kerberos: Pass input/output buffers directly for initialize_context() call.

Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

kerberos: Pass input/output buffers directly for initialize_context() call.
6c1cea2a · Nikolay Sivov · Alexandre Julliard · a9ba0b33 · 6c1cea2a · 6c1cea2a
Commit 6c1cea2a authored May 28, 2022 by Nikolay Sivov Committed by Alexandre Julliard May 30, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 30 deletions

krb5_ap.c dlls/kerberos/krb5_ap.c +13 -3

unixlib.c dlls/kerberos/unixlib.c +6 -25

unixlib.h dlls/kerberos/unixlib.h +4 -2

No files found.
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -400,19 +400,29 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, 
    {
        struct cred_handle *cred_handle = (struct cred_handle *)credential;
        struct context_handle *context_handle = (struct context_handle *)context;
-        struct initialize_context_params params;
+        struct initialize_context_params params = { 0 };
        UINT64 new_context_handle = 0;
+        int idx;

        params.credential = cred_handle ? cred_handle->handle : 0;
        params.context = context_handle ? context_handle->handle : 0;
        params.target_name = target;
        params.context_req = context_req;
-        params.input = input;
        params.new_context = &new_context_handle;
-        params.output = output;
        params.context_attr = context_attr;
        params.expiry = &exptime;

+        idx = get_buffer_index( input, SECBUFFER_TOKEN );
+        if (idx != -1)
+        {
+            params.input_token = input->pBuffers[idx].pvBuffer;
+            params.input_token_length = input->pBuffers[idx].cbBuffer;
+        }
+
+        if ((idx = get_buffer_index( output, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
+        params.output_token = output->pBuffers[idx].pvBuffer;
+        params.output_token_length = &output->pBuffers[idx].cbBuffer;
+
        status = KRB5_CALL( initialize_context, &params );
        if (!status)
        {

--- a/dlls/kerberos/unixlib.c
+++ b/dlls/kerberos/unixlib.c
@@ -419,17 +419,6 @@ static BOOL is_dce_style_context( gss_ctx_id_t ctx )
    return (ret == GSS_S_COMPLETE && (flags & GSS_C_DCE_STYLE));
 }

-static int get_buffer_index( SecBufferDesc *desc, DWORD type )
-{
-    UINT i;
-    if (!desc) return -1;
-    for (i = 0; i < desc->cBuffers; i++)
-    {
-        if (desc->pBuffers[i].BufferType == type) return i;
-    }
-    return -1;
-}
-
 static NTSTATUS status_gss_to_sspi( OM_uint32 status )
 {
    switch (status)
@@ -707,16 +696,9 @@ static NTSTATUS initialize_context( void *args )
    gss_buffer_desc input_token, output_token;
    gss_name_t target = GSS_C_NO_NAME;
    NTSTATUS status;
-    int idx;

-    if ((idx = get_buffer_index( params->input, SECBUFFER_TOKEN )) == -1) input_token.length = 0;
-    else
-    {
-        input_token.length = params->input->pBuffers[idx].cbBuffer;
-        input_token.value  = params->input->pBuffers[idx].pvBuffer;
-    }
-
-    if ((idx = get_buffer_index( params->output, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
+    input_token.length = params->input_token_length;
+    input_token.value  = params->input_token;
    output_token.length = 0;
    output_token.value  = NULL;

@@ -729,16 +711,15 @@ static NTSTATUS initialize_context( void *args )
    if (GSS_ERROR( ret )) trace_gss_status( ret, minor_status );
    if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED)
    {
-        if (output_token.length > params->output->pBuffers[idx].cbBuffer) /* FIXME: check if larger buffer exists */
+        if (output_token.length > *params->output_token_length) /* FIXME: check if larger buffer exists */
        {
-            TRACE( "buffer too small %lu > %u\n",
-                   (SIZE_T)output_token.length, (unsigned int)params->output->pBuffers[idx].cbBuffer );
+            TRACE( "buffer too small %lu > %u\n", (SIZE_T)output_token.length, (unsigned int)*params->output_token_length);
            pgss_release_buffer( &minor_status, &output_token );
            pgss_delete_sec_context( &minor_status, &ctx_handle, GSS_C_NO_BUFFER );
            return SEC_E_INCOMPLETE_MESSAGE;
        }
-        params->output->pBuffers[idx].cbBuffer = output_token.length;
-        memcpy( params->output->pBuffers[idx].pvBuffer, output_token.value, output_token.length );
+        *params->output_token_length = output_token.length;
+        memcpy( params->output_token, output_token.value, output_token.length );
        pgss_release_buffer( &minor_status, &output_token );

        ctxhandle_gss_to_sspi( ctx_handle, params->new_context );

--- a/dlls/kerberos/unixlib.h
+++ b/dlls/kerberos/unixlib.h
@@ -62,9 +62,11 @@ struct initialize_context_params
    UINT64 context;
    const char *target_name;
    ULONG context_req;
-    SecBufferDesc *input;
+    BYTE *input_token;
+    ULONG input_token_length;
+    BYTE *output_token;
+    ULONG *output_token_length;
    UINT64 *new_context;
-    SecBufferDesc *output;
    ULONG *context_attr;
    ULONG *expiry;
 };