mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: GSS API init, enterprise name management, variable names and format code

Browse Source
This commit is contained in:
dodo040 2017-07-03 12:47:56 +02:00 committed by Armin Novak
parent 0a3c61d305
commit e0a9999fb2
16 changed files with 1324 additions and 894 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CMakeLists.txt
View File

@ -784,9 +784,11 @@ else()
if(GSS_FLAVOUR STREQUAL "MIT")
message(STATUS "MIT Kerberos suppport")
add_definitions("-DWITH_GSSAPI -DWITH_GSSAPI_MIT")
elseif(GSS_FLAVOUR STREQUAL "HEIMDAL")
include_directories(${_GSS_INCLUDE_DIR})
elseif(GSS_FLAVOUR STREQUAL "Heimdal")
message(STATUS "Heimdal Kerberos support")
add_definitions("-DWITH_GSSAPI -DWITH_GSSAPI_HEIMDAL")
include_directories(${_GSS_INCLUDE_DIR})
else()
message(STATUS "Kerberos version not detected")
endif()

84
libfreerdp/core/gateway/ntlm.c
View File

@ -35,39 +35,36 @@
#define TAG FREERDP_TAG("core.gateway.ntlm")
BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char* password, SecPkgContext_Bindings* Bindings)
BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char* password,
SecPkgContext_Bindings* Bindings)
{
SECURITY_STATUS status;
ntlm->http = http;
ntlm->Bindings = Bindings;
ntlm->table = InitSecurityInterfaceEx(0);
if (!ntlm->table)
return FALSE;
sspi_SetAuthIdentity(&(ntlm->identity), user, domain, password);
status = ntlm->table->QuerySecurityPackageInfo(NTLMSSP_NAME, &ntlm->pPackageInfo);
status = ntlm->table->QuerySecurityPackageInfo(NTLM_SSP_NAME, &ntlm->pPackageInfo);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
return FALSE;
}
ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken;
status = ntlm->table->AcquireCredentialsHandle(NULL, NTLMSSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL,
&ntlm->credentials, &ntlm->expiration);
status = ntlm->table->AcquireCredentialsHandle(NULL, NTLM_SSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL,
&ntlm->credentials, &ntlm->expiration);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
return FALSE;
}
@ -76,7 +73,6 @@ BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char*
ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
ntlm->fContextReq = 0;
if (ntlm->http)
@ -87,12 +83,11 @@ BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, char* user, char* domain, char*
else
{
/**
* flags for RPC authentication:
* RPC_C_AUTHN_LEVEL_PKT_INTEGRITY:
* ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH |
* ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT
*/
* flags for RPC authentication:
* RPC_C_AUTHN_LEVEL_PKT_INTEGRITY:
* ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH |
* ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT
*/
ntlm->fContextReq |= ISC_REQ_USE_DCE_STYLE;
ntlm->fContextReq |= ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH;
ntlm->fContextReq |= ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT;
@ -106,7 +101,6 @@ BOOL ntlm_client_make_spn(rdpNtlm* ntlm, LPCTSTR ServiceClass, char* hostname)
BOOL status = FALSE;
DWORD SpnLength = 0;
LPTSTR hostnameX = NULL;
#ifdef UNICODE
ConvertToUnicode(CP_UTF8, 0, hostname, -1, (LPWSTR*) &hostnameX, 0);
#else
@ -119,7 +113,6 @@ BOOL ntlm_client_make_spn(rdpNtlm* ntlm, LPCTSTR ServiceClass, char* hostname)
if (!ServiceClass)
{
ntlm->ServicePrincipalName = (LPTSTR) _tcsdup(hostnameX);
free(hostnameX);
if (!ntlm->ServicePrincipalName)
@ -136,14 +129,13 @@ BOOL ntlm_client_make_spn(rdpNtlm* ntlm, LPCTSTR ServiceClass, char* hostname)
if (!ntlm->ServicePrincipalName)
goto error;
if (DsMakeSpn(ServiceClass, hostnameX, NULL, 0, NULL, &SpnLength, ntlm->ServicePrincipalName) != ERROR_SUCCESS)
if (DsMakeSpn(ServiceClass, hostnameX, NULL, 0, NULL, &SpnLength,
ntlm->ServicePrincipalName) != ERROR_SUCCESS)
goto error;
status = TRUE;
error:
free(hostnameX);
return status;
}
@ -228,38 +220,38 @@ BOOL ntlm_authenticate(rdpNtlm* ntlm)
}
status = ntlm->table->InitializeSecurityContext(&ntlm->credentials,
(ntlm->haveContext) ? &ntlm->context : NULL,
(ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL,
ntlm->fContextReq, 0, SECURITY_NATIVE_DREP,
(ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL,
0, &ntlm->context, &ntlm->outputBufferDesc,
&ntlm->pfContextAttr, &ntlm->expiration);
(ntlm->haveContext) ? &ntlm->context : NULL,
(ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL,
ntlm->fContextReq, 0, SECURITY_NATIVE_DREP,
(ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL,
0, &ntlm->context, &ntlm->outputBufferDesc,
&ntlm->pfContextAttr, &ntlm->expiration);
WLog_VRB(TAG, "InitializeSecurityContext status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_E_OK))
if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) ||
(status == SEC_E_OK))
{
if ((status != SEC_E_OK) && ntlm->table->CompleteAuthToken)
{
SECURITY_STATUS cStatus;
cStatus = ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
if (cStatus != SEC_E_OK)
{
WLog_WARN(TAG, "CompleteAuthToken status %s [0x%08"PRIX32"]",
GetSecurityStatusString(cStatus), cStatus);
GetSecurityStatusString(cStatus), cStatus);
return FALSE;
}
}
status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes);
status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES,
&ntlm->ContextSizes);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
return FALSE;
}
@ -277,7 +269,6 @@ BOOL ntlm_authenticate(rdpNtlm* ntlm)
ntlm->haveInputBuffer = TRUE;
ntlm->haveContext = TRUE;
return (status == SEC_I_CONTINUE_NEEDED) ? TRUE : FALSE;
}
@ -285,38 +276,40 @@ void ntlm_client_uninit(rdpNtlm* ntlm)
{
free(ntlm->identity.User);
ntlm->identity.User = NULL;
free(ntlm->identity.Domain);
ntlm->identity.Domain = NULL;
free(ntlm->identity.Password);
ntlm->identity.Password = NULL;
free(ntlm->ServicePrincipalName);
ntlm->ServicePrincipalName = NULL;
if (ntlm->table)
{
SECURITY_STATUS status;
status = ntlm->table->FreeCredentialsHandle(&ntlm->credentials);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "FreeCredentialsHandle status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
}
status = ntlm->table->FreeContextBuffer(ntlm->pPackageInfo);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "FreeContextBuffer status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
}
status = ntlm->table->DeleteSecurityContext(&ntlm->context);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "DeleteSecurityContext status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
}
ntlm->table = NULL;
}
}
@ -324,9 +317,7 @@ void ntlm_client_uninit(rdpNtlm* ntlm)
rdpNtlm* ntlm_new()
{
rdpNtlm* ntlm;
ntlm = (rdpNtlm*) calloc(1, sizeof(rdpNtlm));
return ntlm;
}
@ -342,6 +333,5 @@ void ntlm_free(rdpNtlm* ntlm)
}
ntlm_client_uninit(ntlm);
free(ntlm);
}

12
libfreerdp/core/nla.h
View File

@ -38,12 +38,12 @@ typedef struct rdp_nla rdpNla;
enum _NLA_STATE
{
NLA_STATE_INITIAL,
NLA_STATE_NEGO_TOKEN,
NLA_STATE_PUB_KEY_AUTH,
NLA_STATE_AUTH_INFO,
NLA_STATE_POST_NEGO,
NLA_STATE_FINAL
NLA_STATE_INITIAL,
NLA_STATE_NEGO_TOKEN,
NLA_STATE_PUB_KEY_AUTH,
NLA_STATE_AUTH_INFO,
NLA_STATE_POST_NEGO,
NLA_STATE_FINAL
};
typedef enum _NLA_STATE NLA_STATE;

235
winpr/include/winpr/sspi.h
View File

@ -92,9 +92,9 @@ typedef SecPkgInfoW* PSecPkgInfoW;
#define PSecPkgInfo PSecPkgInfoA
#endif
#define NTLMSSP_NAME _T("NTLM")
#define NTLM_SSP_NAME _T("NTLM")
#define KERBEROS_SSP_NAME _T("Kerberos")
#define NEGOSSP_NAME _T("Negotiate")
#define NEGO_SSP_NAME _T("Negotiate")
#endif
@ -598,7 +598,7 @@ typedef struct _SEC_WINNT_AUTH_IDENTITY_W
UINT16* Password;
UINT32 PasswordLength;
UINT32 Flags;
} SEC_WINNT_AUTH_IDENTITY_W,*PSEC_WINNT_AUTH_IDENTITY_W;
} SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
typedef struct _SEC_WINNT_AUTH_IDENTITY_A
{
@ -610,7 +610,7 @@ typedef struct _SEC_WINNT_AUTH_IDENTITY_A
BYTE* Password;
UINT32 PasswordLength;
UINT32 Flags;
} SEC_WINNT_AUTH_IDENTITY_A,*PSEC_WINNT_AUTH_IDENTITY_A;
} SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
struct _SEC_WINNT_AUTH_IDENTITY
{
@ -645,7 +645,7 @@ typedef CtxtHandle* PCtxtHandle;
#define SecIsValidHandle(x) \
((((PSecHandle)(x))->dwLower != ((ULONG_PTR)((INT_PTR) - 1))) && \
(((PSecHandle) (x))->dwUpper != ((ULONG_PTR)((INT_PTR) - 1))))
(((PSecHandle) (x))->dwUpper != ((ULONG_PTR)((INT_PTR) - 1))))
#endif
@ -697,10 +697,13 @@ struct _SecBufferDesc
typedef struct _SecBufferDesc SecBufferDesc;
typedef SecBufferDesc* PSecBufferDesc;
typedef void (SEC_ENTRY * SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key, SECURITY_STATUS* pStatus);
typedef void (SEC_ENTRY* SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key,
SECURITY_STATUS* pStatus);
typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(ULONG* pcPackages, PSecPkgInfoA* ppPackageInfo);
typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pcPackages, PSecPkgInfoW* ppPackageInfo);
typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_A)(ULONG* pcPackages,
PSecPkgInfoA* ppPackageInfo);
typedef SECURITY_STATUS(SEC_ENTRY* ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pcPackages,
PSecPkgInfoW* ppPackageInfo);
#ifdef UNICODE
#define EnumerateSecurityPackages EnumerateSecurityPackagesW
@ -710,8 +713,10 @@ typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(ULONG* pc
#define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
#endif
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer);
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer);
typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer);
typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer);
#ifdef UNICODE
#define QueryCredentialsAttributes QueryCredentialsAttributesW
@ -721,12 +726,14 @@ typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHan
#define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
#endif
typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(LPSTR pszPrincipal, LPSTR pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(LPWSTR pszPrincipal, LPWSTR pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_A)(LPSTR pszPrincipal,
LPSTR pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
typedef SECURITY_STATUS(SEC_ENTRY* ACQUIRE_CREDENTIALS_HANDLE_FN_W)(LPWSTR pszPrincipal,
LPWSTR pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
#ifdef UNICODE
#define AcquireCredentialsHandle AcquireCredentialsHandleW
@ -736,16 +743,18 @@ typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(LPWSTR psz
#define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
#endif
typedef SECURITY_STATUS (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential);
typedef SECURITY_STATUS(SEC_ENTRY* FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential);
typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(PCredHandle phCredential, PCtxtHandle phContext,
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(PCredHandle phCredential, PCtxtHandle phContext,
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_A)(PCredHandle phCredential,
PCtxtHandle phContext,
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
typedef SECURITY_STATUS(SEC_ENTRY* INITIALIZE_SECURITY_CONTEXT_FN_W)(PCredHandle phCredential,
PCtxtHandle phContext,
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
#ifdef UNICODE
#define InitializeSecurityContext InitializeSecurityContextW
@ -755,18 +764,23 @@ typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(PCredHand
#define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
#endif
typedef SECURITY_STATUS (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(PCredHandle phCredential, PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp);
typedef SECURITY_STATUS(SEC_ENTRY* ACCEPT_SECURITY_CONTEXT_FN)(PCredHandle phCredential,
PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp);
typedef SECURITY_STATUS (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext, PSecBufferDesc pToken);
typedef SECURITY_STATUS(SEC_ENTRY* COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext,
PSecBufferDesc pToken);
typedef SECURITY_STATUS (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
typedef SECURITY_STATUS(SEC_ENTRY* DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
typedef SECURITY_STATUS (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext, PSecBufferDesc pInput);
typedef SECURITY_STATUS(SEC_ENTRY* APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext,
PSecBufferDesc pInput);
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer);
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer);
typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext,
ULONG ulAttribute, void* pBuffer);
typedef SECURITY_STATUS(SEC_ENTRY* QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext,
ULONG ulAttribute, void* pBuffer);
#ifdef UNICODE
#define QueryContextAttributes QueryContextAttributesW
@ -776,18 +790,22 @@ typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle
#define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
#endif
typedef SECURITY_STATUS (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
typedef SECURITY_STATUS(SEC_ENTRY* IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
typedef SECURITY_STATUS (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
typedef SECURITY_STATUS(SEC_ENTRY* REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
typedef SECURITY_STATUS (SEC_ENTRY * MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
typedef SECURITY_STATUS(SEC_ENTRY* MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP,
PSecBufferDesc pMessage, ULONG MessageSeqNo);
typedef SECURITY_STATUS (SEC_ENTRY * VERIFY_SIGNATURE_FN)(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
typedef SECURITY_STATUS(SEC_ENTRY* VERIFY_SIGNATURE_FN)(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
typedef SECURITY_STATUS (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer);
typedef SECURITY_STATUS(SEC_ENTRY* FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer);
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName, PSecPkgInfoA* ppPackageInfo);
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName, PSecPkgInfoW* ppPackageInfo);
typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName,
PSecPkgInfoA* ppPackageInfo);
typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName,
PSecPkgInfoW* ppPackageInfo);
#ifdef UNICODE
#define QuerySecurityPackageInfo QuerySecurityPackageInfoW
@ -797,10 +815,13 @@ typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR
#define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
#endif
typedef SECURITY_STATUS (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, ULONG fFlags, PSecBuffer pPackedContext, HANDLE* pToken);
typedef SECURITY_STATUS(SEC_ENTRY* EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, ULONG fFlags,
PSecBuffer pPackedContext, HANDLE* pToken);
typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage, PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext);
typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage, PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext);
typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage,
PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext);
typedef SECURITY_STATUS(SEC_ENTRY* IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage,
PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext);
#ifdef UNICODE
#define ImportSecurityContext ImportSecurityContextW
@ -810,10 +831,14 @@ typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* ps
#define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
#endif
typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_A)(PCredHandle hCredentials, SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage,
UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry);
typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(PCredHandle hCredentials, SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage,
UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry);
typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_A)(PCredHandle hCredentials,
SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage,
UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument,
PTimeStamp ptsExpiry);
typedef SECURITY_STATUS(SEC_ENTRY* ADD_CREDENTIALS_FN_W)(PCredHandle hCredentials,
SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage,
UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument,
PTimeStamp ptsExpiry);
#ifdef UNICODE
#define AddCredentials AddCredentialsW
@ -823,14 +848,19 @@ typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(PCredHandle hCredenti
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
#endif
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext, HANDLE* phToken);
typedef SECURITY_STATUS(SEC_ENTRY* QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext,
HANDLE* phToken);
typedef SECURITY_STATUS (SEC_ENTRY * ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
typedef SECURITY_STATUS(SEC_ENTRY* ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP,
PSecBufferDesc pMessage, ULONG MessageSeqNo);
typedef SECURITY_STATUS (SEC_ENTRY * DECRYPT_MESSAGE_FN)(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
typedef SECURITY_STATUS(SEC_ENTRY* DECRYPT_MESSAGE_FN)(PCtxtHandle phContext,
PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
typedef SECURITY_STATUS (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer);
typedef SECURITY_STATUS (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer);
typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext,
ULONG ulAttribute, void* pBuffer, ULONG cbBuffer);
typedef SECURITY_STATUS(SEC_ENTRY* SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext,
ULONG ulAttribute, void* pBuffer, ULONG cbBuffer);
#ifdef UNICODE
#define SetContextAttributes SetContextAttributesW
@ -913,8 +943,8 @@ struct _SecurityFunctionTableW
typedef struct _SecurityFunctionTableW SecurityFunctionTableW;
typedef SecurityFunctionTableW* PSecurityFunctionTableW;
typedef PSecurityFunctionTableA (SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void);
typedef PSecurityFunctionTableW (SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(void);
typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_A)(void);
typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_W)(void);
#ifdef UNICODE
#define InitSecurityInterface InitSecurityInterfaceW
@ -934,38 +964,50 @@ extern "C" {
/* Package Management */
WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(ULONG* pcPackages, PSecPkgInfoA* ppPackageInfo);
WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(ULONG* pcPackages, PSecPkgInfoW* ppPackageInfo);
WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(ULONG* pcPackages,
PSecPkgInfoA* ppPackageInfo);
WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(ULONG* pcPackages,
PSecPkgInfoW* ppPackageInfo);
WINPR_API PSecurityFunctionTableA SEC_ENTRY InitSecurityInterfaceA(void);
WINPR_API PSecurityFunctionTableW SEC_ENTRY InitSecurityInterfaceW(void);
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName, PSecPkgInfoA* ppPackageInfo);
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName, PSecPkgInfoW* ppPackageInfo);
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName,
PSecPkgInfoA* ppPackageInfo);
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName,
PSecPkgInfoW* ppPackageInfo);
/* Credential Management */
WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal,
SEC_CHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipal,
SEC_WCHAR* pszPackage,
ULONG fCredentialUse, void* pvLogonID, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn,
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags, PSecBuffer pPackedContext, HANDLE* pToken);
WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, ULONG fFlags,
PSecBuffer pPackedContext, HANDLE* pToken);
WINPR_API SECURITY_STATUS SEC_ENTRY FreeCredentialsHandle(PCredHandle phCredential);
WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage, PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext);
WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage, PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext);
WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage,
PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext);
WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage,
PSecBuffer pPackedContext, HANDLE pToken, PCtxtHandle phContext);
WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer);
WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer);
WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer);
WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential,
ULONG ulAttribute, void* pBuffer);
/* Context Management */
WINPR_API SECURITY_STATUS SEC_ENTRY AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp);
WINPR_API SECURITY_STATUS SEC_ENTRY AcceptSecurityContext(PCredHandle phCredential,
PCtxtHandle phContext,
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp);
WINPR_API SECURITY_STATUS SEC_ENTRY ApplyControlToken(PCtxtHandle phContext, PSecBufferDesc pInput);
WINPR_API SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, PSecBufferDesc pToken);
@ -973,26 +1015,35 @@ WINPR_API SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext)
WINPR_API SECURITY_STATUS SEC_ENTRY FreeContextBuffer(void* pvContextBuffer);
WINPR_API SECURITY_STATUS SEC_ENTRY ImpersonateSecurityContext(PCtxtHandle phContext);
WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext,
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW(PCredHandle phCredential, PCtxtHandle phContext,
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA(PCredHandle phCredential,
PCtxtHandle phContext,
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW(PCredHandle phCredential,
PCtxtHandle phContext,
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer);
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext, HANDLE* phToken);
WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer);
WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext, ULONG ulAttribute,
void* pBuffer);
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext,
HANDLE* phToken);
WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext, ULONG ulAttribute,
void* pBuffer, ULONG cbBuffer);
WINPR_API SECURITY_STATUS SEC_ENTRY RevertSecurityContext(PCtxtHandle phContext);
/* Message Support */
WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage,
ULONG MessageSeqNo, PULONG pfQOP);
WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
PSecBufferDesc pMessage, ULONG MessageSeqNo);
WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP,
PSecBufferDesc pMessage, ULONG MessageSeqNo);
WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage,
ULONG MessageSeqNo, PULONG pfQOP);
#ifdef __cplusplus
}
@ -1072,8 +1123,8 @@ typedef struct _SecPkgContext_AuthNtlmMessage SecPkgContext_AuthNtlmMessage;
#define SSPI_INTERFACE_WINPR 0x00000001
#define SSPI_INTERFACE_NATIVE 0x00000002
typedef PSecurityFunctionTableA (SEC_ENTRY * INIT_SECURITY_INTERFACE_EX_A)(DWORD flags);
typedef PSecurityFunctionTableW (SEC_ENTRY * INIT_SECURITY_INTERFACE_EX_W)(DWORD flags);
typedef PSecurityFunctionTableA(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_A)(DWORD flags);
typedef PSecurityFunctionTableW(SEC_ENTRY* INIT_SECURITY_INTERFACE_EX_W)(DWORD flags);
WINPR_API void sspi_GlobalInit(void);
WINPR_API void sspi_GlobalFinish(void);
@ -1081,8 +1132,10 @@ WINPR_API void sspi_GlobalFinish(void);
WINPR_API void* sspi_SecBufferAlloc(PSecBuffer SecBuffer, ULONG size);
WINPR_API void sspi_SecBufferFree(PSecBuffer SecBuffer);
WINPR_API int sspi_SetAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, const char* user, const char* domain, const char* password);
WINPR_API int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, SEC_WINNT_AUTH_IDENTITY* srcIdentity);
WINPR_API int sspi_SetAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, const char* user,
const char* domain, const char* password);
WINPR_API int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity,
SEC_WINNT_AUTH_IDENTITY* srcIdentity);
WINPR_API const char* GetSecurityStatusString(SECURITY_STATUS status);

19
winpr/libwinpr/sspi/Kerberos/kerberos.c
View File

@ -32,6 +32,10 @@
#include "kerberos.h"
#ifdef WITH_GSSAPI_HEIMDAL
#include <krb5-protos.h>
#endif
#include "../sspi.h"
#include "../../log.h"
#define TAG WINPR_TAG("sspi.Kerberos")
@ -285,6 +289,8 @@ int init_creds(LPCWSTR username, size_t username_len, LPCWSTR password, size_t p
char* lusername = NULL;
char* lrealm = NULL;
char* lpassword = NULL;
int flags = 0;
char* pstr = NULL;
size_t krb_name_len = 0;
size_t lrealm_len = 0;
size_t lusername_len = 0;
@ -341,7 +347,14 @@ int init_creds(LPCWSTR username, size_t username_len, LPCWSTR password, size_t p
#ifdef WITH_DEBUG_NLA
WLog_DBG(TAG, "copied string is %s\n", krb_name);
#endif
ret = krb5_parse_name(ctx, krb_name, &principal);
pstr = strchr(lusername, '@');
if (pstr != NULL)
flags = KRB5_PRINCIPAL_PARSE_ENTERPRISE;
/* Use the specified principal name. */
ret = krb5_parse_name_flags(ctx, krb_name, flags,
&principal);
if (ret)
{
@ -439,9 +452,8 @@ SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(PCredHandle phCred
context->credentials->identity.Password,
context->credentials->identity.PasswordLength))
return SEC_E_NO_CREDENTIALS;
else
WLog_INFO(TAG, "Authenticated to Kerberos v5 via login/password");
WLog_INFO(TAG, "Authenticated to Kerberos v5 via login/password");
/* retry GSSAPI call */
context->major_status = sspi_gss_init_sec_context(&(context->minor_status),
context->cred, &(context->gss_ctx), context->target_name,
@ -452,6 +464,7 @@ SECURITY_STATUS SEC_ENTRY kerberos_InitializeSecurityContextA(PCredHandle phCred
if (SSPI_GSS_ERROR(context->major_status))
{
/* We can't use Kerberos */
WLog_ERR(TAG, "Init GSS security context failed : can't use Kerberos");
return SEC_E_INTERNAL_ERROR;
}
}

15
winpr/libwinpr/sspi/NTLM/ntlm.c
View File

@ -681,7 +681,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
return SEC_E_OK;
}
SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT *ntlm, SecBuffer *ntproof)
SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT* ntlm, SecBuffer* ntproof)
{
BYTE* blob;
SecBuffer* target = &ntlm->ChallengeTargetInfo;
@ -689,33 +689,29 @@ SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT *ntlm, SecBuffer *ntproof)
if (!sspi_SecBufferAlloc(ntproof, 36 + target->cbBuffer))
return SEC_E_INSUFFICIENT_MEMORY;
blob = (BYTE *)ntproof->pvBuffer;
blob = (BYTE*)ntproof->pvBuffer;
CopyMemory(blob, ntlm->ServerChallenge, 8); /* Server challenge. */
blob[8] = 1; /* Response version. */
blob[9] = 1; /* Highest response version understood by the client. */
/* Reserved 6B. */
CopyMemory(&blob[16], ntlm->Timestamp, 8); /* Time. */
CopyMemory(&blob[24], ntlm->ClientChallenge, 8); /* Client challenge. */
/* Reserved 4B. */
/* Server name. */
CopyMemory(&blob[36], target->pvBuffer, target->cbBuffer);
return SEC_E_OK;
}
SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT *ntlm, SecBuffer *micvalue)
SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT* ntlm, SecBuffer* micvalue)
{
BYTE* blob;
ULONG msgSize = ntlm->NegotiateMessage.cbBuffer + ntlm->ChallengeMessage.cbBuffer +
ntlm->AuthenticateMessage.cbBuffer;
ntlm->AuthenticateMessage.cbBuffer;
if (!sspi_SecBufferAlloc(micvalue, msgSize))
return SEC_E_INSUFFICIENT_MEMORY;
blob = (BYTE *) micvalue->pvBuffer;
blob = (BYTE*) micvalue->pvBuffer;
CopyMemory(blob, ntlm->NegotiateMessage.pvBuffer, ntlm->NegotiateMessage.cbBuffer);
blob += ntlm->NegotiateMessage.cbBuffer;
CopyMemory(blob, ntlm->ChallengeMessage.pvBuffer, ntlm->ChallengeMessage.cbBuffer);
@ -723,7 +719,6 @@ SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT *ntlm, SecBuffer *micvalue)
CopyMemory(blob, ntlm->AuthenticateMessage.pvBuffer, ntlm->AuthenticateMessage.cbBuffer);
blob += ntlm->MessageIntegrityCheckOffset;
ZeroMemory(blob, 16);
return SEC_E_OK;
}

81
winpr/libwinpr/sspi/Negotiate/negotiate.c
View File

@ -43,6 +43,36 @@ static BOOL ErrorInitContextKerberos = FALSE;
static BOOL ErrorInitContextKerberos = TRUE;
#endif
const SecPkgInfoA NEGOTIATE_SecPkgInfoA =
{
0x00083BB3, /* fCapabilities */
1, /* wVersion */
0x0009, /* wRPCID */
0x00002FE0, /* cbMaxToken */
"Negotiate", /* Name */
"Microsoft Package Negotiator" /* Comment */
};
WCHAR NEGOTIATE_SecPkgInfoW_Name[] = { 'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', '\0' };
WCHAR NEGOTIATE_SecPkgInfoW_Comment[] =
{
'M', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', ' ',
'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ',
'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'o', 'r', '\0'
};
const SecPkgInfoW NEGOTIATE_SecPkgInfoW =
{
0x00083BB3, /* fCapabilities */
1, /* wVersion */
0x0009, /* wRPCID */
0x00002FE0, /* cbMaxToken */
NEGOTIATE_SecPkgInfoW_Name, /* Name */
NEGOTIATE_SecPkgInfoW_Comment /* Comment */
};
void negotiate_SetSubPackage(NEGOTIATE_CONTEXT* context, const char* name)
{
if (strcmp(name, KERBEROS_SSP_NAME) == 0)
@ -73,7 +103,7 @@ NEGOTIATE_CONTEXT* negotiate_ContextNew()
context->NegotiateFlags = 0;
context->state = NEGOTIATE_STATE_INITIAL;
SecInvalidateHandle(&(context->SubContext));
negotiate_SetSubPackage(context, KERBEROS_SSP_NAME);
negotiate_SetSubPackage(context, (const char*) KERBEROS_SSP_NAME);
return context;
}
@ -100,7 +130,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCre
return SEC_E_INTERNAL_ERROR;
sspi_SecureHandleSetLowerPointer(phNewContext, context);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOSSP_NAME);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME);
}
/* if Kerberos has previously failed or WITH_GSSAPI is not defined, we use NTLM directly */
@ -108,7 +138,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCre
{
if (!pInput)
{
negotiate_SetSubPackage(context, KERBEROS_SSP_NAME);
negotiate_SetSubPackage(context, (const char*) KERBEROS_SSP_NAME);
}
status = context->sspiW->InitializeSecurityContextW(phCredential, &(context->SubContext),
@ -129,7 +159,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(PCredHandle phCre
if (!pInput)
{
context->sspiA->DeleteSecurityContext(&(context->SubContext));
negotiate_SetSubPackage(context, NTLMSSP_NAME);
negotiate_SetSubPackage(context, (const char*) NTLM_SSP_NAME);
}
status = context->sspiW->InitializeSecurityContextW(phCredential, &(context->SubContext),
@ -158,7 +188,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCre
return SEC_E_INTERNAL_ERROR;
sspi_SecureHandleSetLowerPointer(phNewContext, context);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOSSP_NAME);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME);
}
/* if Kerberos has previously failed or WITH_GSSAPI is not defined, we use NTLM directly */
@ -166,7 +196,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCre
{
if (!pInput)
{
negotiate_SetSubPackage(context, KERBEROS_SSP_NAME);
negotiate_SetSubPackage(context, (const char*) KERBEROS_SSP_NAME);
}
status = context->sspiA->InitializeSecurityContextA(phCredential, &(context->SubContext),
@ -187,7 +217,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCre
if (!pInput)
{
context->sspiA->DeleteSecurityContext(&(context->SubContext));
negotiate_SetSubPackage(context, NTLMSSP_NAME);
negotiate_SetSubPackage(context, (const char*) NTLM_SSP_NAME);
}
status = context->sspiA->InitializeSecurityContextA(phCredential, &(context->SubContext),
@ -215,10 +245,11 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredenti
return SEC_E_INTERNAL_ERROR;
sspi_SecureHandleSetLowerPointer(phNewContext, context);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOSSP_NAME);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME);
}
negotiate_SetSubPackage(context, NTLMSSP_NAME); /* server-side Kerberos not yet implemented */
negotiate_SetSubPackage(context,
(const char*) NTLM_SSP_NAME); /* server-side Kerberos not yet implemented */
status = context->sspiA->AcceptSecurityContext(phCredential, &(context->SubContext),
pInput, fContextReq, TargetDataRep, &(context->SubContext),
pOutput, pfContextAttr, ptsTimeStamp);
@ -400,7 +431,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW(SEC_WCHAR* pszPrin
sspi_CopyAuthIdentity(&(credentials->identity), identity);
sspi_SecureHandleSetLowerPointer(phCredential, (void*) credentials);
sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGOSSP_NAME);
sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGO_SSP_NAME);
return SEC_E_OK;
}
@ -433,7 +464,7 @@ SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleA(SEC_CHAR* pszPrinc
sspi_CopyAuthIdentity(&(credentials->identity), identity);
sspi_SecureHandleSetLowerPointer(phCredential, (void*) credentials);
sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGOSSP_NAME);
sspi_SecureHandleSetUpperPointer(phCredential, (void*) NEGO_SSP_NAME);
return SEC_E_OK;
}
@ -582,31 +613,3 @@ const SecurityFunctionTableW NEGOTIATE_SecurityFunctionTableW =
negotiate_SetContextAttributesW, /* SetContextAttributes */
};
const SecPkgInfoA NEGOTIATE_SecPkgInfoA =
{
0x00083BB3, /* fCapabilities */
1, /* wVersion */
0x0009, /* wRPCID */
0x00002FE0, /* cbMaxToken */
"Negotiate", /* Name */
"Microsoft Package Negotiator" /* Comment */
};
WCHAR NEGOTIATE_SecPkgInfoW_Name[] = { 'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', '\0' };
WCHAR NEGOTIATE_SecPkgInfoW_Comment[] =
{
'M', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', ' ',
'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ',
'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'o', 'r', '\0'
};
const SecPkgInfoW NEGOTIATE_SecPkgInfoW =
{
0x00083BB3, /* fCapabilities */
1, /* wVersion */
0x0009, /* wRPCID */
0x00002FE0, /* cbMaxToken */
NEGOTIATE_SecPkgInfoW_Name, /* Name */
NEGOTIATE_SecPkgInfoW_Comment /* Comment */
};

8
winpr/libwinpr/sspi/Negotiate/negotiate.h
View File

@ -28,10 +28,10 @@
enum _NEGOTIATE_STATE
{
NEGOTIATE_STATE_INITIAL,
NEGOTIATE_STATE_NEGOINIT,
NEGOTIATE_STATE_NEGORESP,
NEGOTIATE_STATE_FINAL
NEGOTIATE_STATE_INITIAL,
NEGOTIATE_STATE_NEGOINIT,
NEGOTIATE_STATE_NEGORESP,
NEGOTIATE_STATE_FINAL
};
typedef enum _NEGOTIATE_STATE NEGOTIATE_STATE;

56
winpr/libwinpr/sspi/sspi.h
View File

@ -53,34 +53,34 @@ void sspi_SecureHandleFree(SecHandle* handle);
enum SecurityFunctionTableIndex
{
EnumerateSecurityPackagesIndex = 1,
Reserved1Index = 2,
QueryCredentialsAttributesIndex = 3,
AcquireCredentialsHandleIndex = 4,
FreeCredentialsHandleIndex = 5,
Reserved2Index = 6,
InitializeSecurityContextIndex = 7,
AcceptSecurityContextIndex = 8,
CompleteAuthTokenIndex = 9,
DeleteSecurityContextIndex = 10,
ApplyControlTokenIndex = 11,
QueryContextAttributesIndex = 12,
ImpersonateSecurityContextIndex = 13,
RevertSecurityContextIndex = 14,
MakeSignatureIndex = 15,
VerifySignatureIndex = 16,
FreeContextBufferIndex = 17,
QuerySecurityPackageInfoIndex = 18,
Reserved3Index = 19,
Reserved4Index = 20,
ExportSecurityContextIndex = 21,
ImportSecurityContextIndex = 22,
AddCredentialsIndex = 23,
Reserved8Index = 24,
QuerySecurityContextTokenIndex = 25,
EncryptMessageIndex = 26,
DecryptMessageIndex = 27,
SetContextAttributesIndex = 28
EnumerateSecurityPackagesIndex = 1,
Reserved1Index = 2,
QueryCredentialsAttributesIndex = 3,
AcquireCredentialsHandleIndex = 4,
FreeCredentialsHandleIndex = 5,
Reserved2Index = 6,
InitializeSecurityContextIndex = 7,
AcceptSecurityContextIndex = 8,
CompleteAuthTokenIndex = 9,
DeleteSecurityContextIndex = 10,
ApplyControlTokenIndex = 11,
QueryContextAttributesIndex = 12,
ImpersonateSecurityContextIndex = 13,
RevertSecurityContextIndex = 14,
MakeSignatureIndex = 15,
VerifySignatureIndex = 16,
FreeContextBufferIndex = 17,
QuerySecurityPackageInfoIndex = 18,
Reserved3Index = 19,
Reserved4Index = 20,
ExportSecurityContextIndex = 21,
ImportSecurityContextIndex = 22,
AddCredentialsIndex = 23,
Reserved8Index = 24,
QuerySecurityContextTokenIndex = 25,
EncryptMessageIndex = 26,
DecryptMessageIndex = 27,
SetContextAttributesIndex = 28
};
BOOL IsSecurityStatusError(SECURITY_STATUS status);

1492
winpr/libwinpr/sspi/sspi_gss.c
View File

File diff suppressed because it is too large Load Diff

3
winpr/libwinpr/sspi/sspi_gss.h
View File

@ -4,6 +4,7 @@
*
* Copyright 2015 ANSSI, Author Thomas Calderon
* Copyright 2015 Marc-Andre Moreau <marcandre.moreau@gmail.com>
* Copyright 2017 Dorian Ducournau <dorian.ducournau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -870,6 +871,8 @@ struct _GSSAPI_FUNCTION_TABLE
};
typedef struct _GSSAPI_FUNCTION_TABLE GSSAPI_FUNCTION_TABLE;
GSSAPI_FUNCTION_TABLE* SEC_ENTRY gssApi_InitSecurityInterface(void);
#ifdef __cplusplus
extern "C" {
#endif

1
winpr/libwinpr/sspi/sspi_winpr.c
View File

@ -275,6 +275,7 @@ void sspi_SecBufferFree(PSecBuffer SecBuffer)
if (SecBuffer->pvBuffer)
memset(SecBuffer->pvBuffer, 0, SecBuffer->cbBuffer);
free(SecBuffer->pvBuffer);
SecBuffer->pvBuffer = NULL;
SecBuffer->cbBuffer = 0;

11
winpr/libwinpr/sspi/test/TestAcquireCredentialsHandle.c
View File

@ -16,14 +16,12 @@ int TestAcquireCredentialsHandle(int argc, char* argv[])
SEC_WINNT_AUTH_IDENTITY identity;
SecurityFunctionTable* table;
SecPkgCredentials_Names credential_names;
sspi_GlobalInit();
table = InitSecurityInterface();
identity.User = (UINT16*) _strdup(test_User);
identity.Domain = (UINT16*) _strdup(test_Domain);
identity.Password = (UINT16*) _strdup(test_Password);
if (!identity.User || !identity.Domain || !identity.Password)
{
free(identity.User);
@ -32,13 +30,13 @@ int TestAcquireCredentialsHandle(int argc, char* argv[])
fprintf(stderr, "Memory allocation failed\n");
return -1;
}
identity.UserLength = strlen(test_User);
identity.DomainLength = strlen(test_Domain);
identity.PasswordLength = strlen(test_Password);
identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
status = table->AcquireCredentialsHandle(NULL, NTLMSSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration);
status = table->AcquireCredentialsHandle(NULL, NTLM_SSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration);
if (status != SEC_E_OK)
{
@ -55,7 +53,6 @@ int TestAcquireCredentialsHandle(int argc, char* argv[])
}
sspi_GlobalFinish();
return 0;
}

33
winpr/libwinpr/sspi/test/TestInitializeSecurityContext.c
View File

@ -24,12 +24,9 @@ int TestInitializeSecurityContext(int argc, char* argv[])
PSecBuffer p_SecBuffer;
SecBuffer output_SecBuffer;
SecBufferDesc output_SecBuffer_desc;
sspi_GlobalInit();
table = InitSecurityInterface();
status = QuerySecurityPackageInfo(NTLMSSP_NAME, &pPackageInfo);
status = QuerySecurityPackageInfo(NTLM_SSP_NAME, &pPackageInfo);
if (status != SEC_E_OK)
{
@ -38,10 +35,10 @@ int TestInitializeSecurityContext(int argc, char* argv[])
}
cbMaxLen = pPackageInfo->cbMaxToken;
identity.User = (UINT16*) _strdup(test_User);
identity.Domain = (UINT16*) _strdup(test_Domain);
identity.Password = (UINT16*) _strdup(test_Password);
if (!identity.User || !identity.Domain || !identity.Password)
{
free(identity.User);
@ -55,9 +52,8 @@ int TestInitializeSecurityContext(int argc, char* argv[])
identity.DomainLength = strlen(test_Domain);
identity.PasswordLength = strlen(test_Password);
identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
status = table->AcquireCredentialsHandle(NULL, NTLMSSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration);
status = table->AcquireCredentialsHandle(NULL, NTLM_SSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &identity, NULL, NULL, &credentials, &expiration);
if (status != SEC_E_OK)
{
@ -66,9 +62,10 @@ int TestInitializeSecurityContext(int argc, char* argv[])
return -1;
}
fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE;
fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY |
ISC_REQ_DELEGATE;
output_buffer = malloc(cbMaxLen);
if (!output_buffer)
{
printf("Memory allocation failed\n");
@ -79,13 +76,11 @@ int TestInitializeSecurityContext(int argc, char* argv[])
output_SecBuffer_desc.ulVersion = 0;
output_SecBuffer_desc.cBuffers = 1;
output_SecBuffer_desc.pBuffers = &output_SecBuffer;
output_SecBuffer.cbBuffer = cbMaxLen;
output_SecBuffer.BufferType = SECBUFFER_TOKEN;
output_SecBuffer.pvBuffer = output_buffer;
status = table->InitializeSecurityContext(&credentials, NULL, NULL, fContextReq, 0, 0, NULL, 0,
&context, &output_SecBuffer_desc, &pfContextAttr, &expiration);
&context, &output_SecBuffer_desc, &pfContextAttr, &expiration);
if (status != SEC_I_CONTINUE_NEEDED)
{
@ -94,18 +89,14 @@ int TestInitializeSecurityContext(int argc, char* argv[])
return -1;
}
printf("cBuffers: %"PRIu32" ulVersion: %"PRIu32"\n", output_SecBuffer_desc.cBuffers, output_SecBuffer_desc.ulVersion);
printf("cBuffers: %"PRIu32" ulVersion: %"PRIu32"\n", output_SecBuffer_desc.cBuffers,
output_SecBuffer_desc.ulVersion);
p_SecBuffer = &output_SecBuffer_desc.pBuffers[0];
printf("BufferType: 0x%08"PRIX32" cbBuffer: %"PRIu32"\n", p_SecBuffer->BufferType, p_SecBuffer->cbBuffer);
printf("BufferType: 0x%08"PRIX32" cbBuffer: %"PRIu32"\n", p_SecBuffer->BufferType,
p_SecBuffer->cbBuffer);
table->FreeCredentialsHandle(&credentials);
FreeContextBuffer(pPackageInfo);
sspi_GlobalFinish();
return 0;
}

158
winpr/libwinpr/sspi/test/TestNTLM.c
View File

@ -11,50 +11,50 @@ static BYTE TEST_NTLM_CLIENT_CHALLENGE[8] = { 0x20, 0xc0, 0x2b, 0x3d, 0xc0, 0x61
static BYTE TEST_NTLM_SERVER_CHALLENGE[8] = { 0xa4, 0xf1, 0xba, 0xa6, 0x7c, 0xdc, 0x1a, 0x12 };
static BYTE TEST_NTLM_NEGOTIATE[] =
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x06\x03\x80\x25\x00\x00\x00\x0f";
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x06\x03\x80\x25\x00\x00\x00\x0f";
static BYTE TEST_NTLM_CHALLENGE[] =
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x02\x00\x00\x00\x00\x00\x00\x00"
"\x38\x00\x00\x00\x07\x82\x88\xa2\xa4\xf1\xba\xa6\x7c\xdc\x1a\x12"
"\x00\x00\x00\x00\x00\x00\x00\x00\x66\x00\x66\x00\x38\x00\x00\x00"
"\x06\x03\x80\x25\x00\x00\x00\x0f\x02\x00\x0e\x00\x4e\x00\x45\x00"
"\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x01\x00\x0e\x00\x4e\x00"
"\x45\x00\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x04\x00\x1c\x00"
"\x6c\x00\x61\x00\x62\x00\x2e\x00\x77\x00\x61\x00\x79\x00\x6b\x00"
"\x2e\x00\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x0e\x00"
"\x6e\x00\x65\x00\x77\x00\x79\x00\x65\x00\x61\x00\x72\x00\x07\x00"
"\x08\x00\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x00\x00\x00\x00";
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x02\x00\x00\x00\x00\x00\x00\x00"
"\x38\x00\x00\x00\x07\x82\x88\xa2\xa4\xf1\xba\xa6\x7c\xdc\x1a\x12"
"\x00\x00\x00\x00\x00\x00\x00\x00\x66\x00\x66\x00\x38\x00\x00\x00"
"\x06\x03\x80\x25\x00\x00\x00\x0f\x02\x00\x0e\x00\x4e\x00\x45\x00"
"\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x01\x00\x0e\x00\x4e\x00"
"\x45\x00\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x04\x00\x1c\x00"
"\x6c\x00\x61\x00\x62\x00\x2e\x00\x77\x00\x61\x00\x79\x00\x6b\x00"
"\x2e\x00\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x0e\x00"
"\x6e\x00\x65\x00\x77\x00\x79\x00\x65\x00\x61\x00\x72\x00\x07\x00"
"\x08\x00\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x00\x00\x00\x00";
static BYTE TEST_NTLM_AUTHENTICATE[] =
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00"
"\x82\x00\x00\x00\x08\x01\x08\x01\x9a\x00\x00\x00\x0c\x00\x0c\x00"
"\x58\x00\x00\x00\x10\x00\x10\x00\x64\x00\x00\x00\x0e\x00\x0e\x00"
"\x74\x00\x00\x00\x00\x00\x00\x00\xa2\x01\x00\x00\x05\x82\x88\xa2"
"\x06\x03\x80\x25\x00\x00\x00\x0f\x12\xe5\x5a\xf5\x80\xee\x3f\x29"
"\xe1\xde\x90\x4d\x73\x77\x06\x25\x44\x00\x6f\x00\x6d\x00\x61\x00"
"\x69\x00\x6e\x00\x55\x00\x73\x00\x65\x00\x72\x00\x6e\x00\x61\x00"
"\x6d\x00\x65\x00\x4e\x00\x45\x00\x57\x00\x59\x00\x45\x00\x41\x00"
"\x52\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x14\x68\xc8\x98\x12"
"\xe7\x39\xd8\x76\x1b\xe9\xf7\x54\xb5\xe3\x01\x01\x00\x00\x00\x00"
"\x00\x00\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x20\xc0\x2b\x3d\xc0\x61"
"\xa7\x73\x00\x00\x00\x00\x02\x00\x0e\x00\x4e\x00\x45\x00\x57\x00"
"\x59\x00\x45\x00\x41\x00\x52\x00\x01\x00\x0e\x00\x4e\x00\x45\x00"
"\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x04\x00\x1c\x00\x6c\x00"
"\x61\x00\x62\x00\x2e\x00\x77\x00\x61\x00\x79\x00\x6b\x00\x2e\x00"
"\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x0e\x00\x6e\x00"
"\x65\x00\x77\x00\x79\x00\x65\x00\x61\x00\x72\x00\x07\x00\x08\x00"
"\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x06\x00\x04\x00\x02\x00\x00\x00"
"\x08\x00\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"
"\x00\x20\x00\x00\x1e\x10\xf5\x2c\x54\x2f\x2e\x77\x1c\x13\xbf\xc3"
"\x3f\xe1\x7b\x28\x7e\x0b\x93\x5a\x39\xd2\xce\x12\xd7\xbd\x8c\x4e"
"\x2b\xb5\x0b\xf5\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x1a\x00\x48\x00\x54\x00"
"\x54\x00\x50\x00\x2f\x00\x72\x00\x77\x00\x2e\x00\x6c\x00\x6f\x00"
"\x63\x00\x61\x00\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00";
"\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00"
"\x82\x00\x00\x00\x08\x01\x08\x01\x9a\x00\x00\x00\x0c\x00\x0c\x00"
"\x58\x00\x00\x00\x10\x00\x10\x00\x64\x00\x00\x00\x0e\x00\x0e\x00"
"\x74\x00\x00\x00\x00\x00\x00\x00\xa2\x01\x00\x00\x05\x82\x88\xa2"
"\x06\x03\x80\x25\x00\x00\x00\x0f\x12\xe5\x5a\xf5\x80\xee\x3f\x29"
"\xe1\xde\x90\x4d\x73\x77\x06\x25\x44\x00\x6f\x00\x6d\x00\x61\x00"
"\x69\x00\x6e\x00\x55\x00\x73\x00\x65\x00\x72\x00\x6e\x00\x61\x00"
"\x6d\x00\x65\x00\x4e\x00\x45\x00\x57\x00\x59\x00\x45\x00\x41\x00"
"\x52\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x62\x14\x68\xc8\x98\x12"
"\xe7\x39\xd8\x76\x1b\xe9\xf7\x54\xb5\xe3\x01\x01\x00\x00\x00\x00"
"\x00\x00\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x20\xc0\x2b\x3d\xc0\x61"
"\xa7\x73\x00\x00\x00\x00\x02\x00\x0e\x00\x4e\x00\x45\x00\x57\x00"
"\x59\x00\x45\x00\x41\x00\x52\x00\x01\x00\x0e\x00\x4e\x00\x45\x00"
"\x57\x00\x59\x00\x45\x00\x41\x00\x52\x00\x04\x00\x1c\x00\x6c\x00"
"\x61\x00\x62\x00\x2e\x00\x77\x00\x61\x00\x79\x00\x6b\x00\x2e\x00"
"\x6c\x00\x6f\x00\x63\x00\x61\x00\x6c\x00\x03\x00\x0e\x00\x6e\x00"
"\x65\x00\x77\x00\x79\x00\x65\x00\x61\x00\x72\x00\x07\x00\x08\x00"
"\x33\x57\xbd\xb1\x07\x8b\xcf\x01\x06\x00\x04\x00\x02\x00\x00\x00"
"\x08\x00\x30\x00\x30\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00"
"\x00\x20\x00\x00\x1e\x10\xf5\x2c\x54\x2f\x2e\x77\x1c\x13\xbf\xc3"
"\x3f\xe1\x7b\x28\x7e\x0b\x93\x5a\x39\xd2\xce\x12\xd7\xbd\x8c\x4e"
"\x2b\xb5\x0b\xf5\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x09\x00\x1a\x00\x48\x00\x54\x00"
"\x54\x00\x50\x00\x2f\x00\x72\x00\x77\x00\x2e\x00\x6c\x00\x6f\x00"
"\x63\x00\x61\x00\x6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00";
#define TEST_SSPI_INTERFACE SSPI_INTERFACE_WINPR
@ -72,7 +72,7 @@ static const BYTE TEST_NTLM_HASH[16] =
static const BYTE TEST_NTLM_V2_HASH[16] =
{ 0x4c, 0x7f, 0x70, 0x6f, 0x7d, 0xde, 0x05, 0xa9, 0xd1, 0xa0, 0xf4, 0xe7, 0xff, 0xe3, 0xbf, 0xb8 };
#define NTLM_PACKAGE_NAME NTLMSSP_NAME
#define NTLM_PACKAGE_NAME NTLM_SSP_NAME
struct _TEST_NTLM_CLIENT
{
@ -97,7 +97,8 @@ struct _TEST_NTLM_CLIENT
};
typedef struct _TEST_NTLM_CLIENT TEST_NTLM_CLIENT;
int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char* domain, const char* password)
int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char* domain,
const char* password)
{
SECURITY_STATUS status;
SecInvalidateHandle(&(ntlm->context));
@ -108,18 +109,18 @@ int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char*
if (status != SEC_E_OK)
{
fprintf(stderr, "QuerySecurityPackageInfo status: %s (0x%08"PRIX32")\n",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
return -1;
}
ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken;
status = ntlm->table->AcquireCredentialsHandle(NULL, NTLM_PACKAGE_NAME,
SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL, &ntlm->credentials, &ntlm->expiration);
SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL, &ntlm->credentials, &ntlm->expiration);
if (status != SEC_E_OK)
{
fprintf(stderr, "AcquireCredentialsHandle status: %s (0x%08"PRIX32")\n",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
return -1;
}
@ -236,12 +237,12 @@ int test_ntlm_client_authenticate(TEST_NTLM_CLIENT* ntlm)
}
status = ntlm->table->InitializeSecurityContext(&ntlm->credentials,
(ntlm->haveContext) ? &ntlm->context : NULL,
(ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL,
ntlm->fContextReq, 0, SECURITY_NATIVE_DREP,
(ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL,
0, &ntlm->context, &ntlm->outputBufferDesc,
&ntlm->pfContextAttr, &ntlm->expiration);
(ntlm->haveContext) ? &ntlm->context : NULL,
(ntlm->ServicePrincipalName) ? ntlm->ServicePrincipalName : NULL,
ntlm->fContextReq, 0, SECURITY_NATIVE_DREP,
(ntlm->haveInputBuffer) ? &ntlm->inputBufferDesc : NULL,
0, &ntlm->context, &ntlm->outputBufferDesc,
&ntlm->pfContextAttr, &ntlm->expiration);
if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED))
{
@ -319,19 +320,19 @@ int test_ntlm_server_init(TEST_NTLM_SERVER* ntlm)
if (status != SEC_E_OK)
{
fprintf(stderr, "QuerySecurityPackageInfo status: %s (0x%08"PRIX32")\n",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
return -1;
}
ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken;
status = ntlm->table->AcquireCredentialsHandle(NULL, NTLM_PACKAGE_NAME,
SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL,
&ntlm->credentials, &ntlm->expiration);
SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL,
&ntlm->credentials, &ntlm->expiration);
if (status != SEC_E_OK)
{
fprintf(stderr, "AcquireCredentialsHandle status: %s (0x%08"PRIX32")\n",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
return -1;
}
@ -388,13 +389,14 @@ int test_ntlm_server_authenticate(TEST_NTLM_SERVER* ntlm)
ntlm->outputBuffer[0].BufferType = SECBUFFER_TOKEN;
ntlm->outputBuffer[0].cbBuffer = ntlm->cbMaxToken;
ntlm->outputBuffer[0].pvBuffer = malloc(ntlm->outputBuffer[0].cbBuffer);
if (!ntlm->outputBuffer[0].pvBuffer)
return -1;
status = ntlm->table->AcceptSecurityContext(&ntlm->credentials,
ntlm->haveContext? &ntlm->context: NULL,
&ntlm->inputBufferDesc, ntlm->fContextReq, SECURITY_NATIVE_DREP, &ntlm->context,
&ntlm->outputBufferDesc, &ntlm->pfContextAttr, &ntlm->expiration);
ntlm->haveContext ? &ntlm->context : NULL,
&ntlm->inputBufferDesc, ntlm->fContextReq, SECURITY_NATIVE_DREP, &ntlm->context,
&ntlm->outputBufferDesc, &ntlm->pfContextAttr, &ntlm->expiration);
if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED))
{
@ -402,7 +404,8 @@ int test_ntlm_server_authenticate(TEST_NTLM_SERVER* ntlm)
SecPkgContext_AuthNtlmHash AuthNtlmHash;
ZeroMemory(&AuthIdentity, sizeof(SecPkgContext_AuthIdentity));
ZeroMemory(&AuthNtlmHash, sizeof(SecPkgContext_AuthNtlmHash));
status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_AUTH_IDENTITY, &AuthIdentity);
status = ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_AUTH_IDENTITY,
&AuthIdentity);
if (status == SEC_E_OK)
{
@ -420,7 +423,7 @@ int test_ntlm_server_authenticate(TEST_NTLM_SERVER* ntlm)
}
status = ntlm->table->SetContextAttributes(&ntlm->context,
SECPKG_ATTR_AUTH_NTLM_HASH, &AuthNtlmHash, sizeof(SecPkgContext_AuthNtlmHash));
SECPKG_ATTR_AUTH_NTLM_HASH, &AuthNtlmHash, sizeof(SecPkgContext_AuthNtlmHash));
}
}
@ -436,7 +439,7 @@ int test_ntlm_server_authenticate(TEST_NTLM_SERVER* ntlm)
if ((status != SEC_E_OK) && (status != SEC_I_CONTINUE_NEEDED))
{
fprintf(stderr, "AcceptSecurityContext status: %s (0x%08"PRIX32")\n",
GetSecurityStatusString(status), status);
GetSecurityStatusString(status), status);
return -1; /* Access Denied */
}
@ -475,11 +478,13 @@ int TestNTLM(int argc, char* argv[])
* Client Initialization
*/
client = test_ntlm_client_new();
if (!client)
{
printf("Memory allocation failed");
return -1;
}
status = test_ntlm_client_init(client, TEST_NTLM_USER, TEST_NTLM_DOMAIN, TEST_NTLM_PASSWORD);
if (status < 0)
@ -492,11 +497,13 @@ int TestNTLM(int argc, char* argv[])
* Server Initialization
*/
server = test_ntlm_server_new();
if (!server)
{
printf("Memory allocation failed\n");
return -1;
}
status = test_ntlm_server_init(server);
if (status < 0)
@ -524,24 +531,25 @@ int TestNTLM(int argc, char* argv[])
CopyMemory(AuthNtlmTimestamp.Timestamp, TEST_NTLM_TIMESTAMP, 8);
AuthNtlmTimestamp.ChallengeOrResponse = TRUE;
client->table->SetContextAttributes(&client->context, SECPKG_ATTR_AUTH_NTLM_TIMESTAMP,
&AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp));
&AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp));
AuthNtlmTimestamp.ChallengeOrResponse = FALSE;
client->table->SetContextAttributes(&client->context, SECPKG_ATTR_AUTH_NTLM_TIMESTAMP,
&AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp));
&AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp));
CopyMemory(AuthNtlmClientChallenge.ClientChallenge, TEST_NTLM_CLIENT_CHALLENGE, 8);
CopyMemory(AuthNtlmServerChallenge.ServerChallenge, TEST_NTLM_SERVER_CHALLENGE, 8);
client->table->SetContextAttributes(&client->context, SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE,
&AuthNtlmClientChallenge, sizeof(SecPkgContext_AuthNtlmClientChallenge));
&AuthNtlmClientChallenge, sizeof(SecPkgContext_AuthNtlmClientChallenge));
client->table->SetContextAttributes(&client->context, SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE,
&AuthNtlmServerChallenge, sizeof(SecPkgContext_AuthNtlmServerChallenge));
&AuthNtlmServerChallenge, sizeof(SecPkgContext_AuthNtlmServerChallenge));
}
pSecBuffer = &(client->outputBuffer[0]);
if (!DynamicTest)
{
pSecBuffer->cbBuffer = sizeof(TEST_NTLM_NEGOTIATE) -1;
pSecBuffer->cbBuffer = sizeof(TEST_NTLM_NEGOTIATE) - 1;
pSecBuffer->pvBuffer = (void*) malloc(pSecBuffer->cbBuffer);
if (!pSecBuffer->pvBuffer)
{
printf("Memory allocation failed\n");
@ -577,16 +585,16 @@ int TestNTLM(int argc, char* argv[])
CopyMemory(AuthNtlmTimestamp.Timestamp, TEST_NTLM_TIMESTAMP, 8);
AuthNtlmTimestamp.ChallengeOrResponse = TRUE;
client->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_TIMESTAMP,
&AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp));
&AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp));
AuthNtlmTimestamp.ChallengeOrResponse = FALSE;
client->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_TIMESTAMP,
&AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp));
&AuthNtlmTimestamp, sizeof(SecPkgContext_AuthNtlmTimestamp));
CopyMemory(AuthNtlmClientChallenge.ClientChallenge, TEST_NTLM_CLIENT_CHALLENGE, 8);
CopyMemory(AuthNtlmServerChallenge.ServerChallenge, TEST_NTLM_SERVER_CHALLENGE, 8);
server->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE,
&AuthNtlmClientChallenge, sizeof(SecPkgContext_AuthNtlmClientChallenge));
&AuthNtlmClientChallenge, sizeof(SecPkgContext_AuthNtlmClientChallenge));
server->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE,
&AuthNtlmServerChallenge, sizeof(SecPkgContext_AuthNtlmServerChallenge));
&AuthNtlmServerChallenge, sizeof(SecPkgContext_AuthNtlmServerChallenge));
}
pSecBuffer = &(server->outputBuffer[0]);
@ -594,19 +602,21 @@ int TestNTLM(int argc, char* argv[])
if (!DynamicTest)
{
SecPkgContext_AuthNtlmMessage AuthNtlmMessage;
pSecBuffer->cbBuffer = sizeof(TEST_NTLM_CHALLENGE) -1;
pSecBuffer->cbBuffer = sizeof(TEST_NTLM_CHALLENGE) - 1;
pSecBuffer->pvBuffer = (void*) malloc(pSecBuffer->cbBuffer);
if (!pSecBuffer->pvBuffer)
{
printf("Memory allocation failed\n");
return -1;
}
CopyMemory(pSecBuffer->pvBuffer, TEST_NTLM_CHALLENGE, pSecBuffer->cbBuffer);
AuthNtlmMessage.type = 2;
AuthNtlmMessage.length = pSecBuffer->cbBuffer;
AuthNtlmMessage.buffer = (BYTE*) pSecBuffer->pvBuffer;
server->table->SetContextAttributes(&server->context, SECPKG_ATTR_AUTH_NTLM_MESSAGE,
&AuthNtlmMessage, sizeof(SecPkgContext_AuthNtlmMessage));
&AuthNtlmMessage, sizeof(SecPkgContext_AuthNtlmMessage));
}
fprintf(stderr, "NTLM_CHALLENGE (length = %"PRIu32"):\n", pSecBuffer->cbBuffer);
@ -631,13 +641,15 @@ int TestNTLM(int argc, char* argv[])
if (!DynamicTest)
{
pSecBuffer->cbBuffer = sizeof(TEST_NTLM_AUTHENTICATE) -1;
pSecBuffer->cbBuffer = sizeof(TEST_NTLM_AUTHENTICATE) - 1;
pSecBuffer->pvBuffer = (void*) malloc(pSecBuffer->cbBuffer);
if (!pSecBuffer->pvBuffer)
{
printf("Memory allocation failed\n");
return -1;
}
CopyMemory(pSecBuffer->pvBuffer, TEST_NTLM_AUTHENTICATE, pSecBuffer->cbBuffer);
}

6
winpr/libwinpr/sspi/test/TestQuerySecurityPackageInfo.c
View File

@ -8,10 +8,8 @@ int TestQuerySecurityPackageInfo(int argc, char* argv[])
{
SECURITY_STATUS status;
SecPkgInfo* pPackageInfo;
sspi_GlobalInit();
status = QuerySecurityPackageInfo(NTLMSSP_NAME, &pPackageInfo);
status = QuerySecurityPackageInfo(NTLM_SSP_NAME, &pPackageInfo);
if (status != SEC_E_OK)
{
@ -21,9 +19,7 @@ int TestQuerySecurityPackageInfo(int argc, char* argv[])
_tprintf(_T("\nQuerySecurityPackageInfo:\n"));
_tprintf(_T("\"%s\", \"%s\"\n"), pPackageInfo->Name, pPackageInfo->Comment);
sspi_GlobalFinish();
return 0;
}