mirror of
git://source.winehq.org/git/wine.git
synced 2024-10-06 08:39:34 +00:00
kerberos: Implement SECPKG_ATTR_SESSION_KEY.
This commit is contained in:
parent
da750b77bd
commit
26c19ea681
|
@ -633,9 +633,26 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
|
|||
X(SECPKG_ATTR_NATIVE_NAMES);
|
||||
X(SECPKG_ATTR_PACKAGE_INFO);
|
||||
X(SECPKG_ATTR_PASSWORD_EXPIRY);
|
||||
X(SECPKG_ATTR_SESSION_KEY);
|
||||
X(SECPKG_ATTR_STREAM_SIZES);
|
||||
X(SECPKG_ATTR_TARGET_INFORMATION);
|
||||
#undef X
|
||||
case SECPKG_ATTR_SESSION_KEY:
|
||||
{
|
||||
SecPkgContext_SessionKey key = { 128 };
|
||||
struct query_context_attributes_params params = { context_handle->handle, attribute, &key };
|
||||
NTSTATUS status;
|
||||
|
||||
if (!(key.SessionKey = RtlAllocateHeap( GetProcessHeap(), 0, key.SessionKeyLength ))) return STATUS_NO_MEMORY;
|
||||
|
||||
if ((status = KRB5_CALL( query_context_attributes, ¶ms )))
|
||||
{
|
||||
RtlFreeHeap( GetProcessHeap(), 0, key.SessionKey );
|
||||
return status;
|
||||
}
|
||||
|
||||
*(SecPkgContext_SessionKey *)buffer = key;
|
||||
return SEC_E_OK;
|
||||
}
|
||||
case SECPKG_ATTR_SIZES:
|
||||
{
|
||||
struct query_context_attributes_params params = { context_handle->handle, attribute, buffer };
|
||||
|
@ -648,7 +665,6 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context,
|
|||
info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
|
||||
return SEC_E_OK;
|
||||
}
|
||||
#undef X
|
||||
default:
|
||||
FIXME( "unknown attribute %lu\n", attribute );
|
||||
break;
|
||||
|
|
|
@ -403,7 +403,9 @@ MAKE_FUNCPTR( gss_get_mic );
|
|||
MAKE_FUNCPTR( gss_import_name );
|
||||
MAKE_FUNCPTR( gss_init_sec_context );
|
||||
MAKE_FUNCPTR( gss_inquire_context );
|
||||
MAKE_FUNCPTR( gss_inquire_sec_context_by_oid );
|
||||
MAKE_FUNCPTR( gss_release_buffer );
|
||||
MAKE_FUNCPTR( gss_release_buffer_set );
|
||||
MAKE_FUNCPTR( gss_release_cred );
|
||||
MAKE_FUNCPTR( gss_release_iov_buffer );
|
||||
MAKE_FUNCPTR( gss_release_name );
|
||||
|
@ -429,21 +431,23 @@ static BOOL load_gssapi_krb5(void)
|
|||
goto fail; \
|
||||
}
|
||||
|
||||
LOAD_FUNCPTR( gss_accept_sec_context)
|
||||
LOAD_FUNCPTR( gss_acquire_cred)
|
||||
LOAD_FUNCPTR( gss_delete_sec_context)
|
||||
LOAD_FUNCPTR( gss_display_status)
|
||||
LOAD_FUNCPTR( gss_get_mic)
|
||||
LOAD_FUNCPTR( gss_import_name)
|
||||
LOAD_FUNCPTR( gss_init_sec_context)
|
||||
LOAD_FUNCPTR( gss_inquire_context)
|
||||
LOAD_FUNCPTR( gss_release_buffer)
|
||||
LOAD_FUNCPTR( gss_release_cred)
|
||||
LOAD_FUNCPTR( gss_release_iov_buffer)
|
||||
LOAD_FUNCPTR( gss_release_name)
|
||||
LOAD_FUNCPTR( gss_unwrap)
|
||||
LOAD_FUNCPTR( gss_unwrap_iov)
|
||||
LOAD_FUNCPTR( gss_verify_mic)
|
||||
LOAD_FUNCPTR( gss_accept_sec_context )
|
||||
LOAD_FUNCPTR( gss_acquire_cred )
|
||||
LOAD_FUNCPTR( gss_delete_sec_context )
|
||||
LOAD_FUNCPTR( gss_display_status )
|
||||
LOAD_FUNCPTR( gss_get_mic )
|
||||
LOAD_FUNCPTR( gss_import_name )
|
||||
LOAD_FUNCPTR( gss_init_sec_context )
|
||||
LOAD_FUNCPTR( gss_inquire_context )
|
||||
LOAD_FUNCPTR( gss_inquire_sec_context_by_oid )
|
||||
LOAD_FUNCPTR( gss_release_buffer )
|
||||
LOAD_FUNCPTR( gss_release_buffer_set )
|
||||
LOAD_FUNCPTR( gss_release_cred )
|
||||
LOAD_FUNCPTR( gss_release_iov_buffer )
|
||||
LOAD_FUNCPTR( gss_release_name )
|
||||
LOAD_FUNCPTR( gss_unwrap )
|
||||
LOAD_FUNCPTR( gss_unwrap_iov )
|
||||
LOAD_FUNCPTR( gss_verify_mic )
|
||||
LOAD_FUNCPTR( gss_wrap )
|
||||
LOAD_FUNCPTR( gss_wrap_iov )
|
||||
#undef LOAD_FUNCPTR
|
||||
|
@ -804,11 +808,49 @@ static NTSTATUS make_signature( void *args )
|
|||
#define KERBEROS_MAX_SIGNATURE_DCE 28
|
||||
#define KERBEROS_SECURITY_TRAILER_DCE 76
|
||||
|
||||
static NTSTATUS get_session_key( gss_ctx_id_t ctx, SecPkgContext_SessionKey *key )
|
||||
{
|
||||
gss_OID_desc GSS_C_INQ_SSPI_SESSION_KEY =
|
||||
{ 11, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" }; /* 1.2.840.113554.1.2.2.5.5 */
|
||||
OM_uint32 ret, minor_status;
|
||||
gss_buffer_set_t buffer_set = GSS_C_NO_BUFFER_SET;
|
||||
|
||||
ret = pgss_inquire_sec_context_by_oid( &minor_status, ctx, &GSS_C_INQ_SSPI_SESSION_KEY, &buffer_set );
|
||||
if (GSS_ERROR( ret )) trace_gss_status( ret, minor_status );
|
||||
if (ret != GSS_S_COMPLETE) return STATUS_INTERNAL_ERROR;
|
||||
|
||||
if (buffer_set == GSS_C_NO_BUFFER_SET || buffer_set->count != 2)
|
||||
{
|
||||
pgss_release_buffer_set( &minor_status, &buffer_set );
|
||||
return STATUS_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
if (key->SessionKeyLength < buffer_set->elements[0].length )
|
||||
{
|
||||
key->SessionKeyLength = buffer_set->elements[0].length;
|
||||
pgss_release_buffer_set( &minor_status, &buffer_set );
|
||||
return STATUS_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
memcpy( key->SessionKey, buffer_set->elements[0].value, buffer_set->elements[0].length );
|
||||
key->SessionKeyLength = buffer_set->elements[0].length;
|
||||
|
||||
pgss_release_buffer_set( &minor_status, &buffer_set );
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
static NTSTATUS query_context_attributes( void *args )
|
||||
{
|
||||
struct query_context_attributes_params *params = args;
|
||||
switch (params->attr)
|
||||
{
|
||||
case SECPKG_ATTR_SESSION_KEY:
|
||||
{
|
||||
SecPkgContext_SessionKey *key = (SecPkgContext_SessionKey *)params->buf;
|
||||
gss_ctx_id_t ctx = ctxhandle_sspi_to_gss( params->context );
|
||||
|
||||
return get_session_key( ctx, key );
|
||||
}
|
||||
case SECPKG_ATTR_SIZES:
|
||||
{
|
||||
SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)params->buf;
|
||||
|
|
Loading…
Reference in a new issue