kerberos: Implement SECPKG_ATTR_SESSION_KEY.

2024-07-08 03:45:57 +00:00 · 2023-08-02 16:45:44 +02:00 · 2023-08-02 16:45:44 +02:00 · 26c19ea681
commit 26c19ea681
parent da750b77bd
2 changed files with 75 additions and 17 deletions
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@ -633,9 +633,26 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
    X(SECPKG_ATTR_NATIVE_NAMES);
    X(SECPKG_ATTR_PACKAGE_INFO);
    X(SECPKG_ATTR_PASSWORD_EXPIRY);
-    X(SECPKG_ATTR_SESSION_KEY);
    X(SECPKG_ATTR_STREAM_SIZES);
    X(SECPKG_ATTR_TARGET_INFORMATION);
+#undef X
+    case SECPKG_ATTR_SESSION_KEY:
+    {
+        SecPkgContext_SessionKey key = { 128 };
+        struct query_context_attributes_params params = { context_handle->handle, attribute, &key };
+        NTSTATUS status;
+
+        if (!(key.SessionKey = RtlAllocateHeap( GetProcessHeap(), 0, key.SessionKeyLength ))) return STATUS_NO_MEMORY;
+
+        if ((status = KRB5_CALL( query_context_attributes, &params )))
+        {
+            RtlFreeHeap( GetProcessHeap(), 0, key.SessionKey );
+            return status;
+        }
+
+        *(SecPkgContext_SessionKey *)buffer = key;
+        return SEC_E_OK;
+    }
    case SECPKG_ATTR_SIZES:
    {
        struct query_context_attributes_params params = { context_handle->handle, attribute, buffer };
@ -648,7 +665,6 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
        info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
        return SEC_E_OK;
    }
-#undef X
    default:
        FIXME( "unknown attribute %lu\n", attribute );
        break;
--- a/dlls/kerberos/unixlib.c
+++ b/dlls/kerberos/unixlib.c
@ -403,7 +403,9 @@ MAKE_FUNCPTR( gss_get_mic );
 MAKE_FUNCPTR( gss_import_name );
 MAKE_FUNCPTR( gss_init_sec_context );
 MAKE_FUNCPTR( gss_inquire_context );
+MAKE_FUNCPTR( gss_inquire_sec_context_by_oid );
 MAKE_FUNCPTR( gss_release_buffer );
+MAKE_FUNCPTR( gss_release_buffer_set );
 MAKE_FUNCPTR( gss_release_cred );
 MAKE_FUNCPTR( gss_release_iov_buffer );
 MAKE_FUNCPTR( gss_release_name );
@ -429,21 +431,23 @@ static BOOL load_gssapi_krb5(void)
        goto fail; \
    }

-    LOAD_FUNCPTR( gss_accept_sec_context)
-    LOAD_FUNCPTR( gss_acquire_cred)
-    LOAD_FUNCPTR( gss_delete_sec_context)
-    LOAD_FUNCPTR( gss_display_status)
-    LOAD_FUNCPTR( gss_get_mic)
-    LOAD_FUNCPTR( gss_import_name)
-    LOAD_FUNCPTR( gss_init_sec_context)
-    LOAD_FUNCPTR( gss_inquire_context)
-    LOAD_FUNCPTR( gss_release_buffer)
-    LOAD_FUNCPTR( gss_release_cred)
-    LOAD_FUNCPTR( gss_release_iov_buffer)
-    LOAD_FUNCPTR( gss_release_name)
-    LOAD_FUNCPTR( gss_unwrap)
-    LOAD_FUNCPTR( gss_unwrap_iov)
-    LOAD_FUNCPTR( gss_verify_mic)
+    LOAD_FUNCPTR( gss_accept_sec_context )
+    LOAD_FUNCPTR( gss_acquire_cred )
+    LOAD_FUNCPTR( gss_delete_sec_context )
+    LOAD_FUNCPTR( gss_display_status )
+    LOAD_FUNCPTR( gss_get_mic )
+    LOAD_FUNCPTR( gss_import_name )
+    LOAD_FUNCPTR( gss_init_sec_context )
+    LOAD_FUNCPTR( gss_inquire_context )
+    LOAD_FUNCPTR( gss_inquire_sec_context_by_oid )
+    LOAD_FUNCPTR( gss_release_buffer )
+    LOAD_FUNCPTR( gss_release_buffer_set )
+    LOAD_FUNCPTR( gss_release_cred )
+    LOAD_FUNCPTR( gss_release_iov_buffer )
+    LOAD_FUNCPTR( gss_release_name )
+    LOAD_FUNCPTR( gss_unwrap )
+    LOAD_FUNCPTR( gss_unwrap_iov )
+    LOAD_FUNCPTR( gss_verify_mic )
    LOAD_FUNCPTR( gss_wrap )
    LOAD_FUNCPTR( gss_wrap_iov )
 #undef LOAD_FUNCPTR
@ -804,11 +808,49 @@ static NTSTATUS make_signature( void *args )
 #define KERBEROS_MAX_SIGNATURE_DCE    28
 #define KERBEROS_SECURITY_TRAILER_DCE 76

+static NTSTATUS get_session_key( gss_ctx_id_t ctx, SecPkgContext_SessionKey *key )
+{
+    gss_OID_desc GSS_C_INQ_SSPI_SESSION_KEY =
+        { 11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" }; /* 1.2.840.113554.1.2.2.5.5 */
+    OM_uint32 ret, minor_status;
+    gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET;
+
+    ret = pgss_inquire_sec_context_by_oid( &minor_status, ctx, &GSS_C_INQ_SSPI_SESSION_KEY, &buffer_set );
+    if (GSS_ERROR( ret )) trace_gss_status( ret, minor_status );
+    if (ret != GSS_S_COMPLETE) return STATUS_INTERNAL_ERROR;
+
+    if (buffer_set == GSS_C_NO_BUFFER_SET || buffer_set->count != 2)
+    {
+        pgss_release_buffer_set( &minor_status, &buffer_set );
+        return STATUS_INTERNAL_ERROR;
+    }
+
+    if (key->SessionKeyLength < buffer_set->elements[0].length )
+    {
+        key->SessionKeyLength = buffer_set->elements[0].length;
+        pgss_release_buffer_set( &minor_status, &buffer_set );
+        return STATUS_BUFFER_TOO_SMALL;
+    }
+
+    memcpy( key->SessionKey, buffer_set->elements[0].value, buffer_set->elements[0].length );
+    key->SessionKeyLength = buffer_set->elements[0].length;
+
+    pgss_release_buffer_set( &minor_status, &buffer_set );
+    return STATUS_SUCCESS;
+}
+
 static NTSTATUS query_context_attributes( void *args )
 {
    struct query_context_attributes_params *params = args;
    switch (params->attr)
    {
+    case SECPKG_ATTR_SESSION_KEY:
+    {
+        SecPkgContext_SessionKey *key = (SecPkgContext_SessionKey *)params->buf;
+        gss_ctx_id_t ctx  = ctxhandle_sspi_to_gss( params->context );
+
+        return get_session_key( ctx, key );
+    }
    case SECPKG_ATTR_SIZES:
    {
        SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)params->buf;