ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

secur32: Forward to either Kerberos or NTLM from the Negotiate provider. 

Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Hans Leidekker 2018-02-14 14:13:08 +01:00 committed by Alexandre Julliard
parent 84cde2b31a
commit 63b9fb3542
2 changed files with 258 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

355
dlls/secur32/negotiate.c
View File

@ -15,9 +15,6 @@
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
* This file implements a Negotiate provider that simply forwards to
* the NTLM provider.
*/
#include <stdarg.h>
@ -53,6 +50,14 @@ static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesW(
return SEC_E_UNSUPPORTED_FUNCTION;
}
struct sec_handle
{
SecureProvider *krb;
SecureProvider *ntlm;
SecHandle handle_krb;
SecHandle handle_ntlm;
};
/***********************************************************************
* AcquireCredentialsHandleW
*/
@ -62,21 +67,45 @@ static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW(
PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
{
static SEC_WCHAR ntlmW[] = {'N','T','L','M',0};
SECURITY_STATUS ret;
static SEC_WCHAR kerberosW[] = {'K','e','r','b','e','r','o','s',0};
SECURITY_STATUS ret = SEC_E_NO_CREDENTIALS;
struct sec_handle *cred;
SecurePackage *package;
TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
FIXME("forwarding to NTLM\n");
ret = ntlm_AcquireCredentialsHandleW( pszPrincipal, ntlmW, fCredentialUse,
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument,
phCredential, ptsExpiry );
if (ret == SEC_E_OK)
if (!pszPackage) return SEC_E_SECPKG_NOT_FOUND;
if (!(cred = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*cred) ))) return SEC_E_INSUFFICIENT_MEMORY;
if ((package = SECUR32_findPackageW( kerberosW )))
{
NtlmCredentials *cred = (NtlmCredentials *)phCredential->dwLower;
cred->no_cached_credentials = (pAuthData == NULL);
ret = package->provider->fnTableW.AcquireCredentialsHandleW( pszPrincipal, kerberosW,
fCredentialUse, pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, &cred->handle_krb, ptsExpiry );
if (ret == SEC_E_OK) cred->krb = package->provider;
}
if ((package = SECUR32_findPackageW( ntlmW )))
{
ret = package->provider->fnTableW.AcquireCredentialsHandleW( pszPrincipal, ntlmW,
fCredentialUse, pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, &cred->handle_ntlm, ptsExpiry );
if (ret == SEC_E_OK)
{
NtlmCredentials *ntlm_cred = (NtlmCredentials *)cred->handle_ntlm.dwLower;
ntlm_cred->no_cached_credentials = (pAuthData == NULL);
cred->ntlm = package->provider;
}
}
if (cred->krb || cred->ntlm)
{
phCredential->dwLower = (ULONG_PTR)cred;
phCredential->dwUpper = 0;
return SEC_E_OK;
}
HeapFree( GetProcessHeap(), 0, cred );
return ret;
}
@ -173,15 +202,58 @@ static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW(
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *handle = NULL, *ctxt, *new_ctxt = NULL, *cred = NULL;
TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
phCredential, phContext, debugstr_w(pszTargetName), fContextReq,
Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
pfContextAttr, ptsExpiry);
return ntlm_InitializeSecurityContextW( phCredential, phContext, pszTargetName,
fContextReq, Reserved1, TargetDataRep,
pInput, Reserved2, phNewContext,
pOutput, pfContextAttr, ptsExpiry );
if (phContext)
{
handle = ctxt = (struct sec_handle *)phContext->dwLower;
}
else if (phCredential)
{
handle = cred = (struct sec_handle *)phCredential->dwLower;
if (!(new_ctxt = ctxt = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*ctxt) )))
return SEC_E_INSUFFICIENT_MEMORY;
ctxt->krb = cred->krb;
ctxt->ntlm = cred->ntlm;
}
if (!handle) return SEC_E_INVALID_HANDLE;
if (handle->krb)
{
ret = handle->krb->fnTableW.InitializeSecurityContextW( phCredential ? &cred->handle_krb : NULL,
phContext ? &ctxt->handle_krb : NULL, pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput,
Reserved2, phNewContext ? &ctxt->handle_krb : NULL, pOutput, pfContextAttr, ptsExpiry );
if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
{
ctxt->ntlm = NULL;
phNewContext->dwLower = (ULONG_PTR)ctxt;
phNewContext->dwUpper = 0;
if (new_ctxt == ctxt) new_ctxt = NULL;
}
}
if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED && handle->ntlm)
{
ret = handle->ntlm->fnTableW.InitializeSecurityContextW( phCredential ? &cred->handle_ntlm : NULL,
phContext ? &ctxt->handle_ntlm : NULL, pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput,
Reserved2, phNewContext ? &ctxt->handle_ntlm : NULL, pOutput, pfContextAttr, ptsExpiry );
if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
{
ctxt->krb = NULL;
phNewContext->dwLower = (ULONG_PTR)ctxt;
phNewContext->dwUpper = 0;
if (new_ctxt == ctxt) new_ctxt = NULL;
}
}
HeapFree( GetProcessHeap(), 0, new_ctxt );
return ret;
}
/***********************************************************************
@ -223,13 +295,57 @@ static SECURITY_STATUS SEC_ENTRY nego_AcceptSecurityContext(
ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *handle = NULL, *ctxt, *new_ctxt = NULL, *cred = NULL;
TRACE("%p, %p, %p, 0x%08x, %u, %p, %p, %p, %p\n", phCredential, phContext,
pInput, fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
ptsExpiry);
return ntlm_AcceptSecurityContext( phCredential, phContext, pInput,
fContextReq, TargetDataRep, phNewContext,
pOutput, pfContextAttr, ptsExpiry );
if (phContext)
{
handle = ctxt = (struct sec_handle *)phContext->dwLower;
}
else if (phCredential)
{
handle = cred = (struct sec_handle *)phCredential->dwLower;
if (!(new_ctxt = ctxt = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*ctxt) )))
return SEC_E_INSUFFICIENT_MEMORY;
ctxt->krb = cred->krb;
ctxt->ntlm = cred->ntlm;
}
if (!handle) return SEC_E_INVALID_HANDLE;
if (handle->krb)
{
ret = handle->krb->fnTableW.AcceptSecurityContext( phCredential ? &cred->handle_krb : NULL,
phContext ? &ctxt->handle_krb : NULL, pInput, fContextReq, TargetDataRep,
phNewContext ? &ctxt->handle_krb : NULL, pOutput, pfContextAttr, ptsExpiry );
if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
{
ctxt->ntlm = NULL;
phNewContext->dwLower = (ULONG_PTR)ctxt;
phNewContext->dwUpper = 0;
if (new_ctxt == ctxt) new_ctxt = NULL;
}
}
if (ret != SEC_E_OK && ret != SEC_I_CONTINUE_NEEDED && handle->ntlm)
{
ret = handle->ntlm->fnTableW.AcceptSecurityContext( phCredential ? &cred->handle_ntlm : NULL,
phContext ? &ctxt->handle_ntlm : NULL, pInput, fContextReq, TargetDataRep,
phNewContext ? &ctxt->handle_ntlm : NULL, pOutput, pfContextAttr, ptsExpiry );
if ((ret == SEC_E_OK || ret == SEC_I_CONTINUE_NEEDED) && phNewContext)
{
ctxt->krb = NULL;
phNewContext->dwLower = (ULONG_PTR)ctxt;
phNewContext->dwUpper = 0;
if (new_ctxt == ctxt) new_ctxt = NULL;
}
}
HeapFree( GetProcessHeap(), 0, new_ctxt );
return ret;
}
/***********************************************************************
@ -238,17 +354,11 @@ static SECURITY_STATUS SEC_ENTRY nego_AcceptSecurityContext(
static SECURITY_STATUS SEC_ENTRY nego_CompleteAuthToken(PCtxtHandle phContext,
PSecBufferDesc pToken)
{
SECURITY_STATUS ret;
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
TRACE("%p %p\n", phContext, pToken);
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
return ret;
}
@ -257,9 +367,25 @@ static SECURITY_STATUS SEC_ENTRY nego_CompleteAuthToken(PCtxtHandle phContext,
*/
static SECURITY_STATUS SEC_ENTRY nego_DeleteSecurityContext(PCtxtHandle phContext)
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *ctxt;
TRACE("%p\n", phContext);
return ntlm_DeleteSecurityContext( phContext );
if (!phContext) return SEC_E_INVALID_HANDLE;
ctxt = (struct sec_handle *)phContext->dwLower;
if (ctxt->krb)
{
ret = ctxt->krb->fnTableW.DeleteSecurityContext( &ctxt->handle_krb );
}
else if (ctxt->ntlm)
{
ret = ctxt->ntlm->fnTableW.DeleteSecurityContext( &ctxt->handle_ntlm );
}
TRACE( "freeing %p\n", ctxt );
HeapFree( GetProcessHeap(), 0, ctxt );
return ret;
}
/***********************************************************************
@ -268,17 +394,11 @@ static SECURITY_STATUS SEC_ENTRY nego_DeleteSecurityContext(PCtxtHandle phContex
static SECURITY_STATUS SEC_ENTRY nego_ApplyControlToken(PCtxtHandle phContext,
PSecBufferDesc pInput)
{
SECURITY_STATUS ret;
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
TRACE("%p %p\n", phContext, pInput);
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
return ret;
}
@ -288,60 +408,48 @@ static SECURITY_STATUS SEC_ENTRY nego_ApplyControlToken(PCtxtHandle phContext,
static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(
PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *ctxt;
TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
switch (ulAttribute)
if (!phContext) return SEC_E_INVALID_HANDLE;
ctxt = (struct sec_handle *)phContext->dwLower;
if (ctxt->krb)
{
case SECPKG_ATTR_SIZES:
ret = ctxt->krb->fnTableW.QueryContextAttributesW( &ctxt->handle_krb, ulAttribute, pBuffer );
}
else if (ctxt->ntlm)
{
SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)pBuffer;
sizes->cbMaxToken = 2888;
sizes->cbMaxSignature = 16;
sizes->cbSecurityTrailer = 16;
sizes->cbBlockSize = 0;
return SEC_E_OK;
}
case SECPKG_ATTR_NEGOTIATION_INFO:
{
SecPkgContext_NegotiationInfoW *info = (SecPkgContext_NegotiationInfoW *)pBuffer;
info->PackageInfo = ntlm_package_infoW;
info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
return SEC_E_OK;
}
default:
return ntlm_QueryContextAttributesW( phContext, ulAttribute, pBuffer );
ret = ctxt->ntlm->fnTableW.QueryContextAttributesW( &ctxt->handle_ntlm, ulAttribute, pBuffer );
}
return ret;
}
/***********************************************************************
* QueryContextAttributesA
*/
static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesA(PCtxtHandle phContext,
ULONG ulAttribute, void *pBuffer)
ULONG ulAttribute, void *pBuffer)
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *ctxt;
TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
switch (ulAttribute)
if (!phContext) return SEC_E_INVALID_HANDLE;
ctxt = (struct sec_handle *)phContext->dwLower;
if (ctxt->krb)
{
case SECPKG_ATTR_SIZES:
ret = ctxt->krb->fnTableA.QueryContextAttributesA( &ctxt->handle_krb, ulAttribute, pBuffer );
}
else if (ctxt->ntlm)
{
SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)pBuffer;
sizes->cbMaxToken = 2888;
sizes->cbMaxSignature = 16;
sizes->cbSecurityTrailer = 16;
sizes->cbBlockSize = 0;
return SEC_E_OK;
}
case SECPKG_ATTR_NEGOTIATION_INFO:
{
SecPkgContext_NegotiationInfoA *info = (SecPkgContext_NegotiationInfoA *)pBuffer;
info->PackageInfo = ntlm_package_infoA;
info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
return SEC_E_OK;
}
default:
return ntlm_QueryContextAttributesA( phContext, ulAttribute, pBuffer );
ret = ctxt->ntlm->fnTableA.QueryContextAttributesA( &ctxt->handle_ntlm, ulAttribute, pBuffer );
}
return ret;
}
/***********************************************************************
@ -349,17 +457,11 @@ static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesA(PCtxtHandle phCont
*/
static SECURITY_STATUS SEC_ENTRY nego_ImpersonateSecurityContext(PCtxtHandle phContext)
{
SECURITY_STATUS ret;
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
TRACE("%p\n", phContext);
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
return ret;
}
@ -368,17 +470,11 @@ static SECURITY_STATUS SEC_ENTRY nego_ImpersonateSecurityContext(PCtxtHandle phC
*/
static SECURITY_STATUS SEC_ENTRY nego_RevertSecurityContext(PCtxtHandle phContext)
{
SECURITY_STATUS ret;
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
TRACE("%p\n", phContext);
if (phContext)
{
ret = SEC_E_UNSUPPORTED_FUNCTION;
}
else
{
ret = SEC_E_INVALID_HANDLE;
}
if (phContext) ret = SEC_E_UNSUPPORTED_FUNCTION;
return ret;
}
@ -388,9 +484,23 @@ static SECURITY_STATUS SEC_ENTRY nego_RevertSecurityContext(PCtxtHandle phContex
static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *ctxt;
TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
return ntlm_MakeSignature( phContext, fQOP, pMessage, MessageSeqNo );
if (!phContext) return SEC_E_INVALID_HANDLE;
ctxt = (struct sec_handle *)phContext->dwLower;
if (ctxt->krb)
{
ret = ctxt->krb->fnTableW.MakeSignature( &ctxt->handle_krb, fQOP, pMessage, MessageSeqNo );
}
else if (ctxt->ntlm)
{
ret = ctxt->ntlm->fnTableW.MakeSignature( &ctxt->handle_ntlm, fQOP, pMessage, MessageSeqNo );
}
return ret;
}
/***********************************************************************
@ -399,9 +509,23 @@ static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext,
static SECURITY_STATUS SEC_ENTRY nego_VerifySignature(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *ctxt;
TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
return ntlm_VerifySignature( phContext, pMessage, MessageSeqNo, pfQOP );
if (!phContext) return SEC_E_INVALID_HANDLE;
ctxt = (struct sec_handle *)phContext->dwLower;
if (ctxt->krb)
{
ret = ctxt->krb->fnTableW.VerifySignature( &ctxt->handle_krb, pMessage, MessageSeqNo, pfQOP );
}
else if (ctxt->ntlm)
{
ret = ctxt->ntlm->fnTableW.VerifySignature( &ctxt->handle_ntlm, pMessage, MessageSeqNo, pfQOP );
}
return ret;
}
/***********************************************************************
@ -409,9 +533,18 @@ static SECURITY_STATUS SEC_ENTRY nego_VerifySignature(PCtxtHandle phContext,
*/
static SECURITY_STATUS SEC_ENTRY nego_FreeCredentialsHandle(PCredHandle phCredential)
{
struct sec_handle *cred;
TRACE("%p\n", phCredential);
return ntlm_FreeCredentialsHandle( phCredential );
if (!phCredential) return SEC_E_INVALID_HANDLE;
cred = (struct sec_handle *)phCredential->dwLower;
if (cred->krb) cred->krb->fnTableW.FreeCredentialsHandle( &cred->handle_krb );
if (cred->ntlm) cred->ntlm->fnTableW.FreeCredentialsHandle( &cred->handle_ntlm );
HeapFree( GetProcessHeap(), 0, cred );
return SEC_E_OK;
}
/***********************************************************************
@ -420,9 +553,23 @@ static SECURITY_STATUS SEC_ENTRY nego_FreeCredentialsHandle(PCredHandle phCreden
static SECURITY_STATUS SEC_ENTRY nego_EncryptMessage(PCtxtHandle phContext,
ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *ctxt;
TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
return ntlm_EncryptMessage( phContext, fQOP, pMessage, MessageSeqNo );
if (!phContext) return SEC_E_INVALID_HANDLE;
ctxt = (struct sec_handle *)phContext->dwLower;
if (ctxt->krb)
{
ret = ctxt->krb->fnTableW.EncryptMessage( &ctxt->handle_krb, fQOP, pMessage, MessageSeqNo );
}
else if (ctxt->ntlm)
{
ret = ctxt->ntlm->fnTableW.EncryptMessage( &ctxt->handle_ntlm, fQOP, pMessage, MessageSeqNo );
}
return ret;
}
/***********************************************************************
@ -431,9 +578,23 @@ static SECURITY_STATUS SEC_ENTRY nego_EncryptMessage(PCtxtHandle phContext,
static SECURITY_STATUS SEC_ENTRY nego_DecryptMessage(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
{
SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
struct sec_handle *ctxt;
TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
return ntlm_DecryptMessage( phContext, pMessage, MessageSeqNo, pfQOP );
if (!phContext) return SEC_E_INVALID_HANDLE;
ctxt = (struct sec_handle *)phContext->dwLower;
if (ctxt->krb)
{
ret = ctxt->krb->fnTableW.DecryptMessage( &ctxt->handle_krb, pMessage, MessageSeqNo, pfQOP );
}
else if (ctxt->ntlm)
{
ret = ctxt->ntlm->fnTableW.DecryptMessage( &ctxt->handle_ntlm, pMessage, MessageSeqNo, pfQOP );
}
return ret;
}
static const SecurityFunctionTableA negoTableA = {

3
dlls/secur32/tests/negotiate.c
View File

@ -306,12 +306,9 @@ static void test_authentication(void)
expected = sizeof(*pi) + lstrlenA(pi->Name) + 1 + lstrlenA(pi->Comment) + 1;
got = HeapSize(GetProcessHeap(), 0, pi);
todo_wine
ok( got == expected, "got %u, expected %u\n", got, expected );
eob = (char *)pi + expected;
todo_wine
ok( pi->Name + lstrlenA(pi->Name) < eob, "Name doesn't fit into allocated block\n" );
todo_wine
ok( pi->Comment + lstrlenA(pi->Comment) < eob, "Comment doesn't fit into allocated block\n" );
status = FreeContextBuffer( pi );