kerberos: Move timestamp conversion to the PE side.
Restore expiry time dropped in 6e9a9d6701
,
spotted by Dmitry Timoshkov.
Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
parent
de53f5682f
commit
b1c58098eb
|
@ -83,6 +83,17 @@ static const char *debugstr_us( const UNICODE_STRING *us )
|
|||
return debugstr_wn( us->Buffer, us->Length / sizeof(WCHAR) );
|
||||
}
|
||||
|
||||
static void expiry_to_timestamp( ULONG expiry, TimeStamp *timestamp )
|
||||
{
|
||||
LARGE_INTEGER time;
|
||||
|
||||
NtQuerySystemTime( &time );
|
||||
RtlSystemTimeToLocalTime( &time, &time );
|
||||
time.QuadPart += expiry * (ULONGLONG)10000000;
|
||||
timestamp->LowPart = time.QuadPart;
|
||||
timestamp->HighPart = time.QuadPart >> 32;
|
||||
}
|
||||
|
||||
static NTSTATUS NTAPI kerberos_LsaApInitializePackage(ULONG package_id, PLSA_DISPATCH_TABLE dispatch,
|
||||
PLSA_STRING database, PLSA_STRING confidentiality, PLSA_STRING *package_name)
|
||||
{
|
||||
|
@ -267,6 +278,7 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
|
|||
char *principal = NULL, *username = NULL, *password = NULL;
|
||||
SEC_WINNT_AUTH_IDENTITY_W *id = auth_data;
|
||||
NTSTATUS status = SEC_E_INSUFFICIENT_MEMORY;
|
||||
ULONG exptime;
|
||||
|
||||
TRACE( "(%s 0x%08x %p %p %p %p %p %p)\n", debugstr_us(principal_us), credential_use,
|
||||
logon_id, auth_data, get_key_fn, get_key_arg, credential, expiry );
|
||||
|
@ -285,7 +297,9 @@ static NTSTATUS NTAPI kerberos_SpAcquireCredentialsHandle(
|
|||
}
|
||||
|
||||
status = krb5_funcs->acquire_credentials_handle( principal, credential_use, username, password, credential,
|
||||
expiry );
|
||||
&exptime );
|
||||
expiry_to_timestamp( exptime, expiry );
|
||||
|
||||
done:
|
||||
free( principal );
|
||||
free( username );
|
||||
|
@ -310,6 +324,7 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
|
|||
ISC_REQ_IDENTIFY | ISC_REQ_CONNECTION;
|
||||
char *target = NULL;
|
||||
NTSTATUS status;
|
||||
ULONG exptime;
|
||||
|
||||
TRACE( "(%lx %lx %s 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, debugstr_us(target_name),
|
||||
context_req, target_data_rep, input, new_context, output, context_attr, expiry,
|
||||
|
@ -320,8 +335,12 @@ static NTSTATUS NTAPI kerberos_SpInitLsaModeContext( LSA_SEC_HANDLE credential,
|
|||
if (target_name && !(target = get_str_unixcp( target_name ))) return SEC_E_INSUFFICIENT_MEMORY;
|
||||
|
||||
status = krb5_funcs->initialize_context( credential, context, target, context_req, input, new_context, output,
|
||||
context_attr, expiry );
|
||||
if (!status) *mapped_context = TRUE;
|
||||
context_attr, &exptime );
|
||||
if (!status)
|
||||
{
|
||||
*mapped_context = TRUE;
|
||||
expiry_to_timestamp( exptime, expiry );
|
||||
}
|
||||
/* FIXME: initialize context_data */
|
||||
free( target );
|
||||
return status;
|
||||
|
@ -332,6 +351,7 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
|
|||
SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry, BOOLEAN *mapped_context, SecBuffer *context_data )
|
||||
{
|
||||
NTSTATUS status;
|
||||
ULONG exptime;
|
||||
|
||||
TRACE( "(%lx %lx 0x%08x %u %p %p %p %p %p %p %p)\n", credential, context, context_req, target_data_rep, input,
|
||||
new_context, output, context_attr, expiry, mapped_context, context_data );
|
||||
|
@ -339,8 +359,12 @@ static NTSTATUS NTAPI kerberos_SpAcceptLsaModeContext( LSA_SEC_HANDLE credential
|
|||
|
||||
if (!context && !input && !credential) return SEC_E_INVALID_HANDLE;
|
||||
|
||||
status = krb5_funcs->accept_context( credential, context, input, new_context, output, context_attr, expiry );
|
||||
if (!status) *mapped_context = TRUE;
|
||||
status = krb5_funcs->accept_context( credential, context, input, new_context, output, context_attr, &exptime );
|
||||
if (!status)
|
||||
{
|
||||
*mapped_context = TRUE;
|
||||
expiry_to_timestamp( exptime, expiry );
|
||||
}
|
||||
/* FIXME: initialize context_data */
|
||||
return status;
|
||||
}
|
||||
|
|
|
@ -505,16 +505,6 @@ static inline void credhandle_gss_to_sspi( gss_cred_id_t handle, LSA_SEC_HANDLE
|
|||
*cred = (LSA_SEC_HANDLE)handle;
|
||||
}
|
||||
|
||||
static void expirytime_gss_to_sspi( OM_uint32 expirytime, TimeStamp *timestamp )
|
||||
{
|
||||
LARGE_INTEGER time;
|
||||
|
||||
NtQuerySystemTime( &time );
|
||||
RtlSystemTimeToLocalTime( &time, &time );
|
||||
timestamp->LowPart = time.QuadPart;
|
||||
timestamp->HighPart = time.QuadPart >> 32;
|
||||
}
|
||||
|
||||
static ULONG flags_gss_to_asc_ret( ULONG flags )
|
||||
{
|
||||
ULONG ret = 0;
|
||||
|
@ -532,7 +522,7 @@ static ULONG flags_gss_to_asc_ret( ULONG flags )
|
|||
|
||||
static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, SecBufferDesc *input,
|
||||
LSA_SEC_HANDLE *new_context, SecBufferDesc *output, ULONG *context_attr,
|
||||
TimeStamp *expiry )
|
||||
ULONG *expiry )
|
||||
{
|
||||
OM_uint32 ret, minor_status, ret_flags = 0, expiry_time;
|
||||
gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential );
|
||||
|
@ -571,7 +561,7 @@ static NTSTATUS CDECL accept_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE
|
|||
|
||||
ctxhandle_gss_to_sspi( ctx_handle, new_context );
|
||||
if (context_attr) *context_attr = flags_gss_to_asc_ret( ret_flags );
|
||||
expirytime_gss_to_sspi( expiry_time, expiry );
|
||||
*expiry = expiry_time;
|
||||
}
|
||||
|
||||
return status_gss_to_sspi( ret );
|
||||
|
@ -621,7 +611,7 @@ static NTSTATUS import_name( const char *src, gss_name_t *dst )
|
|||
}
|
||||
|
||||
static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG credential_use, const char *username,
|
||||
const char *password, LSA_SEC_HANDLE *credential, TimeStamp *expiry )
|
||||
const char *password, LSA_SEC_HANDLE *credential, ULONG *expiry )
|
||||
{
|
||||
OM_uint32 ret, minor_status, expiry_time;
|
||||
gss_name_t name = GSS_C_NO_NAME;
|
||||
|
@ -654,7 +644,7 @@ static NTSTATUS CDECL acquire_credentials_handle( const char *principal, ULONG c
|
|||
if (ret == GSS_S_COMPLETE)
|
||||
{
|
||||
credhandle_gss_to_sspi( cred_handle, credential );
|
||||
expirytime_gss_to_sspi( expiry_time, expiry );
|
||||
*expiry = expiry_time;
|
||||
}
|
||||
|
||||
if (name != GSS_C_NO_NAME) pgss_release_name( &minor_status, &name );
|
||||
|
@ -715,7 +705,7 @@ static ULONG flags_gss_to_isc_ret( ULONG flags )
|
|||
|
||||
static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HANDLE context, const char *target_name,
|
||||
ULONG context_req, SecBufferDesc *input, LSA_SEC_HANDLE *new_context,
|
||||
SecBufferDesc *output, ULONG *context_attr, TimeStamp *expiry )
|
||||
SecBufferDesc *output, ULONG *context_attr, ULONG *expiry )
|
||||
{
|
||||
OM_uint32 ret, minor_status, ret_flags = 0, expiry_time, req_flags = flags_isc_req_to_gss( context_req );
|
||||
gss_cred_id_t cred_handle = credhandle_sspi_to_gss( credential );
|
||||
|
@ -758,7 +748,7 @@ static NTSTATUS CDECL initialize_context( LSA_SEC_HANDLE credential, LSA_SEC_HAN
|
|||
|
||||
ctxhandle_gss_to_sspi( ctx_handle, new_context );
|
||||
if (context_attr) *context_attr = flags_gss_to_isc_ret( ret_flags );
|
||||
expirytime_gss_to_sspi( expiry_time, expiry );
|
||||
*expiry = expiry_time;
|
||||
}
|
||||
|
||||
if (target != GSS_C_NO_NAME) pgss_release_name( &minor_status, &target );
|
||||
|
|
|
@ -24,13 +24,13 @@
|
|||
struct krb5_funcs
|
||||
{
|
||||
NTSTATUS (CDECL *accept_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, SecBufferDesc *, LSA_SEC_HANDLE *,
|
||||
SecBufferDesc *, ULONG *, TimeStamp *);
|
||||
SecBufferDesc *, ULONG *, ULONG *);
|
||||
NTSTATUS (CDECL *acquire_credentials_handle)(const char *, ULONG, const char *, const char *, LSA_SEC_HANDLE *,
|
||||
TimeStamp *);
|
||||
ULONG *);
|
||||
NTSTATUS (CDECL *delete_context)(LSA_SEC_HANDLE);
|
||||
NTSTATUS (CDECL *free_credentials_handle)(LSA_SEC_HANDLE);
|
||||
NTSTATUS (CDECL *initialize_context)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, const char *, ULONG, SecBufferDesc *,
|
||||
LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, TimeStamp *);
|
||||
LSA_SEC_HANDLE *, SecBufferDesc *, ULONG *, ULONG *);
|
||||
NTSTATUS (CDECL *make_signature)(LSA_SEC_HANDLE, SecBufferDesc *);
|
||||
NTSTATUS (CDECL *query_context_attributes)(LSA_SEC_HANDLE, ULONG, void *);
|
||||
NTSTATUS (CDECL *query_ticket_cache)( KERB_QUERY_TKT_CACHE_RESPONSE *resp, ULONG *out_size );
|
||||
|
|
Loading…
Reference in New Issue