From 0901077f8c29feaec9990e1501ca481b67f13cad Mon Sep 17 00:00:00 2001
From: Andreas Maier <staubim@quantentunnel.de>
Date: Sat, 25 Dec 2021 00:10:33 +0100
Subject: [PATCH] [MSV1_0] Create stubs for SECPKG_USER_FUNCTION_TABLE

This commit fixes a bug as well: old code of SpUserModeInitialze returns
a pointer to a local variable (SECPKG_USER_FUNCTION_TABLE).
---
 dll/win32/msv1_0/CMakeLists.txt |   4 +-
 dll/win32/msv1_0/lsa.c          |   6 +-
 dll/win32/msv1_0/lsa.h          |  10 +-
 dll/win32/msv1_0/msv1_0.c       |  22 +---
 dll/win32/msv1_0/msv1_0.spec    |   2 +-
 dll/win32/msv1_0/ntlm/global.c  |  34 ++++++
 dll/win32/msv1_0/ntlm/global.h  |  17 +++
 dll/win32/msv1_0/precomp.h      |   4 +
 dll/win32/msv1_0/user.c         | 176 ++++++++++++++++++++++++++++++++
 dll/win32/msv1_0/user.h         | 100 ++++++++++++++++++
 dll/win32/msv1_0/usercontext.c  |  22 ++++
 dll/win32/msv1_0/usercontext.h  |  14 +++
 12 files changed, 377 insertions(+), 34 deletions(-)
 create mode 100644 dll/win32/msv1_0/ntlm/global.c
 create mode 100644 dll/win32/msv1_0/ntlm/global.h
 create mode 100644 dll/win32/msv1_0/user.c
 create mode 100644 dll/win32/msv1_0/user.h
 create mode 100644 dll/win32/msv1_0/usercontext.c
 create mode 100644 dll/win32/msv1_0/usercontext.h

diff --git a/dll/win32/msv1_0/CMakeLists.txt b/dll/win32/msv1_0/CMakeLists.txt
index 380fc5d16dd..3b2b5e7fd65 100644
--- a/dll/win32/msv1_0/CMakeLists.txt
+++ b/dll/win32/msv1_0/CMakeLists.txt
@@ -4,7 +4,9 @@ spec2def(msv1_0.dll msv1_0.spec)
 list(APPEND SOURCE
     lsa.c
     msv1_0.c
-    precomp.h
+    ntlm/global.c
+    user.c
+    usercontext.c
     ${CMAKE_CURRENT_BINARY_DIR}/msv1_0_stubs.c
     ${CMAKE_CURRENT_BINARY_DIR}/msv1_0.def)
 
diff --git a/dll/win32/msv1_0/lsa.c b/dll/win32/msv1_0/lsa.c
index 63a4bb1f0a7..0bbf4699c66 100644
--- a/dll/win32/msv1_0/lsa.c
+++ b/dll/win32/msv1_0/lsa.c
@@ -1,9 +1,7 @@
 /*
  * PROJECT:     Authentication Package DLL
- * LICENSE:     GPL - See COPYING in the top level directory
- * FILE:        dll/win32/msv1_0/lsa.c
- * PURPOSE:     NTLM-functions returned from SpLsaModeInitialize
-                (PSECPKG_FUNCTION_TABLE)
+ * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
+ * PURPOSE:     NTLM functions returned from SpLsaModeInitialize (PSECPKG_FUNCTION_TABLE)
  * COPYRIGHT:   Copyright 2019-2020 Andreas Maier <staubim@quantentunnel.de>
  */
 
diff --git a/dll/win32/msv1_0/lsa.h b/dll/win32/msv1_0/lsa.h
index e5fe1a934d1..2df98a710c6 100644
--- a/dll/win32/msv1_0/lsa.h
+++ b/dll/win32/msv1_0/lsa.h
@@ -1,13 +1,11 @@
 /*
  * PROJECT:     Authentication Package DLL
- * LICENSE:     GPL - See COPYING in the top level directory
- * FILE:        dll/win32/msv1_0/lsa.h
- * PURPOSE:     header for lsa.c
+ * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
+ * PURPOSE:     Header for lsa.c
  * COPYRIGHT:   Copyright 2019-2020 Andreas Maier <staubim@quantentunnel.de>
  */
 
-#ifndef _MSV1_0_LSA_H_
-#define _MSV1_0_LSA_H_
+#pragma once
 
 // functions we provide to LSA in SpLsaModeInitialize
 extern SECPKG_FUNCTION_TABLE NtlmLsaFn[1];
@@ -138,5 +136,3 @@ NTAPI
 LsaSpSetExtendedInformation(
     _In_ SECPKG_EXTENDED_INFORMATION_CLASS Class,
     _In_ PSECPKG_EXTENDED_INFORMATION Info);
-
-#endif /* _MSV1_0_LSA_H_ */
diff --git a/dll/win32/msv1_0/msv1_0.c b/dll/win32/msv1_0/msv1_0.c
index 2ab923213a3..c5d87f88c2d 100644
--- a/dll/win32/msv1_0/msv1_0.c
+++ b/dll/win32/msv1_0/msv1_0.c
@@ -1769,7 +1769,6 @@ SpLsaModeInitialize(
     return STATUS_SUCCESS;
 }
 
-
 /*
  * @unimplemented
  */
@@ -1781,8 +1780,6 @@ SpUserModeInitialize(
     _Out_ PSECPKG_USER_FUNCTION_TABLE *ppTables,
     _Out_ PULONG pcTables)
 {
-    SECPKG_USER_FUNCTION_TABLE Tables[1];
-
     TRACE("SpUserModeInitialize(0x%lx %p %p %p)\n",
           LsaVersion, PackageVersion, ppTables, pcTables);
 
@@ -1791,24 +1788,7 @@ SpUserModeInitialize(
 
     *PackageVersion = SECPKG_INTERFACE_VERSION;
 
-    RtlZeroMemory(&Tables, sizeof(Tables));
-
-//    Tables[0].InstanceInit = SpInstanceInit;
-//    Tables[0].InitUserModeContext = NULL;
-//    Tables[0].MakeSignature = NULL;
-//    Tables[0].VerifySignature = NULL;
-//    Tables[0].SealMessage = NULL;
-//    Tables[0].UnsealMessage = NULL;
-//    Tables[0].GetContextToken = NULL;
-//    Tables[0].SpQueryContextAttributes = NULL;
-//    Tables[0].CompleteAuthToken = NULL;
-//    Tables[0].DeleteUserModeContext = NULL;
-//    Tables[0].FormatCredentials = NULL;
-//    Tables[0].MarshallSupplementalCreds = NULL;
-//    Tables[0].ExportContext = NULL;
-//    Tables[0].ImportContext = NULL;
-
-    *ppTables = Tables;
+    *ppTables = NtlmUsrFn;
     *pcTables = 1;
 
     return STATUS_SUCCESS;
diff --git a/dll/win32/msv1_0/msv1_0.spec b/dll/win32/msv1_0/msv1_0.spec
index 36d62cf1223..ab746f861ac 100644
--- a/dll/win32/msv1_0/msv1_0.spec
+++ b/dll/win32/msv1_0/msv1_0.spec
@@ -11,6 +11,6 @@
 @ stub MsvSamValidate
 @ stub MsvValidateTarget
 @ stdcall SpInitialize(long ptr ptr)
-@ stub SpInstanceInit
+@ stdcall SpInstanceInit(long ptr ptr)
 @ stdcall SpLsaModeInitialize(long ptr ptr ptr)
 @ stdcall SpUserModeInitialize(long ptr ptr ptr)
diff --git a/dll/win32/msv1_0/ntlm/global.c b/dll/win32/msv1_0/ntlm/global.c
new file mode 100644
index 00000000000..ba1082f9ff9
--- /dev/null
+++ b/dll/win32/msv1_0/ntlm/global.c
@@ -0,0 +1,34 @@
+/*
+ * PROJECT:     Authentication Package DLL
+ * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
+ * PURPOSE:     NTLM globals definitions (header)
+ * COPYRIGHT:   Copyright 2011 Samuel Serapión
+ *              Copyright 2020 Andreas Maier <staubim@quantentunnel.de>
+ */
+
+#include "../precomp.h"
+
+#include "wine/debug.h"
+WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
+
+/* globals */
+PSECPKG_DLL_FUNCTIONS UsrFunctions = NULL;
+SECPKG_USER_FUNCTION_TABLE NtlmUsrFn[1] =
+{
+    {
+        .InstanceInit = SpInstanceInit,
+        .InitUserModeContext = UsrSpInitUserModeContext,
+        .MakeSignature = UsrSpMakeSignature,
+        .VerifySignature = UsrSpVerifySignature,
+        .SealMessage = UsrSpSealMessage,
+        .UnsealMessage = UsrSpUnsealMessage,
+        .GetContextToken = UsrSpGetContextToken,
+        .SpQueryContextAttributes = UsrSpQueryContextAttributes,
+        .CompleteAuthToken = UsrSpCompleteAuthToken,
+        .DeleteUserModeContext = UsrSpDeleteUserModeContext,
+        .FormatCredentials = UsrSpFormatCredentials,
+        .MarshallSupplementalCreds = UsrSpMarshallSupplementalCreds,
+        .ExportContext = UsrSpExportSecurityContext,
+        .ImportContext = UsrSpImportSecurityContext
+    }
+};
diff --git a/dll/win32/msv1_0/ntlm/global.h b/dll/win32/msv1_0/ntlm/global.h
new file mode 100644
index 00000000000..2ee2f1092dd
--- /dev/null
+++ b/dll/win32/msv1_0/ntlm/global.h
@@ -0,0 +1,17 @@
+/*
+ * PROJECT:     Authentication Package DLL
+ * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
+ * PURPOSE:     ntlm globals definitions (header)
+ * COPYRIGHT:   Copyright 2011 Samuel Serapión
+ *              Copyright 2020 Andreas Maier (staubim@quantentunnel.de)
+ */
+
+#ifndef _MSV1_0_NTLM_GLOBALS_H_
+#define _MSV1_0_NTLM_GLOBALS_H_
+
+/* functions provided by LSA in SpInstanceInit */
+extern PSECPKG_DLL_FUNCTIONS UsrFunctions;
+/* functions we provide to LSA in SpUserModeInitialize */
+extern SECPKG_USER_FUNCTION_TABLE NtlmUsrFn[1];
+
+#endif
diff --git a/dll/win32/msv1_0/precomp.h b/dll/win32/msv1_0/precomp.h
index 462fb56a401..094db60e990 100644
--- a/dll/win32/msv1_0/precomp.h
+++ b/dll/win32/msv1_0/precomp.h
@@ -30,8 +30,12 @@
 #include <samsrv/samsrv.h>
 //#include <lsass/lsasrv.h>
 
+#include "ntlm/global.h"
 #include "lsa.h"
 #include "msv1_0.h"
+#include "user.h"
+#include "usercontext.h"
+
 
 #include <wine/debug.h>
 
diff --git a/dll/win32/msv1_0/user.c b/dll/win32/msv1_0/user.c
new file mode 100644
index 00000000000..97f41b350a5
--- /dev/null
+++ b/dll/win32/msv1_0/user.c
@@ -0,0 +1,176 @@
+/*
+ * PROJECT:     Authentication Package DLL
+ * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
+ * PURPOSE:     NTLM Functions returned from SpUserModeInitialize (PSECPKG_USER_FUNCTION_TABLE)
+ * COPYRIGHT:   Copyright 2019-2020 Andreas Maier <staubim@quantentunnel.de>
+ */
+
+#include "precomp.h"
+
+#include "wine/debug.h"
+WINE_DEFAULT_DEBUG_CHANNEL(msv1_0);
+
+NTSTATUS
+NTAPI
+SpInstanceInit(
+    _In_ ULONG Version,
+    _In_ PSECPKG_DLL_FUNCTIONS FunctionTable,
+    _Inout_ PVOID *UserFunctions)
+{
+    TRACE("SpInstanceInit(Version 0x%lx, 0x%p, 0x%p)\n",
+          Version, FunctionTable, UserFunctions);
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpMakeSignature(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ ULONG QualityOfProtection,
+    _Inout_ PSecBufferDesc MessageBuffers,
+    _In_ ULONG MessageSequenceNumber)
+{
+    TRACE("UsrSpMakeSignature(0x%p 0x%x 0x%p 0x%x)\n",
+          ContextHandle, QualityOfProtection,
+          MessageBuffers, MessageSequenceNumber);
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpVerifySignature(
+    _In_ LSA_SEC_HANDLE phContext,
+    _In_ PSecBufferDesc pMessage,
+    _In_ ULONG MessageSeqNo,
+    _In_ PULONG pfQOP)
+{
+    TRACE("UsrSpVerifySignature(0x%p 0x%x 0x%x 0x%p)\n",
+          phContext, pMessage, MessageSeqNo, pfQOP);
+
+    return ERROR_NOT_SUPPORTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpSealMessage(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ ULONG QualityOfProtection,
+    _Inout_ PSecBufferDesc MessageBuffers,
+    _In_ ULONG MessageSequenceNumber)
+{
+    TRACE("UsrSpSealMessage(0x%p 0x%x 0x%p 0x%x)\n",
+          ContextHandle, QualityOfProtection,
+          MessageBuffers, MessageSequenceNumber);
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpUnsealMessage(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _Inout_ PSecBufferDesc MessageBuffers,
+    _In_ ULONG MessageSequenceNumber,
+    _In_ PULONG QualityOfProtection)
+{
+    TRACE("UsrSpUnsealMessage(0x%p 0x%x 0x%p 0x%x)\n",
+          ContextHandle, MessageBuffers,
+          MessageSequenceNumber, QualityOfProtection);
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpGetContextToken(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _Inout_ PHANDLE ImpersonationToken)
+{
+    TRACE("UsrSpGetContextToken(0x%p 0x%p)\n",
+          ContextHandle, ImpersonationToken);
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpQueryContextAttributes(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ ULONG ContextAttribute,
+    _Inout_ PVOID Buffer)
+{
+    TRACE("UsrSpQueryContextAttributes(0x%p 0x%x 0x%p)\n",
+            ContextHandle, ContextAttribute, Buffer);
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpCompleteAuthToken(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ PSecBufferDesc InputBuffer)
+{
+    TRACE("UsrSpCompleteAuthToken(0x%p 0x%p)\n",
+          ContextHandle, InputBuffer);
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpDeleteUserModeContext(
+    _In_ LSA_SEC_HANDLE ContextHandle)
+{
+    TRACE("UsrSpDeleteUserModeContext(0x%p)\n",
+          ContextHandle);
+    return STATUS_NOT_IMPLEMENTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpFormatCredentials(
+    _In_ PSecBuffer Credentials,
+    _Inout_ PSecBuffer FormattedCredentials)
+{
+    TRACE("UsrSpFormatCredentials(0x%p 0x%p)\n",
+          Credentials, FormattedCredentials);
+
+    return ERROR_NOT_SUPPORTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpMarshallSupplementalCreds(
+    _In_ ULONG CredentialSize,
+    _In_ PUCHAR Credentials,
+    _Inout_ PULONG MarshalledCredSize,
+    _Inout_ PVOID *MarshalledCreds)
+{
+    TRACE("UsrSpMarshallSupplementalCreds(0x%x 0x%p 0x%p 0x%p)\n",
+          CredentialSize, Credentials, MarshalledCredSize, MarshalledCreds);
+
+    return ERROR_NOT_SUPPORTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpExportSecurityContext(
+    _In_ LSA_SEC_HANDLE phContext,
+    _In_ ULONG fFlags,
+    _Inout_ PSecBuffer pPackedContext,
+    _Inout_ PHANDLE pToken)
+{
+    TRACE("UsrSpExportSecurityContext(0x%p 0x%x 0x%p 0x%p)\n",
+          phContext, fFlags, pPackedContext, pToken);
+
+    return ERROR_NOT_SUPPORTED;
+}
+
+NTSTATUS
+NTAPI
+UsrSpImportSecurityContext(
+    _In_ PSecBuffer pPackedContext,
+    _In_ HANDLE Token,
+    _Inout_ PLSA_SEC_HANDLE phContext)
+{
+    TRACE("UsrSpImportSecurityContext(0x%p 0x%x 0x%p)\n",
+          pPackedContext, Token, phContext);
+
+    return ERROR_NOT_SUPPORTED;
+}
diff --git a/dll/win32/msv1_0/user.h b/dll/win32/msv1_0/user.h
new file mode 100644
index 00000000000..9388e5fdec1
--- /dev/null
+++ b/dll/win32/msv1_0/user.h
@@ -0,0 +1,100 @@
+/*
+ * PROJECT:     Authentication Package DLL
+ * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
+ * PURPOSE:     Header for user.c
+ * COPYRIGHT:   Copyright 2019-2020 Andreas Maier <staubim@quantentunnel.de>
+ */
+
+#pragma once
+
+NTSTATUS
+NTAPI
+SpInstanceInit(
+    _In_ ULONG Version,
+    _In_ PSECPKG_DLL_FUNCTIONS FunctionTable,
+    _Inout_ PVOID *UserFunctions);
+
+NTSTATUS
+NTAPI
+UsrSpMakeSignature(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ ULONG QualityOfProtection,
+    _Inout_ PSecBufferDesc MessageBuffers,
+    _In_ ULONG MessageSequenceNumber);
+
+NTSTATUS
+NTAPI
+UsrSpVerifySignature(
+    _In_ LSA_SEC_HANDLE phContext,
+    _In_ PSecBufferDesc pMessage,
+    _In_ ULONG MessageSeqNo,
+    _In_ PULONG pfQOP);
+
+NTSTATUS
+NTAPI
+UsrSpSealMessage(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ ULONG QualityOfProtection,
+    _Inout_ PSecBufferDesc MessageBuffers,
+    _In_ ULONG MessageSequenceNumber);
+
+NTSTATUS
+NTAPI
+UsrSpUnsealMessage(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _Inout_ PSecBufferDesc MessageBuffers,
+    _In_ ULONG MessageSequenceNumber,
+    _In_ PULONG QualityOfProtection);
+
+NTSTATUS
+NTAPI
+UsrSpGetContextToken(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _Inout_ PHANDLE ImpersonationToken);
+
+NTSTATUS
+NTAPI
+UsrSpQueryContextAttributes(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ ULONG ContextAttribute,
+    _Inout_ PVOID Buffer);
+
+NTSTATUS
+NTAPI
+UsrSpCompleteAuthToken(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ PSecBufferDesc InputBuffer);
+
+NTSTATUS
+NTAPI
+UsrSpDeleteUserModeContext(
+    _In_ LSA_SEC_HANDLE ContextHandle);
+
+NTSTATUS
+NTAPI
+UsrSpFormatCredentials(
+    _In_ PSecBuffer Credentials,
+    _Inout_ PSecBuffer FormattedCredentials);
+
+NTSTATUS
+NTAPI
+UsrSpMarshallSupplementalCreds(
+    _In_ ULONG CredentialSize,
+    _In_ PUCHAR Credentials,
+    _Inout_ PULONG MarshalledCredSize,
+    _Inout_ PVOID *MarshalledCreds);
+
+NTSTATUS
+NTAPI
+UsrSpExportSecurityContext(
+    _In_ LSA_SEC_HANDLE phContext,
+    _In_ ULONG fFlags,
+    _Inout_ PSecBuffer pPackedContext,
+    _Inout_ PHANDLE pToken);
+
+NTSTATUS
+NTAPI
+UsrSpImportSecurityContext(
+    _In_ PSecBuffer pPackedContext,
+    _In_ HANDLE Token,
+    _Inout_ PLSA_SEC_HANDLE phContext);
diff --git a/dll/win32/msv1_0/usercontext.c b/dll/win32/msv1_0/usercontext.c
new file mode 100644
index 00000000000..a9fd023c47f
--- /dev/null
+++ b/dll/win32/msv1_0/usercontext.c
@@ -0,0 +1,22 @@
+/*
+ * PROJECT:     Authentication Package DLL
+ * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
+ * PURPOSE:     Manage user mode contexts (create, destroy, reference)
+ * COPYRIGHT:   Copyright 2019-2020 Andreas Maier (staubim@quantentunnel.de)
+ */
+
+#include "precomp.h"
+
+#include "wine/debug.h"
+WINE_DEFAULT_DEBUG_CHANNEL(msv1_0);
+
+NTSTATUS
+NTAPI
+UsrSpInitUserModeContext(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ PSecBuffer PackedContext)
+{
+    TRACE("UsrSpInitUserModeContext(%p %p)\n",
+          ContextHandle, PackedContext);
+    return STATUS_NOT_IMPLEMENTED;
+}
diff --git a/dll/win32/msv1_0/usercontext.h b/dll/win32/msv1_0/usercontext.h
new file mode 100644
index 00000000000..b1a5ca31a49
--- /dev/null
+++ b/dll/win32/msv1_0/usercontext.h
@@ -0,0 +1,14 @@
+/*
+ * PROJECT:     Authentication Package DLL
+ * LICENSE:     GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
+ * PURPOSE:     Manage user mode contexts (create, destroy, reference)
+ * COPYRIGHT:   Copyright 2019-2020 Andreas Maier <staubim@quantentunnel.de>
+ */
+
+#pragma once
+
+NTSTATUS
+NTAPI
+UsrSpInitUserModeContext(
+    _In_ LSA_SEC_HANDLE ContextHandle,
+    _In_ PSecBuffer PackedContext);