Hans Leidekker : kerberos: Move support for SpQueryContextAttributes to the Unix library.
Alexandre Julliard
julliard at winehq.org
Wed Apr 21 15:57:53 CDT 2021
Module: wine
Branch: master
Commit: ed517857444df621e9f2137119c48d787a216e72
URL: https://source.winehq.org/git/wine.git/?a=commit;h=ed517857444df621e9f2137119c48d787a216e72
Author: Hans Leidekker <hans at codeweavers.com>
Date: Wed Apr 21 09:47:27 2021 +0200
kerberos: Move support for SpQueryContextAttributes to the Unix library.
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/kerberos/krb5_ap.c | 18 +-----------------
dlls/kerberos/unixlib.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
dlls/kerberos/unixlib.h | 3 +++
3 files changed, 51 insertions(+), 17 deletions(-)
diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c
index f3cbf34ee81..61833b4e040 100644
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -927,23 +927,7 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
X(SECPKG_ATTR_TARGET_INFORMATION);
case SECPKG_ATTR_SIZES:
{
- SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)buffer;
- ULONG size_max_signature = 37, size_security_trailer = 49;
-#ifdef SONAME_LIBGSSAPI_KRB5
- gss_ctx_id_t ctxt_handle;
-
- if (!(ctxt_handle = ctxthandle_sspi_to_gss( context ))) return SEC_E_INVALID_HANDLE;
- if (is_dce_style_context( ctxt_handle ))
- {
- size_max_signature = 28;
- size_security_trailer = 76;
- }
-#endif
- sizes->cbMaxToken = KERBEROS_MAX_BUF;
- sizes->cbMaxSignature = size_max_signature;
- sizes->cbBlockSize = 1;
- sizes->cbSecurityTrailer = size_security_trailer;
- return SEC_E_OK;
+ return krb5_funcs->query_context_attributes( context, attribute, buffer );
}
case SECPKG_ATTR_NEGOTIATION_INFO:
{
diff --git a/dlls/kerberos/unixlib.c b/dlls/kerberos/unixlib.c
index 06f0ffc8a04..34da8460406 100644
--- a/dlls/kerberos/unixlib.c
+++ b/dlls/kerberos/unixlib.c
@@ -211,6 +211,13 @@ fail:
return FALSE;
}
+static BOOL is_dce_style_context( gss_ctx_id_t ctx )
+{
+ OM_uint32 ret, minor_status, flags;
+ ret = pgss_inquire_context( &minor_status, ctx, NULL, NULL, NULL, NULL, &flags, NULL, NULL );
+ return (ret == GSS_S_COMPLETE && (flags & GSS_C_DCE_STYLE));
+}
+
static int get_buffer_index( SecBufferDesc *desc, DWORD type )
{
UINT i;
@@ -587,6 +594,45 @@ static NTSTATUS CDECL make_signature( LSA_SEC_HANDLE context, SecBufferDesc *msg
return status_gss_to_sspi( ret );
}
+#define KERBEROS_MAX_SIGNATURE 37
+#define KERBEROS_SECURITY_TRAILER 49
+#define KERBEROS_MAX_SIGNATURE_DCE 28
+#define KERBEROS_SECURITY_TRAILER_DCE 76
+
+static NTSTATUS CDECL query_context_attributes( LSA_SEC_HANDLE context, ULONG attr, void *buf )
+{
+ switch (attr)
+ {
+ case SECPKG_ATTR_SIZES:
+ {
+ SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)buf;
+ ULONG size_max_signature, size_security_trailer;
+ gss_ctx_id_t ctx = ctxhandle_sspi_to_gss( context );
+
+ if (is_dce_style_context( ctx ))
+ {
+ size_max_signature = KERBEROS_MAX_SIGNATURE_DCE;
+ size_security_trailer = KERBEROS_SECURITY_TRAILER_DCE;
+ }
+ else
+ {
+ size_max_signature = KERBEROS_MAX_SIGNATURE;
+ size_security_trailer = KERBEROS_SECURITY_TRAILER;
+ }
+ sizes->cbMaxToken = KERBEROS_MAX_BUF;
+ sizes->cbMaxSignature = size_max_signature;
+ sizes->cbBlockSize = 1;
+ sizes->cbSecurityTrailer = size_security_trailer;
+ return SEC_E_OK;
+ }
+ default:
+ FIXME( "unhandled attribute %u\n", attr );
+ break;
+ }
+
+ return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
static NTSTATUS CDECL verify_signature( LSA_SEC_HANDLE context, SecBufferDesc *msg, ULONG *qop )
{
OM_uint32 ret, minor_status;
@@ -618,6 +664,7 @@ static const struct krb5_funcs funcs =
free_credentials_handle,
initialize_context,
make_signature,
+ query_context_attributes,
verify_signature,
};
diff --git a/dlls/kerberos/unixlib.h b/dlls/kerberos/unixlib.h
index 6a73444aae8..8fd562a28d7 100644
--- a/dlls/kerberos/unixlib.h
+++ b/dlls/kerberos/unixlib.h
@@ -19,6 +19,8 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*/
+#define KERBEROS_MAX_BUF 12000
+
struct krb5_funcs
{
NTSTATUS (CDECL *accept_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, SecBufferDesc *, LSA_SEC_HANDLE *,
@@ -30,6 +32,7 @@ struct krb5_funcs
NTSTATUS (CDECL *initialize_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, const char *, ULONG, SecBufferDesc *,
LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, TimeStamp *);
NTSTATUS (CDECL *make_signature)(LSA_SEC_HANDLE, SecBufferDesc *);
+ NTSTATUS (CDECL *query_context_attributes)(LSA_SEC_HANDLE, ULONG, void *);
NTSTATUS (CDECL *verify_signature)(LSA_SEC_HANDLE, SecBufferDesc *, ULONG *);
};
More information about the wine-cvs
mailing list