2012-02-24 00:56:50 +04:00
|
|
|
/**
|
2012-05-22 06:48:33 +04:00
|
|
|
* WinPR: Windows Portable Runtime
|
2012-02-24 00:56:50 +04:00
|
|
|
* NTLM Security Package
|
|
|
|
*
|
2014-06-06 06:10:08 +04:00
|
|
|
* Copyright 2011-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
2012-02-24 00:56:50 +04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2022-02-16 12:08:00 +03:00
|
|
|
#include <winpr/config.h>
|
2012-08-15 01:20:53 +04:00
|
|
|
|
2012-05-06 06:39:00 +04:00
|
|
|
#include <winpr/crt.h>
|
2021-06-17 12:25:58 +03:00
|
|
|
#include <winpr/assert.h>
|
2012-05-05 03:48:53 +04:00
|
|
|
#include <winpr/sspi.h>
|
2012-05-25 22:03:56 +04:00
|
|
|
#include <winpr/print.h>
|
2022-03-28 12:52:52 +03:00
|
|
|
#include <winpr/string.h>
|
2015-10-08 23:48:58 +03:00
|
|
|
#include <winpr/tchar.h>
|
2012-06-20 01:26:37 +04:00
|
|
|
#include <winpr/sysinfo.h>
|
2012-07-27 03:43:51 +04:00
|
|
|
#include <winpr/registry.h>
|
2016-04-27 14:43:16 +03:00
|
|
|
#include <winpr/endian.h>
|
2021-06-10 10:54:35 +03:00
|
|
|
#include <winpr/build-config.h>
|
2015-10-06 17:56:24 +03:00
|
|
|
|
2012-02-24 00:56:50 +04:00
|
|
|
#include "ntlm.h"
|
2021-06-17 12:25:58 +03:00
|
|
|
#include "ntlm_export.h"
|
2012-02-24 00:56:50 +04:00
|
|
|
#include "../sspi.h"
|
|
|
|
|
2012-02-24 06:26:00 +04:00
|
|
|
#include "ntlm_message.h"
|
|
|
|
|
2014-08-18 19:22:22 +04:00
|
|
|
#include "../../log.h"
|
2014-08-18 20:57:08 +04:00
|
|
|
#define TAG WINPR_TAG("sspi.NTLM")
|
2012-02-24 00:56:50 +04:00
|
|
|
|
2021-06-10 10:54:35 +03:00
|
|
|
#define WINPR_KEY "Software\\" WINPR_VENDOR_STRING "\\" WINPR_PRODUCT_STRING "\\WinPR\\NTLM"
|
2015-06-24 12:12:59 +03:00
|
|
|
|
2021-06-17 12:25:58 +03:00
|
|
|
static char* NTLM_PACKAGE_NAME = "NTLM";
|
2014-08-18 19:22:22 +04:00
|
|
|
|
2023-07-27 10:02:03 +03:00
|
|
|
#define check_context(ctx) check_context_((ctx), __FILE__, __func__, __LINE__)
|
2023-05-16 17:40:33 +03:00
|
|
|
static BOOL check_context_(NTLM_CONTEXT* context, const char* file, const char* fkt, size_t line)
|
|
|
|
{
|
|
|
|
BOOL rc = TRUE;
|
|
|
|
wLog* log = WLog_Get(TAG);
|
|
|
|
const DWORD log_level = WLOG_ERROR;
|
|
|
|
|
|
|
|
if (!context)
|
|
|
|
{
|
|
|
|
if (WLog_IsLevelActive(log, log_level))
|
|
|
|
WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, log_level, line, file, fkt,
|
|
|
|
"invalid context");
|
|
|
|
|
2024-01-23 23:03:28 +03:00
|
|
|
return FALSE;
|
2023-05-16 17:40:33 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!context->RecvRc4Seal)
|
|
|
|
{
|
|
|
|
if (WLog_IsLevelActive(log, log_level))
|
|
|
|
WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, log_level, line, file, fkt,
|
|
|
|
"invalid context->RecvRc4Seal");
|
|
|
|
rc = FALSE;
|
|
|
|
}
|
|
|
|
if (!context->SendRc4Seal)
|
|
|
|
{
|
|
|
|
if (WLog_IsLevelActive(log, log_level))
|
|
|
|
WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, log_level, line, file, fkt,
|
|
|
|
"invalid context->SendRc4Seal");
|
|
|
|
rc = FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!context->SendSigningKey)
|
|
|
|
{
|
|
|
|
if (WLog_IsLevelActive(log, log_level))
|
|
|
|
WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, log_level, line, file, fkt,
|
|
|
|
"invalid context->SendSigningKey");
|
|
|
|
rc = FALSE;
|
|
|
|
}
|
|
|
|
if (!context->RecvSigningKey)
|
|
|
|
{
|
|
|
|
if (WLog_IsLevelActive(log, log_level))
|
|
|
|
WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, log_level, line, file, fkt,
|
|
|
|
"invalid context->RecvSigningKey");
|
|
|
|
rc = FALSE;
|
|
|
|
}
|
|
|
|
if (!context->SendSealingKey)
|
|
|
|
{
|
|
|
|
if (WLog_IsLevelActive(log, log_level))
|
|
|
|
WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, log_level, line, file, fkt,
|
|
|
|
"invalid context->SendSealingKey");
|
|
|
|
rc = FALSE;
|
|
|
|
}
|
|
|
|
if (!context->RecvSealingKey)
|
|
|
|
{
|
|
|
|
if (WLog_IsLevelActive(log, log_level))
|
|
|
|
WLog_PrintMessage(log, WLOG_MESSAGE_TEXT, log_level, line, file, fkt,
|
|
|
|
"invalid context->RecvSealingKey");
|
|
|
|
rc = FALSE;
|
|
|
|
}
|
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static int ntlm_SetContextWorkstation(NTLM_CONTEXT* context, char* Workstation)
|
2012-02-25 18:55:52 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
char* ws = Workstation;
|
2017-02-24 23:58:08 +03:00
|
|
|
DWORD nSize = 0;
|
2024-01-23 18:49:54 +03:00
|
|
|
CHAR* computerName = NULL;
|
2012-06-20 01:26:37 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
WINPR_ASSERT(context);
|
|
|
|
|
2012-06-20 01:26:37 +04:00
|
|
|
if (!Workstation)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
if (GetComputerNameExA(ComputerNameNetBIOS, NULL, &nSize) ||
|
|
|
|
GetLastError() != ERROR_MORE_DATA)
|
2017-02-24 23:58:08 +03:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
computerName = calloc(nSize, sizeof(CHAR));
|
|
|
|
|
|
|
|
if (!computerName)
|
|
|
|
return -1;
|
|
|
|
|
2015-06-16 16:42:07 +03:00
|
|
|
if (!GetComputerNameExA(ComputerNameNetBIOS, computerName, &nSize))
|
2017-02-25 10:35:37 +03:00
|
|
|
{
|
|
|
|
free(computerName);
|
2015-06-16 16:42:07 +03:00
|
|
|
return -1;
|
2017-02-25 10:35:37 +03:00
|
|
|
}
|
2017-02-24 23:58:08 +03:00
|
|
|
|
|
|
|
if (nSize > MAX_COMPUTERNAME_LENGTH)
|
|
|
|
computerName[MAX_COMPUTERNAME_LENGTH] = '\0';
|
|
|
|
|
|
|
|
ws = computerName;
|
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
if (!ws)
|
|
|
|
return -1;
|
2012-06-20 01:26:37 +04:00
|
|
|
}
|
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
size_t len = 0;
|
|
|
|
context->Workstation.Buffer = ConvertUtf8ToWCharAlloc(ws, &len);
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2014-11-16 16:56:08 +03:00
|
|
|
if (!Workstation)
|
|
|
|
free(ws);
|
2014-06-07 01:20:34 +04:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
if (!context->Workstation.Buffer || (len > UINT16_MAX / sizeof(WCHAR)))
|
2014-06-07 01:20:34 +04:00
|
|
|
return -1;
|
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
context->Workstation.Length = (USHORT)(len * sizeof(WCHAR));
|
2014-06-07 01:20:34 +04:00
|
|
|
return 1;
|
2012-02-25 18:55:52 +04:00
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static int ntlm_SetContextServicePrincipalNameW(NTLM_CONTEXT* context, LPWSTR ServicePrincipalName)
|
2012-07-27 02:35:39 +04:00
|
|
|
{
|
2022-03-14 16:50:32 +03:00
|
|
|
WINPR_ASSERT(context);
|
|
|
|
|
2013-03-16 00:47:24 +04:00
|
|
|
if (!ServicePrincipalName)
|
|
|
|
{
|
|
|
|
context->ServicePrincipalName.Buffer = NULL;
|
2014-06-08 17:14:49 +04:00
|
|
|
context->ServicePrincipalName.Length = 0;
|
2014-06-07 01:20:34 +04:00
|
|
|
return 1;
|
2013-03-16 00:47:24 +04:00
|
|
|
}
|
2014-06-07 01:20:34 +04:00
|
|
|
|
2017-02-24 23:58:08 +03:00
|
|
|
context->ServicePrincipalName.Length = (USHORT)(_wcslen(ServicePrincipalName) * 2);
|
2019-11-06 17:24:51 +03:00
|
|
|
context->ServicePrincipalName.Buffer = (PWSTR)malloc(context->ServicePrincipalName.Length + 2);
|
2014-06-07 01:20:34 +04:00
|
|
|
|
|
|
|
if (!context->ServicePrincipalName.Buffer)
|
|
|
|
return -1;
|
|
|
|
|
2023-07-28 10:42:01 +03:00
|
|
|
memcpy(context->ServicePrincipalName.Buffer, ServicePrincipalName,
|
|
|
|
context->ServicePrincipalName.Length + 2);
|
2014-06-07 01:20:34 +04:00
|
|
|
return 1;
|
2012-07-27 02:35:39 +04:00
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static int ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName)
|
2012-03-19 02:14:20 +04:00
|
|
|
{
|
2014-08-18 21:34:47 +04:00
|
|
|
char* name = TargetName;
|
2017-02-24 23:58:08 +03:00
|
|
|
DWORD nSize = 0;
|
|
|
|
CHAR* computerName = NULL;
|
2012-06-20 01:26:37 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
WINPR_ASSERT(context);
|
|
|
|
|
2015-06-19 11:38:37 +03:00
|
|
|
if (!name)
|
2012-06-20 01:26:37 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
if (GetComputerNameExA(ComputerNameNetBIOS, NULL, &nSize) ||
|
|
|
|
GetLastError() != ERROR_MORE_DATA)
|
2017-02-24 23:58:08 +03:00
|
|
|
return -1;
|
|
|
|
|
|
|
|
computerName = calloc(nSize, sizeof(CHAR));
|
|
|
|
|
|
|
|
if (!computerName)
|
2014-06-07 01:20:34 +04:00
|
|
|
return -1;
|
|
|
|
|
2017-02-24 23:58:08 +03:00
|
|
|
if (!GetComputerNameExA(ComputerNameNetBIOS, computerName, &nSize))
|
2017-02-25 10:35:37 +03:00
|
|
|
{
|
|
|
|
free(computerName);
|
2017-02-24 23:58:08 +03:00
|
|
|
return -1;
|
2017-02-25 10:35:37 +03:00
|
|
|
}
|
2017-02-24 23:58:08 +03:00
|
|
|
|
|
|
|
if (nSize > MAX_COMPUTERNAME_LENGTH)
|
|
|
|
computerName[MAX_COMPUTERNAME_LENGTH] = '\0';
|
|
|
|
|
|
|
|
name = computerName;
|
|
|
|
|
2015-06-16 16:42:07 +03:00
|
|
|
if (!name)
|
2014-06-07 01:20:34 +04:00
|
|
|
return -1;
|
|
|
|
|
2015-06-19 11:38:37 +03:00
|
|
|
CharUpperA(name);
|
2012-06-20 01:26:37 +04:00
|
|
|
}
|
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
size_t len = 0;
|
|
|
|
context->TargetName.pvBuffer = ConvertUtf8ToWCharAlloc(name, &len);
|
2014-06-07 01:20:34 +04:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
if (!context->TargetName.pvBuffer || (len > UINT16_MAX / sizeof(WCHAR)))
|
2014-11-16 16:56:08 +03:00
|
|
|
{
|
2022-10-28 09:09:27 +03:00
|
|
|
free(context->TargetName.pvBuffer);
|
|
|
|
context->TargetName.pvBuffer = NULL;
|
|
|
|
|
2015-06-19 11:38:37 +03:00
|
|
|
if (!TargetName)
|
|
|
|
free(name);
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
return -1;
|
2014-11-16 16:56:08 +03:00
|
|
|
}
|
2014-06-07 01:20:34 +04:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
context->TargetName.cbBuffer = (USHORT)(len * sizeof(WCHAR));
|
2012-06-20 01:26:37 +04:00
|
|
|
|
2013-08-28 19:40:29 +04:00
|
|
|
if (!TargetName)
|
|
|
|
free(name);
|
2014-06-07 01:20:34 +04:00
|
|
|
|
|
|
|
return 1;
|
2012-03-19 02:14:20 +04:00
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static NTLM_CONTEXT* ntlm_ContextNew(void)
|
2012-02-24 00:56:50 +04:00
|
|
|
{
|
2023-05-16 17:40:33 +03:00
|
|
|
HKEY hKey = 0;
|
|
|
|
LONG status = 0;
|
|
|
|
DWORD dwType = 0;
|
|
|
|
DWORD dwSize = 0;
|
|
|
|
DWORD dwValue = 0;
|
|
|
|
NTLM_CONTEXT* context = (NTLM_CONTEXT*)calloc(1, sizeof(NTLM_CONTEXT));
|
2012-02-24 00:56:50 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
if (!context)
|
|
|
|
return NULL;
|
2012-07-27 02:35:39 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
context->NTLMv2 = TRUE;
|
|
|
|
context->UseMIC = FALSE;
|
|
|
|
context->SendVersionInfo = TRUE;
|
|
|
|
context->SendSingleHostData = FALSE;
|
|
|
|
context->SendWorkstationName = TRUE;
|
2014-06-18 22:42:35 +04:00
|
|
|
context->NegotiateKeyExchange = TRUE;
|
2014-06-19 00:02:13 +04:00
|
|
|
context->UseSamFileDatabase = TRUE;
|
2015-06-24 12:12:59 +03:00
|
|
|
status = RegOpenKeyExA(HKEY_LOCAL_MACHINE, WINPR_KEY, 0, KEY_READ | KEY_WOW64_64KEY, &hKey);
|
2012-07-27 02:35:39 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
if (status == ERROR_SUCCESS)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
if (RegQueryValueEx(hKey, _T("NTLMv2"), NULL, &dwType, (BYTE*)&dwValue, &dwSize) ==
|
|
|
|
ERROR_SUCCESS)
|
2014-06-07 01:20:34 +04:00
|
|
|
context->NTLMv2 = dwValue ? 1 : 0;
|
2012-07-27 02:35:39 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (RegQueryValueEx(hKey, _T("UseMIC"), NULL, &dwType, (BYTE*)&dwValue, &dwSize) ==
|
|
|
|
ERROR_SUCCESS)
|
2014-06-07 01:20:34 +04:00
|
|
|
context->UseMIC = dwValue ? 1 : 0;
|
2012-07-27 02:35:39 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (RegQueryValueEx(hKey, _T("SendVersionInfo"), NULL, &dwType, (BYTE*)&dwValue, &dwSize) ==
|
|
|
|
ERROR_SUCCESS)
|
2014-06-07 01:20:34 +04:00
|
|
|
context->SendVersionInfo = dwValue ? 1 : 0;
|
2012-07-27 02:35:39 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (RegQueryValueEx(hKey, _T("SendSingleHostData"), NULL, &dwType, (BYTE*)&dwValue,
|
2017-02-24 23:58:08 +03:00
|
|
|
&dwSize) == ERROR_SUCCESS)
|
2014-06-07 01:20:34 +04:00
|
|
|
context->SendSingleHostData = dwValue ? 1 : 0;
|
2013-01-09 21:05:34 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (RegQueryValueEx(hKey, _T("SendWorkstationName"), NULL, &dwType, (BYTE*)&dwValue,
|
2017-02-24 23:58:08 +03:00
|
|
|
&dwSize) == ERROR_SUCCESS)
|
2014-06-07 01:20:34 +04:00
|
|
|
context->SendWorkstationName = dwValue ? 1 : 0;
|
2013-01-31 04:47:27 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (RegQueryValueEx(hKey, _T("WorkstationName"), NULL, &dwType, NULL, &dwSize) ==
|
|
|
|
ERROR_SUCCESS)
|
2014-06-07 01:20:34 +04:00
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
char* workstation = (char*)malloc(dwSize + 1);
|
2013-01-31 04:47:27 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
if (!workstation)
|
2014-11-16 19:07:48 +03:00
|
|
|
{
|
2017-02-24 23:58:08 +03:00
|
|
|
free(context);
|
2014-06-07 01:20:34 +04:00
|
|
|
return NULL;
|
2014-11-16 19:07:48 +03:00
|
|
|
}
|
2013-01-31 04:47:27 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
status = RegQueryValueExA(hKey, "WorkstationName", NULL, &dwType, (BYTE*)workstation,
|
|
|
|
&dwSize);
|
2022-04-28 11:49:42 +03:00
|
|
|
if (status != ERROR_SUCCESS)
|
2023-01-23 14:03:18 +03:00
|
|
|
WLog_WARN(TAG, "Key ''WorkstationName' not found");
|
2014-06-07 01:20:34 +04:00
|
|
|
workstation[dwSize] = '\0';
|
|
|
|
|
|
|
|
if (ntlm_SetContextWorkstation(context, workstation) < 0)
|
2014-11-16 16:56:08 +03:00
|
|
|
{
|
|
|
|
free(workstation);
|
2014-11-16 19:07:48 +03:00
|
|
|
free(context);
|
2014-06-07 01:20:34 +04:00
|
|
|
return NULL;
|
2014-11-16 16:56:08 +03:00
|
|
|
}
|
2013-01-31 04:47:27 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
free(workstation);
|
2012-07-27 02:35:39 +04:00
|
|
|
}
|
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
RegCloseKey(hKey);
|
|
|
|
}
|
2012-08-01 05:15:07 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
/*
|
|
|
|
* Extended Protection is enabled by default in Windows 7,
|
|
|
|
* but enabling it in WinPR breaks TS Gateway at this point
|
|
|
|
*/
|
|
|
|
context->SuppressExtendedProtection = FALSE;
|
2017-02-24 23:58:08 +03:00
|
|
|
status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("System\\CurrentControlSet\\Control\\LSA"), 0,
|
|
|
|
KEY_READ | KEY_WOW64_64KEY, &hKey);
|
2012-08-01 05:15:07 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
if (status == ERROR_SUCCESS)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
if (RegQueryValueEx(hKey, _T("SuppressExtendedProtection"), NULL, &dwType, (BYTE*)&dwValue,
|
2017-02-24 23:58:08 +03:00
|
|
|
&dwSize) == ERROR_SUCCESS)
|
2014-06-07 01:20:34 +04:00
|
|
|
context->SuppressExtendedProtection = dwValue ? 1 : 0;
|
2012-07-02 05:40:33 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
RegCloseKey(hKey);
|
2012-02-24 00:56:50 +04:00
|
|
|
}
|
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
context->NegotiateFlags = 0;
|
|
|
|
context->LmCompatibilityLevel = 3;
|
2022-03-14 16:50:32 +03:00
|
|
|
ntlm_change_state(context, NTLM_STATE_INITIAL);
|
2014-06-07 01:20:34 +04:00
|
|
|
FillMemory(context->MachineID, sizeof(context->MachineID), 0xAA);
|
|
|
|
|
|
|
|
if (context->NTLMv2)
|
|
|
|
context->UseMIC = TRUE;
|
|
|
|
|
2012-02-24 00:56:50 +04:00
|
|
|
return context;
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static void ntlm_ContextFree(NTLM_CONTEXT* context)
|
2012-02-24 00:56:50 +04:00
|
|
|
{
|
|
|
|
if (!context)
|
|
|
|
return;
|
|
|
|
|
2016-02-28 13:12:17 +03:00
|
|
|
winpr_RC4_Free(context->SendRc4Seal);
|
|
|
|
winpr_RC4_Free(context->RecvRc4Seal);
|
2012-03-16 21:12:49 +04:00
|
|
|
sspi_SecBufferFree(&context->NegotiateMessage);
|
|
|
|
sspi_SecBufferFree(&context->ChallengeMessage);
|
|
|
|
sspi_SecBufferFree(&context->AuthenticateMessage);
|
2012-07-02 05:40:33 +04:00
|
|
|
sspi_SecBufferFree(&context->ChallengeTargetInfo);
|
2012-03-16 21:12:49 +04:00
|
|
|
sspi_SecBufferFree(&context->TargetName);
|
|
|
|
sspi_SecBufferFree(&context->NtChallengeResponse);
|
|
|
|
sspi_SecBufferFree(&context->LmChallengeResponse);
|
2012-11-19 22:26:56 +04:00
|
|
|
free(context->ServicePrincipalName.Buffer);
|
2012-07-02 05:40:33 +04:00
|
|
|
free(context->Workstation.Buffer);
|
2012-05-06 06:39:00 +04:00
|
|
|
free(context);
|
2012-02-24 00:56:50 +04:00
|
|
|
}
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
|
|
|
|
SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
|
|
|
|
void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
|
|
|
|
PTimeStamp ptsExpiry)
|
2012-03-24 23:47:16 +04:00
|
|
|
{
|
2022-06-09 05:39:42 +03:00
|
|
|
SEC_WINPR_NTLM_SETTINGS* settings = NULL;
|
2012-03-25 00:23:14 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if ((fCredentialUse != SECPKG_CRED_OUTBOUND) && (fCredentialUse != SECPKG_CRED_INBOUND) &&
|
2017-02-24 23:58:08 +03:00
|
|
|
(fCredentialUse != SECPKG_CRED_BOTH))
|
2012-03-25 00:23:14 +04:00
|
|
|
{
|
2014-06-09 23:25:00 +04:00
|
|
|
return SEC_E_INVALID_PARAMETER;
|
2012-03-25 00:23:14 +04:00
|
|
|
}
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
SSPI_CREDENTIALS* credentials = sspi_CredentialsNew();
|
2014-06-07 01:20:34 +04:00
|
|
|
|
2014-06-09 23:25:00 +04:00
|
|
|
if (!credentials)
|
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2012-07-25 04:46:21 +04:00
|
|
|
|
2014-06-09 23:25:00 +04:00
|
|
|
credentials->fCredentialUse = fCredentialUse;
|
|
|
|
credentials->pGetKeyFn = pGetKeyFn;
|
|
|
|
credentials->pvGetKeyArgument = pvGetKeyArgument;
|
2022-06-09 05:39:42 +03:00
|
|
|
|
2022-10-06 23:47:32 +03:00
|
|
|
if (pAuthData)
|
2022-06-09 05:39:42 +03:00
|
|
|
{
|
2022-10-06 23:47:32 +03:00
|
|
|
UINT32 identityFlags = sspi_GetAuthIdentityFlags(pAuthData);
|
|
|
|
|
|
|
|
sspi_CopyAuthIdentity(&(credentials->identity),
|
|
|
|
(const SEC_WINNT_AUTH_IDENTITY_INFO*)pAuthData);
|
|
|
|
|
|
|
|
if (identityFlags & SEC_WINNT_AUTH_IDENTITY_EXTENDED)
|
|
|
|
settings = (((SEC_WINNT_AUTH_IDENTITY_WINPR*)pAuthData)->ntlmSettings);
|
2022-06-09 05:39:42 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (settings)
|
|
|
|
{
|
|
|
|
if (settings->samFile)
|
|
|
|
{
|
|
|
|
credentials->ntlmSettings.samFile = _strdup(settings->samFile);
|
|
|
|
if (!credentials->ntlmSettings.samFile)
|
|
|
|
{
|
|
|
|
sspi_CredentialsFree(credentials);
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
credentials->ntlmSettings.hashCallback = settings->hashCallback;
|
|
|
|
credentials->ntlmSettings.hashCallbackArg = settings->hashCallbackArg;
|
|
|
|
}
|
2014-06-09 23:25:00 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
sspi_SecureHandleSetLowerPointer(phCredential, (void*)credentials);
|
|
|
|
sspi_SecureHandleSetUpperPointer(phCredential, (void*)NTLM_PACKAGE_NAME);
|
2012-03-24 23:47:16 +04:00
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleA(
|
|
|
|
SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
|
|
|
|
void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
|
|
|
|
PTimeStamp ptsExpiry)
|
2012-02-24 00:56:50 +04:00
|
|
|
{
|
2022-10-28 09:09:27 +03:00
|
|
|
SECURITY_STATUS status = SEC_E_INSUFFICIENT_MEMORY;
|
2022-06-09 05:39:42 +03:00
|
|
|
SEC_WCHAR* principal = NULL;
|
|
|
|
SEC_WCHAR* package = NULL;
|
2014-06-07 01:20:34 +04:00
|
|
|
|
2022-06-09 05:39:42 +03:00
|
|
|
if (pszPrincipal)
|
2022-10-28 09:09:27 +03:00
|
|
|
{
|
|
|
|
principal = ConvertUtf8ToWCharAlloc(pszPrincipal, NULL);
|
|
|
|
if (!principal)
|
|
|
|
goto fail;
|
|
|
|
}
|
2022-06-09 05:39:42 +03:00
|
|
|
if (pszPackage)
|
2022-10-28 09:09:27 +03:00
|
|
|
{
|
|
|
|
package = ConvertUtf8ToWCharAlloc(pszPackage, NULL);
|
|
|
|
if (!package)
|
|
|
|
goto fail;
|
|
|
|
}
|
2012-06-19 06:22:39 +04:00
|
|
|
|
2022-06-09 05:39:42 +03:00
|
|
|
status =
|
|
|
|
ntlm_AcquireCredentialsHandleW(principal, package, fCredentialUse, pvLogonID, pAuthData,
|
|
|
|
pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
fail:
|
|
|
|
free(principal);
|
|
|
|
free(package);
|
2014-06-09 23:25:00 +04:00
|
|
|
|
2022-06-09 05:39:42 +03:00
|
|
|
return status;
|
2012-02-24 00:56:50 +04:00
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle phCredential)
|
2012-02-25 00:00:49 +04:00
|
|
|
{
|
|
|
|
if (!phCredential)
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
SSPI_CREDENTIALS* credentials =
|
|
|
|
(SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
|
2012-02-25 00:00:49 +04:00
|
|
|
|
|
|
|
if (!credentials)
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
|
|
|
|
|
|
|
sspi_CredentialsFree(credentials);
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesW(PCredHandle phCredential,
|
2019-11-06 17:24:51 +03:00
|
|
|
ULONG ulAttribute, void* pBuffer)
|
2012-03-24 23:47:16 +04:00
|
|
|
{
|
|
|
|
if (ulAttribute == SECPKG_CRED_ATTR_NAMES)
|
|
|
|
{
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
|
2023-01-23 14:03:18 +03:00
|
|
|
WLog_ERR(TAG, "TODO: Implement");
|
2012-03-24 23:47:16 +04:00
|
|
|
return SEC_E_UNSUPPORTED_FUNCTION;
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesA(PCredHandle phCredential,
|
2019-11-06 17:24:51 +03:00
|
|
|
ULONG ulAttribute, void* pBuffer)
|
2012-02-24 00:56:50 +04:00
|
|
|
{
|
2012-07-27 02:35:39 +04:00
|
|
|
return ntlm_QueryCredentialsAttributesW(phCredential, ulAttribute, pBuffer);
|
2012-02-24 00:56:50 +04:00
|
|
|
}
|
|
|
|
|
2012-05-10 12:54:20 +04:00
|
|
|
/**
|
|
|
|
* @see http://msdn.microsoft.com/en-us/library/windows/desktop/aa374707
|
|
|
|
*/
|
2019-11-06 17:24:51 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY
|
|
|
|
ntlm_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
|
|
|
|
ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
|
|
|
|
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
|
2012-03-05 06:56:41 +04:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
SECURITY_STATUS status = 0;
|
|
|
|
SSPI_CREDENTIALS* credentials = NULL;
|
|
|
|
PSecBuffer input_buffer = NULL;
|
|
|
|
PSecBuffer output_buffer = NULL;
|
2022-10-07 20:55:05 +03:00
|
|
|
|
|
|
|
/* behave like windows SSPIs that don't want empty context */
|
|
|
|
if (phContext && !phContext->dwLower && !phContext->dwUpper)
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
|
2012-03-05 06:56:41 +04:00
|
|
|
|
|
|
|
if (!context)
|
|
|
|
{
|
|
|
|
context = ntlm_ContextNew();
|
2012-05-21 02:32:22 +04:00
|
|
|
|
2012-05-10 12:54:20 +04:00
|
|
|
if (!context)
|
2012-05-21 02:32:22 +04:00
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
context->server = TRUE;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2012-05-21 02:32:22 +04:00
|
|
|
if (fContextReq & ASC_REQ_CONFIDENTIALITY)
|
2014-06-07 01:20:34 +04:00
|
|
|
context->confidentiality = TRUE;
|
2012-05-21 02:32:22 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
credentials = (SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
|
2014-06-09 23:25:00 +04:00
|
|
|
context->credentials = credentials;
|
2022-06-09 05:39:42 +03:00
|
|
|
context->SamFile = credentials->ntlmSettings.samFile;
|
|
|
|
context->HashCallback = credentials->ntlmSettings.hashCallback;
|
|
|
|
context->HashCallbackArg = credentials->ntlmSettings.hashCallbackArg;
|
|
|
|
|
2012-06-20 01:26:37 +04:00
|
|
|
ntlm_SetContextTargetName(context, NULL);
|
2012-03-05 06:56:41 +04:00
|
|
|
sspi_SecureHandleSetLowerPointer(phNewContext, context);
|
2019-11-06 17:24:51 +03:00
|
|
|
sspi_SecureHandleSetUpperPointer(phNewContext, (void*)NTLM_PACKAGE_NAME);
|
2012-03-05 06:56:41 +04:00
|
|
|
}
|
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
switch (ntlm_get_state(context))
|
2012-03-05 06:56:41 +04:00
|
|
|
{
|
2022-03-14 16:50:32 +03:00
|
|
|
case NTLM_STATE_INITIAL:
|
|
|
|
{
|
|
|
|
ntlm_change_state(context, NTLM_STATE_NEGOTIATE);
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (!pInput)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (pInput->cBuffers < 1)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (!input_buffer)
|
2012-03-05 06:56:41 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (input_buffer->cbBuffer < 1)
|
2012-03-05 06:56:41 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
status = ntlm_read_NegotiateMessage(context, input_buffer);
|
|
|
|
if (status != SEC_I_CONTINUE_NEEDED)
|
|
|
|
return status;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (ntlm_get_state(context) == NTLM_STATE_CHALLENGE)
|
|
|
|
{
|
|
|
|
if (!pOutput)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (pOutput->cBuffers < 1)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (!output_buffer->BufferType)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (output_buffer->cbBuffer < 1)
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
return ntlm_write_ChallengeMessage(context, output_buffer);
|
|
|
|
}
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
return SEC_E_OUT_OF_SEQUENCE;
|
|
|
|
}
|
2022-04-28 00:26:28 +03:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
case NTLM_STATE_AUTHENTICATE:
|
|
|
|
{
|
|
|
|
if (!pInput)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (pInput->cBuffers < 1)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);
|
2012-03-05 06:56:41 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (!input_buffer)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
|
|
|
if (input_buffer->cbBuffer < 1)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-09-01 02:04:26 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
status = ntlm_read_AuthenticateMessage(context, input_buffer);
|
|
|
|
|
|
|
|
if (pOutput)
|
2012-09-01 02:04:26 +04:00
|
|
|
{
|
2024-01-30 12:25:38 +03:00
|
|
|
for (ULONG i = 0; i < pOutput->cBuffers; i++)
|
2022-03-14 16:50:32 +03:00
|
|
|
{
|
|
|
|
pOutput->pBuffers[i].cbBuffer = 0;
|
|
|
|
pOutput->pBuffers[i].BufferType = SECBUFFER_TOKEN;
|
|
|
|
}
|
2012-09-01 02:04:26 +04:00
|
|
|
}
|
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
return status;
|
|
|
|
}
|
2022-04-28 00:26:28 +03:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
default:
|
2022-06-23 08:57:38 +03:00
|
|
|
return SEC_E_OUT_OF_SEQUENCE;
|
2012-03-05 06:56:41 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_ImpersonateSecurityContext(PCtxtHandle phContext)
|
2012-03-05 06:56:41 +04:00
|
|
|
{
|
2014-06-08 01:08:07 +04:00
|
|
|
return SEC_E_OK;
|
2012-03-05 06:56:41 +04:00
|
|
|
}
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
|
|
|
|
PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq,
|
|
|
|
ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
|
|
|
|
PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
|
2012-02-24 00:56:50 +04:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
SECURITY_STATUS status = 0;
|
|
|
|
SSPI_CREDENTIALS* credentials = NULL;
|
2013-01-09 09:20:08 +04:00
|
|
|
PSecBuffer input_buffer = NULL;
|
|
|
|
PSecBuffer output_buffer = NULL;
|
2022-10-07 20:55:05 +03:00
|
|
|
|
|
|
|
/* behave like windows SSPIs that don't want empty context */
|
|
|
|
if (phContext && !phContext->dwLower && !phContext->dwUpper)
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
|
2012-02-25 20:48:08 +04:00
|
|
|
|
2022-09-15 07:39:50 +03:00
|
|
|
if (pInput)
|
|
|
|
{
|
|
|
|
input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);
|
|
|
|
}
|
|
|
|
|
2012-02-25 20:48:08 +04:00
|
|
|
if (!context)
|
2012-02-24 06:26:00 +04:00
|
|
|
{
|
|
|
|
context = ntlm_ContextNew();
|
2012-07-27 02:35:39 +04:00
|
|
|
|
2012-05-10 12:54:20 +04:00
|
|
|
if (!context)
|
2012-05-21 02:32:22 +04:00
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2012-04-21 01:00:00 +04:00
|
|
|
if (fContextReq & ISC_REQ_CONFIDENTIALITY)
|
2014-06-07 01:20:34 +04:00
|
|
|
context->confidentiality = TRUE;
|
2012-04-21 01:00:00 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
credentials = (SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
|
2014-06-09 23:25:00 +04:00
|
|
|
context->credentials = credentials;
|
2012-02-25 18:55:52 +04:00
|
|
|
|
2013-01-31 04:47:27 +04:00
|
|
|
if (context->Workstation.Length < 1)
|
2014-06-07 01:20:34 +04:00
|
|
|
{
|
|
|
|
if (ntlm_SetContextWorkstation(context, NULL) < 0)
|
2017-07-18 12:38:59 +03:00
|
|
|
{
|
|
|
|
ntlm_ContextFree(context);
|
2014-06-09 23:25:00 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2017-07-18 12:38:59 +03:00
|
|
|
}
|
2014-06-07 01:20:34 +04:00
|
|
|
}
|
2013-01-31 04:47:27 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
if (ntlm_SetContextServicePrincipalNameW(context, pszTargetName) < 0)
|
2017-07-18 12:38:59 +03:00
|
|
|
{
|
|
|
|
ntlm_ContextFree(context);
|
2014-06-09 23:25:00 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2017-07-18 12:38:59 +03:00
|
|
|
}
|
2012-02-25 18:55:52 +04:00
|
|
|
|
2012-02-25 20:48:08 +04:00
|
|
|
sspi_SecureHandleSetLowerPointer(phNewContext, context);
|
2022-05-28 01:29:28 +03:00
|
|
|
sspi_SecureHandleSetUpperPointer(phNewContext, NTLM_SSP_NAME);
|
2012-02-25 20:48:08 +04:00
|
|
|
}
|
|
|
|
|
2022-09-15 07:39:50 +03:00
|
|
|
if ((!input_buffer) || (ntlm_get_state(context) == NTLM_STATE_AUTHENTICATE))
|
2012-02-25 20:48:08 +04:00
|
|
|
{
|
2012-02-24 06:26:00 +04:00
|
|
|
if (!pOutput)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
|
|
|
if (pOutput->cBuffers < 1)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2013-01-11 23:23:54 +04:00
|
|
|
output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2013-01-11 23:23:54 +04:00
|
|
|
if (!output_buffer)
|
2012-02-24 06:26:00 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2012-03-05 06:56:41 +04:00
|
|
|
if (output_buffer->cbBuffer < 1)
|
2012-05-10 12:54:20 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (ntlm_get_state(context) == NTLM_STATE_INITIAL)
|
|
|
|
ntlm_change_state(context, NTLM_STATE_NEGOTIATE);
|
2012-02-25 02:17:38 +04:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (ntlm_get_state(context) == NTLM_STATE_NEGOTIATE)
|
2012-03-05 06:56:41 +04:00
|
|
|
return ntlm_write_NegotiateMessage(context, output_buffer);
|
2012-02-25 20:48:08 +04:00
|
|
|
|
|
|
|
return SEC_E_OUT_OF_SEQUENCE;
|
2012-02-24 06:26:00 +04:00
|
|
|
}
|
2012-02-25 02:17:38 +04:00
|
|
|
else
|
|
|
|
{
|
2013-01-11 23:23:54 +04:00
|
|
|
if (!input_buffer)
|
2012-02-25 02:17:38 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2012-03-05 06:56:41 +04:00
|
|
|
if (input_buffer->cbBuffer < 1)
|
2012-02-25 02:17:38 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
2012-02-25 18:55:52 +04:00
|
|
|
|
2024-09-09 18:40:50 +03:00
|
|
|
PSecBuffer channel_bindings = sspi_FindSecBuffer(pInput, SECBUFFER_CHANNEL_BINDINGS);
|
2013-01-09 09:20:08 +04:00
|
|
|
|
|
|
|
if (channel_bindings)
|
|
|
|
{
|
|
|
|
context->Bindings.BindingsLength = channel_bindings->cbBuffer;
|
2019-11-06 17:24:51 +03:00
|
|
|
context->Bindings.Bindings = (SEC_CHANNEL_BINDINGS*)channel_bindings->pvBuffer;
|
2013-01-09 09:20:08 +04:00
|
|
|
}
|
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (ntlm_get_state(context) == NTLM_STATE_CHALLENGE)
|
2012-02-27 05:07:42 +04:00
|
|
|
{
|
2012-03-05 06:56:41 +04:00
|
|
|
status = ntlm_read_ChallengeMessage(context, input_buffer);
|
2012-02-27 05:07:42 +04:00
|
|
|
|
2021-11-30 10:52:31 +03:00
|
|
|
if (status != SEC_I_CONTINUE_NEEDED)
|
|
|
|
return status;
|
|
|
|
|
2012-02-27 05:07:42 +04:00
|
|
|
if (!pOutput)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
|
|
|
if (pOutput->cBuffers < 1)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2013-01-11 23:23:54 +04:00
|
|
|
output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);
|
2012-02-27 05:07:42 +04:00
|
|
|
|
2013-01-11 23:23:54 +04:00
|
|
|
if (!output_buffer)
|
2012-02-27 05:07:42 +04:00
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2012-03-05 06:56:41 +04:00
|
|
|
if (output_buffer->cbBuffer < 1)
|
2012-02-27 05:07:42 +04:00
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
if (ntlm_get_state(context) == NTLM_STATE_AUTHENTICATE)
|
2012-03-05 06:56:41 +04:00
|
|
|
return ntlm_write_AuthenticateMessage(context, output_buffer);
|
2012-02-27 05:07:42 +04:00
|
|
|
}
|
2012-02-25 20:48:08 +04:00
|
|
|
|
|
|
|
return SEC_E_OUT_OF_SEQUENCE;
|
2012-02-25 02:17:38 +04:00
|
|
|
}
|
2012-02-24 06:26:00 +04:00
|
|
|
|
2012-03-05 06:56:41 +04:00
|
|
|
return SEC_E_OUT_OF_SEQUENCE;
|
2012-02-24 00:56:50 +04:00
|
|
|
}
|
|
|
|
|
2012-07-27 02:35:39 +04:00
|
|
|
/**
|
|
|
|
* @see http://msdn.microsoft.com/en-us/library/windows/desktop/aa375512%28v=vs.85%29.aspx
|
|
|
|
*/
|
2019-11-06 17:24:51 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
|
|
|
|
PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
|
|
|
|
ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
|
|
|
|
PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
|
2012-07-27 02:35:39 +04:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
SECURITY_STATUS status = 0;
|
2014-08-18 21:34:47 +04:00
|
|
|
SEC_WCHAR* pszTargetNameW = NULL;
|
2012-07-27 02:35:39 +04:00
|
|
|
|
2014-06-07 01:20:34 +04:00
|
|
|
if (pszTargetName)
|
2012-07-27 02:35:39 +04:00
|
|
|
{
|
2022-10-28 09:09:27 +03:00
|
|
|
pszTargetNameW = ConvertUtf8ToWCharAlloc(pszTargetName, NULL);
|
|
|
|
if (!pszTargetNameW)
|
2014-06-09 23:25:00 +04:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2012-07-27 02:35:39 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
status = ntlm_InitializeSecurityContextW(phCredential, phContext, pszTargetNameW, fContextReq,
|
2019-11-06 17:24:51 +03:00
|
|
|
Reserved1, TargetDataRep, pInput, Reserved2,
|
|
|
|
phNewContext, pOutput, pfContextAttr, ptsExpiry);
|
2015-05-11 10:07:39 +03:00
|
|
|
free(pszTargetNameW);
|
2012-07-27 02:35:39 +04:00
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2012-03-16 21:12:49 +04:00
|
|
|
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375354 */
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
|
2012-03-16 21:12:49 +04:00
|
|
|
{
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
|
2012-03-16 21:12:49 +04:00
|
|
|
ntlm_ContextFree(context);
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
|
2017-07-03 13:47:56 +03:00
|
|
|
SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT* ntlm, SecBuffer* ntproof)
|
2017-05-15 19:52:39 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
BYTE* blob = NULL;
|
|
|
|
SecBuffer* target = NULL;
|
2022-03-14 16:50:32 +03:00
|
|
|
|
|
|
|
WINPR_ASSERT(ntlm);
|
|
|
|
WINPR_ASSERT(ntproof);
|
|
|
|
|
|
|
|
target = &ntlm->ChallengeTargetInfo;
|
2017-05-15 19:52:39 +03:00
|
|
|
|
|
|
|
if (!sspi_SecBufferAlloc(ntproof, 36 + target->cbBuffer))
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
|
2017-07-03 13:47:56 +03:00
|
|
|
blob = (BYTE*)ntproof->pvBuffer;
|
2017-05-15 19:52:39 +03:00
|
|
|
CopyMemory(blob, ntlm->ServerChallenge, 8); /* Server challenge. */
|
2019-11-06 17:24:51 +03:00
|
|
|
blob[8] = 1; /* Response version. */
|
2017-05-15 19:52:39 +03:00
|
|
|
blob[9] = 1; /* Highest response version understood by the client. */
|
|
|
|
/* Reserved 6B. */
|
2019-11-06 17:24:51 +03:00
|
|
|
CopyMemory(&blob[16], ntlm->Timestamp, 8); /* Time. */
|
2017-05-15 19:52:39 +03:00
|
|
|
CopyMemory(&blob[24], ntlm->ClientChallenge, 8); /* Client challenge. */
|
|
|
|
/* Reserved 4B. */
|
|
|
|
/* Server name. */
|
|
|
|
CopyMemory(&blob[36], target->pvBuffer, target->cbBuffer);
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
|
2017-07-03 13:47:56 +03:00
|
|
|
SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT* ntlm, SecBuffer* micvalue)
|
2017-05-15 19:52:39 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
BYTE* blob = NULL;
|
|
|
|
ULONG msgSize = 0;
|
2022-03-14 16:50:32 +03:00
|
|
|
|
|
|
|
WINPR_ASSERT(ntlm);
|
|
|
|
WINPR_ASSERT(micvalue);
|
|
|
|
|
|
|
|
msgSize = ntlm->NegotiateMessage.cbBuffer + ntlm->ChallengeMessage.cbBuffer +
|
|
|
|
ntlm->AuthenticateMessage.cbBuffer;
|
2017-05-15 19:52:39 +03:00
|
|
|
|
|
|
|
if (!sspi_SecBufferAlloc(micvalue, msgSize))
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
blob = (BYTE*)micvalue->pvBuffer;
|
2017-05-15 19:52:39 +03:00
|
|
|
CopyMemory(blob, ntlm->NegotiateMessage.pvBuffer, ntlm->NegotiateMessage.cbBuffer);
|
|
|
|
blob += ntlm->NegotiateMessage.cbBuffer;
|
|
|
|
CopyMemory(blob, ntlm->ChallengeMessage.pvBuffer, ntlm->ChallengeMessage.cbBuffer);
|
|
|
|
blob += ntlm->ChallengeMessage.cbBuffer;
|
|
|
|
CopyMemory(blob, ntlm->AuthenticateMessage.pvBuffer, ntlm->AuthenticateMessage.cbBuffer);
|
|
|
|
blob += ntlm->MessageIntegrityCheckOffset;
|
|
|
|
ZeroMemory(blob, 16);
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
|
2012-02-24 00:56:50 +04:00
|
|
|
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa379337/ */
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext,
|
2019-11-06 17:24:51 +03:00
|
|
|
ULONG ulAttribute, void* pBuffer)
|
2012-02-24 00:56:50 +04:00
|
|
|
{
|
2012-02-27 20:58:14 +04:00
|
|
|
if (!phContext)
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
|
|
|
|
|
|
|
if (!pBuffer)
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
|
|
|
|
if (!check_context(context))
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
2014-06-11 00:38:16 +04:00
|
|
|
|
2012-02-27 20:58:14 +04:00
|
|
|
if (ulAttribute == SECPKG_ATTR_SIZES)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
SecPkgContext_Sizes* ContextSizes = (SecPkgContext_Sizes*)pBuffer;
|
2012-02-27 20:58:14 +04:00
|
|
|
ContextSizes->cbMaxToken = 2010;
|
2019-11-06 17:24:51 +03:00
|
|
|
ContextSizes->cbMaxSignature = 16; /* the size of expected signature is 16 bytes */
|
|
|
|
ContextSizes->cbBlockSize = 0; /* no padding */
|
2017-05-11 19:51:45 +03:00
|
|
|
ContextSizes->cbSecurityTrailer = 16; /* no security trailer appended in NTLM
|
2019-11-06 17:24:51 +03:00
|
|
|
contrary to Kerberos */
|
2012-02-27 20:58:14 +04:00
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
2014-06-11 00:38:16 +04:00
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_IDENTITY)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
SSPI_CREDENTIALS* credentials = NULL;
|
2022-10-28 09:09:27 +03:00
|
|
|
const SecPkgContext_AuthIdentity empty = { 0 };
|
2019-11-06 17:24:51 +03:00
|
|
|
SecPkgContext_AuthIdentity* AuthIdentity = (SecPkgContext_AuthIdentity*)pBuffer;
|
2022-10-28 09:09:27 +03:00
|
|
|
|
|
|
|
WINPR_ASSERT(AuthIdentity);
|
|
|
|
*AuthIdentity = empty;
|
|
|
|
|
2014-06-19 00:02:13 +04:00
|
|
|
context->UseSamFileDatabase = FALSE;
|
2014-06-11 00:38:16 +04:00
|
|
|
credentials = context->credentials;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
|
|
|
if (credentials->identity.UserLength > 0)
|
|
|
|
{
|
2022-10-28 09:09:27 +03:00
|
|
|
if (ConvertWCharNToUtf8(credentials->identity.User, credentials->identity.UserLength,
|
|
|
|
AuthIdentity->User, ARRAYSIZE(AuthIdentity->User)) <= 0)
|
2015-05-18 10:42:17 +03:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
|
|
|
}
|
2014-06-11 00:38:16 +04:00
|
|
|
|
2017-02-24 23:58:08 +03:00
|
|
|
if (credentials->identity.DomainLength > 0)
|
|
|
|
{
|
2022-10-28 09:09:27 +03:00
|
|
|
if (ConvertWCharNToUtf8(credentials->identity.Domain,
|
|
|
|
credentials->identity.DomainLength, AuthIdentity->Domain,
|
|
|
|
ARRAYSIZE(AuthIdentity->Domain)) <= 0)
|
2015-05-18 10:42:17 +03:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
|
|
|
}
|
2014-06-11 00:38:16 +04:00
|
|
|
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
2016-01-21 00:21:05 +03:00
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_NTPROOF_VALUE)
|
|
|
|
{
|
2017-05-15 19:52:39 +03:00
|
|
|
return ntlm_computeProofValue(context, (SecBuffer*)pBuffer);
|
2016-01-21 00:21:05 +03:00
|
|
|
}
|
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_RANDKEY)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
SecBuffer* randkey = NULL;
|
2019-11-06 17:24:51 +03:00
|
|
|
randkey = (SecBuffer*)pBuffer;
|
2016-01-21 00:21:05 +03:00
|
|
|
|
|
|
|
if (!sspi_SecBufferAlloc(randkey, 16))
|
|
|
|
return (SEC_E_INSUFFICIENT_MEMORY);
|
|
|
|
|
|
|
|
CopyMemory(randkey->pvBuffer, context->EncryptedRandomSessionKey, 16);
|
|
|
|
return (SEC_E_OK);
|
|
|
|
}
|
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_MIC)
|
|
|
|
{
|
2023-06-05 13:16:57 +03:00
|
|
|
SecBuffer* mic = (SecBuffer*)pBuffer;
|
|
|
|
NTLM_AUTHENTICATE_MESSAGE* message = &context->AUTHENTICATE_MESSAGE;
|
2016-01-21 00:21:05 +03:00
|
|
|
|
|
|
|
if (!sspi_SecBufferAlloc(mic, 16))
|
|
|
|
return (SEC_E_INSUFFICIENT_MEMORY);
|
|
|
|
|
|
|
|
CopyMemory(mic->pvBuffer, message->MessageIntegrityCheck, 16);
|
|
|
|
return (SEC_E_OK);
|
|
|
|
}
|
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_MIC_VALUE)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
return ntlm_computeMicValue(context, (SecBuffer*)pBuffer);
|
2016-01-21 00:21:05 +03:00
|
|
|
}
|
|
|
|
|
2023-01-23 14:03:18 +03:00
|
|
|
WLog_ERR(TAG, "TODO: Implement ulAttribute=0x%08" PRIx32, ulAttribute);
|
2012-02-27 20:58:14 +04:00
|
|
|
return SEC_E_UNSUPPORTED_FUNCTION;
|
2012-02-24 00:56:50 +04:00
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext,
|
2019-11-06 17:24:51 +03:00
|
|
|
ULONG ulAttribute, void* pBuffer)
|
2012-07-27 02:35:39 +04:00
|
|
|
{
|
|
|
|
return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_SetContextAttributesW(PCtxtHandle phContext,
|
2019-11-06 17:24:51 +03:00
|
|
|
ULONG ulAttribute, void* pBuffer,
|
|
|
|
ULONG cbBuffer)
|
2014-06-11 00:38:16 +04:00
|
|
|
{
|
|
|
|
if (!phContext)
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
|
|
|
|
|
|
|
if (!pBuffer)
|
|
|
|
return SEC_E_INVALID_PARAMETER;
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
|
|
|
|
if (!context)
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
2014-06-11 00:38:16 +04:00
|
|
|
|
|
|
|
if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_HASH)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
SecPkgContext_AuthNtlmHash* AuthNtlmHash = (SecPkgContext_AuthNtlmHash*)pBuffer;
|
2014-06-11 00:38:16 +04:00
|
|
|
|
|
|
|
if (cbBuffer < sizeof(SecPkgContext_AuthNtlmHash))
|
|
|
|
return SEC_E_INVALID_PARAMETER;
|
|
|
|
|
2014-06-19 00:02:13 +04:00
|
|
|
if (AuthNtlmHash->Version == 1)
|
|
|
|
CopyMemory(context->NtlmHash, AuthNtlmHash->NtlmHash, 16);
|
|
|
|
else if (AuthNtlmHash->Version == 2)
|
|
|
|
CopyMemory(context->NtlmV2Hash, AuthNtlmHash->NtlmHash, 16);
|
2014-06-11 00:38:16 +04:00
|
|
|
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
2014-06-18 22:42:35 +04:00
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_MESSAGE)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
SecPkgContext_AuthNtlmMessage* AuthNtlmMessage = (SecPkgContext_AuthNtlmMessage*)pBuffer;
|
2014-06-18 22:42:35 +04:00
|
|
|
|
|
|
|
if (cbBuffer < sizeof(SecPkgContext_AuthNtlmMessage))
|
|
|
|
return SEC_E_INVALID_PARAMETER;
|
|
|
|
|
|
|
|
if (AuthNtlmMessage->type == 1)
|
|
|
|
{
|
|
|
|
sspi_SecBufferFree(&context->NegotiateMessage);
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!sspi_SecBufferAlloc(&context->NegotiateMessage, AuthNtlmMessage->length))
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
CopyMemory(context->NegotiateMessage.pvBuffer, AuthNtlmMessage->buffer,
|
|
|
|
AuthNtlmMessage->length);
|
2014-06-18 22:42:35 +04:00
|
|
|
}
|
|
|
|
else if (AuthNtlmMessage->type == 2)
|
|
|
|
{
|
|
|
|
sspi_SecBufferFree(&context->ChallengeMessage);
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!sspi_SecBufferAlloc(&context->ChallengeMessage, AuthNtlmMessage->length))
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
CopyMemory(context->ChallengeMessage.pvBuffer, AuthNtlmMessage->buffer,
|
|
|
|
AuthNtlmMessage->length);
|
2014-06-18 22:42:35 +04:00
|
|
|
}
|
|
|
|
else if (AuthNtlmMessage->type == 3)
|
|
|
|
{
|
|
|
|
sspi_SecBufferFree(&context->AuthenticateMessage);
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2015-04-03 17:21:01 +03:00
|
|
|
if (!sspi_SecBufferAlloc(&context->AuthenticateMessage, AuthNtlmMessage->length))
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
CopyMemory(context->AuthenticateMessage.pvBuffer, AuthNtlmMessage->buffer,
|
|
|
|
AuthNtlmMessage->length);
|
2014-06-18 22:42:35 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_TIMESTAMP)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
SecPkgContext_AuthNtlmTimestamp* AuthNtlmTimestamp =
|
|
|
|
(SecPkgContext_AuthNtlmTimestamp*)pBuffer;
|
2014-06-18 22:42:35 +04:00
|
|
|
|
|
|
|
if (cbBuffer < sizeof(SecPkgContext_AuthNtlmTimestamp))
|
|
|
|
return SEC_E_INVALID_PARAMETER;
|
|
|
|
|
|
|
|
if (AuthNtlmTimestamp->ChallengeOrResponse)
|
|
|
|
CopyMemory(context->ChallengeTimestamp, AuthNtlmTimestamp->Timestamp, 8);
|
|
|
|
else
|
|
|
|
CopyMemory(context->Timestamp, AuthNtlmTimestamp->Timestamp, 8);
|
|
|
|
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE)
|
|
|
|
{
|
2017-02-24 23:58:08 +03:00
|
|
|
SecPkgContext_AuthNtlmClientChallenge* AuthNtlmClientChallenge =
|
2019-11-06 17:24:51 +03:00
|
|
|
(SecPkgContext_AuthNtlmClientChallenge*)pBuffer;
|
2014-06-18 22:42:35 +04:00
|
|
|
|
|
|
|
if (cbBuffer < sizeof(SecPkgContext_AuthNtlmClientChallenge))
|
|
|
|
return SEC_E_INVALID_PARAMETER;
|
|
|
|
|
|
|
|
CopyMemory(context->ClientChallenge, AuthNtlmClientChallenge->ClientChallenge, 8);
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE)
|
|
|
|
{
|
2017-02-24 23:58:08 +03:00
|
|
|
SecPkgContext_AuthNtlmServerChallenge* AuthNtlmServerChallenge =
|
2019-11-06 17:24:51 +03:00
|
|
|
(SecPkgContext_AuthNtlmServerChallenge*)pBuffer;
|
2014-06-18 22:42:35 +04:00
|
|
|
|
|
|
|
if (cbBuffer < sizeof(SecPkgContext_AuthNtlmServerChallenge))
|
|
|
|
return SEC_E_INVALID_PARAMETER;
|
|
|
|
|
|
|
|
CopyMemory(context->ServerChallenge, AuthNtlmServerChallenge->ServerChallenge, 8);
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
2014-06-11 00:38:16 +04:00
|
|
|
|
2023-01-23 14:03:18 +03:00
|
|
|
WLog_ERR(TAG, "TODO: Implement ulAttribute=%08" PRIx32, ulAttribute);
|
2014-06-11 00:38:16 +04:00
|
|
|
return SEC_E_UNSUPPORTED_FUNCTION;
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_SetContextAttributesA(PCtxtHandle phContext,
|
2019-11-06 17:24:51 +03:00
|
|
|
ULONG ulAttribute, void* pBuffer,
|
|
|
|
ULONG cbBuffer)
|
2014-06-11 00:38:16 +04:00
|
|
|
{
|
|
|
|
return ntlm_SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
|
|
|
|
}
|
|
|
|
|
2022-09-29 15:40:19 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_SetCredentialsAttributesW(PCredHandle phCredential,
|
2022-09-29 18:42:43 +03:00
|
|
|
ULONG ulAttribute, void* pBuffer,
|
|
|
|
ULONG cbBuffer)
|
2022-09-29 15:40:19 +03:00
|
|
|
{
|
|
|
|
return SEC_E_UNSUPPORTED_FUNCTION;
|
|
|
|
}
|
|
|
|
|
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_SetCredentialsAttributesA(PCredHandle phCredential,
|
2022-09-29 18:42:43 +03:00
|
|
|
ULONG ulAttribute, void* pBuffer,
|
|
|
|
ULONG cbBuffer)
|
2022-09-29 15:40:19 +03:00
|
|
|
{
|
|
|
|
return SEC_E_UNSUPPORTED_FUNCTION;
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_RevertSecurityContext(PCtxtHandle phContext)
|
2012-03-05 06:56:41 +04:00
|
|
|
{
|
2014-06-08 01:08:07 +04:00
|
|
|
return SEC_E_OK;
|
2012-03-05 06:56:41 +04:00
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
|
2019-11-06 17:24:51 +03:00
|
|
|
PSecBufferDesc pMessage, ULONG MessageSeqNo)
|
2012-02-27 05:07:42 +04:00
|
|
|
{
|
2023-05-16 17:40:33 +03:00
|
|
|
const UINT32 SeqNo = MessageSeqNo;
|
|
|
|
UINT32 value = 0;
|
2022-03-14 16:50:32 +03:00
|
|
|
BYTE digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
|
|
|
|
BYTE checksum[8] = { 0 };
|
2012-05-22 04:39:45 +04:00
|
|
|
ULONG version = 1;
|
2012-03-24 08:14:45 +04:00
|
|
|
PSecBuffer data_buffer = NULL;
|
|
|
|
PSecBuffer signature_buffer = NULL;
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
|
|
|
|
if (!check_context(context))
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
2012-02-27 05:07:42 +04:00
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
for (ULONG index = 0; index < pMessage->cBuffers; index++)
|
2012-02-27 05:07:42 +04:00
|
|
|
{
|
2020-06-17 13:18:42 +03:00
|
|
|
SecBuffer* cur = &pMessage->pBuffers[index];
|
|
|
|
|
|
|
|
if (cur->BufferType & SECBUFFER_DATA)
|
|
|
|
data_buffer = cur;
|
|
|
|
else if (cur->BufferType & SECBUFFER_TOKEN)
|
|
|
|
signature_buffer = cur;
|
2012-02-27 05:07:42 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!data_buffer)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
|
|
|
if (!signature_buffer)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
|
|
|
/* Copy original data buffer */
|
2023-05-16 17:40:33 +03:00
|
|
|
ULONG length = data_buffer->cbBuffer;
|
|
|
|
void* data = malloc(length);
|
2014-06-07 01:20:34 +04:00
|
|
|
|
|
|
|
if (!data)
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
|
2012-05-24 23:19:11 +04:00
|
|
|
CopyMemory(data, data_buffer->pvBuffer, length);
|
2012-02-27 08:41:59 +04:00
|
|
|
/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
|
2023-05-16 17:40:33 +03:00
|
|
|
WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (hmac &&
|
|
|
|
winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH))
|
2016-11-21 19:28:54 +03:00
|
|
|
{
|
2016-11-24 16:53:19 +03:00
|
|
|
Data_Write_UINT32(&value, SeqNo);
|
2019-11-06 17:24:51 +03:00
|
|
|
winpr_HMAC_Update(hmac, (void*)&value, 4);
|
2024-08-29 12:11:11 +03:00
|
|
|
winpr_HMAC_Update(hmac, data, length);
|
2016-11-24 16:53:19 +03:00
|
|
|
winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
|
|
|
|
winpr_HMAC_Free(hmac);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
winpr_HMAC_Free(hmac);
|
2016-11-21 19:28:54 +03:00
|
|
|
free(data);
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
}
|
|
|
|
|
2012-02-27 05:07:42 +04:00
|
|
|
/* Encrypt message using with RC4, result overwrites original buffer */
|
2020-06-17 13:18:42 +03:00
|
|
|
if ((data_buffer->BufferType & SECBUFFER_READONLY) == 0)
|
|
|
|
{
|
|
|
|
if (context->confidentiality)
|
|
|
|
winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*)data,
|
|
|
|
(BYTE*)data_buffer->pvBuffer);
|
|
|
|
else
|
|
|
|
CopyMemory(data_buffer->pvBuffer, data, length);
|
|
|
|
}
|
2012-04-21 01:00:00 +04:00
|
|
|
|
2012-02-27 08:41:59 +04:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2022-09-29 15:55:27 +03:00
|
|
|
WLog_DBG(TAG, "Data Buffer (length = %" PRIuz ")", length);
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, data, length);
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_DBG(TAG, "Encrypted Data Buffer (length = %" PRIu32 ")", data_buffer->cbBuffer);
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, data_buffer->pvBuffer, data_buffer->cbBuffer);
|
2012-02-27 08:41:59 +04:00
|
|
|
#endif
|
2012-05-21 02:32:22 +04:00
|
|
|
free(data);
|
2012-02-27 05:07:42 +04:00
|
|
|
/* RC4-encrypt first 8 bytes of digest */
|
2016-02-28 13:12:17 +03:00
|
|
|
winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum);
|
2020-06-17 13:18:42 +03:00
|
|
|
if ((signature_buffer->BufferType & SECBUFFER_READONLY) == 0)
|
|
|
|
{
|
2023-05-16 17:40:33 +03:00
|
|
|
BYTE* signature = signature_buffer->pvBuffer;
|
2020-06-17 13:18:42 +03:00
|
|
|
/* Concatenate version, ciphertext and sequence number to build signature */
|
|
|
|
Data_Write_UINT32(signature, version);
|
|
|
|
CopyMemory(&signature[4], (void*)checksum, 8);
|
|
|
|
Data_Write_UINT32(&signature[12], SeqNo);
|
|
|
|
}
|
2012-03-19 06:24:49 +04:00
|
|
|
context->SendSeqNum++;
|
2012-02-27 05:07:42 +04:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_DBG(TAG, "Signature (length = %" PRIu32 ")", signature_buffer->cbBuffer);
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, signature_buffer->pvBuffer, signature_buffer->cbBuffer);
|
2012-02-27 05:07:42 +04:00
|
|
|
#endif
|
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage,
|
2019-11-06 17:24:51 +03:00
|
|
|
ULONG MessageSeqNo, PULONG pfQOP)
|
2012-02-27 07:08:43 +04:00
|
|
|
{
|
2023-05-16 17:40:33 +03:00
|
|
|
const UINT32 SeqNo = (UINT32)MessageSeqNo;
|
|
|
|
UINT32 value = 0;
|
2022-03-14 16:50:32 +03:00
|
|
|
BYTE digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
|
|
|
|
BYTE checksum[8] = { 0 };
|
2012-05-23 11:08:24 +04:00
|
|
|
UINT32 version = 1;
|
2022-03-14 16:50:32 +03:00
|
|
|
BYTE expected_signature[WINPR_MD5_DIGEST_LENGTH] = { 0 };
|
2012-03-24 08:14:45 +04:00
|
|
|
PSecBuffer data_buffer = NULL;
|
|
|
|
PSecBuffer signature_buffer = NULL;
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
|
|
|
|
if (!check_context(context))
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
2012-02-27 07:08:43 +04:00
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
for (ULONG index = 0; index < pMessage->cBuffers; index++)
|
2012-02-27 07:08:43 +04:00
|
|
|
{
|
|
|
|
if (pMessage->pBuffers[index].BufferType == SECBUFFER_DATA)
|
|
|
|
data_buffer = &pMessage->pBuffers[index];
|
2012-03-24 08:14:45 +04:00
|
|
|
else if (pMessage->pBuffers[index].BufferType == SECBUFFER_TOKEN)
|
2012-02-27 07:08:43 +04:00
|
|
|
signature_buffer = &pMessage->pBuffers[index];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!data_buffer)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
|
|
|
if (!signature_buffer)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
|
|
|
/* Copy original data buffer */
|
2023-05-16 17:40:33 +03:00
|
|
|
const ULONG length = data_buffer->cbBuffer;
|
|
|
|
void* data = malloc(length);
|
2014-06-07 01:20:34 +04:00
|
|
|
|
|
|
|
if (!data)
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
|
2012-05-24 23:19:11 +04:00
|
|
|
CopyMemory(data, data_buffer->pvBuffer, length);
|
2012-02-27 07:08:43 +04:00
|
|
|
|
2012-05-24 23:19:11 +04:00
|
|
|
/* Decrypt message using with RC4, result overwrites original buffer */
|
|
|
|
|
|
|
|
if (context->confidentiality)
|
2019-11-06 17:24:51 +03:00
|
|
|
winpr_RC4_Update(context->RecvRc4Seal, length, (BYTE*)data, (BYTE*)data_buffer->pvBuffer);
|
2012-05-24 23:19:11 +04:00
|
|
|
else
|
|
|
|
CopyMemory(data_buffer->pvBuffer, data, length);
|
2012-02-27 07:08:43 +04:00
|
|
|
|
2012-02-27 08:41:59 +04:00
|
|
|
/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
|
2023-05-16 17:40:33 +03:00
|
|
|
WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (hmac &&
|
|
|
|
winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH))
|
2016-11-24 16:53:19 +03:00
|
|
|
{
|
|
|
|
Data_Write_UINT32(&value, SeqNo);
|
2019-11-06 17:24:51 +03:00
|
|
|
winpr_HMAC_Update(hmac, (void*)&value, 4);
|
2024-08-29 12:11:11 +03:00
|
|
|
winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
|
2016-11-24 16:53:19 +03:00
|
|
|
winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
|
|
|
|
winpr_HMAC_Free(hmac);
|
|
|
|
}
|
|
|
|
else
|
2016-11-21 19:28:54 +03:00
|
|
|
{
|
2016-11-24 16:53:19 +03:00
|
|
|
winpr_HMAC_Free(hmac);
|
2016-11-21 19:28:54 +03:00
|
|
|
free(data);
|
|
|
|
return SEC_E_INSUFFICIENT_MEMORY;
|
|
|
|
}
|
2017-02-24 23:58:08 +03:00
|
|
|
|
2012-05-21 02:32:22 +04:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2022-09-29 15:55:27 +03:00
|
|
|
WLog_DBG(TAG, "Encrypted Data Buffer (length = %" PRIuz ")", length);
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, data, length);
|
2019-11-06 17:24:51 +03:00
|
|
|
WLog_DBG(TAG, "Data Buffer (length = %" PRIu32 ")", data_buffer->cbBuffer);
|
2014-08-19 13:49:25 +04:00
|
|
|
winpr_HexDump(TAG, WLOG_DEBUG, data_buffer->pvBuffer, data_buffer->cbBuffer);
|
2012-05-21 02:32:22 +04:00
|
|
|
#endif
|
2012-05-06 06:39:00 +04:00
|
|
|
free(data);
|
2012-02-27 07:08:43 +04:00
|
|
|
/* RC4-encrypt first 8 bytes of digest */
|
2016-02-28 13:12:17 +03:00
|
|
|
winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum);
|
2012-02-27 07:08:43 +04:00
|
|
|
/* Concatenate version, ciphertext and sequence number to build signature */
|
2016-04-27 14:43:16 +03:00
|
|
|
Data_Write_UINT32(expected_signature, version);
|
2019-11-06 17:24:51 +03:00
|
|
|
CopyMemory(&expected_signature[4], (void*)checksum, 8);
|
2016-04-27 14:43:16 +03:00
|
|
|
Data_Write_UINT32(&expected_signature[12], SeqNo);
|
2012-03-19 06:24:49 +04:00
|
|
|
context->RecvSeqNum++;
|
2012-02-27 07:08:43 +04:00
|
|
|
|
|
|
|
if (memcmp(signature_buffer->pvBuffer, expected_signature, 16) != 0)
|
|
|
|
{
|
|
|
|
/* signature verification failed! */
|
2014-08-18 20:57:08 +04:00
|
|
|
WLog_ERR(TAG, "signature verification failed, something nasty is going on!");
|
2018-11-21 17:36:31 +03:00
|
|
|
#ifdef WITH_DEBUG_NTLM
|
2014-08-18 19:22:22 +04:00
|
|
|
WLog_ERR(TAG, "Expected Signature:");
|
|
|
|
winpr_HexDump(TAG, WLOG_ERROR, expected_signature, 16);
|
|
|
|
WLog_ERR(TAG, "Actual Signature:");
|
2019-11-06 17:24:51 +03:00
|
|
|
winpr_HexDump(TAG, WLOG_ERROR, (BYTE*)signature_buffer->pvBuffer, 16);
|
2018-11-21 17:36:31 +03:00
|
|
|
#endif
|
2012-02-27 07:08:43 +04:00
|
|
|
return SEC_E_MESSAGE_ALTERED;
|
|
|
|
}
|
|
|
|
|
2012-02-27 08:41:59 +04:00
|
|
|
return SEC_E_OK;
|
|
|
|
}
|
2012-02-27 07:08:43 +04:00
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext, ULONG fQOP,
|
2019-11-06 17:24:51 +03:00
|
|
|
PSecBufferDesc pMessage, ULONG MessageSeqNo)
|
2012-02-27 08:41:59 +04:00
|
|
|
{
|
2022-05-28 01:29:28 +03:00
|
|
|
PSecBuffer data_buffer = NULL;
|
|
|
|
PSecBuffer sig_buffer = NULL;
|
2023-05-16 17:40:33 +03:00
|
|
|
UINT32 seq_no = 0;
|
2022-05-28 01:29:28 +03:00
|
|
|
BYTE digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
|
|
|
|
BYTE checksum[8] = { 0 };
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = sspi_SecureHandleGetLowerPointer(phContext);
|
|
|
|
if (!check_context(context))
|
|
|
|
return SEC_E_INVALID_HANDLE;
|
2022-05-28 01:29:28 +03:00
|
|
|
|
2022-12-05 10:58:38 +03:00
|
|
|
for (ULONG i = 0; i < pMessage->cBuffers; i++)
|
2022-05-28 01:29:28 +03:00
|
|
|
{
|
|
|
|
if (pMessage->pBuffers[i].BufferType == SECBUFFER_DATA)
|
|
|
|
data_buffer = &pMessage->pBuffers[i];
|
|
|
|
else if (pMessage->pBuffers[i].BufferType == SECBUFFER_TOKEN)
|
|
|
|
sig_buffer = &pMessage->pBuffers[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!data_buffer || !sig_buffer)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
|
2022-05-28 01:29:28 +03:00
|
|
|
|
|
|
|
if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH))
|
2024-04-11 14:01:46 +03:00
|
|
|
{
|
|
|
|
winpr_HMAC_Free(hmac);
|
2022-05-28 01:29:28 +03:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2024-04-11 14:01:46 +03:00
|
|
|
}
|
2022-05-28 01:29:28 +03:00
|
|
|
|
|
|
|
Data_Write_UINT32(&seq_no, MessageSeqNo);
|
|
|
|
winpr_HMAC_Update(hmac, (BYTE*)&seq_no, 4);
|
|
|
|
winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
|
|
|
|
winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
|
|
|
|
winpr_HMAC_Free(hmac);
|
|
|
|
|
|
|
|
winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum);
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
BYTE* signature = sig_buffer->pvBuffer;
|
2022-05-28 01:29:28 +03:00
|
|
|
Data_Write_UINT32(signature, 1L);
|
|
|
|
CopyMemory(&signature[4], checksum, 8);
|
|
|
|
Data_Write_UINT32(&signature[12], seq_no);
|
|
|
|
sig_buffer->cbBuffer = 16;
|
|
|
|
|
|
|
|
return SEC_E_OK;
|
2012-02-27 08:41:59 +04:00
|
|
|
}
|
2012-02-27 07:08:43 +04:00
|
|
|
|
2018-01-16 13:34:07 +03:00
|
|
|
static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
|
2019-11-06 17:24:51 +03:00
|
|
|
PSecBufferDesc pMessage, ULONG MessageSeqNo,
|
|
|
|
PULONG pfQOP)
|
2012-02-27 08:41:59 +04:00
|
|
|
{
|
2022-05-28 01:29:28 +03:00
|
|
|
PSecBuffer data_buffer = NULL;
|
|
|
|
PSecBuffer sig_buffer = NULL;
|
2023-05-16 17:40:33 +03:00
|
|
|
UINT32 seq_no = 0;
|
2022-05-28 01:29:28 +03:00
|
|
|
BYTE digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
|
|
|
|
BYTE checksum[8] = { 0 };
|
|
|
|
BYTE signature[16] = { 0 };
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
NTLM_CONTEXT* context = sspi_SecureHandleGetLowerPointer(phContext);
|
|
|
|
if (!check_context(context))
|
2022-05-28 01:29:28 +03:00
|
|
|
return SEC_E_INVALID_HANDLE;
|
|
|
|
|
2022-12-05 10:58:38 +03:00
|
|
|
for (ULONG i = 0; i < pMessage->cBuffers; i++)
|
2022-05-28 01:29:28 +03:00
|
|
|
{
|
|
|
|
if (pMessage->pBuffers[i].BufferType == SECBUFFER_DATA)
|
|
|
|
data_buffer = &pMessage->pBuffers[i];
|
|
|
|
else if (pMessage->pBuffers[i].BufferType == SECBUFFER_TOKEN)
|
|
|
|
sig_buffer = &pMessage->pBuffers[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!data_buffer || !sig_buffer)
|
|
|
|
return SEC_E_INVALID_TOKEN;
|
|
|
|
|
2023-05-16 17:40:33 +03:00
|
|
|
WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
|
2022-05-28 01:29:28 +03:00
|
|
|
|
|
|
|
if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH))
|
2024-04-11 12:24:43 +03:00
|
|
|
{
|
|
|
|
winpr_HMAC_Free(hmac);
|
2022-05-28 01:29:28 +03:00
|
|
|
return SEC_E_INTERNAL_ERROR;
|
2024-04-11 12:24:43 +03:00
|
|
|
}
|
2022-05-28 01:29:28 +03:00
|
|
|
|
|
|
|
Data_Write_UINT32(&seq_no, MessageSeqNo);
|
|
|
|
winpr_HMAC_Update(hmac, (BYTE*)&seq_no, 4);
|
|
|
|
winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
|
|
|
|
winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
|
|
|
|
winpr_HMAC_Free(hmac);
|
|
|
|
|
|
|
|
winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum);
|
|
|
|
|
|
|
|
Data_Write_UINT32(signature, 1L);
|
|
|
|
CopyMemory(&signature[4], checksum, 8);
|
|
|
|
Data_Write_UINT32(&signature[12], seq_no);
|
|
|
|
|
|
|
|
if (memcmp(sig_buffer->pvBuffer, signature, 16) != 0)
|
|
|
|
return SEC_E_MESSAGE_ALTERED;
|
|
|
|
|
|
|
|
return SEC_E_OK;
|
2012-02-27 07:08:43 +04:00
|
|
|
}
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
const SecurityFunctionTableA NTLM_SecurityFunctionTableA = {
|
2022-09-29 15:40:19 +03:00
|
|
|
3, /* dwVersion */
|
2019-11-06 17:24:51 +03:00
|
|
|
NULL, /* EnumerateSecurityPackages */
|
2012-03-24 09:01:28 +04:00
|
|
|
ntlm_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_AcquireCredentialsHandleA, /* AcquireCredentialsHandle */
|
|
|
|
ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
|
|
|
|
NULL, /* Reserved2 */
|
|
|
|
ntlm_InitializeSecurityContextA, /* InitializeSecurityContext */
|
|
|
|
ntlm_AcceptSecurityContext, /* AcceptSecurityContext */
|
2022-06-09 05:39:42 +03:00
|
|
|
NULL, /* CompleteAuthToken */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_DeleteSecurityContext, /* DeleteSecurityContext */
|
|
|
|
NULL, /* ApplyControlToken */
|
|
|
|
ntlm_QueryContextAttributesA, /* QueryContextAttributes */
|
|
|
|
ntlm_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
|
|
|
|
ntlm_RevertSecurityContext, /* RevertSecurityContext */
|
|
|
|
ntlm_MakeSignature, /* MakeSignature */
|
|
|
|
ntlm_VerifySignature, /* VerifySignature */
|
|
|
|
NULL, /* FreeContextBuffer */
|
|
|
|
NULL, /* QuerySecurityPackageInfo */
|
|
|
|
NULL, /* Reserved3 */
|
|
|
|
NULL, /* Reserved4 */
|
|
|
|
NULL, /* ExportSecurityContext */
|
|
|
|
NULL, /* ImportSecurityContext */
|
|
|
|
NULL, /* AddCredentials */
|
|
|
|
NULL, /* Reserved8 */
|
|
|
|
NULL, /* QuerySecurityContextToken */
|
|
|
|
ntlm_EncryptMessage, /* EncryptMessage */
|
|
|
|
ntlm_DecryptMessage, /* DecryptMessage */
|
|
|
|
ntlm_SetContextAttributesA, /* SetContextAttributes */
|
2022-09-29 15:40:19 +03:00
|
|
|
ntlm_SetCredentialsAttributesA, /* SetCredentialsAttributes */
|
2012-02-24 00:56:50 +04:00
|
|
|
};
|
2012-03-24 23:47:16 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
const SecurityFunctionTableW NTLM_SecurityFunctionTableW = {
|
2022-09-29 15:40:19 +03:00
|
|
|
3, /* dwVersion */
|
2019-11-06 17:24:51 +03:00
|
|
|
NULL, /* EnumerateSecurityPackages */
|
2012-03-24 23:47:16 +04:00
|
|
|
ntlm_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_AcquireCredentialsHandleW, /* AcquireCredentialsHandle */
|
|
|
|
ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
|
|
|
|
NULL, /* Reserved2 */
|
|
|
|
ntlm_InitializeSecurityContextW, /* InitializeSecurityContext */
|
|
|
|
ntlm_AcceptSecurityContext, /* AcceptSecurityContext */
|
2022-06-09 05:39:42 +03:00
|
|
|
NULL, /* CompleteAuthToken */
|
2019-11-06 17:24:51 +03:00
|
|
|
ntlm_DeleteSecurityContext, /* DeleteSecurityContext */
|
|
|
|
NULL, /* ApplyControlToken */
|
|
|
|
ntlm_QueryContextAttributesW, /* QueryContextAttributes */
|
|
|
|
ntlm_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
|
|
|
|
ntlm_RevertSecurityContext, /* RevertSecurityContext */
|
|
|
|
ntlm_MakeSignature, /* MakeSignature */
|
|
|
|
ntlm_VerifySignature, /* VerifySignature */
|
|
|
|
NULL, /* FreeContextBuffer */
|
|
|
|
NULL, /* QuerySecurityPackageInfo */
|
|
|
|
NULL, /* Reserved3 */
|
|
|
|
NULL, /* Reserved4 */
|
|
|
|
NULL, /* ExportSecurityContext */
|
|
|
|
NULL, /* ImportSecurityContext */
|
|
|
|
NULL, /* AddCredentials */
|
|
|
|
NULL, /* Reserved8 */
|
|
|
|
NULL, /* QuerySecurityContextToken */
|
|
|
|
ntlm_EncryptMessage, /* EncryptMessage */
|
|
|
|
ntlm_DecryptMessage, /* DecryptMessage */
|
2022-09-29 15:40:19 +03:00
|
|
|
ntlm_SetContextAttributesW, /* SetContextAttributes */
|
|
|
|
ntlm_SetCredentialsAttributesW, /* SetCredentialsAttributes */
|
2012-03-24 23:47:16 +04:00
|
|
|
};
|
2012-05-25 09:50:46 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
const SecPkgInfoA NTLM_SecPkgInfoA = {
|
|
|
|
0x00082B37, /* fCapabilities */
|
|
|
|
1, /* wVersion */
|
|
|
|
0x000A, /* wRPCID */
|
|
|
|
0x00000B48, /* cbMaxToken */
|
|
|
|
"NTLM", /* Name */
|
2012-05-25 09:50:46 +04:00
|
|
|
"NTLM Security Package" /* Comment */
|
|
|
|
};
|
|
|
|
|
2023-12-12 11:18:30 +03:00
|
|
|
static WCHAR NTLM_SecPkgInfoW_NameBuffer[32] = { 0 };
|
|
|
|
static WCHAR NTLM_SecPkgInfoW_CommentBuffer[32] = { 0 };
|
2012-06-04 03:59:35 +04:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
const SecPkgInfoW NTLM_SecPkgInfoW = {
|
2023-12-12 11:18:30 +03:00
|
|
|
0x00082B37, /* fCapabilities */
|
|
|
|
1, /* wVersion */
|
|
|
|
0x000A, /* wRPCID */
|
|
|
|
0x00000B48, /* cbMaxToken */
|
|
|
|
NTLM_SecPkgInfoW_NameBuffer, /* Name */
|
|
|
|
NTLM_SecPkgInfoW_CommentBuffer /* Comment */
|
2012-05-25 09:50:46 +04:00
|
|
|
};
|
2022-03-14 16:50:32 +03:00
|
|
|
|
|
|
|
char* ntlm_negotiate_flags_string(char* buffer, size_t size, UINT32 flags)
|
|
|
|
{
|
|
|
|
if (!buffer || (size == 0))
|
|
|
|
return buffer;
|
|
|
|
|
2024-08-26 16:39:33 +03:00
|
|
|
(void)_snprintf(buffer, size, "[0x%08" PRIx32 "] ", flags);
|
2022-03-28 11:32:08 +03:00
|
|
|
|
2023-12-12 11:18:30 +03:00
|
|
|
for (int x = 0; x < 31; x++)
|
2022-05-28 01:29:28 +03:00
|
|
|
{
|
|
|
|
const UINT32 mask = 1 << x;
|
|
|
|
size_t len = strnlen(buffer, size);
|
|
|
|
if (flags & mask)
|
2022-03-14 16:50:32 +03:00
|
|
|
{
|
2022-05-28 01:29:28 +03:00
|
|
|
const char* str = ntlm_get_negotiate_string(mask);
|
|
|
|
const size_t flen = strlen(str);
|
|
|
|
|
2022-06-23 08:57:38 +03:00
|
|
|
if ((len > 0) && (buffer[len - 1] != ' '))
|
|
|
|
{
|
|
|
|
if (size - len < 1)
|
|
|
|
break;
|
|
|
|
winpr_str_append("|", buffer, size, NULL);
|
|
|
|
len++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (size - len < flen)
|
|
|
|
break;
|
|
|
|
winpr_str_append(str, buffer, size, NULL);
|
|
|
|
}
|
|
|
|
}
|
2022-03-28 11:32:08 +03:00
|
|
|
|
2022-03-14 16:50:32 +03:00
|
|
|
return buffer;
|
|
|
|
}
|
|
|
|
|
|
|
|
const char* ntlm_message_type_string(UINT32 messageType)
|
|
|
|
{
|
|
|
|
switch (messageType)
|
|
|
|
{
|
|
|
|
case MESSAGE_TYPE_NEGOTIATE:
|
|
|
|
return "MESSAGE_TYPE_NEGOTIATE";
|
|
|
|
case MESSAGE_TYPE_CHALLENGE:
|
|
|
|
return "MESSAGE_TYPE_CHALLENGE";
|
|
|
|
case MESSAGE_TYPE_AUTHENTICATE:
|
|
|
|
return "MESSAGE_TYPE_AUTHENTICATE";
|
|
|
|
default:
|
|
|
|
return "MESSAGE_TYPE_UNKNOWN";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
const char* ntlm_state_string(NTLM_STATE state)
|
|
|
|
{
|
|
|
|
switch (state)
|
|
|
|
{
|
|
|
|
case NTLM_STATE_INITIAL:
|
|
|
|
return "NTLM_STATE_INITIAL";
|
|
|
|
case NTLM_STATE_NEGOTIATE:
|
|
|
|
return "NTLM_STATE_NEGOTIATE";
|
|
|
|
case NTLM_STATE_CHALLENGE:
|
|
|
|
return "NTLM_STATE_CHALLENGE";
|
|
|
|
case NTLM_STATE_AUTHENTICATE:
|
|
|
|
return "NTLM_STATE_AUTHENTICATE";
|
|
|
|
case NTLM_STATE_FINAL:
|
|
|
|
return "NTLM_STATE_FINAL";
|
|
|
|
default:
|
|
|
|
return "NTLM_STATE_UNKNOWN";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
void ntlm_change_state(NTLM_CONTEXT* ntlm, NTLM_STATE state)
|
|
|
|
{
|
|
|
|
WINPR_ASSERT(ntlm);
|
|
|
|
WLog_DBG(TAG, "change state from %s to %s", ntlm_state_string(ntlm->state),
|
|
|
|
ntlm_state_string(state));
|
|
|
|
ntlm->state = state;
|
|
|
|
}
|
|
|
|
|
|
|
|
NTLM_STATE ntlm_get_state(NTLM_CONTEXT* ntlm)
|
|
|
|
{
|
|
|
|
WINPR_ASSERT(ntlm);
|
|
|
|
return ntlm->state;
|
|
|
|
}
|
2022-05-28 01:29:28 +03:00
|
|
|
|
2023-05-16 16:12:57 +03:00
|
|
|
BOOL ntlm_reset_cipher_state(PSecHandle phContext)
|
2022-05-28 01:29:28 +03:00
|
|
|
{
|
|
|
|
NTLM_CONTEXT* context = sspi_SecureHandleGetLowerPointer(phContext);
|
|
|
|
|
|
|
|
if (context)
|
|
|
|
{
|
2023-05-16 17:40:33 +03:00
|
|
|
check_context(context);
|
2022-05-28 01:29:28 +03:00
|
|
|
winpr_RC4_Free(context->SendRc4Seal);
|
|
|
|
winpr_RC4_Free(context->RecvRc4Seal);
|
|
|
|
context->SendRc4Seal = winpr_RC4_New(context->RecvSealingKey, 16);
|
|
|
|
context->RecvRc4Seal = winpr_RC4_New(context->SendSealingKey, 16);
|
2023-05-16 16:12:57 +03:00
|
|
|
|
|
|
|
if (!context->SendRc4Seal)
|
|
|
|
{
|
|
|
|
WLog_ERR(TAG, "Failed to allocate context->SendRc4Seal");
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
if (!context->RecvRc4Seal)
|
|
|
|
{
|
|
|
|
WLog_ERR(TAG, "Failed to allocate context->RecvRc4Seal");
|
|
|
|
return FALSE;
|
|
|
|
}
|
2022-05-28 01:29:28 +03:00
|
|
|
}
|
2023-05-16 16:12:57 +03:00
|
|
|
|
|
|
|
return TRUE;
|
2022-05-28 01:29:28 +03:00
|
|
|
}
|
2023-12-12 11:18:30 +03:00
|
|
|
|
|
|
|
BOOL NTLM_init(void)
|
|
|
|
{
|
|
|
|
InitializeConstWCharFromUtf8(NTLM_SecPkgInfoA.Name, NTLM_SecPkgInfoW_NameBuffer,
|
|
|
|
ARRAYSIZE(NTLM_SecPkgInfoW_NameBuffer));
|
|
|
|
InitializeConstWCharFromUtf8(NTLM_SecPkgInfoA.Comment, NTLM_SecPkgInfoW_CommentBuffer,
|
|
|
|
ARRAYSIZE(NTLM_SecPkgInfoW_CommentBuffer));
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|