Rob Shearman : rpcrt4:
Call InitializeSecurityContext from only one function.
Alexandre Julliard
julliard at wine.codeweavers.com
Tue Mar 27 06:58:45 CDT 2007
Module: wine
Branch: master
Commit: 88e9b3fad8bf9f1fe9a4fc276d400aa47255869b
URL: http://source.winehq.org/git/wine.git/?a=commit;h=88e9b3fad8bf9f1fe9a4fc276d400aa47255869b
Author: Rob Shearman <rob at codeweavers.com>
Date: Mon Mar 26 18:17:15 2007 +0100
rpcrt4: Call InitializeSecurityContext from only one function.
This reduces the amount of code and ensures that the parameters passed
to it stay the same, apart from the previous context and the output
buffer description.
---
dlls/rpcrt4/rpc_message.c | 74 +++++++++++++++---------------------------
dlls/rpcrt4/rpc_transport.c | 3 ++
2 files changed, 30 insertions(+), 47 deletions(-)
diff --git a/dlls/rpcrt4/rpc_message.c b/dlls/rpcrt4/rpc_message.c
index c1e0c86..b100431 100644
--- a/dlls/rpcrt4/rpc_message.c
+++ b/dlls/rpcrt4/rpc_message.c
@@ -459,13 +459,16 @@ write:
}
/***********************************************************************
- * RPCRT4_AuthNegotiate (internal)
+ * RPCRT4_ClientAuthorize (internal)
+ *
+ * Authorize a client connection. A NULL in param signifies a new connection.
*/
-static void RPCRT4_AuthNegotiate(RpcConnection *conn, SecBuffer *out)
+static RPC_STATUS RPCRT4_ClientAuthorize(RpcConnection *conn, SecBuffer *in,
+ SecBuffer *out)
{
SECURITY_STATUS r;
SecBufferDesc out_desc;
- unsigned char *buffer;
+ SecBufferDesc inp_desc;
ULONG context_req = ISC_REQ_CONNECTION | ISC_REQ_USE_DCE_STYLE |
ISC_REQ_MUTUAL_AUTH | ISC_REQ_DELEGATE;
@@ -474,24 +477,33 @@ static void RPCRT4_AuthNegotiate(RpcConnection *conn, SecBuffer *out)
else if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
- buffer = HeapAlloc(GetProcessHeap(), 0, conn->AuthInfo->cbMaxToken);
-
out->BufferType = SECBUFFER_TOKEN;
out->cbBuffer = conn->AuthInfo->cbMaxToken;
- out->pvBuffer = buffer;
+ out->pvBuffer = HeapAlloc(GetProcessHeap(), 0, out->cbBuffer);
out_desc.ulVersion = 0;
out_desc.cBuffers = 1;
out_desc.pBuffers = out;
- conn->attr = 0;
- SecInvalidateHandle(&conn->ctx);
+ inp_desc.cBuffers = 1;
+ inp_desc.pBuffers = in;
+ inp_desc.ulVersion = 0;
+
+ r = InitializeSecurityContextA(&conn->AuthInfo->cred, in ? &conn->ctx : NULL,
+ NULL, context_req, 0, SECURITY_NETWORK_DREP,
+ in ? &inp_desc : NULL, 0, &conn->ctx, &out_desc, &conn->attr,
+ &conn->exp);
+ if (FAILED(r))
+ {
+ HeapFree(GetProcessHeap(), 0, out->pvBuffer);
+ out->pvBuffer = NULL;
+ WARN("InitializeSecurityContext failed with error 0x%08x\n", r);
+ return ERROR_ACCESS_DENIED; /* FIXME: is this correct? */
+ }
- r = InitializeSecurityContextA(&conn->AuthInfo->cred, NULL, NULL,
- context_req, 0, SECURITY_NETWORK_DREP,
- NULL, 0, &conn->ctx, &out_desc, &conn->attr, &conn->exp);
+ TRACE("r = 0x%08x, cbBuffer = %ld, attr = 0x%08x\n", r, out->cbBuffer, conn->attr);
- TRACE("r = %08x cbBuffer = %ld attr = %08x\n", r, out->cbBuffer, conn->attr);
+ return RPC_S_OK;
}
/***********************************************************************
@@ -500,46 +512,18 @@ static void RPCRT4_AuthNegotiate(RpcConnection *conn, SecBuffer *out)
static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
BYTE *challenge, ULONG count)
{
- SecBufferDesc inp_desc, out_desc;
SecBuffer inp, out;
- SECURITY_STATUS r;
RpcPktHdr *resp_hdr;
RPC_STATUS status;
- ULONG context_req = ISC_REQ_CONNECTION | ISC_REQ_USE_DCE_STYLE |
- ISC_REQ_MUTUAL_AUTH | ISC_REQ_DELEGATE;
TRACE("challenge %s, %d bytes\n", challenge, count);
- if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
- context_req |= ISC_REQ_INTEGRITY;
- else if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
- context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
-
- out.BufferType = SECBUFFER_TOKEN;
- out.cbBuffer = conn->AuthInfo->cbMaxToken;
- out.pvBuffer = HeapAlloc(GetProcessHeap(), 0, out.cbBuffer);
-
- out_desc.ulVersion = 0;
- out_desc.cBuffers = 1;
- out_desc.pBuffers = &out;
-
inp.BufferType = SECBUFFER_TOKEN;
inp.pvBuffer = challenge;
inp.cbBuffer = count;
- inp_desc.cBuffers = 1;
- inp_desc.pBuffers = &inp;
- inp_desc.ulVersion = 0;
-
- r = InitializeSecurityContextA(&conn->AuthInfo->cred, &conn->ctx, NULL,
- context_req, 0, SECURITY_NETWORK_DREP,
- &inp_desc, 0, &conn->ctx, &out_desc, &conn->attr, &conn->exp);
- if (r)
- {
- HeapFree(GetProcessHeap(), 0, out.pvBuffer);
- WARN("InitializeSecurityContext failed with error 0x%08x\n", r);
- return ERROR_ACCESS_DENIED;
- }
+ status = RPCRT4_ClientAuthorize(conn, &inp, &out);
+ if (status) return status;
resp_hdr = RPCRT4_BuildAuthHeader(NDR_LOCAL_DATA_REPRESENTATION);
if (!resp_hdr)
@@ -569,12 +553,8 @@ RPC_STATUS RPCRT4_Send(RpcConnection *Connection, RpcPktHdr *Header,
return RPCRT4_SendAuth(Connection, Header, Buffer, BufferLength, NULL, 0);
}
- out.BufferType = SECBUFFER_TOKEN;
- out.cbBuffer = 0;
- out.pvBuffer = NULL;
-
/* tack on a negotiate packet */
- RPCRT4_AuthNegotiate(Connection, &out);
+ RPCRT4_ClientAuthorize(Connection, NULL, &out);
r = RPCRT4_SendAuth(Connection, Header, Buffer, BufferLength, out.pvBuffer, out.cbBuffer);
HeapFree(GetProcessHeap(), 0, out.pvBuffer);
diff --git a/dlls/rpcrt4/rpc_transport.c b/dlls/rpcrt4/rpc_transport.c
index e1d29bb..4996c12 100644
--- a/dlls/rpcrt4/rpc_transport.c
+++ b/dlls/rpcrt4/rpc_transport.c
@@ -1381,10 +1381,13 @@ RPC_STATUS RPCRT4_CreateConnection(RpcConnection** Connection, BOOL server,
NewConnection->NextCallId = 1;
SecInvalidateHandle(&NewConnection->ctx);
+ memset(&NewConnection->exp, 0, sizeof(NewConnection->exp));
+ NewConnection->attr = 0;
if (AuthInfo) RpcAuthInfo_AddRef(AuthInfo);
NewConnection->AuthInfo = AuthInfo;
if (QOS) RpcQualityOfService_AddRef(QOS);
NewConnection->QOS = QOS;
+
list_init(&NewConnection->conn_pool_entry);
TRACE("connection: %p\n", NewConnection);
More information about the wine-cvs
mailing list