kerberos: Use 64-bit integer for context handles.

Signed-off-by: Nikolay Sivov <nsivov@codeweavers.com>

kerberos: Use 64-bit integer for context handles.
0e6b7275 · Nikolay Sivov · Alexandre Julliard · 5c56d719 · 0e6b7275 · 0e6b7275
Commit 0e6b7275 authored May 28, 2022 by Nikolay Sivov Committed by Alexandre Julliard May 30, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 69 additions and 24 deletions

krb5_ap.c dlls/kerberos/krb5_ap.c +49 -10

unixlib.c dlls/kerberos/unixlib.c +6 -5

unixlib.h dlls/kerberos/unixlib.h +14 -9

No files found.
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -82,6 +82,24 @@ struct cred_handle
    UINT64 handle;
 };

+struct context_handle
+{
+    UINT64 handle;
+};
+
+static LSA_SEC_HANDLE create_context_handle( struct context_handle *ctx, UINT64 new_context )
+{
+    UINT64 context = ctx ? ctx->handle : 0;
+    if (new_context && new_context != context)
+    {
+        struct context_handle *new_ctx = malloc(sizeof(*new_ctx));
+        new_ctx->handle = new_context;
+        return (LSA_SEC_HANDLE)new_ctx;
+    }
+    else
+        return (LSA_SEC_HANDLE)ctx;
+}
+
 static const char *debugstr_us( const UNICODE_STRING *us )
 {
    if (!us) return "<null>";
@@ -370,14 +388,16 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, 
    else
    {
        struct cred_handle *cred_handle = (struct cred_handle *)credential;
+        struct context_handle *context_handle = (struct context_handle *)context;
        struct initialize_context_params params;
+        UINT64 new_context_handle = 0;

        params.credential = cred_handle ? cred_handle->handle : 0;
-        params.context = context;
+        params.context = context_handle ? context_handle->handle : 0;
        params.target_name = target;
        params.context_req = context_req;
        params.input = input;
-        params.new_context = new_context;
+        params.new_context = &new_context_handle;
        params.output = output;
        params.context_attr = context_attr;
        params.expiry = &exptime;
@@ -385,6 +405,7 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, 
        status = KRB5_CALL( initialize_context, &params );
        if (!status)
        {
+            *new_context = create_context_handle( context_handle, new_context_handle );
            *mapped_context = TRUE;
            expiry_to_timestamp( exptime, expiry );
        }
@@ -408,12 +429,14 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
    if (context || input || credential)
    {
        struct cred_handle *cred_handle = (struct cred_handle *)credential;
+        struct context_handle *context_handle = (struct context_handle *)context;
        struct accept_context_params params;
+        UINT64 new_context_handle = 0;

        params.credential = cred_handle ? cred_handle->handle : 0;
-        params.context = context;
+        params.context = context_handle ? context_handle->handle : 0;
        params.input = input;
-        params.new_context = new_context;
+        params.new_context = &new_context_handle;
        params.output = output;
        params.context_attr = context_attr;
        params.expiry = &exptime;
@@ -421,6 +444,7 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
        status = KRB5_CALL( accept_context, &params );
        if (!status)
        {
+            *new_context = create_context_handle( context_handle, new_context_handle );
            *mapped_context = TRUE;
            expiry_to_timestamp( exptime, expiry );
        }
@@ -431,9 +455,18 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential

 static NTSTATUS NTAPI kerberos_SpDeleteContext( LSA_SEC_HANDLE context )
 {
+    struct context_handle *context_handle = (void *)context;
+    struct delete_context_params params;
+    NTSTATUS status;
+
    TRACE( "%Ix\n", context );
+
    if (!context) return SEC_E_INVALID_HANDLE;
-    return KRB5_CALL( delete_context, (void *)context );
+
+    params.context = context_handle->handle;
+    status = KRB5_CALL( delete_context, &params );
+    free( context_handle );
+    return status;
 }

 static SecPkgInfoW *build_package_info( const SecPkgInfoW *info )
@@ -456,6 +489,8 @@ static SecPkgInfoW *build_package_info( const SecPkgInfoW *info )

 static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, ULONG attribute, void *buffer )
 {
+    struct context_handle *context_handle = (void *)context;
+
    TRACE( "%Ix, %lu, %p\n", context, attribute, buffer );

    if (!context) return SEC_E_INVALID_HANDLE;
@@ -477,7 +512,7 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
    X(SECPKG_ATTR_TARGET_INFORMATION);
    case SECPKG_ATTR_SIZES:
    {
-        struct query_context_attributes_params params = { context, attribute, buffer };
+        struct query_context_attributes_params params = { context_handle->handle, attribute, buffer };
        return KRB5_CALL( query_context_attributes, &params );
    }
    case SECPKG_ATTR_NEGOTIATION_INFO:
@@ -584,7 +619,8 @@ static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULON

    if (context)
    {
-        struct make_signature_params params = { context, message };
+        struct context_handle *context_handle = (void *)context;
+        struct make_signature_params params = { context_handle->handle, message };
        return KRB5_CALL( make_signature, &params );
    }
    else return SEC_E_INVALID_HANDLE;
@@ -598,7 +634,8 @@ static NTSTATUS NTAPI kerberos_SpVerifySignature( LSA_SEC_HANDLE context, SecBuf

    if (context)
    {
-        struct verify_signature_params params = { context, message, quality_of_protection };
+        struct context_handle *context_handle = (void *)context;
+        struct verify_signature_params params = { context_handle->handle, message, quality_of_protection };
        return KRB5_CALL( verify_signature, &params );
    }
    else return SEC_E_INVALID_HANDLE;
@@ -612,7 +649,8 @@ static NTSTATUS NTAPI kerberos_SpSealMessage( LSA_SEC_HANDLE context, ULONG qual

    if (context)
    {
-        struct seal_message_params params = { context, message, quality_of_protection };
+        struct context_handle *context_handle = (void *)context;
+        struct seal_message_params params = { context_handle->handle, message, quality_of_protection };
        return KRB5_CALL( seal_message, &params );
    }
    else return SEC_E_INVALID_HANDLE;
@@ -626,7 +664,8 @@ static NTSTATUS NTAPI kerberos_SpUnsealMessage( LSA_SEC_HANDLE context, SecBuffe

    if (context)
    {
-        struct unseal_message_params params = { context, message, quality_of_protection };
+        struct context_handle *context_handle = (void *)context;
+        struct unseal_message_params params = { context_handle->handle, message, quality_of_protection };
        return KRB5_CALL( unseal_message, &params );
    }
    else return SEC_E_INVALID_HANDLE;

--- a/dlls/kerberos/unixlib.c
+++ b/dlls/kerberos/unixlib.c
@@ -486,9 +486,9 @@ static void trace_gss_status( OM_uint32 major_status, OM_uint32 minor_status )
    }
 }

-static inline gss_ctx_id_t ctxhandle_sspi_to_gss( LSA_SEC_HANDLE handle )
+static inline gss_ctx_id_t ctxhandle_sspi_to_gss( UINT64 handle )
 {
-    return (gss_ctx_id_t)handle;
+    return (gss_ctx_id_t)(ULONG_PTR)handle;
 }

 static inline gss_cred_id_t credhandle_sspi_to_gss( UINT64 handle )
@@ -496,9 +496,9 @@ static inline gss_cred_id_t credhandle_sspi_to_gss( UINT64 handle )
    return (gss_cred_id_t)(ULONG_PTR)handle;
 }

-static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, LSA_SEC_HANDLE *ctx )
+static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, UINT64 *ctx )
 {
-    *ctx = (LSA_SEC_HANDLE)handle;
+    *ctx = (ULONG_PTR)handle;
 }

 static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, UINT64 *cred )
@@ -654,8 +654,9 @@ static NTSTATUS acquire_credentials_handle( void *args )

 static NTSTATUS delete_context( void *args )
 {
+    const struct delete_context_params *params = args;
    OM_uint32 ret, minor_status;
-    gss_ctx_id_t ctx_handle = ctxhandle_sspi_to_gss( (LSA_SEC_HANDLE)args );
+    gss_ctx_id_t ctx_handle = ctxhandle_sspi_to_gss( params->context );

    ret = pgss_delete_sec_context( &minor_status, &ctx_handle, GSS_C_NO_BUFFER );
    TRACE( "gss_delete_sec_context returned %#x minor status %#x\n", ret, minor_status );

--- a/dlls/kerberos/unixlib.h
+++ b/dlls/kerberos/unixlib.h
@@ -26,9 +26,9 @@
 struct accept_context_params
 {
    UINT64 credential;
-    LSA_SEC_HANDLE context;
+    UINT64 context;
    SecBufferDesc *input;
-    LSA_SEC_HANDLE *new_context;
+    UINT64 *new_context;
    SecBufferDesc *output;
    ULONG *context_attr;
    ULONG *expiry;
@@ -44,6 +44,11 @@ struct acquire_credentials_handle_params
    ULONG *expiry;
 };

+struct delete_context_params
+{
+    UINT64 context;
+};
+
 struct free_credentials_handle_params
 {
    UINT64 credential;
@@ -52,11 +57,11 @@ struct free_credentials_handle_params
 struct initialize_context_params
 {
    UINT64 credential;
-    LSA_SEC_HANDLE context;
+    UINT64 context;
    const char *target_name;
    ULONG context_req;
    SecBufferDesc *input;
-    LSA_SEC_HANDLE *new_context;
+    UINT64 *new_context;
    SecBufferDesc *output;
    ULONG *context_attr;
    ULONG *expiry;
@@ -64,13 +69,13 @@ struct initialize_context_params

 struct make_signature_params
 {
-    LSA_SEC_HANDLE context;
+    UINT64 context;
    SecBufferDesc *msg;
 };

 struct query_context_attributes_params
 {
-    LSA_SEC_HANDLE context;
+    UINT64 context;
    unsigned attr;
    void *buf;
 };
@@ -83,21 +88,21 @@ struct query_ticket_cache_params

 struct seal_message_params
 {
-    LSA_SEC_HANDLE context;
+    UINT64 context;
    SecBufferDesc *msg;
    unsigned qop;
 };

 struct unseal_message_params
 {
-    LSA_SEC_HANDLE context;
+    UINT64 context;
    SecBufferDesc *msg;
    ULONG *qop;
 };

 struct verify_signature_params
 {
-    LSA_SEC_HANDLE context;
+    UINT64 context;
    SecBufferDesc *msg;
    ULONG *qop;
 };