2 * Copyright 2005 Kai Blin
3 * Copyright 2012 Hans Leidekker for CodeWeavers
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 * This file implements a Negotiate provider that simply forwards to
29 #include "secur32_priv.h"
31 #include "wine/debug.h"
32 #include "wine/unicode.h"
34 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
36 /***********************************************************************
37 * QueryCredentialsAttributesA
39 static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesA(
40 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
42 FIXME("%p, %u, %p\n", phCredential, ulAttribute, pBuffer);
43 return SEC_E_UNSUPPORTED_FUNCTION;
46 /***********************************************************************
47 * QueryCredentialsAttributesW
49 static SECURITY_STATUS SEC_ENTRY nego_QueryCredentialsAttributesW(
50 PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
52 FIXME("%p, %u, %p\n", phCredential, ulAttribute, pBuffer);
53 return SEC_E_UNSUPPORTED_FUNCTION;
56 /***********************************************************************
57 * AcquireCredentialsHandleW
59 static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW(
60 SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
61 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
62 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
64 static SEC_WCHAR ntlmW[] = {'N','T','L','M',0};
67 TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
68 debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
69 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
71 FIXME("forwarding to NTLM\n");
72 ret = ntlm_AcquireCredentialsHandleW( pszPrincipal, ntlmW, fCredentialUse,
73 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument,
74 phCredential, ptsExpiry );
77 NtlmCredentials *cred = (NtlmCredentials *)phCredential->dwLower;
78 cred->no_cached_credentials = (pAuthData == NULL);
83 /***********************************************************************
84 * AcquireCredentialsHandleA
86 static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleA(
87 SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
88 PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
89 PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry )
91 SECURITY_STATUS ret = SEC_E_INSUFFICIENT_MEMORY;
92 SEC_WCHAR *user = NULL, *domain = NULL, *passwd = NULL, *package = NULL;
93 SEC_WINNT_AUTH_IDENTITY_W *identityW = NULL;
95 TRACE("%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p\n",
96 debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
97 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
101 int package_len = MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, NULL, 0 );
102 package = HeapAlloc( GetProcessHeap(), 0, package_len * sizeof(SEC_WCHAR) );
103 if (!package) return SEC_E_INSUFFICIENT_MEMORY;
104 MultiByteToWideChar( CP_ACP, 0, pszPackage, -1, package, package_len );
108 SEC_WINNT_AUTH_IDENTITY_A *identity = pAuthData;
109 int user_len, domain_len, passwd_len;
111 if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
113 identityW = HeapAlloc( GetProcessHeap(), 0, sizeof(*identityW) );
114 if (!identityW) goto done;
116 if (!identity->UserLength) user_len = 0;
119 user_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User,
120 identity->UserLength, NULL, 0 );
121 user = HeapAlloc( GetProcessHeap(), 0, user_len * sizeof(SEC_WCHAR) );
122 if (!user) goto done;
123 MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->User, identity->UserLength,
126 if (!identity->DomainLength) domain_len = 0;
129 domain_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain,
130 identity->DomainLength, NULL, 0 );
131 domain = HeapAlloc( GetProcessHeap(), 0, domain_len * sizeof(SEC_WCHAR) );
132 if (!domain) goto done;
133 MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Domain, identity->DomainLength,
134 domain, domain_len );
136 if (!identity->PasswordLength) passwd_len = 0;
139 passwd_len = MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password,
140 identity->PasswordLength, NULL, 0 );
141 passwd = HeapAlloc( GetProcessHeap(), 0, passwd_len * sizeof(SEC_WCHAR) );
142 if (!passwd) goto done;
143 MultiByteToWideChar( CP_ACP, 0, (LPCSTR)identity->Password, identity->PasswordLength,
144 passwd, passwd_len );
146 identityW->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
147 identityW->User = user;
148 identityW->UserLength = user_len;
149 identityW->Domain = domain;
150 identityW->DomainLength = domain_len;
151 identityW->Password = passwd;
152 identityW->PasswordLength = passwd_len;
154 else identityW = (SEC_WINNT_AUTH_IDENTITY_W *)identity;
156 ret = nego_AcquireCredentialsHandleW( NULL, package, fCredentialUse, pLogonID, identityW,
157 pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry );
159 HeapFree( GetProcessHeap(), 0, package );
160 HeapFree( GetProcessHeap(), 0, user );
161 HeapFree( GetProcessHeap(), 0, domain );
162 HeapFree( GetProcessHeap(), 0, passwd );
163 HeapFree( GetProcessHeap(), 0, identityW );
167 /***********************************************************************
168 * InitializeSecurityContextW
170 static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextW(
171 PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
172 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
173 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
174 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
176 TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
177 phCredential, phContext, debugstr_w(pszTargetName), fContextReq,
178 Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
179 pfContextAttr, ptsExpiry);
181 return ntlm_InitializeSecurityContextW( phCredential, phContext, pszTargetName,
182 fContextReq, Reserved1, TargetDataRep,
183 pInput, Reserved2, phNewContext,
184 pOutput, pfContextAttr, ptsExpiry );
187 /***********************************************************************
188 * InitializeSecurityContextA
190 static SECURITY_STATUS SEC_ENTRY nego_InitializeSecurityContextA(
191 PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
192 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
193 PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
194 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry )
197 SEC_WCHAR *target = NULL;
199 TRACE("%p, %p, %s, 0x%08x, %u, %u, %p, %u, %p, %p, %p, %p\n",
200 phCredential, phContext, debugstr_a(pszTargetName), fContextReq,
201 Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput,
202 pfContextAttr, ptsExpiry);
206 int target_len = MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, NULL, 0 );
207 target = HeapAlloc(GetProcessHeap(), 0, target_len * sizeof(SEC_WCHAR) );
208 if (!target) return SEC_E_INSUFFICIENT_MEMORY;
209 MultiByteToWideChar( CP_ACP, 0, pszTargetName, -1, target, target_len );
211 ret = nego_InitializeSecurityContextW( phCredential, phContext, target, fContextReq,
212 Reserved1, TargetDataRep, pInput, Reserved2,
213 phNewContext, pOutput, pfContextAttr, ptsExpiry );
214 HeapFree( GetProcessHeap(), 0, target );
218 /***********************************************************************
219 * AcceptSecurityContext
221 static SECURITY_STATUS SEC_ENTRY nego_AcceptSecurityContext(
222 PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
223 ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
224 PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
226 TRACE("%p, %p, %p, 0x%08x, %u, %p, %p, %p, %p\n", phCredential, phContext,
227 pInput, fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
230 return ntlm_AcceptSecurityContext( phCredential, phContext, pInput,
231 fContextReq, TargetDataRep, phNewContext,
232 pOutput, pfContextAttr, ptsExpiry );
235 /***********************************************************************
238 static SECURITY_STATUS SEC_ENTRY nego_CompleteAuthToken(PCtxtHandle phContext,
239 PSecBufferDesc pToken)
243 TRACE("%p %p\n", phContext, pToken);
246 ret = SEC_E_UNSUPPORTED_FUNCTION;
250 ret = SEC_E_INVALID_HANDLE;
255 /***********************************************************************
256 * DeleteSecurityContext
258 static SECURITY_STATUS SEC_ENTRY nego_DeleteSecurityContext(PCtxtHandle phContext)
260 TRACE("%p\n", phContext);
262 return ntlm_DeleteSecurityContext( phContext );
265 /***********************************************************************
268 static SECURITY_STATUS SEC_ENTRY nego_ApplyControlToken(PCtxtHandle phContext,
269 PSecBufferDesc pInput)
273 TRACE("%p %p\n", phContext, pInput);
276 ret = SEC_E_UNSUPPORTED_FUNCTION;
280 ret = SEC_E_INVALID_HANDLE;
285 /***********************************************************************
286 * QueryContextAttributesW
288 static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesW(
289 PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
291 TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
295 case SECPKG_ATTR_SIZES:
297 SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)pBuffer;
298 sizes->cbMaxToken = 2888;
299 sizes->cbMaxSignature = 16;
300 sizes->cbSecurityTrailer = 16;
301 sizes->cbBlockSize = 0;
304 case SECPKG_ATTR_NEGOTIATION_INFO:
306 SecPkgContext_NegotiationInfoW *info = (SecPkgContext_NegotiationInfoW *)pBuffer;
307 info->PackageInfo = ntlm_package_infoW;
308 info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
312 return ntlm_QueryContextAttributesW( phContext, ulAttribute, pBuffer );
316 /***********************************************************************
317 * QueryContextAttributesA
319 static SECURITY_STATUS SEC_ENTRY nego_QueryContextAttributesA(PCtxtHandle phContext,
320 ULONG ulAttribute, void *pBuffer)
322 TRACE("%p, %u, %p\n", phContext, ulAttribute, pBuffer);
326 case SECPKG_ATTR_SIZES:
328 SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)pBuffer;
329 sizes->cbMaxToken = 2888;
330 sizes->cbMaxSignature = 16;
331 sizes->cbSecurityTrailer = 16;
332 sizes->cbBlockSize = 0;
335 case SECPKG_ATTR_NEGOTIATION_INFO:
337 SecPkgContext_NegotiationInfoA *info = (SecPkgContext_NegotiationInfoA *)pBuffer;
338 info->PackageInfo = ntlm_package_infoA;
339 info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
343 return ntlm_QueryContextAttributesA( phContext, ulAttribute, pBuffer );
347 /***********************************************************************
348 * ImpersonateSecurityContext
350 static SECURITY_STATUS SEC_ENTRY nego_ImpersonateSecurityContext(PCtxtHandle phContext)
354 TRACE("%p\n", phContext);
357 ret = SEC_E_UNSUPPORTED_FUNCTION;
361 ret = SEC_E_INVALID_HANDLE;
366 /***********************************************************************
367 * RevertSecurityContext
369 static SECURITY_STATUS SEC_ENTRY nego_RevertSecurityContext(PCtxtHandle phContext)
373 TRACE("%p\n", phContext);
376 ret = SEC_E_UNSUPPORTED_FUNCTION;
380 ret = SEC_E_INVALID_HANDLE;
385 /***********************************************************************
388 static SECURITY_STATUS SEC_ENTRY nego_MakeSignature(PCtxtHandle phContext,
389 ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
391 TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
393 return ntlm_MakeSignature( phContext, fQOP, pMessage, MessageSeqNo );
396 /***********************************************************************
399 static SECURITY_STATUS SEC_ENTRY nego_VerifySignature(PCtxtHandle phContext,
400 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
402 TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
404 return ntlm_VerifySignature( phContext, pMessage, MessageSeqNo, pfQOP );
407 /***********************************************************************
408 * FreeCredentialsHandle
410 SECURITY_STATUS SEC_ENTRY nego_FreeCredentialsHandle(PCredHandle phCredential)
412 TRACE("%p\n", phCredential);
414 return ntlm_FreeCredentialsHandle( phCredential );
417 /***********************************************************************
420 SECURITY_STATUS SEC_ENTRY nego_EncryptMessage(PCtxtHandle phContext,
421 ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
423 TRACE("%p, 0x%08x, %p, %u\n", phContext, fQOP, pMessage, MessageSeqNo);
425 return ntlm_EncryptMessage( phContext, fQOP, pMessage, MessageSeqNo );
428 /***********************************************************************
431 SECURITY_STATUS SEC_ENTRY nego_DecryptMessage(PCtxtHandle phContext,
432 PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
434 TRACE("%p, %p, %u, %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
436 return ntlm_DecryptMessage( phContext, pMessage, MessageSeqNo, pfQOP );
439 static const SecurityFunctionTableA negoTableA = {
441 NULL, /* EnumerateSecurityPackagesA */
442 nego_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
443 nego_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
444 nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
445 NULL, /* Reserved2 */
446 nego_InitializeSecurityContextA, /* InitializeSecurityContextA */
447 nego_AcceptSecurityContext, /* AcceptSecurityContext */
448 nego_CompleteAuthToken, /* CompleteAuthToken */
449 nego_DeleteSecurityContext, /* DeleteSecurityContext */
450 nego_ApplyControlToken, /* ApplyControlToken */
451 nego_QueryContextAttributesA, /* QueryContextAttributesA */
452 nego_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
453 nego_RevertSecurityContext, /* RevertSecurityContext */
454 nego_MakeSignature, /* MakeSignature */
455 nego_VerifySignature, /* VerifySignature */
456 FreeContextBuffer, /* FreeContextBuffer */
457 NULL, /* QuerySecurityPackageInfoA */
458 NULL, /* Reserved3 */
459 NULL, /* Reserved4 */
460 NULL, /* ExportSecurityContext */
461 NULL, /* ImportSecurityContextA */
462 NULL, /* AddCredentialsA */
463 NULL, /* Reserved8 */
464 NULL, /* QuerySecurityContextToken */
465 nego_EncryptMessage, /* EncryptMessage */
466 nego_DecryptMessage, /* DecryptMessage */
467 NULL, /* SetContextAttributesA */
470 static const SecurityFunctionTableW negoTableW = {
472 NULL, /* EnumerateSecurityPackagesW */
473 nego_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
474 nego_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
475 nego_FreeCredentialsHandle, /* FreeCredentialsHandle */
476 NULL, /* Reserved2 */
477 nego_InitializeSecurityContextW, /* InitializeSecurityContextW */
478 nego_AcceptSecurityContext, /* AcceptSecurityContext */
479 nego_CompleteAuthToken, /* CompleteAuthToken */
480 nego_DeleteSecurityContext, /* DeleteSecurityContext */
481 nego_ApplyControlToken, /* ApplyControlToken */
482 nego_QueryContextAttributesW, /* QueryContextAttributesW */
483 nego_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
484 nego_RevertSecurityContext, /* RevertSecurityContext */
485 nego_MakeSignature, /* MakeSignature */
486 nego_VerifySignature, /* VerifySignature */
487 FreeContextBuffer, /* FreeContextBuffer */
488 NULL, /* QuerySecurityPackageInfoW */
489 NULL, /* Reserved3 */
490 NULL, /* Reserved4 */
491 NULL, /* ExportSecurityContext */
492 NULL, /* ImportSecurityContextW */
493 NULL, /* AddCredentialsW */
494 NULL, /* Reserved8 */
495 NULL, /* QuerySecurityContextToken */
496 nego_EncryptMessage, /* EncryptMessage */
497 nego_DecryptMessage, /* DecryptMessage */
498 NULL, /* SetContextAttributesW */
501 #define NEGO_MAX_TOKEN 12000
503 static WCHAR nego_name_W[] = {'N','e','g','o','t','i','a','t','e',0};
504 static char nego_name_A[] = "Negotiate";
506 static WCHAR negotiate_comment_W[] =
507 {'M','i','c','r','o','s','o','f','t',' ','P','a','c','k','a','g','e',' ',
508 'N','e','g','o','t','i','a','t','o','r',0};
509 static CHAR negotiate_comment_A[] = "Microsoft Package Negotiator";
512 SECPKG_FLAG_INTEGRITY | \
513 SECPKG_FLAG_PRIVACY | \
514 SECPKG_FLAG_CONNECTION | \
515 SECPKG_FLAG_MULTI_REQUIRED | \
516 SECPKG_FLAG_EXTENDED_ERROR | \
517 SECPKG_FLAG_IMPERSONATION | \
518 SECPKG_FLAG_ACCEPT_WIN32_NAME | \
519 SECPKG_FLAG_NEGOTIABLE | \
520 SECPKG_FLAG_GSS_COMPATIBLE | \
521 SECPKG_FLAG_LOGON | \
522 SECPKG_FLAG_RESTRICTED_TOKENS )
524 void SECUR32_initNegotiateSP(void)
526 SecureProvider *provider = SECUR32_addProvider(&negoTableA, &negoTableW, NULL);
528 const SecPkgInfoW infoW = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
529 nego_name_W, negotiate_comment_W};
530 const SecPkgInfoA infoA = {CAPS, 1, RPC_C_AUTHN_GSS_NEGOTIATE, NEGO_MAX_TOKEN,
531 nego_name_A, negotiate_comment_A};
532 SECUR32_addPackages(provider, 1L, &infoA, &infoW);