[09/10] secur32: Implement DecryptMessage for Kerberos.

Hans Leidekker hans at codeweavers.com
Mon Oct 23 04:09:24 CDT 2017 

Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
 dlls/secur32/kerberos.c | 46 ++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/dlls/secur32/kerberos.c b/dlls/secur32/kerberos.c
index dbc7cc360c..6180830653 100644
--- a/dlls/secur32/kerberos.c
+++ b/dlls/secur32/kerberos.c
@@ -56,6 +56,7 @@ MAKE_FUNCPTR(gss_release_buffer);
 MAKE_FUNCPTR(gss_release_cred);
 MAKE_FUNCPTR(gss_release_iov_buffer);
 MAKE_FUNCPTR(gss_release_name);
+MAKE_FUNCPTR(gss_unwrap_iov);
 MAKE_FUNCPTR(gss_verify_mic);
 MAKE_FUNCPTR(gss_wrap_iov);
 #undef MAKE_FUNCPTR
@@ -85,6 +86,7 @@ static BOOL load_gssapi_krb5(void)
     LOAD_FUNCPTR(gss_release_cred)
     LOAD_FUNCPTR(gss_release_iov_buffer)
     LOAD_FUNCPTR(gss_release_name)
+    LOAD_FUNCPTR(gss_unwrap_iov)
     LOAD_FUNCPTR(gss_verify_mic)
     LOAD_FUNCPTR(gss_wrap_iov)
 #undef LOAD_FUNCPTR
@@ -801,10 +803,50 @@ static SECURITY_STATUS SEC_ENTRY kerberos_EncryptMessage( CtxtHandle *phContext,
 /***********************************************************************
  *             DecryptMessage
  */
-static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage(CtxtHandle *phContext, SecBufferDesc *pMessage, ULONG MessageSeqNo, PULONG pfQOP)
+static SECURITY_STATUS SEC_ENTRY kerberos_DecryptMessage( CtxtHandle *phContext, SecBufferDesc *pMessage,
+    ULONG MessageSeqNo, ULONG *pfQOP )
 {
-    FIXME("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
+#ifdef SONAME_LIBGSSAPI_KRB5
+    gss_ctx_id_t ctxt_handle;
+    gss_iov_buffer_desc iov[4];
+    OM_uint32 ret, minor_status;
+    int token_idx, data_idx, conf_state;
+
+    TRACE( "(%p %p %u %p)\n", phContext, pMessage, MessageSeqNo, pfQOP );
+    if (MessageSeqNo) FIXME( "ignoring MessageSeqNo\n" );
+
+    if (!phContext) return SEC_E_INVALID_HANDLE;
+    ctxt_handle = ctxthandle_sspi_to_gss( phContext );
+
+    if ((data_idx = get_buffer_index( pMessage, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN;
+    if ((token_idx = get_buffer_index( pMessage, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
+
+    iov[0].type          = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    iov[0].buffer.length = 0;
+    iov[0].buffer.value  = NULL;
+
+    iov[1].type          = GSS_IOV_BUFFER_TYPE_DATA;
+    iov[1].buffer.length = pMessage->pBuffers[data_idx].cbBuffer;
+    iov[1].buffer.value  = pMessage->pBuffers[data_idx].pvBuffer;
+
+    iov[2].type          = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
+    iov[2].buffer.length = 0;
+    iov[2].buffer.value  = NULL;
+
+    iov[3].type          = GSS_IOV_BUFFER_TYPE_HEADER;
+    iov[3].buffer.length = pMessage->pBuffers[token_idx].cbBuffer;
+    iov[3].buffer.value  = pMessage->pBuffers[token_idx].pvBuffer;
+
+    ret = pgss_unwrap_iov( &minor_status, ctxt_handle, &conf_state, NULL, iov, 4 );
+    TRACE( "gss_unwrap_iov returned %08x minor status %08x\n", ret, minor_status );
+    if (ret == GSS_S_COMPLETE && pfQOP) *pfQOP = (conf_state ? 0 : SECQOP_WRAP_NO_ENCRYPT);
+
+    return status_gss_to_sspi( ret );
+
+#else
+    FIXME( "(%p %p %u %p)\n", phContext, pMessage, MessageSeqNo, pfQOP );
     return SEC_E_UNSUPPORTED_FUNCTION;
+#endif
 }
 
 static const SecurityFunctionTableA kerberosTableA = {
-- 
2.11.0

More information about the wine-patches mailing list