From: Hans Leidekker hans@codeweavers.com
Signed-off-by: Dmitry Timoshkov dmitry@baikal.ru --- dlls/kerberos/krb5_ap.c | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-)
diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c index 451e08508b..43bbbae7e2 100644 --- a/dlls/kerberos/krb5_ap.c +++ b/dlls/kerberos/krb5_ap.c @@ -195,6 +195,7 @@ MAKE_FUNCPTR(gss_init_sec_context); MAKE_FUNCPTR(gss_release_buffer); MAKE_FUNCPTR(gss_release_cred); MAKE_FUNCPTR(gss_release_name); +MAKE_FUNCPTR(gss_verify_mic); #undef MAKE_FUNCPTR
static BOOL load_gssapi_krb5(void) @@ -221,6 +222,7 @@ static BOOL load_gssapi_krb5(void) LOAD_FUNCPTR(gss_release_buffer) LOAD_FUNCPTR(gss_release_cred) LOAD_FUNCPTR(gss_release_name) + LOAD_FUNCPTR(gss_verify_mic) #undef LOAD_FUNCPTR
return TRUE; @@ -779,12 +781,46 @@ static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULON #endif }
+static SECURITY_STATUS SEC_ENTRY kerberos_SpVerifySignature( LSA_SEC_HANDLE context, SecBufferDesc *message, + ULONG message_seq_no, ULONG *quality_of_protection ) +{ +#ifdef SONAME_LIBGSSAPI_KRB5 + OM_uint32 ret, minor_status; + gss_buffer_desc data_buffer, token_buffer; + gss_ctx_id_t ctxt_handle; + int data_idx, token_idx; + + TRACE( "(%lx %p %u %p)\n", context, message, message_seq_no, quality_of_protection ); + if (message_seq_no) FIXME( "ignoring message_seq_no %0x08x\n", message_seq_no ); + + if (!context) return SEC_E_INVALID_HANDLE; + ctxt_handle = ctxthandle_sspi_to_gss( context ); + + if ((data_idx = get_buffer_index( message, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN; + data_buffer.length = message->pBuffers[data_idx].cbBuffer; + data_buffer.value = message->pBuffers[data_idx].pvBuffer; + + if ((token_idx = get_buffer_index( message, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN; + token_buffer.length = message->pBuffers[token_idx].cbBuffer; + token_buffer.value = message->pBuffers[token_idx].pvBuffer; + + ret = pgss_verify_mic( &minor_status, ctxt_handle, &data_buffer, &token_buffer, NULL ); + TRACE( "gss_verify_mic returned %08x minor status %08x\n", ret, minor_status ); + if (ret == GSS_S_COMPLETE && quality_of_protection) *quality_of_protection = 0; + + return status_gss_to_sspi( ret ); +#else + FIXME( "(%lx %p %u %p)\n", context, message, message_seq_no, quality_of_protection ); + return SEC_E_UNSUPPORTED_FUNCTION; +#endif +} + static SECPKG_USER_FUNCTION_TABLE kerberos_user_table = { kerberos_SpInstanceInit, NULL, /* SpInitUserModeContext */ kerberos_SpMakeSignature, - NULL, /* SpVerifySignature */ + kerberos_SpVerifySignature, NULL, /* SpSealMessage */ NULL, /* SpUnsealMessage */ NULL, /* SpGetContextToken */
-
Dmitry Timoshkov -
Hans Leidekker