Dmitry Timoshkov : secur32: Implement AcquireCredentialsHandle in the SSP/ AP wrapper.

Alexandre Julliard julliard at winehq.org
Wed Jan 31 15:23:27 CST 2018 

Module: wine
Branch: master
Commit: 94f582f3c5c502a8b8d108ba766a9e491dd80c7e
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=94f582f3c5c502a8b8d108ba766a9e491dd80c7e

Author: Dmitry Timoshkov <dmitry at baikal.ru>
Date:   Thu Jan 18 23:54:01 2018 +0800

secur32: Implement AcquireCredentialsHandle in the SSP/AP wrapper.

Partially based on Hans Leidekker's work.

Signed-off-by: Dmitry Timoshkov <dmitry at baikal.ru>
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/secur32/lsa.c | 138 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 136 insertions(+), 2 deletions(-)

diff --git a/dlls/secur32/lsa.c b/dlls/secur32/lsa.c
index 876da56..2ec3818 100644
--- a/dlls/secur32/lsa.c
+++ b/dlls/secur32/lsa.c
@@ -243,12 +243,146 @@ static SECPKG_DLL_FUNCTIONS lsa_dll_dispatch =
     lsa_RegisterCallback
 };
 
+static SECURITY_STATUS lsa_lookup_package(SEC_WCHAR *nameW, struct lsa_package **lsa_package)
+{
+    ULONG i;
+    UNICODE_STRING package_name, name;
+
+    for (i = 0; i < loaded_packages_count; i++)
+    {
+        if (RtlAnsiStringToUnicodeString(&package_name, loaded_packages[i].name, TRUE))
+            return SEC_E_INSUFFICIENT_MEMORY;
+
+        RtlInitUnicodeString(&name, nameW);
+
+        if (RtlEqualUnicodeString(&package_name, &name, TRUE))
+        {
+            RtlFreeUnicodeString(&package_name);
+            *lsa_package = &loaded_packages[i];
+            return SEC_E_OK;
+        }
+
+        RtlFreeUnicodeString(&package_name);
+    }
+
+    return SEC_E_SECPKG_NOT_FOUND;
+}
+
+static SECURITY_STATUS WINAPI lsa_AcquireCredentialsHandleW(
+    SEC_WCHAR *principal, SEC_WCHAR *package, ULONG credentials_use,
+    LUID *logon_id, void *auth_data, SEC_GET_KEY_FN get_key_fn,
+    void *get_key_arg, CredHandle *credential, TimeStamp *ts_expiry)
+{
+    SECURITY_STATUS status;
+    struct lsa_package *lsa_package;
+    UNICODE_STRING principal_us;
+    LSA_SEC_HANDLE lsa_credential;
+
+    TRACE("%s %s %#x %p %p %p %p %p\n", debugstr_w(principal), debugstr_w(package),
+        credentials_use, auth_data, get_key_fn, get_key_arg, credential, ts_expiry);
+
+    if (!credential) return SEC_E_INVALID_HANDLE;
+    if (!package) return SEC_E_SECPKG_NOT_FOUND;
+
+    status = lsa_lookup_package(package, &lsa_package);
+    if (status != SEC_E_OK) return status;
+
+    if (!lsa_package->lsa_api || !lsa_package->lsa_api->SpAcquireCredentialsHandle)
+        return SEC_E_UNSUPPORTED_FUNCTION;
+
+    if (principal)
+        RtlInitUnicodeString(&principal_us, principal);
+
+    status = lsa_package->lsa_api->SpAcquireCredentialsHandle(principal ? &principal_us : NULL,
+        credentials_use, logon_id, auth_data, get_key_fn, get_key_arg, &lsa_credential, ts_expiry);
+    if (status == SEC_E_OK)
+    {
+        credential->dwLower = (ULONG_PTR)lsa_credential;
+        credential->dwUpper = (ULONG_PTR)lsa_package;
+    }
+    return status;
+}
+
+static SECURITY_STATUS WINAPI lsa_AcquireCredentialsHandleA(
+    SEC_CHAR *principal, SEC_CHAR *package, ULONG credentials_use,
+    LUID *logon_id, void *auth_data, SEC_GET_KEY_FN get_key_fn,
+    void *get_key_arg, CredHandle *credential, TimeStamp *ts_expiry)
+{
+    SECURITY_STATUS status = SEC_E_INSUFFICIENT_MEMORY;
+    int len_user = 0, len_domain = 0, len_passwd = 0;
+    SEC_WCHAR *principalW = NULL, *packageW = NULL, *user = NULL, *domain = NULL, *passwd = NULL;
+    SEC_WINNT_AUTH_IDENTITY_W *auth_dataW = NULL;
+    SEC_WINNT_AUTH_IDENTITY_A *id = NULL;
+
+    TRACE("%s %s %#x %p %p %p %p %p\n", debugstr_a(principal), debugstr_a(package),
+        credentials_use, auth_data, get_key_fn, get_key_arg, credential, ts_expiry);
+
+    if (principal)
+    {
+        int len = MultiByteToWideChar( CP_ACP, 0, principal, -1, NULL, 0 );
+        if (!(principalW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(SEC_WCHAR) ))) goto done;
+        MultiByteToWideChar( CP_ACP, 0, principal, -1, principalW, len );
+    }
+    if (package)
+    {
+        int len = MultiByteToWideChar( CP_ACP, 0, package, -1, NULL, 0 );
+        if (!(packageW = HeapAlloc( GetProcessHeap(), 0, len * sizeof(SEC_WCHAR) ))) goto done;
+        MultiByteToWideChar( CP_ACP, 0, package, -1, packageW, len );
+    }
+    if (auth_data)
+    {
+        id = (PSEC_WINNT_AUTH_IDENTITY_A)auth_data;
+
+        if (id->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
+        {
+            if (!(auth_dataW = HeapAlloc( GetProcessHeap(), 0, sizeof(SEC_WINNT_AUTH_IDENTITY_W) ))) goto done;
+            if (id->UserLength)
+            {
+                len_user = MultiByteToWideChar( CP_ACP, 0, (char *)id->User, id->UserLength, NULL, 0 );
+                if (!(user = HeapAlloc( GetProcessHeap(), 0, len_user * sizeof(SEC_WCHAR) ))) goto done;
+                MultiByteToWideChar( CP_ACP, 0, (char *)id->User, id->UserLength, user, len_user );
+            }
+            if (id->DomainLength)
+            {
+                len_domain = MultiByteToWideChar( CP_ACP, 0, (char *)id->Domain, id->DomainLength, NULL, 0 );
+                if (!(domain = HeapAlloc( GetProcessHeap(), 0, len_domain * sizeof(SEC_WCHAR) ))) goto done;
+                MultiByteToWideChar( CP_ACP, 0, (char *)id->Domain, id->DomainLength, domain, len_domain );
+            }
+            if (id->PasswordLength)
+            {
+                len_passwd = MultiByteToWideChar( CP_ACP, 0, (char *)id->Password, id->PasswordLength, NULL, 0 );
+                if (!(passwd = HeapAlloc( GetProcessHeap(), 0, len_passwd * sizeof(SEC_WCHAR) ))) goto done;
+                MultiByteToWideChar( CP_ACP, 0, (char *)id->Password, id->PasswordLength, passwd, len_passwd );
+            }
+            auth_dataW->Flags          = SEC_WINNT_AUTH_IDENTITY_UNICODE;
+            auth_dataW->User           = user;
+            auth_dataW->UserLength     = len_user;
+            auth_dataW->Domain         = domain;
+            auth_dataW->DomainLength   = len_domain;
+            auth_dataW->Password       = passwd;
+            auth_dataW->PasswordLength = len_passwd;
+        }
+        else auth_dataW = (PSEC_WINNT_AUTH_IDENTITY_W)auth_data;
+    }
+
+    status = lsa_AcquireCredentialsHandleW( principalW, packageW, credentials_use, logon_id, auth_dataW, get_key_fn,
+                                            get_key_arg, credential, ts_expiry );
+done:
+    if (auth_dataW != (SEC_WINNT_AUTH_IDENTITY_W *)id) HeapFree( GetProcessHeap(), 0, auth_dataW );
+    HeapFree( GetProcessHeap(), 0, packageW );
+    HeapFree( GetProcessHeap(), 0, principalW );
+    HeapFree( GetProcessHeap(), 0, user );
+    HeapFree( GetProcessHeap(), 0, domain );
+    HeapFree( GetProcessHeap(), 0, passwd );
+    return status;
+}
+
 static const SecurityFunctionTableW lsa_sspi_tableW =
 {
     1,
     NULL, /* EnumerateSecurityPackagesW */
     NULL, /* QueryCredentialsAttributesW */
-    NULL, /* AcquireCredentialsHandleW */
+    lsa_AcquireCredentialsHandleW,
     NULL, /* FreeCredentialsHandle */
     NULL, /* Reserved2 */
     NULL, /* InitializeSecurityContextW */
@@ -280,7 +414,7 @@ static const SecurityFunctionTableA lsa_sspi_tableA =
     1,
     NULL, /* EnumerateSecurityPackagesA */
     NULL, /* QueryCredentialsAttributesA */
-    NULL, /* AcquireCredentialsHandleA */
+    lsa_AcquireCredentialsHandleA,
     NULL, /* FreeCredentialsHandle */
     NULL, /* Reserved2 */
     NULL, /* InitializeSecurityContextA */

More information about the wine-cvs mailing list