2012-03-19 04:30:20 +04:00
|
|
|
/**
|
2012-05-22 06:48:33 +04:00
|
|
|
* WinPR: Windows Portable Runtime
|
2012-03-19 04:30:20 +04:00
|
|
|
* NTLM Security Package (AV_PAIRs)
|
|
|
|
*
|
2014-06-06 06:10:08 +04:00
|
|
|
* Copyright 2011-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
2012-03-19 04:30:20 +04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2012-08-15 01:20:53 +04:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2015-05-11 17:21:02 +03:00
|
|
|
#include <assert.h>
|
|
|
|
|
2012-03-19 04:30:20 +04:00
|
|
|
#include "ntlm.h"
|
|
|
|
#include "../sspi.h"
|
|
|
|
|
2012-05-23 11:08:24 +04:00
|
|
|
#include <winpr/crt.h>
|
2012-05-25 06:40:46 +04:00
|
|
|
#include <winpr/print.h>
|
2012-06-20 02:06:43 +04:00
|
|
|
#include <winpr/sysinfo.h>
|
2015-06-16 16:42:07 +03:00
|
|
|
#include <winpr/tchar.h>
|
2015-10-08 23:48:58 +03:00
|
|
|
#include <winpr/crypto.h>
|
2015-10-06 17:56:24 +03:00
|
|
|
|
2012-03-19 06:02:23 +04:00
|
|
|
#include "ntlm_compute.h"
|
|
|
|
|
2012-03-19 04:30:20 +04:00
|
|
|
#include "ntlm_av_pairs.h"
|
|
|
|
|
2014-08-18 19:22:22 +04:00
|
|
|
#include "../../log.h"
|
2014-08-18 20:57:08 +04:00
|
|
|
#define TAG WINPR_TAG("sspi.NTLM")
|
2014-08-18 19:22:22 +04:00
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
const char* const AV_PAIR_STRINGS[] =
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
|
|
|
"MsvAvEOL",
|
|
|
|
"MsvAvNbComputerName",
|
|
|
|
"MsvAvNbDomainName",
|
|
|
|
"MsvAvDnsComputerName",
|
|
|
|
"MsvAvDnsDomainName",
|
|
|
|
"MsvAvDnsTreeName",
|
|
|
|
"MsvAvFlags",
|
|
|
|
"MsvAvTimestamp",
|
|
|
|
"MsvAvRestrictions",
|
|
|
|
"MsvAvTargetName",
|
|
|
|
"MsvChannelBindings"
|
|
|
|
};
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
void ntlm_av_pair_list_init(NTLM_AV_PAIR* pAvPairList)
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* pAvPair = pAvPairList;
|
2016-04-22 15:43:40 +03:00
|
|
|
ntlm_av_pair_set_id(pAvPair, MsvAvEOL);
|
|
|
|
ntlm_av_pair_set_len(pAvPair, 0);
|
2012-07-01 22:33:36 +04:00
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList)
|
2012-07-02 01:05:31 +04:00
|
|
|
{
|
|
|
|
ULONG length;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* pAvPair = pAvPairList;
|
2012-07-02 01:05:31 +04:00
|
|
|
|
|
|
|
if (!pAvPair)
|
|
|
|
return 0;
|
|
|
|
|
2016-04-22 15:43:40 +03:00
|
|
|
while (ntlm_av_pair_get_id(pAvPair) != MsvAvEOL)
|
2012-07-02 01:05:31 +04:00
|
|
|
{
|
|
|
|
pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
|
|
|
|
}
|
|
|
|
|
|
|
|
length = (pAvPair - pAvPairList) + sizeof(NTLM_AV_PAIR);
|
|
|
|
return length;
|
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
void ntlm_print_av_pair_list(NTLM_AV_PAIR* pAvPairList)
|
2012-07-02 01:05:31 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* pAvPair = pAvPairList;
|
2012-07-02 01:05:31 +04:00
|
|
|
|
|
|
|
if (!pAvPair)
|
|
|
|
return;
|
|
|
|
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_INFO(TAG, "AV_PAIRs =");
|
2012-07-02 01:05:31 +04:00
|
|
|
|
2016-04-22 15:43:40 +03:00
|
|
|
while (ntlm_av_pair_get_id(pAvPair) != MsvAvEOL)
|
2012-07-02 01:05:31 +04:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_INFO(TAG, "\t%s AvId: %"PRIu16" AvLen: %"PRIu16"",
|
2017-02-24 23:58:08 +03:00
|
|
|
AV_PAIR_STRINGS[ntlm_av_pair_get_id(pAvPair)],
|
|
|
|
ntlm_av_pair_get_id(pAvPair),
|
|
|
|
ntlm_av_pair_get_len(pAvPair));
|
2016-04-22 15:43:40 +03:00
|
|
|
winpr_HexDump(TAG, WLOG_INFO, ntlm_av_pair_get_value_pointer(pAvPair),
|
2017-02-24 23:58:08 +03:00
|
|
|
ntlm_av_pair_get_len(pAvPair));
|
2012-07-02 01:05:31 +04:00
|
|
|
pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-07-01 22:33:36 +04:00
|
|
|
ULONG ntlm_av_pair_list_size(ULONG AvPairsCount, ULONG AvPairsValueLength)
|
|
|
|
{
|
|
|
|
/* size of headers + value lengths + terminating MsvAvEOL AV_PAIR */
|
2013-01-31 05:39:57 +04:00
|
|
|
return ((AvPairsCount + 1) * 4) + AvPairsValueLength;
|
2012-07-01 22:33:36 +04:00
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
PBYTE ntlm_av_pair_get_value_pointer(NTLM_AV_PAIR* pAvPair)
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
|
|
|
return &((PBYTE) pAvPair)[sizeof(NTLM_AV_PAIR)];
|
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
int ntlm_av_pair_get_next_offset(NTLM_AV_PAIR* pAvPair)
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
2016-04-22 15:43:40 +03:00
|
|
|
return ntlm_av_pair_get_len(pAvPair) + sizeof(NTLM_AV_PAIR);
|
2012-07-01 22:33:36 +04:00
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* ntlm_av_pair_get_next_pointer(NTLM_AV_PAIR* pAvPair)
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
return (NTLM_AV_PAIR*)((PBYTE) pAvPair + ntlm_av_pair_get_next_offset(pAvPair));
|
2012-07-01 22:33:36 +04:00
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* ntlm_av_pair_get(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId)
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* pAvPair = pAvPairList;
|
2012-07-01 22:33:36 +04:00
|
|
|
|
|
|
|
if (!pAvPair)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
while (1)
|
|
|
|
{
|
2016-04-22 15:43:40 +03:00
|
|
|
if (ntlm_av_pair_get_id(pAvPair) == AvId)
|
2012-07-01 22:33:36 +04:00
|
|
|
return pAvPair;
|
|
|
|
|
2016-04-22 15:43:40 +03:00
|
|
|
if (ntlm_av_pair_get_id(pAvPair) == MsvAvEOL)
|
2012-07-01 22:33:36 +04:00
|
|
|
return NULL;
|
|
|
|
|
|
|
|
pAvPair = ntlm_av_pair_get_next_pointer(pAvPair);
|
|
|
|
}
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2017-02-24 23:58:08 +03:00
|
|
|
NTLM_AV_PAIR* ntlm_av_pair_add(NTLM_AV_PAIR* pAvPairList, NTLM_AV_ID AvId, PBYTE Value,
|
|
|
|
UINT16 AvLen)
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* pAvPair;
|
2012-07-02 01:05:31 +04:00
|
|
|
pAvPair = ntlm_av_pair_get(pAvPairList, MsvAvEOL);
|
2012-07-01 22:33:36 +04:00
|
|
|
|
|
|
|
if (!pAvPair)
|
|
|
|
return NULL;
|
|
|
|
|
2015-05-11 17:21:02 +03:00
|
|
|
assert(Value != NULL);
|
2016-04-22 15:43:40 +03:00
|
|
|
ntlm_av_pair_set_id(pAvPair, AvId);
|
|
|
|
ntlm_av_pair_set_len(pAvPair, AvLen);
|
2012-07-02 05:40:33 +04:00
|
|
|
CopyMemory(ntlm_av_pair_get_value_pointer(pAvPair), Value, AvLen);
|
2012-07-01 22:33:36 +04:00
|
|
|
return pAvPair;
|
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, NTLM_AV_PAIR* pAvPair)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* pAvPairCopy;
|
2012-07-02 05:40:33 +04:00
|
|
|
pAvPairCopy = ntlm_av_pair_get(pAvPairList, MsvAvEOL);
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (!pAvPairCopy)
|
|
|
|
return NULL;
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2016-04-22 15:43:40 +03:00
|
|
|
CopyMemory(&pAvPairCopy->AvId, &pAvPair->AvId, 2);
|
|
|
|
CopyMemory(&pAvPairCopy->AvLen, &pAvPair->AvLen, 2);
|
2012-07-02 05:40:33 +04:00
|
|
|
CopyMemory(ntlm_av_pair_get_value_pointer(pAvPairCopy),
|
2017-02-24 23:58:08 +03:00
|
|
|
ntlm_av_pair_get_value_pointer(pAvPair),
|
|
|
|
ntlm_av_pair_get_len(pAvPair));
|
2012-07-02 05:40:33 +04:00
|
|
|
return pAvPairCopy;
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
int ntlm_get_target_computer_name(PUNICODE_STRING pName, COMPUTER_NAME_FORMAT type)
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
char* name;
|
2014-06-07 08:17:11 +04:00
|
|
|
int status;
|
2017-02-24 23:58:08 +03:00
|
|
|
DWORD nSize = 0;
|
|
|
|
CHAR* computerName;
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2017-02-27 12:56:19 +03:00
|
|
|
if (GetComputerNameExA(ComputerNameNetBIOS, NULL, &nSize) || (GetLastError() != ERROR_MORE_DATA) ||
|
|
|
|
(nSize < 2))
|
2014-06-07 08:17:11 +04:00
|
|
|
return -1;
|
2014-08-18 19:22:22 +04:00
|
|
|
|
2017-02-24 23:58:08 +03:00
|
|
|
computerName = calloc(nSize, sizeof(CHAR));
|
|
|
|
|
|
|
|
if (!computerName)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (!GetComputerNameExA(ComputerNameNetBIOS, computerName, &nSize))
|
2017-02-25 10:35:37 +03:00
|
|
|
{
|
|
|
|
free(computerName);
|
2017-02-24 23:58:08 +03:00
|
|
|
return -1;
|
2017-02-25 10:35:37 +03:00
|
|
|
}
|
2017-02-24 23:58:08 +03:00
|
|
|
|
|
|
|
if (nSize > MAX_COMPUTERNAME_LENGTH)
|
|
|
|
computerName[MAX_COMPUTERNAME_LENGTH] = '\0';
|
|
|
|
|
|
|
|
name = computerName;
|
|
|
|
|
2015-06-16 16:42:07 +03:00
|
|
|
if (!name)
|
2014-06-07 08:17:11 +04:00
|
|
|
return -1;
|
2012-07-01 22:33:36 +04:00
|
|
|
|
|
|
|
if (type == ComputerNameNetBIOS)
|
|
|
|
CharUpperA(name);
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
status = ConvertToUnicode(CP_UTF8, 0, name, -1, &pName->Buffer, 0);
|
|
|
|
|
|
|
|
if (status <= 0)
|
2015-06-19 11:38:37 +03:00
|
|
|
{
|
|
|
|
free(name);
|
2014-06-07 08:17:11 +04:00
|
|
|
return status;
|
2015-06-19 11:38:37 +03:00
|
|
|
}
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2014-08-18 19:22:22 +04:00
|
|
|
pName->Length = (USHORT)((status - 1) * 2);
|
2012-07-01 22:33:36 +04:00
|
|
|
pName->MaximumLength = pName->Length;
|
|
|
|
free(name);
|
2014-06-07 08:17:11 +04:00
|
|
|
return 1;
|
2012-07-01 22:33:36 +04:00
|
|
|
}
|
|
|
|
|
2012-08-23 09:18:47 +04:00
|
|
|
void ntlm_free_unicode_string(PUNICODE_STRING string)
|
|
|
|
{
|
2014-06-07 08:17:11 +04:00
|
|
|
if (string)
|
2012-08-23 09:18:47 +04:00
|
|
|
{
|
|
|
|
if (string->Length > 0)
|
|
|
|
{
|
2015-05-11 10:07:39 +03:00
|
|
|
free(string->Buffer);
|
2012-08-23 09:18:47 +04:00
|
|
|
string->Buffer = NULL;
|
|
|
|
string->Length = 0;
|
|
|
|
string->MaximumLength = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-12-21 21:17:07 +04:00
|
|
|
/**
|
|
|
|
* From http://www.ietf.org/proceedings/72/slides/sasl-2.pdf:
|
|
|
|
*
|
|
|
|
* tls-server-end-point:
|
|
|
|
*
|
|
|
|
* The hash of the TLS server's end entity certificate as it appears, octet for octet,
|
|
|
|
* in the server's Certificate message (note that the Certificate message contains a
|
|
|
|
* certificate_list, the first element of which is the server's end entity certificate.)
|
|
|
|
* The hash function to be selected is as follows: if the certificate's signature hash
|
|
|
|
* algorithm is either MD5 or SHA-1, then use SHA-256, otherwise use the certificate's
|
|
|
|
* signature hash algorithm.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Channel Bindings sample usage:
|
|
|
|
* https://raw.github.com/mozilla/mozilla-central/master/extensions/auth/nsAuthSSPI.cpp
|
|
|
|
*/
|
|
|
|
|
2013-01-07 01:05:20 +04:00
|
|
|
/*
|
|
|
|
typedef struct gss_channel_bindings_struct {
|
2013-01-09 06:56:28 +04:00
|
|
|
OM_uint32 initiator_addrtype;
|
|
|
|
gss_buffer_desc initiator_address;
|
|
|
|
OM_uint32 acceptor_addrtype;
|
|
|
|
gss_buffer_desc acceptor_address;
|
|
|
|
gss_buffer_desc application_data;
|
2013-01-07 01:05:20 +04:00
|
|
|
} *gss_channel_bindings_t;
|
|
|
|
*/
|
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
static BOOL ntlm_md5_update_uint32_be(WINPR_DIGEST_CTX* md5, UINT32 num)
|
2012-12-21 21:17:07 +04:00
|
|
|
{
|
2013-01-07 01:05:20 +04:00
|
|
|
BYTE be32[4];
|
2013-01-09 09:20:08 +04:00
|
|
|
be32[0] = (num >> 0) & 0xFF;
|
|
|
|
be32[1] = (num >> 8) & 0xFF;
|
|
|
|
be32[2] = (num >> 16) & 0xFF;
|
|
|
|
be32[3] = (num >> 24) & 0xFF;
|
2016-11-24 16:53:19 +03:00
|
|
|
return winpr_Digest_Update(md5, be32, 4);
|
2013-01-09 09:20:08 +04:00
|
|
|
}
|
2012-12-21 21:17:07 +04:00
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
void ntlm_compute_channel_bindings(NTLM_CONTEXT* context)
|
2013-01-09 09:20:08 +04:00
|
|
|
{
|
2016-11-21 19:28:54 +03:00
|
|
|
WINPR_DIGEST_CTX* md5;
|
2014-08-18 21:34:47 +04:00
|
|
|
BYTE* ChannelBindingToken;
|
2013-01-09 09:20:08 +04:00
|
|
|
UINT32 ChannelBindingTokenLength;
|
2014-08-18 21:34:47 +04:00
|
|
|
SEC_CHANNEL_BINDINGS* ChannelBindings;
|
2016-02-24 23:45:09 +03:00
|
|
|
ZeroMemory(context->ChannelBindingsHash, WINPR_MD5_DIGEST_LENGTH);
|
2013-01-09 09:20:08 +04:00
|
|
|
ChannelBindings = context->Bindings.Bindings;
|
2012-12-21 21:17:07 +04:00
|
|
|
|
2013-01-09 09:20:08 +04:00
|
|
|
if (!ChannelBindings)
|
|
|
|
return;
|
2012-12-21 21:17:07 +04:00
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
if (!(md5 = winpr_Digest_New()))
|
2016-11-21 19:28:54 +03:00
|
|
|
return;
|
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
if (!winpr_Digest_Init(md5, WINPR_MD_MD5))
|
|
|
|
goto out;
|
|
|
|
|
2013-01-09 09:20:08 +04:00
|
|
|
ChannelBindingTokenLength = context->Bindings.BindingsLength - sizeof(SEC_CHANNEL_BINDINGS);
|
2014-08-18 21:34:47 +04:00
|
|
|
ChannelBindingToken = &((BYTE*) ChannelBindings)[ChannelBindings->dwApplicationDataOffset];
|
2016-11-21 19:28:54 +03:00
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->dwInitiatorAddrType))
|
|
|
|
goto out;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->cbInitiatorLength))
|
|
|
|
goto out;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->dwAcceptorAddrType))
|
|
|
|
goto out;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->cbAcceptorLength))
|
|
|
|
goto out;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->cbApplicationDataLength))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (!winpr_Digest_Update(md5, (void*) ChannelBindingToken, ChannelBindingTokenLength))
|
|
|
|
goto out;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2016-11-24 16:53:19 +03:00
|
|
|
if (!winpr_Digest_Final(md5, context->ChannelBindingsHash, WINPR_MD5_DIGEST_LENGTH))
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
out:
|
|
|
|
winpr_Digest_Free(md5);
|
2012-12-21 21:17:07 +04:00
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
void ntlm_compute_single_host_data(NTLM_CONTEXT* context)
|
2013-01-09 21:05:34 +04:00
|
|
|
{
|
2013-01-10 20:19:57 +04:00
|
|
|
/**
|
|
|
|
* The Single_Host_Data structure allows a client to send machine-specific information
|
|
|
|
* within an authentication exchange to services on the same machine. The client can
|
|
|
|
* produce additional information to be processed in an implementation-specific way when
|
|
|
|
* the client and server are on the same host. If the server and client platforms are
|
|
|
|
* different or if they are on different hosts, then the information MUST be ignored.
|
|
|
|
* Any fields after the MachineID field MUST be ignored on receipt.
|
|
|
|
*/
|
2016-04-22 15:43:40 +03:00
|
|
|
Data_Write_UINT32(&context->SingleHostData.Size, 48);
|
|
|
|
Data_Write_UINT32(&context->SingleHostData.Z4, 0);
|
|
|
|
Data_Write_UINT32(&context->SingleHostData.DataPresent, 1);
|
|
|
|
Data_Write_UINT32(&context->SingleHostData.CustomData, SECURITY_MANDATORY_MEDIUM_RID);
|
2013-01-10 20:19:57 +04:00
|
|
|
FillMemory(context->SingleHostData.MachineID, 32, 0xAA);
|
2013-01-09 21:05:34 +04:00
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
int ntlm_construct_challenge_target_info(NTLM_CONTEXT* context)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
|
|
|
int length;
|
2012-07-01 22:33:36 +04:00
|
|
|
ULONG AvPairsCount;
|
|
|
|
ULONG AvPairsLength;
|
|
|
|
LONG AvPairListSize;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* pAvPairList;
|
2012-07-01 22:33:36 +04:00
|
|
|
UNICODE_STRING NbDomainName;
|
|
|
|
UNICODE_STRING NbComputerName;
|
|
|
|
UNICODE_STRING DnsDomainName;
|
|
|
|
UNICODE_STRING DnsComputerName;
|
2013-01-11 00:30:32 +04:00
|
|
|
NbDomainName.Buffer = NULL;
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
if (ntlm_get_target_computer_name(&NbDomainName, ComputerNameNetBIOS) < 0)
|
|
|
|
return -1;
|
2013-01-11 00:30:32 +04:00
|
|
|
|
|
|
|
NbComputerName.Buffer = NULL;
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
if (ntlm_get_target_computer_name(&NbComputerName, ComputerNameNetBIOS) < 0)
|
|
|
|
return -1;
|
2013-01-11 00:30:32 +04:00
|
|
|
|
|
|
|
DnsDomainName.Buffer = NULL;
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
if (ntlm_get_target_computer_name(&DnsDomainName, ComputerNameDnsDomain) < 0)
|
|
|
|
return -1;
|
2013-01-11 00:30:32 +04:00
|
|
|
|
|
|
|
DnsComputerName.Buffer = NULL;
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
if (ntlm_get_target_computer_name(&DnsComputerName, ComputerNameDnsHostname) < 0)
|
|
|
|
return -1;
|
2012-07-01 22:33:36 +04:00
|
|
|
|
|
|
|
AvPairsCount = 5;
|
|
|
|
AvPairsLength = NbDomainName.Length + NbComputerName.Length +
|
2017-02-24 23:58:08 +03:00
|
|
|
DnsDomainName.Length + DnsComputerName.Length + 8;
|
2012-07-01 22:33:36 +04:00
|
|
|
length = ntlm_av_pair_list_size(AvPairsCount, AvPairsLength);
|
2014-06-10 22:16:02 +04:00
|
|
|
|
|
|
|
if (!sspi_SecBufferAlloc(&context->ChallengeTargetInfo, length))
|
|
|
|
return -1;
|
2012-06-20 02:06:43 +04:00
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
pAvPairList = (NTLM_AV_PAIR*) context->ChallengeTargetInfo.pvBuffer;
|
2012-07-02 05:40:33 +04:00
|
|
|
AvPairListSize = (ULONG) context->ChallengeTargetInfo.cbBuffer;
|
2012-07-01 22:33:36 +04:00
|
|
|
ntlm_av_pair_list_init(pAvPairList);
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add(pAvPairList, MsvAvNbDomainName, (PBYTE) NbDomainName.Buffer, NbDomainName.Length);
|
2017-02-24 23:58:08 +03:00
|
|
|
ntlm_av_pair_add(pAvPairList, MsvAvNbComputerName, (PBYTE) NbComputerName.Buffer,
|
|
|
|
NbComputerName.Length);
|
|
|
|
ntlm_av_pair_add(pAvPairList, MsvAvDnsDomainName, (PBYTE) DnsDomainName.Buffer,
|
|
|
|
DnsDomainName.Length);
|
|
|
|
ntlm_av_pair_add(pAvPairList, MsvAvDnsComputerName, (PBYTE) DnsComputerName.Buffer,
|
|
|
|
DnsComputerName.Length);
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add(pAvPairList, MsvAvTimestamp, context->Timestamp, sizeof(context->Timestamp));
|
2012-08-23 09:18:47 +04:00
|
|
|
ntlm_free_unicode_string(&NbDomainName);
|
|
|
|
ntlm_free_unicode_string(&NbComputerName);
|
|
|
|
ntlm_free_unicode_string(&DnsDomainName);
|
|
|
|
ntlm_free_unicode_string(&DnsComputerName);
|
2014-06-07 08:17:11 +04:00
|
|
|
return 1;
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
int ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2012-07-02 05:40:33 +04:00
|
|
|
ULONG size;
|
|
|
|
ULONG AvPairsCount;
|
|
|
|
ULONG AvPairsValueLength;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* AvTimestamp;
|
|
|
|
NTLM_AV_PAIR* AvNbDomainName;
|
|
|
|
NTLM_AV_PAIR* AvNbComputerName;
|
|
|
|
NTLM_AV_PAIR* AvDnsDomainName;
|
|
|
|
NTLM_AV_PAIR* AvDnsComputerName;
|
|
|
|
NTLM_AV_PAIR* AvDnsTreeName;
|
|
|
|
NTLM_AV_PAIR* ChallengeTargetInfo;
|
|
|
|
NTLM_AV_PAIR* AuthenticateTargetInfo;
|
2012-10-29 06:16:21 +04:00
|
|
|
AvPairsCount = 1;
|
|
|
|
AvPairsValueLength = 0;
|
2014-08-18 21:34:47 +04:00
|
|
|
ChallengeTargetInfo = (NTLM_AV_PAIR*) context->ChallengeTargetInfo.pvBuffer;
|
2012-07-02 05:40:33 +04:00
|
|
|
AvNbDomainName = ntlm_av_pair_get(ChallengeTargetInfo, MsvAvNbDomainName);
|
|
|
|
AvNbComputerName = ntlm_av_pair_get(ChallengeTargetInfo, MsvAvNbComputerName);
|
|
|
|
AvDnsDomainName = ntlm_av_pair_get(ChallengeTargetInfo, MsvAvDnsDomainName);
|
|
|
|
AvDnsComputerName = ntlm_av_pair_get(ChallengeTargetInfo, MsvAvDnsComputerName);
|
|
|
|
AvDnsTreeName = ntlm_av_pair_get(ChallengeTargetInfo, MsvAvDnsTreeName);
|
|
|
|
AvTimestamp = ntlm_av_pair_get(ChallengeTargetInfo, MsvAvTimestamp);
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvNbDomainName)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2012-07-02 05:40:33 +04:00
|
|
|
AvPairsCount++; /* MsvAvNbDomainName */
|
2016-04-22 15:43:40 +03:00
|
|
|
AvPairsValueLength += ntlm_av_pair_get_len(AvNbDomainName);
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvNbComputerName)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2012-07-02 05:40:33 +04:00
|
|
|
AvPairsCount++; /* MsvAvNbComputerName */
|
2016-04-22 15:43:40 +03:00
|
|
|
AvPairsValueLength += ntlm_av_pair_get_len(AvNbComputerName);
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvDnsDomainName)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2012-07-02 05:40:33 +04:00
|
|
|
AvPairsCount++; /* MsvAvDnsDomainName */
|
2016-04-22 15:43:40 +03:00
|
|
|
AvPairsValueLength += ntlm_av_pair_get_len(AvDnsDomainName);
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvDnsComputerName)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2012-07-02 05:40:33 +04:00
|
|
|
AvPairsCount++; /* MsvAvDnsComputerName */
|
2016-04-22 15:43:40 +03:00
|
|
|
AvPairsValueLength += ntlm_av_pair_get_len(AvDnsComputerName);
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvDnsTreeName)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2012-07-02 05:40:33 +04:00
|
|
|
AvPairsCount++; /* MsvAvDnsTreeName */
|
2016-04-22 15:43:40 +03:00
|
|
|
AvPairsValueLength += ntlm_av_pair_get_len(AvDnsTreeName);
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
AvPairsCount++; /* MsvAvTimestamp */
|
|
|
|
AvPairsValueLength += 8;
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->UseMIC)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2012-07-02 05:40:33 +04:00
|
|
|
AvPairsCount++; /* MsvAvFlags */
|
|
|
|
AvPairsValueLength += 4;
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2013-01-10 20:19:57 +04:00
|
|
|
if (context->SendSingleHostData)
|
|
|
|
{
|
|
|
|
AvPairsCount++; /* MsvAvSingleHost */
|
|
|
|
ntlm_compute_single_host_data(context);
|
|
|
|
AvPairsValueLength += context->SingleHostData.Size;
|
|
|
|
}
|
|
|
|
|
2012-10-29 06:16:21 +04:00
|
|
|
/**
|
|
|
|
* Extended Protection for Authentication:
|
|
|
|
* http://blogs.technet.com/b/srd/archive/2009/12/08/extended-protection-for-authentication.aspx
|
|
|
|
*/
|
|
|
|
|
2012-12-21 01:35:07 +04:00
|
|
|
if (!context->SuppressExtendedProtection)
|
2012-07-02 06:13:02 +04:00
|
|
|
{
|
2012-10-29 06:16:21 +04:00
|
|
|
/**
|
|
|
|
* SEC_CHANNEL_BINDINGS structure
|
|
|
|
* http://msdn.microsoft.com/en-us/library/windows/desktop/dd919963/
|
|
|
|
*/
|
2012-07-02 06:13:02 +04:00
|
|
|
AvPairsCount++; /* MsvChannelBindings */
|
|
|
|
AvPairsValueLength += 16;
|
2012-12-21 21:17:07 +04:00
|
|
|
ntlm_compute_channel_bindings(context);
|
2012-07-02 06:13:02 +04:00
|
|
|
|
|
|
|
if (context->ServicePrincipalName.Length > 0)
|
|
|
|
{
|
|
|
|
AvPairsCount++; /* MsvAvTargetName */
|
|
|
|
AvPairsValueLength += context->ServicePrincipalName.Length;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
size = ntlm_av_pair_list_size(AvPairsCount, AvPairsValueLength);
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->NTLMv2)
|
|
|
|
size += 8; /* unknown 8-byte padding */
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!sspi_SecBufferAlloc(&context->AuthenticateTargetInfo, size))
|
|
|
|
return -1;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
AuthenticateTargetInfo = (NTLM_AV_PAIR*) context->AuthenticateTargetInfo.pvBuffer;
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_list_init(AuthenticateTargetInfo);
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvNbDomainName)
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add_copy(AuthenticateTargetInfo, AvNbDomainName);
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvNbComputerName)
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add_copy(AuthenticateTargetInfo, AvNbComputerName);
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvDnsDomainName)
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add_copy(AuthenticateTargetInfo, AvDnsDomainName);
|
2012-03-19 04:30:20 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvDnsComputerName)
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add_copy(AuthenticateTargetInfo, AvDnsComputerName);
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvDnsTreeName)
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add_copy(AuthenticateTargetInfo, AvDnsTreeName);
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvTimestamp)
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add_copy(AuthenticateTargetInfo, AvTimestamp);
|
|
|
|
|
|
|
|
if (context->UseMIC)
|
2012-03-19 04:30:20 +04:00
|
|
|
{
|
2016-04-22 15:43:40 +03:00
|
|
|
UINT32 flags;
|
|
|
|
Data_Write_UINT32(&flags, MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK);
|
2012-07-02 05:40:33 +04:00
|
|
|
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4);
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|
|
|
|
|
2013-01-10 20:19:57 +04:00
|
|
|
if (context->SendSingleHostData)
|
|
|
|
{
|
|
|
|
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvSingleHost,
|
2017-02-24 23:58:08 +03:00
|
|
|
(PBYTE) &context->SingleHostData, context->SingleHostData.Size);
|
2013-01-10 20:19:57 +04:00
|
|
|
}
|
|
|
|
|
2012-12-21 01:35:07 +04:00
|
|
|
if (!context->SuppressExtendedProtection)
|
2012-07-02 06:13:02 +04:00
|
|
|
{
|
2012-12-21 21:17:07 +04:00
|
|
|
ntlm_av_pair_add(AuthenticateTargetInfo, MsvChannelBindings, context->ChannelBindingsHash, 16);
|
2012-07-02 06:13:02 +04:00
|
|
|
|
|
|
|
if (context->ServicePrincipalName.Length > 0)
|
|
|
|
{
|
|
|
|
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvTargetName,
|
2017-02-24 23:58:08 +03:00
|
|
|
(PBYTE) context->ServicePrincipalName.Buffer,
|
|
|
|
context->ServicePrincipalName.Length);
|
2012-07-02 06:13:02 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->NTLMv2)
|
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* AvEOL;
|
2012-07-02 05:40:33 +04:00
|
|
|
AvEOL = ntlm_av_pair_get(ChallengeTargetInfo, MsvAvEOL);
|
2014-08-18 21:34:47 +04:00
|
|
|
ZeroMemory((void*) AvEOL, 4);
|
2012-07-02 05:40:33 +04:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
return 1;
|
2012-03-19 04:30:20 +04:00
|
|
|
}
|