[07/10] secur32: Implement VerifySignature for Kerberos.

Mon Oct 16 03:05:00 CDT 2017

Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
 dlls/secur32/kerberos.c | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/dlls/secur32/kerberos.c b/dlls/secur32/kerberos.c
index 2e42d0888d..57815fb135 100644
--- a/dlls/secur32/kerberos.c
+++ b/dlls/secur32/kerberos.c
@@ -613,10 +613,38 @@ static SECURITY_STATUS SEC_ENTRY kerberos_MakeSignature( CtxtHandle *phContext,
 /***********************************************************************
  *              VerifySignature
  */
-static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP)
+static SECURITY_STATUS SEC_ENTRY kerberos_VerifySignature( CtxtHandle *phContext, SecBufferDesc *pMessage,
+    ULONG MessageSeqNo, PULONG pfQOP )
 {
-    FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
+#ifdef HAVE_GSSAPI
+    OM_uint32 ret, minor_status;
+    gss_buffer_desc data_buffer, token_buffer;
+    gss_ctx_id_t ctxt_handle;
+    int data_idx, token_idx;
+
+    TRACE( "(%p %p %u %p)\n", phContext, pMessage, MessageSeqNo, pfQOP );
+    if (MessageSeqNo) FIXME( "ignoring MessageSeqNo\n" );
+
+    if (!phContext) return SEC_E_INVALID_HANDLE;
+    ctxt_handle = ctxthandle_sspi_to_gss( phContext );
+
+    if ((data_idx = get_buffer_index( pMessage, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN;
+    data_buffer.length = pMessage->pBuffers[data_idx].cbBuffer;
+    data_buffer.value  = pMessage->pBuffers[data_idx].pvBuffer;
+
+    if ((token_idx = get_buffer_index( pMessage, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
+    token_buffer.length = pMessage->pBuffers[token_idx].cbBuffer;
+    token_buffer.value  = pMessage->pBuffers[token_idx].pvBuffer;
+
+    ret = gss_verify_mic( &minor_status, ctxt_handle, &data_buffer, &token_buffer, NULL );
+    TRACE( "gss_verify_mic returned %08x minor status %08x\n", ret, minor_status );
+    if (ret == GSS_S_COMPLETE && pfQOP) *pfQOP = 0;
+
+    return status_gss_to_sspi( ret );
+#else
+    FIXME( "(%p %p %u %p)\n", phContext, pMessage, MessageSeqNo, pfQOP );
     return SEC_E_UNSUPPORTED_FUNCTION;
+#endif
 }
 
 /***********************************************************************
-- 
2.11.0


