libwinpr-sspi: add support for MsvChannelBindings and MsvTargetName

winpr/sspi/NTLM/ntlm.c

@@ -56,6 +56,14 @@ void ntlm_SetContextWorkstation(NTLM_CONTEXT* context, char* Workstation)
 		free(Workstation);
 }
 
+void ntlm_SetContextServicePrincipalName(NTLM_CONTEXT* context, char* ServicePrincipalName)
+{
+	context->ServicePrincipalName.Length = strlen(ServicePrincipalName) * 2;
+	context->ServicePrincipalName.Buffer = (PWSTR) malloc(context->ServicePrincipalName.Length);
+	MultiByteToWideChar(CP_ACP, 0, ServicePrincipalName, strlen(ServicePrincipalName),
+			context->ServicePrincipalName.Buffer, context->ServicePrincipalName.Length / 2);
+}
+
 void ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName)
 {
 	DWORD nSize = 0;
@@ -92,7 +100,8 @@ NTLM_CONTEXT* ntlm_ContextNew()
 		context->SendVersionInfo = TRUE;
 		context->LmCompatibilityLevel = 3;
 		context->state = NTLM_STATE_INITIAL;
-		context->SuppressExtendedProtection = TRUE;
+		context->SuppressExtendedProtection = FALSE;
+		memset(context->MachineID, 0xAA, sizeof(context->MachineID));
 
 		if (context->NTLMv2)
 			context->UseMIC = TRUE;
@@ -373,8 +382,9 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
 
 		credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
 
-		sspi_CopyAuthIdentity(&context->identity, &credentials->identity);
 		ntlm_SetContextWorkstation(context, NULL);
+		ntlm_SetContextServicePrincipalName(context, pszTargetName);
+		sspi_CopyAuthIdentity(&context->identity, &credentials->identity);
 
 		sspi_SecureHandleSetLowerPointer(phNewContext, context);
 		sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NTLM_PACKAGE_NAME);

winpr/sspi/NTLM/ntlm.h

@@ -131,7 +131,7 @@ struct _NTLM_RESTRICTION_ENCODING
 	UINT32 Z4;
 	UINT32 IntegrityLevel;
 	UINT32 SubjectIntegrityLevel;
-	BYTE MachineId[32];
+	BYTE MachineID[32];
 };
 typedef struct _NTLM_RESTRICTION_ENCODING NTLM_RESTRICTION_ENCODING;
 
@@ -225,6 +225,7 @@ struct _NTLM_CONTEXT
 	NTLM_STATE state;
 	int SendSeqNum;
 	int RecvSeqNum;
+	BYTE MachineID[32];
 	BOOL SendVersionInfo;
 	BOOL confidentiality;
 	RC4_KEY SendRc4Seal;
@@ -237,6 +238,7 @@ struct _NTLM_CONTEXT
 	int LmCompatibilityLevel;
 	int SuppressExtendedProtection;
 	UNICODE_STRING Workstation;
+	UNICODE_STRING ServicePrincipalName;
 	SEC_WINNT_AUTH_IDENTITY identity;
 	SecBuffer NegotiateMessage;
 	SecBuffer ChallengeMessage;

winpr/sspi/NTLM/ntlm_av_pairs.c

@@ -289,6 +289,21 @@ void ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
 		AvPairsValueLength += 4;
 	}
 
+	//AvPairsCount++; /* MsvAvRestrictions */
+	//AvPairsValueLength += 48;
+
+	if (!context->SuppressExtendedProtection)
+	{
+		AvPairsCount++; /* MsvChannelBindings */
+		AvPairsValueLength += 16;
+
+		if (context->ServicePrincipalName.Length > 0)
+		{
+			AvPairsCount++; /* MsvAvTargetName */
+			AvPairsValueLength += context->ServicePrincipalName.Length;
+		}
+	}
+
 	size = ntlm_av_pair_list_size(AvPairsCount, AvPairsValueLength);
 
 	if (context->NTLMv2)
@@ -323,6 +338,23 @@ void ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
 		ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvFlags, (PBYTE) &flags, 4);
 	}
 
+	if (!context->SuppressExtendedProtection)
+	{
+		BYTE ChannelBindingToken[16];
+
+		ZeroMemory(ChannelBindingToken, 16);
+
+		ntlm_av_pair_add(AuthenticateTargetInfo, MsvChannelBindings,
+				ChannelBindingToken, sizeof(ChannelBindingToken));
+
+		if (context->ServicePrincipalName.Length > 0)
+		{
+			ntlm_av_pair_add(AuthenticateTargetInfo, MsvAvTargetName,
+					(PBYTE) context->ServicePrincipalName.Buffer,
+					context->ServicePrincipalName.Length);
+		}
+	}
+
 	if (context->NTLMv2)
 	{
 		NTLM_AV_PAIR* AvEOL;