoHelper {
} crypt; } crypt;
} NegoHelper, *PNegoHelper; } NegoHelper, *PNegoHelper;
typedef struct _NtlmCredentials
{
HelperMode mode;
/* these are all in the Unix codepage */
char *username_arg;
char *domain_arg;
char *password; /* not nul-terminated */
int pwlen;
int no_cached_credentials; /* don't try to use cached Samba credentials */
} NtlmCredentials, *PNtlmCredentials;
typedef enum _sign_direction { typedef enum _sign_direction {
NTLM_SEND, NTLM_SEND,
NTLM_RECV NTLM_RECV
@ -176,6 +188,24 @@ void SECUR32_arc4Cleanup(arc4_info *a4i) DECLSPEC_HIDDEN;
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE 0x40000000 #define NTLMSSP_NEGOTIATE_KEY_EXCHANGE 0x40000000
#define NTLMSSP_NEGOTIATE_56 0x80000000 #define NTLMSSP_NEGOTIATE_56 0x80000000
SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(SEC_WCHAR *, SEC_WCHAR *,
ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(PCredHandle, PCtxtHandle,
SEC_WCHAR *, ULONG fContextReq, ULONG, ULONG, PSecBufferDesc, ULONG, PCtxtHandle,
PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle, PCtxtHandle, PSecBufferDesc,
ULONG, ULONG, PCtxtHandle, PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN;
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN;
SecPkgInfoW *ntlm_package_infoW;
SecPkgInfoA *ntlm_package_infoA;
/* schannel internal interface */ /* schannel internal interface */
typedef struct schan_imp_session_opaque *schan_imp_session; typedef struct schan_imp_session_opaque *schan_imp_session;