From 9a8df0050334e5a0a4e569f6794be436e9d56961 Mon Sep 17 00:00:00 2001
From: Hans Leidekker <hans@codeweavers.com>
Date: Thu, 25 Jan 2018 11:33:26 +0800
Subject: [PATCH] kerberos: Implement SpMakeSignature.

Signed-off-by: Dmitry Timoshkov <dmitry@baikal.ru>
Signed-off-by: Hans Leidekker <hans@codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
---
 dlls/kerberos/krb5_ap.c | 45 ++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/dlls/kerberos/krb5_ap.c b/dlls/kerberos/krb5_ap.c
index dcf3386675b..451e08508b6 100644
--- a/dlls/kerberos/krb5_ap.c
+++ b/dlls/kerberos/krb5_ap.c
@@ -189,6 +189,7 @@ static void *libgssapi_krb5_handle;
 MAKE_FUNCPTR(gss_accept_sec_context);
 MAKE_FUNCPTR(gss_acquire_cred);
 MAKE_FUNCPTR(gss_delete_sec_context);
+MAKE_FUNCPTR(gss_get_mic);
 MAKE_FUNCPTR(gss_import_name);
 MAKE_FUNCPTR(gss_init_sec_context);
 MAKE_FUNCPTR(gss_release_buffer);
@@ -214,6 +215,7 @@ static BOOL load_gssapi_krb5(void)
     LOAD_FUNCPTR(gss_accept_sec_context)
     LOAD_FUNCPTR(gss_acquire_cred)
     LOAD_FUNCPTR(gss_delete_sec_context)
+    LOAD_FUNCPTR(gss_get_mic)
     LOAD_FUNCPTR(gss_import_name)
     LOAD_FUNCPTR(gss_init_sec_context)
     LOAD_FUNCPTR(gss_release_buffer)
@@ -736,11 +738,52 @@ static NTSTATUS NTAPI kerberos_SpInstanceInit(ULONG version, SECPKG_DLL_FUNCTION
     return STATUS_SUCCESS;
 }
 
+static NTSTATUS SEC_ENTRY kerberos_SpMakeSignature( LSA_SEC_HANDLE context, ULONG quality_of_protection,
+    SecBufferDesc *message, ULONG message_seq_no )
+{
+#ifdef SONAME_LIBGSSAPI_KRB5
+    OM_uint32 ret, minor_status;
+    gss_buffer_desc data_buffer, token_buffer;
+    gss_ctx_id_t ctxt_handle;
+    int data_idx, token_idx;
+
+    TRACE( "(%lx 0x%08x %p %u)\n", context, quality_of_protection, message, message_seq_no );
+    if (quality_of_protection) FIXME( "ignoring quality_of_protection 0x%08x\n", quality_of_protection );
+    if (message_seq_no) FIXME( "ignoring message_seq_no %0x08x\n", message_seq_no );
+
+    if (!context) return SEC_E_INVALID_HANDLE;
+    ctxt_handle = ctxthandle_sspi_to_gss( context );
+
+    /* FIXME: multiple data buffers, read-only buffers */
+    if ((data_idx = get_buffer_index( message, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN;
+    data_buffer.length = message->pBuffers[data_idx].cbBuffer;
+    data_buffer.value  = message->pBuffers[data_idx].pvBuffer;
+
+    if ((token_idx = get_buffer_index( message, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN;
+    token_buffer.length = 0;
+    token_buffer.value  = NULL;
+
+    ret = pgss_get_mic( &minor_status, ctxt_handle, GSS_C_QOP_DEFAULT, &data_buffer, &token_buffer );
+    TRACE( "gss_get_mic returned %08x minor status %08x\n", ret, minor_status );
+    if (ret == GSS_S_COMPLETE)
+    {
+        memcpy( message->pBuffers[token_idx].pvBuffer, token_buffer.value, token_buffer.length );
+        message->pBuffers[token_idx].cbBuffer = token_buffer.length;
+        pgss_release_buffer( &minor_status, &token_buffer );
+    }
+
+    return status_gss_to_sspi( ret );
+#else
+    FIXME( "(%lx 0x%08x %p %u)\n", context, quality_of_protection, message, message_seq_no );
+    return SEC_E_UNSUPPORTED_FUNCTION;
+#endif
+}
+
 static SECPKG_USER_FUNCTION_TABLE kerberos_user_table =
 {
     kerberos_SpInstanceInit,
     NULL, /* SpInitUserModeContext */
-    NULL, /* SpMakeSignature */
+    kerberos_SpMakeSignature,
     NULL, /* SpVerifySignature */
     NULL, /* SpSealMessage */
     NULL, /* SpUnsealMessage */