Signed-off-by: Hans Leidekker hans@codeweavers.com --- dlls/kerberos/krb5_ap.c | 18 +--------------- dlls/kerberos/unixlib.c | 47 +++++++++++++++++++++++++++++++++++++++++ dlls/kerberos/unixlib.h | 3 +++ 3 files changed, 51 insertions(+), 17 deletions(-)
diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c index f3cbf34ee81..61833b4e040 100644 --- a/dlls/kerberos/krb5_ap.c +++ b/dlls/kerberos/krb5_ap.c @@ -927,23 +927,7 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, X(SECPKG_ATTR_TARGET_INFORMATION); case SECPKG_ATTR_SIZES: { - SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)buffer; - ULONG size_max_signature = 37, size_security_trailer = 49; -#ifdef SONAME_LIBGSSAPI_KRB5 - gss_ctx_id_t ctxt_handle; - - if (!(ctxt_handle = ctxthandle_sspi_to_gss( context ))) return SEC_E_INVALID_HANDLE; - if (is_dce_style_context( ctxt_handle )) - { - size_max_signature = 28; - size_security_trailer = 76; - } -#endif - sizes->cbMaxToken = KERBEROS_MAX_BUF; - sizes->cbMaxSignature = size_max_signature; - sizes->cbBlockSize = 1; - sizes->cbSecurityTrailer = size_security_trailer; - return SEC_E_OK; + return krb5_funcs->query_context_attributes( context, attribute, buffer ); } case SECPKG_ATTR_NEGOTIATION_INFO: { diff --git a/dlls/kerberos/unixlib.c b/dlls/kerberos/unixlib.c index 06f0ffc8a04..34da8460406 100644 --- a/dlls/kerberos/unixlib.c +++ b/dlls/kerberos/unixlib.c @@ -211,6 +211,13 @@ fail: return FALSE; }
+static BOOL is_dce_style_context( gss_ctx_id_t ctx ) +{ + OM_uint32 ret, minor_status, flags; + ret = pgss_inquire_context( &minor_status, ctx, NULL, NULL, NULL, NULL, &flags, NULL, NULL ); + return (ret == GSS_S_COMPLETE && (flags & GSS_C_DCE_STYLE)); +} + static int get_buffer_index( SecBufferDesc *desc, DWORD type ) { UINT i; @@ -587,6 +594,45 @@ static NTSTATUS CDECL make_signature( LSA_SEC_HANDLE context, SecBufferDesc *msg return status_gss_to_sspi( ret ); }
+#define KERBEROS_MAX_SIGNATURE 37 +#define KERBEROS_SECURITY_TRAILER 49 +#define KERBEROS_MAX_SIGNATURE_DCE 28 +#define KERBEROS_SECURITY_TRAILER_DCE 76 + +static NTSTATUS CDECL query_context_attributes( LSA_SEC_HANDLE context, ULONG attr, void *buf ) +{ + switch (attr) + { + case SECPKG_ATTR_SIZES: + { + SecPkgContext_Sizes *sizes = (SecPkgContext_Sizes *)buf; + ULONG size_max_signature, size_security_trailer; + gss_ctx_id_t ctx = ctxhandle_sspi_to_gss( context ); + + if (is_dce_style_context( ctx )) + { + size_max_signature = KERBEROS_MAX_SIGNATURE_DCE; + size_security_trailer = KERBEROS_SECURITY_TRAILER_DCE; + } + else + { + size_max_signature = KERBEROS_MAX_SIGNATURE; + size_security_trailer = KERBEROS_SECURITY_TRAILER; + } + sizes->cbMaxToken = KERBEROS_MAX_BUF; + sizes->cbMaxSignature = size_max_signature; + sizes->cbBlockSize = 1; + sizes->cbSecurityTrailer = size_security_trailer; + return SEC_E_OK; + } + default: + FIXME( "unhandled attribute %u\n", attr ); + break; + } + + return SEC_E_UNSUPPORTED_FUNCTION; +} + static NTSTATUS CDECL verify_signature( LSA_SEC_HANDLE context, SecBufferDesc *msg, ULONG *qop ) { OM_uint32 ret, minor_status; @@ -618,6 +664,7 @@ static const struct krb5_funcs funcs = free_credentials_handle, initialize_context, make_signature, + query_context_attributes, verify_signature, };
diff --git a/dlls/kerberos/unixlib.h b/dlls/kerberos/unixlib.h index 6a73444aae8..8fd562a28d7 100644 --- a/dlls/kerberos/unixlib.h +++ b/dlls/kerberos/unixlib.h @@ -19,6 +19,8 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA */
+#define KERBEROS_MAX_BUF 12000 + struct krb5_funcs { NTSTATUS (CDECL *accept_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, SecBufferDesc *, LSA_SEC_HANDLE *, @@ -30,6 +32,7 @@ struct krb5_funcs NTSTATUS (CDECL *initialize_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, const char *, ULONG, SecBufferDesc *, LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, TimeStamp *); NTSTATUS (CDECL *make_signature)(LSA_SEC_HANDLE, SecBufferDesc *); + NTSTATUS (CDECL *query_context_attributes)(LSA_SEC_HANDLE, ULONG, void *); NTSTATUS (CDECL *verify_signature)(LSA_SEC_HANDLE, SecBufferDesc *, ULONG *); };