diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c index dcf3386675b..451e08508b6 100644 --- a/dlls/kerberos/krb5_ap.c +++ b/dlls/kerberos/krb5_ap.c @@ -189,6 +189,7 @@ static void *libgssapi_krb5_handle; MAKE_FUNCPTR(gss_accept_sec_context); MAKE_FUNCPTR(gss_acquire_cred); MAKE_FUNCPTR(gss_delete_sec_context); +MAKE_FUNCPTR(gss_get_mic); MAKE_FUNCPTR(gss_import_name); MAKE_FUNCPTR(gss_init_sec_context); MAKE_FUNCPTR(gss_release_buffer); @@ -214,6 +215,7 @@ static BOOL load_gssapi_krb5(void) LOAD_FUNCPTR(gss_accept_sec_context) LOAD_FUNCPTR(gss_acquire_cred) LOAD_FUNCPTR(gss_delete_sec_context) + LOAD_FUNCPTR(gss_get_mic) LOAD_FUNCPTR(gss_import_name) LOAD_FUNCPTR(gss_init_sec_context) LOAD_FUNCPTR(gss_release_buffer) @@ -736,11 +738,52 @@ static NTSTATUS NTAPI kerberos_SpInstanceInit(ULONG version, SECPKG_DLL_FUNCTION return STATUS_SUCCESS; } +static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULONG quality_of_protection, + SecBufferDesc *message, ULONG message_seq_no ) +{ +#ifdef SONAME_LIBGSSAPI_KRB5 + OM_uint32 ret, minor_status; + gss_buffer_desc data_buffer, token_buffer; + gss_ctx_id_t ctxt_handle; + int data_idx, token_idx; + + TRACE( "(%lx 0x%08x %p %u)\n", context, quality_of_protection, message, message_seq_no ); + if (quality_of_protection) FIXME( "ignoring quality_of_protection 0x%08x\n", quality_of_protection ); + if (message_seq_no) FIXME( "ignoring message_seq_no %0x08x\n", message_seq_no ); + + if (!context) return SEC_E_INVALID_HANDLE; + ctxt_handle = ctxthandle_sspi_to_gss( context ); + + /* FIXME: multiple data buffers, read-only buffers */ + if ((data_idx = get_buffer_index( message, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN; + data_buffer.length = message->pBuffers[data_idx].cbBuffer; + data_buffer.value = message->pBuffers[data_idx].pvBuffer; + + if ((token_idx = get_buffer_index( message, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN; + token_buffer.length = 0; + token_buffer.value = NULL; + + ret = pgss_get_mic( &minor_status, ctxt_handle, GSS_C_QOP_DEFAULT, &data_buffer, &token_buffer ); + TRACE( "gss_get_mic returned %08x minor status %08x\n", ret, minor_status ); + if (ret == GSS_S_COMPLETE) + { + memcpy( message->pBuffers[token_idx].pvBuffer, token_buffer.value, token_buffer.length ); + message->pBuffers[token_idx].cbBuffer = token_buffer.length; + pgss_release_buffer( &minor_status, &token_buffer ); + } + + return status_gss_to_sspi( ret ); +#else + FIXME( "(%lx 0x%08x %p %u)\n", context, quality_of_protection, message, message_seq_no ); + return SEC_E_UNSUPPORTED_FUNCTION; +#endif +} + static SECPKG_USER_FUNCTION_TABLE kerberos_user_table = { kerberos_SpInstanceInit, NULL, /* SpInitUserModeContext */ - NULL, /* SpMakeSignature */ + kerberos_SpMakeSignature, NULL, /* SpVerifySignature */ NULL, /* SpSealMessage */ NULL, /* SpUnsealMessage */