[PATCH 02/10] kerberos: Use 64-bit integer for context handles.
Nikolay Sivov
wine at gitlab.winehq.org
Sat May 28 13:36:50 CDT 2022
From: Nikolay Sivov <nsivov at codeweavers.com>
Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
---
dlls/kerberos/krb5_ap.c | 59 ++++++++++++++++++++++++++++++++++-------
dlls/kerberos/unixlib.c | 11 ++++----
dlls/kerberos/unixlib.h | 23 +++++++++-------
3 files changed, 69 insertions(+), 24 deletions(-)
diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c
index 9fea8c85d89..cc6df975d25 100644
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -82,6 +82,24 @@ struct cred_handle
UINT64 handle;
};
+struct context_handle
+{
+ UINT64 handle;
+};
+
+static LSA_SEC_HANDLE create_context_handle( struct context_handle *ctx, UINT64 new_context )
+{
+ UINT64 context = ctx ? ctx->handle : 0;
+ if (new_context && new_context != context)
+ {
+ struct context_handle *new_ctx = malloc(sizeof(*new_ctx));
+ new_ctx->handle = new_context;
+ return (LSA_SEC_HANDLE)new_ctx;
+ }
+ else
+ return (LSA_SEC_HANDLE)ctx;
+}
+
static const char *debugstr_us( const UNICODE_STRING *us )
{
if (!us) return "<null>";
@@ -370,14 +388,16 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
else
{
struct cred_handle *cred_handle = (struct cred_handle *)credential;
+ struct context_handle *context_handle = (struct context_handle *)context;
struct initialize_context_params params;
+ UINT64 new_context_handle = 0;
params.credential = cred_handle ? cred_handle->handle : 0;
- params.context = context;
+ params.context = context_handle ? context_handle->handle : 0;
params.target_name = target;
params.context_req = context_req;
params.input = input;
- params.new_context = new_context;
+ params.new_context = &new_context_handle;
params.output = output;
params.context_attr = context_attr;
params.expiry = &exptime;
@@ -385,6 +405,7 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
status = KRB5_CALL( initialize_context, ¶ms );
if (!status)
{
+ *new_context = create_context_handle( context_handle, new_context_handle );
*mapped_context = TRUE;
expiry_to_timestamp( exptime, expiry );
}
@@ -408,12 +429,14 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
if (context || input || credential)
{
struct cred_handle *cred_handle = (struct cred_handle *)credential;
+ struct context_handle *context_handle = (struct context_handle *)context;
struct accept_context_params params;
+ UINT64 new_context_handle = 0;
params.credential = cred_handle ? cred_handle->handle : 0;
- params.context = context;
+ params.context = context_handle ? context_handle->handle : 0;
params.input = input;
- params.new_context = new_context;
+ params.new_context = &new_context_handle;
params.output = output;
params.context_attr = context_attr;
params.expiry = &exptime;
@@ -421,6 +444,7 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
status = KRB5_CALL( accept_context, ¶ms );
if (!status)
{
+ *new_context = create_context_handle( context_handle, new_context_handle );
*mapped_context = TRUE;
expiry_to_timestamp( exptime, expiry );
}
@@ -431,9 +455,18 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
static NTSTATUS NTAPI kerberos_SpDeleteContext( LSA_SEC_HANDLE context )
{
+ struct context_handle *context_handle = (void *)context;
+ struct delete_context_params params;
+ NTSTATUS status;
+
TRACE( "%Ix\n", context );
+
if (!context) return SEC_E_INVALID_HANDLE;
- return KRB5_CALL( delete_context, (void *)context );
+
+ params.context = context_handle->handle;
+ status = KRB5_CALL( delete_context, ¶ms );
+ free( context_handle );
+ return status;
}
static SecPkgInfoW *build_package_info( const SecPkgInfoW *info )
@@ -456,6 +489,8 @@ static SecPkgInfoW *build_package_info( const SecPkgInfoW *info )
static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, ULONG attribute, void *buffer )
{
+ struct context_handle *context_handle = (void *)context;
+
TRACE( "%Ix, %lu, %p\n", context, attribute, buffer );
if (!context) return SEC_E_INVALID_HANDLE;
@@ -477,7 +512,7 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
X(SECPKG_ATTR_TARGET_INFORMATION);
case SECPKG_ATTR_SIZES:
{
- struct query_context_attributes_params params = { context, attribute, buffer };
+ struct query_context_attributes_params params = { context_handle->handle, attribute, buffer };
return KRB5_CALL( query_context_attributes, ¶ms );
}
case SECPKG_ATTR_NEGOTIATION_INFO:
@@ -584,7 +619,8 @@ static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULON
if (context)
{
- struct make_signature_params params = { context, message };
+ struct context_handle *context_handle = (void *)context;
+ struct make_signature_params params = { context_handle->handle, message };
return KRB5_CALL( make_signature, ¶ms );
}
else return SEC_E_INVALID_HANDLE;
@@ -598,7 +634,8 @@ static NTSTATUS NTAPI kerberos_SpVerifySignature( LSA_SEC_HANDLE context, SecBuf
if (context)
{
- struct verify_signature_params params = { context, message, quality_of_protection };
+ struct context_handle *context_handle = (void *)context;
+ struct verify_signature_params params = { context_handle->handle, message, quality_of_protection };
return KRB5_CALL( verify_signature, ¶ms );
}
else return SEC_E_INVALID_HANDLE;
@@ -612,7 +649,8 @@ static NTSTATUS NTAPI kerberos_SpSealMessage( LSA_SEC_HANDLE context, ULONG qual
if (context)
{
- struct seal_message_params params = { context, message, quality_of_protection };
+ struct context_handle *context_handle = (void *)context;
+ struct seal_message_params params = { context_handle->handle, message, quality_of_protection };
return KRB5_CALL( seal_message, ¶ms );
}
else return SEC_E_INVALID_HANDLE;
@@ -626,7 +664,8 @@ static NTSTATUS NTAPI kerberos_SpUnsealMessage( LSA_SEC_HANDLE context, SecBuffe
if (context)
{
- struct unseal_message_params params = { context, message, quality_of_protection };
+ struct context_handle *context_handle = (void *)context;
+ struct unseal_message_params params = { context_handle->handle, message, quality_of_protection };
return KRB5_CALL( unseal_message, ¶ms );
}
else return SEC_E_INVALID_HANDLE;
diff --git a/dlls/kerberos/unixlib.c b/dlls/kerberos/unixlib.c
index 66d151488b3..4d74dd7eb1f 100644
--- a/dlls/kerberos/unixlib.c
+++ b/dlls/kerberos/unixlib.c
@@ -486,9 +486,9 @@ static void trace_gss_status( OM_uint32 major_status, OM_uint32 minor_status )
}
}
-static inline gss_ctx_id_t ctxhandle_sspi_to_gss( LSA_SEC_HANDLE handle )
+static inline gss_ctx_id_t ctxhandle_sspi_to_gss( UINT64 handle )
{
- return (gss_ctx_id_t)handle;
+ return (gss_ctx_id_t)(ULONG_PTR)handle;
}
static inline gss_cred_id_t credhandle_sspi_to_gss( UINT64 handle )
@@ -496,9 +496,9 @@ static inline gss_cred_id_t credhandle_sspi_to_gss( UINT64 handle )
return (gss_cred_id_t)(ULONG_PTR)handle;
}
-static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, LSA_SEC_HANDLE *ctx )
+static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, UINT64 *ctx )
{
- *ctx = (LSA_SEC_HANDLE)handle;
+ *ctx = (ULONG_PTR)handle;
}
static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, UINT64 *cred )
@@ -654,8 +654,9 @@ static NTSTATUS acquire_credentials_handle( void *args )
static NTSTATUS delete_context( void *args )
{
+ const struct delete_context_params *params = args;
OM_uint32 ret, minor_status;
- gss_ctx_id_t ctx_handle = ctxhandle_sspi_to_gss( (LSA_SEC_HANDLE)args );
+ gss_ctx_id_t ctx_handle = ctxhandle_sspi_to_gss( params->context );
ret = pgss_delete_sec_context( &minor_status, &ctx_handle, GSS_C_NO_BUFFER );
TRACE( "gss_delete_sec_context returned %#x minor status %#x\n", ret, minor_status );
diff --git a/dlls/kerberos/unixlib.h b/dlls/kerberos/unixlib.h
index 7c3f97f436d..2634182ef51 100644
--- a/dlls/kerberos/unixlib.h
+++ b/dlls/kerberos/unixlib.h
@@ -26,9 +26,9 @@
struct accept_context_params
{
UINT64 credential;
- LSA_SEC_HANDLE context;
+ UINT64 context;
SecBufferDesc *input;
- LSA_SEC_HANDLE *new_context;
+ UINT64 *new_context;
SecBufferDesc *output;
ULONG *context_attr;
ULONG *expiry;
@@ -44,6 +44,11 @@ struct acquire_credentials_handle_params
ULONG *expiry;
};
+struct delete_context_params
+{
+ UINT64 context;
+};
+
struct free_credentials_handle_params
{
UINT64 credential;
@@ -52,11 +57,11 @@ struct free_credentials_handle_params
struct initialize_context_params
{
UINT64 credential;
- LSA_SEC_HANDLE context;
+ UINT64 context;
const char *target_name;
ULONG context_req;
SecBufferDesc *input;
- LSA_SEC_HANDLE *new_context;
+ UINT64 *new_context;
SecBufferDesc *output;
ULONG *context_attr;
ULONG *expiry;
@@ -64,13 +69,13 @@ struct initialize_context_params
struct make_signature_params
{
- LSA_SEC_HANDLE context;
+ UINT64 context;
SecBufferDesc *msg;
};
struct query_context_attributes_params
{
- LSA_SEC_HANDLE context;
+ UINT64 context;
unsigned attr;
void *buf;
};
@@ -83,21 +88,21 @@ struct query_ticket_cache_params
struct seal_message_params
{
- LSA_SEC_HANDLE context;
+ UINT64 context;
SecBufferDesc *msg;
unsigned qop;
};
struct unseal_message_params
{
- LSA_SEC_HANDLE context;
+ UINT64 context;
SecBufferDesc *msg;
ULONG *qop;
};
struct verify_signature_params
{
- LSA_SEC_HANDLE context;
+ UINT64 context;
SecBufferDesc *msg;
ULONG *qop;
};
--
GitLab
https://gitlab.winehq.org/wine/wine/-/merge_requests/146
More information about the wine-devel
mailing list