Hans Leidekker : kerberos: Move support for SpQueryContextAttributes to the Unix library.

[Alexandre Julliard]

Module: wine
Branch: master
Commit: ed517857444df621e9f2137119c48d787a216e72
URL:    https://source.winehq.org/git/wine.git/?a=commit;h=ed517857444df621e9f2137119c48d787a216e72

Author: Hans Leidekker <hans at codeweavers.com>
Date:   Wed Apr 21 09:47:27 2021 +0200

kerberos: Move support for SpQueryContextAttributes to the Unix library.

Signed-off-by: Hans Leidekker <hans at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>

---

 dlls/kerberos/krb5_ap.c | 18 +-----------------
 dlls/kerberos/unixlib.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 dlls/kerberos/unixlib.h |  3 +++
 3 files changed, 51 insertions(+), 17 deletions(-)

diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c
index f3cbf34ee81..61833b4e040 100644
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -927,23 +927,7 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
     X(SECPKG_ATTR_TARGET_INFORMATION);
     case SECPKG_ATTR_SIZES:
     {
-        SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)buffer;
-        ULONG size_max_signature = 37, size_security_trailer = 49;
-#ifdef SONAME_LIBGSSAPI_KRB5
-        gss_ctx_id_t ctxt_handle;
-
-        if (!(ctxt_handle = ctxthandle_sspi_to_gss( context ))) return SEC_E_INVALID_HANDLE;
-        if (is_dce_style_context( ctxt_handle ))
-        {
-            size_max_signature = 28;
-            size_security_trailer = 76;
-        }
-#endif
-        sizes->cbMaxToken        = KERBEROS_MAX_BUF;
-        sizes->cbMaxSignature    = size_max_signature;
-        sizes->cbBlockSize       = 1;
-        sizes->cbSecurityTrailer = size_security_trailer;
-        return SEC_E_OK;
+        return krb5_funcs->query_context_attributes( context, attribute, buffer );
     }
     case SECPKG_ATTR_NEGOTIATION_INFO:
     {
diff --git a/dlls/kerberos/unixlib.c b/dlls/kerberos/unixlib.c
index 06f0ffc8a04..34da8460406 100644
--- a/dlls/kerberos/unixlib.c
+++ b/dlls/kerberos/unixlib.c
@@ -211,6 +211,13 @@ fail:
     return FALSE;
 }
 
+static BOOL is_dce_style_context( gss_ctx_id_t ctx )
+{
+    OM_uint32 ret, minor_status, flags;
+    ret = pgss_inquire_context( &minor_status, ctx, NULL, NULL, NULL, NULL, &flags, NULL, NULL );
+    return (ret == GSS_S_COMPLETE && (flags & GSS_C_DCE_STYLE));
+}
+
 static int get_buffer_index( SecBufferDesc *desc, DWORD type )
 {
     UINT i;
@@ -587,6 +594,45 @@ static NTSTATUS CDECL make_signature( LSA_SEC_HANDLE context, SecBufferDesc *msg
     return status_gss_to_sspi( ret );
 }
 
+#define KERBEROS_MAX_SIGNATURE        37
+#define KERBEROS_SECURITY_TRAILER     49
+#define KERBEROS_MAX_SIGNATURE_DCE    28
+#define KERBEROS_SECURITY_TRAILER_DCE 76
+
+static NTSTATUS CDECL query_context_attributes( LSA_SEC_HANDLE context, ULONG attr, void *buf )
+{
+    switch (attr)
+    {
+    case SECPKG_ATTR_SIZES:
+    {
+        SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)buf;
+        ULONG size_max_signature, size_security_trailer;
+        gss_ctx_id_t ctx  = ctxhandle_sspi_to_gss( context );
+
+        if (is_dce_style_context( ctx ))
+        {
+            size_max_signature = KERBEROS_MAX_SIGNATURE_DCE;
+            size_security_trailer = KERBEROS_SECURITY_TRAILER_DCE;
+        }
+        else
+        {
+            size_max_signature = KERBEROS_MAX_SIGNATURE;
+            size_security_trailer = KERBEROS_SECURITY_TRAILER;
+        }
+        sizes->cbMaxToken        = KERBEROS_MAX_BUF;
+        sizes->cbMaxSignature    = size_max_signature;
+        sizes->cbBlockSize       = 1;
+        sizes->cbSecurityTrailer = size_security_trailer;
+        return SEC_E_OK;
+    }
+    default:
+        FIXME( "unhandled attribute %u\n", attr );
+        break;
+    }
+
+    return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
 static NTSTATUS CDECL verify_signature( LSA_SEC_HANDLE context, SecBufferDesc *msg, ULONG *qop )
 {
     OM_uint32 ret, minor_status;
@@ -618,6 +664,7 @@ static const struct krb5_funcs funcs =
     free_credentials_handle,
     initialize_context,
     make_signature,
+    query_context_attributes,
     verify_signature,
 };
 
diff --git a/dlls/kerberos/unixlib.h b/dlls/kerberos/unixlib.h
index 6a73444aae8..8fd562a28d7 100644
--- a/dlls/kerberos/unixlib.h
+++ b/dlls/kerberos/unixlib.h
@@ -19,6 +19,8 @@
  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  */
 
+#define KERBEROS_MAX_BUF 12000
+
 struct krb5_funcs
 {
     NTSTATUS (CDECL *accept_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, SecBufferDesc *, LSA_SEC_HANDLE *,
@@ -30,6 +32,7 @@ struct krb5_funcs
     NTSTATUS (CDECL *initialize_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, const char *, ULONG, SecBufferDesc *,
                                          LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, TimeStamp *);
     NTSTATUS (CDECL *make_signature)(LSA_SEC_HANDLE, SecBufferDesc *);
+    NTSTATUS (CDECL *query_context_attributes)(LSA_SEC_HANDLE, ULONG, void *);
     NTSTATUS (CDECL *verify_signature)(LSA_SEC_HANDLE, SecBufferDesc *, ULONG *);
 };