libwinpr-sspi: add support for MsvChannelBindings and MsvTargetName
This commit is contained in:
parent
693b1787b7
commit
e1e7626c56
@ -56,6 +56,14 @@ void ntlm_SetContextWorkstation(NTLM_CONTEXT* context, char* Workstation)
|
|||||||
free(Workstation);
|
free(Workstation);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void ntlm_SetContextServicePrincipalName(NTLM_CONTEXT* context, char* ServicePrincipalName)
|
||||||
|
{
|
||||||
|
context->ServicePrincipalName.Length = strlen(ServicePrincipalName) * 2;
|
||||||
|
context->ServicePrincipalName.Buffer = (PWSTR) malloc(context->ServicePrincipalName.Length);
|
||||||
|
MultiByteToWideChar(CP_ACP, 0, ServicePrincipalName, strlen(ServicePrincipalName),
|
||||||
|
context->ServicePrincipalName.Buffer, context->ServicePrincipalName.Length / 2);
|
||||||
|
}
|
||||||
|
|
||||||
void ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName)
|
void ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName)
|
||||||
{
|
{
|
||||||
DWORD nSize = 0;
|
DWORD nSize = 0;
|
||||||
@ -92,7 +100,8 @@ NTLM_CONTEXT* ntlm_ContextNew()
|
|||||||
context->SendVersionInfo = TRUE;
|
context->SendVersionInfo = TRUE;
|
||||||
context->LmCompatibilityLevel = 3;
|
context->LmCompatibilityLevel = 3;
|
||||||
context->state = NTLM_STATE_INITIAL;
|
context->state = NTLM_STATE_INITIAL;
|
||||||
context->SuppressExtendedProtection = TRUE;
|
context->SuppressExtendedProtection = FALSE;
|
||||||
|
memset(context->MachineID, 0xAA, sizeof(context->MachineID));
|
||||||
|
|
||||||
if (context->NTLMv2)
|
if (context->NTLMv2)
|
||||||
context->UseMIC = TRUE;
|
context->UseMIC = TRUE;
|
||||||
@ -373,8 +382,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
|
|||||||
|
|
||||||
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
|
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
|
||||||
|
|
||||||
sspi_CopyAuthIdentity(&context->identity, &credentials->identity);
|
|
||||||
ntlm_SetContextWorkstation(context, NULL);
|
ntlm_SetContextWorkstation(context, NULL);
|
||||||
|
ntlm_SetContextServicePrincipalName(context, pszTargetName);
|
||||||
|
sspi_CopyAuthIdentity(&context->identity, &credentials->identity);
|
||||||
|
|
||||||
sspi_SecureHandleSetLowerPointer(phNewContext, context);
|
sspi_SecureHandleSetLowerPointer(phNewContext, context);
|
||||||
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NTLM_PACKAGE_NAME);
|
sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NTLM_PACKAGE_NAME);
|
||||||
|
@ -131,7 +131,7 @@ struct _NTLM_RESTRICTION_ENCODING
|
|||||||
UINT32 Z4;
|
UINT32 Z4;
|
||||||
UINT32 IntegrityLevel;
|
UINT32 IntegrityLevel;
|
||||||
UINT32 SubjectIntegrityLevel;
|
UINT32 SubjectIntegrityLevel;
|
||||||
BYTE MachineId[32];
|
BYTE MachineID[32];
|
||||||
};
|
};
|
||||||
typedef struct _NTLM_RESTRICTION_ENCODING NTLM_RESTRICTION_ENCODING;
|
typedef struct _NTLM_RESTRICTION_ENCODING NTLM_RESTRICTION_ENCODING;
|
||||||
|
|
||||||
@ -225,6 +225,7 @@ struct _NTLM_CONTEXT
|
|||||||
NTLM_STATE state;
|
NTLM_STATE state;
|
||||||
int SendSeqNum;
|
int SendSeqNum;
|
||||||
int RecvSeqNum;
|
int RecvSeqNum;
|
||||||
|
BYTE MachineID[32];
|
||||||
BOOL SendVersionInfo;
|
BOOL SendVersionInfo;
|
||||||
BOOL confidentiality;
|
BOOL confidentiality;
|
||||||
RC4_KEY SendRc4Seal;
|
RC4_KEY SendRc4Seal;
|
||||||
@ -237,6 +238,7 @@ struct _NTLM_CONTEXT
|
|||||||
int LmCompatibilityLevel;
|
int LmCompatibilityLevel;
|
||||||
int SuppressExtendedProtection;
|
int SuppressExtendedProtection;
|
||||||
UNICODE_STRING Workstation;
|
UNICODE_STRING Workstation;
|
||||||
|
UNICODE_STRING ServicePrincipalName;
|
||||||
SEC_WINNT_AUTH_IDENTITY identity;
|
SEC_WINNT_AUTH_IDENTITY identity;
|
||||||
SecBuffer NegotiateMessage;
|
SecBuffer NegotiateMessage;
|
||||||
SecBuffer ChallengeMessage;
|
SecBuffer ChallengeMessage;
|
||||||
|
@ -289,6 +289,21 @@ void ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
|
|||||||
AvPairsValueLength += 4;
|
AvPairsValueLength += 4;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//AvPairsCount++; /* MsvAvRestrictions */
|
||||||
|
//AvPairsValueLength += 48;
|
||||||
|
|
||||||
|
if (!context->SuppressExtendedProtection)
|
||||||
|
{
|
||||||
|
AvPairsCount++; /* MsvChannelBindings */
|
||||||
|
AvPairsValueLength += 16;
|
||||||
|
|
||||||
|
if (context->ServicePrincipalName.Length > 0)
|
||||||
|
{
|
||||||
|
AvPairsCount++; /* MsvAvTargetName */
|
||||||
|
AvPairsValueLength += context->ServicePrincipalName.Length;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
size = ntlm_av_pair_list_size(AvPairsCount, AvPairsValueLength);
|
size = ntlm_av_pair_list_size(AvPairsCount, AvPairsValueLength);
|
||||||
|
|
||||||
if (context->NTLMv2)
|
if (context->NTLMv2)
|
||||||
@ -323,6 +338,23 @@ void ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
|
|||||||
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4);
|
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!context->SuppressExtendedProtection)
|
||||||
|
{
|
||||||
|
BYTE ChannelBindingToken[16];
|
||||||
|
|
||||||
|
ZeroMemory(ChannelBindingToken, 16);
|
||||||
|
|
||||||
|
ntlm_av_pair_add(AuthenticateTargetInfo, MsvChannelBindings,
|
||||||
|
ChannelBindingToken, sizeof(ChannelBindingToken));
|
||||||
|
|
||||||
|
if (context->ServicePrincipalName.Length > 0)
|
||||||
|
{
|
||||||
|
ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvTargetName,
|
||||||
|
(PBYTE) context->ServicePrincipalName.Buffer,
|
||||||
|
context->ServicePrincipalName.Length);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (context->NTLMv2)
|
if (context->NTLMv2)
|
||||||
{
|
{
|
||||||
NTLM_AV_PAIR* AvEOL;
|
NTLM_AV_PAIR* AvEOL;
|
||||||
|
Loading…
Reference in New Issue
Block a user