mirror of https://github.com/FreeRDP/FreeRDP
libwinpr-sspi: cleanup NTLM authenticate message construction
This commit is contained in:
Marc-André Moreau
parent
ed33ac84c5
commit
4a5bd8584a
|
|
@ -312,7 +312,7 @@ int rpc_recv_fault_pdu(rpcconn_hdr_t* header)
|
|||
}
|
||||
}
|
||||
|
||||
for (index = 0; RPC_FAULT_CODES[index].name != NULL; index++)
|
||||
for (index = 0; RPC_TSG_FAULT_CODES[index].name != NULL; index++)
|
||||
{
|
||||
if (RPC_TSG_FAULT_CODES[index].code == code)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -306,6 +306,8 @@ LONG RegQueryValueExA(HKEY hKey, LPCSTR lpValueName,
|
|||
}
|
||||
|
||||
*lpcbData = length;
|
||||
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -113,6 +113,7 @@ NTLM_CONTEXT* ntlm_ContextNew()
|
|||
context->UseMIC = FALSE;
|
||||
context->SendVersionInfo = TRUE;
|
||||
context->SendSingleHostData = FALSE;
|
||||
context->SendWorkstationName = TRUE;
|
||||
|
||||
status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("Software\\WinPR\\NTLM"), 0, KEY_READ | KEY_WOW64_64KEY, &hKey);
|
||||
|
||||
|
|
@ -130,6 +131,20 @@ NTLM_CONTEXT* ntlm_ContextNew()
|
|||
if (RegQueryValueEx(hKey, _T("SendSingleHostData"), NULL, &dwType, (BYTE*) &dwValue, &dwSize) == ERROR_SUCCESS)
|
||||
context->SendSingleHostData = dwValue ? 1 : 0;
|
||||
|
||||
if (RegQueryValueEx(hKey, _T("SendWorkstationName"), NULL, &dwType, (BYTE*) &dwValue, &dwSize) == ERROR_SUCCESS)
|
||||
context->SendWorkstationName = dwValue ? 1 : 0;
|
||||
|
||||
if (RegQueryValueEx(hKey, _T("WorkstationName"), NULL, &dwType, NULL, &dwSize) == ERROR_SUCCESS)
|
||||
{
|
||||
char* workstation = (char*) malloc(dwSize + 1);
|
||||
|
||||
status = RegQueryValueExA(hKey, "WorkstationName", NULL, &dwType, (BYTE*) workstation, &dwSize);
|
||||
workstation[dwSize] = '\0';
|
||||
|
||||
ntlm_SetContextWorkstation(context, workstation);
|
||||
free(workstation);
|
||||
}
|
||||
|
||||
RegCloseKey(hKey);
|
||||
}
|
||||
|
||||
|
|
@ -438,7 +453,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(PCredHandle phCredenti
|
|||
|
||||
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
|
||||
|
||||
ntlm_SetContextWorkstation(context, NULL);
|
||||
if (context->Workstation.Length < 1)
|
||||
ntlm_SetContextWorkstation(context, NULL);
|
||||
|
||||
ntlm_SetContextServicePrincipalNameW(context, pszTargetName);
|
||||
sspi_CopyAuthIdentity(&context->identity, &credentials->identity);
|
||||
|
||||
|
|
|
|||
|
|
@ -238,6 +238,7 @@ struct _NTLM_CONTEXT
|
|||
UINT32 NegotiateFlags;
|
||||
int LmCompatibilityLevel;
|
||||
int SuppressExtendedProtection;
|
||||
BOOL SendWorkstationName;
|
||||
UNICODE_STRING Workstation;
|
||||
UNICODE_STRING ServicePrincipalName;
|
||||
SEC_WINNT_AUTH_IDENTITY identity;
|
||||
|
|
@ -246,6 +247,9 @@ struct _NTLM_CONTEXT
|
|||
SecPkgContext_Bindings Bindings;
|
||||
BOOL SendSingleHostData;
|
||||
NTLM_SINGLE_HOST_DATA SingleHostData;
|
||||
NTLM_NEGOTIATE_MESSAGE NEGOTIATE_MESSAGE;
|
||||
NTLM_CHALLENGE_MESSAGE CHALLENGE_MESSAGE;
|
||||
NTLM_AUTHENTICATE_MESSAGE AUTHENTICATE_MESSAGE;
|
||||
SecBuffer NegotiateMessage;
|
||||
SecBuffer ChallengeMessage;
|
||||
SecBuffer AuthenticateMessage;
|
||||
|
|
|
|||
|
|
@ -897,13 +897,17 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
|
|||
if (context->NTLMv2)
|
||||
{
|
||||
message.NegotiateFlags |= NTLMSSP_NEGOTIATE_56;
|
||||
message.NegotiateFlags |= NTLMSSP_NEGOTIATE_VERSION;
|
||||
message.NegotiateFlags |= NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
|
||||
|
||||
if (context->SendVersionInfo)
|
||||
message.NegotiateFlags |= NTLMSSP_NEGOTIATE_VERSION;
|
||||
}
|
||||
|
||||
if (context->UseMIC)
|
||||
message.NegotiateFlags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
|
||||
|
||||
if (context->SendWorkstationName)
|
||||
message.NegotiateFlags |= NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
|
||||
|
||||
if (context->confidentiality)
|
||||
message.NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
|
||||
|
||||
|
|
@ -925,11 +929,12 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
|
|||
message.Workstation.Buffer = (BYTE*) context->Workstation.Buffer;
|
||||
}
|
||||
|
||||
message.DomainName.Len = (UINT16) context->identity.DomainLength * 2;
|
||||
message.DomainName.Buffer = (BYTE*) context->identity.Domain;
|
||||
|
||||
if (message.DomainName.Len > 0)
|
||||
if (context->identity.DomainLength > 0)
|
||||
{
|
||||
message.NegotiateFlags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
|
||||
message.DomainName.Len = (UINT16) context->identity.DomainLength * 2;
|
||||
message.DomainName.Buffer = (BYTE*) context->identity.Domain;
|
||||
}
|
||||
|
||||
message.UserName.Len = (UINT16) context->identity.UserLength * 2;
|
||||
message.UserName.Buffer = (BYTE*) context->identity.User;
|
||||
|
|
@ -943,16 +948,19 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
|
|||
message.NtChallengeResponse.Len = (UINT16) context->NtChallengeResponse.cbBuffer;
|
||||
message.NtChallengeResponse.Buffer = (BYTE*) context->NtChallengeResponse.pvBuffer;
|
||||
|
||||
message.EncryptedRandomSessionKey.Len = 16;
|
||||
message.EncryptedRandomSessionKey.Buffer = context->EncryptedRandomSessionKey;
|
||||
if (message.NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
|
||||
{
|
||||
message.EncryptedRandomSessionKey.Len = 16;
|
||||
message.EncryptedRandomSessionKey.Buffer = context->EncryptedRandomSessionKey;
|
||||
}
|
||||
|
||||
PayloadBufferOffset = 64;
|
||||
|
||||
if (context->UseMIC)
|
||||
PayloadBufferOffset += 16; /* Message Integrity Check */
|
||||
|
||||
if (message.NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
||||
PayloadBufferOffset += 8;
|
||||
PayloadBufferOffset += 8; /* Version (8 bytes) */
|
||||
|
||||
if (context->UseMIC)
|
||||
PayloadBufferOffset += 16; /* Message Integrity Check (16 bytes) */
|
||||
|
||||
message.DomainName.BufferOffset = PayloadBufferOffset;
|
||||
message.UserName.BufferOffset = message.DomainName.BufferOffset + message.DomainName.Len;
|
||||
|
|
@ -963,60 +971,45 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
|
|||
|
||||
ntlm_populate_message_header((NTLM_MESSAGE_HEADER*) &message, MESSAGE_TYPE_AUTHENTICATE);
|
||||
|
||||
/* Message Header (12 bytes) */
|
||||
ntlm_write_message_header(s, (NTLM_MESSAGE_HEADER*) &message);
|
||||
ntlm_write_message_header(s, (NTLM_MESSAGE_HEADER*) &message); /* Message Header (12 bytes) */
|
||||
|
||||
/* LmChallengeResponseFields (8 bytes) */
|
||||
ntlm_write_message_fields(s, &(message.LmChallengeResponse));
|
||||
ntlm_write_message_fields(s, &(message.LmChallengeResponse)); /* LmChallengeResponseFields (8 bytes) */
|
||||
|
||||
/* NtChallengeResponseFields (8 bytes) */
|
||||
ntlm_write_message_fields(s, &(message.NtChallengeResponse));
|
||||
ntlm_write_message_fields(s, &(message.NtChallengeResponse)); /* NtChallengeResponseFields (8 bytes) */
|
||||
|
||||
/* only set if NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED is set */
|
||||
ntlm_write_message_fields(s, &(message.DomainName)); /* DomainNameFields (8 bytes) */
|
||||
|
||||
/* DomainNameFields (8 bytes) */
|
||||
ntlm_write_message_fields(s, &(message.DomainName));
|
||||
ntlm_write_message_fields(s, &(message.UserName)); /* UserNameFields (8 bytes) */
|
||||
|
||||
/* UserNameFields (8 bytes) */
|
||||
ntlm_write_message_fields(s, &(message.UserName));
|
||||
ntlm_write_message_fields(s, &(message.Workstation)); /* WorkstationFields (8 bytes) */
|
||||
|
||||
/* only set if NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED is set */
|
||||
|
||||
/* WorkstationFields (8 bytes) */
|
||||
ntlm_write_message_fields(s, &(message.Workstation));
|
||||
|
||||
/* EncryptedRandomSessionKeyFields (8 bytes) */
|
||||
ntlm_write_message_fields(s, &(message.EncryptedRandomSessionKey));
|
||||
ntlm_write_message_fields(s, &(message.EncryptedRandomSessionKey)); /* EncryptedRandomSessionKeyFields (8 bytes) */
|
||||
|
||||
Stream_Write_UINT32(s, message.NegotiateFlags); /* NegotiateFlags (4 bytes) */
|
||||
|
||||
if (message.NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
|
||||
ntlm_write_version_info(s, &(message.Version));
|
||||
ntlm_write_version_info(s, &(message.Version)); /* Version (8 bytes) */
|
||||
|
||||
if (context->UseMIC)
|
||||
{
|
||||
/* Message Integrity Check */
|
||||
MicOffset = Stream_Position(s);
|
||||
Stream_Zero(s, 16);
|
||||
Stream_Zero(s, 16); /* Message Integrity Check (16 bytes) */
|
||||
}
|
||||
|
||||
/* DomainName */
|
||||
ntlm_write_message_fields_buffer(s, &(message.DomainName));
|
||||
if (message.NegotiateFlags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
|
||||
ntlm_write_message_fields_buffer(s, &(message.DomainName)); /* DomainName */
|
||||
|
||||
/* UserName */
|
||||
ntlm_write_message_fields_buffer(s, &(message.UserName));
|
||||
ntlm_write_message_fields_buffer(s, &(message.UserName)); /* UserName */
|
||||
|
||||
/* Workstation */
|
||||
ntlm_write_message_fields_buffer(s, &(message.Workstation));
|
||||
if (message.NegotiateFlags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
|
||||
ntlm_write_message_fields_buffer(s, &(message.Workstation)); /* Workstation */
|
||||
|
||||
/* LmChallengeResponse */
|
||||
ntlm_write_message_fields_buffer(s, &(message.LmChallengeResponse));
|
||||
ntlm_write_message_fields_buffer(s, &(message.LmChallengeResponse)); /* LmChallengeResponse */
|
||||
|
||||
/* NtChallengeResponse */
|
||||
ntlm_write_message_fields_buffer(s, &(message.NtChallengeResponse));
|
||||
ntlm_write_message_fields_buffer(s, &(message.NtChallengeResponse)); /* NtChallengeResponse */
|
||||
|
||||
/* EncryptedRandomSessionKey */
|
||||
ntlm_write_message_fields_buffer(s, &(message.EncryptedRandomSessionKey));
|
||||
if (message.NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
|
||||
ntlm_write_message_fields_buffer(s, &(message.EncryptedRandomSessionKey)); /* EncryptedRandomSessionKey */
|
||||
|
||||
length = Stream_Position(s);
|
||||
sspi_SecBufferAlloc(&context->AuthenticateMessage, length);
|
||||
|
|
|
|||
Loading…
Reference in New Issue