mirror of
git://source.winehq.org/git/wine.git
synced 2024-09-15 08:20:20 +00:00
rpcrt4: Retrieve the maximum token length from the security provider rather than using a hardcoded and rather small limit.
This commit is contained in:
parent
d1ec56c871
commit
7abb647cd3
|
@ -967,7 +967,9 @@ RPC_STATUS WINAPI RpcRevertToSelfEx(RPC_BINDING_HANDLE BindingHandle)
|
|||
return RPC_S_OK;
|
||||
}
|
||||
|
||||
static RPC_STATUS RpcAuthInfo_Create(ULONG AuthnLevel, ULONG AuthnSvc, CredHandle cred, TimeStamp exp, RpcAuthInfo **ret)
|
||||
static RPC_STATUS RpcAuthInfo_Create(ULONG AuthnLevel, ULONG AuthnSvc,
|
||||
CredHandle cred, TimeStamp exp,
|
||||
ULONG cbMaxToken, RpcAuthInfo **ret)
|
||||
{
|
||||
RpcAuthInfo *AuthInfo = HeapAlloc(GetProcessHeap(), 0, sizeof(*AuthInfo));
|
||||
if (!AuthInfo)
|
||||
|
@ -978,6 +980,7 @@ static RPC_STATUS RpcAuthInfo_Create(ULONG AuthnLevel, ULONG AuthnSvc, CredHandl
|
|||
AuthInfo->AuthnSvc = AuthnSvc;
|
||||
AuthInfo->cred = cred;
|
||||
AuthInfo->exp = exp;
|
||||
AuthInfo->cbMaxToken = cbMaxToken;
|
||||
*ret = AuthInfo;
|
||||
return RPC_S_OK;
|
||||
}
|
||||
|
@ -1225,6 +1228,7 @@ RpcBindingSetAuthInfoExA( RPC_BINDING_HANDLE Binding, RPC_CSTR ServerPrincName,
|
|||
ULONG package_count;
|
||||
ULONG i;
|
||||
PSecPkgInfoA packages;
|
||||
ULONG cbMaxToken;
|
||||
|
||||
TRACE("%p %s %u %u %p %u %p\n", Binding, debugstr_a((const char*)ServerPrincName),
|
||||
AuthnLevel, AuthnSvc, AuthIdentity, AuthzSvr, SecurityQos);
|
||||
|
@ -1306,12 +1310,14 @@ RpcBindingSetAuthInfoExA( RPC_BINDING_HANDLE Binding, RPC_CSTR ServerPrincName,
|
|||
TRACE("found package %s for service %u\n", packages[i].Name, AuthnSvc);
|
||||
r = AcquireCredentialsHandleA((SEC_CHAR *)ServerPrincName, packages[i].Name, SECPKG_CRED_OUTBOUND, NULL,
|
||||
AuthIdentity, NULL, NULL, &cred, &exp);
|
||||
cbMaxToken = packages[i].cbMaxToken;
|
||||
FreeContextBuffer(packages);
|
||||
if (r == ERROR_SUCCESS)
|
||||
{
|
||||
if (bind->AuthInfo) RpcAuthInfo_Release(bind->AuthInfo);
|
||||
bind->AuthInfo = NULL;
|
||||
r = RpcAuthInfo_Create(AuthnLevel, AuthnSvc, cred, exp, &bind->AuthInfo);
|
||||
r = RpcAuthInfo_Create(AuthnLevel, AuthnSvc, cred, exp, cbMaxToken,
|
||||
&bind->AuthInfo);
|
||||
if (r != RPC_S_OK)
|
||||
FreeCredentialsHandle(&cred);
|
||||
return RPC_S_OK;
|
||||
|
@ -1338,6 +1344,7 @@ RpcBindingSetAuthInfoExW( RPC_BINDING_HANDLE Binding, RPC_WSTR ServerPrincName,
|
|||
ULONG package_count;
|
||||
ULONG i;
|
||||
PSecPkgInfoW packages;
|
||||
ULONG cbMaxToken;
|
||||
|
||||
TRACE("%p %s %u %u %p %u %p\n", Binding, debugstr_w((const WCHAR*)ServerPrincName),
|
||||
AuthnLevel, AuthnSvc, AuthIdentity, AuthzSvr, SecurityQos);
|
||||
|
@ -1419,12 +1426,14 @@ RpcBindingSetAuthInfoExW( RPC_BINDING_HANDLE Binding, RPC_WSTR ServerPrincName,
|
|||
TRACE("found package %s for service %u\n", debugstr_w(packages[i].Name), AuthnSvc);
|
||||
r = AcquireCredentialsHandleW((SEC_WCHAR *)ServerPrincName, packages[i].Name, SECPKG_CRED_OUTBOUND, NULL,
|
||||
AuthIdentity, NULL, NULL, &cred, &exp);
|
||||
cbMaxToken = packages[i].cbMaxToken;
|
||||
FreeContextBuffer(packages);
|
||||
if (r == ERROR_SUCCESS)
|
||||
{
|
||||
if (bind->AuthInfo) RpcAuthInfo_Release(bind->AuthInfo);
|
||||
bind->AuthInfo = NULL;
|
||||
r = RpcAuthInfo_Create(AuthnLevel, AuthnSvc, cred, exp, &bind->AuthInfo);
|
||||
r = RpcAuthInfo_Create(AuthnLevel, AuthnSvc, cred, exp, cbMaxToken,
|
||||
&bind->AuthInfo);
|
||||
if (r != RPC_S_OK)
|
||||
FreeCredentialsHandle(&cred);
|
||||
return RPC_S_OK;
|
||||
|
|
|
@ -30,10 +30,11 @@ typedef struct _RpcAuthInfo
|
|||
{
|
||||
LONG refs;
|
||||
|
||||
unsigned long AuthnLevel;
|
||||
unsigned long AuthnSvc;
|
||||
ULONG AuthnLevel;
|
||||
ULONG AuthnSvc;
|
||||
CredHandle cred;
|
||||
TimeStamp exp;
|
||||
ULONG cbMaxToken;
|
||||
} RpcAuthInfo;
|
||||
|
||||
typedef struct _RpcQualityOfService
|
||||
|
|
|
@ -474,10 +474,10 @@ static void RPCRT4_AuthNegotiate(RpcConnection *conn, SecBuffer *out)
|
|||
else if (conn->AuthInfo->AuthnLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
|
||||
context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
|
||||
|
||||
buffer = HeapAlloc(GetProcessHeap(), 0, 0x100);
|
||||
buffer = HeapAlloc(GetProcessHeap(), 0, conn->AuthInfo->cbMaxToken);
|
||||
|
||||
out->BufferType = SECBUFFER_TOKEN;
|
||||
out->cbBuffer = 0x100;
|
||||
out->cbBuffer = conn->AuthInfo->cbMaxToken;
|
||||
out->pvBuffer = buffer;
|
||||
|
||||
out_desc.ulVersion = 0;
|
||||
|
@ -503,7 +503,6 @@ static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
|
|||
SecBufferDesc inp_desc, out_desc;
|
||||
SecBuffer inp, out;
|
||||
SECURITY_STATUS r;
|
||||
unsigned char buffer[0x100];
|
||||
RpcPktHdr *resp_hdr;
|
||||
RPC_STATUS status;
|
||||
ULONG context_req = ISC_REQ_CONNECTION | ISC_REQ_USE_DCE_STYLE |
|
||||
|
@ -517,8 +516,8 @@ static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
|
|||
context_req |= ISC_REQ_CONFIDENTIALITY | ISC_REQ_INTEGRITY;
|
||||
|
||||
out.BufferType = SECBUFFER_TOKEN;
|
||||
out.cbBuffer = sizeof buffer;
|
||||
out.pvBuffer = buffer;
|
||||
out.cbBuffer = conn->AuthInfo->cbMaxToken;
|
||||
out.pvBuffer = HeapAlloc(GetProcessHeap(), 0, out.cbBuffer);
|
||||
|
||||
out_desc.ulVersion = 0;
|
||||
out_desc.cBuffers = 1;
|
||||
|
@ -537,6 +536,7 @@ static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
|
|||
&inp_desc, 0, &conn->ctx, &out_desc, &conn->attr, &conn->exp);
|
||||
if (r)
|
||||
{
|
||||
HeapFree(GetProcessHeap(), 0, out.pvBuffer);
|
||||
WARN("InitializeSecurityContext failed with error 0x%08x\n", r);
|
||||
return ERROR_ACCESS_DENIED;
|
||||
}
|
||||
|
@ -547,6 +547,7 @@ static RPC_STATUS RPCRT_AuthorizeConnection(RpcConnection* conn,
|
|||
|
||||
status = RPCRT4_SendAuth(conn, resp_hdr, NULL, 0, out.pvBuffer, out.cbBuffer);
|
||||
|
||||
HeapFree(GetProcessHeap(), 0, out.pvBuffer);
|
||||
RPCRT4_FreeHeader(resp_hdr);
|
||||
|
||||
return status;
|
||||
|
|
Loading…
Reference in a new issue