Commit b1c58098 authored by Alexandre Julliard's avatar Alexandre Julliard

kerberos: Move timestamp conversion to the PE side.

Restore expiry time dropped in 6e9a9d67, spotted by Dmitry Timoshkov. Signed-off-by: 's avatarAlexandre Julliard <julliard@winehq.org>
parent de53f568
...@@ -83,6 +83,17 @@ static const char *debugstr_us( const UNICODE_STRING *us ) ...@@ -83,6 +83,17 @@ static const char *debugstr_us( const UNICODE_STRING *us )
return debugstr_wn( us->Buffer, us->Length / sizeof(WCHAR) ); return debugstr_wn( us->Buffer, us->Length / sizeof(WCHAR) );
} }
static void expiry_to_timestamp( ULONG expiry, TimeStamp *timestamp )
{
LARGE_INTEGER time;
NtQuerySystemTime( &time );
RtlSystemTimeToLocalTime( &time, &time );
time.QuadPart += expiry * (ULONGLONG)10000000;
timestamp->LowPart = time.QuadPart;
timestamp->HighPart = time.QuadPart >> 32;
}
static NTSTATUS NTAPI kerberos_LsaApInitializePackage(ULONG package_id, PLSA_DISPATCH_TABLE dispatch, static NTSTATUS NTAPI kerberos_LsaApInitializePackage(ULONG package_id, PLSA_DISPATCH_TABLE dispatch,
PLSA_STRING database, PLSA_STRING confidentiality, PLSA_STRING *package_name) PLSA_STRING database, PLSA_STRING confidentiality, PLSA_STRING *package_name)
{ {
...@@ -267,6 +278,7 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle( ...@@ -267,6 +278,7 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
char *principal = NULL, *username = NULL, *password = NULL; char *principal = NULL, *username = NULL, *password = NULL;
SEC_WINNT_AUTH_IDENTITY_W *id = auth_data; SEC_WINNT_AUTH_IDENTITY_W *id = auth_data;
NTSTATUS status = SEC_E_INSUFFICIENT_MEMORY; NTSTATUS status = SEC_E_INSUFFICIENT_MEMORY;
ULONG exptime;
TRACE( "(%s 0x%08x %p %p %p %p %p %p)\n", debugstr_us(principal_us), credential_use, TRACE( "(%s 0x%08x %p %p %p %p %p %p)\n", debugstr_us(principal_us), credential_use,
logon_id, auth_data, get_key_fn, get_key_arg, credential, expiry ); logon_id, auth_data, get_key_fn, get_key_arg, credential, expiry );
...@@ -285,7 +297,9 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle( ...@@ -285,7 +297,9 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
} }
status = krb5_funcs->acquire_credentials_handle( principal, credential_use, username, password, credential, status = krb5_funcs->acquire_credentials_handle( principal, credential_use, username, password, credential,
expiry ); &exptime );
expiry_to_timestamp( exptime, expiry );
done: done:
free( principal ); free( principal );
free( username ); free( username );
...@@ -310,6 +324,7 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, ...@@ -310,6 +324,7 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
ISC_REQ_IDENTIFY | ISC_REQ_CONNECTION; ISC_REQ_IDENTIFY | ISC_REQ_CONNECTION;
char *target = NULL; char *target = NULL;
NTSTATUS status; NTSTATUS status;
ULONG exptime;
TRACE( "(%lx %lx %s 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, debugstr_us(target_name), TRACE( "(%lx %lx %s 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, debugstr_us(target_name),
context_req, target_data_rep, input, new_context, output, context_attr, expiry, context_req, target_data_rep, input, new_context, output, context_attr, expiry,
...@@ -320,8 +335,12 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, ...@@ -320,8 +335,12 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
if (target_name && !(target = get_str_unixcp( target_name ))) return SEC_E_INSUFFICIENT_MEMORY; if (target_name && !(target = get_str_unixcp( target_name ))) return SEC_E_INSUFFICIENT_MEMORY;
status = krb5_funcs->initialize_context( credential, context, target, context_req, input, new_context, output, status = krb5_funcs->initialize_context( credential, context, target, context_req, input, new_context, output,
context_attr, expiry ); context_attr, &exptime );
if (!status) *mapped_context = TRUE; if (!status)
{
*mapped_context = TRUE;
expiry_to_timestamp( exptime, expiry );
}
/* FIXME: initialize context_data */ /* FIXME: initialize context_data */
free( target ); free( target );
return status; return status;
...@@ -332,6 +351,7 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential ...@@ -332,6 +351,7 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry, BOOLEAN *mapped_context, SecBuffer *context_data ) SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry, BOOLEAN *mapped_context, SecBuffer *context_data )
{ {
NTSTATUS status; NTSTATUS status;
ULONG exptime;
TRACE( "(%lx %lx 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, context_req, target_data_rep, input, TRACE( "(%lx %lx 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, context_req, target_data_rep, input,
new_context, output, context_attr, expiry, mapped_context, context_data ); new_context, output, context_attr, expiry, mapped_context, context_data );
...@@ -339,8 +359,12 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential ...@@ -339,8 +359,12 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
if (!context && !input && !credential) return SEC_E_INVALID_HANDLE; if (!context && !input && !credential) return SEC_E_INVALID_HANDLE;
status = krb5_funcs->accept_context( credential, context, input, new_context, output, context_attr, expiry ); status = krb5_funcs->accept_context( credential, context, input, new_context, output, context_attr, &exptime );
if (!status) *mapped_context = TRUE; if (!status)
{
*mapped_context = TRUE;
expiry_to_timestamp( exptime, expiry );
}
/* FIXME: initialize context_data */ /* FIXME: initialize context_data */
return status; return status;
} }
......
...@@ -505,16 +505,6 @@ static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, LSA_SEC_HANDLE ...@@ -505,16 +505,6 @@ static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, LSA_SEC_HANDLE
*cred = (LSA_SEC_HANDLE)handle; *cred = (LSA_SEC_HANDLE)handle;
} }
static void expirytime_gss_to_sspi( OM_uint32 expirytime, TimeStamp *timestamp )
{
LARGE_INTEGER time;
NtQuerySystemTime( &time );
RtlSystemTimeToLocalTime( &time, &time );
timestamp->LowPart = time.QuadPart;
timestamp->HighPart = time.QuadPart >> 32;
}
static ULONG flags_gss_to_asc_ret( ULONG flags ) static ULONG flags_gss_to_asc_ret( ULONG flags )
{ {
ULONG ret = 0; ULONG ret = 0;
...@@ -532,7 +522,7 @@ static ULONG flags_gss_to_asc_ret( ULONG flags ) ...@@ -532,7 +522,7 @@ static ULONG flags_gss_to_asc_ret( ULONG flags )
static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, SecBufferDesc *input, static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, SecBufferDesc *input,
LSA_SEC_HANDLE *new_context, SecBufferDesc *output, ULONG *context_attr, LSA_SEC_HANDLE *new_context, SecBufferDesc *output, ULONG *context_attr,
TimeStamp *expiry ) ULONG *expiry )
{ {
OM_uint32 ret, minor_status, ret_flags = 0, expiry_time; OM_uint32 ret, minor_status, ret_flags = 0, expiry_time;
gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential ); gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential );
...@@ -571,7 +561,7 @@ static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE ...@@ -571,7 +561,7 @@ static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE
ctxhandle_gss_to_sspi( ctx_handle, new_context ); ctxhandle_gss_to_sspi( ctx_handle, new_context );
if (context_attr) *context_attr = flags_gss_to_asc_ret( ret_flags ); if (context_attr) *context_attr = flags_gss_to_asc_ret( ret_flags );
expirytime_gss_to_sspi( expiry_time, expiry ); *expiry = expiry_time;
} }
return status_gss_to_sspi( ret ); return status_gss_to_sspi( ret );
...@@ -621,7 +611,7 @@ static NTSTATUS import_name( const char *src, gss_name_t *dst ) ...@@ -621,7 +611,7 @@ static NTSTATUS import_name( const char *src, gss_name_t *dst )
} }
static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG credential_use, const char *username, static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG credential_use, const char *username,
const char *password, LSA_SEC_HANDLE *credential, TimeStamp *expiry ) const char *password, LSA_SEC_HANDLE *credential, ULONG *expiry )
{ {
OM_uint32 ret, minor_status, expiry_time; OM_uint32 ret, minor_status, expiry_time;
gss_name_t name = GSS_C_NO_NAME; gss_name_t name = GSS_C_NO_NAME;
...@@ -654,7 +644,7 @@ static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG c ...@@ -654,7 +644,7 @@ static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG c
if (ret == GSS_S_COMPLETE) if (ret == GSS_S_COMPLETE)
{ {
credhandle_gss_to_sspi( cred_handle, credential ); credhandle_gss_to_sspi( cred_handle, credential );
expirytime_gss_to_sspi( expiry_time, expiry ); *expiry = expiry_time;
} }
if (name != GSS_C_NO_NAME) pgss_release_name( &minor_status, &name ); if (name != GSS_C_NO_NAME) pgss_release_name( &minor_status, &name );
...@@ -715,7 +705,7 @@ static ULONG flags_gss_to_isc_ret( ULONG flags ) ...@@ -715,7 +705,7 @@ static ULONG flags_gss_to_isc_ret( ULONG flags )
static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, const char *target_name, static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, const char *target_name,
ULONG context_req, SecBufferDesc *input, LSA_SEC_HANDLE *new_context, ULONG context_req, SecBufferDesc *input, LSA_SEC_HANDLE *new_context,
SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry ) SecBufferDesc *output, ULONG *context_attr, ULONG *expiry )
{ {
OM_uint32 ret, minor_status, ret_flags = 0, expiry_time, req_flags = flags_isc_req_to_gss( context_req ); OM_uint32 ret, minor_status, ret_flags = 0, expiry_time, req_flags = flags_isc_req_to_gss( context_req );
gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential ); gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential );
...@@ -758,7 +748,7 @@ static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HAN ...@@ -758,7 +748,7 @@ static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HAN
ctxhandle_gss_to_sspi( ctx_handle, new_context ); ctxhandle_gss_to_sspi( ctx_handle, new_context );
if (context_attr) *context_attr = flags_gss_to_isc_ret( ret_flags ); if (context_attr) *context_attr = flags_gss_to_isc_ret( ret_flags );
expirytime_gss_to_sspi( expiry_time, expiry ); *expiry = expiry_time;
} }
if (target != GSS_C_NO_NAME) pgss_release_name( &minor_status, &target ); if (target != GSS_C_NO_NAME) pgss_release_name( &minor_status, &target );
......
...@@ -24,13 +24,13 @@ ...@@ -24,13 +24,13 @@
struct krb5_funcs struct krb5_funcs
{ {
NTSTATUS (CDECL *accept_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, SecBufferDesc *, LSA_SEC_HANDLE *, NTSTATUS (CDECL *accept_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, SecBufferDesc *, LSA_SEC_HANDLE *,
SecBufferDesc *, ULONG *, TimeStamp *); SecBufferDesc *, ULONG *, ULONG *);
NTSTATUS (CDECL *acquire_credentials_handle)(const char *, ULONG, const char *, const char *, LSA_SEC_HANDLE *, NTSTATUS (CDECL *acquire_credentials_handle)(const char *, ULONG, const char *, const char *, LSA_SEC_HANDLE *,
TimeStamp *); ULONG *);
NTSTATUS (CDECL *delete_context)(LSA_SEC_HANDLE); NTSTATUS (CDECL *delete_context)(LSA_SEC_HANDLE);
NTSTATUS (CDECL *free_credentials_handle)(LSA_SEC_HANDLE); NTSTATUS (CDECL *free_credentials_handle)(LSA_SEC_HANDLE);
NTSTATUS (CDECL *initialize_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, const char *, ULONG, SecBufferDesc *, NTSTATUS (CDECL *initialize_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, const char *, ULONG, SecBufferDesc *,
LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, TimeStamp *); LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, ULONG *);
NTSTATUS (CDECL *make_signature)(LSA_SEC_HANDLE, SecBufferDesc *); NTSTATUS (CDECL *make_signature)(LSA_SEC_HANDLE, SecBufferDesc *);
NTSTATUS (CDECL *query_context_attributes)(LSA_SEC_HANDLE, ULONG, void *); NTSTATUS (CDECL *query_context_attributes)(LSA_SEC_HANDLE, ULONG, void *);
NTSTATUS (CDECL *query_ticket_cache)( KERB_QUERY_TKT_CACHE_RESPONSE *resp, ULONG *out_size ); NTSTATUS (CDECL *query_ticket_cache)( KERB_QUERY_TKT_CACHE_RESPONSE *resp, ULONG *out_size );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment