ReactOS 0.4.16-dev-1946-g52006dd
Classes | Macros | Typedefs | Enumerations | Functions | Variables
ntlm.h File Reference
#include <sys/types.h>
Include dependency graph for ntlm.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  tag_arc4_info
 
struct  _NegoHelper
 
struct  _NtlmCredentials
 

Macros

#define CP_UNIXCP   CP_ACP
 
#define NTLMSSP_NEGOTIATE_UNICODE   0x00000001
 
#define NTLMSSP_NEGOTIATE_OEM   0x00000002
 
#define NTLMSSP_REQUEST_TARGET   0x00000004
 
#define NTLMSSP_NEGOTIATE_SIGN   0x00000010
 
#define NTLMSSP_NEGOTIATE_SEAL   0x00000020
 
#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE   0x00000040
 
#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY   0x00000080
 
#define NTLMSSP_NEGOTIATE_NTLM   0x00000200
 
#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED   0x00001000
 
#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED   0x00002000
 
#define NTLMSSP_NEGOTIATE_LOCAL_CALL   0x00004000
 
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN   0x00008000
 
#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN   0x00010000
 
#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER   0x00020000
 
#define NTLMSSP_NEGOTIATE_NTLM2   0x00080000
 
#define NTLMSSP_NEGOTIATE_TARGET_INFO   0x00800000
 
#define NTLMSSP_NEGOTIATE_128   0x20000000
 
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE   0x40000000
 
#define NTLMSSP_NEGOTIATE_56   0x80000000
 

Typedefs

typedef enum _helper_mode HelperMode
 
typedef struct tag_arc4_info arc4_info
 
typedef struct _NegoHelper NegoHelper
 
typedef struct _NegoHelperPNegoHelper
 
typedef struct _NtlmCredentials NtlmCredentials
 
typedef struct _NtlmCredentialsPNtlmCredentials
 
typedef enum _sign_direction SignDirection
 

Enumerations

enum  _helper_mode { NTLM_SERVER , NTLM_CLIENT , NUM_HELPER_MODES }
 
enum  _sign_direction { NTLM_SEND , NTLM_RECV }
 

Functions

void SECUR32_initNTLMSP (void) DECLSPEC_HIDDEN
 
SECURITY_STATUS SECUR32_CreateNTLM1SessionKey (PBYTE password, int len, PBYTE session_key) DECLSPEC_HIDDEN
 
SECURITY_STATUS SECUR32_CreateNTLM2SubKeys (PNegoHelper helper) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW (SEC_WCHAR *, SEC_WCHAR *, ULONG, PLUID, PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW (PCredHandle, PCtxtHandle, SEC_WCHAR *, ULONG fContextReq, ULONG, ULONG, PSecBufferDesc, ULONG, PCtxtHandle, PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext (PCredHandle, PCtxtHandle, PSecBufferDesc, ULONG, ULONG, PCtxtHandle, PSecBufferDesc, ULONG *, PTimeStamp) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA (PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW (PCtxtHandle, ULONG, void *) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage (PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage (PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle (PCredHandle) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext (PCtxtHandle) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature (PCtxtHandle, ULONG, PSecBufferDesc, ULONG) DECLSPEC_HIDDEN
 
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature (PCtxtHandle, PSecBufferDesc, ULONG, PULONG) DECLSPEC_HIDDEN
 

Variables

SecPkgInfoW *ntlm_package_infoW DECLSPEC_HIDDEN
 

Macro Definition Documentation

◆ CP_UNIXCP

#define CP_UNIXCP   CP_ACP

Definition at line 6 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_128

#define NTLMSSP_NEGOTIATE_128   0x20000000

Definition at line 93 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_56

#define NTLMSSP_NEGOTIATE_56   0x80000000

Definition at line 95 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_ALWAYS_SIGN

#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN   0x00008000

Definition at line 88 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_DATAGRAM_STYLE

#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE   0x00000040

Definition at line 82 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED

#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED   0x00001000

Definition at line 85 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_KEY_EXCHANGE

#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE   0x40000000

Definition at line 94 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_LM_SESSION_KEY

#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY   0x00000080

Definition at line 83 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_LOCAL_CALL

#define NTLMSSP_NEGOTIATE_LOCAL_CALL   0x00004000

Definition at line 87 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_NTLM

#define NTLMSSP_NEGOTIATE_NTLM   0x00000200

Definition at line 84 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_NTLM2

#define NTLMSSP_NEGOTIATE_NTLM2   0x00080000

Definition at line 91 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_OEM

#define NTLMSSP_NEGOTIATE_OEM   0x00000002

Definition at line 78 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_SEAL

#define NTLMSSP_NEGOTIATE_SEAL   0x00000020

Definition at line 81 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_SIGN

#define NTLMSSP_NEGOTIATE_SIGN   0x00000010

Definition at line 80 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_TARGET_INFO

#define NTLMSSP_NEGOTIATE_TARGET_INFO   0x00800000

Definition at line 92 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN

#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN   0x00010000

Definition at line 89 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER

#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER   0x00020000

Definition at line 90 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_UNICODE

#define NTLMSSP_NEGOTIATE_UNICODE   0x00000001

Definition at line 77 of file ntlm.h.

◆ NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED

#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED   0x00002000

Definition at line 86 of file ntlm.h.

◆ NTLMSSP_REQUEST_TARGET

#define NTLMSSP_REQUEST_TARGET   0x00000004

Definition at line 79 of file ntlm.h.

Typedef Documentation

◆ arc4_info

typedef struct tag_arc4_info arc4_info

◆ HelperMode

typedef enum _helper_mode HelperMode

◆ NegoHelper

typedef struct _NegoHelper NegoHelper

◆ NtlmCredentials

typedef struct _NtlmCredentials NtlmCredentials

◆ PNegoHelper

typedef struct _NegoHelper * PNegoHelper

◆ PNtlmCredentials

typedef struct _NtlmCredentials * PNtlmCredentials

◆ SignDirection

typedef enum _sign_direction SignDirection

Enumeration Type Documentation

◆ _helper_mode

enum _helper_mode
Enumerator
NTLM_SERVER 
NTLM_CLIENT 
NUM_HELPER_MODES 

Definition at line 10 of file ntlm.h.

10 {
11 NTLM_SERVER,
12 NTLM_CLIENT,
13 NUM_HELPER_MODES
14} HelperMode;
HelperMode
enum _helper_mode HelperMode
NUM_HELPER_MODES
@ NUM_HELPER_MODES
Definition: ntlm.h:13
NTLM_SERVER
@ NTLM_SERVER
Definition: ntlm.h:11
NTLM_CLIENT
@ NTLM_CLIENT
Definition: ntlm.h:12

◆ _sign_direction

enum _sign_direction
Enumerator
NTLM_SEND 
NTLM_RECV 

Definition at line 68 of file ntlm.h.

68 {
69 NTLM_SEND,
70 NTLM_RECV
71} SignDirection;
NTLM_RECV
@ NTLM_RECV
Definition: ntlm.h:70
NTLM_SEND
@ NTLM_SEND
Definition: ntlm.h:69
SignDirection
enum _sign_direction SignDirection

Function Documentation

◆ ntlm_AcceptSecurityContext()

SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext ( PCredHandle  phCredential,
PCtxtHandle  phContext,
PSecBufferDesc  pInput,
ULONG  fContextReq,
ULONG  TargetDataRep,
PCtxtHandle  phNewContext,
PSecBufferDesc  pOutput,
ULONG pfContextAttr,
PTimeStamp  ptsExpiry 
)

Definition at line 1029 of file ntlm.c.

1033{
1034 SECURITY_STATUS ret;
1035 char *buffer, *want_flags = NULL;
1036 PBYTE bin;
1037 int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
1038 ULONG ctxt_attr = 0;
1039 PNegoHelper helper;
1040 PNtlmCredentials ntlm_cred;
1041
1042 TRACE("%p %p %p %d %d %p %p %p %p\n", phCredential, phContext, pInput,
1043 fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
1044 ptsExpiry);
1045
1046 buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(char) * NTLM_MAX_BUF);
1047 bin = HeapAlloc(GetProcessHeap(),0, sizeof(BYTE) * NTLM_MAX_BUF);
1048
1049 if(TargetDataRep == SECURITY_NETWORK_DREP){
1050 TRACE("Using SECURITY_NETWORK_DREP\n");
1051 }
1052
1053 if(phContext == NULL)
1054 {
1055 static CHAR server_helper_protocol[] = "--helper-protocol=squid-2.5-ntlmssp";
1056 SEC_CHAR *server_argv[] = { ntlm_auth,
1057 server_helper_protocol,
1058 NULL };
1059
1060 if (!phCredential)
1061 {
1062 ret = SEC_E_INVALID_HANDLE;
1063 goto asc_end;
1064 }
1065
1066 ntlm_cred = (PNtlmCredentials)phCredential->dwLower;
1067
1068 if(ntlm_cred->mode != NTLM_SERVER)
1069 {
1070 ret = SEC_E_INVALID_HANDLE;
1071 goto asc_end;
1072 }
1073
1074 /* This is the first call to AcceptSecurityHandle */
1075 if(pInput == NULL)
1076 {
1077 ret = SEC_E_INCOMPLETE_MESSAGE;
1078 goto asc_end;
1079 }
1080
1081 if(pInput->cBuffers < 1)
1082 {
1083 ret = SEC_E_INCOMPLETE_MESSAGE;
1084 goto asc_end;
1085 }
1086
1087 if(pInput->pBuffers[0].cbBuffer > max_len)
1088 {
1089 ret = SEC_E_INVALID_TOKEN;
1090 goto asc_end;
1091 }
1092 else
1093 bin_len = pInput->pBuffers[0].cbBuffer;
1094
1095 if( (ret = fork_helper(&helper, ntlm_auth, server_argv)) !=
1096 SEC_E_OK)
1097 {
1098 ret = SEC_E_INTERNAL_ERROR;
1099 goto asc_end;
1100 }
1101 helper->mode = NTLM_SERVER;
1102
1103 /* Handle all the flags */
1104 want_flags = HeapAlloc(GetProcessHeap(), 0, 73);
1105 if(want_flags == NULL)
1106 {
1107 TRACE("Failed to allocate memory for the want_flags!\n");
1108 ret = SEC_E_INSUFFICIENT_MEMORY;
1109 cleanup_helper(helper);
1110 goto asc_end;
1111 }
1112 lstrcpyA(want_flags, "SF");
1113 if(fContextReq & ASC_REQ_ALLOCATE_MEMORY)
1114 {
1115 FIXME("ASC_REQ_ALLOCATE_MEMORY stub\n");
1116 }
1117 if(fContextReq & ASC_REQ_CONFIDENTIALITY)
1118 {
1119 lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
1120 }
1121 if(fContextReq & ASC_REQ_CONNECTION)
1122 {
1123 /* This is default, so we'll enable it */
1124 lstrcatA(want_flags, " NTLMSSP_FEATURE_SESSION_KEY");
1125 ctxt_attr |= ASC_RET_CONNECTION;
1126 }
1127 if(fContextReq & ASC_REQ_EXTENDED_ERROR)
1128 {
1129 FIXME("ASC_REQ_EXTENDED_ERROR stub\n");
1130 }
1131 if(fContextReq & ASC_REQ_INTEGRITY)
1132 {
1133 lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
1134 }
1135 if(fContextReq & ASC_REQ_MUTUAL_AUTH)
1136 {
1137 FIXME("ASC_REQ_MUTUAL_AUTH stub\n");
1138 }
1139 if(fContextReq & ASC_REQ_REPLAY_DETECT)
1140 {
1141 FIXME("ASC_REQ_REPLAY_DETECT stub\n");
1142 }
1143 if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
1144 {
1145 FIXME("ASC_REQ_SEQUENCE_DETECT stub\n");
1146 }
1147 if(fContextReq & ISC_REQ_STREAM)
1148 {
1149 FIXME("ASC_REQ_STREAM stub\n");
1150 }
1151 /* Done with the flags */
1152
1153 if(lstrlenA(want_flags) > 3)
1154 {
1155 TRACE("Server set want_flags: %s\n", debugstr_a(want_flags));
1156 lstrcpynA(buffer, want_flags, max_len - 1);
1157 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
1158 SEC_E_OK)
1159 {
1160 cleanup_helper(helper);
1161 goto asc_end;
1162 }
1163 if(!strncmp(buffer, "BH", 2))
1164 TRACE("Helper doesn't understand new command set\n");
1165 }
1166
1167 /* This is the YR request from the client, encode to base64 */
1168
1169 memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
1170
1171 lstrcpynA(buffer, "YR ", max_len-1);
1172
1173 if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
1174 &buffer_len)) != SEC_E_OK)
1175 {
1176 cleanup_helper(helper);
1177 goto asc_end;
1178 }
1179
1180 TRACE("Client sent: %s\n", debugstr_a(buffer));
1181
1182 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
1183 SEC_E_OK)
1184 {
1185 cleanup_helper(helper);
1186 goto asc_end;
1187 }
1188
1189 TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
1190 /* The expected answer is TT <base64 blob> */
1191
1192 if(strncmp(buffer, "TT ", 3) != 0)
1193 {
1194 ret = SEC_E_INTERNAL_ERROR;
1195 cleanup_helper(helper);
1196 goto asc_end;
1197 }
1198
1199 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
1200 &bin_len)) != SEC_E_OK)
1201 {
1202 cleanup_helper(helper);
1203 goto asc_end;
1204 }
1205
1206 /* send this to the client */
1207 if(pOutput == NULL)
1208 {
1209 ret = SEC_E_INSUFFICIENT_MEMORY;
1210 cleanup_helper(helper);
1211 goto asc_end;
1212 }
1213
1214 if(pOutput->cBuffers < 1)
1215 {
1216 ret = SEC_E_INSUFFICIENT_MEMORY;
1217 cleanup_helper(helper);
1218 goto asc_end;
1219 }
1220
1221 pOutput->pBuffers[0].cbBuffer = bin_len;
1222 pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
1223 memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
1224 ret = SEC_I_CONTINUE_NEEDED;
1225
1226 }
1227 else
1228 {
1229 /* we expect a KK request from client */
1230 if(pInput == NULL)
1231 {
1232 ret = SEC_E_INCOMPLETE_MESSAGE;
1233 goto asc_end;
1234 }
1235
1236 if(pInput->cBuffers < 1)
1237 {
1238 ret = SEC_E_INCOMPLETE_MESSAGE;
1239 goto asc_end;
1240 }
1241
1242 helper = (PNegoHelper)phContext->dwLower;
1243
1244 if(helper->mode != NTLM_SERVER)
1245 {
1246 ret = SEC_E_INVALID_HANDLE;
1247 goto asc_end;
1248 }
1249
1250 if(pInput->pBuffers[0].cbBuffer > max_len)
1251 {
1252 ret = SEC_E_INVALID_TOKEN;
1253 goto asc_end;
1254 }
1255 else
1256 bin_len = pInput->pBuffers[0].cbBuffer;
1257
1258 memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
1259
1260 lstrcpynA(buffer, "KK ", max_len-1);
1261
1262 if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
1263 &buffer_len)) != SEC_E_OK)
1264 {
1265 goto asc_end;
1266 }
1267
1268 TRACE("Client sent: %s\n", debugstr_a(buffer));
1269
1270 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
1271 SEC_E_OK)
1272 {
1273 goto asc_end;
1274 }
1275
1276 TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
1277
1278 /* At this point, we get a NA if the user didn't authenticate, but a BH
1279 * if ntlm_auth could not connect to winbindd. Apart from running Wine
1280 * as root, there is no way to fix this for now, so just handle this as
1281 * a failed login. */
1282 if(strncmp(buffer, "AF ", 3) != 0)
1283 {
1284 if(strncmp(buffer, "NA ", 3) == 0)
1285 {
1286 ret = SEC_E_LOGON_DENIED;
1287 goto asc_end;
1288 }
1289 else
1290 {
1291 size_t ntlm_pipe_err_v3_len = strlen("BH NT_STATUS_ACCESS_DENIED");
1292 size_t ntlm_pipe_err_v4_len = strlen("BH NT_STATUS_UNSUCCESSFUL");
1293
1294 if( (buffer_len >= ntlm_pipe_err_v3_len &&
1295 strncmp(buffer, "BH NT_STATUS_ACCESS_DENIED", ntlm_pipe_err_v3_len) == 0) ||
1296 (buffer_len >= ntlm_pipe_err_v4_len &&
1297 strncmp(buffer, "BH NT_STATUS_UNSUCCESSFUL", ntlm_pipe_err_v4_len) == 0) )
1298 {
1299 TRACE("Connection to winbindd failed\n");
1300 ret = SEC_E_LOGON_DENIED;
1301 }
1302 else
1303 ret = SEC_E_INTERNAL_ERROR;
1304
1305 goto asc_end;
1306 }
1307 }
1308 pOutput->pBuffers[0].cbBuffer = 0;
1309
1310 TRACE("Getting negotiated flags\n");
1311 lstrcpynA(buffer, "GF", max_len - 1);
1312 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
1313 goto asc_end;
1314
1315 if(buffer_len < 3)
1316 {
1317 TRACE("No flags negotiated, or helper does not support GF command\n");
1318 }
1319 else
1320 {
1321 TRACE("Negotiated %s\n", debugstr_a(buffer));
1322 sscanf(buffer + 3, "%lx", &(helper->neg_flags));
1323 TRACE("Stored 0x%08x as flags\n", helper->neg_flags);
1324 }
1325
1326 TRACE("Getting session key\n");
1327 lstrcpynA(buffer, "GK", max_len - 1);
1328 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
1329 goto asc_end;
1330
1331 if(buffer_len < 3)
1332 TRACE("Helper does not support GK command\n");
1333 else
1334 {
1335 if(strncmp(buffer, "BH ", 3) == 0)
1336 {
1337 TRACE("Helper sent %s\n", debugstr_a(buffer+3));
1338 HeapFree(GetProcessHeap(), 0, helper->session_key);
1339 helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
1340 if (!helper->session_key)
1341 {
1342 ret = SEC_E_INSUFFICIENT_MEMORY;
1343 goto asc_end;
1344 }
1345 /*FIXME: Generate the dummy session key = MD4(MD4(password))*/
1346 memset(helper->session_key, 0 , 16);
1347 }
1348 else if(strncmp(buffer, "GK ", 3) == 0)
1349 {
1350 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
1351 &bin_len)) != SEC_E_OK)
1352 {
1353 TRACE("Failed to decode session key\n");
1354 }
1355 TRACE("Session key is %s\n", debugstr_a(buffer+3));
1356 HeapFree(GetProcessHeap(), 0, helper->session_key);
1357 helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
1358 if(!helper->session_key)
1359 {
1360 ret = SEC_E_INSUFFICIENT_MEMORY;
1361 goto asc_end;
1362 }
1363 memcpy(helper->session_key, bin, 16);
1364 }
1365 }
1366 helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
1367 SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
1368 helper->crypt.ntlm.seq_num = 0l;
1369 }
1370
1371 phNewContext->dwUpper = ctxt_attr;
1372 phNewContext->dwLower = (ULONG_PTR)helper;
1373
1374asc_end:
1375 HeapFree(GetProcessHeap(), 0, want_flags);
1376 HeapFree(GetProcessHeap(), 0, buffer);
1377 HeapFree(GetProcessHeap(), 0, bin);
1378 return ret;
1379}
strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
strncmp
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
decodeBase64
SECURITY_STATUS decodeBase64(char *in_buf, int in_len, PBYTE out_buf, int max_len, int *out_len)
Definition: base64_codec.c:113
encodeBase64
SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char *out_buf, int max_len, int *out_len)
Definition: base64_codec.c:29
FIXME
#define FIXME(fmt,...)
Definition: precomp.h:53
l
r l[0]
Definition: byte_order.h:168
NULL
#define NULL
Definition: types.h:112
GetProcessHeap
#define GetProcessHeap()
Definition: compat.h:736
lstrcpynA
#define lstrcpynA
Definition: compat.h:751
HeapAlloc
#define HeapAlloc
Definition: compat.h:733
HeapFree
#define HeapFree(x, y, z)
Definition: compat.h:735
fork_helper
SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog, char *const argv[])
Definition: dispatcher.c:76
run_helper
SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer, unsigned int max_buflen, int *buflen)
Definition: dispatcher.c:331
cleanup_helper
void cleanup_helper(PNegoHelper helper)
Definition: dispatcher.c:377
NTLM_MAX_BUF
#define NTLM_MAX_BUF
Definition: ntlm.c:35
ntlm_auth
static CHAR ntlm_auth[]
Definition: ntlm.c:44
SECUR32_arc4Init
void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen)
Definition: util.c:199
SECUR32_arc4Alloc
arc4_info * SECUR32_arc4Alloc(void)
Definition: util.c:189
ret
return ret
Definition: mutex.c:146
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
buffer
GLuint buffer
Definition: glext.h:5915
sscanf
_Check_return_ _CRTIMP int __cdecl sscanf(_In_z_ const char *_Src, _In_z_ _Scanf_format_string_ const char *_Format,...)
debugstr_a
#define debugstr_a
Definition: kernel32.h:31
lstrcpyA
LPSTR WINAPI lstrcpyA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:100
lstrcatA
LPSTR WINAPI lstrcatA(LPSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:123
lstrlenA
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
bin
static struct _PeImage bin
PNtlmCredentials
struct _NtlmCredentials * PNtlmCredentials
PNegoHelper
struct _NegoHelper * PNegoHelper
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
SECURITY_STATUS
LONG SECURITY_STATUS
Definition: sspi.h:34
ASC_REQ_ALLOCATE_MEMORY
#define ASC_REQ_ALLOCATE_MEMORY
Definition: sspi.h:432
ISC_REQ_STREAM
#define ISC_REQ_STREAM
Definition: sspi.h:377
ASC_REQ_CONNECTION
#define ASC_REQ_CONNECTION
Definition: sspi.h:435
ASC_REQ_CONFIDENTIALITY
#define ASC_REQ_CONFIDENTIALITY
Definition: sspi.h:430
ASC_RET_CONNECTION
#define ASC_RET_CONNECTION
Definition: sspi.h:458
SECURITY_NETWORK_DREP
#define SECURITY_NETWORK_DREP
Definition: sspi.h:474
ISC_REQ_SEQUENCE_DETECT
#define ISC_REQ_SEQUENCE_DETECT
Definition: sspi.h:365
SEC_CHAR
CHAR SEC_CHAR
Definition: sspi.h:30
ASC_REQ_REPLAY_DETECT
#define ASC_REQ_REPLAY_DETECT
Definition: sspi.h:428
ASC_REQ_EXTENDED_ERROR
#define ASC_REQ_EXTENDED_ERROR
Definition: sspi.h:438
SECBUFFER_DATA
#define SECBUFFER_DATA
Definition: sspi.h:160
ASC_REQ_INTEGRITY
#define ASC_REQ_INTEGRITY
Definition: sspi.h:440
ASC_REQ_MUTUAL_AUTH
#define ASC_REQ_MUTUAL_AUTH
Definition: sspi.h:427
memset
#define memset(x, y, z)
Definition: compat.h:39
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
_NegoHelper
Definition: ntlm.h:21
_NegoHelper::session_key
BYTE * session_key
Definition: ntlm.h:36
_NegoHelper::neg_flags
ULONG neg_flags
Definition: ntlm.h:37
_NegoHelper::crypt
struct _NegoHelper::@601 crypt
_NegoHelper::mode
HelperMode mode
Definition: ntlm.h:27
_NtlmCredentials
Definition: ntlm.h:57
_NtlmCredentials::mode
HelperMode mode
Definition: ntlm.h:58
_SecBufferDesc::cBuffers
ULONG cBuffers
Definition: sspi.h:182
_SecHandle::dwLower
ULONG_PTR dwLower
Definition: sspi.h:53
_SecHandle::dwUpper
ULONG_PTR dwUpper
Definition: sspi.h:54
ULONG
uint32_t ULONG
Definition: typedefs.h:59
SEC_E_OK
#define SEC_E_OK
Definition: winerror.h:3450
SEC_E_INVALID_HANDLE
#define SEC_E_INVALID_HANDLE
Definition: winerror.h:4307
SEC_E_LOGON_DENIED
#define SEC_E_LOGON_DENIED
Definition: winerror.h:4318
SEC_E_INTERNAL_ERROR
#define SEC_E_INTERNAL_ERROR
Definition: winerror.h:4310
SEC_E_INVALID_TOKEN
#define SEC_E_INVALID_TOKEN
Definition: winerror.h:4314
SEC_E_INSUFFICIENT_MEMORY
#define SEC_E_INSUFFICIENT_MEMORY
Definition: winerror.h:4306
SEC_I_CONTINUE_NEEDED
#define SEC_I_CONTINUE_NEEDED
Definition: winerror.h:4324
SEC_E_INCOMPLETE_MESSAGE
#define SEC_E_INCOMPLETE_MESSAGE
Definition: winerror.h:4332
CHAR
char CHAR
Definition: xmlstorage.h:175
BYTE
unsigned char BYTE
Definition: xxhash.c:193

Referenced by nego_AcceptSecurityContext().

◆ ntlm_AcquireCredentialsHandleW()

SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW ( SEC_WCHAR pszPrincipal,
SEC_WCHAR pszPackage,
ULONG  fCredentialUse,
PLUID  pLogonID,
PVOID  pAuthData,
SEC_GET_KEY_FN  pGetKeyFn,
PVOID  pGetKeyArgument,
PCredHandle  phCredential,
PTimeStamp  ptsExpiry 
)

Definition at line 127 of file ntlm.c.

131{
132 SECURITY_STATUS ret;
133 PNtlmCredentials ntlm_cred;
134 LPWSTR domain = NULL, user = NULL, password = NULL;
135 PSEC_WINNT_AUTH_IDENTITY_W auth_data = NULL;
136
137 TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p)\n",
138 debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
139 pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
140
141 switch(fCredentialUse)
142 {
143 case SECPKG_CRED_INBOUND:
144 ntlm_cred = HeapAlloc(GetProcessHeap(), 0, sizeof(*ntlm_cred));
145 if (!ntlm_cred)
146 ret = SEC_E_INSUFFICIENT_MEMORY;
147 else
148 {
149 ntlm_cred->mode = NTLM_SERVER;
150 ntlm_cred->username_arg = NULL;
151 ntlm_cred->domain_arg = NULL;
152 ntlm_cred->password = NULL;
153 ntlm_cred->pwlen = 0;
154 ntlm_cred->no_cached_credentials = 0;
155
156 phCredential->dwUpper = fCredentialUse;
157 phCredential->dwLower = (ULONG_PTR)ntlm_cred;
158 ret = SEC_E_OK;
159 }
160 break;
161 case SECPKG_CRED_OUTBOUND:
162 {
163 auth_data = pAuthData;
164 ntlm_cred = HeapAlloc(GetProcessHeap(), 0, sizeof(*ntlm_cred));
165 if (!ntlm_cred)
166 {
167 ret = SEC_E_INSUFFICIENT_MEMORY;
168 break;
169 }
170 ntlm_cred->mode = NTLM_CLIENT;
171 ntlm_cred->username_arg = NULL;
172 ntlm_cred->domain_arg = NULL;
173 ntlm_cred->password = NULL;
174 ntlm_cred->pwlen = 0;
175 ntlm_cred->no_cached_credentials = 0;
176
177 if(pAuthData != NULL)
178 {
179 int domain_len = 0, user_len = 0, password_len = 0;
180
181 if (auth_data->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI)
182 {
183 if (auth_data->DomainLength)
184 {
185 domain_len = MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Domain,
186 auth_data->DomainLength, NULL, 0);
187 domain = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * domain_len);
188 if(!domain)
189 {
190 ret = SEC_E_INSUFFICIENT_MEMORY;
191 break;
192 }
193 MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Domain, auth_data->DomainLength,
194 domain, domain_len);
195 }
196
197 if (auth_data->UserLength)
198 {
199 user_len = MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->User,
200 auth_data->UserLength, NULL, 0);
201 user = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * user_len);
202 if(!user)
203 {
204 ret = SEC_E_INSUFFICIENT_MEMORY;
205 break;
206 }
207 MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->User, auth_data->UserLength,
208 user, user_len);
209 }
210
211 if (auth_data->PasswordLength)
212 {
213 password_len = MultiByteToWideChar(CP_ACP, 0,(char *)auth_data->Password,
214 auth_data->PasswordLength, NULL, 0);
215 password = HeapAlloc(GetProcessHeap(), 0, sizeof(WCHAR) * password_len);
216 if(!password)
217 {
218 ret = SEC_E_INSUFFICIENT_MEMORY;
219 break;
220 }
221 MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Password, auth_data->PasswordLength,
222 password, password_len);
223 }
224 }
225 else
226 {
227 domain = auth_data->Domain;
228 domain_len = auth_data->DomainLength;
229
230 user = auth_data->User;
231 user_len = auth_data->UserLength;
232
233 password = auth_data->Password;
234 password_len = auth_data->PasswordLength;
235 }
236
237 TRACE("Username is %s\n", debugstr_wn(user, user_len));
238 TRACE("Domain name is %s\n", debugstr_wn(domain, domain_len));
239
240 ntlm_cred->username_arg = ntlm_GetUsernameArg(user, user_len);
241 ntlm_cred->domain_arg = ntlm_GetDomainArg(domain, domain_len);
242
243 if(password_len != 0)
244 {
245 ntlm_cred->pwlen = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, password,
246 password_len, NULL, 0, NULL, NULL);
247
248 ntlm_cred->password = HeapAlloc(GetProcessHeap(), 0,
249 ntlm_cred->pwlen);
250 if(!ntlm_cred->password)
251 {
252 ret = SEC_E_INSUFFICIENT_MEMORY;
253 break;
254 }
255
256 WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, password, password_len,
257 ntlm_cred->password, ntlm_cred->pwlen, NULL, NULL);
258 }
259 }
260
261 phCredential->dwUpper = fCredentialUse;
262 phCredential->dwLower = (ULONG_PTR)ntlm_cred;
263 TRACE("ACH phCredential->dwUpper: 0x%08lx, dwLower: 0x%08lx\n",
264 phCredential->dwUpper, phCredential->dwLower);
265 ret = SEC_E_OK;
266 break;
267 }
268 case SECPKG_CRED_BOTH:
269 FIXME("AcquireCredentialsHandle: SECPKG_CRED_BOTH stub\n");
270 ret = SEC_E_UNSUPPORTED_FUNCTION;
271 phCredential = NULL;
272 break;
273 default:
274 phCredential = NULL;
275 ret = SEC_E_UNKNOWN_CREDENTIALS;
276 }
277
278 if (auth_data && auth_data->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI)
279 {
280 HeapFree(GetProcessHeap(), 0, domain);
281 HeapFree(GetProcessHeap(), 0, user);
282 HeapFree(GetProcessHeap(), 0, password);
283 }
284 return ret;
285}
user
void user(int argc, const char *argv[])
Definition: cmds.c:1350
CP_UNIXCP
#define CP_UNIXCP
Definition: compat.h:79
CP_ACP
#define CP_ACP
Definition: compat.h:109
WideCharToMultiByte
#define WideCharToMultiByte
Definition: compat.h:111
MultiByteToWideChar
#define MultiByteToWideChar
Definition: compat.h:110
ntlm_GetDomainArg
static char * ntlm_GetDomainArg(LPCWSTR domainW, INT domainW_length)
Definition: ntlm.c:106
ntlm_GetUsernameArg
static char * ntlm_GetUsernameArg(LPCWSTR userW, INT userW_length)
Definition: ntlm.c:88
WC_NO_BEST_FIT_CHARS
#define WC_NO_BEST_FIT_CHARS
Definition: unicode.h:46
debugstr_wn
#define debugstr_wn
Definition: kernel32.h:33
debugstr_w
#define debugstr_w
Definition: kernel32.h:32
password
static WCHAR password[]
Definition: url.c:33
SECPKG_CRED_BOTH
#define SECPKG_CRED_BOTH
Definition: sspi.h:292
SECPKG_CRED_OUTBOUND
#define SECPKG_CRED_OUTBOUND
Definition: sspi.h:291
SECPKG_CRED_INBOUND
#define SECPKG_CRED_INBOUND
Definition: sspi.h:290
SEC_WINNT_AUTH_IDENTITY_ANSI
#define SEC_WINNT_AUTH_IDENTITY_ANSI
Definition: rpcdce.h:309
_NtlmCredentials::domain_arg
char * domain_arg
Definition: ntlm.h:62
_NtlmCredentials::username_arg
char * username_arg
Definition: ntlm.h:61
_NtlmCredentials::pwlen
int pwlen
Definition: ntlm.h:64
_NtlmCredentials::password
char * password
Definition: ntlm.h:63
_NtlmCredentials::no_cached_credentials
int no_cached_credentials
Definition: ntlm.h:65
_SEC_WINNT_AUTH_IDENTITY_W
Definition: rpcdce.h:222
_SEC_WINNT_AUTH_IDENTITY_W::DomainLength
ULONG DomainLength
Definition: rpcdce.h:226
_SEC_WINNT_AUTH_IDENTITY_W::Domain
unsigned short * Domain
Definition: rpcdce.h:225
_SEC_WINNT_AUTH_IDENTITY_W::Flags
ULONG Flags
Definition: rpcdce.h:229
_SEC_WINNT_AUTH_IDENTITY_W::User
unsigned short * User
Definition: rpcdce.h:223
_SEC_WINNT_AUTH_IDENTITY_W::PasswordLength
ULONG PasswordLength
Definition: rpcdce.h:228
_SEC_WINNT_AUTH_IDENTITY_W::Password
unsigned short * Password
Definition: rpcdce.h:227
_SEC_WINNT_AUTH_IDENTITY_W::UserLength
ULONG UserLength
Definition: rpcdce.h:224
domain
Definition: cookie.c:42
SEC_E_UNKNOWN_CREDENTIALS
#define SEC_E_UNKNOWN_CREDENTIALS
Definition: winerror.h:4319
SEC_E_UNSUPPORTED_FUNCTION
#define SEC_E_UNSUPPORTED_FUNCTION
Definition: winerror.h:4308
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by nego_AcquireCredentialsHandleW(), and ntlm_AcquireCredentialsHandleA().

◆ ntlm_DecryptMessage()

SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage ( PCtxtHandle  phContext,
PSecBufferDesc  pMessage,
ULONG  MessageSeqNo,
PULONG  pfQOP 
)

Definition at line 1863 of file ntlm.c.

1865{
1866 SECURITY_STATUS ret;
1867 ULONG ntlmssp_flags_save;
1868 PNegoHelper helper;
1869 int token_idx, data_idx;
1870 TRACE("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
1871
1872 if(!phContext)
1873 return SEC_E_INVALID_HANDLE;
1874
1875 if(MessageSeqNo)
1876 FIXME("Ignoring MessageSeqNo\n");
1877
1878 if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
1879 return SEC_E_INVALID_TOKEN;
1880
1881 if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
1882 return SEC_E_INVALID_TOKEN;
1883
1884 if((data_idx = ntlm_GetDataBufferIndex(pMessage)) ==-1)
1885 return SEC_E_INVALID_TOKEN;
1886
1887 if(pMessage->pBuffers[token_idx].cbBuffer < 16)
1888 return SEC_E_BUFFER_TOO_SMALL;
1889
1890 helper = (PNegoHelper) phContext->dwLower;
1891
1892 if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2 && helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
1893 {
1894 SECUR32_arc4Process(helper->crypt.ntlm2.recv_a4i,
1895 pMessage->pBuffers[data_idx].pvBuffer,
1896 pMessage->pBuffers[data_idx].cbBuffer);
1897 }
1898 else
1899 {
1900 SECUR32_arc4Process(helper->crypt.ntlm.a4i,
1901 pMessage->pBuffers[data_idx].pvBuffer,
1902 pMessage->pBuffers[data_idx].cbBuffer);
1903 }
1904
1905 /* Make sure we use a session key for the signature check, EncryptMessage
1906 * always does that, even in the dummy case */
1907 ntlmssp_flags_save = helper->neg_flags;
1908
1909 helper->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
1910 ret = ntlm_VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
1911
1912 helper->neg_flags = ntlmssp_flags_save;
1913
1914 return ret;
1915}
ntlm_VerifySignature
SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
Definition: ntlm.c:1697
ntlm_GetTokenBufferIndex
static int ntlm_GetTokenBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:403
ntlm_GetDataBufferIndex
static int ntlm_GetDataBufferIndex(PSecBufferDesc pMessage)
Definition: ntlm.c:423
SECUR32_arc4Process
void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length)
Definition: util.c:224
NTLMSSP_NEGOTIATE_NTLM2
#define NTLMSSP_NEGOTIATE_NTLM2
Definition: ntlm.h:91
NTLMSSP_NEGOTIATE_SEAL
#define NTLMSSP_NEGOTIATE_SEAL
Definition: ntlm.h:81
NTLMSSP_NEGOTIATE_SIGN
#define NTLMSSP_NEGOTIATE_SIGN
Definition: ntlm.h:80
SEC_E_BUFFER_TOO_SMALL
#define SEC_E_BUFFER_TOO_SMALL
Definition: winerror.h:4336

Referenced by nego_DecryptMessage().

◆ ntlm_DeleteSecurityContext()

SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext ( PCtxtHandle  phContext)

Definition at line 1398 of file ntlm.c.

1399{
1400 PNegoHelper helper;
1401
1402 TRACE("%p\n", phContext);
1403 if (!phContext)
1404 return SEC_E_INVALID_HANDLE;
1405
1406 helper = (PNegoHelper)phContext->dwLower;
1407
1408 phContext->dwUpper = 0;
1409 phContext->dwLower = 0;
1410
1411 SECUR32_arc4Cleanup(helper->crypt.ntlm.a4i);
1412 SECUR32_arc4Cleanup(helper->crypt.ntlm2.send_a4i);
1413 SECUR32_arc4Cleanup(helper->crypt.ntlm2.recv_a4i);
1414 HeapFree(GetProcessHeap(), 0, helper->crypt.ntlm2.send_sign_key);
1415 HeapFree(GetProcessHeap(), 0, helper->crypt.ntlm2.send_seal_key);
1416 HeapFree(GetProcessHeap(), 0, helper->crypt.ntlm2.recv_sign_key);
1417 HeapFree(GetProcessHeap(), 0, helper->crypt.ntlm2.recv_seal_key);
1418
1419 cleanup_helper(helper);
1420
1421 return SEC_E_OK;
1422}
SECUR32_arc4Cleanup
void SECUR32_arc4Cleanup(arc4_info *a4i)
Definition: util.c:246

Referenced by nego_DeleteSecurityContext().

◆ ntlm_EncryptMessage()

SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage ( PCtxtHandle  phContext,
ULONG  fQOP,
PSecBufferDesc  pMessage,
ULONG  MessageSeqNo 
)

Definition at line 1792 of file ntlm.c.

1794{
1795 PNegoHelper helper;
1796 int token_idx, data_idx;
1797
1798 TRACE("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
1799
1800 if(!phContext)
1801 return SEC_E_INVALID_HANDLE;
1802
1803 if(fQOP)
1804 FIXME("Ignoring fQOP\n");
1805
1806 if(MessageSeqNo)
1807 FIXME("Ignoring MessageSeqNo\n");
1808
1809 if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
1810 return SEC_E_INVALID_TOKEN;
1811
1812 if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
1813 return SEC_E_INVALID_TOKEN;
1814
1815 if((data_idx = ntlm_GetDataBufferIndex(pMessage)) ==-1 )
1816 return SEC_E_INVALID_TOKEN;
1817
1818 if(pMessage->pBuffers[token_idx].cbBuffer < 16)
1819 return SEC_E_BUFFER_TOO_SMALL;
1820
1821 helper = (PNegoHelper) phContext->dwLower;
1822
1823 if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2 &&
1824 helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
1825 {
1826 ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, FALSE);
1827 SECUR32_arc4Process(helper->crypt.ntlm2.send_a4i,
1828 pMessage->pBuffers[data_idx].pvBuffer,
1829 pMessage->pBuffers[data_idx].cbBuffer);
1830
1831 if(helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
1832 SECUR32_arc4Process(helper->crypt.ntlm2.send_a4i,
1833 ((BYTE *)pMessage->pBuffers[token_idx].pvBuffer)+4, 8);
1834 }
1835 else
1836 {
1837 PBYTE sig;
1838 ULONG save_flags;
1839
1840 /* EncryptMessage always produces real signatures, so make sure
1841 * NTLMSSP_NEGOTIATE_SIGN is set*/
1842 save_flags = helper->neg_flags;
1843 helper->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
1844 ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, FALSE);
1845 helper->neg_flags = save_flags;
1846
1847 sig = pMessage->pBuffers[token_idx].pvBuffer;
1848
1849 SECUR32_arc4Process(helper->crypt.ntlm.a4i,
1850 pMessage->pBuffers[data_idx].pvBuffer,
1851 pMessage->pBuffers[data_idx].cbBuffer);
1852 SECUR32_arc4Process(helper->crypt.ntlm.a4i, sig+4, 12);
1853
1854 if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN || helper->neg_flags == 0)
1855 memset(sig+4, 0, 4);
1856 }
1857 return SEC_E_OK;
1858}
FALSE
#define FALSE
Definition: types.h:117
ntlm_CreateSignature
static SECURITY_STATUS ntlm_CreateSignature(PNegoHelper helper, PSecBufferDesc pMessage, int token_idx, SignDirection direction, BOOL encrypt_sig)
Definition: ntlm.c:1536
NTLMSSP_NEGOTIATE_KEY_EXCHANGE
#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE
Definition: ntlm.h:94
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN
Definition: ntlm.h:88

Referenced by nego_EncryptMessage().

◆ ntlm_FreeCredentialsHandle()

SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle ( PCredHandle  phCredential)

Definition at line 1767 of file ntlm.c.

1768{
1769 SECURITY_STATUS ret;
1770
1771 if(phCredential){
1772 PNtlmCredentials ntlm_cred = (PNtlmCredentials) phCredential->dwLower;
1773 phCredential->dwUpper = 0;
1774 phCredential->dwLower = 0;
1775 if (ntlm_cred->password)
1776 memset(ntlm_cred->password, 0, ntlm_cred->pwlen);
1777 HeapFree(GetProcessHeap(), 0, ntlm_cred->password);
1778 HeapFree(GetProcessHeap(), 0, ntlm_cred->username_arg);
1779 HeapFree(GetProcessHeap(), 0, ntlm_cred->domain_arg);
1780 HeapFree(GetProcessHeap(), 0, ntlm_cred);
1781 ret = SEC_E_OK;
1782 }
1783 else
1784 ret = SEC_E_OK;
1785
1786 return ret;
1787}
if
if(dx< 0)
Definition: linetemp.h:194

Referenced by nego_FreeCredentialsHandle().

◆ ntlm_InitializeSecurityContextW()

SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW ( PCredHandle  phCredential,
PCtxtHandle  phContext,
SEC_WCHAR pszTargetName,
ULONG  fContextReq,
ULONG  Reserved1,
ULONG  TargetDataRep,
PSecBufferDesc  pInput,
ULONG  Reserved2,
PCtxtHandle  phNewContext,
PSecBufferDesc  pOutput,
ULONG pfContextAttr,
PTimeStamp  ptsExpiry 
)

Definition at line 484 of file ntlm.c.

489{
490 SECURITY_STATUS ret;
491 PNtlmCredentials ntlm_cred;
492 PNegoHelper helper = NULL;
493 ULONG ctxt_attr = 0;
494 char* buffer, *want_flags = NULL;
495 PBYTE bin;
496 int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
497 int token_idx;
498 SEC_CHAR *username = NULL;
499 SEC_CHAR *domain = NULL;
500 SEC_CHAR *password = NULL;
501
502 TRACE("%p %p %s 0x%08x %d %d %p %d %p %p %p %p\n", phCredential, phContext,
503 debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
504 Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
505
506 /****************************************
507 * When communicating with the client, there can be the
508 * following reply packets:
509 * YR <base64 blob> should be sent to the server
510 * PW should be sent back to helper with
511 * base64 encoded password
512 * AF <base64 blob> client is done, blob should be
513 * sent to server with KK prefixed
514 * GF <string list> A string list of negotiated flags
515 * GK <base64 blob> base64 encoded session key
516 * BH <char reason> something broke
517 */
518 /* The squid cache size is 2010 chars, and that's what ntlm_auth uses */
519
520 if(TargetDataRep == SECURITY_NETWORK_DREP){
521 TRACE("Setting SECURITY_NETWORK_DREP\n");
522 }
523
524 buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(char) * NTLM_MAX_BUF);
525 bin = HeapAlloc(GetProcessHeap(), 0, sizeof(BYTE) * NTLM_MAX_BUF);
526
527 if((phContext == NULL) && (pInput == NULL))
528 {
529 static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
530 static CHAR credentials_argv[] = "--use-cached-creds";
531 SEC_CHAR *client_argv[5];
532 int pwlen = 0;
533
534 TRACE("First time in ISC()\n");
535
536 if(!phCredential)
537 {
538 ret = SEC_E_INVALID_HANDLE;
539 goto isc_end;
540 }
541
542 /* As the server side of sspi never calls this, make sure that
543 * the handler is a client handler.
544 */
545 ntlm_cred = (PNtlmCredentials)phCredential->dwLower;
546 if(ntlm_cred->mode != NTLM_CLIENT)
547 {
548 TRACE("Cred mode = %d\n", ntlm_cred->mode);
549 ret = SEC_E_INVALID_HANDLE;
550 goto isc_end;
551 }
552
553 client_argv[0] = ntlm_auth;
554 client_argv[1] = helper_protocol;
555 if (!ntlm_cred->username_arg && !ntlm_cred->domain_arg)
556 {
557 LPWKSTA_USER_INFO_1 ui = NULL;
558 NET_API_STATUS status;
559 PCREDENTIALW cred;
560
561 if (ntlm_GetCachedCredential(pszTargetName, &cred))
562 {
563 LPWSTR p;
564 p = strchrW(cred->UserName, '\\');
565 if (p)
566 {
567 domain = ntlm_GetDomainArg(cred->UserName, p - cred->UserName);
568 p++;
569 }
570 else
571 {
572 domain = ntlm_GetDomainArg(NULL, 0);
573 p = cred->UserName;
574 }
575
576 username = ntlm_GetUsernameArg(p, -1);
577
578 if(cred->CredentialBlobSize != 0)
579 {
580 pwlen = WideCharToMultiByte(CP_UNIXCP,
581 WC_NO_BEST_FIT_CHARS, (LPWSTR)cred->CredentialBlob,
582 cred->CredentialBlobSize / sizeof(WCHAR), NULL, 0,
583 NULL, NULL);
584
585 password = HeapAlloc(GetProcessHeap(), 0, pwlen);
586
587 WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
588 (LPWSTR)cred->CredentialBlob,
589 cred->CredentialBlobSize / sizeof(WCHAR),
590 password, pwlen, NULL, NULL);
591 }
592
593 CredFree(cred);
594
595 client_argv[2] = username;
596 client_argv[3] = domain;
597 client_argv[4] = NULL;
598 }
599 else
600 {
601 status = NetWkstaUserGetInfo(NULL, 1, (LPBYTE *)&ui);
602 if (status != NERR_Success || ui == NULL || ntlm_cred->no_cached_credentials)
603 {
604 ret = SEC_E_NO_CREDENTIALS;
605 goto isc_end;
606 }
607 username = ntlm_GetUsernameArg(ui->wkui1_username, -1);
608 NetApiBufferFree(ui);
609
610 TRACE("using cached credentials\n");
611
612 client_argv[2] = username;
613 client_argv[3] = credentials_argv;
614 client_argv[4] = NULL;
615 }
616 }
617 else
618 {
619 client_argv[2] = ntlm_cred->username_arg;
620 client_argv[3] = ntlm_cred->domain_arg;
621 client_argv[4] = NULL;
622 }
623
624 if((ret = fork_helper(&helper, ntlm_auth, client_argv)) != SEC_E_OK)
625 goto isc_end;
626
627 helper->mode = NTLM_CLIENT;
628 helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
629 if (!helper->session_key)
630 {
631 cleanup_helper(helper);
632 ret = SEC_E_INSUFFICIENT_MEMORY;
633 goto isc_end;
634 }
635
636 /* Generate the dummy session key = MD4(MD4(password))*/
637 if(password || ntlm_cred->password)
638 {
639 SEC_WCHAR *unicode_password;
640 int passwd_lenW;
641
642 TRACE("Converting password to unicode.\n");
643 passwd_lenW = MultiByteToWideChar(CP_ACP, 0,
644 password ? password : ntlm_cred->password,
645 password ? pwlen : ntlm_cred->pwlen,
646 NULL, 0);
647 unicode_password = HeapAlloc(GetProcessHeap(), 0,
648 passwd_lenW * sizeof(SEC_WCHAR));
649 MultiByteToWideChar(CP_ACP, 0, password ? password : ntlm_cred->password,
650 password ? pwlen : ntlm_cred->pwlen, unicode_password, passwd_lenW);
651
652 SECUR32_CreateNTLM1SessionKey((PBYTE)unicode_password,
653 passwd_lenW * sizeof(SEC_WCHAR), helper->session_key);
654
655 HeapFree(GetProcessHeap(), 0, unicode_password);
656 }
657 else
658 memset(helper->session_key, 0, 16);
659
660 /* Allocate space for a maximal string of
661 * "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
662 * NTLMSSP_FEATURE_SESSION_KEY"
663 */
664 want_flags = HeapAlloc(GetProcessHeap(), 0, 73);
665 if(want_flags == NULL)
666 {
667 cleanup_helper(helper);
668 ret = SEC_E_INSUFFICIENT_MEMORY;
669 goto isc_end;
670 }
671 lstrcpyA(want_flags, "SF");
672 if(fContextReq & ISC_REQ_CONFIDENTIALITY)
673 {
674 if(strstr(want_flags, "NTLMSSP_FEATURE_SEAL") == NULL)
675 lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
676 }
677 if(fContextReq & ISC_REQ_CONNECTION)
678 ctxt_attr |= ISC_RET_CONNECTION;
679 if(fContextReq & ISC_REQ_EXTENDED_ERROR)
680 ctxt_attr |= ISC_RET_EXTENDED_ERROR;
681 if(fContextReq & ISC_REQ_INTEGRITY)
682 {
683 if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
684 lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
685 }
686 if(fContextReq & ISC_REQ_MUTUAL_AUTH)
687 ctxt_attr |= ISC_RET_MUTUAL_AUTH;
688 if(fContextReq & ISC_REQ_REPLAY_DETECT)
689 {
690 if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
691 lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
692 }
693 if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
694 {
695 if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
696 lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
697 }
698 if(fContextReq & ISC_REQ_STREAM)
699 FIXME("ISC_REQ_STREAM\n");
700 if(fContextReq & ISC_REQ_USE_DCE_STYLE)
701 ctxt_attr |= ISC_RET_USED_DCE_STYLE;
702 if(fContextReq & ISC_REQ_DELEGATE)
703 ctxt_attr |= ISC_RET_DELEGATE;
704
705 /* If no password is given, try to use cached credentials. Fall back to an empty
706 * password if this failed. */
707 if(!password && !ntlm_cred->password)
708 {
709 lstrcpynA(buffer, "OK", max_len-1);
710 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
711 {
712 cleanup_helper(helper);
713 goto isc_end;
714 }
715 /* If the helper replied with "PW", using cached credentials failed */
716 if(!strncmp(buffer, "PW", 2))
717 {
718 TRACE("Using cached credentials failed.\n");
719 lstrcpynA(buffer, "PW AA==", max_len-1);
720 }
721 else /* Just do a noop on the next run */
722 lstrcpynA(buffer, "OK", max_len-1);
723 }
724 else
725 {
726 lstrcpynA(buffer, "PW ", max_len-1);
727 if((ret = encodeBase64(password ? (unsigned char *)password : (unsigned char *)ntlm_cred->password,
728 password ? pwlen : ntlm_cred->pwlen, buffer+3,
729 max_len-3, &buffer_len)) != SEC_E_OK)
730 {
731 cleanup_helper(helper);
732 goto isc_end;
733 }
734
735 }
736
737 TRACE("Sending to helper: %s\n", debugstr_a(buffer));
738 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
739 {
740 cleanup_helper(helper);
741 goto isc_end;
742 }
743
744 TRACE("Helper returned %s\n", debugstr_a(buffer));
745
746 if(lstrlenA(want_flags) > 2)
747 {
748 TRACE("Want flags are %s\n", debugstr_a(want_flags));
749 lstrcpynA(buffer, want_flags, max_len-1);
750 if((ret = run_helper(helper, buffer, max_len, &buffer_len))
751 != SEC_E_OK)
752 {
753 cleanup_helper(helper);
754 goto isc_end;
755 }
756 if(!strncmp(buffer, "BH", 2))
757 ERR("Helper doesn't understand new command set. Expect more things to fail.\n");
758 }
759
760 lstrcpynA(buffer, "YR", max_len-1);
761
762 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
763 {
764 cleanup_helper(helper);
765 goto isc_end;
766 }
767
768 TRACE("%s\n", buffer);
769
770 if(strncmp(buffer, "YR ", 3) != 0)
771 {
772 /* Something borked */
773 TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
774 ret = SEC_E_INTERNAL_ERROR;
775 cleanup_helper(helper);
776 goto isc_end;
777 }
778 if((ret = decodeBase64(buffer+3, buffer_len-3, bin,
779 max_len-1, &bin_len)) != SEC_E_OK)
780 {
781 cleanup_helper(helper);
782 goto isc_end;
783 }
784
785 /* put the decoded client blob into the out buffer */
786
787 phNewContext->dwUpper = ctxt_attr;
788 phNewContext->dwLower = (ULONG_PTR)helper;
789
790 ret = SEC_I_CONTINUE_NEEDED;
791 }
792 else
793 {
794 int input_token_idx;
795
796 /* handle second call here */
797 /* encode server data to base64 */
798 if (!pInput || ((input_token_idx = ntlm_GetTokenBufferIndex(pInput)) == -1))
799 {
800 ret = SEC_E_INVALID_TOKEN;
801 goto isc_end;
802 }
803
804 if(!phContext)
805 {
806 ret = SEC_E_INVALID_HANDLE;
807 goto isc_end;
808 }
809
810 /* As the server side of sspi never calls this, make sure that
811 * the handler is a client handler.
812 */
813 helper = (PNegoHelper)phContext->dwLower;
814 if(helper->mode != NTLM_CLIENT)
815 {
816 TRACE("Helper mode = %d\n", helper->mode);
817 ret = SEC_E_INVALID_HANDLE;
818 goto isc_end;
819 }
820
821 if (!pInput->pBuffers[input_token_idx].pvBuffer)
822 {
823 ret = SEC_E_INTERNAL_ERROR;
824 goto isc_end;
825 }
826
827 if(pInput->pBuffers[input_token_idx].cbBuffer > max_len)
828 {
829 TRACE("pInput->pBuffers[%d].cbBuffer is: %d\n",
830 input_token_idx,
831 pInput->pBuffers[input_token_idx].cbBuffer);
832 ret = SEC_E_INVALID_TOKEN;
833 goto isc_end;
834 }
835 else
836 bin_len = pInput->pBuffers[input_token_idx].cbBuffer;
837
838 memcpy(bin, pInput->pBuffers[input_token_idx].pvBuffer, bin_len);
839
840 lstrcpynA(buffer, "TT ", max_len-1);
841
842 if((ret = encodeBase64(bin, bin_len, buffer+3,
843 max_len-3, &buffer_len)) != SEC_E_OK)
844 goto isc_end;
845
846 TRACE("Server sent: %s\n", debugstr_a(buffer));
847
848 /* send TT base64 blob to ntlm_auth */
849 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
850 goto isc_end;
851
852 TRACE("Helper replied: %s\n", debugstr_a(buffer));
853
854 if( (strncmp(buffer, "KK ", 3) != 0) &&
855 (strncmp(buffer, "AF ", 3) !=0))
856 {
857 TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
858 ret = SEC_E_INVALID_TOKEN;
859 goto isc_end;
860 }
861
862 /* decode the blob and send it to server */
863 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
864 &bin_len)) != SEC_E_OK)
865 {
866 goto isc_end;
867 }
868
869 phNewContext->dwUpper = ctxt_attr;
870 phNewContext->dwLower = (ULONG_PTR)helper;
871
872 ret = SEC_E_OK;
873 }
874
875 /* put the decoded client blob into the out buffer */
876
877 if (!pOutput || ((token_idx = ntlm_GetTokenBufferIndex(pOutput)) == -1))
878 {
879 TRACE("no SECBUFFER_TOKEN buffer could be found\n");
880 ret = SEC_E_BUFFER_TOO_SMALL;
881 if ((phContext == NULL) && (pInput == NULL))
882 {
883 cleanup_helper(helper);
884 phNewContext->dwUpper = 0;
885 phNewContext->dwLower = 0;
886 }
887 goto isc_end;
888 }
889
890 if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
891 {
892 pOutput->pBuffers[token_idx].pvBuffer = HeapAlloc(GetProcessHeap(), 0, bin_len);
893 pOutput->pBuffers[token_idx].cbBuffer = bin_len;
894 }
895 else if (pOutput->pBuffers[token_idx].cbBuffer < bin_len)
896 {
897 TRACE("out buffer is NULL or has not enough space\n");
898 ret = SEC_E_BUFFER_TOO_SMALL;
899 if ((phContext == NULL) && (pInput == NULL))
900 {
901 cleanup_helper(helper);
902 phNewContext->dwUpper = 0;
903 phNewContext->dwLower = 0;
904 }
905 goto isc_end;
906 }
907
908 if (!pOutput->pBuffers[token_idx].pvBuffer)
909 {
910 TRACE("out buffer is NULL\n");
911 ret = SEC_E_INTERNAL_ERROR;
912 if ((phContext == NULL) && (pInput == NULL))
913 {
914 cleanup_helper(helper);
915 phNewContext->dwUpper = 0;
916 phNewContext->dwLower = 0;
917 }
918 goto isc_end;
919 }
920
921 pOutput->pBuffers[token_idx].cbBuffer = bin_len;
922 memcpy(pOutput->pBuffers[token_idx].pvBuffer, bin, bin_len);
923
924 if(ret == SEC_E_OK)
925 {
926 TRACE("Getting negotiated flags\n");
927 lstrcpynA(buffer, "GF", max_len - 1);
928 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
929 goto isc_end;
930
931 if(buffer_len < 3)
932 {
933 TRACE("No flags negotiated.\n");
934 helper->neg_flags = 0l;
935 }
936 else
937 {
938 TRACE("Negotiated %s\n", debugstr_a(buffer));
939 sscanf(buffer + 3, "%lx", &(helper->neg_flags));
940 TRACE("Stored 0x%08x as flags\n", helper->neg_flags);
941 }
942
943 TRACE("Getting session key\n");
944 lstrcpynA(buffer, "GK", max_len - 1);
945 if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
946 goto isc_end;
947
948 if(strncmp(buffer, "BH", 2) == 0)
949 TRACE("No key negotiated.\n");
950 else if(strncmp(buffer, "GK ", 3) == 0)
951 {
952 if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
953 &bin_len)) != SEC_E_OK)
954 {
955 TRACE("Failed to decode session key\n");
956 }
957 TRACE("Session key is %s\n", debugstr_a(buffer+3));
958 HeapFree(GetProcessHeap(), 0, helper->session_key);
959 helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
960 if(!helper->session_key)
961 {
962 ret = SEC_E_INSUFFICIENT_MEMORY;
963 goto isc_end;
964 }
965 memcpy(helper->session_key, bin, bin_len);
966 }
967
968 helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
969 SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
970 helper->crypt.ntlm.seq_num = 0l;
971 SECUR32_CreateNTLM2SubKeys(helper);
972 helper->crypt.ntlm2.send_a4i = SECUR32_arc4Alloc();
973 helper->crypt.ntlm2.recv_a4i = SECUR32_arc4Alloc();
974 SECUR32_arc4Init(helper->crypt.ntlm2.send_a4i,
975 helper->crypt.ntlm2.send_seal_key, 16);
976 SECUR32_arc4Init(helper->crypt.ntlm2.recv_a4i,
977 helper->crypt.ntlm2.recv_seal_key, 16);
978 helper->crypt.ntlm2.send_seq_no = 0l;
979 helper->crypt.ntlm2.recv_seq_no = 0l;
980 }
981
982isc_end:
983 HeapFree(GetProcessHeap(), 0, username);
984 HeapFree(GetProcessHeap(), 0, domain);
985 HeapFree(GetProcessHeap(), 0, password);
986 HeapFree(GetProcessHeap(), 0, want_flags);
987 HeapFree(GetProcessHeap(), 0, buffer);
988 HeapFree(GetProcessHeap(), 0, bin);
989 return ret;
990}
strstr
char * strstr(char *String1, char *String2)
Definition: utclib.c:653
ERR
#define ERR(fmt,...)
Definition: precomp.h:57
Reserved1
@ Reserved1
Definition: bcd.h:201
CredFree
VOID WINAPI CredFree(PVOID Buffer)
Definition: cred.c:1395
NetApiBufferFree
NET_API_STATUS WINAPI NetApiBufferFree(LPVOID Buffer)
Definition: apibuf.c:43
ntlm_GetCachedCredential
static BOOL ntlm_GetCachedCredential(const SEC_WCHAR *pszTargetName, PCREDENTIALW *cred)
Definition: ntlm.c:438
p
GLfloat GLfloat p
Definition: glext.h:8902
NERR_Success
#define NERR_Success
Definition: lmerr.h:5
username
static WCHAR username[]
Definition: url.c:32
NET_API_STATUS
DWORD NET_API_STATUS
Definition: ms-dtyp.idl:91
SECUR32_CreateNTLM2SubKeys
SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper) DECLSPEC_HIDDEN
Definition: util.c:156
SECUR32_CreateNTLM1SessionKey
SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key) DECLSPEC_HIDDEN
Definition: util.c:122
ui
UINT ui
Definition: oleauto.h:49
ISC_RET_DELEGATE
#define ISC_RET_DELEGATE
Definition: sspi.h:385
ISC_REQ_CONFIDENTIALITY
#define ISC_REQ_CONFIDENTIALITY
Definition: sspi.h:366
ISC_RET_EXTENDED_ERROR
#define ISC_RET_EXTENDED_ERROR
Definition: sspi.h:399
ISC_REQ_ALLOCATE_MEMORY
#define ISC_REQ_ALLOCATE_MEMORY
Definition: sspi.h:370
ISC_REQ_EXTENDED_ERROR
#define ISC_REQ_EXTENDED_ERROR
Definition: sspi.h:376
ISC_RET_USED_DCE_STYLE
#define ISC_RET_USED_DCE_STYLE
Definition: sspi.h:394
ISC_REQ_REPLAY_DETECT
#define ISC_REQ_REPLAY_DETECT
Definition: sspi.h:364
ISC_REQ_INTEGRITY
#define ISC_REQ_INTEGRITY
Definition: sspi.h:378
ISC_REQ_DELEGATE
#define ISC_REQ_DELEGATE
Definition: sspi.h:362
ISC_REQ_MUTUAL_AUTH
#define ISC_REQ_MUTUAL_AUTH
Definition: sspi.h:363
SEC_WCHAR
WCHAR SEC_WCHAR
Definition: sspi.h:29
ISC_RET_MUTUAL_AUTH
#define ISC_RET_MUTUAL_AUTH
Definition: sspi.h:386
ISC_REQ_CONNECTION
#define ISC_REQ_CONNECTION
Definition: sspi.h:373
ISC_RET_CONNECTION
#define ISC_RET_CONNECTION
Definition: sspi.h:396
ISC_REQ_USE_DCE_STYLE
#define ISC_REQ_USE_DCE_STYLE
Definition: sspi.h:371
_CREDENTIALW
Definition: wincred.h:83
_CREDENTIALW::CredentialBlob
LPBYTE CredentialBlob
Definition: wincred.h:90
_CREDENTIALW::UserName
LPWSTR UserName
Definition: wincred.h:95
_CREDENTIALW::CredentialBlobSize
DWORD CredentialBlobSize
Definition: wincred.h:89
_WKSTA_USER_INFO_1
Definition: lmwksta.h:203
status
Definition: ps.c:97
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
strchrW
#define strchrW(s, c)
Definition: unicode.h:40
SEC_E_NO_CREDENTIALS
#define SEC_E_NO_CREDENTIALS
Definition: winerror.h:4320
NetWkstaUserGetInfo
NET_API_STATUS WINAPI NetWkstaUserGetInfo(_In_ LPWSTR reserved, _In_ DWORD level, _Out_ LPBYTE *bufptr)
Definition: wksta_new.c:1129

Referenced by nego_InitializeSecurityContextW(), and ntlm_InitializeSecurityContextA().

◆ ntlm_MakeSignature()

SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature ( PCtxtHandle  phContext,
ULONG  fQOP,
PSecBufferDesc  pMessage,
ULONG  MessageSeqNo 
)

Definition at line 1662 of file ntlm.c.

1664{
1665 PNegoHelper helper;
1666 int token_idx;
1667
1668 TRACE("%p %d %p %d\n", phContext, fQOP, pMessage, MessageSeqNo);
1669 if (!phContext)
1670 return SEC_E_INVALID_HANDLE;
1671
1672 if(fQOP)
1673 FIXME("Ignoring fQOP 0x%08x\n", fQOP);
1674
1675 if(MessageSeqNo)
1676 FIXME("Ignoring MessageSeqNo\n");
1677
1678 if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
1679 return SEC_E_INVALID_TOKEN;
1680
1681 /* If we didn't find a SECBUFFER_TOKEN type buffer */
1682 if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
1683 return SEC_E_INVALID_TOKEN;
1684
1685 if(pMessage->pBuffers[token_idx].cbBuffer < 16)
1686 return SEC_E_BUFFER_TOO_SMALL;
1687
1688 helper = (PNegoHelper)phContext->dwLower;
1689 TRACE("Negotiated flags are: 0x%08x\n", helper->neg_flags);
1690
1691 return ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, TRUE);
1692}
TRUE
#define TRUE
Definition: types.h:120

Referenced by nego_MakeSignature().

◆ ntlm_QueryContextAttributesA()

SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA ( PCtxtHandle  phContext,
ULONG  ulAttribute,
void pBuffer 
)

Definition at line 1482 of file ntlm.c.

1484{
1485 return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
1486}
ntlm_QueryContextAttributesW
SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
Definition: ntlm.c:1427
pBuffer
PVOID pBuffer
Definition: rdesktop-core-tester.cpp:188

Referenced by nego_QueryContextAttributesA().

◆ ntlm_QueryContextAttributesW()

SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW ( PCtxtHandle  phContext,
ULONG  ulAttribute,
void pBuffer 
)

Definition at line 1427 of file ntlm.c.

1429{
1430 TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer);
1431 if (!phContext)
1432 return SEC_E_INVALID_HANDLE;
1433
1434 switch(ulAttribute)
1435 {
1436#define _x(x) case (x) : FIXME(#x" stub\n"); break
1437 _x(SECPKG_ATTR_ACCESS_TOKEN);
1438 _x(SECPKG_ATTR_AUTHORITY);
1439 _x(SECPKG_ATTR_DCE_INFO);
1440 case SECPKG_ATTR_FLAGS:
1441 {
1442 PSecPkgContext_Flags spcf = (PSecPkgContext_Flags)pBuffer;
1443 PNegoHelper helper = (PNegoHelper)phContext->dwLower;
1444
1445 spcf->Flags = 0;
1446 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
1447 spcf->Flags |= ISC_RET_INTEGRITY;
1448 if(helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
1449 spcf->Flags |= ISC_RET_CONFIDENTIALITY;
1450 return SEC_E_OK;
1451 }
1452 _x(SECPKG_ATTR_KEY_INFO);
1453 _x(SECPKG_ATTR_LIFESPAN);
1454 _x(SECPKG_ATTR_NAMES);
1455 _x(SECPKG_ATTR_NATIVE_NAMES);
1456 _x(SECPKG_ATTR_NEGOTIATION_INFO);
1457 _x(SECPKG_ATTR_PACKAGE_INFO);
1458 _x(SECPKG_ATTR_PASSWORD_EXPIRY);
1459 _x(SECPKG_ATTR_SESSION_KEY);
1460 case SECPKG_ATTR_SIZES:
1461 {
1462 PSecPkgContext_Sizes spcs = (PSecPkgContext_Sizes)pBuffer;
1463 spcs->cbMaxToken = NTLM_MAX_BUF;
1464 spcs->cbMaxSignature = 16;
1465 spcs->cbBlockSize = 0;
1466 spcs->cbSecurityTrailer = 16;
1467 return SEC_E_OK;
1468 }
1469 _x(SECPKG_ATTR_STREAM_SIZES);
1470 _x(SECPKG_ATTR_TARGET_INFORMATION);
1471#undef _x
1472 default:
1473 TRACE("Unknown value %d passed for ulAttribute\n", ulAttribute);
1474 }
1475
1476 return SEC_E_UNSUPPORTED_FUNCTION;
1477}
_x
#define _x(x)
SECPKG_ATTR_ACCESS_TOKEN
#define SECPKG_ATTR_ACCESS_TOKEN
Definition: sspi.h:539
PSecPkgContext_Flags
struct _SecPkgContext_Flags * PSecPkgContext_Flags
SECPKG_ATTR_SESSION_KEY
#define SECPKG_ATTR_SESSION_KEY
Definition: sspi.h:530
SECPKG_ATTR_AUTHORITY
#define SECPKG_ATTR_AUTHORITY
Definition: sspi.h:527
SECPKG_ATTR_KEY_INFO
#define SECPKG_ATTR_KEY_INFO
Definition: sspi.h:526
SECPKG_ATTR_PACKAGE_INFO
#define SECPKG_ATTR_PACKAGE_INFO
Definition: sspi.h:531
SECPKG_ATTR_NEGOTIATION_INFO
#define SECPKG_ATTR_NEGOTIATION_INFO
Definition: sspi.h:533
PSecPkgContext_Sizes
struct _SecPkgContext_Sizes * PSecPkgContext_Sizes
ISC_RET_CONFIDENTIALITY
#define ISC_RET_CONFIDENTIALITY
Definition: sspi.h:389
SECPKG_ATTR_TARGET_INFORMATION
#define SECPKG_ATTR_TARGET_INFORMATION
Definition: sspi.h:538
SECPKG_ATTR_PASSWORD_EXPIRY
#define SECPKG_ATTR_PASSWORD_EXPIRY
Definition: sspi.h:529
SECPKG_ATTR_LIFESPAN
#define SECPKG_ATTR_LIFESPAN
Definition: sspi.h:523
SECPKG_ATTR_SIZES
#define SECPKG_ATTR_SIZES
Definition: sspi.h:521
ISC_RET_INTEGRITY
#define ISC_RET_INTEGRITY
Definition: sspi.h:401
SECPKG_ATTR_STREAM_SIZES
#define SECPKG_ATTR_STREAM_SIZES
Definition: sspi.h:525
SECPKG_ATTR_FLAGS
#define SECPKG_ATTR_FLAGS
Definition: sspi.h:535
SECPKG_ATTR_NAMES
#define SECPKG_ATTR_NAMES
Definition: sspi.h:522
SECPKG_ATTR_DCE_INFO
#define SECPKG_ATTR_DCE_INFO
Definition: sspi.h:524
SECPKG_ATTR_NATIVE_NAMES
#define SECPKG_ATTR_NATIVE_NAMES
Definition: sspi.h:534
_SecPkgContext_Flags
Definition: sspi.h:676
_SecPkgContext_Flags::Flags
ULONG Flags
Definition: sspi.h:677
_SecPkgContext_Sizes
Definition: sspi.h:560
_SecPkgContext_Sizes::cbBlockSize
ULONG cbBlockSize
Definition: sspi.h:563
_SecPkgContext_Sizes::cbSecurityTrailer
ULONG cbSecurityTrailer
Definition: sspi.h:564
_SecPkgContext_Sizes::cbMaxSignature
ULONG cbMaxSignature
Definition: sspi.h:562
_SecPkgContext_Sizes::cbMaxToken
ULONG cbMaxToken
Definition: sspi.h:561

Referenced by nego_QueryContextAttributesW(), and ntlm_QueryContextAttributesA().

◆ ntlm_VerifySignature()

SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature ( PCtxtHandle  phContext,
PSecBufferDesc  pMessage,
ULONG  MessageSeqNo,
PULONG  pfQOP 
)

Definition at line 1697 of file ntlm.c.

1699{
1700 PNegoHelper helper;
1701 UINT i;
1702 int token_idx;
1703 SECURITY_STATUS ret;
1704 SecBufferDesc local_desc;
1705 PSecBuffer local_buff;
1706 BYTE local_sig[16];
1707
1708 TRACE("%p %p %d %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
1709 if(!phContext)
1710 return SEC_E_INVALID_HANDLE;
1711
1712 if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
1713 return SEC_E_INVALID_TOKEN;
1714
1715 if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
1716 return SEC_E_INVALID_TOKEN;
1717
1718 if(pMessage->pBuffers[token_idx].cbBuffer < 16)
1719 return SEC_E_BUFFER_TOO_SMALL;
1720
1721 if(MessageSeqNo)
1722 FIXME("Ignoring MessageSeqNo\n");
1723
1724 helper = (PNegoHelper)phContext->dwLower;
1725 TRACE("Negotiated flags: 0x%08x\n", helper->neg_flags);
1726
1727 local_buff = HeapAlloc(GetProcessHeap(), 0, pMessage->cBuffers * sizeof(SecBuffer));
1728
1729 local_desc.ulVersion = SECBUFFER_VERSION;
1730 local_desc.cBuffers = pMessage->cBuffers;
1731 local_desc.pBuffers = local_buff;
1732
1733 for(i=0; i < pMessage->cBuffers; ++i)
1734 {
1735 if(pMessage->pBuffers[i].BufferType == SECBUFFER_TOKEN)
1736 {
1737 local_buff[i].BufferType = SECBUFFER_TOKEN;
1738 local_buff[i].cbBuffer = 16;
1739 local_buff[i].pvBuffer = local_sig;
1740 }
1741 else
1742 {
1743 local_buff[i].BufferType = pMessage->pBuffers[i].BufferType;
1744 local_buff[i].cbBuffer = pMessage->pBuffers[i].cbBuffer;
1745 local_buff[i].pvBuffer = pMessage->pBuffers[i].pvBuffer;
1746 }
1747 }
1748
1749 if((ret = ntlm_CreateSignature(helper, &local_desc, token_idx, NTLM_RECV, TRUE)) != SEC_E_OK)
1750 return ret;
1751
1752 if(memcmp(((PBYTE)local_buff[token_idx].pvBuffer) + 8,
1753 ((PBYTE)pMessage->pBuffers[token_idx].pvBuffer) + 8, 8))
1754 ret = SEC_E_MESSAGE_ALTERED;
1755 else
1756 ret = SEC_E_OK;
1757
1758 HeapFree(GetProcessHeap(), 0, local_buff);
1759
1760 return ret;
1761
1762}
memcmp
int memcmp(void *Buffer1, void *Buffer2, ACPI_SIZE Count)
Definition: utclib.c:112
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
UINT
unsigned int UINT
Definition: ndis.h:50
PSecBuffer
PVOID *typedef PSecBuffer
Definition: ntsecpkg.h:440
SECBUFFER_TOKEN
#define SECBUFFER_TOKEN
Definition: sspi.h:161
SECBUFFER_VERSION
#define SECBUFFER_VERSION
Definition: sspi.h:187
_SecBufferDesc
Definition: sspi.h:180
_SecBufferDesc::ulVersion
ULONG ulVersion
Definition: sspi.h:181
_SecBuffer
Definition: sspi.h:152
SEC_E_MESSAGE_ALTERED
#define SEC_E_MESSAGE_ALTERED
Definition: winerror.h:4321

Referenced by nego_VerifySignature(), and ntlm_DecryptMessage().

◆ SECUR32_CreateNTLM1SessionKey()

SECURITY_STATUS SECUR32_CreateNTLM1SessionKey ( PBYTE  password,
int  len,
PBYTE  session_key 
)

Definition at line 122 of file util.c.

123{
124 MD4_CTX ctx;
125 BYTE ntlm_hash[16];
126
127 TRACE("(%p, %p)\n", password, session_key);
128
129 MD4Init(&ctx);
130 MD4Update(&ctx, password, len);
131 MD4Final(&ctx);
132
133 memcpy(ntlm_hash, ctx.digest, 0x10);
134
135 MD4Init(&ctx);
136 MD4Update(&ctx, ntlm_hash, 0x10u);
137 MD4Final(&ctx);
138
139 memcpy(session_key, ctx.digest, 0x10);
140
141 return SEC_E_OK;
142}
MD4Final
VOID WINAPI MD4Final(MD4_CTX *ctx)
Definition: md4.c:113
MD4Update
VOID WINAPI MD4Update(MD4_CTX *ctx, const unsigned char *buf, unsigned int len)
Definition: md4.c:59
MD4Init
VOID WINAPI MD4Init(MD4_CTX *ctx)
Definition: md4.c:45
len
GLenum GLsizei len
Definition: glext.h:6722
MD4_CTX
Definition: util.c:82

Referenced by ntlm_InitializeSecurityContextW().

◆ SECUR32_CreateNTLM2SubKeys()

SECURITY_STATUS SECUR32_CreateNTLM2SubKeys ( PNegoHelper  helper)

Definition at line 156 of file util.c.

157{
158 helper->crypt.ntlm2.send_sign_key = HeapAlloc(GetProcessHeap(), 0, 16);
159 helper->crypt.ntlm2.send_seal_key = HeapAlloc(GetProcessHeap(), 0, 16);
160 helper->crypt.ntlm2.recv_sign_key = HeapAlloc(GetProcessHeap(), 0, 16);
161 helper->crypt.ntlm2.recv_seal_key = HeapAlloc(GetProcessHeap(), 0, 16);
162
163 if(helper->mode == NTLM_CLIENT)
164 {
165 SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_sign_constant,
166 helper->crypt.ntlm2.send_sign_key);
167 SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_seal_constant,
168 helper->crypt.ntlm2.send_seal_key);
169 SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_sign_constant,
170 helper->crypt.ntlm2.recv_sign_key);
171 SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_seal_constant,
172 helper->crypt.ntlm2.recv_seal_key);
173 }
174 else
175 {
176 SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_sign_constant,
177 helper->crypt.ntlm2.send_sign_key);
178 SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_seal_constant,
179 helper->crypt.ntlm2.send_seal_key);
180 SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_sign_constant,
181 helper->crypt.ntlm2.recv_sign_key);
182 SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_seal_constant,
183 helper->crypt.ntlm2.recv_seal_key);
184 }
185
186 return SEC_E_OK;
187}
SECUR32_CalcNTLM2Subkey
static void SECUR32_CalcNTLM2Subkey(const BYTE *session_key, const char *magic, PBYTE subkey)
Definition: util.c:144
client_to_server_seal_constant
static const char client_to_server_seal_constant[]
Definition: util.c:77
server_to_client_seal_constant
static const char server_to_client_seal_constant[]
Definition: util.c:79
client_to_server_sign_constant
static const char client_to_server_sign_constant[]
Definition: util.c:76
server_to_client_sign_constant
static const char server_to_client_sign_constant[]
Definition: util.c:78

Referenced by ntlm_InitializeSecurityContextW().

◆ SECUR32_initNTLMSP()

void SECUR32_initNTLMSP ( void  )

Definition at line 2026 of file ntlm.c.

2027{
2028 PNegoHelper helper;
2029 static CHAR version[] = "--version";
2030
2031 SEC_CHAR *args[] = {
2032 ntlm_auth,
2033 version,
2034 NULL };
2035
2036 if(fork_helper(&helper, ntlm_auth, args) != SEC_E_OK)
2037 helper = NULL;
2038 else
2039 check_version(helper);
2040
2041 if( helper &&
2042 ((helper->major > MIN_NTLM_AUTH_MAJOR_VERSION) ||
2043 (helper->major == MIN_NTLM_AUTH_MAJOR_VERSION &&
2044 helper->minor > MIN_NTLM_AUTH_MINOR_VERSION) ||
2045 (helper->major == MIN_NTLM_AUTH_MAJOR_VERSION &&
2046 helper->minor == MIN_NTLM_AUTH_MINOR_VERSION &&
2047 helper->micro >= MIN_NTLM_AUTH_MICRO_VERSION)) )
2048 {
2049 SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
2050 SECUR32_addPackages(provider, 1L, ntlm_package_infoA, ntlm_package_infoW);
2051 }
2052 else
2053 {
2054 ERR_(winediag)("%s was not found or is outdated. "
2055 "Make sure that ntlm_auth >= %d.%d.%d is in your path. "
2056 "Usually, you can find it in the winbind package of your distribution.\n",
2057 ntlm_auth,
2058 MIN_NTLM_AUTH_MAJOR_VERSION,
2059 MIN_NTLM_AUTH_MINOR_VERSION,
2060 MIN_NTLM_AUTH_MICRO_VERSION);
2061
2062 }
2063 cleanup_helper(helper);
2064}
version
static const WCHAR version[]
Definition: asmname.c:66
ntlmTableW
static const SecurityFunctionTableW ntlmTableW
Definition: ntlm.c:1948
MIN_NTLM_AUTH_MICRO_VERSION
#define MIN_NTLM_AUTH_MICRO_VERSION
Definition: ntlm.c:39
ntlm_package_infoW
SecPkgInfoW * ntlm_package_infoW
Definition: ntlm.c:2024
ntlmTableA
static const SecurityFunctionTableA ntlmTableA
Definition: ntlm.c:1917
MIN_NTLM_AUTH_MINOR_VERSION
#define MIN_NTLM_AUTH_MINOR_VERSION
Definition: ntlm.c:37
MIN_NTLM_AUTH_MAJOR_VERSION
#define MIN_NTLM_AUTH_MAJOR_VERSION
Definition: ntlm.c:36
ntlm_package_infoA
SecPkgInfoA * ntlm_package_infoA
Definition: ntlm.c:2023
check_version
static BOOL check_version(LPCWSTR gre_path, const char *version_string)
Definition: nsembed.c:521
SECUR32_addProvider
SecureProvider * SECUR32_addProvider(const SecurityFunctionTableA *fnTableA, const SecurityFunctionTableW *fnTableW, PCWSTR moduleName) DECLSPEC_HIDDEN
Definition: secur32_wine.c:314
SECUR32_addPackages
void SECUR32_addPackages(SecureProvider *provider, ULONG toAdd, const SecPkgInfoA *infoA, const SecPkgInfoW *infoW) DECLSPEC_HIDDEN
Definition: secur32_wine.c:362
ERR_
#define ERR_(ch,...)
Definition: debug.h:156
_NegoHelper::minor
int minor
Definition: ntlm.h:31
_NegoHelper::major
int major
Definition: ntlm.h:30
_NegoHelper::micro
int micro
Definition: ntlm.h:32
_SecureProvider
Definition: schannel_priv.h:25
args
Definition: match.c:390

Referenced by SECUR32_initializeProviders().

Variable Documentation

◆ DECLSPEC_HIDDEN

SecPkgInfoA* ntlm_package_infoA DECLSPEC_HIDDEN
extern

Definition at line 114 of file ntlm.h.