1 /* 2 * Copyright 2005, 2006 Kai Blin 3 * Copyright 2016 Jacek Caban for CodeWeavers 4 * 5 * This library is free software; you can redistribute it and/or 6 * modify it under the terms of the GNU Lesser General Public 7 * License as published by the Free Software Foundation; either 8 * version 2.1 of the License, or (at your option) any later version. 9 * 10 * This library is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 * Lesser General Public License for more details. 14 * 15 * You should have received a copy of the GNU Lesser General Public 16 * License along with this library; if not, write to the Free Software 17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA 18 */ 19 20 #include "precomp.h" 21 22 #include <assert.h> 23 24 #include <wine/debug.h> 25 WINE_DEFAULT_DEBUG_CHANNEL(secur32); 26 27 #define KERBEROS_MAX_BUF 12000 28 29 /*********************************************************************** 30 * QueryCredentialsAttributesA 31 */ 32 static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer) 33 { 34 FIXME("(%p %d %p)\n", phCredential, ulAttribute, pBuffer); 35 return SEC_E_UNSUPPORTED_FUNCTION; 36 } 37 38 /*********************************************************************** 39 * QueryCredentialsAttributesW 40 */ 41 static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer) 42 { 43 FIXME("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer); 44 return SEC_E_UNSUPPORTED_FUNCTION; 45 } 46 47 /*********************************************************************** 48 * AcquireCredentialsHandleW 49 */ 50 static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW(SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse, 51 LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry) 52 { 53 FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse, 54 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry); 55 return SEC_E_NO_CREDENTIALS; 56 } 57 58 /*********************************************************************** 59 * AcquireCredentialsHandleA 60 */ 61 static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse, 62 LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry) 63 { 64 FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse, 65 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry); 66 return SEC_E_UNSUPPORTED_FUNCTION; 67 } 68 69 /*********************************************************************** 70 * InitializeSecurityContextW 71 */ 72 static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW(CredHandle *phCredential, CtxtHandle *phContext, SEC_WCHAR *pszTargetName, 73 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext, 74 SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry) 75 { 76 FIXME("(%p %p %s 0x%08x %d %d %p %d %p %p %p %p)\n", phCredential, phContext, debugstr_w(pszTargetName), 77 fContextReq, Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry); 78 return SEC_E_UNSUPPORTED_FUNCTION; 79 } 80 81 /*********************************************************************** 82 * InitializeSecurityContextA 83 */ 84 static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(CredHandle *phCredential, CtxtHandle *phContext, SEC_CHAR *pszTargetName, 85 ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext, 86 SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry) 87 { 88 FIXME("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext, debugstr_a(pszTargetName), fContextReq, 89 Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry); 90 return SEC_E_UNSUPPORTED_FUNCTION; 91 } 92 93 /*********************************************************************** 94 * AcceptSecurityContext 95 */ 96 static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext(CredHandle *phCredential, CtxtHandle *phContext, SecBufferDesc *pInput, 97 ULONG fContextReq, ULONG TargetDataRep, CtxtHandle *phNewContext, SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry) 98 { 99 FIXME("(%p %p %p %d %d %p %p %p %p)\n", phCredential, phContext, pInput, fContextReq, TargetDataRep, phNewContext, pOutput, 100 pfContextAttr, ptsExpiry); 101 return SEC_E_UNSUPPORTED_FUNCTION; 102 } 103 104 /*********************************************************************** 105 * CompleteAuthToken 106 */ 107 static SECURITY_STATUS SEC_ENTRY kerberos_CompleteAuthToken(CtxtHandle *phContext, SecBufferDesc *pToken) 108 { 109 FIXME("(%p %p)\n", phContext, pToken); 110 return SEC_E_UNSUPPORTED_FUNCTION; 111 } 112 113 /*********************************************************************** 114 * DeleteSecurityContext 115 */ 116 static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext(CtxtHandle *phContext) 117 { 118 FIXME("(%p)\n", phContext); 119 return SEC_E_UNSUPPORTED_FUNCTION; 120 } 121 122 /*********************************************************************** 123 * QueryContextAttributesW 124 */ 125 static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer) 126 { 127 FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer); 128 return SEC_E_UNSUPPORTED_FUNCTION; 129 } 130 131 /*********************************************************************** 132 * QueryContextAttributesA 133 */ 134 static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer) 135 { 136 FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer); 137 return SEC_E_UNSUPPORTED_FUNCTION; 138 } 139 140 /*********************************************************************** 141 * ImpersonateSecurityContext 142 */ 143 static SECURITY_STATUS SEC_ENTRY kerberos_ImpersonateSecurityContext(CtxtHandle *phContext) 144 { 145 FIXME("(%p)\n", phContext); 146 return SEC_E_UNSUPPORTED_FUNCTION; 147 } 148 149 /*********************************************************************** 150 * RevertSecurityContext 151 */ 152 static SECURITY_STATUS SEC_ENTRY kerberos_RevertSecurityContext(CtxtHandle *phContext) 153 { 154 FIXME("(%p)\n", phContext); 155 return SEC_E_UNSUPPORTED_FUNCTION; 156 } 157 158 /*********************************************************************** 159 * MakeSignature 160 */ 161 static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo) 162 { 163 FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo); 164 return SEC_E_UNSUPPORTED_FUNCTION; 165 } 166 167 /*********************************************************************** 168 * VerifySignature 169 */ 170 static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP) 171 { 172 FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP); 173 return SEC_E_UNSUPPORTED_FUNCTION; 174 } 175 176 /*********************************************************************** 177 * FreeCredentialsHandle 178 */ 179 static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle(PCredHandle phCredential) 180 { 181 FIXME("(%p)\n", phCredential); 182 return SEC_E_UNSUPPORTED_FUNCTION; 183 } 184 185 /*********************************************************************** 186 * EncryptMessage 187 */ 188 static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo) 189 { 190 FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo); 191 return SEC_E_UNSUPPORTED_FUNCTION; 192 } 193 194 /*********************************************************************** 195 * DecryptMessage 196 */ 197 static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP) 198 { 199 FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP); 200 return SEC_E_UNSUPPORTED_FUNCTION; 201 } 202 203 static const SecurityFunctionTableA kerberosTableA = { 204 1, 205 NULL, /* EnumerateSecurityPackagesA */ 206 kerberos_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */ 207 kerberos_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */ 208 kerberos_FreeCredentialsHandle, /* FreeCredentialsHandle */ 209 NULL, /* Reserved2 */ 210 kerberos_InitializeSecurityContextA, /* InitializeSecurityContextA */ 211 kerberos_AcceptSecurityContext, /* AcceptSecurityContext */ 212 kerberos_CompleteAuthToken, /* CompleteAuthToken */ 213 kerberos_DeleteSecurityContext, /* DeleteSecurityContext */ 214 NULL, /* ApplyControlToken */ 215 kerberos_QueryContextAttributesA, /* QueryContextAttributesA */ 216 kerberos_ImpersonateSecurityContext, /* ImpersonateSecurityContext */ 217 kerberos_RevertSecurityContext, /* RevertSecurityContext */ 218 kerberos_MakeSignature, /* MakeSignature */ 219 kerberos_VerifySignature, /* VerifySignature */ 220 FreeContextBuffer, /* FreeContextBuffer */ 221 NULL, /* QuerySecurityPackageInfoA */ 222 NULL, /* Reserved3 */ 223 NULL, /* Reserved4 */ 224 NULL, /* ExportSecurityContext */ 225 NULL, /* ImportSecurityContextA */ 226 NULL, /* AddCredentialsA */ 227 NULL, /* Reserved8 */ 228 NULL, /* QuerySecurityContextToken */ 229 kerberos_EncryptMessage, /* EncryptMessage */ 230 kerberos_DecryptMessage, /* DecryptMessage */ 231 NULL, /* SetContextAttributesA */ 232 }; 233 234 static const SecurityFunctionTableW kerberosTableW = { 235 1, 236 NULL, /* EnumerateSecurityPackagesW */ 237 kerberos_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */ 238 kerberos_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */ 239 kerberos_FreeCredentialsHandle, /* FreeCredentialsHandle */ 240 NULL, /* Reserved2 */ 241 kerberos_InitializeSecurityContextW, /* InitializeSecurityContextW */ 242 kerberos_AcceptSecurityContext, /* AcceptSecurityContext */ 243 kerberos_CompleteAuthToken, /* CompleteAuthToken */ 244 kerberos_DeleteSecurityContext, /* DeleteSecurityContext */ 245 NULL, /* ApplyControlToken */ 246 kerberos_QueryContextAttributesW, /* QueryContextAttributesW */ 247 kerberos_ImpersonateSecurityContext, /* ImpersonateSecurityContext */ 248 kerberos_RevertSecurityContext, /* RevertSecurityContext */ 249 kerberos_MakeSignature, /* MakeSignature */ 250 kerberos_VerifySignature, /* VerifySignature */ 251 FreeContextBuffer, /* FreeContextBuffer */ 252 NULL, /* QuerySecurityPackageInfoW */ 253 NULL, /* Reserved3 */ 254 NULL, /* Reserved4 */ 255 NULL, /* ExportSecurityContext */ 256 NULL, /* ImportSecurityContextW */ 257 NULL, /* AddCredentialsW */ 258 NULL, /* Reserved8 */ 259 NULL, /* QuerySecurityContextToken */ 260 kerberos_EncryptMessage, /* EncryptMessage */ 261 kerberos_DecryptMessage, /* DecryptMessage */ 262 NULL, /* SetContextAttributesW */ 263 }; 264 265 #define KERBEROS_COMMENT \ 266 {'M','i','c','r','o','s','o','f','t',' ','K','e','r','b','e','r','o','s',' ','V','1','.','0',0} 267 static CHAR kerberos_comment_A[] = KERBEROS_COMMENT; 268 static WCHAR kerberos_comment_W[] = KERBEROS_COMMENT; 269 270 #define KERBEROS_NAME {'K','e','r','b','e','r','o','s',0} 271 static char kerberos_name_A[] = KERBEROS_NAME; 272 static WCHAR kerberos_name_W[] = KERBEROS_NAME; 273 274 #define CAPS \ 275 ( SECPKG_FLAG_INTEGRITY \ 276 | SECPKG_FLAG_PRIVACY \ 277 | SECPKG_FLAG_TOKEN_ONLY \ 278 | SECPKG_FLAG_DATAGRAM \ 279 | SECPKG_FLAG_CONNECTION \ 280 | SECPKG_FLAG_MULTI_REQUIRED \ 281 | SECPKG_FLAG_EXTENDED_ERROR \ 282 | SECPKG_FLAG_IMPERSONATION \ 283 | SECPKG_FLAG_ACCEPT_WIN32_NAME \ 284 | SECPKG_FLAG_NEGOTIABLE \ 285 | SECPKG_FLAG_GSS_COMPATIBLE \ 286 | SECPKG_FLAG_LOGON \ 287 | SECPKG_FLAG_MUTUAL_AUTH \ 288 | SECPKG_FLAG_DELEGATION \ 289 | SECPKG_FLAG_READONLY_WITH_CHECKSUM \ 290 | SECPKG_FLAG_RESTRICTED_TOKENS \ 291 | SECPKG_FLAG_APPCONTAINER_CHECKS) 292 293 static const SecPkgInfoW infoW = { 294 CAPS, 295 1, 296 RPC_C_AUTHN_GSS_KERBEROS, 297 KERBEROS_MAX_BUF, 298 kerberos_name_W, 299 kerberos_comment_W 300 }; 301 302 static const SecPkgInfoA infoA = { 303 CAPS, 304 1, 305 RPC_C_AUTHN_GSS_KERBEROS, 306 KERBEROS_MAX_BUF, 307 kerberos_name_A, 308 kerberos_comment_A 309 }; 310 311 void SECUR32_initKerberosSP(void) 312 { 313 SecureProvider *provider = SECUR32_addProvider(&kerberosTableA, &kerberosTableW, NULL); 314 SECUR32_addPackages(provider, 1, &infoA, &infoW); 315 } 316