Handle more NTLM attributes

This patch adds the management of more NTLM attributes.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
This commit is contained in:
davewheel 2016-01-20 22:21:05 +01:00
parent 3e19791bb7
commit a971f9e4bc
2 changed files with 91 additions and 2 deletions

View File

@ -1001,6 +1001,11 @@ extern "C" {
#define SECPKG_ATTR_AUTH_NTLM_TIMESTAMP 1101
#define SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE 1102
#define SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE 1103
#define SECPKG_ATTR_AUTH_NTLM_NTPROOF_VALUE 1104
#define SECPKG_ATTR_AUTH_NTLM_RANDKEY 1105
#define SECPKG_ATTR_AUTH_NTLM_MIC 1106
#define SECPKG_ATTR_AUTH_NTLM_MIC_VALUE 1107
struct _SecPkgContext_AuthIdentity
{

View File

@ -685,6 +685,90 @@ SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext, UL
return SEC_E_OK;
}
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_NTPROOF_VALUE)
{
BYTE *blob;
SecBuffer *ntproof, *target;
ntproof = (SecBuffer *)pBuffer;
target = &context->ChallengeTargetInfo;
if (!sspi_SecBufferAlloc(ntproof, 36 + target->cbBuffer))
return (SEC_E_INSUFFICIENT_MEMORY);
blob = (BYTE *)ntproof->pvBuffer;
/* Server challenge. */
CopyMemory(blob, context->ServerChallenge, 8);
/* Response version. */
blob[8] = 1;
/* Highest response version understood by the client. */
blob[9] = 1;
/* Reserved 6B. */
/* Time. */
CopyMemory(&blob[16], context->Timestamp, 8);
/* Client challenge. */
CopyMemory(&blob[24], context->ClientChallenge, 8);
/* Reserved 4B. */
/* Server name. */
CopyMemory(&blob[36], target->pvBuffer, target->cbBuffer);
return (SEC_E_OK);
}
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_RANDKEY)
{
SecBuffer *randkey;
randkey = (SecBuffer *) pBuffer;
if (!sspi_SecBufferAlloc(randkey, 16))
return (SEC_E_INSUFFICIENT_MEMORY);
CopyMemory(randkey->pvBuffer, context->EncryptedRandomSessionKey, 16);
return (SEC_E_OK);
}
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_MIC)
{
SecBuffer *mic;
NTLM_AUTHENTICATE_MESSAGE *message;
mic = (SecBuffer *) pBuffer;
message = &context->AUTHENTICATE_MESSAGE;
if (!sspi_SecBufferAlloc(mic, 16))
return (SEC_E_INSUFFICIENT_MEMORY);
CopyMemory(mic->pvBuffer, message->MessageIntegrityCheck, 16);
return (SEC_E_OK);
}
else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_MIC_VALUE)
{
BYTE *blob;
SecBuffer *micvalue;
ULONG msgSize = context->NegotiateMessage.cbBuffer + context->ChallengeMessage.cbBuffer +
context->AuthenticateMessage.cbBuffer;
micvalue = (SecBuffer *) pBuffer;
if (!sspi_SecBufferAlloc(micvalue, msgSize))
return (SEC_E_INSUFFICIENT_MEMORY);
blob = (BYTE *) micvalue->pvBuffer;
CopyMemory(blob, context->NegotiateMessage.pvBuffer, context->NegotiateMessage.cbBuffer);
blob += context->NegotiateMessage.cbBuffer;
CopyMemory(blob, context->ChallengeMessage.pvBuffer, context->ChallengeMessage.cbBuffer);
blob += context->ChallengeMessage.cbBuffer;
CopyMemory(blob, context->AuthenticateMessage.pvBuffer, context->AuthenticateMessage.cbBuffer);
blob += context->MessageIntegrityCheckOffset;
ZeroMemory(blob, 16);
return (SEC_E_OK);
}
return SEC_E_UNSUPPORTED_FUNCTION;
}