1 /*
2 * Copyright 2005, 2006 Kai Blin
3 * Copyright 2016 Jacek Caban for CodeWeavers
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
18 */
19
20 #include "precomp.h"
21
22 #include <assert.h>
23
24 #include <wine/debug.h>
25 WINE_DEFAULT_DEBUG_CHANNEL(secur32);
26
27 #define KERBEROS_MAX_BUF 12000
28
29 /***********************************************************************
30 * QueryCredentialsAttributesA
31 */
kerberos_QueryCredentialsAttributesA(CredHandle * phCredential,ULONG ulAttribute,void * pBuffer)32 static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer)
33 {
34 FIXME("(%p %d %p)\n", phCredential, ulAttribute, pBuffer);
35 return SEC_E_UNSUPPORTED_FUNCTION;
36 }
37
38 /***********************************************************************
39 * QueryCredentialsAttributesW
40 */
kerberos_QueryCredentialsAttributesW(CredHandle * phCredential,ULONG ulAttribute,void * pBuffer)41 static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer)
42 {
43 FIXME("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
44 return SEC_E_UNSUPPORTED_FUNCTION;
45 }
46
47 /***********************************************************************
48 * AcquireCredentialsHandleW
49 */
kerberos_AcquireCredentialsHandleW(SEC_WCHAR * pszPrincipal,SEC_WCHAR * pszPackage,ULONG fCredentialUse,LUID * pLogonID,void * pAuthData,SEC_GET_KEY_FN pGetKeyFn,void * pGetKeyArgument,CredHandle * phCredential,TimeStamp * ptsExpiry)50 static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW(SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
51 LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry)
52 {
53 FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
54 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
55 return SEC_E_NO_CREDENTIALS;
56 }
57
58 /***********************************************************************
59 * AcquireCredentialsHandleA
60 */
kerberos_AcquireCredentialsHandleA(SEC_CHAR * pszPrincipal,SEC_CHAR * pszPackage,ULONG fCredentialUse,LUID * pLogonID,void * pAuthData,SEC_GET_KEY_FN pGetKeyFn,void * pGetKeyArgument,CredHandle * phCredential,TimeStamp * ptsExpiry)61 static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
62 LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry)
63 {
64 FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
65 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
66 return SEC_E_UNSUPPORTED_FUNCTION;
67 }
68
69 /***********************************************************************
70 * InitializeSecurityContextW
71 */
kerberos_InitializeSecurityContextW(CredHandle * phCredential,CtxtHandle * phContext,SEC_WCHAR * pszTargetName,ULONG fContextReq,ULONG Reserved1,ULONG TargetDataRep,SecBufferDesc * pInput,ULONG Reserved2,CtxtHandle * phNewContext,SecBufferDesc * pOutput,ULONG * pfContextAttr,TimeStamp * ptsExpiry)72 static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW(CredHandle *phCredential, CtxtHandle *phContext, SEC_WCHAR *pszTargetName,
73 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext,
74 SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
75 {
76 FIXME("(%p %p %s 0x%08x %d %d %p %d %p %p %p %p)\n", phCredential, phContext, debugstr_w(pszTargetName),
77 fContextReq, Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
78 return SEC_E_UNSUPPORTED_FUNCTION;
79 }
80
81 /***********************************************************************
82 * InitializeSecurityContextA
83 */
kerberos_InitializeSecurityContextA(CredHandle * phCredential,CtxtHandle * phContext,SEC_CHAR * pszTargetName,ULONG fContextReq,ULONG Reserved1,ULONG TargetDataRep,SecBufferDesc * pInput,ULONG Reserved2,CtxtHandle * phNewContext,SecBufferDesc * pOutput,ULONG * pfContextAttr,TimeStamp * ptsExpiry)84 static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(CredHandle *phCredential, CtxtHandle *phContext, SEC_CHAR *pszTargetName,
85 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext,
86 SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
87 {
88 FIXME("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext, debugstr_a(pszTargetName), fContextReq,
89 Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
90 return SEC_E_UNSUPPORTED_FUNCTION;
91 }
92
93 /***********************************************************************
94 * AcceptSecurityContext
95 */
kerberos_AcceptSecurityContext(CredHandle * phCredential,CtxtHandle * phContext,SecBufferDesc * pInput,ULONG fContextReq,ULONG TargetDataRep,CtxtHandle * phNewContext,SecBufferDesc * pOutput,ULONG * pfContextAttr,TimeStamp * ptsExpiry)96 static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext(CredHandle *phCredential, CtxtHandle *phContext, SecBufferDesc *pInput,
97 ULONG fContextReq, ULONG TargetDataRep, CtxtHandle *phNewContext, SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
98 {
99 FIXME("(%p %p %p %d %d %p %p %p %p)\n", phCredential, phContext, pInput, fContextReq, TargetDataRep, phNewContext, pOutput,
100 pfContextAttr, ptsExpiry);
101 return SEC_E_UNSUPPORTED_FUNCTION;
102 }
103
104 /***********************************************************************
105 * CompleteAuthToken
106 */
kerberos_CompleteAuthToken(CtxtHandle * phContext,SecBufferDesc * pToken)107 static SECURITY_STATUS SEC_ENTRY kerberos_CompleteAuthToken(CtxtHandle *phContext, SecBufferDesc *pToken)
108 {
109 FIXME("(%p %p)\n", phContext, pToken);
110 return SEC_E_UNSUPPORTED_FUNCTION;
111 }
112
113 /***********************************************************************
114 * DeleteSecurityContext
115 */
kerberos_DeleteSecurityContext(CtxtHandle * phContext)116 static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext(CtxtHandle *phContext)
117 {
118 FIXME("(%p)\n", phContext);
119 return SEC_E_UNSUPPORTED_FUNCTION;
120 }
121
122 /***********************************************************************
123 * QueryContextAttributesW
124 */
kerberos_QueryContextAttributesW(CtxtHandle * phContext,ULONG ulAttribute,void * pBuffer)125 static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer)
126 {
127 FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer);
128 return SEC_E_UNSUPPORTED_FUNCTION;
129 }
130
131 /***********************************************************************
132 * QueryContextAttributesA
133 */
kerberos_QueryContextAttributesA(CtxtHandle * phContext,ULONG ulAttribute,void * pBuffer)134 static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer)
135 {
136 FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer);
137 return SEC_E_UNSUPPORTED_FUNCTION;
138 }
139
140 /***********************************************************************
141 * ImpersonateSecurityContext
142 */
kerberos_ImpersonateSecurityContext(CtxtHandle * phContext)143 static SECURITY_STATUS SEC_ENTRY kerberos_ImpersonateSecurityContext(CtxtHandle *phContext)
144 {
145 FIXME("(%p)\n", phContext);
146 return SEC_E_UNSUPPORTED_FUNCTION;
147 }
148
149 /***********************************************************************
150 * RevertSecurityContext
151 */
kerberos_RevertSecurityContext(CtxtHandle * phContext)152 static SECURITY_STATUS SEC_ENTRY kerberos_RevertSecurityContext(CtxtHandle *phContext)
153 {
154 FIXME("(%p)\n", phContext);
155 return SEC_E_UNSUPPORTED_FUNCTION;
156 }
157
158 /***********************************************************************
159 * MakeSignature
160 */
kerberos_MakeSignature(CtxtHandle * phContext,ULONG fQOP,SecBufferDesc * pMessage,ULONG MessageSeqNo)161 static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo)
162 {
163 FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
164 return SEC_E_UNSUPPORTED_FUNCTION;
165 }
166
167 /***********************************************************************
168 * VerifySignature
169 */
kerberos_VerifySignature(CtxtHandle * phContext,SecBufferDesc * pMessage,ULONG MessageSeqNo,PULONG pfQOP)170 static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP)
171 {
172 FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
173 return SEC_E_UNSUPPORTED_FUNCTION;
174 }
175
176 /***********************************************************************
177 * FreeCredentialsHandle
178 */
kerberos_FreeCredentialsHandle(PCredHandle phCredential)179 static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle(PCredHandle phCredential)
180 {
181 FIXME("(%p)\n", phCredential);
182 return SEC_E_UNSUPPORTED_FUNCTION;
183 }
184
185 /***********************************************************************
186 * EncryptMessage
187 */
kerberos_EncryptMessage(CtxtHandle * phContext,ULONG fQOP,SecBufferDesc * pMessage,ULONG MessageSeqNo)188 static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo)
189 {
190 FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
191 return SEC_E_UNSUPPORTED_FUNCTION;
192 }
193
194 /***********************************************************************
195 * DecryptMessage
196 */
kerberos_DecryptMessage(CtxtHandle * phContext,SecBufferDesc * pMessage,ULONG MessageSeqNo,PULONG pfQOP)197 static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP)
198 {
199 FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
200 return SEC_E_UNSUPPORTED_FUNCTION;
201 }
202
203 static const SecurityFunctionTableA kerberosTableA = {
204 1,
205 NULL, /* EnumerateSecurityPackagesA */
206 kerberos_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
207 kerberos_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
208 kerberos_FreeCredentialsHandle, /* FreeCredentialsHandle */
209 NULL, /* Reserved2 */
210 kerberos_InitializeSecurityContextA, /* InitializeSecurityContextA */
211 kerberos_AcceptSecurityContext, /* AcceptSecurityContext */
212 kerberos_CompleteAuthToken, /* CompleteAuthToken */
213 kerberos_DeleteSecurityContext, /* DeleteSecurityContext */
214 NULL, /* ApplyControlToken */
215 kerberos_QueryContextAttributesA, /* QueryContextAttributesA */
216 kerberos_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
217 kerberos_RevertSecurityContext, /* RevertSecurityContext */
218 kerberos_MakeSignature, /* MakeSignature */
219 kerberos_VerifySignature, /* VerifySignature */
220 FreeContextBuffer, /* FreeContextBuffer */
221 NULL, /* QuerySecurityPackageInfoA */
222 NULL, /* Reserved3 */
223 NULL, /* Reserved4 */
224 NULL, /* ExportSecurityContext */
225 NULL, /* ImportSecurityContextA */
226 NULL, /* AddCredentialsA */
227 NULL, /* Reserved8 */
228 NULL, /* QuerySecurityContextToken */
229 kerberos_EncryptMessage, /* EncryptMessage */
230 kerberos_DecryptMessage, /* DecryptMessage */
231 NULL, /* SetContextAttributesA */
232 };
233
234 static const SecurityFunctionTableW kerberosTableW = {
235 1,
236 NULL, /* EnumerateSecurityPackagesW */
237 kerberos_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
238 kerberos_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
239 kerberos_FreeCredentialsHandle, /* FreeCredentialsHandle */
240 NULL, /* Reserved2 */
241 kerberos_InitializeSecurityContextW, /* InitializeSecurityContextW */
242 kerberos_AcceptSecurityContext, /* AcceptSecurityContext */
243 kerberos_CompleteAuthToken, /* CompleteAuthToken */
244 kerberos_DeleteSecurityContext, /* DeleteSecurityContext */
245 NULL, /* ApplyControlToken */
246 kerberos_QueryContextAttributesW, /* QueryContextAttributesW */
247 kerberos_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
248 kerberos_RevertSecurityContext, /* RevertSecurityContext */
249 kerberos_MakeSignature, /* MakeSignature */
250 kerberos_VerifySignature, /* VerifySignature */
251 FreeContextBuffer, /* FreeContextBuffer */
252 NULL, /* QuerySecurityPackageInfoW */
253 NULL, /* Reserved3 */
254 NULL, /* Reserved4 */
255 NULL, /* ExportSecurityContext */
256 NULL, /* ImportSecurityContextW */
257 NULL, /* AddCredentialsW */
258 NULL, /* Reserved8 */
259 NULL, /* QuerySecurityContextToken */
260 kerberos_EncryptMessage, /* EncryptMessage */
261 kerberos_DecryptMessage, /* DecryptMessage */
262 NULL, /* SetContextAttributesW */
263 };
264
265 #define KERBEROS_COMMENT \
266 {'M','i','c','r','o','s','o','f','t',' ','K','e','r','b','e','r','o','s',' ','V','1','.','0',0}
267 static CHAR kerberos_comment_A[] = KERBEROS_COMMENT;
268 static WCHAR kerberos_comment_W[] = KERBEROS_COMMENT;
269
270 #define KERBEROS_NAME {'K','e','r','b','e','r','o','s',0}
271 static char kerberos_name_A[] = KERBEROS_NAME;
272 static WCHAR kerberos_name_W[] = KERBEROS_NAME;
273
274 #define CAPS \
275 ( SECPKG_FLAG_INTEGRITY \
276 | SECPKG_FLAG_PRIVACY \
277 | SECPKG_FLAG_TOKEN_ONLY \
278 | SECPKG_FLAG_DATAGRAM \
279 | SECPKG_FLAG_CONNECTION \
280 | SECPKG_FLAG_MULTI_REQUIRED \
281 | SECPKG_FLAG_EXTENDED_ERROR \
282 | SECPKG_FLAG_IMPERSONATION \
283 | SECPKG_FLAG_ACCEPT_WIN32_NAME \
284 | SECPKG_FLAG_NEGOTIABLE \
285 | SECPKG_FLAG_GSS_COMPATIBLE \
286 | SECPKG_FLAG_LOGON \
287 | SECPKG_FLAG_MUTUAL_AUTH \
288 | SECPKG_FLAG_DELEGATION \
289 | SECPKG_FLAG_READONLY_WITH_CHECKSUM \
290 | SECPKG_FLAG_RESTRICTED_TOKENS \
291 | SECPKG_FLAG_APPCONTAINER_CHECKS)
292
293 static const SecPkgInfoW infoW = {
294 CAPS,
295 1,
296 RPC_C_AUTHN_GSS_KERBEROS,
297 KERBEROS_MAX_BUF,
298 kerberos_name_W,
299 kerberos_comment_W
300 };
301
302 static const SecPkgInfoA infoA = {
303 CAPS,
304 1,
305 RPC_C_AUTHN_GSS_KERBEROS,
306 KERBEROS_MAX_BUF,
307 kerberos_name_A,
308 kerberos_comment_A
309 };
310
SECUR32_initKerberosSP(void)311 void SECUR32_initKerberosSP(void)
312 {
313 SecureProvider *provider = SECUR32_addProvider(&kerberosTableA, &kerberosTableW, NULL);
314 SECUR32_addPackages(provider, 1, &infoA, &infoW);
315 }
316