secur32: Added Kerberos provider stub implementation.

Signed-off-by: Jacek Caban <jacek@codeweavers.com> Signed-off-by: Alexandre Julliard <julliard@winehq.org>

secur32: Added Kerberos provider stub implementation.
0524963d · Jacek Caban · Alexandre Julliard · 3b6cb60e · 0524963d · 0524963d
Commit 0524963d authored Jun 27, 2016 by Jacek Caban Committed by Alexandre Julliard Jul 03, 2016
5 changed files
--- a/dlls/secur32/Makefile.in
+++ b/dlls/secur32/Makefile.in
@@ -9,6 +9,7 @@ C_SRCS = \
 	base64_codec.c \
 	dispatcher.c \
 	hmac_md5.c \
+	kerberos.c \
 	lsa.c \
 	negotiate.c \
 	ntlm.c \

--- a/dlls/secur32/kerberos.c
+++ b/dlls/secur32/kerberos.c
+/*
+ * Copyright 2005, 2006 Kai Blin
+ * Copyright 2016 Jacek Caban for CodeWeavers
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#include <assert.h>
+#include <stdarg.h>
+#include <stdio.h>
+
+#include "windef.h"
+#include "winbase.h"
+#include "rpc.h"
+#include "sspi.h"
+
+#include "secur32_priv.h"
+
+#include "wine/debug.h"
+
+WINE_DEFAULT_DEBUG_CHANNEL(secur32);
+
+#define KERBEROS_MAX_BUF 12000
+
+/***********************************************************************
+ *              QueryCredentialsAttributesA
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer)
+{
+    FIXME("(%p %d %p)\n", phCredential, ulAttribute, pBuffer);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              QueryCredentialsAttributesW
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesW(CredHandle *phCredential, ULONG ulAttribute, void *pBuffer)
+{
+    FIXME("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              AcquireCredentialsHandleW
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleW(SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
+        LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry)
+{
+    FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
+          pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
+    return SEC_E_NO_CREDENTIALS;
+}
+
+/***********************************************************************
+ *              AcquireCredentialsHandleA
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_AcquireCredentialsHandleA(SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
+        LUID *pLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pGetKeyArgument, CredHandle *phCredential, TimeStamp *ptsExpiry)
+{
+    FIXME("(%s %s 0x%08x %p %p %p %p %p %p)\n", debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
+          pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              InitializeSecurityContextW
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextW(CredHandle *phCredential, CtxtHandle *phContext, SEC_WCHAR *pszTargetName,
+        ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext,
+        SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
+{
+    FIXME("(%p %p %s 0x%08x %d %d %p %d %p %p %p %p)\n", phCredential, phContext, debugstr_w(pszTargetName),
+          fContextReq, Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              InitializeSecurityContextA
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(CredHandle *phCredential, CtxtHandle *phContext, SEC_CHAR *pszTargetName,
+        ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, SecBufferDesc *pInput, ULONG Reserved2, CtxtHandle *phNewContext,
+        SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
+{
+    FIXME("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext, debugstr_a(pszTargetName), fContextReq,
+          Reserved1, TargetDataRep, pInput, Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              AcceptSecurityContext
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_AcceptSecurityContext(CredHandle *phCredential, CtxtHandle *phContext, SecBufferDesc *pInput,
+        ULONG fContextReq, ULONG TargetDataRep, CtxtHandle *phNewContext, SecBufferDesc *pOutput, ULONG *pfContextAttr, TimeStamp *ptsExpiry)
+{
+    FIXME("(%p %p %p %d %d %p %p %p %p)\n", phCredential, phContext, pInput, fContextReq, TargetDataRep, phNewContext, pOutput,
+          pfContextAttr, ptsExpiry);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              CompleteAuthToken
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_CompleteAuthToken(CtxtHandle *phContext, SecBufferDesc *pToken)
+{
+    FIXME("(%p %p)\n", phContext, pToken);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              DeleteSecurityContext
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_DeleteSecurityContext(CtxtHandle *phContext)
+{
+    FIXME("(%p)\n", phContext);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              QueryContextAttributesW
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesW(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer)
+{
+    FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              QueryContextAttributesA
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_QueryContextAttributesA(CtxtHandle *phContext, ULONG ulAttribute, void *pBuffer)
+{
+    FIXME("(%p %d %p)\n", phContext, ulAttribute, pBuffer);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              ImpersonateSecurityContext
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_ImpersonateSecurityContext(CtxtHandle *phContext)
+{
+    FIXME("(%p)\n", phContext);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              RevertSecurityContext
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_RevertSecurityContext(CtxtHandle *phContext)
+{
+    FIXME("(%p)\n", phContext);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              MakeSignature
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo)
+{
+    FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *              VerifySignature
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP)
+{
+    FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *             FreeCredentialsHandle
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle(PCredHandle phCredential)
+{
+    FIXME("(%p)\n", phCredential);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *             EncryptMessage
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo)
+{
+    FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+/***********************************************************************
+ *             DecryptMessage
+ */
+static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP)
+{
+    FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
+static const SecurityFunctionTableA kerberosTableA = {
+    1,
+    NULL,   /* EnumerateSecurityPackagesA */
+    kerberos_QueryCredentialsAttributesA,   /* QueryCredentialsAttributesA */
+    kerberos_AcquireCredentialsHandleA,     /* AcquireCredentialsHandleA */
+    kerberos_FreeCredentialsHandle,         /* FreeCredentialsHandle */
+    NULL,   /* Reserved2 */
+    kerberos_InitializeSecurityContextA,    /* InitializeSecurityContextA */
+    kerberos_AcceptSecurityContext,         /* AcceptSecurityContext */
+    kerberos_CompleteAuthToken,             /* CompleteAuthToken */
+    kerberos_DeleteSecurityContext,         /* DeleteSecurityContext */
+    NULL,  /* ApplyControlToken */
+    kerberos_QueryContextAttributesA,       /* QueryContextAttributesA */
+    kerberos_ImpersonateSecurityContext,    /* ImpersonateSecurityContext */
+    kerberos_RevertSecurityContext,         /* RevertSecurityContext */
+    kerberos_MakeSignature,                 /* MakeSignature */
+    kerberos_VerifySignature,               /* VerifySignature */
+    FreeContextBuffer,                      /* FreeContextBuffer */
+    NULL,   /* QuerySecurityPackageInfoA */
+    NULL,   /* Reserved3 */
+    NULL,   /* Reserved4 */
+    NULL,   /* ExportSecurityContext */
+    NULL,   /* ImportSecurityContextA */
+    NULL,   /* AddCredentialsA */
+    NULL,   /* Reserved8 */
+    NULL,   /* QuerySecurityContextToken */
+    kerberos_EncryptMessage,                /* EncryptMessage */
+    kerberos_DecryptMessage,                /* DecryptMessage */
+    NULL,   /* SetContextAttributesA */
+};
+
+static const SecurityFunctionTableW kerberosTableW = {
+    1,
+    NULL,   /* EnumerateSecurityPackagesW */
+    kerberos_QueryCredentialsAttributesW,   /* QueryCredentialsAttributesW */
+    kerberos_AcquireCredentialsHandleW,     /* AcquireCredentialsHandleW */
+    kerberos_FreeCredentialsHandle,         /* FreeCredentialsHandle */
+    NULL,   /* Reserved2 */
+    kerberos_InitializeSecurityContextW,    /* InitializeSecurityContextW */
+    kerberos_AcceptSecurityContext,         /* AcceptSecurityContext */
+    kerberos_CompleteAuthToken,             /* CompleteAuthToken */
+    kerberos_DeleteSecurityContext,         /* DeleteSecurityContext */
+    NULL,  /* ApplyControlToken */
+    kerberos_QueryContextAttributesW,       /* QueryContextAttributesW */
+    kerberos_ImpersonateSecurityContext,    /* ImpersonateSecurityContext */
+    kerberos_RevertSecurityContext,         /* RevertSecurityContext */
+    kerberos_MakeSignature,                 /* MakeSignature */
+    kerberos_VerifySignature,               /* VerifySignature */
+    FreeContextBuffer,                      /* FreeContextBuffer */
+    NULL,   /* QuerySecurityPackageInfoW */
+    NULL,   /* Reserved3 */
+    NULL,   /* Reserved4 */
+    NULL,   /* ExportSecurityContext */
+    NULL,   /* ImportSecurityContextW */
+    NULL,   /* AddCredentialsW */
+    NULL,   /* Reserved8 */
+    NULL,   /* QuerySecurityContextToken */
+    kerberos_EncryptMessage,                /* EncryptMessage */
+    kerberos_DecryptMessage,                /* DecryptMessage */
+    NULL,   /* SetContextAttributesW */
+};
+
+#define KERBEROS_COMMENT \
+    {'M','i','c','r','o','s','o','f','t',' ','K','e','r','b','e','r','o','s',' ','V','1','.','0',0}
+static CHAR kerberos_comment_A[] = KERBEROS_COMMENT;
+static WCHAR kerberos_comment_W[] = KERBEROS_COMMENT;
+
+#define KERBEROS_NAME {'K','e','r','b','e','r','o','s',0}
+static char kerberos_name_A[] = KERBEROS_NAME;
+static WCHAR kerberos_name_W[] = KERBEROS_NAME;
+
+#define CAPS \
+    ( SECPKG_FLAG_INTEGRITY \
+    | SECPKG_FLAG_PRIVACY \
+    | SECPKG_FLAG_TOKEN_ONLY \
+    | SECPKG_FLAG_DATAGRAM \
+    | SECPKG_FLAG_CONNECTION \
+    | SECPKG_FLAG_MULTI_REQUIRED \
+    | SECPKG_FLAG_EXTENDED_ERROR \
+    | SECPKG_FLAG_IMPERSONATION \
+    | SECPKG_FLAG_ACCEPT_WIN32_NAME \
+    | SECPKG_FLAG_NEGOTIABLE \
+    | SECPKG_FLAG_GSS_COMPATIBLE \
+    | SECPKG_FLAG_LOGON \
+    | SECPKG_FLAG_MUTUAL_AUTH \
+    | SECPKG_FLAG_DELEGATION \
+    | SECPKG_FLAG_READONLY_WITH_CHECKSUM \
+    | SECPKG_FLAG_RESTRICTED_TOKENS \
+    | SECPKG_FLAG_APPCONTAINER_CHECKS)
+
+static const SecPkgInfoW infoW = {
+    CAPS,
+    1,
+    RPC_C_AUTHN_GSS_KERBEROS,
+    KERBEROS_MAX_BUF,
+    kerberos_name_W,
+    kerberos_comment_W
+};
+
+static const SecPkgInfoA infoA = {
+    CAPS,
+    1,
+    RPC_C_AUTHN_GSS_KERBEROS,
+    KERBEROS_MAX_BUF,
+    kerberos_name_A,
+    kerberos_comment_A
+};
+
+void SECUR32_initKerberosSP(void)
+{
+    SecureProvider *provider = SECUR32_addProvider(&kerberosTableA, &kerberosTableW, NULL);
+    SECUR32_addPackages(provider, 1, &infoA, &infoW);
+}
--- a/dlls/secur32/secur32.c
+++ b/dlls/secur32/secur32.c
@@ -564,6 +564,7 @@ static void SECUR32_initializeProviders(void)
    /* First load built-in providers */
    SECUR32_initSchannelSP();
    SECUR32_initNTLMSP();
+    SECUR32_initKerberosSP();
    /* Load the Negotiate provider last so apps stumble over the working NTLM
     * provider first. Attempting to fix bug #16905 while keeping the
     * application reported on wine-users on 2006-09-12 working. */

--- a/dlls/secur32/secur32_priv.h
+++ b/dlls/secur32/secur32_priv.h
@@ -136,6 +136,7 @@ PSTR  SECUR32_AllocMultiByteFromWide(PCWSTR str) DECLSPEC_HIDDEN;
 void SECUR32_initSchannelSP(void) DECLSPEC_HIDDEN;
 void SECUR32_initNegotiateSP(void) DECLSPEC_HIDDEN;
 void SECUR32_initNTLMSP(void) DECLSPEC_HIDDEN;
+void SECUR32_initKerberosSP(void) DECLSPEC_HIDDEN;

 /* Cleanup functions for built-in providers */
 void SECUR32_deinitSchannelSP(void) DECLSPEC_HIDDEN;

--- a/dlls/secur32/tests/secur32.c
+++ b/dlls/secur32/tests/secur32.c
@@ -22,6 +22,8 @@
 #include <windef.h>
 #include <winbase.h>
 #include <winnls.h>
+#include <rpc.h>
+#include <rpcdce.h>
 #define SECURITY_WIN32
 #include <security.h>
 #include <schannel.h>
@@ -315,6 +317,55 @@ static void test_SspiEncodeStringsAsAuthIdentity(void)
    pSspiFreeAuthIdentity( id );
 }

+static void test_kerberos(void)
+{
+    SecPkgInfoA *info;
+    TimeStamp ttl;
+    CredHandle cred;
+    SECURITY_STATUS status;
+
+    SEC_CHAR provider[] = {'K','e','r','b','e','r','o','s',0};
+
+    static const ULONG expected_flags =
+          SECPKG_FLAG_INTEGRITY
+        | SECPKG_FLAG_PRIVACY
+        | SECPKG_FLAG_TOKEN_ONLY
+        | SECPKG_FLAG_DATAGRAM
+        | SECPKG_FLAG_CONNECTION
+        | SECPKG_FLAG_MULTI_REQUIRED
+        | SECPKG_FLAG_EXTENDED_ERROR
+        | SECPKG_FLAG_IMPERSONATION
+        | SECPKG_FLAG_ACCEPT_WIN32_NAME
+        | SECPKG_FLAG_NEGOTIABLE
+        | SECPKG_FLAG_GSS_COMPATIBLE
+        | SECPKG_FLAG_LOGON
+        | SECPKG_FLAG_MUTUAL_AUTH
+        | SECPKG_FLAG_DELEGATION
+        | SECPKG_FLAG_READONLY_WITH_CHECKSUM;
+    static const ULONG optional_mask =
+          SECPKG_FLAG_RESTRICTED_TOKENS
+        | SECPKG_FLAG_APPCONTAINER_CHECKS;
+
+    status = QuerySecurityPackageInfoA(provider, &info);
+    ok(status == SEC_E_OK, "Kerberos package not installed, skipping test\n");
+    if(status != SEC_E_OK)
+        return;
+
+    ok( (info->fCapabilities & ~optional_mask) == expected_flags, "got %08x, expected %08x\n", info->fCapabilities, expected_flags );
+    ok( info->wVersion == 1, "got %u\n", info->wVersion );
+    ok( info->wRPCID == RPC_C_AUTHN_GSS_KERBEROS, "got %u\n", info->wRPCID );
+    ok( info->cbMaxToken >= 12000, "got %u\n", info->cbMaxToken );
+    ok( !lstrcmpA( info->Name, "Kerberos" ), "got %s\n", info->Name );
+    ok( !lstrcmpA( info->Comment, "Microsoft Kerberos V1.0" ), "got %s\n", info->Comment );
+    FreeContextBuffer( info );
+
+    status = AcquireCredentialsHandleA( NULL, provider, SECPKG_CRED_OUTBOUND, NULL,
+                                        NULL, NULL, NULL, &cred, &ttl );
+    todo_wine ok( status == SEC_E_OK, "AcquireCredentialsHandleA returned %08x\n", status );
+    if(status == SEC_E_OK)
+        FreeCredentialHandle( &cred );
+}
+
 START_TEST(secur32)
 {
    secdll = LoadLibraryA("secur32.dll");
@@ -361,4 +412,6 @@ START_TEST(secur32)

        FreeLibrary(secdll);
    }
+
+    test_kerberos();
 }