Commit ce3f72ef authored by Hans Leidekker's avatar Hans Leidekker Committed by Alexandre Julliard

kerberos: Implement SpAcceptLsaModeContext.

parent 61086485
...@@ -186,6 +186,7 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag); ...@@ -186,6 +186,7 @@ WINE_DECLARE_DEBUG_CHANNEL(winediag);
static void *libgssapi_krb5_handle; static void *libgssapi_krb5_handle;
#define MAKE_FUNCPTR(f) static typeof(f) * p##f #define MAKE_FUNCPTR(f) static typeof(f) * p##f
MAKE_FUNCPTR(gss_accept_sec_context);
MAKE_FUNCPTR(gss_acquire_cred); MAKE_FUNCPTR(gss_acquire_cred);
MAKE_FUNCPTR(gss_delete_sec_context); MAKE_FUNCPTR(gss_delete_sec_context);
MAKE_FUNCPTR(gss_import_name); MAKE_FUNCPTR(gss_import_name);
...@@ -209,6 +210,7 @@ static BOOL load_gssapi_krb5(void) ...@@ -209,6 +210,7 @@ static BOOL load_gssapi_krb5(void)
goto fail; \ goto fail; \
} }
LOAD_FUNCPTR(gss_accept_sec_context)
LOAD_FUNCPTR(gss_acquire_cred) LOAD_FUNCPTR(gss_acquire_cred)
LOAD_FUNCPTR(gss_delete_sec_context) LOAD_FUNCPTR(gss_delete_sec_context)
LOAD_FUNCPTR(gss_import_name) LOAD_FUNCPTR(gss_import_name)
...@@ -336,6 +338,19 @@ static ULONG flags_gss_to_isc_ret( ULONG flags ) ...@@ -336,6 +338,19 @@ static ULONG flags_gss_to_isc_ret( ULONG flags )
return ret; return ret;
} }
static ULONG flags_gss_to_asc_ret( ULONG flags )
{
ULONG ret = 0;
if (flags & GSS_C_DELEG_FLAG) ret |= ASC_RET_DELEGATE;
if (flags & GSS_C_MUTUAL_FLAG) ret |= ASC_RET_MUTUAL_AUTH;
if (flags & GSS_C_REPLAY_FLAG) ret |= ASC_RET_REPLAY_DETECT;
if (flags & GSS_C_SEQUENCE_FLAG) ret |= ASC_RET_SEQUENCE_DETECT;
if (flags & GSS_C_CONF_FLAG) ret |= ASC_RET_CONFIDENTIALITY;
if (flags & GSS_C_INTEG_FLAG) ret |= ASC_RET_INTEGRITY;
if (flags & GSS_C_ANON_FLAG) ret |= ASC_RET_NULL_SESSION;
return ret;
}
static int get_buffer_index( SecBufferDesc *desc, DWORD type ) static int get_buffer_index( SecBufferDesc *desc, DWORD type )
{ {
UINT i; UINT i;
...@@ -483,6 +498,73 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, ...@@ -483,6 +498,73 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
#endif #endif
} }
static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context,
SecBufferDesc *input, ULONG context_req, ULONG target_data_rep, LSA_SEC_HANDLE *new_context,
SecBufferDesc *output, ULONG *context_attr, TimeStamp *ts_expiry, BOOLEAN *mapped_context, SecBuffer *context_data )
{
#ifdef SONAME_LIBGSSAPI_KRB5
OM_uint32 ret, minor_status, ret_flags, expiry_time;
gss_cred_id_t cred_handle;
gss_ctx_id_t ctxt_handle;
gss_buffer_desc input_token, output_token;
gss_name_t target = GSS_C_NO_NAME;
int idx;
TRACE( "(%lx %lx 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, context_req,
target_data_rep, input, new_context, output, context_attr, ts_expiry,
mapped_context, context_data );
if (context_req) FIXME( "ignoring flags 0x%08x\n", context_req );
if (!context && !input && !credential) return SEC_E_INVALID_HANDLE;
cred_handle = credhandle_sspi_to_gss( credential );
ctxt_handle = ctxthandle_sspi_to_gss( context );
if (!input) input_token.length = 0;
else
{
if ((idx = get_buffer_index( input, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
input_token.length = input->pBuffers[idx].cbBuffer;
input_token.value = input->pBuffers[idx].pvBuffer;
}
if ((idx = get_buffer_index( output, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
output_token.length = 0;
output_token.value = NULL;
ret = pgss_accept_sec_context( &minor_status, &ctxt_handle, cred_handle, &input_token, GSS_C_NO_CHANNEL_BINDINGS,
&target, NULL, &output_token, &ret_flags, &expiry_time, NULL );
TRACE( "gss_accept_sec_context returned %08x minor status %08x ctxt_handle %p\n", ret, minor_status, ctxt_handle );
if (ret == GSS_S_COMPLETE || ret == GSS_S_CONTINUE_NEEDED)
{
if (output_token.length > output->pBuffers[idx].cbBuffer) /* FIXME: check if larger buffer exists */
{
TRACE( "buffer too small %lu > %u\n", (SIZE_T)output_token.length, output->pBuffers[idx].cbBuffer );
pgss_release_buffer( &minor_status, &output_token );
pgss_delete_sec_context( &minor_status, &ctxt_handle, GSS_C_NO_BUFFER );
return SEC_E_BUFFER_TOO_SMALL;
}
output->pBuffers[idx].cbBuffer = output_token.length;
memcpy( output->pBuffers[idx].pvBuffer, output_token.value, output_token.length );
pgss_release_buffer( &minor_status, &output_token );
ctxthandle_gss_to_sspi( ctxt_handle, new_context );
if (context_attr) *context_attr = flags_gss_to_asc_ret( ret_flags );
expirytime_gss_to_sspi( expiry_time, ts_expiry );
}
/* we do support user mode SSP/AP functions */
*mapped_context = TRUE;
/* FIXME: initialize context_data */
return status_gss_to_sspi( ret );
#else
FIXME( "(%lx %lx 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, context_req,
target_data_rep, input, new_context, output, context_attr, ts_expiry,
mapped_context, context_data );
return SEC_E_UNSUPPORTED_FUNCTION;
#endif
}
static NTSTATUS NTAPI kerberos_SpInitialize(ULONG_PTR package_id, SECPKG_PARAMETERS *params, static NTSTATUS NTAPI kerberos_SpInitialize(ULONG_PTR package_id, SECPKG_PARAMETERS *params,
LSA_SECPKG_FUNCTION_TABLE *lsa_function_table) LSA_SECPKG_FUNCTION_TABLE *lsa_function_table)
{ {
...@@ -527,7 +609,7 @@ static SECPKG_FUNCTION_TABLE kerberos_table = ...@@ -527,7 +609,7 @@ static SECPKG_FUNCTION_TABLE kerberos_table =
NULL, /* GetCredentials */ NULL, /* GetCredentials */
NULL, /* DeleteCredentials */ NULL, /* DeleteCredentials */
kerberos_SpInitLsaModeContext, kerberos_SpInitLsaModeContext,
NULL, /* AcceptLsaModeContext */ kerberos_SpAcceptLsaModeContext,
NULL, /* DeleteContext */ NULL, /* DeleteContext */
NULL, /* ApplyControlToken */ NULL, /* ApplyControlToken */
NULL, /* GetUserInfo */ NULL, /* GetUserInfo */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment