[PATCH] schannel: Update SECPKG_FUNCTION_TABLE to SECPKG_INTERFACE_VERSION_8.
Sven Baars
sven.wine at gmail.com
Sat Oct 26 07:07:08 CDT 2019
Signed-off-by: Sven Baars <sven.wine at gmail.com>
---
I am wondering though, since every version since Vista seems to be reporting the
wrong version, should we do that as well, or should we wait for an application
that depends on this?
dlls/schannel/lsamode.c | 6 ++++-
dlls/schannel/tests/main.c | 49 +++++++++++++++++++++++++++++++-------
include/ntsecpkg.h | 33 +++++++++++++++++++++++++
3 files changed, 78 insertions(+), 10 deletions(-)
diff --git a/dlls/schannel/lsamode.c b/dlls/schannel/lsamode.c
index 96ca240c08..372c5800b3 100644
--- a/dlls/schannel/lsamode.c
+++ b/dlls/schannel/lsamode.c
@@ -116,6 +116,8 @@ static SECPKG_FUNCTION_TABLE secPkgFunctionTable[2] =
NULL, /* UpdateCredentials */
NULL, /* ValidateTargetInfo */
NULL, /* PostLogonUser */
+ NULL, /* GetRemoteCredGuardLogonBuffer */
+ NULL, /* GetRemoteCredGuardSupplementalCreds */
}, {
NULL, /* InitializePackage */
NULL, /* LsaLogonUser */
@@ -153,6 +155,8 @@ static SECPKG_FUNCTION_TABLE secPkgFunctionTable[2] =
NULL, /* UpdateCredentials */
NULL, /* ValidateTargetInfo */
NULL, /* PostLogonUser */
+ NULL, /* GetRemoteCredGuardLogonBuffer */
+ NULL, /* GetRemoteCredGuardSupplementalCreds */
}
};
@@ -164,7 +168,7 @@ NTSTATUS WINAPI SpLsaModeInitialize(ULONG LsaVersion, PULONG PackageVersion,
{
TRACE("(%u, %p, %p, %p)\n", LsaVersion, PackageVersion, ppTables, pcTables);
- *PackageVersion = SECPKG_INTERFACE_VERSION_7;
+ *PackageVersion = SECPKG_INTERFACE_VERSION_8;
*pcTables = 2;
*ppTables = secPkgFunctionTable;
diff --git a/dlls/schannel/tests/main.c b/dlls/schannel/tests/main.c
index fc913c14a9..e945770d68 100644
--- a/dlls/schannel/tests/main.c
+++ b/dlls/schannel/tests/main.c
@@ -45,7 +45,9 @@
ValidateTargetInfo)
#define SECPKG_FUNCTION_TABLE_SIZE_6 FIELD_OFFSET(SECPKG_FUNCTION_TABLE, \
PostLogonUser)
-#define SECPKG_FUNCTION_TABLE_SIZE_7 sizeof(SECPKG_FUNCTION_TABLE)
+#define SECPKG_FUNCTION_TABLE_SIZE_7 FIELD_OFFSET(SECPKG_FUNCTION_TABLE, \
+ GetRemoteCredGuardLogonBuffer)
+#define SECPKG_FUNCTION_TABLE_SIZE_8 sizeof(SECPKG_FUNCTION_TABLE)
#define LSA_BASE_CAPS ( \
SECPKG_FLAG_INTEGRITY | \
@@ -139,6 +141,7 @@ static void testInitialize(void)
static PSECPKG_FUNCTION_TABLE getNextSecPkgTable(PSECPKG_FUNCTION_TABLE pTable,
ULONG Version)
{
+ int detectedVersion = 0;
size_t size;
PSECPKG_FUNCTION_TABLE pNextTable;
@@ -156,21 +159,49 @@ static PSECPKG_FUNCTION_TABLE getNextSecPkgTable(PSECPKG_FUNCTION_TABLE pTable,
size = SECPKG_FUNCTION_TABLE_SIZE_6;
else if (Version == SECPKG_INTERFACE_VERSION_7)
size = SECPKG_FUNCTION_TABLE_SIZE_7;
+ else if (Version == SECPKG_INTERFACE_VERSION_8)
+ size = SECPKG_FUNCTION_TABLE_SIZE_8;
else {
ok(FALSE, "Unknown package version 0x%x\n", Version);
return NULL;
}
pNextTable = (PSECPKG_FUNCTION_TABLE)((PBYTE)pTable + size);
- /* Win7 function tables appear to be SECPKG_INTERFACE_VERSION_6 format,
- but unfortunately SpLsaModeInitialize returns SECPKG_INTERFACE_VERSION_3.
- We detect that by comparing the "Initialize" pointer from the old table
- to the "FreeCredentialsHandle" pointer of the new table. These functions
- have different numbers of arguments, so they can't possibly point to the
- same implementation */
- if (broken((void *) pTable->Initialize == (void *) pNextTable->FreeCredentialsHandle &&
- pNextTable->FreeCredentialsHandle != NULL))
+
+ /* For any version of Windows beyond Vista SpLsaModeInitialize returns
+ SECPKG_INTERFACE_VERSION_3, so try detecting the actual version here
+ by iterating until we find the Intitalize function */
+ if (broken((void *) pTable->Initialize != (void *) pNextTable->Initialize &&
+ pTable->Initialize != NULL))
{
+ for (size = 1; size <= SECPKG_FUNCTION_TABLE_SIZE_8; size++)
+ {
+ pNextTable = (PSECPKG_FUNCTION_TABLE)((PBYTE)pTable + size);
+ if ((void *) pTable->Initialize == (void *) pNextTable->Initialize)
+ {
+ if (size == SECPKG_FUNCTION_TABLE_SIZE_1)
+ detectedVersion = 1;
+ else if (size == SECPKG_FUNCTION_TABLE_SIZE_2)
+ detectedVersion = 2;
+ else if (size == SECPKG_FUNCTION_TABLE_SIZE_3)
+ detectedVersion = 3;
+ else if (size == SECPKG_FUNCTION_TABLE_SIZE_4)
+ detectedVersion = 4;
+ else if (size == SECPKG_FUNCTION_TABLE_SIZE_5)
+ detectedVersion = 5;
+ else if (size == SECPKG_FUNCTION_TABLE_SIZE_6)
+ detectedVersion = 6;
+ else if (size == SECPKG_FUNCTION_TABLE_SIZE_7)
+ detectedVersion = 7;
+ else if (size == SECPKG_FUNCTION_TABLE_SIZE_8)
+ detectedVersion = 8;
+ else
+ trace("Unknown package version with size %zu\n", size);
+ if (detectedVersion > 0)
+ trace("Detected SECPKG_INTERFACE_VERSION_%d\n", detectedVersion);
+ return pNextTable;
+ }
+ }
win_skip("Invalid function pointers for next package\n");
return NULL;
}
diff --git a/include/ntsecpkg.h b/include/ntsecpkg.h
index 08373a2635..c7f4fedf8e 100644
--- a/include/ntsecpkg.h
+++ b/include/ntsecpkg.h
@@ -38,6 +38,7 @@ extern "C" {
#define SECPKG_INTERFACE_VERSION_5 0x100000
#define SECPKG_INTERFACE_VERSION_6 0x200000
#define SECPKG_INTERFACE_VERSION_7 0x400000
+#define SECPKG_INTERFACE_VERSION_8 0x800000
/* enum definitions for Secure Service Provider/Authentication Packages */
typedef enum _LSA_TOKEN_INFORMATION_TYPE {
@@ -305,6 +306,29 @@ typedef struct _LSA_SECPKG_FUNCTION_TABLE {
} LSA_SECPKG_FUNCTION_TABLE,
*PLSA_SECPKG_FUNCTION_TABLE;
+/* Functions for redirected credentials */
+typedef NTSTATUS (NTAPI *PLSA_REDIRECTED_LOGON_INIT)(HANDLE,
+ const UNICODE_STRING *, ULONG, const LUID *);
+typedef NTSTATUS (NTAPI *PLSA_REDIRECTED_LOGON_CALLBACK)(HANDLE, PVOID, ULONG,
+ PVOID *, ULONG *);
+typedef VOID (NTAPI *PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK)(HANDLE);
+typedef NTSTATUS (NTAPI *PLSA_REDIRECTED_LOGON_GET_LOGON_CREDS)(HANDLE, PBYTE *,
+ PULONG);
+typedef NTSTATUS (NTAPI *PLSA_REDIRECTED_LOGON_GET_SUPP_CREDS)(HANDLE,
+ PSECPKG_SUPPLEMENTAL_CRED_ARRAY *);
+
+#define SECPKG_REDIRECTED_LOGON_GUID_INITIALIZER { 0xc2be5457, 0x82eb, 0x483e, { 0xae, 0x4e, 0x74, 0x68, 0xef, 0x14, 0xd5, 0x9 } }
+typedef struct _SECPKG_REDIRECTED_LOGON_BUFFER {
+ GUID RedirectedLogonGuid;
+ HANDLE RedirectedLogonHandle;
+ PLSA_REDIRECTED_LOGON_INIT Init;
+ PLSA_REDIRECTED_LOGON_CALLBACK Callback;
+ PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK CleanupCallback;
+ PLSA_REDIRECTED_LOGON_GET_LOGON_CREDS GetLogonCreds;
+ PLSA_REDIRECTED_LOGON_GET_SUPP_CREDS GetSupplementalCreds;
+} SECPKG_REDIRECTED_LOGON_BUFFER,
+ *PSECPKG_REDIRECTED_LOGON_BUFFER;
+
/* LSA-mode functions implemented by SSP/AP obtainable by a dispatch table */
typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE,
PLSA_STRING, PLSA_STRING, PLSA_STRING *);
@@ -374,6 +398,12 @@ typedef NTSTATUS (NTAPI SpUpdateCredentialsFn)(LSA_SEC_HANDLE, GUID *, ULONG,
typedef NTSTATUS (NTAPI SpValidateTargetInfoFn)(PLSA_CLIENT_REQUEST, PVOID,
PVOID, ULONG, PSECPKG_TARGETINFO);
typedef NTSTATUS (NTAPI LSA_AP_POST_LOGON_USER)(PSECPKG_POST_LOGON_USER_INFO);
+typedef NTSTATUS (NTAPI SpGetRemoteCredGuardLogonBufferFn)(LSA_SEC_HANDLE,
+ const UNICODE_STRING *, PHANDLE, PLSA_REDIRECTED_LOGON_CALLBACK *,
+ PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *, PULONG, PVOID *);
+typedef NTSTATUS (NTAPI SpGetRemoteCredGuardSupplementalCredsFn)(LSA_SEC_HANDLE,
+ const UNICODE_STRING *, PHANDLE, PLSA_REDIRECTED_LOGON_CALLBACK *,
+ PLSA_REDIRECTED_LOGON_CLEANUP_CALLBACK *, PULONG, PVOID *);
/* User-mode functions implemented by SSP/AP obtainable by a dispatch table */
typedef NTSTATUS (NTAPI SpInstanceInitFn)(ULONG, PSECPKG_DLL_FUNCTIONS,
@@ -446,6 +476,9 @@ typedef struct SECPKG_FUNCTION_TABLE {
/* Packages with version SECPKG_INTERFACE_VERSION_6 end here */
LSA_AP_POST_LOGON_USER* PostLogonUser;
/* Packages with version SECPKG_INTERFACE_VERSION_7 end here */
+ SpGetRemoteCredGuardLogonBufferFn* GetRemoteCredGuardLogonBuffer;
+ SpGetRemoteCredGuardSupplementalCredsFn* GetRemoteCredGuardSupplementalCreds;
+ /* Packages with version SECPKG_INTERFACE_VERSION_8 end here */
} SECPKG_FUNCTION_TABLE,
*PSECPKG_FUNCTION_TABLE;
--
2.17.1
More information about the wine-devel
mailing list