Commit 5c56d719 authored by Nikolay Sivov's avatar Nikolay Sivov Committed by Alexandre Julliard

kerberos: Use 64-bit integer for credential handles.

parent 948e2f65
...@@ -77,6 +77,11 @@ static const SecPkgInfoW infoW = ...@@ -77,6 +77,11 @@ static const SecPkgInfoW infoW =
static ULONG kerberos_package_id; static ULONG kerberos_package_id;
static LSA_DISPATCH_TABLE lsa_dispatch; static LSA_DISPATCH_TABLE lsa_dispatch;
struct cred_handle
{
UINT64 handle;
};
static const char *debugstr_us( const UNICODE_STRING *us ) static const char *debugstr_us( const UNICODE_STRING *us )
{ {
if (!us) return "<null>"; if (!us) return "<null>";
...@@ -285,6 +290,7 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle( ...@@ -285,6 +290,7 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
char *principal = NULL, *username = NULL, *password = NULL; char *principal = NULL, *username = NULL, *password = NULL;
SEC_WINNT_AUTH_IDENTITY_W *id = auth_data; SEC_WINNT_AUTH_IDENTITY_W *id = auth_data;
NTSTATUS status = SEC_E_INSUFFICIENT_MEMORY; NTSTATUS status = SEC_E_INSUFFICIENT_MEMORY;
struct cred_handle *cred_handle;
ULONG exptime; ULONG exptime;
TRACE( "%s, %#lx, %p, %p, %p, %p, %p, %p\n", debugstr_us(principal_us), credential_use, TRACE( "%s, %#lx, %p, %p, %p, %p, %p, %p\n", debugstr_us(principal_us), credential_use,
...@@ -303,10 +309,19 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle( ...@@ -303,10 +309,19 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
if (!(password = get_password_unixcp( id->Password, id->PasswordLength ))) goto done; if (!(password = get_password_unixcp( id->Password, id->PasswordLength ))) goto done;
} }
if (!(cred_handle = calloc( 1, sizeof(*cred_handle) )))
{
status = SEC_E_INSUFFICIENT_MEMORY;
goto done;
}
{ {
struct acquire_credentials_handle_params params = { principal, credential_use, username, password, struct acquire_credentials_handle_params params = { principal, credential_use, username, password,
credential, &exptime }; &cred_handle->handle, &exptime };
status = KRB5_CALL( acquire_credentials_handle, &params ); if (!(status = KRB5_CALL( acquire_credentials_handle, &params )))
*credential = (LSA_SEC_HANDLE)cred_handle;
else
free( cred_handle );
expiry_to_timestamp( exptime, expiry ); expiry_to_timestamp( exptime, expiry );
} }
...@@ -319,9 +334,18 @@ done: ...@@ -319,9 +334,18 @@ done:
static NTSTATUS NTAPI kerberos_SpFreeCredentialsHandle( LSA_SEC_HANDLE credential ) static NTSTATUS NTAPI kerberos_SpFreeCredentialsHandle( LSA_SEC_HANDLE credential )
{ {
struct cred_handle *cred_handle = (void *)credential;
struct free_credentials_handle_params params;
NTSTATUS status;
TRACE( "%Ix\n", credential ); TRACE( "%Ix\n", credential );
if (!credential) return SEC_E_INVALID_HANDLE;
return KRB5_CALL( free_credentials_handle, (void *)credential ); if (!cred_handle) return SEC_E_INVALID_HANDLE;
params.credential = cred_handle->handle;
status = KRB5_CALL( free_credentials_handle, &params );
free(cred_handle);
return status;
} }
static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context,
...@@ -345,8 +369,19 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, ...@@ -345,8 +369,19 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
if (target_name && !(target = get_str_unixcp( target_name ))) return SEC_E_INSUFFICIENT_MEMORY; if (target_name && !(target = get_str_unixcp( target_name ))) return SEC_E_INSUFFICIENT_MEMORY;
else else
{ {
struct initialize_context_params params = { credential, context, target, context_req, input, struct cred_handle *cred_handle = (struct cred_handle *)credential;
new_context, output, context_attr, &exptime }; struct initialize_context_params params;
params.credential = cred_handle ? cred_handle->handle : 0;
params.context = context;
params.target_name = target;
params.context_req = context_req;
params.input = input;
params.new_context = new_context;
params.output = output;
params.context_attr = context_attr;
params.expiry = &exptime;
status = KRB5_CALL( initialize_context, &params ); status = KRB5_CALL( initialize_context, &params );
if (!status) if (!status)
{ {
...@@ -372,7 +407,17 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential ...@@ -372,7 +407,17 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
if (context || input || credential) if (context || input || credential)
{ {
struct accept_context_params params = { credential, context, input, new_context, output, context_attr, &exptime }; struct cred_handle *cred_handle = (struct cred_handle *)credential;
struct accept_context_params params;
params.credential = cred_handle ? cred_handle->handle : 0;
params.context = context;
params.input = input;
params.new_context = new_context;
params.output = output;
params.context_attr = context_attr;
params.expiry = &exptime;
status = KRB5_CALL( accept_context, &params ); status = KRB5_CALL( accept_context, &params );
if (!status) if (!status)
{ {
......
...@@ -491,9 +491,9 @@ static inline gss_ctx_id_t ctxhandle_sspi_to_gss( LSA_SEC_HANDLE handle ) ...@@ -491,9 +491,9 @@ static inline gss_ctx_id_t ctxhandle_sspi_to_gss( LSA_SEC_HANDLE handle )
return (gss_ctx_id_t)handle; return (gss_ctx_id_t)handle;
} }
static inline gss_cred_id_t credhandle_sspi_to_gss( LSA_SEC_HANDLE handle ) static inline gss_cred_id_t credhandle_sspi_to_gss( UINT64 handle )
{ {
return (gss_cred_id_t)handle; return (gss_cred_id_t)(ULONG_PTR)handle;
} }
static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, LSA_SEC_HANDLE *ctx ) static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, LSA_SEC_HANDLE *ctx )
...@@ -501,9 +501,9 @@ static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, LSA_SEC_HANDLE *c ...@@ -501,9 +501,9 @@ static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, LSA_SEC_HANDLE *c
*ctx = (LSA_SEC_HANDLE)handle; *ctx = (LSA_SEC_HANDLE)handle;
} }
static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, LSA_SEC_HANDLE *cred ) static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, UINT64 *cred )
{ {
*cred = (LSA_SEC_HANDLE)handle; *cred = (ULONG_PTR)handle;
} }
static ULONG flags_gss_to_asc_ret( ULONG flags ) static ULONG flags_gss_to_asc_ret( ULONG flags )
...@@ -665,8 +665,9 @@ static NTSTATUS delete_context( void *args ) ...@@ -665,8 +665,9 @@ static NTSTATUS delete_context( void *args )
static NTSTATUS free_credentials_handle( void *args ) static NTSTATUS free_credentials_handle( void *args )
{ {
const struct free_credentials_handle_params *params = args;
OM_uint32 ret, minor_status; OM_uint32 ret, minor_status;
gss_cred_id_t cred = credhandle_sspi_to_gss( (LSA_SEC_HANDLE)args ); gss_cred_id_t cred = credhandle_sspi_to_gss( params->credential );
ret = pgss_release_cred( &minor_status, &cred ); ret = pgss_release_cred( &minor_status, &cred );
TRACE( "gss_release_cred returned %#x minor status %#x\n", ret, minor_status ); TRACE( "gss_release_cred returned %#x minor status %#x\n", ret, minor_status );
......
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
struct accept_context_params struct accept_context_params
{ {
LSA_SEC_HANDLE credential; UINT64 credential;
LSA_SEC_HANDLE context; LSA_SEC_HANDLE context;
SecBufferDesc *input; SecBufferDesc *input;
LSA_SEC_HANDLE *new_context; LSA_SEC_HANDLE *new_context;
...@@ -40,13 +40,18 @@ struct acquire_credentials_handle_params ...@@ -40,13 +40,18 @@ struct acquire_credentials_handle_params
ULONG credential_use; ULONG credential_use;
const char *username; const char *username;
const char *password; const char *password;
LSA_SEC_HANDLE *credential; UINT64 *credential;
ULONG *expiry; ULONG *expiry;
}; };
struct free_credentials_handle_params
{
UINT64 credential;
};
struct initialize_context_params struct initialize_context_params
{ {
LSA_SEC_HANDLE credential; UINT64 credential;
LSA_SEC_HANDLE context; LSA_SEC_HANDLE context;
const char *target_name; const char *target_name;
ULONG context_req; ULONG context_req;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment