rpcrt4: Retrieve the maximum token length from the security provider rather than…

dlls/rpcrt4/rpc_binding.c

@@ -967,7 +967,9 @@ RPC_STATUS WINAPI RpcRevertToSelfEx(RPC_BINDING_HANDLE BindingHandle)
     return RPC_S_OK;
 }
 
-static RPC_STATUS RpcAuthInfo_Create(ULONG AuthnLevel, ULONG AuthnSvc, CredHandle cred, TimeStamp exp, RpcAuthInfo **ret)
+static RPC_STATUS RpcAuthInfo_Create(ULONG AuthnLevel, ULONG AuthnSvc,
+                                     CredHandle cred, TimeStamp exp,
+                                     ULONG cbMaxToken, RpcAuthInfo **ret)
 {
     RpcAuthInfo *AuthInfo = HeapAlloc(GetProcessHeap(), 0, sizeof(*AuthInfo));
     if (!AuthInfo)
@@ -978,6 +980,7 @@ static RPC_STATUS RpcAuthInfo_Create(ULONG AuthnLevel, ULONG AuthnSvc, CredHandl
     AuthInfo->AuthnSvc = AuthnSvc;
     AuthInfo->cred = cred;
     AuthInfo->exp = exp;
+    AuthInfo->cbMaxToken = cbMaxToken;
     *ret = AuthInfo;
     return RPC_S_OK;
 }
@@ -1225,6 +1228,7 @@ RpcBindingSetAuthInfoExA( RPC_BINDING_HANDLE Binding, RPC_CSTR ServerPrincName,
   ULONG package_count;
   ULONG i;
   PSecPkgInfoA packages;
+  ULONG cbMaxToken;
 
   TRACE("%p %s %u %u %p %u %p\n", Binding, debugstr_a((const char*)ServerPrincName),
         AuthnLevel, AuthnSvc, AuthIdentity, AuthzSvr, SecurityQos);
@@ -1306,12 +1310,14 @@ RpcBindingSetAuthInfoExA( RPC_BINDING_HANDLE Binding, RPC_CSTR ServerPrincName,
   TRACE("found package %s for service %u\n", packages[i].Name, AuthnSvc);
   r = AcquireCredentialsHandleA((SEC_CHAR *)ServerPrincName, packages[i].Name, SECPKG_CRED_OUTBOUND, NULL,
                                 AuthIdentity, NULL, NULL, &cred, &exp);
+  cbMaxToken = packages[i].cbMaxToken;
   FreeContextBuffer(packages);
   if (r == ERROR_SUCCESS)
   {
     if (bind->AuthInfo) RpcAuthInfo_Release(bind->AuthInfo);
     bind->AuthInfo = NULL;
-    r = RpcAuthInfo_Create(AuthnLevel, AuthnSvc, cred, exp, &bind->AuthInfo);
+    r = RpcAuthInfo_Create(AuthnLevel, AuthnSvc, cred, exp, cbMaxToken,
+                           &bind->AuthInfo);
     if (r != RPC_S_OK)
       FreeCredentialsHandle(&cred);
     return RPC_S_OK;
@@ -1338,6 +1344,7 @@ RpcBindingSetAuthInfoExW( RPC_BINDING_HANDLE Binding, RPC_WSTR ServerPrincName,
   ULONG package_count;
   ULONG i;
   PSecPkgInfoW packages;
+  ULONG cbMaxToken;
 
   TRACE("%p %s %u %u %p %u %p\n", Binding, debugstr_w((const WCHAR*)ServerPrincName),
         AuthnLevel, AuthnSvc, AuthIdentity, AuthzSvr, SecurityQos);
@@ -1419,12 +1426,14 @@ RpcBindingSetAuthInfoExW( RPC_BINDING_HANDLE Binding, RPC_WSTR ServerPrincName,
   TRACE("found package %s for service %u\n", debugstr_w(packages[i].Name), AuthnSvc);
   r = AcquireCredentialsHandleW((SEC_WCHAR *)ServerPrincName, packages[i].Name, SECPKG_CRED_OUTBOUND, NULL,
                                 AuthIdentity, NULL, NULL, &cred, &exp);
+  cbMaxToken = packages[i].cbMaxToken;
   FreeContextBuffer(packages);
   if (r == ERROR_SUCCESS)
   {
     if (bind->AuthInfo) RpcAuthInfo_Release(bind->AuthInfo);
     bind->AuthInfo = NULL;
-    r = RpcAuthInfo_Create(AuthnLevel, AuthnSvc, cred, exp, &bind->AuthInfo);
+    r = RpcAuthInfo_Create(AuthnLevel, AuthnSvc, cred, exp, cbMaxToken,
+                           &bind->AuthInfo);
     if (r != RPC_S_OK)
       FreeCredentialsHandle(&cred);
     return RPC_S_OK;

dlls/rpcrt4/rpc_binding.h

@@ -30,10 +30,11 @@ typedef struct _RpcAuthInfo
 {
   LONG refs;
 
-  unsigned long AuthnLevel;
-  unsigned long AuthnSvc;
+  ULONG AuthnLevel;
+  ULONG AuthnSvc;
   CredHandle cred;
   TimeStamp exp;
+  ULONG cbMaxToken;
 } RpcAuthInfo;
 
 typedef struct _RpcQualityOfService

dlls/rpcrt4/rpc_message.c

@@ -474,10 +474,10 @@ static void RPCRT4_AuthNegotiate(RpcConnection *conn, SecBuffer *out)
   else if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
     context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
 
-  buffer = HeapAlloc(GetProcessHeap(), 0, 0x100);
+  buffer = HeapAlloc(GetProcessHeap(), 0, conn->AuthInfo->cbMaxToken);
 
   out->BufferType = SECBUFFER_TOKEN;
-  out->cbBuffer = 0x100;
+  out->cbBuffer = conn->AuthInfo->cbMaxToken;
   out->pvBuffer = buffer;
 
   out_desc.ulVersion = 0;
@@ -503,7 +503,6 @@ static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
   SecBufferDesc inp_desc, out_desc;
   SecBuffer inp, out;
   SECURITY_STATUS r;
-  unsigned char buffer[0x100];
   RpcPktHdr *resp_hdr;
   RPC_STATUS status;
   ULONG context_req = ISC_REQ_CONNECTION | ISC_REQ_USE_DCE_STYLE |
@@ -517,8 +516,8 @@ static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
     context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
 
   out.BufferType = SECBUFFER_TOKEN;
-  out.cbBuffer = sizeof buffer;
-  out.pvBuffer = buffer;
+  out.cbBuffer = conn->AuthInfo->cbMaxToken;
+  out.pvBuffer = HeapAlloc(GetProcessHeap(), 0, out.cbBuffer);
 
   out_desc.ulVersion = 0;
   out_desc.cBuffers = 1;
@@ -537,6 +536,7 @@ static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
         &inp_desc, 0, &conn->ctx, &out_desc, &conn->attr, &conn->exp);
   if (r)
   {
+    HeapFree(GetProcessHeap(), 0, out.pvBuffer);
     WARN("InitializeSecurityContext failed with error 0x%08x\n", r);
     return ERROR_ACCESS_DENIED;
   }
@@ -547,6 +547,7 @@ static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
 
   status = RPCRT4_SendAuth(conn, resp_hdr, NULL, 0, out.pvBuffer, out.cbBuffer);
 
+  HeapFree(GetProcessHeap(), 0, out.pvBuffer);
   RPCRT4_FreeHeader(resp_hdr);
 
   return status;