libwinpr-sspi: add support for MsvChannelBindings and MsvTargetName

This commit is contained in:
Marc-André Moreau 2012-07-01 22:13:02 -04:00
parent 693b1787b7
commit e1e7626c56
3 changed files with 47 additions and 3 deletions

View File

@ -56,6 +56,14 @@ void ntlm_SetContextWorkstation(NTLM_CONTEXT* context, char* Workstation)
free(Workstation); free(Workstation);
} }
void ntlm_SetContextServicePrincipalName(NTLM_CONTEXT* context, char* ServicePrincipalName)
{
context->ServicePrincipalName.Length = strlen(ServicePrincipalName) * 2;
context->ServicePrincipalName.Buffer = (PWSTR) malloc(context->ServicePrincipalName.Length);
MultiByteToWideChar(CP_ACP, 0, ServicePrincipalName, strlen(ServicePrincipalName),
context->ServicePrincipalName.Buffer, context->ServicePrincipalName.Length / 2);
}
void ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName) void ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName)
{ {
DWORD nSize = 0; DWORD nSize = 0;
@ -92,7 +100,8 @@ NTLM_CONTEXT* ntlm_ContextNew()
context->SendVersionInfo = TRUE; context->SendVersionInfo = TRUE;
context->LmCompatibilityLevel = 3; context->LmCompatibilityLevel = 3;
context->state = NTLM_STATE_INITIAL; context->state = NTLM_STATE_INITIAL;
context->SuppressExtendedProtection = TRUE; context->SuppressExtendedProtection = FALSE;
memset(context->MachineID, 0xAA, sizeof(context->MachineID));
if (context->NTLMv2) if (context->NTLMv2)
context->UseMIC = TRUE; context->UseMIC = TRUE;
@ -373,8 +382,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
sspi_CopyAuthIdentity(&context->identity, &credentials->identity);
ntlm_SetContextWorkstation(context, NULL); ntlm_SetContextWorkstation(context, NULL);
ntlm_SetContextServicePrincipalName(context, pszTargetName);
sspi_CopyAuthIdentity(&context->identity, &credentials->identity);
sspi_SecureHandleSetLowerPointer(phNewContext, context); sspi_SecureHandleSetLowerPointer(phNewContext, context);
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NTLM_PACKAGE_NAME); sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NTLM_PACKAGE_NAME);

View File

@ -131,7 +131,7 @@ struct _NTLM_RESTRICTION_ENCODING
UINT32 Z4; UINT32 Z4;
UINT32 IntegrityLevel; UINT32 IntegrityLevel;
UINT32 SubjectIntegrityLevel; UINT32 SubjectIntegrityLevel;
BYTE MachineId[32]; BYTE MachineID[32];
}; };
typedef struct _NTLM_RESTRICTION_ENCODING NTLM_RESTRICTION_ENCODING; typedef struct _NTLM_RESTRICTION_ENCODING NTLM_RESTRICTION_ENCODING;
@ -225,6 +225,7 @@ struct _NTLM_CONTEXT
NTLM_STATE state; NTLM_STATE state;
int SendSeqNum; int SendSeqNum;
int RecvSeqNum; int RecvSeqNum;
BYTE MachineID[32];
BOOL SendVersionInfo; BOOL SendVersionInfo;
BOOL confidentiality; BOOL confidentiality;
RC4_KEY SendRc4Seal; RC4_KEY SendRc4Seal;
@ -237,6 +238,7 @@ struct _NTLM_CONTEXT
int LmCompatibilityLevel; int LmCompatibilityLevel;
int SuppressExtendedProtection; int SuppressExtendedProtection;
UNICODE_STRING Workstation; UNICODE_STRING Workstation;
UNICODE_STRING ServicePrincipalName;
SEC_WINNT_AUTH_IDENTITY identity; SEC_WINNT_AUTH_IDENTITY identity;
SecBuffer NegotiateMessage; SecBuffer NegotiateMessage;
SecBuffer ChallengeMessage; SecBuffer ChallengeMessage;

View File

@ -289,6 +289,21 @@ void ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
AvPairsValueLength += 4; AvPairsValueLength += 4;
} }
//AvPairsCount++; /* MsvAvRestrictions */
//AvPairsValueLength += 48;
if (!context->SuppressExtendedProtection)
{
AvPairsCount++; /* MsvChannelBindings */
AvPairsValueLength += 16;
if (context->ServicePrincipalName.Length > 0)
{
AvPairsCount++; /* MsvAvTargetName */
AvPairsValueLength += context->ServicePrincipalName.Length;
}
}
size = ntlm_av_pair_list_size(AvPairsCount, AvPairsValueLength); size = ntlm_av_pair_list_size(AvPairsCount, AvPairsValueLength);
if (context->NTLMv2) if (context->NTLMv2)
@ -323,6 +338,23 @@ void ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4); ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4);
} }
if (!context->SuppressExtendedProtection)
{
BYTE ChannelBindingToken[16];
ZeroMemory(ChannelBindingToken, 16);
ntlm_av_pair_add(AuthenticateTargetInfo, MsvChannelBindings,
ChannelBindingToken, sizeof(ChannelBindingToken));
if (context->ServicePrincipalName.Length > 0)
{
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvTargetName,
(PBYTE) context->ServicePrincipalName.Buffer,
context->ServicePrincipalName.Length);
}
}
if (context->NTLMv2) if (context->NTLMv2)
{ {
NTLM_AV_PAIR* AvEOL; NTLM_AV_PAIR* AvEOL;