[PATCH 02/10] kerberos: Use 64-bit integer for context handles.

From: Nikolay Sivov nsivov@codeweavers.com

Signed-off-by: Nikolay Sivov nsivov@codeweavers.com --- dlls/kerberos/krb5_ap.c | 59 ++++++++++++++++++++++++++++++++++------- dlls/kerberos/unixlib.c | 11 ++++---- dlls/kerberos/unixlib.h | 23 +++++++++------- 3 files changed, 69 insertions(+), 24 deletions(-)

diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c index 9fea8c85d89..cc6df975d25 100644 --- a/dlls/kerberos/krb5_ap.c +++ b/dlls/kerberos/krb5_ap.c @@ -82,6 +82,24 @@ struct cred_handle UINT64 handle; };

+struct context_handle +{ + UINT64 handle; +}; + +static LSA_SEC_HANDLE create_context_handle( struct context_handle *ctx, UINT64 new_context ) +{ + UINT64 context = ctx ? ctx->handle : 0; + if (new_context && new_context != context) + { + struct context_handle *new_ctx = malloc(sizeof(*new_ctx)); + new_ctx->handle = new_context; + return (LSA_SEC_HANDLE)new_ctx; + } + else + return (LSA_SEC_HANDLE)ctx; +} + static const char *debugstr_us( const UNICODE_STRING *us ) { if (!us) return "<null>"; @@ -370,14 +388,16 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, else { struct cred_handle *cred_handle = (struct cred_handle *)credential; + struct context_handle *context_handle = (struct context_handle *)context; struct initialize_context_params params; + UINT64 new_context_handle = 0;

params.credential = cred_handle ? cred_handle->handle : 0; - params.context = context; + params.context = context_handle ? context_handle->handle : 0; params.target_name = target; params.context_req = context_req; params.input = input; - params.new_context = new_context; + params.new_context = &new_context_handle; params.output = output; params.context_attr = context_attr; params.expiry = &exptime; @@ -385,6 +405,7 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential, status = KRB5_CALL( initialize_context, &params ); if (!status) { + *new_context = create_context_handle( context_handle, new_context_handle ); *mapped_context = TRUE; expiry_to_timestamp( exptime, expiry ); } @@ -408,12 +429,14 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential if (context || input || credential) { struct cred_handle *cred_handle = (struct cred_handle *)credential; + struct context_handle *context_handle = (struct context_handle *)context; struct accept_context_params params; + UINT64 new_context_handle = 0;

params.credential = cred_handle ? cred_handle->handle : 0; - params.context = context; + params.context = context_handle ? context_handle->handle : 0; params.input = input; - params.new_context = new_context; + params.new_context = &new_context_handle; params.output = output; params.context_attr = context_attr; params.expiry = &exptime; @@ -421,6 +444,7 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential status = KRB5_CALL( accept_context, &params ); if (!status) { + *new_context = create_context_handle( context_handle, new_context_handle ); *mapped_context = TRUE; expiry_to_timestamp( exptime, expiry ); } @@ -431,9 +455,18 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential

static NTSTATUS NTAPI kerberos_SpDeleteContext( LSA_SEC_HANDLE context ) { + struct context_handle *context_handle = (void *)context; + struct delete_context_params params; + NTSTATUS status; + TRACE( "%Ix\n", context ); + if (!context) return SEC_E_INVALID_HANDLE; - return KRB5_CALL( delete_context, (void *)context ); + + params.context = context_handle->handle; + status = KRB5_CALL( delete_context, &params ); + free( context_handle ); + return status; }

static SecPkgInfoW *build_package_info( const SecPkgInfoW *info ) @@ -456,6 +489,8 @@ static SecPkgInfoW *build_package_info( const SecPkgInfoW *info )

static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, ULONG attribute, void *buffer ) { + struct context_handle *context_handle = (void *)context; + TRACE( "%Ix, %lu, %p\n", context, attribute, buffer );

if (!context) return SEC_E_INVALID_HANDLE; @@ -477,7 +512,7 @@ static NTSTATUS NTAPI kerberos_SpQueryContextAttributes( LSA_SEC_HANDLE context, X(SECPKG_ATTR_TARGET_INFORMATION); case SECPKG_ATTR_SIZES: { - struct query_context_attributes_params params = { context, attribute, buffer }; + struct query_context_attributes_params params = { context_handle->handle, attribute, buffer }; return KRB5_CALL( query_context_attributes, &params ); } case SECPKG_ATTR_NEGOTIATION_INFO: @@ -584,7 +619,8 @@ static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULON

if (context) { - struct make_signature_params params = { context, message }; + struct context_handle *context_handle = (void *)context; + struct make_signature_params params = { context_handle->handle, message }; return KRB5_CALL( make_signature, &params ); } else return SEC_E_INVALID_HANDLE; @@ -598,7 +634,8 @@ static NTSTATUS NTAPI kerberos_SpVerifySignature( LSA_SEC_HANDLE context, SecBuf

if (context) { - struct verify_signature_params params = { context, message, quality_of_protection }; + struct context_handle *context_handle = (void *)context; + struct verify_signature_params params = { context_handle->handle, message, quality_of_protection }; return KRB5_CALL( verify_signature, &params ); } else return SEC_E_INVALID_HANDLE; @@ -612,7 +649,8 @@ static NTSTATUS NTAPI kerberos_SpSealMessage( LSA_SEC_HANDLE context, ULONG qual

if (context) { - struct seal_message_params params = { context, message, quality_of_protection }; + struct context_handle *context_handle = (void *)context; + struct seal_message_params params = { context_handle->handle, message, quality_of_protection }; return KRB5_CALL( seal_message, &params ); } else return SEC_E_INVALID_HANDLE; @@ -626,7 +664,8 @@ static NTSTATUS NTAPI kerberos_SpUnsealMessage( LSA_SEC_HANDLE context, SecBuffe

if (context) { - struct unseal_message_params params = { context, message, quality_of_protection }; + struct context_handle *context_handle = (void *)context; + struct unseal_message_params params = { context_handle->handle, message, quality_of_protection }; return KRB5_CALL( unseal_message, &params ); } else return SEC_E_INVALID_HANDLE; diff --git a/dlls/kerberos/unixlib.c b/dlls/kerberos/unixlib.c index 66d151488b3..4d74dd7eb1f 100644 --- a/dlls/kerberos/unixlib.c +++ b/dlls/kerberos/unixlib.c @@ -486,9 +486,9 @@ static void trace_gss_status( OM_uint32 major_status, OM_uint32 minor_status ) } }

-static inline gss_ctx_id_t ctxhandle_sspi_to_gss( LSA_SEC_HANDLE handle ) +static inline gss_ctx_id_t ctxhandle_sspi_to_gss( UINT64 handle ) { - return (gss_ctx_id_t)handle; + return (gss_ctx_id_t)(ULONG_PTR)handle; }

static inline gss_cred_id_t credhandle_sspi_to_gss( UINT64 handle ) @@ -496,9 +496,9 @@ static inline gss_cred_id_t credhandle_sspi_to_gss( UINT64 handle ) return (gss_cred_id_t)(ULONG_PTR)handle; }

-static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, LSA_SEC_HANDLE *ctx ) +static inline void ctxhandle_gss_to_sspi( gss_ctx_id_t handle, UINT64 *ctx ) { - *ctx = (LSA_SEC_HANDLE)handle; + *ctx = (ULONG_PTR)handle; }

static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, UINT64 *cred ) @@ -654,8 +654,9 @@ static NTSTATUS acquire_credentials_handle( void *args )

static NTSTATUS delete_context( void *args ) { + const struct delete_context_params *params = args; OM_uint32 ret, minor_status; - gss_ctx_id_t ctx_handle = ctxhandle_sspi_to_gss( (LSA_SEC_HANDLE)args ); + gss_ctx_id_t ctx_handle = ctxhandle_sspi_to_gss( params->context );

ret = pgss_delete_sec_context( &minor_status, &ctx_handle, GSS_C_NO_BUFFER ); TRACE( "gss_delete_sec_context returned %#x minor status %#x\n", ret, minor_status ); diff --git a/dlls/kerberos/unixlib.h b/dlls/kerberos/unixlib.h index 7c3f97f436d..2634182ef51 100644 --- a/dlls/kerberos/unixlib.h +++ b/dlls/kerberos/unixlib.h @@ -26,9 +26,9 @@ struct accept_context_params { UINT64 credential; - LSA_SEC_HANDLE context; + UINT64 context; SecBufferDesc *input; - LSA_SEC_HANDLE *new_context; + UINT64 *new_context; SecBufferDesc *output; ULONG *context_attr; ULONG *expiry; @@ -44,6 +44,11 @@ struct acquire_credentials_handle_params ULONG *expiry; };

+struct delete_context_params +{ + UINT64 context; +}; + struct free_credentials_handle_params { UINT64 credential; @@ -52,11 +57,11 @@ struct free_credentials_handle_params struct initialize_context_params { UINT64 credential; - LSA_SEC_HANDLE context; + UINT64 context; const char *target_name; ULONG context_req; SecBufferDesc *input; - LSA_SEC_HANDLE *new_context; + UINT64 *new_context; SecBufferDesc *output; ULONG *context_attr; ULONG *expiry; @@ -64,13 +69,13 @@ struct initialize_context_params

struct make_signature_params { - LSA_SEC_HANDLE context; + UINT64 context; SecBufferDesc *msg; };

struct query_context_attributes_params { - LSA_SEC_HANDLE context; + UINT64 context; unsigned attr; void *buf; }; @@ -83,21 +88,21 @@ struct query_ticket_cache_params

struct seal_message_params { - LSA_SEC_HANDLE context; + UINT64 context; SecBufferDesc *msg; unsigned qop; };

struct unseal_message_params { - LSA_SEC_HANDLE context; + UINT64 context; SecBufferDesc *msg; ULONG *qop; };

struct verify_signature_params { - LSA_SEC_HANDLE context; + UINT64 context; SecBufferDesc *msg; ULONG *qop; };