[PATCH 04/13] secur32: Implement InitializeSecurityContext in the SSP/AP wrapper.

Hans Leidekker hans at codeweavers.com
Wed Jan 31 03:23:33 CST 2018


On Thu, 2018-01-18 at 23:54 +0800, Dmitry Timoshkov wrote:
> +static SECURITY_STATUS WINAPI lsa_InitializeSecurityContextW(
> +    CredHandle *credential, CtxtHandle *context, SEC_WCHAR *target_name, ULONG context_req,
> +    ULONG reserved1, ULONG target_data_rep, SecBufferDesc *input, ULONG reserved2,
> +    CtxtHandle *new_context, SecBufferDesc *output, ULONG *context_attr, TimeStamp *ts_expiry)
> +{
> +    SECURITY_STATUS status;
> +    struct lsa_package *lsa_package = NULL;
> +    LSA_SEC_HANDLE lsa_credential = 0, lsa_context = 0, new_lsa_context;
> +    UNICODE_STRING target_name_us;
> +    BOOLEAN mapped_context;
> +
> +    TRACE("%p %p %s %#x %d %d %p %d %p %p %p %p\n", credential, context,
> +        debugstr_w(target_name), context_req, reserved1, target_data_rep, input,
> +        reserved2, new_context, output, context_attr, ts_expiry);
> +
> +    if (credential)
> +    {
> +        lsa_package = (struct lsa_package *)credential->dwUpper;
> +        lsa_credential = (LSA_SEC_HANDLE)credential->dwLower;
> +    }
> +    else if (context)
> +    {
> +        lsa_package = (struct lsa_package *)context->dwUpper;
> +        lsa_context = (LSA_SEC_HANDLE)context->dwLower;
> +    }

It's not an error to pass a credential parameter in the second call, so
you should switch the order here.

> +    if (!lsa_package || !new_context) return SEC_E_INVALID_HANDLE;
> +
> +    if (!lsa_package->lsa_api || !lsa_package->lsa_api->InitLsaModeContext)
> +        return SEC_E_UNSUPPORTED_FUNCTION;
> +
> +    if (target_name)
> +        RtlInitUnicodeString(&target_name_us, target_name);
> +
> +    status = lsa_package->lsa_api->InitLsaModeContext(lsa_credential, lsa_context,
> +        target_name ? &target_name_us : NULL, context_req, target_data_rep, input,
> +        &new_lsa_context, output, context_attr, ts_expiry, &mapped_context, NULL /* FIXME */);
> +    if (status == SEC_E_OK)
> +    {
> +        new_context->dwLower = (ULONG_PTR)new_lsa_context;
> +        new_context->dwUpper = (ULONG_PTR)lsa_package;
> +    }

You should also accept SEC_I_CONTINUE_NEEDED here, otherwise the caller
won't see the new context in a three-leg authentication.




More information about the wine-devel mailing list