kerberos: Move timestamp conversion to the PE side.

Restore expiry time dropped in 6e9a9d6701,
spotted by Dmitry Timoshkov.

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Alexandre Julliard 2021-11-04 17:54:56 +01:00
parent de53f5682f
commit b1c58098eb
3 changed files with 38 additions and 24 deletions

View file

@ -83,6 +83,17 @@ static const char *debugstr_us( const UNICODE_STRING *us )
return debugstr_wn( us->Buffer, us->Length / sizeof(WCHAR) );
}
static void expiry_to_timestamp( ULONG expiry, TimeStamp *timestamp )
{
LARGE_INTEGER time;
NtQuerySystemTime( &time );
RtlSystemTimeToLocalTime( &time, &time );
time.QuadPart += expiry * (ULONGLONG)10000000;
timestamp->LowPart = time.QuadPart;
timestamp->HighPart = time.QuadPart >> 32;
}
static NTSTATUS NTAPI kerberos_LsaApInitializePackage(ULONG package_id, PLSA_DISPATCH_TABLE dispatch,
PLSA_STRING database, PLSA_STRING confidentiality, PLSA_STRING *package_name)
{
@ -267,6 +278,7 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
char *principal = NULL, *username = NULL, *password = NULL;
SEC_WINNT_AUTH_IDENTITY_W *id = auth_data;
NTSTATUS status = SEC_E_INSUFFICIENT_MEMORY;
ULONG exptime;
TRACE( "(%s 0x%08x %p %p %p %p %p %p)\n", debugstr_us(principal_us), credential_use,
logon_id, auth_data, get_key_fn, get_key_arg, credential, expiry );
@ -285,7 +297,9 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
}
status = krb5_funcs->acquire_credentials_handle( principal, credential_use, username, password, credential,
expiry );
&exptime );
expiry_to_timestamp( exptime, expiry );
done:
free( principal );
free( username );
@ -310,6 +324,7 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
ISC_REQ_IDENTIFY | ISC_REQ_CONNECTION;
char *target = NULL;
NTSTATUS status;
ULONG exptime;
TRACE( "(%lx %lx %s 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, debugstr_us(target_name),
context_req, target_data_rep, input, new_context, output, context_attr, expiry,
@ -320,8 +335,12 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
if (target_name && !(target = get_str_unixcp( target_name ))) return SEC_E_INSUFFICIENT_MEMORY;
status = krb5_funcs->initialize_context( credential, context, target, context_req, input, new_context, output,
context_attr, expiry );
if (!status) *mapped_context = TRUE;
context_attr, &exptime );
if (!status)
{
*mapped_context = TRUE;
expiry_to_timestamp( exptime, expiry );
}
/* FIXME: initialize context_data */
free( target );
return status;
@ -332,6 +351,7 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry, BOOLEAN *mapped_context, SecBuffer *context_data )
{
NTSTATUS status;
ULONG exptime;
TRACE( "(%lx %lx 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, context_req, target_data_rep, input,
new_context, output, context_attr, expiry, mapped_context, context_data );
@ -339,8 +359,12 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
if (!context && !input && !credential) return SEC_E_INVALID_HANDLE;
status = krb5_funcs->accept_context( credential, context, input, new_context, output, context_attr, expiry );
if (!status) *mapped_context = TRUE;
status = krb5_funcs->accept_context( credential, context, input, new_context, output, context_attr, &exptime );
if (!status)
{
*mapped_context = TRUE;
expiry_to_timestamp( exptime, expiry );
}
/* FIXME: initialize context_data */
return status;
}

View file

@ -505,16 +505,6 @@ static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, LSA_SEC_HANDLE
*cred = (LSA_SEC_HANDLE)handle;
}
static void expirytime_gss_to_sspi( OM_uint32 expirytime, TimeStamp *timestamp )
{
LARGE_INTEGER time;
NtQuerySystemTime( &time );
RtlSystemTimeToLocalTime( &time, &time );
timestamp->LowPart = time.QuadPart;
timestamp->HighPart = time.QuadPart >> 32;
}
static ULONG flags_gss_to_asc_ret( ULONG flags )
{
ULONG ret = 0;
@ -532,7 +522,7 @@ static ULONG flags_gss_to_asc_ret( ULONG flags )
static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, SecBufferDesc *input,
LSA_SEC_HANDLE *new_context, SecBufferDesc *output, ULONG *context_attr,
TimeStamp *expiry )
ULONG *expiry )
{
OM_uint32 ret, minor_status, ret_flags = 0, expiry_time;
gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential );
@ -571,7 +561,7 @@ static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE
ctxhandle_gss_to_sspi( ctx_handle, new_context );
if (context_attr) *context_attr = flags_gss_to_asc_ret( ret_flags );
expirytime_gss_to_sspi( expiry_time, expiry );
*expiry = expiry_time;
}
return status_gss_to_sspi( ret );
@ -621,7 +611,7 @@ static NTSTATUS import_name( const char *src, gss_name_t *dst )
}
static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG credential_use, const char *username,
const char *password, LSA_SEC_HANDLE *credential, TimeStamp *expiry )
const char *password, LSA_SEC_HANDLE *credential, ULONG *expiry )
{
OM_uint32 ret, minor_status, expiry_time;
gss_name_t name = GSS_C_NO_NAME;
@ -654,7 +644,7 @@ static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG c
if (ret == GSS_S_COMPLETE)
{
credhandle_gss_to_sspi( cred_handle, credential );
expirytime_gss_to_sspi( expiry_time, expiry );
*expiry = expiry_time;
}
if (name != GSS_C_NO_NAME) pgss_release_name( &minor_status, &name );
@ -715,7 +705,7 @@ static ULONG flags_gss_to_isc_ret( ULONG flags )
static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, const char *target_name,
ULONG context_req, SecBufferDesc *input, LSA_SEC_HANDLE *new_context,
SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry )
SecBufferDesc *output, ULONG *context_attr, ULONG *expiry )
{
OM_uint32 ret, minor_status, ret_flags = 0, expiry_time, req_flags = flags_isc_req_to_gss( context_req );
gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential );
@ -758,7 +748,7 @@ static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HAN
ctxhandle_gss_to_sspi( ctx_handle, new_context );
if (context_attr) *context_attr = flags_gss_to_isc_ret( ret_flags );
expirytime_gss_to_sspi( expiry_time, expiry );
*expiry = expiry_time;
}
if (target != GSS_C_NO_NAME) pgss_release_name( &minor_status, &target );

View file

@ -24,13 +24,13 @@
struct krb5_funcs
{
NTSTATUS (CDECL *accept_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, SecBufferDesc *, LSA_SEC_HANDLE *,
SecBufferDesc *, ULONG *, TimeStamp *);
SecBufferDesc *, ULONG *, ULONG *);
NTSTATUS (CDECL *acquire_credentials_handle)(const char *, ULONG, const char *, const char *, LSA_SEC_HANDLE *,
TimeStamp *);
ULONG *);
NTSTATUS (CDECL *delete_context)(LSA_SEC_HANDLE);
NTSTATUS (CDECL *free_credentials_handle)(LSA_SEC_HANDLE);
NTSTATUS (CDECL *initialize_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, const char *, ULONG, SecBufferDesc *,
LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, TimeStamp *);
LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, ULONG *);
NTSTATUS (CDECL *make_signature)(LSA_SEC_HANDLE, SecBufferDesc *);
NTSTATUS (CDECL *query_context_attributes)(LSA_SEC_HANDLE, ULONG, void *);
NTSTATUS (CDECL *query_ticket_cache)( KERB_QUERY_TKT_CACHE_RESPONSE *resp, ULONG *out_size );