Hans Leidekker : kerberos: Implement SpVerifySignature.

Alexandre Julliard julliard at winehq.org
Thu Jan 25 17:37:40 CST 2018 

Module: wine
Branch: master
Commit: 58996f8a77c80e50ef328c42c43825f13c52937f
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=58996f8a77c80e50ef328c42c43825f13c52937f

Author: Hans Leidekker <hans at codeweavers.com>
Date:   Thu Jan 25 11:33:36 2018 +0800

kerberos: Implement SpVerifySignature.

Signed-off-by: Dmitry Timoshkov <dmitry at baikal.ru>
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/kerberos/krb5_ap.c | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c
index 451e085..43bbbae 100644
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -195,6 +195,7 @@ MAKE_FUNCPTR(gss_init_sec_context);
 MAKE_FUNCPTR(gss_release_buffer);
 MAKE_FUNCPTR(gss_release_cred);
 MAKE_FUNCPTR(gss_release_name);
+MAKE_FUNCPTR(gss_verify_mic);
 #undef MAKE_FUNCPTR
 
 static BOOL load_gssapi_krb5(void)
@@ -221,6 +222,7 @@ static BOOL load_gssapi_krb5(void)
     LOAD_FUNCPTR(gss_release_buffer)
     LOAD_FUNCPTR(gss_release_cred)
     LOAD_FUNCPTR(gss_release_name)
+    LOAD_FUNCPTR(gss_verify_mic)
 #undef LOAD_FUNCPTR
 
     return TRUE;
@@ -779,12 +781,46 @@ static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULON
 #endif
 }
 
+static SECURITY_STATUS SEC_ENTRY kerberos_SpVerifySignature( LSA_SEC_HANDLE context, SecBufferDesc *message,
+    ULONG message_seq_no, ULONG *quality_of_protection )
+{
+#ifdef SONAME_LIBGSSAPI_KRB5
+    OM_uint32 ret, minor_status;
+    gss_buffer_desc data_buffer, token_buffer;
+    gss_ctx_id_t ctxt_handle;
+    int data_idx, token_idx;
+
+    TRACE( "(%lx %p %u %p)\n", context, message, message_seq_no, quality_of_protection );
+    if (message_seq_no) FIXME( "ignoring message_seq_no %0x08x\n", message_seq_no );
+
+    if (!context) return SEC_E_INVALID_HANDLE;
+    ctxt_handle = ctxthandle_sspi_to_gss( context );
+
+    if ((data_idx = get_buffer_index( message, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN;
+    data_buffer.length = message->pBuffers[data_idx].cbBuffer;
+    data_buffer.value  = message->pBuffers[data_idx].pvBuffer;
+
+    if ((token_idx = get_buffer_index( message, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
+    token_buffer.length = message->pBuffers[token_idx].cbBuffer;
+    token_buffer.value  = message->pBuffers[token_idx].pvBuffer;
+
+    ret = pgss_verify_mic( &minor_status, ctxt_handle, &data_buffer, &token_buffer, NULL );
+    TRACE( "gss_verify_mic returned %08x minor status %08x\n", ret, minor_status );
+    if (ret == GSS_S_COMPLETE && quality_of_protection) *quality_of_protection = 0;
+
+    return status_gss_to_sspi( ret );
+#else
+    FIXME( "(%lx %p %u %p)\n", context, message, message_seq_no, quality_of_protection );
+    return SEC_E_UNSUPPORTED_FUNCTION;
+#endif
+}
+
 static SECPKG_USER_FUNCTION_TABLE kerberos_user_table =
 {
     kerberos_SpInstanceInit,
     NULL, /* SpInitUserModeContext */
     kerberos_SpMakeSignature,
-    NULL, /* SpVerifySignature */
+    kerberos_SpVerifySignature,
     NULL, /* SpSealMessage */
     NULL, /* SpUnsealMessage */
     NULL, /* SpGetContextToken */

More information about the wine-cvs mailing list