2012-02-24 06:26:00 +04:00
|
|
|
/**
|
2012-05-22 06:48:33 +04:00
|
|
|
* WinPR: Windows Portable Runtime
|
2012-02-24 06:26:00 +04:00
|
|
|
* NTLM Security Package (Message)
|
|
|
|
|
*
|
2014-06-06 06:10:08 +04:00
|
|
|
* Copyright 2011-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
2012-02-24 06:26:00 +04:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
|
*
|
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
*
|
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
|
* limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
2012-08-15 01:20:53 +04:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
#include "config.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
2012-02-24 06:26:00 +04:00
|
|
|
#include "ntlm.h"
|
|
|
|
|
#include "../sspi.h"
|
|
|
|
|
|
2012-05-25 01:05:12 +04:00
|
|
|
#include <winpr/crt.h>
|
|
|
|
|
#include <winpr/print.h>
|
2012-05-25 22:03:56 +04:00
|
|
|
#include <winpr/stream.h>
|
2012-06-20 01:26:37 +04:00
|
|
|
#include <winpr/sysinfo.h>
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2012-02-25 18:55:52 +04:00
|
|
|
#include "ntlm_compute.h"
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2012-02-25 18:55:52 +04:00
|
|
|
#include "ntlm_message.h"
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-08-18 19:22:22 +04:00
|
|
|
#include "../log.h"
|
2014-08-18 20:57:08 +04:00
|
|
|
#define TAG WINPR_TAG("sspi.NTLM")
|
2014-08-18 19:22:22 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
static const char NTLM_SIGNATURE[8] = { 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0' };
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2020-03-10 15:32:37 +03:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2019-11-06 17:24:51 +03:00
|
|
|
static const char* const NTLM_NEGOTIATE_STRINGS[] = { "NTLMSSP_NEGOTIATE_56",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_KEY_EXCH",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_128",
|
|
|
|
|
"NTLMSSP_RESERVED1",
|
|
|
|
|
"NTLMSSP_RESERVED2",
|
|
|
|
|
"NTLMSSP_RESERVED3",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_VERSION",
|
|
|
|
|
"NTLMSSP_RESERVED4",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_TARGET_INFO",
|
|
|
|
|
"NTLMSSP_REQUEST_NON_NT_SESSION_KEY",
|
|
|
|
|
"NTLMSSP_RESERVED5",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_IDENTIFY",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY",
|
|
|
|
|
"NTLMSSP_RESERVED6",
|
|
|
|
|
"NTLMSSP_TARGET_TYPE_SERVER",
|
|
|
|
|
"NTLMSSP_TARGET_TYPE_DOMAIN",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_ALWAYS_SIGN",
|
|
|
|
|
"NTLMSSP_RESERVED7",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_ANONYMOUS",
|
|
|
|
|
"NTLMSSP_RESERVED8",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_NTLM",
|
|
|
|
|
"NTLMSSP_RESERVED9",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_LM_KEY",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_DATAGRAM",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_SEAL",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_SIGN",
|
|
|
|
|
"NTLMSSP_RESERVED10",
|
|
|
|
|
"NTLMSSP_REQUEST_TARGET",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_OEM",
|
|
|
|
|
"NTLMSSP_NEGOTIATE_UNICODE" };
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static void ntlm_print_negotiate_flags(UINT32 flags)
|
2012-02-25 02:17:38 +04:00
|
|
|
{
|
|
|
|
|
int i;
|
2014-08-18 21:34:47 +04:00
|
|
|
const char* str;
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_INFO(TAG, "negotiateFlags \"0x%08" PRIX32 "\"", flags);
|
2012-02-25 02:17:38 +04:00
|
|
|
|
|
|
|
|
for (i = 31; i >= 0; i--)
|
|
|
|
|
{
|
|
|
|
|
if ((flags >> i) & 1)
|
|
|
|
|
{
|
|
|
|
|
str = NTLM_NEGOTIATE_STRINGS[(31 - i)];
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_INFO(TAG, "\t%s (%d),", str, (31 - i));
|
2012-02-25 02:17:38 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-03-10 15:32:37 +03:00
|
|
|
#endif
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static int ntlm_read_message_header(wStream* s, NTLM_MESSAGE_HEADER* header)
|
2012-06-30 00:09:14 +04:00
|
|
|
{
|
2014-06-07 08:17:11 +04:00
|
|
|
if (Stream_GetRemainingLength(s) < 12)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2014-06-07 18:50:51 +04:00
|
|
|
Stream_Read(s, header->Signature, 8);
|
2012-12-10 23:08:06 +04:00
|
|
|
Stream_Read_UINT32(s, header->MessageType);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (strncmp((char*)header->Signature, NTLM_SIGNATURE, 8) != 0)
|
2014-06-07 18:50:51 +04:00
|
|
|
return -1;
|
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
return 1;
|
2012-06-30 00:09:14 +04:00
|
|
|
}
|
|
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static void ntlm_write_message_header(wStream* s, NTLM_MESSAGE_HEADER* header)
|
2012-06-30 00:09:14 +04:00
|
|
|
{
|
2012-12-10 23:08:06 +04:00
|
|
|
Stream_Write(s, header->Signature, sizeof(NTLM_SIGNATURE));
|
|
|
|
|
Stream_Write_UINT32(s, header->MessageType);
|
2012-06-30 00:09:14 +04:00
|
|
|
}
|
|
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static void ntlm_populate_message_header(NTLM_MESSAGE_HEADER* header, UINT32 MessageType)
|
2012-06-30 00:09:14 +04:00
|
|
|
{
|
|
|
|
|
CopyMemory(header->Signature, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
|
|
|
|
|
header->MessageType = MessageType;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static int ntlm_read_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields)
|
2012-06-30 00:09:14 +04:00
|
|
|
{
|
2014-06-07 08:17:11 +04:00
|
|
|
if (Stream_GetRemainingLength(s) < 8)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
Stream_Read_UINT16(s, fields->Len); /* Len (2 bytes) */
|
|
|
|
|
Stream_Read_UINT16(s, fields->MaxLen); /* MaxLen (2 bytes) */
|
2012-12-10 23:08:06 +04:00
|
|
|
Stream_Read_UINT32(s, fields->BufferOffset); /* BufferOffset (4 bytes) */
|
2014-06-07 08:17:11 +04:00
|
|
|
return 1;
|
2012-06-30 00:09:14 +04:00
|
|
|
}
|
|
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static void ntlm_write_message_fields(wStream* s, NTLM_MESSAGE_FIELDS* fields)
|
2012-06-30 00:09:14 +04:00
|
|
|
{
|
|
|
|
|
if (fields->MaxLen < 1)
|
|
|
|
|
fields->MaxLen = fields->Len;
|
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
Stream_Write_UINT16(s, fields->Len); /* Len (2 bytes) */
|
|
|
|
|
Stream_Write_UINT16(s, fields->MaxLen); /* MaxLen (2 bytes) */
|
2012-12-10 23:08:06 +04:00
|
|
|
Stream_Write_UINT32(s, fields->BufferOffset); /* BufferOffset (4 bytes) */
|
2012-06-30 00:09:14 +04:00
|
|
|
}
|
|
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static int ntlm_read_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fields)
|
2012-06-30 02:22:39 +04:00
|
|
|
{
|
|
|
|
|
if (fields->Len > 0)
|
|
|
|
|
{
|
2018-10-22 17:59:28 +03:00
|
|
|
const UINT32 offset = fields->BufferOffset + fields->Len;
|
|
|
|
|
|
|
|
|
|
if (fields->BufferOffset > UINT32_MAX - fields->Len)
|
|
|
|
|
return -1;
|
2018-10-22 17:00:03 +03:00
|
|
|
|
|
|
|
|
if (offset > Stream_Length(s))
|
2014-06-07 18:50:51 +04:00
|
|
|
return -1;
|
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
fields->Buffer = (PBYTE)malloc(fields->Len);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
if (!fields->Buffer)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2012-12-10 23:08:06 +04:00
|
|
|
Stream_SetPosition(s, fields->BufferOffset);
|
|
|
|
|
Stream_Read(s, fields->Buffer, fields->Len);
|
2012-06-30 02:22:39 +04:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
return 1;
|
2012-06-30 02:22:39 +04:00
|
|
|
}
|
|
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static void ntlm_write_message_fields_buffer(wStream* s, NTLM_MESSAGE_FIELDS* fields)
|
2012-06-30 02:22:39 +04:00
|
|
|
{
|
|
|
|
|
if (fields->Len > 0)
|
|
|
|
|
{
|
2012-12-10 23:08:06 +04:00
|
|
|
Stream_SetPosition(s, fields->BufferOffset);
|
|
|
|
|
Stream_Write(s, fields->Buffer, fields->Len);
|
2012-06-30 02:22:39 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-22 17:00:03 +03:00
|
|
|
static void ntlm_free_message_fields_buffer(NTLM_MESSAGE_FIELDS* fields)
|
2012-08-23 09:18:47 +04:00
|
|
|
{
|
2014-06-07 08:17:11 +04:00
|
|
|
if (fields)
|
2012-08-23 09:18:47 +04:00
|
|
|
{
|
2014-06-07 08:17:11 +04:00
|
|
|
if (fields->Buffer)
|
2012-08-23 09:18:47 +04:00
|
|
|
{
|
|
|
|
|
free(fields->Buffer);
|
|
|
|
|
fields->Len = 0;
|
|
|
|
|
fields->MaxLen = 0;
|
|
|
|
|
fields->Buffer = NULL;
|
|
|
|
|
fields->BufferOffset = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-11-21 17:36:31 +03:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2018-10-22 17:00:03 +03:00
|
|
|
static void ntlm_print_message_fields(NTLM_MESSAGE_FIELDS* fields, const char* name)
|
2012-06-30 02:22:39 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_DBG(TAG, "%s (Len: %" PRIu16 " MaxLen: %" PRIu16 " BufferOffset: %" PRIu32 ")", name,
|
|
|
|
|
fields->Len, fields->MaxLen, fields->BufferOffset);
|
2012-06-30 02:22:39 +04:00
|
|
|
|
|
|
|
|
if (fields->Len > 0)
|
2014-08-18 19:22:22 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, fields->Buffer, fields->Len);
|
2012-06-30 02:22:39 +04:00
|
|
|
}
|
2018-11-21 17:36:31 +03:00
|
|
|
#endif
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
SECURITY_STATUS ntlm_read_NegotiateMessage(NTLM_CONTEXT* context, PSecBuffer buffer)
|
2012-03-01 18:13:51 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
wStream* s;
|
2017-12-11 12:25:21 +03:00
|
|
|
size_t length;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_NEGOTIATE_MESSAGE* message;
|
2013-01-31 05:39:57 +04:00
|
|
|
message = &context->NEGOTIATE_MESSAGE;
|
|
|
|
|
ZeroMemory(message, sizeof(NTLM_NEGOTIATE_MESSAGE));
|
2019-11-06 17:24:51 +03:00
|
|
|
s = Stream_New((BYTE*)buffer->pvBuffer, buffer->cbBuffer);
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (!s)
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_header(s, (NTLM_MESSAGE_HEADER*)message) < 0)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-06-07 18:50:51 +04:00
|
|
|
if (message->MessageType != MESSAGE_TYPE_NEGOTIATE)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2012-03-01 18:13:51 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
Stream_Read_UINT32(s, message->NegotiateFlags); /* NegotiateFlags (4 bytes) */
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (!((message->NegotiateFlags & NTLMSSP_REQUEST_TARGET) &&
|
2017-02-20 20:31:58 +03:00
|
|
|
(message->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM) &&
|
|
|
|
|
(message->NegotiateFlags & NTLMSSP_NEGOTIATE_UNICODE)))
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
2012-12-10 23:43:48 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2012-07-01 22:33:36 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
context->NegotiateFlags = message->NegotiateFlags;
|
2012-03-01 18:13:51 +04:00
|
|
|
|
|
|
|
|
/* only set if NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED is set */
|
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields(s, &(message->DomainName)) < 0) /* DomainNameFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
|
|
|
|
/* only set if NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED is set */
|
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields(s, &(message->Workstation)) < 0) /* WorkstationFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
2014-06-07 08:17:11 +04:00
|
|
|
{
|
|
|
|
|
if (ntlm_read_version_info(s, &(message->Version)) < 0) /* Version (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-04-30 06:35:15 +04:00
|
|
|
length = Stream_GetPosition(s);
|
2012-03-01 18:13:51 +04:00
|
|
|
buffer->cbBuffer = length;
|
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (!sspi_SecBufferAlloc(&context->NegotiateMessage, length))
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2012-05-25 01:05:12 +04:00
|
|
|
CopyMemory(context->NegotiateMessage.pvBuffer, buffer->pvBuffer, buffer->cbBuffer);
|
2012-03-01 18:13:51 +04:00
|
|
|
context->NegotiateMessage.BufferType = buffer->BufferType;
|
|
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_DBG(TAG, "NEGOTIATE_MESSAGE (length = %" PRIu32 ")", context->NegotiateMessage.cbBuffer);
|
2017-02-20 20:31:58 +03:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->NegotiateMessage.pvBuffer,
|
|
|
|
|
context->NegotiateMessage.cbBuffer);
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_print_negotiate_flags(message->NegotiateFlags);
|
2012-07-02 01:05:31 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_print_version_info(&(message->Version));
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-08-18 19:22:22 +04:00
|
|
|
#endif
|
2012-03-01 18:13:51 +04:00
|
|
|
context->state = NTLM_STATE_CHALLENGE;
|
2012-12-10 23:43:48 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2012-03-01 18:13:51 +04:00
|
|
|
return SEC_I_CONTINUE_NEEDED;
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
SECURITY_STATUS ntlm_write_NegotiateMessage(NTLM_CONTEXT* context, PSecBuffer buffer)
|
2012-02-24 06:26:00 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
wStream* s;
|
2017-12-11 12:25:21 +03:00
|
|
|
size_t length;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_NEGOTIATE_MESSAGE* message;
|
2013-01-31 05:39:57 +04:00
|
|
|
message = &context->NEGOTIATE_MESSAGE;
|
|
|
|
|
ZeroMemory(message, sizeof(NTLM_NEGOTIATE_MESSAGE));
|
2019-11-06 17:24:51 +03:00
|
|
|
s = Stream_New((BYTE*)buffer->pvBuffer, buffer->cbBuffer);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
if (!s)
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_populate_message_header((NTLM_MESSAGE_HEADER*)message, MESSAGE_TYPE_NEGOTIATE);
|
2012-06-30 00:09:14 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->NTLMv2)
|
2012-02-24 06:26:00 +04:00
|
|
|
{
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_56;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_VERSION;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_LM_KEY;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_OEM;
|
2012-02-24 06:26:00 +04:00
|
|
|
}
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_128;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_REQUEST_TARGET;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_UNICODE;
|
2012-07-02 05:40:33 +04:00
|
|
|
|
2012-04-21 01:00:00 +04:00
|
|
|
if (context->confidentiality)
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
|
2012-04-21 01:00:00 +04:00
|
|
|
|
2012-06-07 03:20:05 +04:00
|
|
|
if (context->SendVersionInfo)
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_VERSION;
|
2012-06-07 03:20:05 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_get_version_info(&(message->Version));
|
2012-07-29 04:29:02 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
context->NegotiateFlags = message->NegotiateFlags;
|
2012-07-02 01:05:31 +04:00
|
|
|
/* Message Header (12 bytes) */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_write_message_header(s, (NTLM_MESSAGE_HEADER*)message);
|
2013-01-31 05:39:57 +04:00
|
|
|
Stream_Write_UINT32(s, message->NegotiateFlags); /* NegotiateFlags (4 bytes) */
|
2012-02-24 06:26:00 +04:00
|
|
|
/* only set if NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED is set */
|
|
|
|
|
/* DomainNameFields (8 bytes) */
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_write_message_fields(s, &(message->DomainName));
|
2012-02-24 06:26:00 +04:00
|
|
|
/* only set if NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED is set */
|
|
|
|
|
/* WorkstationFields (8 bytes) */
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_write_message_fields(s, &(message->Workstation));
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_write_version_info(s, &(message->Version));
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2013-04-30 06:35:15 +04:00
|
|
|
length = Stream_GetPosition(s);
|
2012-02-24 06:26:00 +04:00
|
|
|
buffer->cbBuffer = length;
|
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (!sspi_SecBufferAlloc(&context->NegotiateMessage, length))
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2012-05-25 01:05:12 +04:00
|
|
|
CopyMemory(context->NegotiateMessage.pvBuffer, buffer->pvBuffer, buffer->cbBuffer);
|
2012-02-25 02:17:38 +04:00
|
|
|
context->NegotiateMessage.BufferType = buffer->BufferType;
|
|
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "NEGOTIATE_MESSAGE (length = %d)", length);
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, Stream_Buffer(s), length);
|
2012-07-02 01:05:31 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_print_version_info(&(message->Version));
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2014-08-18 19:22:22 +04:00
|
|
|
#endif
|
2012-02-24 06:26:00 +04:00
|
|
|
context->state = NTLM_STATE_CHALLENGE;
|
2012-12-10 23:43:48 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2012-02-24 06:26:00 +04:00
|
|
|
return SEC_I_CONTINUE_NEEDED;
|
|
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
SECURITY_STATUS ntlm_read_ChallengeMessage(NTLM_CONTEXT* context, PSecBuffer buffer)
|
2012-02-25 02:17:38 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
wStream* s;
|
2012-02-25 02:17:38 +04:00
|
|
|
int length;
|
2012-06-29 18:58:44 +04:00
|
|
|
PBYTE StartOffset;
|
|
|
|
|
PBYTE PayloadOffset;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* AvTimestamp;
|
|
|
|
|
NTLM_CHALLENGE_MESSAGE* message;
|
2012-03-19 02:14:20 +04:00
|
|
|
ntlm_generate_client_challenge(context);
|
2013-01-31 05:39:57 +04:00
|
|
|
message = &context->CHALLENGE_MESSAGE;
|
|
|
|
|
ZeroMemory(message, sizeof(NTLM_CHALLENGE_MESSAGE));
|
2019-11-06 17:24:51 +03:00
|
|
|
s = Stream_New((BYTE*)buffer->pvBuffer, buffer->cbBuffer);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
if (!s)
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2012-12-10 23:08:06 +04:00
|
|
|
StartOffset = Stream_Pointer(s);
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_header(s, (NTLM_MESSAGE_HEADER*)message) < 0)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-02-25 18:55:52 +04:00
|
|
|
|
2014-06-07 18:50:51 +04:00
|
|
|
if (message->MessageType != MESSAGE_TYPE_CHALLENGE)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2012-03-01 18:13:51 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields(s, &(message->TargetName)) < 0) /* TargetNameFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
if (Stream_GetRemainingLength(s) < 4)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
Stream_Read_UINT32(s, message->NegotiateFlags); /* NegotiateFlags (4 bytes) */
|
|
|
|
|
context->NegotiateFlags = message->NegotiateFlags;
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (Stream_GetRemainingLength(s) < 8)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
Stream_Read(s, message->ServerChallenge, 8); /* ServerChallenge (8 bytes) */
|
|
|
|
|
CopyMemory(context->ServerChallenge, message->ServerChallenge, 8);
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (Stream_GetRemainingLength(s) < 8)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
Stream_Read(s, message->Reserved, 8); /* Reserved (8 bytes), should be ignored */
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields(s, &(message->TargetInfo)) < 0) /* TargetInfoFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
|
|
|
|
if (context->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
2014-06-07 08:17:11 +04:00
|
|
|
{
|
|
|
|
|
if (ntlm_read_version_info(s, &(message->Version)) < 0) /* Version (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
|
|
|
|
/* Payload (variable) */
|
2012-12-10 23:08:06 +04:00
|
|
|
PayloadOffset = Stream_Pointer(s);
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->TargetName.Len > 0)
|
2014-06-07 08:17:11 +04:00
|
|
|
{
|
|
|
|
|
if (ntlm_read_message_fields_buffer(s, &(message->TargetName)) < 0)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->TargetInfo.Len > 0)
|
2012-02-25 02:17:38 +04:00
|
|
|
{
|
2018-10-22 17:59:28 +03:00
|
|
|
size_t cbAvTimestamp;
|
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields_buffer(s, &(message->TargetInfo)) < 0)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
context->ChallengeTargetInfo.pvBuffer = message->TargetInfo.Buffer;
|
|
|
|
|
context->ChallengeTargetInfo.cbBuffer = message->TargetInfo.Len;
|
2019-04-05 10:22:50 +03:00
|
|
|
AvTimestamp = ntlm_av_pair_get((NTLM_AV_PAIR*)message->TargetInfo.Buffer,
|
2019-11-06 17:24:51 +03:00
|
|
|
message->TargetInfo.Len, MsvAvTimestamp, &cbAvTimestamp);
|
2012-07-02 05:40:33 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvTimestamp)
|
2012-02-25 02:17:38 +04:00
|
|
|
{
|
2019-03-18 04:20:10 +03:00
|
|
|
PBYTE ptr = ntlm_av_pair_get_value_pointer(AvTimestamp);
|
2018-10-22 17:59:28 +03:00
|
|
|
|
|
|
|
|
if (!ptr)
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
|
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->NTLMv2)
|
|
|
|
|
context->UseMIC = TRUE;
|
|
|
|
|
|
2018-10-22 17:59:28 +03:00
|
|
|
CopyMemory(context->ChallengeTimestamp, ptr, 8);
|
2012-02-25 02:17:38 +04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
length = (PayloadOffset - StartOffset) + message->TargetName.Len + message->TargetInfo.Len;
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (!sspi_SecBufferAlloc(&context->ChallengeMessage, length))
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2012-05-25 01:05:12 +04:00
|
|
|
CopyMemory(context->ChallengeMessage.pvBuffer, StartOffset, length);
|
2012-02-25 02:17:38 +04:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "CHALLENGE_MESSAGE (length = %d)", length);
|
2017-02-20 20:31:58 +03:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ChallengeMessage.pvBuffer,
|
|
|
|
|
context->ChallengeMessage.cbBuffer);
|
2012-07-01 22:33:36 +04:00
|
|
|
ntlm_print_negotiate_flags(context->NegotiateFlags);
|
|
|
|
|
|
|
|
|
|
if (context->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_print_version_info(&(message->Version));
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_print_message_fields(&(message->TargetName), "TargetName");
|
|
|
|
|
ntlm_print_message_fields(&(message->TargetInfo), "TargetInfo");
|
2012-07-30 22:52:50 +04:00
|
|
|
|
|
|
|
|
if (context->ChallengeTargetInfo.cbBuffer > 0)
|
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_DBG(TAG, "ChallengeTargetInfo (%" PRIu32 "):", context->ChallengeTargetInfo.cbBuffer);
|
2018-11-21 11:18:38 +03:00
|
|
|
ntlm_print_av_pair_list(context->ChallengeTargetInfo.pvBuffer,
|
|
|
|
|
context->ChallengeTargetInfo.cbBuffer);
|
2012-07-30 22:52:50 +04:00
|
|
|
}
|
2014-08-18 19:22:22 +04:00
|
|
|
|
2012-02-25 02:17:38 +04:00
|
|
|
#endif
|
|
|
|
|
/* AV_PAIRs */
|
2012-06-30 00:43:07 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->NTLMv2)
|
|
|
|
|
{
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_construct_authenticate_target_info(context) < 0)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2012-11-19 22:26:56 +04:00
|
|
|
sspi_SecBufferFree(&context->ChallengeTargetInfo);
|
2012-07-02 05:40:33 +04:00
|
|
|
context->ChallengeTargetInfo.pvBuffer = context->AuthenticateTargetInfo.pvBuffer;
|
|
|
|
|
context->ChallengeTargetInfo.cbBuffer = context->AuthenticateTargetInfo.cbBuffer;
|
|
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
ntlm_generate_timestamp(context); /* Timestamp */
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_compute_lm_v2_response(context) < 0) /* LmChallengeResponse */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_compute_ntlm_v2_response(context) < 0) /* NtChallengeResponse */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_generate_key_exchange_key(context); /* KeyExchangeKey */
|
|
|
|
|
ntlm_generate_random_session_key(context); /* RandomSessionKey */
|
2014-06-07 08:17:11 +04:00
|
|
|
ntlm_generate_exported_session_key(context); /* ExportedSessionKey */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_encrypt_random_session_key(context); /* EncryptedRandomSessionKey */
|
2012-02-25 02:17:38 +04:00
|
|
|
/* Generate signing keys */
|
|
|
|
|
ntlm_generate_client_signing_key(context);
|
|
|
|
|
ntlm_generate_server_signing_key(context);
|
|
|
|
|
/* Generate sealing keys */
|
|
|
|
|
ntlm_generate_client_sealing_key(context);
|
|
|
|
|
ntlm_generate_server_sealing_key(context);
|
|
|
|
|
/* Initialize RC4 seal state using client sealing key */
|
|
|
|
|
ntlm_init_rc4_seal_states(context);
|
|
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ClientChallenge");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ClientChallenge, 8);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ServerChallenge");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ServerChallenge, 8);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "SessionBaseKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->SessionBaseKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "KeyExchangeKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->KeyExchangeKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ExportedSessionKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ExportedSessionKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "RandomSessionKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->RandomSessionKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ClientSigningKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ClientSigningKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ClientSealingKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ClientSealingKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ServerSigningKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ServerSigningKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ServerSealingKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ServerSealingKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "Timestamp");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->Timestamp, 8);
|
2012-02-25 02:17:38 +04:00
|
|
|
#endif
|
2012-02-25 18:55:52 +04:00
|
|
|
context->state = NTLM_STATE_AUTHENTICATE;
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_free_message_fields_buffer(&(message->TargetName));
|
2012-12-10 23:43:48 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2012-02-25 02:17:38 +04:00
|
|
|
return SEC_I_CONTINUE_NEEDED;
|
|
|
|
|
}
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
SECURITY_STATUS ntlm_write_ChallengeMessage(NTLM_CONTEXT* context, PSecBuffer buffer)
|
2012-03-01 18:13:51 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
wStream* s;
|
2017-12-11 12:25:21 +03:00
|
|
|
size_t length;
|
2012-05-23 11:58:47 +04:00
|
|
|
UINT32 PayloadOffset;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_CHALLENGE_MESSAGE* message;
|
2013-01-31 05:39:57 +04:00
|
|
|
message = &context->CHALLENGE_MESSAGE;
|
|
|
|
|
ZeroMemory(message, sizeof(NTLM_CHALLENGE_MESSAGE));
|
2019-11-06 17:24:51 +03:00
|
|
|
s = Stream_New((BYTE*)buffer->pvBuffer, buffer->cbBuffer);
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (!s)
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
ntlm_get_version_info(&(message->Version)); /* Version */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_generate_server_challenge(context); /* Server Challenge */
|
|
|
|
|
ntlm_generate_timestamp(context); /* Timestamp */
|
2012-03-19 02:14:20 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_construct_challenge_target_info(context) < 0) /* TargetInfo */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
CopyMemory(message->ServerChallenge, context->ServerChallenge, 8); /* ServerChallenge */
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags = context->NegotiateFlags;
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_populate_message_header((NTLM_MESSAGE_HEADER*)message, MESSAGE_TYPE_CHALLENGE);
|
2012-06-30 00:09:14 +04:00
|
|
|
/* Message Header (12 bytes) */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_write_message_header(s, (NTLM_MESSAGE_HEADER*)message);
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_REQUEST_TARGET)
|
2012-03-19 02:14:20 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
message->TargetName.Len = (UINT16)context->TargetName.cbBuffer;
|
|
|
|
|
message->TargetName.Buffer = (PBYTE)context->TargetName.pvBuffer;
|
2012-03-19 02:14:20 +04:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_TARGET_INFO)
|
2012-03-19 02:14:20 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
message->TargetInfo.Len = (UINT16)context->ChallengeTargetInfo.cbBuffer;
|
|
|
|
|
message->TargetInfo.Buffer = (PBYTE)context->ChallengeTargetInfo.pvBuffer;
|
2012-03-19 02:14:20 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PayloadOffset = 48;
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
2012-03-19 02:14:20 +04:00
|
|
|
PayloadOffset += 8;
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
message->TargetName.BufferOffset = PayloadOffset;
|
|
|
|
|
message->TargetInfo.BufferOffset = message->TargetName.BufferOffset + message->TargetName.Len;
|
2012-03-01 18:13:51 +04:00
|
|
|
/* TargetNameFields (8 bytes) */
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_write_message_fields(s, &(message->TargetName));
|
|
|
|
|
Stream_Write_UINT32(s, message->NegotiateFlags); /* NegotiateFlags (4 bytes) */
|
2019-11-06 17:24:51 +03:00
|
|
|
Stream_Write(s, message->ServerChallenge, 8); /* ServerChallenge (8 bytes) */
|
|
|
|
|
Stream_Write(s, message->Reserved, 8); /* Reserved (8 bytes), should be ignored */
|
2012-03-01 18:13:51 +04:00
|
|
|
/* TargetInfoFields (8 bytes) */
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_write_message_fields(s, &(message->TargetInfo));
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_write_version_info(s, &(message->Version)); /* Version (8 bytes) */
|
2012-03-01 18:13:51 +04:00
|
|
|
|
|
|
|
|
/* Payload (variable) */
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_REQUEST_TARGET)
|
|
|
|
|
ntlm_write_message_fields_buffer(s, &(message->TargetName));
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_TARGET_INFO)
|
|
|
|
|
ntlm_write_message_fields_buffer(s, &(message->TargetInfo));
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-04-30 06:35:15 +04:00
|
|
|
length = Stream_GetPosition(s);
|
2012-03-05 06:56:41 +04:00
|
|
|
buffer->cbBuffer = length;
|
|
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (!sspi_SecBufferAlloc(&context->ChallengeMessage, length))
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2013-05-15 20:14:26 +04:00
|
|
|
CopyMemory(context->ChallengeMessage.pvBuffer, Stream_Buffer(s), length);
|
2012-03-05 06:56:41 +04:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "CHALLENGE_MESSAGE (length = %d)", length);
|
2017-02-20 20:31:58 +03:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ChallengeMessage.pvBuffer,
|
|
|
|
|
context->ChallengeMessage.cbBuffer);
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_print_negotiate_flags(message->NegotiateFlags);
|
2012-07-02 01:05:31 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_print_version_info(&(message->Version));
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_print_message_fields(&(message->TargetName), "TargetName");
|
|
|
|
|
ntlm_print_message_fields(&(message->TargetInfo), "TargetInfo");
|
2012-03-05 06:56:41 +04:00
|
|
|
#endif
|
2012-03-01 18:13:51 +04:00
|
|
|
context->state = NTLM_STATE_AUTHENTICATE;
|
2012-12-10 23:43:48 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2012-03-01 18:13:51 +04:00
|
|
|
return SEC_I_CONTINUE_NEEDED;
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
SECURITY_STATUS ntlm_read_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer buffer)
|
2012-03-01 18:13:51 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
wStream* s;
|
2017-12-11 12:25:21 +03:00
|
|
|
size_t length;
|
2012-07-02 03:43:13 +04:00
|
|
|
UINT32 flags;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* AvFlags;
|
2012-07-02 01:05:31 +04:00
|
|
|
UINT32 PayloadBufferOffset;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AUTHENTICATE_MESSAGE* message;
|
|
|
|
|
SSPI_CREDENTIALS* credentials = context->credentials;
|
2012-07-02 03:43:13 +04:00
|
|
|
flags = 0;
|
|
|
|
|
AvFlags = NULL;
|
2013-01-31 05:39:57 +04:00
|
|
|
message = &context->AUTHENTICATE_MESSAGE;
|
|
|
|
|
ZeroMemory(message, sizeof(NTLM_AUTHENTICATE_MESSAGE));
|
2019-11-06 17:24:51 +03:00
|
|
|
s = Stream_New((BYTE*)buffer->pvBuffer, buffer->cbBuffer);
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (!s)
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_header(s, (NTLM_MESSAGE_HEADER*)message) < 0)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-06-07 18:50:51 +04:00
|
|
|
if (message->MessageType != MESSAGE_TYPE_AUTHENTICATE)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2012-03-01 18:13:51 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_fields(s, &(message->LmChallengeResponse)) <
|
|
|
|
|
0) /* LmChallengeResponseFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_fields(s, &(message->NtChallengeResponse)) <
|
|
|
|
|
0) /* NtChallengeResponseFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields(s, &(message->DomainName)) < 0) /* DomainNameFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields(s, &(message->UserName)) < 0) /* UserNameFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields(s, &(message->Workstation)) < 0) /* WorkstationFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_fields(s, &(message->EncryptedRandomSessionKey)) <
|
|
|
|
|
0) /* EncryptedRandomSessionKeyFields (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
Stream_Read_UINT32(s, message->NegotiateFlags); /* NegotiateFlags (4 bytes) */
|
2019-11-06 17:24:51 +03:00
|
|
|
context->NegotiateKeyExchange =
|
|
|
|
|
(message->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH) ? TRUE : FALSE;
|
2014-06-10 22:16:02 +04:00
|
|
|
|
2014-06-18 22:42:35 +04:00
|
|
|
if ((context->NegotiateKeyExchange && !message->EncryptedRandomSessionKey.Len) ||
|
2017-02-20 20:31:58 +03:00
|
|
|
(!context->NegotiateKeyExchange && message->EncryptedRandomSessionKey.Len))
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-18 22:42:35 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-10 22:16:02 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
2014-06-07 08:17:11 +04:00
|
|
|
{
|
|
|
|
|
if (ntlm_read_version_info(s, &(message->Version)) < 0) /* Version (8 bytes) */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
}
|
2012-03-01 18:13:51 +04:00
|
|
|
|
2013-04-30 06:35:15 +04:00
|
|
|
PayloadBufferOffset = Stream_GetPosition(s);
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields_buffer(s, &(message->DomainName)) < 0) /* DomainName */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields_buffer(s, &(message->UserName)) < 0) /* UserName */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (ntlm_read_message_fields_buffer(s, &(message->Workstation)) < 0) /* Workstation */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_fields_buffer(s, &(message->LmChallengeResponse)) <
|
|
|
|
|
0) /* LmChallengeResponse */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_fields_buffer(s, &(message->NtChallengeResponse)) <
|
|
|
|
|
0) /* NtChallengeResponse */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NtChallengeResponse.Len > 0)
|
2012-03-19 02:14:20 +04:00
|
|
|
{
|
2018-10-22 17:59:28 +03:00
|
|
|
size_t cbAvFlags;
|
2019-11-06 17:24:51 +03:00
|
|
|
wStream* snt =
|
|
|
|
|
Stream_New(message->NtChallengeResponse.Buffer, message->NtChallengeResponse.Len);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
if (!snt)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2014-06-11 00:38:16 +04:00
|
|
|
if (ntlm_read_ntlm_v2_response(snt, &(context->NTLMv2Response)) < 0)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
|
|
|
|
Stream_Free(snt, FALSE);
|
2014-06-07 18:50:51 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
Stream_Free(snt, FALSE);
|
2013-01-31 05:39:57 +04:00
|
|
|
context->NtChallengeResponse.pvBuffer = message->NtChallengeResponse.Buffer;
|
|
|
|
|
context->NtChallengeResponse.cbBuffer = message->NtChallengeResponse.Len;
|
2014-06-10 22:16:02 +04:00
|
|
|
sspi_SecBufferFree(&(context->ChallengeTargetInfo));
|
2019-11-06 17:24:51 +03:00
|
|
|
context->ChallengeTargetInfo.pvBuffer = (void*)context->NTLMv2Response.Challenge.AvPairs;
|
2013-01-31 05:39:57 +04:00
|
|
|
context->ChallengeTargetInfo.cbBuffer = message->NtChallengeResponse.Len - (28 + 16);
|
2014-06-11 00:38:16 +04:00
|
|
|
CopyMemory(context->ClientChallenge, context->NTLMv2Response.Challenge.ClientChallenge, 8);
|
2019-11-06 17:24:51 +03:00
|
|
|
AvFlags =
|
|
|
|
|
ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs,
|
|
|
|
|
context->NTLMv2Response.Challenge.cbAvPairs, MsvAvFlags, &cbAvFlags);
|
2012-07-02 01:05:31 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (AvFlags)
|
2019-03-18 04:20:10 +03:00
|
|
|
Data_Read_UINT32(ntlm_av_pair_get_value_pointer(AvFlags), flags);
|
2012-06-30 02:22:39 +04:00
|
|
|
}
|
2012-03-19 06:02:23 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (ntlm_read_message_fields_buffer(s, &(message->EncryptedRandomSessionKey)) <
|
|
|
|
|
0) /* EncryptedRandomSessionKey */
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2014-06-18 22:42:35 +04:00
|
|
|
if (message->EncryptedRandomSessionKey.Len > 0)
|
|
|
|
|
{
|
|
|
|
|
if (message->EncryptedRandomSessionKey.Len != 16)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-18 22:42:35 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-18 22:42:35 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
CopyMemory(context->EncryptedRandomSessionKey, message->EncryptedRandomSessionKey.Buffer,
|
|
|
|
|
16);
|
2014-06-18 22:42:35 +04:00
|
|
|
}
|
2012-03-19 06:02:23 +04:00
|
|
|
|
2013-04-30 06:35:15 +04:00
|
|
|
length = Stream_GetPosition(s);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
if (!sspi_SecBufferAlloc(&context->AuthenticateMessage, length))
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-08-18 19:22:22 +04:00
|
|
|
|
2013-05-15 20:14:26 +04:00
|
|
|
CopyMemory(context->AuthenticateMessage.pvBuffer, Stream_Buffer(s), length);
|
2012-07-02 03:43:13 +04:00
|
|
|
buffer->cbBuffer = length;
|
2012-12-10 23:08:06 +04:00
|
|
|
Stream_SetPosition(s, PayloadBufferOffset);
|
2012-07-02 01:05:31 +04:00
|
|
|
|
|
|
|
|
if (flags & MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK)
|
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
context->MessageIntegrityCheckOffset = (UINT32)Stream_GetPosition(s);
|
2014-06-07 18:50:51 +04:00
|
|
|
|
|
|
|
|
if (Stream_GetRemainingLength(s) < 16)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 18:50:51 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 18:50:51 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
Stream_Read(s, message->MessageIntegrityCheck, 16);
|
2012-07-02 01:05:31 +04:00
|
|
|
}
|
|
|
|
|
|
2012-03-19 02:14:20 +04:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_DBG(TAG, "AUTHENTICATE_MESSAGE (length = %" PRIu32 ")",
|
|
|
|
|
context->AuthenticateMessage.cbBuffer);
|
2017-02-20 20:31:58 +03:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->AuthenticateMessage.pvBuffer,
|
|
|
|
|
context->AuthenticateMessage.cbBuffer);
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_print_version_info(&(message->Version));
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_print_message_fields(&(message->DomainName), "DomainName");
|
|
|
|
|
ntlm_print_message_fields(&(message->UserName), "UserName");
|
|
|
|
|
ntlm_print_message_fields(&(message->Workstation), "Workstation");
|
|
|
|
|
ntlm_print_message_fields(&(message->LmChallengeResponse), "LmChallengeResponse");
|
|
|
|
|
ntlm_print_message_fields(&(message->NtChallengeResponse), "NtChallengeResponse");
|
|
|
|
|
ntlm_print_message_fields(&(message->EncryptedRandomSessionKey), "EncryptedRandomSessionKey");
|
2018-11-21 11:18:38 +03:00
|
|
|
ntlm_print_av_pair_list(context->NTLMv2Response.Challenge.AvPairs,
|
|
|
|
|
context->NTLMv2Response.Challenge.cbAvPairs);
|
2012-07-02 01:05:31 +04:00
|
|
|
|
|
|
|
|
if (flags & MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK)
|
|
|
|
|
{
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "MessageIntegrityCheck:");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, message->MessageIntegrityCheck, 16);
|
2012-07-02 01:05:31 +04:00
|
|
|
}
|
2014-08-18 19:22:22 +04:00
|
|
|
|
2012-03-19 02:14:20 +04:00
|
|
|
#endif
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->UserName.Len > 0)
|
2012-06-15 18:38:02 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
credentials->identity.User = (UINT16*)malloc(message->UserName.Len);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2014-06-09 23:25:00 +04:00
|
|
|
if (!credentials->identity.User)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2014-06-09 23:25:00 +04:00
|
|
|
CopyMemory(credentials->identity.User, message->UserName.Buffer, message->UserName.Len);
|
|
|
|
|
credentials->identity.UserLength = message->UserName.Len / 2;
|
2012-06-15 18:38:02 +04:00
|
|
|
}
|
2012-06-04 03:59:35 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->DomainName.Len > 0)
|
2012-06-04 03:59:35 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
credentials->identity.Domain = (UINT16*)malloc(message->DomainName.Len);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2014-06-09 23:25:00 +04:00
|
|
|
if (!credentials->identity.Domain)
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
CopyMemory(credentials->identity.Domain, message->DomainName.Buffer,
|
|
|
|
|
message->DomainName.Len);
|
2014-06-09 23:25:00 +04:00
|
|
|
credentials->identity.DomainLength = message->DomainName.Len / 2;
|
|
|
|
|
}
|
|
|
|
|
|
2012-12-10 23:43:48 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2014-06-11 00:38:16 +04:00
|
|
|
/* Computations beyond this point require the NTLM hash of the password */
|
|
|
|
|
context->state = NTLM_STATE_COMPLETION;
|
2012-03-01 18:13:51 +04:00
|
|
|
return SEC_I_COMPLETE_NEEDED;
|
|
|
|
|
}
|
|
|
|
|
|
2012-02-25 20:48:08 +04:00
|
|
|
/**
|
|
|
|
|
* Send NTLMSSP AUTHENTICATE_MESSAGE.\n
|
|
|
|
|
* AUTHENTICATE_MESSAGE @msdn{cc236643}
|
|
|
|
|
* @param NTLM context
|
|
|
|
|
* @param buffer
|
|
|
|
|
*/
|
|
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer buffer)
|
2012-02-25 20:48:08 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
wStream* s;
|
2017-12-11 12:25:21 +03:00
|
|
|
size_t length;
|
2012-05-23 11:58:47 +04:00
|
|
|
UINT32 PayloadBufferOffset;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AUTHENTICATE_MESSAGE* message;
|
|
|
|
|
SSPI_CREDENTIALS* credentials = context->credentials;
|
2013-01-31 05:39:57 +04:00
|
|
|
message = &context->AUTHENTICATE_MESSAGE;
|
|
|
|
|
ZeroMemory(message, sizeof(NTLM_AUTHENTICATE_MESSAGE));
|
2019-11-06 17:24:51 +03:00
|
|
|
s = Stream_New((BYTE*)buffer->pvBuffer, buffer->cbBuffer);
|
2014-06-07 08:17:11 +04:00
|
|
|
|
|
|
|
|
if (!s)
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->NTLMv2)
|
2012-02-25 20:48:08 +04:00
|
|
|
{
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_56;
|
2013-01-31 04:47:27 +04:00
|
|
|
|
|
|
|
|
if (context->SendVersionInfo)
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_VERSION;
|
2012-02-25 20:48:08 +04:00
|
|
|
}
|
|
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->UseMIC)
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
|
2012-07-02 05:40:33 +04:00
|
|
|
|
2013-01-31 04:47:27 +04:00
|
|
|
if (context->SendWorkstationName)
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
|
2013-01-31 04:47:27 +04:00
|
|
|
|
2012-07-30 22:52:50 +04:00
|
|
|
if (context->confidentiality)
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
|
|
|
|
|
|
|
|
|
|
if (context->CHALLENGE_MESSAGE.NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
|
2012-07-30 22:52:50 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_128;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_REQUEST_TARGET;
|
|
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_UNICODE;
|
2012-07-02 05:40:33 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_get_version_info(&(message->Version));
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
|
2012-07-30 22:52:50 +04:00
|
|
|
{
|
2013-01-31 05:39:57 +04:00
|
|
|
message->Workstation.Len = context->Workstation.Length;
|
2019-11-06 17:24:51 +03:00
|
|
|
message->Workstation.Buffer = (BYTE*)context->Workstation.Buffer;
|
2012-07-30 22:52:50 +04:00
|
|
|
}
|
2012-07-02 01:05:31 +04:00
|
|
|
|
2014-06-09 23:25:00 +04:00
|
|
|
if (credentials->identity.DomainLength > 0)
|
2013-01-31 04:47:27 +04:00
|
|
|
{
|
2013-01-31 05:39:57 +04:00
|
|
|
message->NegotiateFlags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
|
2019-11-06 17:24:51 +03:00
|
|
|
message->DomainName.Len = (UINT16)credentials->identity.DomainLength * 2;
|
|
|
|
|
message->DomainName.Buffer = (BYTE*)credentials->identity.Domain;
|
2013-01-31 04:47:27 +04:00
|
|
|
}
|
2012-07-02 01:05:31 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
message->UserName.Len = (UINT16)credentials->identity.UserLength * 2;
|
|
|
|
|
message->UserName.Buffer = (BYTE*)credentials->identity.User;
|
|
|
|
|
message->LmChallengeResponse.Len = (UINT16)context->LmChallengeResponse.cbBuffer;
|
|
|
|
|
message->LmChallengeResponse.Buffer = (BYTE*)context->LmChallengeResponse.pvBuffer;
|
|
|
|
|
message->NtChallengeResponse.Len = (UINT16)context->NtChallengeResponse.cbBuffer;
|
|
|
|
|
message->NtChallengeResponse.Buffer = (BYTE*)context->NtChallengeResponse.pvBuffer;
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
|
2013-01-31 04:47:27 +04:00
|
|
|
{
|
2013-01-31 05:39:57 +04:00
|
|
|
message->EncryptedRandomSessionKey.Len = 16;
|
|
|
|
|
message->EncryptedRandomSessionKey.Buffer = context->EncryptedRandomSessionKey;
|
2013-01-31 04:47:27 +04:00
|
|
|
}
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2012-07-02 01:05:31 +04:00
|
|
|
PayloadBufferOffset = 64;
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
2013-01-31 04:47:27 +04:00
|
|
|
PayloadBufferOffset += 8; /* Version (8 bytes) */
|
|
|
|
|
|
|
|
|
|
if (context->UseMIC)
|
|
|
|
|
PayloadBufferOffset += 16; /* Message Integrity Check (16 bytes) */
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
message->DomainName.BufferOffset = PayloadBufferOffset;
|
|
|
|
|
message->UserName.BufferOffset = message->DomainName.BufferOffset + message->DomainName.Len;
|
|
|
|
|
message->Workstation.BufferOffset = message->UserName.BufferOffset + message->UserName.Len;
|
2019-11-06 17:24:51 +03:00
|
|
|
message->LmChallengeResponse.BufferOffset =
|
|
|
|
|
message->Workstation.BufferOffset + message->Workstation.Len;
|
|
|
|
|
message->NtChallengeResponse.BufferOffset =
|
|
|
|
|
message->LmChallengeResponse.BufferOffset + message->LmChallengeResponse.Len;
|
|
|
|
|
message->EncryptedRandomSessionKey.BufferOffset =
|
|
|
|
|
message->NtChallengeResponse.BufferOffset + message->NtChallengeResponse.Len;
|
|
|
|
|
ntlm_populate_message_header((NTLM_MESSAGE_HEADER*)message, MESSAGE_TYPE_AUTHENTICATE);
|
|
|
|
|
ntlm_write_message_header(s, (NTLM_MESSAGE_HEADER*)message); /* Message Header (12 bytes) */
|
|
|
|
|
ntlm_write_message_fields(
|
|
|
|
|
s, &(message->LmChallengeResponse)); /* LmChallengeResponseFields (8 bytes) */
|
|
|
|
|
ntlm_write_message_fields(
|
|
|
|
|
s, &(message->NtChallengeResponse)); /* NtChallengeResponseFields (8 bytes) */
|
|
|
|
|
ntlm_write_message_fields(s, &(message->DomainName)); /* DomainNameFields (8 bytes) */
|
|
|
|
|
ntlm_write_message_fields(s, &(message->UserName)); /* UserNameFields (8 bytes) */
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_write_message_fields(s, &(message->Workstation)); /* WorkstationFields (8 bytes) */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_write_message_fields(
|
|
|
|
|
s, &(message->EncryptedRandomSessionKey)); /* EncryptedRandomSessionKeyFields (8 bytes) */
|
2013-01-31 05:39:57 +04:00
|
|
|
Stream_Write_UINT32(s, message->NegotiateFlags); /* NegotiateFlags (4 bytes) */
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_write_version_info(s, &(message->Version)); /* Version (8 bytes) */
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->UseMIC)
|
2012-02-25 20:48:08 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
context->MessageIntegrityCheckOffset = (UINT32)Stream_GetPosition(s);
|
2013-01-31 04:47:27 +04:00
|
|
|
Stream_Zero(s, 16); /* Message Integrity Check (16 bytes) */
|
2012-02-25 20:48:08 +04:00
|
|
|
}
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
|
|
|
|
|
ntlm_write_message_fields_buffer(s, &(message->DomainName)); /* DomainName */
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_write_message_fields_buffer(s, &(message->UserName)); /* UserName */
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
|
|
|
|
|
ntlm_write_message_fields_buffer(s, &(message->Workstation)); /* Workstation */
|
2012-06-30 02:22:39 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_write_message_fields_buffer(s, &(message->LmChallengeResponse)); /* LmChallengeResponse */
|
|
|
|
|
ntlm_write_message_fields_buffer(s, &(message->NtChallengeResponse)); /* NtChallengeResponse */
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_write_message_fields_buffer(
|
|
|
|
|
s, &(message->EncryptedRandomSessionKey)); /* EncryptedRandomSessionKey */
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2013-04-30 06:35:15 +04:00
|
|
|
length = Stream_GetPosition(s);
|
2014-08-18 19:22:22 +04:00
|
|
|
|
2014-06-07 08:17:11 +04:00
|
|
|
if (!sspi_SecBufferAlloc(&context->AuthenticateMessage, length))
|
2018-08-20 10:52:24 +03:00
|
|
|
{
|
|
|
|
|
Stream_Free(s, FALSE);
|
2014-06-07 08:17:11 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2018-08-20 10:52:24 +03:00
|
|
|
}
|
2014-06-07 08:17:11 +04:00
|
|
|
|
2013-05-15 20:14:26 +04:00
|
|
|
CopyMemory(context->AuthenticateMessage.pvBuffer, Stream_Buffer(s), length);
|
2012-02-27 05:07:42 +04:00
|
|
|
buffer->cbBuffer = length;
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->UseMIC)
|
2012-02-25 20:48:08 +04:00
|
|
|
{
|
|
|
|
|
/* Message Integrity Check */
|
2018-04-17 16:03:27 +03:00
|
|
|
ntlm_compute_message_integrity_check(context, message->MessageIntegrityCheck, 16);
|
2014-06-11 00:38:16 +04:00
|
|
|
Stream_SetPosition(s, context->MessageIntegrityCheckOffset);
|
2018-04-17 16:03:27 +03:00
|
|
|
Stream_Write(s, message->MessageIntegrityCheck, 16);
|
2012-12-10 23:08:06 +04:00
|
|
|
Stream_SetPosition(s, length);
|
2012-02-25 20:48:08 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "AUTHENTICATE_MESSAGE (length = %d)", length);
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, Stream_Buffer(s), length);
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_print_negotiate_flags(message->NegotiateFlags);
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
|
|
|
|
ntlm_print_version_info(&(message->Version));
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2012-07-30 22:52:50 +04:00
|
|
|
if (context->AuthenticateTargetInfo.cbBuffer > 0)
|
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_DBG(TAG,
|
|
|
|
|
"AuthenticateTargetInfo (%" PRIu32 "):", context->AuthenticateTargetInfo.cbBuffer);
|
2018-11-21 11:18:38 +03:00
|
|
|
ntlm_print_av_pair_list(context->AuthenticateTargetInfo.pvBuffer,
|
|
|
|
|
context->AuthenticateTargetInfo.cbBuffer);
|
2012-07-30 22:52:50 +04:00
|
|
|
}
|
|
|
|
|
|
2013-01-31 05:39:57 +04:00
|
|
|
ntlm_print_message_fields(&(message->DomainName), "DomainName");
|
|
|
|
|
ntlm_print_message_fields(&(message->UserName), "UserName");
|
|
|
|
|
ntlm_print_message_fields(&(message->Workstation), "Workstation");
|
|
|
|
|
ntlm_print_message_fields(&(message->LmChallengeResponse), "LmChallengeResponse");
|
|
|
|
|
ntlm_print_message_fields(&(message->NtChallengeResponse), "NtChallengeResponse");
|
|
|
|
|
ntlm_print_message_fields(&(message->EncryptedRandomSessionKey), "EncryptedRandomSessionKey");
|
2012-07-01 22:33:36 +04:00
|
|
|
|
2012-07-02 05:40:33 +04:00
|
|
|
if (context->UseMIC)
|
2012-07-01 22:33:36 +04:00
|
|
|
{
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "MessageIntegrityCheck (length = 16)");
|
2018-04-17 16:03:27 +03:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, message->MessageIntegrityCheck, 16);
|
2012-07-01 22:33:36 +04:00
|
|
|
}
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2014-08-18 19:22:22 +04:00
|
|
|
#endif
|
2012-02-25 20:48:08 +04:00
|
|
|
context->state = NTLM_STATE_FINAL;
|
2012-12-10 23:43:48 +04:00
|
|
|
Stream_Free(s, FALSE);
|
2012-02-25 20:48:08 +04:00
|
|
|
return SEC_I_COMPLETE_NEEDED;
|
|
|
|
|
}
|
2014-06-11 00:38:16 +04:00
|
|
|
|
2014-08-18 21:34:47 +04:00
|
|
|
SECURITY_STATUS ntlm_server_AuthenticateComplete(NTLM_CONTEXT* context)
|
2014-06-11 00:38:16 +04:00
|
|
|
{
|
|
|
|
|
UINT32 flags = 0;
|
2018-10-22 17:59:28 +03:00
|
|
|
size_t cbAvFlags;
|
2014-08-18 21:34:47 +04:00
|
|
|
NTLM_AV_PAIR* AvFlags = NULL;
|
|
|
|
|
NTLM_AUTHENTICATE_MESSAGE* message;
|
2018-04-17 16:03:27 +03:00
|
|
|
BYTE messageIntegrityCheck[16];
|
2014-06-11 00:38:16 +04:00
|
|
|
|
2018-10-22 17:59:28 +03:00
|
|
|
if (!context)
|
|
|
|
|
return SEC_E_INVALID_PARAMETER;
|
|
|
|
|
|
2014-06-11 00:38:16 +04:00
|
|
|
if (context->state != NTLM_STATE_COMPLETION)
|
|
|
|
|
return SEC_E_OUT_OF_SEQUENCE;
|
|
|
|
|
|
|
|
|
|
message = &context->AUTHENTICATE_MESSAGE;
|
2018-10-22 17:59:28 +03:00
|
|
|
AvFlags = ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs,
|
2019-11-06 17:24:51 +03:00
|
|
|
context->NTLMv2Response.Challenge.cbAvPairs, MsvAvFlags, &cbAvFlags);
|
2014-06-11 00:38:16 +04:00
|
|
|
|
|
|
|
|
if (AvFlags)
|
2019-03-18 04:20:10 +03:00
|
|
|
Data_Read_UINT32(ntlm_av_pair_get_value_pointer(AvFlags), flags);
|
2014-06-11 00:38:16 +04:00
|
|
|
|
|
|
|
|
if (ntlm_compute_lm_v2_response(context) < 0) /* LmChallengeResponse */
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
|
|
|
|
|
|
|
|
|
if (ntlm_compute_ntlm_v2_response(context) < 0) /* NtChallengeResponse */
|
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
|
|
|
|
|
|
|
|
|
/* KeyExchangeKey */
|
|
|
|
|
ntlm_generate_key_exchange_key(context);
|
|
|
|
|
/* EncryptedRandomSessionKey */
|
|
|
|
|
ntlm_decrypt_random_session_key(context);
|
|
|
|
|
/* ExportedSessionKey */
|
|
|
|
|
ntlm_generate_exported_session_key(context);
|
|
|
|
|
|
|
|
|
|
if (flags & MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK)
|
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
ZeroMemory(
|
|
|
|
|
&((PBYTE)context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
|
|
|
|
|
16);
|
|
|
|
|
ntlm_compute_message_integrity_check(context, messageIntegrityCheck,
|
|
|
|
|
sizeof(messageIntegrityCheck));
|
|
|
|
|
CopyMemory(
|
|
|
|
|
&((PBYTE)context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
|
|
|
|
|
message->MessageIntegrityCheck, 16);
|
2014-06-11 00:38:16 +04:00
|
|
|
|
2018-04-17 16:03:27 +03:00
|
|
|
if (memcmp(messageIntegrityCheck, message->MessageIntegrityCheck, 16) != 0)
|
2014-06-11 00:38:16 +04:00
|
|
|
{
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_ERR(TAG, "Message Integrity Check (MIC) verification failed!");
|
2018-11-21 17:36:31 +03:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_ERR(TAG, "Expected MIC:");
|
2018-04-17 16:03:27 +03:00
|
|
|
winpr_HexDump(TAG, WLOG_ERROR, messageIntegrityCheck, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_ERR(TAG, "Actual MIC:");
|
|
|
|
|
winpr_HexDump(TAG, WLOG_ERROR, message->MessageIntegrityCheck, 16);
|
2018-11-21 17:36:31 +03:00
|
|
|
#endif
|
2014-06-11 00:38:16 +04:00
|
|
|
return SEC_E_MESSAGE_ALTERED;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-04-15 12:43:45 +03:00
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
/* no mic message was present
|
|
|
|
|
|
|
|
|
|
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/f9e6fbc4-a953-4f24-b229-ccdcc213b9ec
|
|
|
|
|
the mic is optional, as not supported in Windows NT, Windows 2000, Windows XP, and
|
|
|
|
|
Windows Server 2003 and, as it seems, in the NTLMv2 implementation of Qt5.
|
|
|
|
|
|
|
|
|
|
now check the NtProofString, to detect if the entered client password matches the
|
|
|
|
|
expected password.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifdef WITH_DEBUG_NTLM
|
|
|
|
|
WLog_DBG(TAG, "No MIC present, using NtProofString for verification.");
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
if (memcmp(context->NTLMv2Response.Response, context->NtProofString, 16) != 0)
|
|
|
|
|
{
|
|
|
|
|
WLog_ERR(TAG, "NtProofString verification failed!");
|
|
|
|
|
#ifdef WITH_DEBUG_NTLM
|
|
|
|
|
WLog_ERR(TAG, "Expected NtProofString:");
|
|
|
|
|
winpr_HexDump(TAG, WLOG_ERROR, context->NtProofString, 16);
|
|
|
|
|
WLog_ERR(TAG, "Actual NtProofString:");
|
|
|
|
|
winpr_HexDump(TAG, WLOG_ERROR, context->NTLMv2Response.Response, 16);
|
|
|
|
|
#endif
|
|
|
|
|
return SEC_E_LOGON_DENIED;
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-06-11 00:38:16 +04:00
|
|
|
|
|
|
|
|
/* Generate signing keys */
|
|
|
|
|
ntlm_generate_client_signing_key(context);
|
|
|
|
|
ntlm_generate_server_signing_key(context);
|
|
|
|
|
/* Generate sealing keys */
|
|
|
|
|
ntlm_generate_client_sealing_key(context);
|
|
|
|
|
ntlm_generate_server_sealing_key(context);
|
|
|
|
|
/* Initialize RC4 seal state */
|
|
|
|
|
ntlm_init_rc4_seal_states(context);
|
|
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ClientChallenge");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ClientChallenge, 8);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ServerChallenge");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ServerChallenge, 8);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "SessionBaseKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->SessionBaseKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "KeyExchangeKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->KeyExchangeKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ExportedSessionKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ExportedSessionKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "RandomSessionKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->RandomSessionKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ClientSigningKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ClientSigningKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ClientSealingKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ClientSealingKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ServerSigningKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ServerSigningKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "ServerSealingKey");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->ServerSealingKey, 16);
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_DBG(TAG, "Timestamp");
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, context->Timestamp, 8);
|
2014-06-11 00:38:16 +04:00
|
|
|
#endif
|
|
|
|
|
context->state = NTLM_STATE_FINAL;
|
|
|
|
|
ntlm_free_message_fields_buffer(&(message->DomainName));
|
|
|
|
|
ntlm_free_message_fields_buffer(&(message->UserName));
|
|
|
|
|
ntlm_free_message_fields_buffer(&(message->Workstation));
|
|
|
|
|
ntlm_free_message_fields_buffer(&(message->LmChallengeResponse));
|
|
|
|
|
ntlm_free_message_fields_buffer(&(message->NtChallengeResponse));
|
|
|
|
|
ntlm_free_message_fields_buffer(&(message->EncryptedRandomSessionKey));
|
|
|
|
|
return SEC_E_OK;
|
|
|
|
|
}
|
