/** * WinPR: Windows Portable Runtime * Negotiate Security Package * * Copyright 2011-2012 Jiten Pathy * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifdef HAVE_CONFIG_H #include "config.h" #endif #include #include #include "negotiate.h" #include "../sspi.h" char* NEGOTIATE_PACKAGE_NAME = "Negotiate"; SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry) { return SEC_E_OK; } SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry) { NEGOTIATE_CONTEXT* context; CREDENTIALS* credentials; PSecBuffer output_SecBuffer; context = sspi_SecureHandleGetLowerPointer(phContext); if (!context) { context = negotiate_ContextNew(); credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); sspi_CopyAuthIdentity(&context->identity, &credentials->identity); sspi_SecureHandleSetLowerPointer(phNewContext, context); sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOTIATE_PACKAGE_NAME); } if ((!pInput) && (context->state == NEGOTIATE_STATE_INITIAL)) { if (!pOutput) return SEC_E_INVALID_TOKEN; if (pOutput->cBuffers < 1) return SEC_E_INVALID_TOKEN; output_SecBuffer = &pOutput->pBuffers[0]; if (output_SecBuffer->cbBuffer < 1) return SEC_E_INSUFFICIENT_MEMORY; } return SEC_E_OK; } NEGOTIATE_CONTEXT* negotiate_ContextNew() { NEGOTIATE_CONTEXT* context; context = (NEGOTIATE_CONTEXT*) calloc(1, sizeof(NEGOTIATE_CONTEXT)); if (context != NULL) { context->NegotiateFlags = 0; context->state = NEGOTIATE_STATE_INITIAL; } return context; } void negotiate_ContextFree(NEGOTIATE_CONTEXT* context) { if (!context) return; free(context); } SECURITY_STATUS SEC_ENTRY negotiate_QueryContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer) { if (!phContext) return SEC_E_INVALID_HANDLE; if (!pBuffer) return SEC_E_INSUFFICIENT_MEMORY; return SEC_E_UNSUPPORTED_FUNCTION; } SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry) { return SEC_E_OK; } SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry) { CREDENTIALS* credentials; SEC_WINNT_AUTH_IDENTITY* identity; if (fCredentialUse == SECPKG_CRED_OUTBOUND) { credentials = sspi_CredentialsNew(); identity = (SEC_WINNT_AUTH_IDENTITY*) pAuthData; memcpy(&(credentials->identity), identity, sizeof(SEC_WINNT_AUTH_IDENTITY)); sspi_SecureHandleSetLowerPointer(phCredential, (void*) credentials); sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGOTIATE_PACKAGE_NAME); return SEC_E_OK; } return SEC_E_OK; } SECURITY_STATUS SEC_ENTRY negotiate_QueryCredentialsAttributesW(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer) { return SEC_E_OK; } SECURITY_STATUS SEC_ENTRY negotiate_QueryCredentialsAttributesA(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer) { if (ulAttribute == SECPKG_CRED_ATTR_NAMES) { CREDENTIALS* credentials; credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); return SEC_E_OK; } return SEC_E_UNSUPPORTED_FUNCTION; } SECURITY_STATUS SEC_ENTRY negotiate_FreeCredentialsHandle(PCredHandle phCredential) { CREDENTIALS* credentials; if (!phCredential) return SEC_E_INVALID_HANDLE; credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); if (!credentials) return SEC_E_INVALID_HANDLE; sspi_CredentialsFree(credentials); return SEC_E_OK; } SECURITY_STATUS SEC_ENTRY negotiate_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo) { return SEC_E_OK; } SECURITY_STATUS SEC_ENTRY negotiate_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG* pfQOP) { return SEC_E_OK; } SECURITY_STATUS SEC_ENTRY negotiate_MakeSignature(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo) { return SEC_E_OK; } SECURITY_STATUS SEC_ENTRY negotiate_VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG* pfQOP) { return SEC_E_OK; } const SecurityFunctionTableA NEGOTIATE_SecurityFunctionTableA = { 1, /* dwVersion */ NULL, /* EnumerateSecurityPackages */ negotiate_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */ negotiate_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */ negotiate_FreeCredentialsHandle, /* FreeCredentialsHandle */ NULL, /* Reserved2 */ negotiate_InitializeSecurityContextA, /* InitializeSecurityContext */ NULL, /* AcceptSecurityContext */ NULL, /* CompleteAuthToken */ NULL, /* DeleteSecurityContext */ NULL, /* ApplyControlToken */ negotiate_QueryContextAttributes, /* QueryContextAttributes */ NULL, /* ImpersonateSecurityContext */ NULL, /* RevertSecurityContext */ negotiate_MakeSignature, /* MakeSignature */ negotiate_VerifySignature, /* VerifySignature */ NULL, /* FreeContextBuffer */ NULL, /* QuerySecurityPackageInfo */ NULL, /* Reserved3 */ NULL, /* Reserved4 */ NULL, /* ExportSecurityContext */ NULL, /* ImportSecurityContext */ NULL, /* AddCredentials */ NULL, /* Reserved8 */ NULL, /* QuerySecurityContextToken */ negotiate_EncryptMessage, /* EncryptMessage */ negotiate_DecryptMessage, /* DecryptMessage */ NULL, /* SetContextAttributes */ }; const SecurityFunctionTableW NEGOTIATE_SecurityFunctionTableW = { 1, /* dwVersion */ NULL, /* EnumerateSecurityPackages */ negotiate_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */ negotiate_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */ negotiate_FreeCredentialsHandle, /* FreeCredentialsHandle */ NULL, /* Reserved2 */ negotiate_InitializeSecurityContextW, /* InitializeSecurityContext */ NULL, /* AcceptSecurityContext */ NULL, /* CompleteAuthToken */ NULL, /* DeleteSecurityContext */ NULL, /* ApplyControlToken */ negotiate_QueryContextAttributes, /* QueryContextAttributes */ NULL, /* ImpersonateSecurityContext */ NULL, /* RevertSecurityContext */ negotiate_MakeSignature, /* MakeSignature */ negotiate_VerifySignature, /* VerifySignature */ NULL, /* FreeContextBuffer */ NULL, /* QuerySecurityPackageInfo */ NULL, /* Reserved3 */ NULL, /* Reserved4 */ NULL, /* ExportSecurityContext */ NULL, /* ImportSecurityContext */ NULL, /* AddCredentials */ NULL, /* Reserved8 */ NULL, /* QuerySecurityContextToken */ negotiate_EncryptMessage, /* EncryptMessage */ negotiate_DecryptMessage, /* DecryptMessage */ NULL, /* SetContextAttributes */ }; const SecPkgInfoA NEGOTIATE_SecPkgInfoA = { 0x00083BB3, /* fCapabilities */ 1, /* wVersion */ 0x0009, /* wRPCID */ 0x00002FE0, /* cbMaxToken */ "Negotiate", /* Name */ "Microsoft Package Negotiator" /* Comment */ }; WCHAR NEGOTIATE_SecPkgInfoW_Name[] = { 'N','e','g','o','t','i','a','t','e','\0' }; WCHAR NEGOTIATE_SecPkgInfoW_Comment[] = { 'M','i','c','r','o','s','o','f','t',' ', 'P','a','c','k','a','g','e',' ', 'N','e','g','o','t','i','a','t','o','r','\0' }; const SecPkgInfoW NEGOTIATE_SecPkgInfoW = { 0x00083BB3, /* fCapabilities */ 1, /* wVersion */ 0x0009, /* wRPCID */ 0x00002FE0, /* cbMaxToken */ NEGOTIATE_SecPkgInfoW_Name, /* Name */ NEGOTIATE_SecPkgInfoW_Comment /* Comment */ };