Alexandre Julliard : kerberos: Move timestamp conversion to the PE side.
Alexandre Julliard
julliard at winehq.org
Thu Nov 4 17:04:21 CDT 2021
Module: wine
Branch: master
Commit: b1c58098ebfc3133789680aba2afa3b069f2565b
URL: https://source.winehq.org/git/wine.git/?a=commit;h=b1c58098ebfc3133789680aba2afa3b069f2565b
Author: Alexandre Julliard <julliard at winehq.org>
Date: Thu Nov 4 17:54:56 2021 +0100
kerberos: Move timestamp conversion to the PE side.
Restore expiry time dropped in 6e9a9d670185f5a18d860602eb23e5a4c0fc1c2e,
spotted by Dmitry Timoshkov.
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
dlls/kerberos/krb5_ap.c | 34 +++++++++++++++++++++++++++++-----
dlls/kerberos/unixlib.c | 22 ++++++----------------
dlls/kerberos/unixlib.h | 6 +++---
3 files changed, 38 insertions(+), 24 deletions(-)
diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c
index 92436ca2bf4..9105e3d2c5d 100644
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -83,6 +83,17 @@ static const char *debugstr_us( const UNICODE_STRING *us )
return debugstr_wn( us->Buffer, us->Length / sizeof(WCHAR) );
}
+static void expiry_to_timestamp( ULONG expiry, TimeStamp *timestamp )
+{
+ LARGE_INTEGER time;
+
+ NtQuerySystemTime( &time );
+ RtlSystemTimeToLocalTime( &time, &time );
+ time.QuadPart += expiry * (ULONGLONG)10000000;
+ timestamp->LowPart = time.QuadPart;
+ timestamp->HighPart = time.QuadPart >> 32;
+}
+
static NTSTATUS NTAPI kerberos_LsaApInitializePackage(ULONG package_id, PLSA_DISPATCH_TABLE dispatch,
PLSA_STRING database, PLSA_STRING confidentiality, PLSA_STRING *package_name)
{
@@ -267,6 +278,7 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
char *principal = NULL, *username = NULL, *password = NULL;
SEC_WINNT_AUTH_IDENTITY_W *id = auth_data;
NTSTATUS status = SEC_E_INSUFFICIENT_MEMORY;
+ ULONG exptime;
TRACE( "(%s 0x%08x %p %p %p %p %p %p)\n", debugstr_us(principal_us), credential_use,
logon_id, auth_data, get_key_fn, get_key_arg, credential, expiry );
@@ -285,7 +297,9 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
}
status = krb5_funcs->acquire_credentials_handle( principal, credential_use, username, password, credential,
- expiry );
+ &exptime );
+ expiry_to_timestamp( exptime, expiry );
+
done:
free( principal );
free( username );
@@ -310,6 +324,7 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
ISC_REQ_IDENTIFY | ISC_REQ_CONNECTION;
char *target = NULL;
NTSTATUS status;
+ ULONG exptime;
TRACE( "(%lx %lx %s 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, debugstr_us(target_name),
context_req, target_data_rep, input, new_context, output, context_attr, expiry,
@@ -320,8 +335,12 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
if (target_name && !(target = get_str_unixcp( target_name ))) return SEC_E_INSUFFICIENT_MEMORY;
status = krb5_funcs->initialize_context( credential, context, target, context_req, input, new_context, output,
- context_attr, expiry );
- if (!status) *mapped_context = TRUE;
+ context_attr, &exptime );
+ if (!status)
+ {
+ *mapped_context = TRUE;
+ expiry_to_timestamp( exptime, expiry );
+ }
/* FIXME: initialize context_data */
free( target );
return status;
@@ -332,6 +351,7 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry, BOOLEAN *mapped_context, SecBuffer *context_data )
{
NTSTATUS status;
+ ULONG exptime;
TRACE( "(%lx %lx 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, context_req, target_data_rep, input,
new_context, output, context_attr, expiry, mapped_context, context_data );
@@ -339,8 +359,12 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
if (!context && !input && !credential) return SEC_E_INVALID_HANDLE;
- status = krb5_funcs->accept_context( credential, context, input, new_context, output, context_attr, expiry );
- if (!status) *mapped_context = TRUE;
+ status = krb5_funcs->accept_context( credential, context, input, new_context, output, context_attr, &exptime );
+ if (!status)
+ {
+ *mapped_context = TRUE;
+ expiry_to_timestamp( exptime, expiry );
+ }
/* FIXME: initialize context_data */
return status;
}
diff --git a/dlls/kerberos/unixlib.c b/dlls/kerberos/unixlib.c
index 1a47b0a39ff..4024cc4bec1 100644
--- a/dlls/kerberos/unixlib.c
+++ b/dlls/kerberos/unixlib.c
@@ -505,16 +505,6 @@ static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, LSA_SEC_HANDLE
*cred = (LSA_SEC_HANDLE)handle;
}
-static void expirytime_gss_to_sspi( OM_uint32 expirytime, TimeStamp *timestamp )
-{
- LARGE_INTEGER time;
-
- NtQuerySystemTime( &time );
- RtlSystemTimeToLocalTime( &time, &time );
- timestamp->LowPart = time.QuadPart;
- timestamp->HighPart = time.QuadPart >> 32;
-}
-
static ULONG flags_gss_to_asc_ret( ULONG flags )
{
ULONG ret = 0;
@@ -532,7 +522,7 @@ static ULONG flags_gss_to_asc_ret( ULONG flags )
static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, SecBufferDesc *input,
LSA_SEC_HANDLE *new_context, SecBufferDesc *output, ULONG *context_attr,
- TimeStamp *expiry )
+ ULONG *expiry )
{
OM_uint32 ret, minor_status, ret_flags = 0, expiry_time;
gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential );
@@ -571,7 +561,7 @@ static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE
ctxhandle_gss_to_sspi( ctx_handle, new_context );
if (context_attr) *context_attr = flags_gss_to_asc_ret( ret_flags );
- expirytime_gss_to_sspi( expiry_time, expiry );
+ *expiry = expiry_time;
}
return status_gss_to_sspi( ret );
@@ -621,7 +611,7 @@ static NTSTATUS import_name( const char *src, gss_name_t *dst )
}
static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG credential_use, const char *username,
- const char *password, LSA_SEC_HANDLE *credential, TimeStamp *expiry )
+ const char *password, LSA_SEC_HANDLE *credential, ULONG *expiry )
{
OM_uint32 ret, minor_status, expiry_time;
gss_name_t name = GSS_C_NO_NAME;
@@ -654,7 +644,7 @@ static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG c
if (ret == GSS_S_COMPLETE)
{
credhandle_gss_to_sspi( cred_handle, credential );
- expirytime_gss_to_sspi( expiry_time, expiry );
+ *expiry = expiry_time;
}
if (name != GSS_C_NO_NAME) pgss_release_name( &minor_status, &name );
@@ -715,7 +705,7 @@ static ULONG flags_gss_to_isc_ret( ULONG flags )
static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, const char *target_name,
ULONG context_req, SecBufferDesc *input, LSA_SEC_HANDLE *new_context,
- SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry )
+ SecBufferDesc *output, ULONG *context_attr, ULONG *expiry )
{
OM_uint32 ret, minor_status, ret_flags = 0, expiry_time, req_flags = flags_isc_req_to_gss( context_req );
gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential );
@@ -758,7 +748,7 @@ static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HAN
ctxhandle_gss_to_sspi( ctx_handle, new_context );
if (context_attr) *context_attr = flags_gss_to_isc_ret( ret_flags );
- expirytime_gss_to_sspi( expiry_time, expiry );
+ *expiry = expiry_time;
}
if (target != GSS_C_NO_NAME) pgss_release_name( &minor_status, &target );
diff --git a/dlls/kerberos/unixlib.h b/dlls/kerberos/unixlib.h
index 5648f344431..2d0cb45f979 100644
--- a/dlls/kerberos/unixlib.h
+++ b/dlls/kerberos/unixlib.h
@@ -24,13 +24,13 @@
struct krb5_funcs
{
NTSTATUS (CDECL *accept_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, SecBufferDesc *, LSA_SEC_HANDLE *,
- SecBufferDesc *, ULONG *, TimeStamp *);
+ SecBufferDesc *, ULONG *, ULONG *);
NTSTATUS (CDECL *acquire_credentials_handle)(const char *, ULONG, const char *, const char *, LSA_SEC_HANDLE *,
- TimeStamp *);
+ ULONG *);
NTSTATUS (CDECL *delete_context)(LSA_SEC_HANDLE);
NTSTATUS (CDECL *free_credentials_handle)(LSA_SEC_HANDLE);
NTSTATUS (CDECL *initialize_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, const char *, ULONG, SecBufferDesc *,
- LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, TimeStamp *);
+ LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, ULONG *);
NTSTATUS (CDECL *make_signature)(LSA_SEC_HANDLE, SecBufferDesc *);
NTSTATUS (CDECL *query_context_attributes)(LSA_SEC_HANDLE, ULONG, void *);
NTSTATUS (CDECL *query_ticket_cache)( KERB_QUERY_TKT_CACHE_RESPONSE *resp, ULONG *out_size );
More information about the wine-cvs
mailing list