ReactOS  0.4.13-dev-563-g0561610
Classes | Macros | Typedefs | Enumerations | Functions | Variables
ntlm.h File Reference
#include <sys/types.h>
Include dependency graph for ntlm.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  tag_arc4_info
 
struct  _NegoHelper
 
struct  _NtlmCredentials
 

Macros

#define CP_UNIXCP   CP_ACP
 
#define NTLMSSP_NEGOTIATE_UNICODE   0x00000001
 
#define NTLMSSP_NEGOTIATE_OEM   0x00000002
 
#define NTLMSSP_REQUEST_TARGET   0x00000004
 
#define NTLMSSP_NEGOTIATE_SIGN   0x00000010
 
#define NTLMSSP_NEGOTIATE_SEAL   0x00000020
 
#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE   0x00000040
 
#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY   0x00000080
 
#define NTLMSSP_NEGOTIATE_NTLM   0x00000200
 
#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED   0x00001000
 
#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED   0x00002000
 
#define NTLMSSP_NEGOTIATE_LOCAL_CALL   0x00004000
 
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN   0x00008000
 
#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN   0x00010000
 
#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER   0x00020000
 
#define NTLMSSP_NEGOTIATE_NTLM2   0x00080000
 
#define NTLMSSP_NEGOTIATE_TARGET_INFO   0x00800000
 
#define NTLMSSP_NEGOTIATE_128   0x20000000
 
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE   0x40000000
 
#define NTLMSSP_NEGOTIATE_56   0x80000000
 

Typedefs

typedef enum _helper_mode HelperMode
 
typedef struct tag_arc4_info arc4_info
 
typedef struct _NegoHelper NegoHelper
 
typedef struct _NegoHelperPNegoHelper
 
typedef struct _NtlmCredentials NtlmCredentials
 
typedef struct _NtlmCredentialsPNtlmCredentials
 
typedef enum _sign_direction SignDirection
 

Enumerations

enum  _helper_mode { NTLM_SERVER, NTLM_CLIENT, NUM_HELPER_MODES }
 
enum  _sign_direction { NTLM_SEND, NTLM_RECV }
 

Functions

void SECUR32_initNTLMSP (void) DECLSPEC_HIDDEN
 
SECURITY_STATUS SECUR32_CreateNTLM1SessionKey (PBYTE password, int len, PBYTE session_key) DECLSPEC_HIDDEN
 
SECURITY_STATUS SECUR32_CreateNTLM2SubKeys (PNegoHelper helper) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW (SEC_WCHAR *, SEC_WCHAR *, ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW (PCredHandle, PCtxtHandle, SEC_WCHAR *, ULONG fContextReq, ULONG, ULONG, PSecBufferDesc, ULONG, PCtxtHandle, PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext (PCredHandle, PCtxtHandle, PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA (PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW (PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage (PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage (PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle (PCredHandle) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext (PCtxtHandle) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature (PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature (PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN
 

Variables

SecPkgInfoW *ntlm_package_infoW DECLSPEC_HIDDEN
 

Macro Definition Documentation

◆ CP_UNIXCP

#define CP_UNIXCP   CP_ACP

Definition at line 6 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_128

#define NTLMSSP_NEGOTIATE_128   0x20000000

Definition at line 93 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_56

#define NTLMSSP_NEGOTIATE_56   0x80000000

Definition at line 95 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_ALWAYS_SIGN

#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN   0x00008000

Definition at line 88 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_DATAGRAM_STYLE

#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE   0x00000040

Definition at line 82 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED

#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED   0x00001000

Definition at line 85 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_KEY_EXCHANGE

#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE   0x40000000

Definition at line 94 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_LM_SESSION_KEY

#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY   0x00000080

Definition at line 83 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_LOCAL_CALL

#define NTLMSSP_NEGOTIATE_LOCAL_CALL   0x00004000

Definition at line 87 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_NTLM

#define NTLMSSP_NEGOTIATE_NTLM   0x00000200

Definition at line 84 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_NTLM2

#define NTLMSSP_NEGOTIATE_NTLM2   0x00080000

Definition at line 91 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_OEM

#define NTLMSSP_NEGOTIATE_OEM   0x00000002

Definition at line 78 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_SEAL

#define NTLMSSP_NEGOTIATE_SEAL   0x00000020

Definition at line 81 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_SIGN

#define NTLMSSP_NEGOTIATE_SIGN   0x00000010

Definition at line 80 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_TARGET_INFO

#define NTLMSSP_NEGOTIATE_TARGET_INFO   0x00800000

Definition at line 92 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN

#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN   0x00010000

Definition at line 89 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER

#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER   0x00020000

Definition at line 90 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_UNICODE

#define NTLMSSP_NEGOTIATE_UNICODE   0x00000001

Definition at line 77 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED

#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED   0x00002000

Definition at line 86 of file ntlm.h.

◆ NTLMSSP_REQUEST_TARGET

#define NTLMSSP_REQUEST_TARGET   0x00000004

Definition at line 79 of file ntlm.h.

Typedef Documentation

◆ arc4_info

typedef struct tag_arc4_info arc4_info

◆ HelperMode

typedef enum _helper_mode HelperMode

◆ NegoHelper

typedef struct _NegoHelper NegoHelper

◆ NtlmCredentials

typedef struct _NtlmCredentials NtlmCredentials

◆ PNegoHelper

typedef struct _NegoHelper * PNegoHelper

◆ PNtlmCredentials

typedef struct _NtlmCredentials * PNtlmCredentials

◆ SignDirection

typedef enum _sign_direction SignDirection

Enumeration Type Documentation

◆ _helper_mode

enum _helper_mode
Enumerator
NTLM_SERVER 
NTLM_CLIENT 
NUM_HELPER_MODES 

Definition at line 10 of file ntlm.h.

10  {
11  NTLM_SERVER,
12  NTLM_CLIENT,
13  NUM_HELPER_MODES
14 } HelperMode;
HelperMode
enum _helper_mode HelperMode

◆ _sign_direction

enum _sign_direction
Enumerator
NTLM_SEND 
NTLM_RECV 

Definition at line 68 of file ntlm.h.

68  {
69  NTLM_SEND,
70  NTLM_RECV
71 } SignDirection;
SignDirection
enum _sign_direction SignDirection
NTLM_SEND
Definition: ntlm.h:69
NTLM_RECV
Definition: ntlm.h:70

Function Documentation

◆ ntlm_AcceptSecurityContext()

SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext ( PCredHandle  ,
PCtxtHandle  ,
PSecBufferDesc  ,
ULONG  ,
ULONG  ,
PCtxtHandle  ,
PSecBufferDesc  ,
ULONG ,
PTimeStamp   
)

Definition at line 1029 of file ntlm.c.

1033 {
1034  SECURITY_STATUS ret;
1035  char *buffer, *want_flags = NULL;
1036  PBYTE bin;
1037  int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
1038  ULONG ctxt_attr = 0;
1039  PNegoHelper helper;
1040  PNtlmCredentials ntlm_cred;
1041 
1042  TRACE("%p %p %p %d %d %p %p %p %p\n", phCredential, phContext, pInput,
1043  fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
1044  ptsExpiry);
1045 
1046  buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(char) * NTLM_MAX_BUF);
1047  bin = HeapAlloc(GetProcessHeap(),0, sizeof(BYTE) * NTLM_MAX_BUF);
1048 
1049  if(TargetDataRep == SECURITY_NETWORK_DREP){
1050  TRACE("Using SECURITY_NETWORK_DREP\n");
1051  }
1052 
1053  if(phContext == NULL)
1054  {
1055  static CHAR server_helper_protocol[] = "--helper-protocol=squid-2.5-ntlmssp";
1056  SEC_CHAR *server_argv[] = { ntlm_auth,
1057  server_helper_protocol,
1058  NULL };
1059 
1060  if (!phCredential)
1061  {
1062  ret = SEC_E_INVALID_HANDLE;
1063  goto asc_end;
1064  }
1065 
1066  ntlm_cred = (PNtlmCredentials)phCredential->dwLower;
1067 
1068  if(ntlm_cred->mode != NTLM_SERVER)
1069  {
1070  ret = SEC_E_INVALID_HANDLE;
1071  goto asc_end;
1072  }
1073 
1074  /* This is the first call to AcceptSecurityHandle */
1075  if(pInput == NULL)
1076  {
1077  ret = SEC_E_INCOMPLETE_MESSAGE;
1078  goto asc_end;
1079  }
1080 
1081  if(pInput->cBuffers < 1)
1082  {
1083  ret = SEC_E_INCOMPLETE_MESSAGE;
1084  goto asc_end;
1085  }
1086 
1087  if(pInput->pBuffers[0].cbBuffer > max_len)
1088  {
1089  ret = SEC_E_INVALID_TOKEN;
1090  goto asc_end;
1091  }
1092  else
1093  bin_len = pInput->pBuffers[0].cbBuffer;
1094 
1095  if( (ret = fork_helper(&helper, ntlm_auth, server_argv)) !=
1096  SEC_E_OK)
1097  {
1098  ret = SEC_E_INTERNAL_ERROR;
1099  goto asc_end;
1100  }
1101  helper->mode = NTLM_SERVER;
1102 
1103  /* Handle all the flags */
1104  want_flags = HeapAlloc(GetProcessHeap(), 0, 73);
1105  if(want_flags == NULL)
1106  {
1107  TRACE("Failed to allocate memory for the want_flags!\n");
1108  ret = SEC_E_INSUFFICIENT_MEMORY;
1109  cleanup_helper(helper);
1110  goto asc_end;
1111  }
1112  lstrcpyA(want_flags, "SF");
1113  if(fContextReq & ASC_REQ_ALLOCATE_MEMORY)
1114  {
1115  FIXME("ASC_REQ_ALLOCATE_MEMORY stub\n");
1116  }
1117  if(fContextReq & ASC_REQ_CONFIDENTIALITY)
1118  {
1119  lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
1120  }
1121  if(fContextReq & ASC_REQ_CONNECTION)
1122  {
1123  /* This is default, so we'll enable it */
1124  lstrcatA(want_flags, " NTLMSSP_FEATURE_SESSION_KEY");
1125  ctxt_attr |= ASC_RET_CONNECTION;
1126  }
1127  if(fContextReq & ASC_REQ_EXTENDED_ERROR)
1128  {
1129  FIXME("ASC_REQ_EXTENDED_ERROR stub\n");
1130  }
1131  if(fContextReq & ASC_REQ_INTEGRITY)
1132  {
1133  lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
1134  }
1135  if(fContextReq & ASC_REQ_MUTUAL_AUTH)
1136  {
1137  FIXME("ASC_REQ_MUTUAL_AUTH stub\n");
1138  }
1139  if(fContextReq & ASC_REQ_REPLAY_DETECT)
1140  {
1141  FIXME("ASC_REQ_REPLAY_DETECT stub\n");
1142  }
1143  if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
1144  {
1145  FIXME("ASC_REQ_SEQUENCE_DETECT stub\n");
1146  }
1147  if(fContextReq & ISC_REQ_STREAM)
1148  {
1149  FIXME("ASC_REQ_STREAM stub\n");
1150  }
1151  /* Done with the flags */
1152 
1153  if(lstrlenA(want_flags) > 3)
1154  {
1155  TRACE("Server set want_flags: %s\n", debugstr_a(want_flags));
1156  lstrcpynA(buffer, want_flags, max_len - 1);
1157  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
1158  SEC_E_OK)
1159  {
1160  cleanup_helper(helper);
1161  goto asc_end;
1162  }
1163  if(!strncmp(buffer, "BH", 2))
1164  TRACE("Helper doesn't understand new command set\n");
1165  }
1166 
1167  /* This is the YR request from the client, encode to base64 */
1168 
1169  memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
1170 
1171  lstrcpynA(buffer, "YR ", max_len-1);
1172 
1173  if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
1174  &buffer_len)) != SEC_E_OK)
1175  {
1176  cleanup_helper(helper);
1177  goto asc_end;
1178  }
1179 
1180  TRACE("Client sent: %s\n", debugstr_a(buffer));
1181 
1182  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
1183  SEC_E_OK)
1184  {
1185  cleanup_helper(helper);
1186  goto asc_end;
1187  }
1188 
1189  TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
1190  /* The expected answer is TT <base64 blob> */
1191 
1192  if(strncmp(buffer, "TT ", 3) != 0)
1193  {
1194  ret = SEC_E_INTERNAL_ERROR;
1195  cleanup_helper(helper);
1196  goto asc_end;
1197  }
1198 
1199  if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
1200  &bin_len)) != SEC_E_OK)
1201  {
1202  cleanup_helper(helper);
1203  goto asc_end;
1204  }
1205 
1206  /* send this to the client */
1207  if(pOutput == NULL)
1208  {
1209  ret = SEC_E_INSUFFICIENT_MEMORY;
1210  cleanup_helper(helper);
1211  goto asc_end;
1212  }
1213 
1214  if(pOutput->cBuffers < 1)
1215  {
1216  ret = SEC_E_INSUFFICIENT_MEMORY;
1217  cleanup_helper(helper);
1218  goto asc_end;
1219  }
1220 
1221  pOutput->pBuffers[0].cbBuffer = bin_len;
1222  pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
1223  memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
1224  ret = SEC_I_CONTINUE_NEEDED;
1225 
1226  }
1227  else
1228  {
1229  /* we expect a KK request from client */
1230  if(pInput == NULL)
1231  {
1232  ret = SEC_E_INCOMPLETE_MESSAGE;
1233  goto asc_end;
1234  }
1235 
1236  if(pInput->cBuffers < 1)
1237  {
1238  ret = SEC_E_INCOMPLETE_MESSAGE;
1239  goto asc_end;
1240  }
1241 
1242  helper = (PNegoHelper)phContext->dwLower;
1243 
1244  if(helper->mode != NTLM_SERVER)
1245  {
1246  ret = SEC_E_INVALID_HANDLE;
1247  goto asc_end;
1248  }
1249 
1250  if(pInput->pBuffers[0].cbBuffer > max_len)
1251  {
1252  ret = SEC_E_INVALID_TOKEN;
1253  goto asc_end;
1254  }
1255  else
1256  bin_len = pInput->pBuffers[0].cbBuffer;
1257 
1258  memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
1259 
1260  lstrcpynA(buffer, "KK ", max_len-1);
1261 
1262  if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
1263  &buffer_len)) != SEC_E_OK)
1264  {
1265  goto asc_end;
1266  }
1267 
1268  TRACE("Client sent: %s\n", debugstr_a(buffer));
1269 
1270  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
1271  SEC_E_OK)
1272  {
1273  goto asc_end;
1274  }
1275 
1276  TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
1277 
1278  /* At this point, we get a NA if the user didn't authenticate, but a BH
1279  * if ntlm_auth could not connect to winbindd. Apart from running Wine
1280  * as root, there is no way to fix this for now, so just handle this as
1281  * a failed login. */
1282  if(strncmp(buffer, "AF ", 3) != 0)
1283  {
1284  if(strncmp(buffer, "NA ", 3) == 0)
1285  {
1286  ret = SEC_E_LOGON_DENIED;
1287  goto asc_end;
1288  }
1289  else
1290  {
1291  size_t ntlm_pipe_err_v3_len = strlen("BH NT_STATUS_ACCESS_DENIED");
1292  size_t ntlm_pipe_err_v4_len = strlen("BH NT_STATUS_UNSUCCESSFUL");
1293 
1294  if( (buffer_len >= ntlm_pipe_err_v3_len &&
1295  strncmp(buffer, "BH NT_STATUS_ACCESS_DENIED", ntlm_pipe_err_v3_len) == 0) ||
1296  (buffer_len >= ntlm_pipe_err_v4_len &&
1297  strncmp(buffer, "BH NT_STATUS_UNSUCCESSFUL", ntlm_pipe_err_v4_len) == 0) )
1298  {
1299  TRACE("Connection to winbindd failed\n");
1300  ret = SEC_E_LOGON_DENIED;
1301  }
1302  else
1303  ret = SEC_E_INTERNAL_ERROR;
1304 
1305  goto asc_end;
1306  }
1307  }
1308  pOutput->pBuffers[0].cbBuffer = 0;
1309 
1310  TRACE("Getting negotiated flags\n");
1311  lstrcpynA(buffer, "GF", max_len - 1);
1312  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
1313  goto asc_end;
1314 
1315  if(buffer_len < 3)
1316  {
1317  TRACE("No flags negotiated, or helper does not support GF command\n");
1318  }
1319  else
1320  {
1321  TRACE("Negotiated %s\n", debugstr_a(buffer));
1322  sscanf(buffer + 3, "%lx", &(helper->neg_flags));
1323  TRACE("Stored 0x%08x as flags\n", helper->neg_flags);
1324  }
1325 
1326  TRACE("Getting session key\n");
1327  lstrcpynA(buffer, "GK", max_len - 1);
1328  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
1329  goto asc_end;
1330 
1331  if(buffer_len < 3)
1332  TRACE("Helper does not support GK command\n");
1333  else
1334  {
1335  if(strncmp(buffer, "BH ", 3) == 0)
1336  {
1337  TRACE("Helper sent %s\n", debugstr_a(buffer+3));
1338  HeapFree(GetProcessHeap(), 0, helper->session_key);
1339  helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
1340  if (!helper->session_key)
1341  {
1342  ret = SEC_E_INSUFFICIENT_MEMORY;
1343  goto asc_end;
1344  }
1345  /*FIXME: Generate the dummy session key = MD4(MD4(password))*/
1346  memset(helper->session_key, 0 , 16);
1347  }
1348  else if(strncmp(buffer, "GK ", 3) == 0)
1349  {
1350  if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
1351  &bin_len)) != SEC_E_OK)
1352  {
1353  TRACE("Failed to decode session key\n");
1354  }
1355  TRACE("Session key is %s\n", debugstr_a(buffer+3));
1356  HeapFree(GetProcessHeap(), 0, helper->session_key);
1357  helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
1358  if(!helper->session_key)
1359  {
1360  ret = SEC_E_INSUFFICIENT_MEMORY;
1361  goto asc_end;
1362  }
1363  memcpy(helper->session_key, bin, 16);
1364  }
1365  }
1366  helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
1367  SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
1368  helper->crypt.ntlm.seq_num = 0l;
1369  }
1370 
1371  phNewContext->dwUpper = ctxt_attr;
1372  phNewContext->dwLower = (ULONG_PTR)helper;
1373 
1374 asc_end:
1375  HeapFree(GetProcessHeap(), 0, want_flags);
1376  HeapFree(GetProcessHeap(), 0, buffer);
1377  HeapFree(GetProcessHeap(), 0, bin);
1378  return ret;
1379 }
ISC_REQ_SEQUENCE_DETECT
#define ISC_REQ_SEQUENCE_DETECT
Definition: sspi.h:351
SEC_E_INTERNAL_ERROR
#define SEC_E_INTERNAL_ERROR
Definition: winerror.h:2913
ASC_REQ_REPLAY_DETECT
#define ASC_REQ_REPLAY_DETECT
Definition: sspi.h:414
ASC_RET_CONNECTION
#define ASC_RET_CONNECTION
Definition: sspi.h:444
SECUR32_arc4Alloc
arc4_info * SECUR32_arc4Alloc(void)
Definition: util.c:189
PNegoHelper
struct _NegoHelper * PNegoHelper
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
ISC_REQ_STREAM
#define ISC_REQ_STREAM
Definition: sspi.h:363
_NegoHelper::mode
HelperMode mode
Definition: ntlm.h:27
CHAR
char CHAR
Definition: xmlstorage.h:175
encodeBase64
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char *out_buf, int max_len, int *out_len)
Definition: base64_codec.c:29
ASC_REQ_CONNECTION
#define ASC_REQ_CONNECTION
Definition: sspi.h:421
SECBUFFER_DATA
#define SECBUFFER_DATA
Definition: sspi.h:146
buffer
GLuint buffer
Definition: glext.h:5915
cleanup_helper
void cleanup_helper(PNegoHelper helper)
Definition: dispatcher.c:377
ASC_REQ_ALLOCATE_MEMORY
#define ASC_REQ_ALLOCATE_MEMORY
Definition: sspi.h:418
_NtlmCredentials
Definition: ntlm.h:56
SEC_E_LOGON_DENIED
#define SEC_E_LOGON_DENIED
Definition: winerror.h:2921
SEC_E_INSUFFICIENT_MEMORY
#define SEC_E_INSUFFICIENT_MEMORY
Definition: winerror.h:2909
FIXME
#define FIXME(fmt,...)
Definition: debug.h:110
NULL
smooth NULL
Definition: ftsmooth.c:416
PNtlmCredentials
struct _NtlmCredentials * PNtlmCredentials
decodeBase64
SECURITY_STATUS decodeBase64(char *in_buf, int in_len, PBYTE out_buf, int max_len, int *out_len)
Definition: base64_codec.c:113
SEC_I_CONTINUE_NEEDED
#define SEC_I_CONTINUE_NEEDED
Definition: winerror.h:2927
sscanf
_Check_return_ _CRTIMP int __cdecl sscanf(_In_z_ const char *_Src, _In_z_ _Scanf_format_string_ const char *_Format,...)
SECURITY_STATUS
LONG SECURITY_STATUS
Definition: sspi.h:34
l
r l[0]
Definition: byte_order.h:167
ASC_REQ_EXTENDED_ERROR
#define ASC_REQ_EXTENDED_ERROR
Definition: sspi.h:424
lstrcatA
LPSTR WINAPI lstrcatA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:123
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:395
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
debugstr_a
#define debugstr_a
Definition: kernel32.h:31
ASC_REQ_CONFIDENTIALITY
#define ASC_REQ_CONFIDENTIALITY
Definition: sspi.h:416
strncmp
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
_NegoHelper::neg_flags
ULONG neg_flags
Definition: ntlm.h:37
lstrcpyA
LPSTR WINAPI lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:100
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
ret
int ret
Definition: wcstombs-tests.c:31
SEC_E_INVALID_TOKEN
#define SEC_E_INVALID_TOKEN
Definition: winerror.h:2917
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
ASC_REQ_INTEGRITY
#define ASC_REQ_INTEGRITY
Definition: sspi.h:426
BYTE
unsigned char BYTE
Definition: mem.h:68
SECURITY_NETWORK_DREP
#define SECURITY_NETWORK_DREP
Definition: sspi.h:460
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
_NegoHelper::session_key
BYTE * session_key
Definition: ntlm.h:36
lstrlenA
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
_NtlmCredentials::mode
HelperMode mode
Definition: ntlm.h:58
ASC_REQ_MUTUAL_AUTH
#define ASC_REQ_MUTUAL_AUTH
Definition: sspi.h:413
run_helper
SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer, unsigned int max_buflen, int *buflen)
Definition: dispatcher.c:331
SEC_CHAR
CHAR SEC_CHAR
Definition: sspi.h:30
lstrcpynA
#define lstrcpynA
Definition: compat.h:408
bin
static struct _PeImage bin
NTLM_MAX_BUF
#define NTLM_MAX_BUF
Definition: ntlm.c:35
_NegoHelper
Definition: ntlm.h:21
ULONG
unsigned int ULONG
Definition: retypes.h:1
ntlm_auth
static CHAR ntlm_auth[]
Definition: ntlm.c:44
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
SECUR32_arc4Init
void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen)
Definition: util.c:199
memset
#define memset(x, y, z)
Definition: compat.h:39
fork_helper
SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog, char *const argv[])
Definition: dispatcher.c:76
_NegoHelper::crypt
struct _NegoHelper::@519 crypt
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:394
SEC_E_INCOMPLETE_MESSAGE
#define SEC_E_INCOMPLETE_MESSAGE
Definition: winerror.h:2934

Referenced by nego_AcceptSecurityContext().

◆ ntlm_AcquireCredentialsHandleW()

SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW ( SEC_WCHAR ,
SEC_WCHAR ,
ULONG  ,
PLUID  ,
PVOID  ,
SEC_GET_KEY_FN  ,
PVOID  ,
PCredHandle  ,
PTimeStamp   
)

Definition at line 127 of file ntlm.c.

131 {
132  SECURITY_STATUS ret;
133  PNtlmCredentials ntlm_cred;
134  LPWSTR domain = NULL, user = NULL, password = NULL;
135  PSEC_WINNT_AUTH_IDENTITY_W auth_data = NULL;
136 
137  TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p)\n",
138  debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
139  pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
140 
141  switch(fCredentialUse)
142  {
143  case SECPKG_CRED_INBOUND:
144  ntlm_cred = HeapAlloc(GetProcessHeap(), 0, sizeof(*ntlm_cred));
145  if (!ntlm_cred)
146  ret = SEC_E_INSUFFICIENT_MEMORY;
147  else
148  {
149  ntlm_cred->mode = NTLM_SERVER;
150  ntlm_cred->username_arg = NULL;
151  ntlm_cred->domain_arg = NULL;
152  ntlm_cred->password = NULL;
153  ntlm_cred->pwlen = 0;
154  ntlm_cred->no_cached_credentials = 0;
155 
156  phCredential->dwUpper = fCredentialUse;
157  phCredential->dwLower = (ULONG_PTR)ntlm_cred;
158  ret = SEC_E_OK;
159  }
160  break;
161  case SECPKG_CRED_OUTBOUND:
162  {
163  auth_data = pAuthData;
164  ntlm_cred = HeapAlloc(GetProcessHeap(), 0, sizeof(*ntlm_cred));
165  if (!ntlm_cred)
166  {
167  ret = SEC_E_INSUFFICIENT_MEMORY;
168  break;
169  }
170  ntlm_cred->mode = NTLM_CLIENT;
171  ntlm_cred->username_arg = NULL;
172  ntlm_cred->domain_arg = NULL;
173  ntlm_cred->password = NULL;
174  ntlm_cred->pwlen = 0;
175  ntlm_cred->no_cached_credentials = 0;
176 
177  if(pAuthData != NULL)
178  {
179  int domain_len = 0, user_len = 0, password_len = 0;
180 
181  if (auth_data->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI)
182  {
183  if (auth_data->DomainLength)
184  {
185  domain_len = MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Domain,
186  auth_data->DomainLength, NULL, 0);
187  domain = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * domain_len);
188  if(!domain)
189  {
190  ret = SEC_E_INSUFFICIENT_MEMORY;
191  break;
192  }
193  MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Domain, auth_data->DomainLength,
194  domain, domain_len);
195  }
196 
197  if (auth_data->UserLength)
198  {
199  user_len = MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->User,
200  auth_data->UserLength, NULL, 0);
201  user = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * user_len);
202  if(!user)
203  {
204  ret = SEC_E_INSUFFICIENT_MEMORY;
205  break;
206  }
207  MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->User, auth_data->UserLength,
208  user, user_len);
209  }
210 
211  if (auth_data->PasswordLength)
212  {
213  password_len = MultiByteToWideChar(CP_ACP, 0,(char *)auth_data->Password,
214  auth_data->PasswordLength, NULL, 0);
215  password = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * password_len);
216  if(!password)
217  {
218  ret = SEC_E_INSUFFICIENT_MEMORY;
219  break;
220  }
221  MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Password, auth_data->PasswordLength,
222  password, password_len);
223  }
224  }
225  else
226  {
227  domain = auth_data->Domain;
228  domain_len = auth_data->DomainLength;
229 
230  user = auth_data->User;
231  user_len = auth_data->UserLength;
232 
233  password = auth_data->Password;
234  password_len = auth_data->PasswordLength;
235  }
236 
237  TRACE("Username is %s\n", debugstr_wn(user, user_len));
238  TRACE("Domain name is %s\n", debugstr_wn(domain, domain_len));
239 
240  ntlm_cred->username_arg = ntlm_GetUsernameArg(user, user_len);
241  ntlm_cred->domain_arg = ntlm_GetDomainArg(domain, domain_len);
242 
243  if(password_len != 0)
244  {
245  ntlm_cred->pwlen = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, password,
246  password_len, NULL, 0, NULL, NULL);
247 
248  ntlm_cred->password = HeapAlloc(GetProcessHeap(), 0,
249  ntlm_cred->pwlen);
250  if(!ntlm_cred->password)
251  {
252  ret = SEC_E_INSUFFICIENT_MEMORY;
253  break;
254  }
255 
256  WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, password, password_len,
257  ntlm_cred->password, ntlm_cred->pwlen, NULL, NULL);
258  }
259  }
260 
261  phCredential->dwUpper = fCredentialUse;
262  phCredential->dwLower = (ULONG_PTR)ntlm_cred;
263  TRACE("ACH phCredential->dwUpper: 0x%08lx, dwLower: 0x%08lx\n",
264  phCredential->dwUpper, phCredential->dwLower);
265  ret = SEC_E_OK;
266  break;
267  }
268  case SECPKG_CRED_BOTH:
269  FIXME("AcquireCredentialsHandle: SECPKG_CRED_BOTH stub\n");
270  ret = SEC_E_UNSUPPORTED_FUNCTION;
271  phCredential = NULL;
272  break;
273  default:
274  phCredential = NULL;
275  ret = SEC_E_UNKNOWN_CREDENTIALS;
276  }
277 
278  if (auth_data && auth_data->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI)
279  {
280  HeapFree(GetProcessHeap(), 0, domain);
281  HeapFree(GetProcessHeap(), 0, user);
282  HeapFree(GetProcessHeap(), 0, password);
283  }
284  return ret;
285 }
_SEC_WINNT_AUTH_IDENTITY_W::Domain
unsigned short * Domain
Definition: rpcdce.h:225
_SEC_WINNT_AUTH_IDENTITY_W::User
unsigned short * User
Definition: rpcdce.h:223
SECPKG_CRED_OUTBOUND
#define SECPKG_CRED_OUTBOUND
Definition: sspi.h:277
WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:101
_SEC_WINNT_AUTH_IDENTITY_W::Password
unsigned short * Password
Definition: rpcdce.h:227
CP_ACP
#define CP_ACP
Definition: compat.h:99
_NtlmCredentials::password
char * password
Definition: ntlm.h:63
_SEC_WINNT_AUTH_IDENTITY_W
Definition: rpcdce.h:221
SEC_E_UNSUPPORTED_FUNCTION
#define SEC_E_UNSUPPORTED_FUNCTION
Definition: winerror.h:2911
_NtlmCredentials
Definition: ntlm.h:56
SEC_E_INSUFFICIENT_MEMORY
#define SEC_E_INSUFFICIENT_MEMORY
Definition: winerror.h:2909
debugstr_w
#define debugstr_w
Definition: kernel32.h:32
FIXME
#define FIXME(fmt,...)
Definition: debug.h:110
SECPKG_CRED_INBOUND
#define SECPKG_CRED_INBOUND
Definition: sspi.h:276
ntlm_GetUsernameArg
static char * ntlm_GetUsernameArg(LPCWSTR userW, INT userW_length)
Definition: ntlm.c:88
ntlm_GetDomainArg
static char * ntlm_GetDomainArg(LPCWSTR domainW, INT domainW_length)
Definition: ntlm.c:106
NULL
smooth NULL
Definition: ftsmooth.c:416
SECURITY_STATUS
LONG SECURITY_STATUS
Definition: sspi.h:34
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:395
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
CP_UNIXCP
#define CP_UNIXCP
Definition: compat.h:69
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
WC_NO_BEST_FIT_CHARS
#define WC_NO_BEST_FIT_CHARS
Definition: unicode.h:46
ret
int ret
Definition: wcstombs-tests.c:31
_SEC_WINNT_AUTH_IDENTITY_W::Flags
ULONG Flags
Definition: rpcdce.h:229
password
T1_FIELD_DICT_PRIVATE password
Definition: t1tokens.h:64
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
debugstr_wn
#define debugstr_wn
Definition: kernel32.h:33
SEC_WINNT_AUTH_IDENTITY_ANSI
#define SEC_WINNT_AUTH_IDENTITY_ANSI
Definition: rpcdce.h:309
_NtlmCredentials::username_arg
char * username_arg
Definition: ntlm.h:61
_NtlmCredentials::pwlen
int pwlen
Definition: ntlm.h:64
SECPKG_CRED_BOTH
#define SECPKG_CRED_BOTH
Definition: sspi.h:278
_NtlmCredentials::mode
HelperMode mode
Definition: ntlm.h:58
MultiByteToWideChar
#define MultiByteToWideChar
Definition: compat.h:100
_SEC_WINNT_AUTH_IDENTITY_W::DomainLength
ULONG DomainLength
Definition: rpcdce.h:226
_NtlmCredentials::no_cached_credentials
int no_cached_credentials
Definition: ntlm.h:65
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
SEC_E_UNKNOWN_CREDENTIALS
#define SEC_E_UNKNOWN_CREDENTIALS
Definition: winerror.h:2922
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184
user
void user(int argc, const char *argv[])
Definition: cmds.c:1350
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:394
_NtlmCredentials::domain_arg
char * domain_arg
Definition: ntlm.h:62
_SEC_WINNT_AUTH_IDENTITY_W::UserLength
ULONG UserLength
Definition: rpcdce.h:224
_SEC_WINNT_AUTH_IDENTITY_W::PasswordLength
ULONG PasswordLength
Definition: rpcdce.h:228

Referenced by nego_AcquireCredentialsHandleW(), and ntlm_AcquireCredentialsHandleA().

◆ ntlm_DecryptMessage()

SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage ( PCtxtHandle  ,
PSecBufferDesc  ,
ULONG  ,
PULONG   
)

Definition at line 1863 of file ntlm.c.

1865 {
1866  SECURITY_STATUS ret;
1867  ULONG ntlmssp_flags_save;
1868  PNegoHelper helper;
1869  int token_idx, data_idx;
1870  TRACE("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
1871 
1872  if(!phContext)
1873  return SEC_E_INVALID_HANDLE;
1874 
1875  if(MessageSeqNo)
1876  FIXME("Ignoring MessageSeqNo\n");
1877 
1878  if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
1879  return SEC_E_INVALID_TOKEN;
1880 
1881  if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
1882  return SEC_E_INVALID_TOKEN;
1883 
1884  if((data_idx = ntlm_GetDataBufferIndex(pMessage)) ==-1)
1885  return SEC_E_INVALID_TOKEN;
1886 
1887  if(pMessage->pBuffers[token_idx].cbBuffer < 16)
1888  return SEC_E_BUFFER_TOO_SMALL;
1889 
1890  helper = (PNegoHelper) phContext->dwLower;
1891 
1892  if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2 && helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
1893  {
1894  SECUR32_arc4Process(helper->crypt.ntlm2.recv_a4i,
1895  pMessage->pBuffers[data_idx].pvBuffer,
1896  pMessage->pBuffers[data_idx].cbBuffer);
1897  }
1898  else
1899  {
1900  SECUR32_arc4Process(helper->crypt.ntlm.a4i,
1901  pMessage->pBuffers[data_idx].pvBuffer,
1902  pMessage->pBuffers[data_idx].cbBuffer);
1903  }
1904 
1905  /* Make sure we use a session key for the signature check, EncryptMessage
1906  * always does that, even in the dummy case */
1907  ntlmssp_flags_save = helper->neg_flags;
1908 
1909  helper->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
1910  ret = ntlm_VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
1911 
1912  helper->neg_flags = ntlmssp_flags_save;
1913 
1914  return ret;
1915 }
PNegoHelper
struct _NegoHelper * PNegoHelper
ntlm_GetTokenBufferIndex
static int ntlm_GetTokenBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:403
ntlm_GetDataBufferIndex
static int ntlm_GetDataBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:423
FIXME
#define FIXME(fmt,...)
Definition: debug.h:110
NTLMSSP_NEGOTIATE_SEAL
#define NTLMSSP_NEGOTIATE_SEAL
Definition: ntlm.h:81
SECURITY_STATUS
LONG SECURITY_STATUS
Definition: sspi.h:34
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
SECUR32_arc4Process
void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length)
Definition: util.c:224
_NegoHelper::neg_flags
ULONG neg_flags
Definition: ntlm.h:37
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
ret
int ret
Definition: wcstombs-tests.c:31
SEC_E_INVALID_TOKEN
#define SEC_E_INVALID_TOKEN
Definition: winerror.h:2917
ntlm_VerifySignature
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
Definition: ntlm.c:1697
NTLMSSP_NEGOTIATE_NTLM2
#define NTLMSSP_NEGOTIATE_NTLM2
Definition: ntlm.h:91
SEC_E_BUFFER_TOO_SMALL
#define SEC_E_BUFFER_TOO_SMALL
Definition: winerror.h:2937
_NegoHelper
Definition: ntlm.h:21
NTLMSSP_NEGOTIATE_SIGN
#define NTLMSSP_NEGOTIATE_SIGN
Definition: ntlm.h:80
ULONG
unsigned int ULONG
Definition: retypes.h:1
_NegoHelper::crypt
struct _NegoHelper::@519 crypt

Referenced by nego_DecryptMessage().

◆ ntlm_DeleteSecurityContext()

SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext ( PCtxtHandle  )

Definition at line 1398 of file ntlm.c.

1399 {
1400  PNegoHelper helper;
1401 
1402  TRACE("%p\n", phContext);
1403  if (!phContext)
1404  return SEC_E_INVALID_HANDLE;
1405 
1406  helper = (PNegoHelper)phContext->dwLower;
1407 
1408  phContext->dwUpper = 0;
1409  phContext->dwLower = 0;
1410 
1411  SECUR32_arc4Cleanup(helper->crypt.ntlm.a4i);
1412  SECUR32_arc4Cleanup(helper->crypt.ntlm2.send_a4i);
1413  SECUR32_arc4Cleanup(helper->crypt.ntlm2.recv_a4i);
1414  HeapFree(GetProcessHeap(), 0, helper->crypt.ntlm2.send_sign_key);
1415  HeapFree(GetProcessHeap(), 0, helper->crypt.ntlm2.send_seal_key);
1416  HeapFree(GetProcessHeap(), 0, helper->crypt.ntlm2.recv_sign_key);
1417  HeapFree(GetProcessHeap(), 0, helper->crypt.ntlm2.recv_seal_key);
1418 
1419  cleanup_helper(helper);
1420 
1421  return SEC_E_OK;
1422 }
PNegoHelper
struct _NegoHelper * PNegoHelper
cleanup_helper
void cleanup_helper(PNegoHelper helper)
Definition: dispatcher.c:377
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:395
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
SECUR32_arc4Cleanup
void SECUR32_arc4Cleanup(arc4_info *a4i)
Definition: util.c:246
_NegoHelper
Definition: ntlm.h:21
_NegoHelper::crypt
struct _NegoHelper::@519 crypt
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:394

Referenced by nego_DeleteSecurityContext().

◆ ntlm_EncryptMessage()

SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage ( PCtxtHandle  ,
ULONG  ,
PSecBufferDesc  ,
ULONG   
)

Definition at line 1792 of file ntlm.c.

1794 {
1795  PNegoHelper helper;
1796  int token_idx, data_idx;
1797 
1798  TRACE("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
1799 
1800  if(!phContext)
1801  return SEC_E_INVALID_HANDLE;
1802 
1803  if(fQOP)
1804  FIXME("Ignoring fQOP\n");
1805 
1806  if(MessageSeqNo)
1807  FIXME("Ignoring MessageSeqNo\n");
1808 
1809  if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
1810  return SEC_E_INVALID_TOKEN;
1811 
1812  if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
1813  return SEC_E_INVALID_TOKEN;
1814 
1815  if((data_idx = ntlm_GetDataBufferIndex(pMessage)) ==-1 )
1816  return SEC_E_INVALID_TOKEN;
1817 
1818  if(pMessage->pBuffers[token_idx].cbBuffer < 16)
1819  return SEC_E_BUFFER_TOO_SMALL;
1820 
1821  helper = (PNegoHelper) phContext->dwLower;
1822 
1823  if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2 &&
1824  helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
1825  {
1826  ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, FALSE);
1827  SECUR32_arc4Process(helper->crypt.ntlm2.send_a4i,
1828  pMessage->pBuffers[data_idx].pvBuffer,
1829  pMessage->pBuffers[data_idx].cbBuffer);
1830 
1831  if(helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
1832  SECUR32_arc4Process(helper->crypt.ntlm2.send_a4i,
1833  ((BYTE *)pMessage->pBuffers[token_idx].pvBuffer)+4, 8);
1834  }
1835  else
1836  {
1837  PBYTE sig;
1838  ULONG save_flags;
1839 
1840  /* EncryptMessage always produces real signatures, so make sure
1841  * NTLMSSP_NEGOTIATE_SIGN is set*/
1842  save_flags = helper->neg_flags;
1843  helper->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
1844  ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, FALSE);
1845  helper->neg_flags = save_flags;
1846 
1847  sig = pMessage->pBuffers[token_idx].pvBuffer;
1848 
1849  SECUR32_arc4Process(helper->crypt.ntlm.a4i,
1850  pMessage->pBuffers[data_idx].pvBuffer,
1851  pMessage->pBuffers[data_idx].cbBuffer);
1852  SECUR32_arc4Process(helper->crypt.ntlm.a4i, sig+4, 12);
1853 
1854  if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN || helper->neg_flags == 0)
1855  memset(sig+4, 0, 4);
1856  }
1857  return SEC_E_OK;
1858 }
PNegoHelper
struct _NegoHelper * PNegoHelper
ntlm_GetTokenBufferIndex
static int ntlm_GetTokenBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:403
ntlm_GetDataBufferIndex
static int ntlm_GetDataBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:423
save_flags
#define save_flags(x)
Definition: utils.h:285
FIXME
#define FIXME(fmt,...)
Definition: debug.h:110
NTLMSSP_NEGOTIATE_SEAL
#define NTLMSSP_NEGOTIATE_SEAL
Definition: ntlm.h:81
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Definition: ntlm.h:88
SECUR32_arc4Process
void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length)
Definition: util.c:224
_NegoHelper::neg_flags
ULONG neg_flags
Definition: ntlm.h:37
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
SEC_E_INVALID_TOKEN
#define SEC_E_INVALID_TOKEN
Definition: winerror.h:2917
BYTE
unsigned char BYTE
Definition: mem.h:68
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
NTLMSSP_NEGOTIATE_KEY_EXCHANGE
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE
Definition: ntlm.h:94
NTLMSSP_NEGOTIATE_NTLM2
#define NTLMSSP_NEGOTIATE_NTLM2
Definition: ntlm.h:91
SEC_E_BUFFER_TOO_SMALL
#define SEC_E_BUFFER_TOO_SMALL
Definition: winerror.h:2937
ntlm_CreateSignature
static SECURITY_STATUS ntlm_CreateSignature(PNegoHelper helper, PSecBufferDesc pMessage, int token_idx, SignDirection direction, BOOL encrypt_sig)
Definition: ntlm.c:1536
_NegoHelper
Definition: ntlm.h:21
NTLMSSP_NEGOTIATE_SIGN
#define NTLMSSP_NEGOTIATE_SIGN
Definition: ntlm.h:80
ULONG
unsigned int ULONG
Definition: retypes.h:1
NTLM_SEND
Definition: ntlm.h:69
memset
#define memset(x, y, z)
Definition: compat.h:39
_NegoHelper::crypt
struct _NegoHelper::@519 crypt
PBYTE
BYTE * PBYTE
Definition: pedump.c:66

Referenced by nego_EncryptMessage().

◆ ntlm_FreeCredentialsHandle()

SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle ( PCredHandle  )

Definition at line 1767 of file ntlm.c.

1768 {
1769  SECURITY_STATUS ret;
1770 
1771  if(phCredential){
1772  PNtlmCredentials ntlm_cred = (PNtlmCredentials) phCredential->dwLower;
1773  phCredential->dwUpper = 0;
1774  phCredential->dwLower = 0;
1775  if (ntlm_cred->password)
1776  memset(ntlm_cred->password, 0, ntlm_cred->pwlen);
1777  HeapFree(GetProcessHeap(), 0, ntlm_cred->password);
1778  HeapFree(GetProcessHeap(), 0, ntlm_cred->username_arg);
1779  HeapFree(GetProcessHeap(), 0, ntlm_cred->domain_arg);
1780  HeapFree(GetProcessHeap(), 0, ntlm_cred);
1781  ret = SEC_E_OK;
1782  }
1783  else
1784  ret = SEC_E_OK;
1785 
1786  return ret;
1787 }
_NtlmCredentials::password
char * password
Definition: ntlm.h:63
_NtlmCredentials
Definition: ntlm.h:56
PNtlmCredentials
struct _NtlmCredentials * PNtlmCredentials
SECURITY_STATUS
LONG SECURITY_STATUS
Definition: sspi.h:34
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:395
if
if(!(yy_init))
Definition: macro.lex.yy.c:714
ret
int ret
Definition: wcstombs-tests.c:31
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
_NtlmCredentials::username_arg
char * username_arg
Definition: ntlm.h:61
_NtlmCredentials::pwlen
int pwlen
Definition: ntlm.h:64
memset
#define memset(x, y, z)
Definition: compat.h:39
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:394
_NtlmCredentials::domain_arg
char * domain_arg
Definition: ntlm.h:62

Referenced by nego_FreeCredentialsHandle().

◆ ntlm_InitializeSecurityContextW()

SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW ( PCredHandle  ,
PCtxtHandle  ,
SEC_WCHAR ,
ULONG  fContextReq,
ULONG  ,
ULONG  ,
PSecBufferDesc  ,
ULONG  ,
PCtxtHandle  ,
PSecBufferDesc  ,
ULONG ,
PTimeStamp   
)

Definition at line 484 of file ntlm.c.

489 {
490  SECURITY_STATUS ret;
491  PNtlmCredentials ntlm_cred;
492  PNegoHelper helper = NULL;
493  ULONG ctxt_attr = 0;
494  char* buffer, *want_flags = NULL;
495  PBYTE bin;
496  int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
497  int token_idx;
498  SEC_CHAR *username = NULL;
499  SEC_CHAR *domain = NULL;
500  SEC_CHAR *password = NULL;
501 
502  TRACE("%p %p %s 0x%08x %d %d %p %d %p %p %p %p\n", phCredential, phContext,
503  debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
504  Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
505 
506  /****************************************
507  * When communicating with the client, there can be the
508  * following reply packets:
509  * YR <base64 blob> should be sent to the server
510  * PW should be sent back to helper with
511  * base64 encoded password
512  * AF <base64 blob> client is done, blob should be
513  * sent to server with KK prefixed
514  * GF <string list> A string list of negotiated flags
515  * GK <base64 blob> base64 encoded session key
516  * BH <char reason> something broke
517  */
518  /* The squid cache size is 2010 chars, and that's what ntlm_auth uses */
519 
520  if(TargetDataRep == SECURITY_NETWORK_DREP){
521  TRACE("Setting SECURITY_NETWORK_DREP\n");
522  }
523 
524  buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(char) * NTLM_MAX_BUF);
525  bin = HeapAlloc(GetProcessHeap(), 0, sizeof(BYTE) * NTLM_MAX_BUF);
526 
527  if((phContext == NULL) && (pInput == NULL))
528  {
529  static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
530  static CHAR credentials_argv[] = "--use-cached-creds";
531  SEC_CHAR *client_argv[5];
532  int pwlen = 0;
533 
534  TRACE("First time in ISC()\n");
535 
536  if(!phCredential)
537  {
538  ret = SEC_E_INVALID_HANDLE;
539  goto isc_end;
540  }
541 
542  /* As the server side of sspi never calls this, make sure that
543  * the handler is a client handler.
544  */
545  ntlm_cred = (PNtlmCredentials)phCredential->dwLower;
546  if(ntlm_cred->mode != NTLM_CLIENT)
547  {
548  TRACE("Cred mode = %d\n", ntlm_cred->mode);
549  ret = SEC_E_INVALID_HANDLE;
550  goto isc_end;
551  }
552 
553  client_argv[0] = ntlm_auth;
554  client_argv[1] = helper_protocol;
555  if (!ntlm_cred->username_arg && !ntlm_cred->domain_arg)
556  {
557  LPWKSTA_USER_INFO_1 ui = NULL;
558  NET_API_STATUS status;
559  PCREDENTIALW cred;
560 
561  if (ntlm_GetCachedCredential(pszTargetName, &cred))
562  {
563  LPWSTR p;
564  p = strchrW(cred->UserName, '\\');
565  if (p)
566  {
567  domain = ntlm_GetDomainArg(cred->UserName, p - cred->UserName);
568  p++;
569  }
570  else
571  {
572  domain = ntlm_GetDomainArg(NULL, 0);
573  p = cred->UserName;
574  }
575 
576  username = ntlm_GetUsernameArg(p, -1);
577 
578  if(cred->CredentialBlobSize != 0)
579  {
580  pwlen = WideCharToMultiByte(CP_UNIXCP,
581  WC_NO_BEST_FIT_CHARS, (LPWSTR)cred->CredentialBlob,
582  cred->CredentialBlobSize / sizeof(WCHAR), NULL, 0,
583  NULL, NULL);
584 
585  password = HeapAlloc(GetProcessHeap(), 0, pwlen);
586 
587  WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
588  (LPWSTR)cred->CredentialBlob,
589  cred->CredentialBlobSize / sizeof(WCHAR),
590  password, pwlen, NULL, NULL);
591  }
592 
593  CredFree(cred);
594 
595  client_argv[2] = username;
596  client_argv[3] = domain;
597  client_argv[4] = NULL;
598  }
599  else
600  {
601  status = NetWkstaUserGetInfo(NULL, 1, (LPBYTE *)&ui);
602  if (status != NERR_Success || ui == NULL || ntlm_cred->no_cached_credentials)
603  {
604  ret = SEC_E_NO_CREDENTIALS;
605  goto isc_end;
606  }
607  username = ntlm_GetUsernameArg(ui->wkui1_username, -1);
608  NetApiBufferFree(ui);
609 
610  TRACE("using cached credentials\n");
611 
612  client_argv[2] = username;
613  client_argv[3] = credentials_argv;
614  client_argv[4] = NULL;
615  }
616  }
617  else
618  {
619  client_argv[2] = ntlm_cred->username_arg;
620  client_argv[3] = ntlm_cred->domain_arg;
621  client_argv[4] = NULL;
622  }
623 
624  if((ret = fork_helper(&helper, ntlm_auth, client_argv)) != SEC_E_OK)
625  goto isc_end;
626 
627  helper->mode = NTLM_CLIENT;
628  helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
629  if (!helper->session_key)
630  {
631  cleanup_helper(helper);
632  ret = SEC_E_INSUFFICIENT_MEMORY;
633  goto isc_end;
634  }
635 
636  /* Generate the dummy session key = MD4(MD4(password))*/
637  if(password || ntlm_cred->password)
638  {
639  SEC_WCHAR *unicode_password;
640  int passwd_lenW;
641 
642  TRACE("Converting password to unicode.\n");
643  passwd_lenW = MultiByteToWideChar(CP_ACP, 0,
644  password ? password : ntlm_cred->password,
645  password ? pwlen : ntlm_cred->pwlen,
646  NULL, 0);
647  unicode_password = HeapAlloc(GetProcessHeap(), 0,
648  passwd_lenW * sizeof(SEC_WCHAR));
649  MultiByteToWideChar(CP_ACP, 0, password ? password : ntlm_cred->password,
650  password ? pwlen : ntlm_cred->pwlen, unicode_password, passwd_lenW);
651 
652  SECUR32_CreateNTLM1SessionKey((PBYTE)unicode_password,
653  passwd_lenW * sizeof(SEC_WCHAR), helper->session_key);
654 
655  HeapFree(GetProcessHeap(), 0, unicode_password);
656  }
657  else
658  memset(helper->session_key, 0, 16);
659 
660  /* Allocate space for a maximal string of
661  * "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
662  * NTLMSSP_FEATURE_SESSION_KEY"
663  */
664  want_flags = HeapAlloc(GetProcessHeap(), 0, 73);
665  if(want_flags == NULL)
666  {
667  cleanup_helper(helper);
668  ret = SEC_E_INSUFFICIENT_MEMORY;
669  goto isc_end;
670  }
671  lstrcpyA(want_flags, "SF");
672  if(fContextReq & ISC_REQ_CONFIDENTIALITY)
673  {
674  if(strstr(want_flags, "NTLMSSP_FEATURE_SEAL") == NULL)
675  lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
676  }
677  if(fContextReq & ISC_REQ_CONNECTION)
678  ctxt_attr |= ISC_RET_CONNECTION;
679  if(fContextReq & ISC_REQ_EXTENDED_ERROR)
680  ctxt_attr |= ISC_RET_EXTENDED_ERROR;
681  if(fContextReq & ISC_REQ_INTEGRITY)
682  {
683  if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
684  lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
685  }
686  if(fContextReq & ISC_REQ_MUTUAL_AUTH)
687  ctxt_attr |= ISC_RET_MUTUAL_AUTH;
688  if(fContextReq & ISC_REQ_REPLAY_DETECT)
689  {
690  if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
691  lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
692  }
693  if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
694  {
695  if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
696  lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
697  }
698  if(fContextReq & ISC_REQ_STREAM)
699  FIXME("ISC_REQ_STREAM\n");
700  if(fContextReq & ISC_REQ_USE_DCE_STYLE)
701  ctxt_attr |= ISC_RET_USED_DCE_STYLE;
702  if(fContextReq & ISC_REQ_DELEGATE)
703  ctxt_attr |= ISC_RET_DELEGATE;
704 
705  /* If no password is given, try to use cached credentials. Fall back to an empty
706  * password if this failed. */
707  if(!password && !ntlm_cred->password)
708  {
709  lstrcpynA(buffer, "OK", max_len-1);
710  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
711  {
712  cleanup_helper(helper);
713  goto isc_end;
714  }
715  /* If the helper replied with "PW", using cached credentials failed */
716  if(!strncmp(buffer, "PW", 2))
717  {
718  TRACE("Using cached credentials failed.\n");
719  lstrcpynA(buffer, "PW AA==", max_len-1);
720  }
721  else /* Just do a noop on the next run */
722  lstrcpynA(buffer, "OK", max_len-1);
723  }
724  else
725  {
726  lstrcpynA(buffer, "PW ", max_len-1);
727  if((ret = encodeBase64(password ? (unsigned char *)password : (unsigned char *)ntlm_cred->password,
728  password ? pwlen : ntlm_cred->pwlen, buffer+3,
729  max_len-3, &buffer_len)) != SEC_E_OK)
730  {
731  cleanup_helper(helper);
732  goto isc_end;
733  }
734 
735  }
736 
737  TRACE("Sending to helper: %s\n", debugstr_a(buffer));
738  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
739  {
740  cleanup_helper(helper);
741  goto isc_end;
742  }
743 
744  TRACE("Helper returned %s\n", debugstr_a(buffer));
745 
746  if(lstrlenA(want_flags) > 2)
747  {
748  TRACE("Want flags are %s\n", debugstr_a(want_flags));
749  lstrcpynA(buffer, want_flags, max_len-1);
750  if((ret = run_helper(helper, buffer, max_len, &buffer_len))
751  != SEC_E_OK)
752  {
753  cleanup_helper(helper);
754  goto isc_end;
755  }
756  if(!strncmp(buffer, "BH", 2))
757  ERR("Helper doesn't understand new command set. Expect more things to fail.\n");
758  }
759 
760  lstrcpynA(buffer, "YR", max_len-1);
761 
762  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
763  {
764  cleanup_helper(helper);
765  goto isc_end;
766  }
767 
768  TRACE("%s\n", buffer);
769 
770  if(strncmp(buffer, "YR ", 3) != 0)
771  {
772  /* Something borked */
773  TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
774  ret = SEC_E_INTERNAL_ERROR;
775  cleanup_helper(helper);
776  goto isc_end;
777  }
778  if((ret = decodeBase64(buffer+3, buffer_len-3, bin,
779  max_len-1, &bin_len)) != SEC_E_OK)
780  {
781  cleanup_helper(helper);
782  goto isc_end;
783  }
784 
785  /* put the decoded client blob into the out buffer */
786 
787  phNewContext->dwUpper = ctxt_attr;
788  phNewContext->dwLower = (ULONG_PTR)helper;
789 
790  ret = SEC_I_CONTINUE_NEEDED;
791  }
792  else
793  {
794  int input_token_idx;
795 
796  /* handle second call here */
797  /* encode server data to base64 */
798  if (!pInput || ((input_token_idx = ntlm_GetTokenBufferIndex(pInput)) == -1))
799  {
800  ret = SEC_E_INVALID_TOKEN;
801  goto isc_end;
802  }
803 
804  if(!phContext)
805  {
806  ret = SEC_E_INVALID_HANDLE;
807  goto isc_end;
808  }
809 
810  /* As the server side of sspi never calls this, make sure that
811  * the handler is a client handler.
812  */
813  helper = (PNegoHelper)phContext->dwLower;
814  if(helper->mode != NTLM_CLIENT)
815  {
816  TRACE("Helper mode = %d\n", helper->mode);
817  ret = SEC_E_INVALID_HANDLE;
818  goto isc_end;
819  }
820 
821  if (!pInput->pBuffers[input_token_idx].pvBuffer)
822  {
823  ret = SEC_E_INTERNAL_ERROR;
824  goto isc_end;
825  }
826 
827  if(pInput->pBuffers[input_token_idx].cbBuffer > max_len)
828  {
829  TRACE("pInput->pBuffers[%d].cbBuffer is: %d\n",
830  input_token_idx,
831  pInput->pBuffers[input_token_idx].cbBuffer);
832  ret = SEC_E_INVALID_TOKEN;
833  goto isc_end;
834  }
835  else
836  bin_len = pInput->pBuffers[input_token_idx].cbBuffer;
837 
838  memcpy(bin, pInput->pBuffers[input_token_idx].pvBuffer, bin_len);
839 
840  lstrcpynA(buffer, "TT ", max_len-1);
841 
842  if((ret = encodeBase64(bin, bin_len, buffer+3,
843  max_len-3, &buffer_len)) != SEC_E_OK)
844  goto isc_end;
845 
846  TRACE("Server sent: %s\n", debugstr_a(buffer));
847 
848  /* send TT base64 blob to ntlm_auth */
849  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
850  goto isc_end;
851 
852  TRACE("Helper replied: %s\n", debugstr_a(buffer));
853 
854  if( (strncmp(buffer, "KK ", 3) != 0) &&
855  (strncmp(buffer, "AF ", 3) !=0))
856  {
857  TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
858  ret = SEC_E_INVALID_TOKEN;
859  goto isc_end;
860  }
861 
862  /* decode the blob and send it to server */
863  if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
864  &bin_len)) != SEC_E_OK)
865  {
866  goto isc_end;
867  }
868 
869  phNewContext->dwUpper = ctxt_attr;
870  phNewContext->dwLower = (ULONG_PTR)helper;
871 
872  ret = SEC_E_OK;
873  }
874 
875  /* put the decoded client blob into the out buffer */
876 
877  if (!pOutput || ((token_idx = ntlm_GetTokenBufferIndex(pOutput)) == -1))
878  {
879  TRACE("no SECBUFFER_TOKEN buffer could be found\n");
880  ret = SEC_E_BUFFER_TOO_SMALL;
881  if ((phContext == NULL) && (pInput == NULL))
882  {
883  cleanup_helper(helper);
884  phNewContext->dwUpper = 0;
885  phNewContext->dwLower = 0;
886  }
887  goto isc_end;
888  }
889 
890  if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
891  {
892  pOutput->pBuffers[token_idx].pvBuffer = HeapAlloc(GetProcessHeap(), 0, bin_len);
893  pOutput->pBuffers[token_idx].cbBuffer = bin_len;
894  }
895  else if (pOutput->pBuffers[token_idx].cbBuffer < bin_len)
896  {
897  TRACE("out buffer is NULL or has not enough space\n");
898  ret = SEC_E_BUFFER_TOO_SMALL;
899  if ((phContext == NULL) && (pInput == NULL))
900  {
901  cleanup_helper(helper);
902  phNewContext->dwUpper = 0;
903  phNewContext->dwLower = 0;
904  }
905  goto isc_end;
906  }
907 
908  if (!pOutput->pBuffers[token_idx].pvBuffer)
909  {
910  TRACE("out buffer is NULL\n");
911  ret = SEC_E_INTERNAL_ERROR;
912  if ((phContext == NULL) && (pInput == NULL))
913  {
914  cleanup_helper(helper);
915  phNewContext->dwUpper = 0;
916  phNewContext->dwLower = 0;
917  }
918  goto isc_end;
919  }
920 
921  pOutput->pBuffers[token_idx].cbBuffer = bin_len;
922  memcpy(pOutput->pBuffers[token_idx].pvBuffer, bin, bin_len);
923 
924  if(ret == SEC_E_OK)
925  {
926  TRACE("Getting negotiated flags\n");
927  lstrcpynA(buffer, "GF", max_len - 1);
928  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
929  goto isc_end;
930 
931  if(buffer_len < 3)
932  {
933  TRACE("No flags negotiated.\n");
934  helper->neg_flags = 0l;
935  }
936  else
937  {
938  TRACE("Negotiated %s\n", debugstr_a(buffer));
939  sscanf(buffer + 3, "%lx", &(helper->neg_flags));
940  TRACE("Stored 0x%08x as flags\n", helper->neg_flags);
941  }
942 
943  TRACE("Getting session key\n");
944  lstrcpynA(buffer, "GK", max_len - 1);
945  if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
946  goto isc_end;
947 
948  if(strncmp(buffer, "BH", 2) == 0)
949  TRACE("No key negotiated.\n");
950  else if(strncmp(buffer, "GK ", 3) == 0)
951  {
952  if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
953  &bin_len)) != SEC_E_OK)
954  {
955  TRACE("Failed to decode session key\n");
956  }
957  TRACE("Session key is %s\n", debugstr_a(buffer+3));
958  HeapFree(GetProcessHeap(), 0, helper->session_key);
959  helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
960  if(!helper->session_key)
961  {
962  ret = SEC_E_INSUFFICIENT_MEMORY;
963  goto isc_end;
964  }
965  memcpy(helper->session_key, bin, bin_len);
966  }
967 
968  helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
969  SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
970  helper->crypt.ntlm.seq_num = 0l;
971  SECUR32_CreateNTLM2SubKeys(helper);
972  helper->crypt.ntlm2.send_a4i = SECUR32_arc4Alloc();
973  helper->crypt.ntlm2.recv_a4i = SECUR32_arc4Alloc();
974  SECUR32_arc4Init(helper->crypt.ntlm2.send_a4i,
975  helper->crypt.ntlm2.send_seal_key, 16);
976  SECUR32_arc4Init(helper->crypt.ntlm2.recv_a4i,
977  helper->crypt.ntlm2.recv_seal_key, 16);
978  helper->crypt.ntlm2.send_seq_no = 0l;
979  helper->crypt.ntlm2.recv_seq_no = 0l;
980  }
981 
982 isc_end:
983  HeapFree(GetProcessHeap(), 0, username);
984  HeapFree(GetProcessHeap(), 0, domain);
985  HeapFree(GetProcessHeap(), 0, password);
986  HeapFree(GetProcessHeap(), 0, want_flags);
987  HeapFree(GetProcessHeap(), 0, buffer);
988  HeapFree(GetProcessHeap(), 0, bin);
989  return ret;
990 }
ISC_REQ_SEQUENCE_DETECT
#define ISC_REQ_SEQUENCE_DETECT
Definition: sspi.h:351
SEC_E_INTERNAL_ERROR
#define SEC_E_INTERNAL_ERROR
Definition: winerror.h:2913
_CREDENTIALW::CredentialBlobSize
DWORD CredentialBlobSize
Definition: wincred.h:89
_CREDENTIALW::CredentialBlob
LPBYTE CredentialBlob
Definition: wincred.h:90
SECUR32_arc4Alloc
arc4_info * SECUR32_arc4Alloc(void)
Definition: util.c:189
WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:101
PNegoHelper
struct _NegoHelper * PNegoHelper
SEC_WCHAR
WCHAR SEC_WCHAR
Definition: sspi.h:29
ISC_REQ_EXTENDED_ERROR
#define ISC_REQ_EXTENDED_ERROR
Definition: sspi.h:362
ISC_REQ_STREAM
#define ISC_REQ_STREAM
Definition: sspi.h:363
_CREDENTIALW
Definition: wincred.h:82
strchrW
WINE_UNICODE_INLINE WCHAR * strchrW(const WCHAR *str, WCHAR ch)
Definition: unicode.h:248
_NegoHelper::mode
HelperMode mode
Definition: ntlm.h:27
strstr
char * strstr(char *String1, char *String2)
Definition: utclib.c:653
CP_ACP
#define CP_ACP
Definition: compat.h:99
_NtlmCredentials::password
char * password
Definition: ntlm.h:63
CHAR
char CHAR
Definition: xmlstorage.h:175
ntlm_GetTokenBufferIndex
static int ntlm_GetTokenBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:403
ui
UINT ui
Definition: oleauto.h:49
encodeBase64
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char *out_buf, int max_len, int *out_len)
Definition: base64_codec.c:29
buffer
GLuint buffer
Definition: glext.h:5915
ISC_REQ_DELEGATE
#define ISC_REQ_DELEGATE
Definition: sspi.h:348
cleanup_helper
void cleanup_helper(PNegoHelper helper)
Definition: dispatcher.c:377
_NtlmCredentials
Definition: ntlm.h:56
_CREDENTIALW::UserName
LPWSTR UserName
Definition: wincred.h:95
NERR_Success
#define NERR_Success
Definition: lmerr.h:5
SECUR32_CreateNTLM2SubKeys
SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper) DECLSPEC_HIDDEN
Definition: util.c:156
ISC_RET_CONNECTION
#define ISC_RET_CONNECTION
Definition: sspi.h:382
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:52
SEC_E_INSUFFICIENT_MEMORY
#define SEC_E_INSUFFICIENT_MEMORY
Definition: winerror.h:2909
debugstr_w
#define debugstr_w
Definition: kernel32.h:32
FIXME
#define FIXME(fmt,...)
Definition: debug.h:110
ntlm_GetUsernameArg
static char * ntlm_GetUsernameArg(LPCWSTR userW, INT userW_length)
Definition: ntlm.c:88
ntlm_GetDomainArg
static char * ntlm_GetDomainArg(LPCWSTR domainW, INT domainW_length)
Definition: ntlm.c:106
NULL
smooth NULL
Definition: ftsmooth.c:416
PNtlmCredentials
struct _NtlmCredentials * PNtlmCredentials
decodeBase64
SECURITY_STATUS decodeBase64(char *in_buf, int in_len, PBYTE out_buf, int max_len, int *out_len)
Definition: base64_codec.c:113
SEC_I_CONTINUE_NEEDED
#define SEC_I_CONTINUE_NEEDED
Definition: winerror.h:2927
sscanf
_Check_return_ _CRTIMP int __cdecl sscanf(_In_z_ const char *_Src, _In_z_ _Scanf_format_string_ const char *_Format,...)
ntlm_GetCachedCredential
static BOOL ntlm_GetCachedCredential(const SEC_WCHAR *pszTargetName, PCREDENTIALW *cred)
Definition: ntlm.c:438
SECURITY_STATUS
LONG SECURITY_STATUS
Definition: sspi.h:34
ISC_REQ_INTEGRITY
#define ISC_REQ_INTEGRITY
Definition: sspi.h:364
username
static WCHAR username[]
Definition: url.c:32
l
r l[0]
Definition: byte_order.h:167
NET_API_STATUS
DWORD NET_API_STATUS
Definition: ms-dtyp.idl:91
NetWkstaUserGetInfo
NET_API_STATUS WINAPI NetWkstaUserGetInfo(LMSTR reserved, DWORD level, PBYTE *bufptr)
Definition: wksta.c:279
lstrcatA
LPSTR WINAPI lstrcatA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:123
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:395
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
CredFree
VOID WINAPI CredFree(PVOID Buffer)
Definition: cred.c:1395
CP_UNIXCP
#define CP_UNIXCP
Definition: compat.h:69
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
debugstr_a
#define debugstr_a
Definition: kernel32.h:31
ISC_RET_EXTENDED_ERROR
#define ISC_RET_EXTENDED_ERROR
Definition: sspi.h:385
strncmp
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
_NegoHelper::neg_flags
ULONG neg_flags
Definition: ntlm.h:37
lstrcpyA
LPSTR WINAPI lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:100
WC_NO_BEST_FIT_CHARS
#define WC_NO_BEST_FIT_CHARS
Definition: unicode.h:46
ISC_RET_MUTUAL_AUTH
#define ISC_RET_MUTUAL_AUTH
Definition: sspi.h:372
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
ret
int ret
Definition: wcstombs-tests.c:31
ISC_REQ_ALLOCATE_MEMORY
#define ISC_REQ_ALLOCATE_MEMORY
Definition: sspi.h:356
password
T1_FIELD_DICT_PRIVATE password
Definition: t1tokens.h:64
SEC_E_INVALID_TOKEN
#define SEC_E_INVALID_TOKEN
Definition: winerror.h:2917
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
BYTE
unsigned char BYTE
Definition: mem.h:68
ISC_REQ_USE_DCE_STYLE
#define ISC_REQ_USE_DCE_STYLE
Definition: sspi.h:357
ISC_RET_DELEGATE
#define ISC_RET_DELEGATE
Definition: sspi.h:371
SECURITY_NETWORK_DREP
#define SECURITY_NETWORK_DREP
Definition: sspi.h:460
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
_NegoHelper::session_key
BYTE * session_key
Definition: ntlm.h:36
ISC_REQ_CONNECTION
#define ISC_REQ_CONNECTION
Definition: sspi.h:359
ERR
#define ERR(fmt,...)
Definition: debug.h:109
_WKSTA_USER_INFO_1
Definition: lmwksta.h:203
_NtlmCredentials::username_arg
char * username_arg
Definition: ntlm.h:61
lstrlenA
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
NetApiBufferFree
NET_API_STATUS WINAPI NetApiBufferFree(LPVOID Buffer)
Definition: apibuf.c:43
_NtlmCredentials::pwlen
int pwlen
Definition: ntlm.h:64
SECUR32_CreateNTLM1SessionKey
SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key) DECLSPEC_HIDDEN
Definition: util.c:122
_NtlmCredentials::mode
HelperMode mode
Definition: ntlm.h:58
run_helper
SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer, unsigned int max_buflen, int *buflen)
Definition: dispatcher.c:331
ISC_RET_USED_DCE_STYLE
#define ISC_RET_USED_DCE_STYLE
Definition: sspi.h:380
SEC_CHAR
CHAR SEC_CHAR
Definition: sspi.h:30
Reserved1
Definition: bcd.h:201
lstrcpynA
#define lstrcpynA
Definition: compat.h:408
ISC_REQ_MUTUAL_AUTH
#define ISC_REQ_MUTUAL_AUTH
Definition: sspi.h:349
SEC_E_BUFFER_TOO_SMALL
#define SEC_E_BUFFER_TOO_SMALL
Definition: winerror.h:2937
MultiByteToWideChar
#define MultiByteToWideChar
Definition: compat.h:100
bin
static struct _PeImage bin
NTLM_MAX_BUF
#define NTLM_MAX_BUF
Definition: ntlm.c:35
_NtlmCredentials::no_cached_credentials
int no_cached_credentials
Definition: ntlm.h:65
_NegoHelper
Definition: ntlm.h:21
ULONG
unsigned int ULONG
Definition: retypes.h:1
ntlm_auth
static CHAR ntlm_auth[]
Definition: ntlm.c:44
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
ISC_REQ_CONFIDENTIALITY
#define ISC_REQ_CONFIDENTIALITY
Definition: sspi.h:352
SEC_E_NO_CREDENTIALS
#define SEC_E_NO_CREDENTIALS
Definition: winerror.h:2923
ISC_REQ_REPLAY_DETECT
#define ISC_REQ_REPLAY_DETECT
Definition: sspi.h:350
SECUR32_arc4Init
void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen)
Definition: util.c:199
p
GLfloat GLfloat p
Definition: glext.h:8902
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184
memset
#define memset(x, y, z)
Definition: compat.h:39
status
static SERVICE_STATUS status
Definition: service.c:31
fork_helper
SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog, char *const argv[])
Definition: dispatcher.c:76
_NegoHelper::crypt
struct _NegoHelper::@519 crypt
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:394
_NtlmCredentials::domain_arg
char * domain_arg
Definition: ntlm.h:62
status
Definition: ps.c:97

Referenced by nego_InitializeSecurityContextW(), and ntlm_InitializeSecurityContextA().

◆ ntlm_MakeSignature()

SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature ( PCtxtHandle  ,
ULONG  ,
PSecBufferDesc  ,
ULONG   
)

Definition at line 1662 of file ntlm.c.

1664 {
1665  PNegoHelper helper;
1666  int token_idx;
1667 
1668  TRACE("%p %d %p %d\n", phContext, fQOP, pMessage, MessageSeqNo);
1669  if (!phContext)
1670  return SEC_E_INVALID_HANDLE;
1671 
1672  if(fQOP)
1673  FIXME("Ignoring fQOP 0x%08x\n", fQOP);
1674 
1675  if(MessageSeqNo)
1676  FIXME("Ignoring MessageSeqNo\n");
1677 
1678  if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
1679  return SEC_E_INVALID_TOKEN;
1680 
1681  /* If we didn't find a SECBUFFER_TOKEN type buffer */
1682  if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
1683  return SEC_E_INVALID_TOKEN;
1684 
1685  if(pMessage->pBuffers[token_idx].cbBuffer < 16)
1686  return SEC_E_BUFFER_TOO_SMALL;
1687 
1688  helper = (PNegoHelper)phContext->dwLower;
1689  TRACE("Negotiated flags are: 0x%08x\n", helper->neg_flags);
1690 
1691  return ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, TRUE);
1692 }
TRUE
#define TRUE
Definition: types.h:120
PNegoHelper
struct _NegoHelper * PNegoHelper
ntlm_GetTokenBufferIndex
static int ntlm_GetTokenBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:403
FIXME
#define FIXME(fmt,...)
Definition: debug.h:110
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
_NegoHelper::neg_flags
ULONG neg_flags
Definition: ntlm.h:37
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
SEC_E_INVALID_TOKEN
#define SEC_E_INVALID_TOKEN
Definition: winerror.h:2917
SEC_E_BUFFER_TOO_SMALL
#define SEC_E_BUFFER_TOO_SMALL
Definition: winerror.h:2937
ntlm_CreateSignature
static SECURITY_STATUS ntlm_CreateSignature(PNegoHelper helper, PSecBufferDesc pMessage, int token_idx, SignDirection direction, BOOL encrypt_sig)
Definition: ntlm.c:1536
_NegoHelper
Definition: ntlm.h:21
NTLM_SEND
Definition: ntlm.h:69

Referenced by nego_MakeSignature().

◆ ntlm_QueryContextAttributesA()

SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA ( PCtxtHandle  ,
ULONG  ,
void  
)

Definition at line 1482 of file ntlm.c.

1484 {
1485  return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
1486 }
ntlm_QueryContextAttributesW
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
Definition: ntlm.c:1427
pBuffer
PVOID pBuffer
Definition: rdesktop-core-tester.cpp:188

Referenced by nego_QueryContextAttributesA().

◆ ntlm_QueryContextAttributesW()

SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW ( PCtxtHandle  ,
ULONG  ,
void  
)

Definition at line 1427 of file ntlm.c.

1429 {
1430  TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer);
1431  if (!phContext)
1432  return SEC_E_INVALID_HANDLE;
1433 
1434  switch(ulAttribute)
1435  {
1436 #define _x(x) case (x) : FIXME(#x" stub\n"); break
1437  _x(SECPKG_ATTR_ACCESS_TOKEN);
1438  _x(SECPKG_ATTR_AUTHORITY);
1439  _x(SECPKG_ATTR_DCE_INFO);
1440  case SECPKG_ATTR_FLAGS:
1441  {
1442  PSecPkgContext_Flags spcf = (PSecPkgContext_Flags)pBuffer;
1443  PNegoHelper helper = (PNegoHelper)phContext->dwLower;
1444 
1445  spcf->Flags = 0;
1446  if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
1447  spcf->Flags |= ISC_RET_INTEGRITY;
1448  if(helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
1449  spcf->Flags |= ISC_RET_CONFIDENTIALITY;
1450  return SEC_E_OK;
1451  }
1452  _x(SECPKG_ATTR_KEY_INFO);
1453  _x(SECPKG_ATTR_LIFESPAN);
1454  _x(SECPKG_ATTR_NAMES);
1455  _x(SECPKG_ATTR_NATIVE_NAMES);
1456  _x(SECPKG_ATTR_NEGOTIATION_INFO);
1457  _x(SECPKG_ATTR_PACKAGE_INFO);
1458  _x(SECPKG_ATTR_PASSWORD_EXPIRY);
1459  _x(SECPKG_ATTR_SESSION_KEY);
1460  case SECPKG_ATTR_SIZES:
1461  {
1462  PSecPkgContext_Sizes spcs = (PSecPkgContext_Sizes)pBuffer;
1463  spcs->cbMaxToken = NTLM_MAX_BUF;
1464  spcs->cbMaxSignature = 16;
1465  spcs->cbBlockSize = 0;
1466  spcs->cbSecurityTrailer = 16;
1467  return SEC_E_OK;
1468  }
1469  _x(SECPKG_ATTR_STREAM_SIZES);
1470  _x(SECPKG_ATTR_TARGET_INFORMATION);
1471 #undef _x
1472  default:
1473  TRACE("Unknown value %d passed for ulAttribute\n", ulAttribute);
1474  }
1475 
1476  return SEC_E_UNSUPPORTED_FUNCTION;
1477 }
SECPKG_ATTR_NATIVE_NAMES
#define SECPKG_ATTR_NATIVE_NAMES
Definition: sspi.h:520
SECPKG_ATTR_KEY_INFO
#define SECPKG_ATTR_KEY_INFO
Definition: sspi.h:512
SECPKG_ATTR_DCE_INFO
#define SECPKG_ATTR_DCE_INFO
Definition: sspi.h:510
SECPKG_ATTR_PACKAGE_INFO
#define SECPKG_ATTR_PACKAGE_INFO
Definition: sspi.h:517
SECPKG_ATTR_PASSWORD_EXPIRY
#define SECPKG_ATTR_PASSWORD_EXPIRY
Definition: sspi.h:515
PNegoHelper
struct _NegoHelper * PNegoHelper
ISC_RET_CONFIDENTIALITY
#define ISC_RET_CONFIDENTIALITY
Definition: sspi.h:375
_SecPkgContext_Sizes::cbBlockSize
ULONG cbBlockSize
Definition: sspi.h:549
SEC_E_UNSUPPORTED_FUNCTION
#define SEC_E_UNSUPPORTED_FUNCTION
Definition: winerror.h:2911
SECPKG_ATTR_ACCESS_TOKEN
#define SECPKG_ATTR_ACCESS_TOKEN
Definition: sspi.h:525
_SecPkgContext_Flags::Flags
ULONG Flags
Definition: sspi.h:663
PSecPkgContext_Sizes
struct _SecPkgContext_Sizes * PSecPkgContext_Sizes
_SecPkgContext_Sizes::cbMaxSignature
ULONG cbMaxSignature
Definition: sspi.h:548
SECPKG_ATTR_SIZES
#define SECPKG_ATTR_SIZES
Definition: sspi.h:507
_SecPkgContext_Sizes
Definition: sspi.h:545
pBuffer
PVOID pBuffer
Definition: rdesktop-core-tester.cpp:188
SECPKG_ATTR_NEGOTIATION_INFO
#define SECPKG_ATTR_NEGOTIATION_INFO
Definition: sspi.h:519
NTLMSSP_NEGOTIATE_SEAL
#define NTLMSSP_NEGOTIATE_SEAL
Definition: ntlm.h:81
SECPKG_ATTR_LIFESPAN
#define SECPKG_ATTR_LIFESPAN
Definition: sspi.h:509
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
SECPKG_ATTR_AUTHORITY
#define SECPKG_ATTR_AUTHORITY
Definition: sspi.h:513
_SecPkgContext_Flags
Definition: sspi.h:661
_NegoHelper::neg_flags
ULONG neg_flags
Definition: ntlm.h:37
SECPKG_ATTR_STREAM_SIZES
#define SECPKG_ATTR_STREAM_SIZES
Definition: sspi.h:511
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
_SecPkgContext_Sizes::cbSecurityTrailer
ULONG cbSecurityTrailer
Definition: sspi.h:550
PSecPkgContext_Flags
struct _SecPkgContext_Flags * PSecPkgContext_Flags
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
SECPKG_ATTR_NAMES
#define SECPKG_ATTR_NAMES
Definition: sspi.h:508
_SecPkgContext_Sizes::cbMaxToken
ULONG cbMaxToken
Definition: sspi.h:547
SECPKG_ATTR_FLAGS
#define SECPKG_ATTR_FLAGS
Definition: sspi.h:521
NTLM_MAX_BUF
#define NTLM_MAX_BUF
Definition: ntlm.c:35
_NegoHelper
Definition: ntlm.h:21
SECPKG_ATTR_TARGET_INFORMATION
#define SECPKG_ATTR_TARGET_INFORMATION
Definition: sspi.h:524
NTLMSSP_NEGOTIATE_SIGN
#define NTLMSSP_NEGOTIATE_SIGN
Definition: ntlm.h:80
_x
#define _x(x)
ISC_RET_INTEGRITY
#define ISC_RET_INTEGRITY
Definition: sspi.h:387
SECPKG_ATTR_SESSION_KEY
#define SECPKG_ATTR_SESSION_KEY
Definition: sspi.h:516

Referenced by nego_QueryContextAttributesW(), and ntlm_QueryContextAttributesA().

◆ ntlm_VerifySignature()

SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature ( PCtxtHandle  ,
PSecBufferDesc  ,
ULONG  ,
PULONG   
)

Definition at line 1697 of file ntlm.c.

1699 {
1700  PNegoHelper helper;
1701  UINT i;
1702  int token_idx;
1703  SECURITY_STATUS ret;
1704  SecBufferDesc local_desc;
1705  PSecBuffer local_buff;
1706  BYTE local_sig[16];
1707 
1708  TRACE("%p %p %d %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
1709  if(!phContext)
1710  return SEC_E_INVALID_HANDLE;
1711 
1712  if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
1713  return SEC_E_INVALID_TOKEN;
1714 
1715  if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
1716  return SEC_E_INVALID_TOKEN;
1717 
1718  if(pMessage->pBuffers[token_idx].cbBuffer < 16)
1719  return SEC_E_BUFFER_TOO_SMALL;
1720 
1721  if(MessageSeqNo)
1722  FIXME("Ignoring MessageSeqNo\n");
1723 
1724  helper = (PNegoHelper)phContext->dwLower;
1725  TRACE("Negotiated flags: 0x%08x\n", helper->neg_flags);
1726 
1727  local_buff = HeapAlloc(GetProcessHeap(), 0, pMessage->cBuffers * sizeof(SecBuffer));
1728 
1729  local_desc.ulVersion = SECBUFFER_VERSION;
1730  local_desc.cBuffers = pMessage->cBuffers;
1731  local_desc.pBuffers = local_buff;
1732 
1733  for(i=0; i < pMessage->cBuffers; ++i)
1734  {
1735  if(pMessage->pBuffers[i].BufferType == SECBUFFER_TOKEN)
1736  {
1737  local_buff[i].BufferType = SECBUFFER_TOKEN;
1738  local_buff[i].cbBuffer = 16;
1739  local_buff[i].pvBuffer = local_sig;
1740  }
1741  else
1742  {
1743  local_buff[i].BufferType = pMessage->pBuffers[i].BufferType;
1744  local_buff[i].cbBuffer = pMessage->pBuffers[i].cbBuffer;
1745  local_buff[i].pvBuffer = pMessage->pBuffers[i].pvBuffer;
1746  }
1747  }
1748 
1749  if((ret = ntlm_CreateSignature(helper, &local_desc, token_idx, NTLM_RECV, TRUE)) != SEC_E_OK)
1750  return ret;
1751 
1752  if(memcmp(((PBYTE)local_buff[token_idx].pvBuffer) + 8,
1753  ((PBYTE)pMessage->pBuffers[token_idx].pvBuffer) + 8, 8))
1754  ret = SEC_E_MESSAGE_ALTERED;
1755  else
1756  ret = SEC_E_OK;
1757 
1758  HeapFree(GetProcessHeap(), 0, local_buff);
1759 
1760  return ret;
1761 
1762 }
TRUE
#define TRUE
Definition: types.h:120
memcmp
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
PNegoHelper
struct _NegoHelper * PNegoHelper
_SecBufferDesc::ulVersion
ULONG ulVersion
Definition: sspi.h:167
ntlm_GetTokenBufferIndex
static int ntlm_GetTokenBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:403
_SecBufferDesc
Definition: sspi.h:166
SEC_E_MESSAGE_ALTERED
#define SEC_E_MESSAGE_ALTERED
Definition: winerror.h:2924
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
FIXME
#define FIXME(fmt,...)
Definition: debug.h:110
SECURITY_STATUS
LONG SECURITY_STATUS
Definition: sspi.h:34
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:395
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
PSecBuffer
PVOID *typedef PSecBuffer
Definition: ntsecpkg.h:400
_NegoHelper::neg_flags
ULONG neg_flags
Definition: ntlm.h:37
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:2910
ret
int ret
Definition: wcstombs-tests.c:31
_SecBuffer
Definition: sspi.h:138
SECBUFFER_TOKEN
#define SECBUFFER_TOKEN
Definition: sspi.h:147
SEC_E_INVALID_TOKEN
#define SEC_E_INVALID_TOKEN
Definition: winerror.h:2917
BYTE
unsigned char BYTE
Definition: mem.h:68
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
SECBUFFER_VERSION
#define SECBUFFER_VERSION
Definition: sspi.h:173
UINT
unsigned int UINT
Definition: ndis.h:50
SEC_E_BUFFER_TOO_SMALL
#define SEC_E_BUFFER_TOO_SMALL
Definition: winerror.h:2937
ntlm_CreateSignature
static SECURITY_STATUS ntlm_CreateSignature(PNegoHelper helper, PSecBufferDesc pMessage, int token_idx, SignDirection direction, BOOL encrypt_sig)
Definition: ntlm.c:1536
_NegoHelper
Definition: ntlm.h:21
_SecBufferDesc::cBuffers
ULONG cBuffers
Definition: sspi.h:168
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:394
NTLM_RECV
Definition: ntlm.h:70

Referenced by nego_VerifySignature(), and ntlm_DecryptMessage().

◆ SECUR32_CreateNTLM1SessionKey()

SECURITY_STATUS SECUR32_CreateNTLM1SessionKey ( PBYTE  password,
int  len,
PBYTE  session_key 
)

Definition at line 122 of file util.c.

123 {
124  MD4_CTX ctx;
125  BYTE ntlm_hash[16];
126 
127  TRACE("(%p, %p)\n", password, session_key);
128 
129  MD4Init(&ctx);
130  MD4Update(&ctx, password, len);
131  MD4Final(&ctx);
132 
133  memcpy(ntlm_hash, ctx.digest, 0x10);
134 
135  MD4Init(&ctx);
136  MD4Update(&ctx, ntlm_hash, 0x10u);
137  MD4Final(&ctx);
138 
139  memcpy(session_key, ctx.digest, 0x10);
140 
141  return SEC_E_OK;
142 }
MD4_CTX::digest
unsigned char digest[16]
Definition: util.c:86
MD4Final
VOID WINAPI MD4Final(MD4_CTX *ctx)
Definition: md4.c:113
MD4Init
VOID WINAPI MD4Init(MD4_CTX *ctx)
Definition: md4.c:45
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
password
T1_FIELD_DICT_PRIVATE password
Definition: t1tokens.h:64
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
len
GLenum GLsizei len
Definition: glext.h:6722
BYTE
unsigned char BYTE
Definition: mem.h:68
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
MD4_CTX
Definition: util.c:81
MD4Update
VOID WINAPI MD4Update(MD4_CTX *ctx, const unsigned char *buf, unsigned int len)
Definition: md4.c:59

Referenced by ntlm_InitializeSecurityContextW().

◆ SECUR32_CreateNTLM2SubKeys()

SECURITY_STATUS SECUR32_CreateNTLM2SubKeys ( PNegoHelper  helper)

Definition at line 156 of file util.c.

157 {
158  helper->crypt.ntlm2.send_sign_key = HeapAlloc(GetProcessHeap(), 0, 16);
159  helper->crypt.ntlm2.send_seal_key = HeapAlloc(GetProcessHeap(), 0, 16);
160  helper->crypt.ntlm2.recv_sign_key = HeapAlloc(GetProcessHeap(), 0, 16);
161  helper->crypt.ntlm2.recv_seal_key = HeapAlloc(GetProcessHeap(), 0, 16);
162 
163  if(helper->mode == NTLM_CLIENT)
164  {
165  SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_sign_constant,
166  helper->crypt.ntlm2.send_sign_key);
167  SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_seal_constant,
168  helper->crypt.ntlm2.send_seal_key);
169  SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_sign_constant,
170  helper->crypt.ntlm2.recv_sign_key);
171  SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_seal_constant,
172  helper->crypt.ntlm2.recv_seal_key);
173  }
174  else
175  {
176  SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_sign_constant,
177  helper->crypt.ntlm2.send_sign_key);
178  SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_seal_constant,
179  helper->crypt.ntlm2.send_seal_key);
180  SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_sign_constant,
181  helper->crypt.ntlm2.recv_sign_key);
182  SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_seal_constant,
183  helper->crypt.ntlm2.recv_seal_key);
184  }
185 
186  return SEC_E_OK;
187 }
_NegoHelper::mode
HelperMode mode
Definition: ntlm.h:27
server_to_client_sign_constant
static const char server_to_client_sign_constant[]
Definition: util.c:78
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:395
HeapAlloc
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
SECUR32_CalcNTLM2Subkey
static void SECUR32_CalcNTLM2Subkey(const BYTE *session_key, const char *magic, PBYTE subkey)
Definition: util.c:144
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
_NegoHelper::session_key
BYTE * session_key
Definition: ntlm.h:36
client_to_server_seal_constant
static const char client_to_server_seal_constant[]
Definition: util.c:77
server_to_client_seal_constant
static const char server_to_client_seal_constant[]
Definition: util.c:79
client_to_server_sign_constant
static const char client_to_server_sign_constant[]
Definition: util.c:76
_NegoHelper::crypt
struct _NegoHelper::@519 crypt

Referenced by ntlm_InitializeSecurityContextW().

◆ SECUR32_initNTLMSP()

void SECUR32_initNTLMSP ( void  )

Definition at line 2026 of file ntlm.c.

2027 {
2028  PNegoHelper helper;
2029  static CHAR version[] = "--version";
2030 
2031  SEC_CHAR *args[] = {
2032  ntlm_auth,
2033  version,
2034  NULL };
2035 
2036  if(fork_helper(&helper, ntlm_auth, args) != SEC_E_OK)
2037  helper = NULL;
2038  else
2039  check_version(helper);
2040 
2041  if( helper &&
2042  ((helper->major > MIN_NTLM_AUTH_MAJOR_VERSION) ||
2043  (helper->major == MIN_NTLM_AUTH_MAJOR_VERSION &&
2044  helper->minor > MIN_NTLM_AUTH_MINOR_VERSION) ||
2045  (helper->major == MIN_NTLM_AUTH_MAJOR_VERSION &&
2046  helper->minor == MIN_NTLM_AUTH_MINOR_VERSION &&
2047  helper->micro >= MIN_NTLM_AUTH_MICRO_VERSION)) )
2048  {
2049  SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
2050  SECUR32_addPackages(provider, 1L, ntlm_package_infoA, ntlm_package_infoW);
2051  }
2052  else
2053  {
2054  ERR_(winediag)("%s was not found or is outdated. "
2055  "Make sure that ntlm_auth >= %d.%d.%d is in your path. "
2056  "Usually, you can find it in the winbind package of your distribution.\n",
2057  ntlm_auth,
2058  MIN_NTLM_AUTH_MAJOR_VERSION,
2059  MIN_NTLM_AUTH_MINOR_VERSION,
2060  MIN_NTLM_AUTH_MICRO_VERSION);
2061 
2062  }
2063  cleanup_helper(helper);
2064 }
_NegoHelper::major
int major
Definition: ntlm.h:30
SECUR32_addPackages
void SECUR32_addPackages(SecureProvider *provider, ULONG toAdd, const SecPkgInfoA *infoA, const SecPkgInfoW *infoW) DECLSPEC_HIDDEN
Definition: secur32_wine.c:362
ntlm_package_infoW
SecPkgInfoW * ntlm_package_infoW
Definition: ntlm.c:2024
ntlm_package_infoA
SecPkgInfoA * ntlm_package_infoA
Definition: ntlm.c:2023
CHAR
char CHAR
Definition: xmlstorage.h:175
check_version
static BOOL check_version(LPCWSTR gre_path, const char *version_string)
Definition: nsembed.c:521
ERR_
#define ERR_(ch,...)
Definition: debug.h:156
cleanup_helper
void cleanup_helper(PNegoHelper helper)
Definition: dispatcher.c:377
args
Definition: match.c:390
SECUR32_addProvider
SecureProvider * SECUR32_addProvider(const SecurityFunctionTableA *fnTableA, const SecurityFunctionTableW *fnTableW, PCWSTR moduleName) DECLSPEC_HIDDEN
Definition: secur32_wine.c:314
_NegoHelper::minor
int minor
Definition: ntlm.h:31
NULL
smooth NULL
Definition: ftsmooth.c:416
version
static const WCHAR version[]
Definition: asmname.c:64
MIN_NTLM_AUTH_MICRO_VERSION
#define MIN_NTLM_AUTH_MICRO_VERSION
Definition: ntlm.c:39
MIN_NTLM_AUTH_MAJOR_VERSION
#define MIN_NTLM_AUTH_MAJOR_VERSION
Definition: ntlm.c:36
_SecureProvider
Definition: schannel_priv.h:24
L
static const WCHAR L[]
Definition: oid.c:1250
MIN_NTLM_AUTH_MINOR_VERSION
#define MIN_NTLM_AUTH_MINOR_VERSION
Definition: ntlm.c:37
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:2356
_NegoHelper::micro
int micro
Definition: ntlm.h:32
SEC_CHAR
CHAR SEC_CHAR
Definition: sspi.h:30
ntlmTableA
static const SecurityFunctionTableA ntlmTableA
Definition: ntlm.c:1917
_NegoHelper
Definition: ntlm.h:21
ntlm_auth
static CHAR ntlm_auth[]
Definition: ntlm.c:44
fork_helper
SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog, char *const argv[])
Definition: dispatcher.c:76
ntlmTableW
static const SecurityFunctionTableW ntlmTableW
Definition: ntlm.c:1948

Referenced by SECUR32_initializeProviders().

Variable Documentation

◆ DECLSPEC_HIDDEN

SecPkgInfoA* ntlm_package_infoA DECLSPEC_HIDDEN

Definition at line 113 of file ntlm.h.