kerberos: Implement SpVerifySignature.

Signed-off-by: Dmitry Timoshkov <dmitry@baikal.ru>
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Hans Leidekker 2018-01-25 11:33:36 +08:00 committed by Alexandre Julliard
parent 9a8df00503
commit 58996f8a77
1 changed files with 37 additions and 1 deletions

View File

@ -195,6 +195,7 @@ MAKE_FUNCPTR(gss_init_sec_context);
MAKE_FUNCPTR(gss_release_buffer); MAKE_FUNCPTR(gss_release_buffer);
MAKE_FUNCPTR(gss_release_cred); MAKE_FUNCPTR(gss_release_cred);
MAKE_FUNCPTR(gss_release_name); MAKE_FUNCPTR(gss_release_name);
MAKE_FUNCPTR(gss_verify_mic);
#undef MAKE_FUNCPTR #undef MAKE_FUNCPTR
static BOOL load_gssapi_krb5(void) static BOOL load_gssapi_krb5(void)
@ -221,6 +222,7 @@ static BOOL load_gssapi_krb5(void)
LOAD_FUNCPTR(gss_release_buffer) LOAD_FUNCPTR(gss_release_buffer)
LOAD_FUNCPTR(gss_release_cred) LOAD_FUNCPTR(gss_release_cred)
LOAD_FUNCPTR(gss_release_name) LOAD_FUNCPTR(gss_release_name)
LOAD_FUNCPTR(gss_verify_mic)
#undef LOAD_FUNCPTR #undef LOAD_FUNCPTR
return TRUE; return TRUE;
@ -779,12 +781,46 @@ static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULON
#endif #endif
} }
static SECURITY_STATUS SEC_ENTRY kerberos_SpVerifySignature( LSA_SEC_HANDLE context, SecBufferDesc *message,
ULONG message_seq_no, ULONG *quality_of_protection )
{
#ifdef SONAME_LIBGSSAPI_KRB5
OM_uint32 ret, minor_status;
gss_buffer_desc data_buffer, token_buffer;
gss_ctx_id_t ctxt_handle;
int data_idx, token_idx;
TRACE( "(%lx %p %u %p)\n", context, message, message_seq_no, quality_of_protection );
if (message_seq_no) FIXME( "ignoring message_seq_no %0x08x\n", message_seq_no );
if (!context) return SEC_E_INVALID_HANDLE;
ctxt_handle = ctxthandle_sspi_to_gss( context );
if ((data_idx = get_buffer_index( message, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN;
data_buffer.length = message->pBuffers[data_idx].cbBuffer;
data_buffer.value = message->pBuffers[data_idx].pvBuffer;
if ((token_idx = get_buffer_index( message, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
token_buffer.length = message->pBuffers[token_idx].cbBuffer;
token_buffer.value = message->pBuffers[token_idx].pvBuffer;
ret = pgss_verify_mic( &minor_status, ctxt_handle, &data_buffer, &token_buffer, NULL );
TRACE( "gss_verify_mic returned %08x minor status %08x\n", ret, minor_status );
if (ret == GSS_S_COMPLETE && quality_of_protection) *quality_of_protection = 0;
return status_gss_to_sspi( ret );
#else
FIXME( "(%lx %p %u %p)\n", context, message, message_seq_no, quality_of_protection );
return SEC_E_UNSUPPORTED_FUNCTION;
#endif
}
static SECPKG_USER_FUNCTION_TABLE kerberos_user_table = static SECPKG_USER_FUNCTION_TABLE kerberos_user_table =
{ {
kerberos_SpInstanceInit, kerberos_SpInstanceInit,
NULL, /* SpInitUserModeContext */ NULL, /* SpInitUserModeContext */
kerberos_SpMakeSignature, kerberos_SpMakeSignature,
NULL, /* SpVerifySignature */ kerberos_SpVerifySignature,
NULL, /* SpSealMessage */ NULL, /* SpSealMessage */
NULL, /* SpUnsealMessage */ NULL, /* SpUnsealMessage */
NULL, /* SpGetContextToken */ NULL, /* SpGetContextToken */