[08/10] secur32: Implement EncryptMessage for Kerberos.
Hans Leidekker
hans at codeweavers.com
Mon Oct 23 04:09:23 CDT 2017
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
dlls/secur32/kerberos.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 57 insertions(+), 2 deletions(-)
diff --git a/dlls/secur32/kerberos.c b/dlls/secur32/kerberos.c
index 8f179eeb08..dbc7cc360c 100644
--- a/dlls/secur32/kerberos.c
+++ b/dlls/secur32/kerberos.c
@@ -54,8 +54,10 @@ MAKE_FUNCPTR(gss_import_name);
MAKE_FUNCPTR(gss_init_sec_context);
MAKE_FUNCPTR(gss_release_buffer);
MAKE_FUNCPTR(gss_release_cred);
+MAKE_FUNCPTR(gss_release_iov_buffer);
MAKE_FUNCPTR(gss_release_name);
MAKE_FUNCPTR(gss_verify_mic);
+MAKE_FUNCPTR(gss_wrap_iov);
#undef MAKE_FUNCPTR
static BOOL load_gssapi_krb5(void)
@@ -81,8 +83,10 @@ static BOOL load_gssapi_krb5(void)
LOAD_FUNCPTR(gss_init_sec_context)
LOAD_FUNCPTR(gss_release_buffer)
LOAD_FUNCPTR(gss_release_cred)
+ LOAD_FUNCPTR(gss_release_iov_buffer)
LOAD_FUNCPTR(gss_release_name)
LOAD_FUNCPTR(gss_verify_mic)
+ LOAD_FUNCPTR(gss_wrap_iov)
#undef LOAD_FUNCPTR
return TRUE;
@@ -737,10 +741,61 @@ static SECURITY_STATUS SEC_ENTRY kerberos_FreeCredentialsHandle( CredHandle *phC
/***********************************************************************
* EncryptMessage
*/
-static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage(CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage, ULONG MessageSeqNo)
+static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage( CtxtHandle *phContext, ULONG fQOP, SecBufferDesc *pMessage,
+ ULONG MessageSeqNo )
{
- FIXME("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
+#ifdef SONAME_LIBGSSAPI_KRB5
+ gss_ctx_id_t ctxt_handle;
+ gss_iov_buffer_desc iov[4];
+ OM_uint32 ret, minor_status;
+ int token_idx, data_idx, conf_state;
+
+ TRACE("(%p %u %p %u)\n", phContext, fQOP, pMessage, MessageSeqNo);
+ if (fQOP)
+ {
+ FIXME( "flags %08x not supported\n", fQOP );
+ return SEC_E_UNSUPPORTED_FUNCTION;
+ }
+ if (MessageSeqNo) FIXME( "ignoring MessageSeqNo\n" );
+
+ if (!phContext) return SEC_E_INVALID_HANDLE;
+ ctxt_handle = ctxthandle_sspi_to_gss( phContext );
+
+ /* FIXME: multiple data buffers, read-only buffers */
+ if ((data_idx = get_buffer_index( pMessage, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN;
+ if ((token_idx = get_buffer_index( pMessage, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
+
+ iov[0].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+ iov[0].buffer.length = 0;
+ iov[0].buffer.value = NULL;
+
+ iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
+ iov[1].buffer.length = pMessage->pBuffers[data_idx].cbBuffer;
+ iov[1].buffer.value = pMessage->pBuffers[data_idx].pvBuffer;
+
+ iov[2].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+ iov[2].buffer.length = 0;
+ iov[2].buffer.value = NULL;
+
+ iov[3].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+ iov[3].buffer.length = 0;
+ iov[3].buffer.value = NULL;
+
+ ret = pgss_wrap_iov( &minor_status, ctxt_handle, 1, GSS_C_QOP_DEFAULT, &conf_state, iov, 4 );
+ TRACE( "gss_wrap_iov returned %08x minor status %08x\n", ret, minor_status );
+ if (ret == GSS_S_COMPLETE)
+ {
+ memcpy( pMessage->pBuffers[token_idx].pvBuffer, iov[3].buffer.value, iov[3].buffer.length );
+ pMessage->pBuffers[token_idx].cbBuffer = iov[3].buffer.length;
+ pgss_release_iov_buffer( &minor_status, iov, 4 );
+ }
+
+ return status_gss_to_sspi( ret );
+
+#else
+ FIXME("(%p %u %p %u)\n", phContext, fQOP, pMessage, MessageSeqNo);
return SEC_E_UNSUPPORTED_FUNCTION;
+#endif
}
/***********************************************************************
--
2.11.0
More information about the wine-patches
mailing list