30 May
2011
30 May
'11
9:02 p.m.
Author: sserapion
Date: Mon May 30 21:02:50 2011
New Revision: 52014
URL: http://svn.reactos.org/svn/reactos?rev=52014&view=rev
Log:
[NTLMSSP]
- Implement NtlmHandleNegotiateMessage NtlmHandleChallengeMessage and
NtlmHandleAuthenticateMessage
- all wine client server tests pass
- still missing a lot of stuff (WIP code)
Modified:
branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.h
branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c [iso-8859-1] Mon May 30
21:02:50 2011
@@ -391,13 +391,7 @@
ret = NtlmGenerateNegotiateMessage(newContext,
fContextReq,
InputToken1,
- &OutputToken1);
-
- if(!NT_SUCCESS(ret))
- {
- ERR("NtlmGenerateNegotiateMessage failed with %lx\n", ret);
- goto fail;
- }
+ OutputToken1);
/* set result */
phNewContext->dwUpper = NegotiateFlags;
@@ -406,7 +400,6 @@
else /* challenge! */
{
TRACE("ISC challenged!\n");
- *phNewContext = *phContext;
if (fContextReq & ISC_REQ_USE_SUPPLIED_CREDS)
{
/* get second input token */
@@ -421,6 +414,7 @@
}
}
+ *phNewContext = *phContext;
ret = NtlmHandleChallengeMessage(phNewContext->dwLower,
fContextReq,
InputToken1,
@@ -430,13 +424,12 @@
pfContextAttr,
ptsExpiry,
&NegotiateFlags);
-
- if(!NT_SUCCESS(ret))
- {
- ERR("NtlmHandleChallengeMessage failed with %lx\n", ret);
- goto fail;
- }
-
+ }
+
+ if(!NT_SUCCESS(ret))
+ {
+ ERR("failed with %lx\n", ret);
+ goto fail;
}
/* build blob with the output message */
@@ -575,7 +568,7 @@
{
SECURITY_STATUS ret = SEC_E_OK;
PSecBuffer InputToken1, InputToken2;
- PSecBuffer OutputToken1;
+ PSecBuffer OutputToken1, OutputToken2;
TRACE("AcceptSecurityContext %p %p %p %lx %lx %p %p %p %p\n", phCredential,
phContext, pInput,
fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr, ptsExpiry);
@@ -614,29 +607,56 @@
}
/* first call */
- if(!phContext && !InputToken2)
+ if(!phContext)// && !InputToken2)
{
if(!phCredential)
{
ret = SEC_E_INVALID_HANDLE;
goto fail;
}
-
+ TRACE("phNewContext->dwLower %lx\n", phNewContext->dwLower);
ret = NtlmHandleNegotiateMessage(phCredential->dwLower,
- &phNewContext->dwLower,
+ phNewContext->dwLower,
fContextReq,
InputToken1,
- &OutputToken1,
+ InputToken2,
+ OutputToken1,
+ OutputToken2,
pfContextAttr,
ptsExpiry);
}
else
{
- WARN("Handle Authenticate UNIMPLEMENTED!\n");
- }
- //if(!NT_SUCCESS(ret))
-
- UNIMPLEMENTED;
+ *phNewContext = *phContext;
+ USER_SESSION_KEY sessionKey;
+ ULONG userflags;
+ TRACE("phNewContext->dwLower %lx\n", phNewContext->dwLower);
+ ret = NtlmHandleAuthenticateMessage(phNewContext->dwLower,
+ fContextReq,
+ InputToken1,
+ OutputToken1,
+ pfContextAttr,
+ ptsExpiry,
+ (PUCHAR)&sessionKey,
+ &userflags);
+ }
+
+ if(!NT_SUCCESS(ret))
+ {
+ ERR("failed with %lx\n", ret);
+ goto fail;
+ }
+
+ /* build blob with the output message */
+ SecBufferDesc BufferDesc;
+ BufferDesc.ulVersion = SECBUFFER_VERSION;
+ BufferDesc.cBuffers = 1;
+ BufferDesc.pBuffers = OutputToken1;
+
+ if(fContextReq & ASC_REQ_ALLOCATE_MEMORY)
+ *pfContextAttr |= ASC_RET_ALLOCATED_MEMORY;
+
+ *pOutput = BufferDesc;
return ret;
fail:
return ret;
@@ -703,7 +723,6 @@
ApplyControlToken(IN PCtxtHandle phContext,
IN PSecBufferDesc pInput)
{
-
UNIMPLEMENTED;
return SEC_E_UNSUPPORTED_FUNCTION;
}
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c [iso-8859-1] Mon May 30
21:02:50 2011
@@ -53,7 +53,7 @@
/* sanity */
ASSERT(cred);
- TRACE("%p refcount %d\n",cred, cred->RefCount);
+ TRACE("%p refcount %lx\n",cred, cred->RefCount);
ASSERT(cred->RefCount > 0);
/* reference */
@@ -73,7 +73,7 @@
/* sanity */
ASSERT(cred);
- TRACE("%p refcount %d\n",cred, cred->RefCount);
+ TRACE("%p refcount %lx\n",cred, cred->RefCount);
ASSERT(cred->RefCount >= 1);
/* decrement reference */
@@ -137,7 +137,7 @@
{
SECURITY_STATUS ret;
- TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
+ TRACE("(%p, %lx, %p)\n", phCredential, ulAttribute, pBuffer);
if(ulAttribute == SECPKG_ATTR_NAMES)
{
@@ -158,7 +158,7 @@
{
SECURITY_STATUS ret;
- TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
+ TRACE("(%p, %lx, %p)\n", phCredential, ulAttribute, pBuffer);
if(ulAttribute == SECPKG_ATTR_NAMES)
{
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.h
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.h [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.h [iso-8859-1] Mon May 30
21:02:50 2011
@@ -46,9 +46,12 @@
extern UNICODE_STRING NtlmComputerNameString;
extern UNICODE_STRING NtlmDomainNameString;
+extern UNICODE_STRING NtlmDnsNameString;
extern OEM_STRING NtlmOemComputerNameString;
extern OEM_STRING NtlmOemDomainNameString;
+extern OEM_STRING NtlmOemDnsNameString;
extern HANDLE NtlmSystemSecurityToken;
+extern UNICODE_STRING NtlmAvTargetInfo; // contains AV pairs with local info
typedef enum _NTLM_MODE {
NtlmLsaMode = 1,
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c [iso-8859-1] Mon May 30
21:02:50 2011
@@ -26,7 +26,7 @@
NtlmGenerateNegotiateMessage(IN ULONG_PTR Context,
IN ULONG ContextReq,
IN PSecBuffer InputToken,
- OUT PSecBuffer *OutputToken)
+ OUT PSecBuffer OutputToken)
{
PNTLMSSP_CONTEXT context = (PNTLMSSP_CONTEXT)Context;
PNTLMSSP_CREDENTIAL cred = context->Credential;
@@ -35,13 +35,13 @@
ULONG_PTR offset;
NTLM_BLOB blobBuffer[2]; //nego contains 2 blobs
- if(!*OutputToken)
+ if(!OutputToken)
{
ERR("No output token!\n");
return SEC_E_BUFFER_TOO_SMALL;
}
- if(!((*OutputToken)->pvBuffer))
+ if(!(OutputToken->pvBuffer))
{
/* according to wine test */
ERR("No output buffer!\n");
@@ -56,23 +56,21 @@
if (!(ContextReq & ISC_REQ_ALLOCATE_MEMORY))
{
/* not enough space */
- if(messageSize > (*OutputToken)->cbBuffer)
+ if(messageSize > OutputToken->cbBuffer)
return SEC_E_BUFFER_TOO_SMALL;
}
else
{
/* allocate */
- (*OutputToken)->pvBuffer = NtlmAllocate(messageSize);
- (*OutputToken)->cbBuffer = messageSize;
-
- if(!(*OutputToken)->pvBuffer)
+ OutputToken->pvBuffer = NtlmAllocate(messageSize);
+ OutputToken->cbBuffer = messageSize;
+
+ if(!OutputToken->pvBuffer)
return SEC_E_INSUFFICIENT_MEMORY;
}
/* allocate a negotiate message */
- message = (PNEGOTIATE_MESSAGE) NtlmAllocate(messageSize);
-
- if(!message)
+ if(!(message = (PNEGOTIATE_MESSAGE) NtlmAllocate(messageSize)))
return SEC_E_INSUFFICIENT_MEMORY;
/* build message */
@@ -110,11 +108,12 @@
blobBuffer[1].Offset = offset+1;
}
+ /* zero struct */
memset(&message->Version, 0, sizeof(NTLM_WINDOWS_VERSION));
/* send it back */
- memcpy((*OutputToken)->pvBuffer, message, messageSize);
- (*OutputToken)->cbBuffer = messageSize;
+ memcpy(OutputToken->pvBuffer, message, messageSize);
+ OutputToken->cbBuffer = messageSize;
context->State = NegotiateSent;
TRACE("context %p context->NegotiateFlags:\n",context);
@@ -128,40 +127,53 @@
SECURITY_STATUS
NtlmHandleNegotiateMessage(IN ULONG_PTR hCredential,
- IN OUT PULONG_PTR phContext,
+ IN OUT ULONG_PTR hContext,
IN ULONG ContextReq,
IN PSecBuffer InputToken,
- OUT PSecBuffer *pOutputToken,
+ IN PSecBuffer InputToken2,
+ OUT PSecBuffer OutputToken,
+ OUT PSecBuffer OutputToken2,
OUT PULONG pContextAttr,
OUT PTimeStamp ptsExpiry)
{
SECURITY_STATUS ret = SEC_E_OK;
PNEGOTIATE_MESSAGE negoMessage = NULL;
PNTLMSSP_CREDENTIAL cred = NULL;
- PNTLMSSP_CONTEXT newContext = NULL;
-
- ERR("NtlmHandleNegotiateMessage called!\n");
-
- /* InputToken should contain a negotiate message*/
+ PNTLMSSP_CONTEXT context = NULL;
+ UNICODE_STRING targetName;
+ OEM_STRING OemDomainName, OemWorkstationName;
+ ULONG targetFlags = 0;
+ BOOLEAN isUnicode;
+
+ TRACE("NtlmHandleNegotiateMessage hContext %lx\n", hContext);
+ if(!(context = NtlmAllocateContext()))
+ {
+ ret = SEC_E_INSUFFICIENT_MEMORY;
+ ERR("SEC_E_INSUFFICIENT_MEMORY!\n");
+ goto exit;
+ }
+
+ hContext = (ULONG_PTR)context;
+ TRACE("NtlmHandleNegotiateMessage hContext %lx\n", hContext);
+
+ /* InputToken should contain a negotiate message */
if(InputToken->cbBuffer > NTLM_MAX_BUF ||
InputToken->cbBuffer < sizeof(NEGOTIATE_MESSAGE))
{
- ERR("Input token too big!!\n");
+ ERR("Input wrong size!!\n");
ret = SEC_E_INVALID_TOKEN;
goto exit;
}
/* allocate a buffer for it */
- negoMessage = NtlmAllocate(InputToken->cbBuffer);
-
- if(!negoMessage)
+ if(!(negoMessage = NtlmAllocate(sizeof(NEGOTIATE_MESSAGE))))
{
ret = SEC_E_INSUFFICIENT_MEMORY;
goto exit;
}
/* copy it */
- memcpy(negoMessage, InputToken->pvBuffer, InputToken->cbBuffer);
+ memcpy(negoMessage, InputToken->pvBuffer, sizeof(NEGOTIATE_MESSAGE));
/* validate it */
if(strncmp(negoMessage->Signature, NTLMSSP_SIGNATURE, 8) &&
@@ -176,9 +188,11 @@
NtlmPrintNegotiateFlags(negoMessage->NegotiateFlags);
/* get credentials */
- cred = NtlmReferenceCredential(hCredential);
- if(!cred)
+ if(!(cred = NtlmReferenceCredential(hCredential)))
+ {
+ ret = SEC_E_INVALID_TOKEN;
goto exit;
+ }
/* must be an incomming request */
if(!(cred->UseFlags & SECPKG_CRED_INBOUND))
@@ -187,72 +201,199 @@
goto exit;
}
- /* create new context */
- newContext = NtlmAllocateContext();
- if(!newContext)
+ /* convert flags */
+ if(ContextReq & ASC_REQ_IDENTIFY)
+ {
+ *pContextAttr |= ASC_RET_IDENTIFY;
+ context->ContextFlags |= ASC_RET_IDENTIFY;
+ }
+
+ if(ContextReq & ASC_REQ_DATAGRAM)
+ {
+ *pContextAttr |= ASC_RET_DATAGRAM;
+ context->ContextFlags |= ASC_RET_DATAGRAM;
+ }
+
+ if(ContextReq & ASC_REQ_CONNECTION)
+ {
+ *pContextAttr |= ASC_RET_CONNECTION;
+ context->ContextFlags |= ASC_RET_CONNECTION;
+ }
+
+ if(ContextReq & ASC_REQ_INTEGRITY)
+ {
+ *pContextAttr |= ASC_RET_INTEGRITY;
+ context->ContextFlags |= ASC_RET_INTEGRITY;
+ }
+
+ if(ContextReq & ASC_REQ_REPLAY_DETECT)
+ {
+ *pContextAttr |= ASC_RET_REPLAY_DETECT;
+ context->ContextFlags |= ASC_RET_REPLAY_DETECT;
+ }
+
+ if(ContextReq & ASC_REQ_SEQUENCE_DETECT)
+ {
+ *pContextAttr |= ASC_RET_SEQUENCE_DETECT;
+ context->ContextFlags |= ASC_RET_SEQUENCE_DETECT;
+ }
+
+ if(ContextReq & ASC_REQ_ALLOW_NULL_SESSION)
+ {
+ context->ContextFlags |= ASC_REQ_ALLOW_NULL_SESSION;
+ }
+
+ if(ContextReq & ASC_REQ_ALLOW_NON_USER_LOGONS)
+ {
+ *pContextAttr |= ASC_RET_ALLOW_NON_USER_LOGONS;
+ context->ContextFlags |= ASC_RET_ALLOW_NON_USER_LOGONS;
+ }
+
+ /* encryption */
+ if(ContextReq & ASC_REQ_CONFIDENTIALITY)
+ {
+ *pContextAttr |= ASC_RET_CONFIDENTIALITY;
+ context->ContextFlags |= ASC_RET_CONFIDENTIALITY;
+ }
+
+ if (negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
||
+ negoMessage->NegotiateFlags & NTLMSSP_REQUEST_TARGET)
+ {
+ targetFlags |= NTLMSSP_TARGET_TYPE_SERVER | NTLMSSP_REQUEST_TARGET |
NTLMSSP_NEGOTIATE_TARGET_INFO;
+
+ if (negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_UNICODE)
+ {
+ isUnicode = TRUE;
+ targetFlags |= NTLMSSP_NEGOTIATE_UNICODE;
+ RtlInitUnicodeString(&targetName, NtlmComputerNameString.Buffer);
+ }
+ else if(negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_OEM)
+ {
+ isUnicode = FALSE;
+ targetFlags |= NTLMSSP_NEGOTIATE_OEM;
+ RtlInitUnicodeString(&targetName,
(PWCHAR)&NtlmOemComputerNameString.Buffer);
+ }
+ else
+ {
+ ret = SEC_E_INVALID_TOKEN;
+ ERR("flags invalid!\n");
+ goto exit;
+ }
+ }
+
+ /* create a challenge message */
+ PCHALLENGE_MESSAGE chaMessage = NULL;
+ ULONG messageSize = sizeof(CHALLENGE_MESSAGE)+ targetName.Length + 1 +
NtlmAvTargetInfo.Length;
+ ULONG offset;
+
+ /* ntlm does not listen to ASC_REQ_ALLOCATE_MEMORY or lack thereof */
+ /* further more the buffer size is always NTLM_MAX_BUF */
+ /* allocate output buffer */
+ OutputToken->pvBuffer = NtlmAllocate(NTLM_MAX_BUF);
+ OutputToken->cbBuffer = messageSize;
+
+ if(!OutputToken->pvBuffer)
{
ret = SEC_E_INSUFFICIENT_MEMORY;
goto exit;
}
- *phContext = (ULONG_PTR)newContext;
-
- if(ContextReq & ASC_REQ_IDENTIFY)
- {
+ /* allocate message */
+ if (!(chaMessage = (PCHALLENGE_MESSAGE)NtlmAllocate(messageSize)))
+ {
+ ret = SEC_E_INSUFFICIENT_MEMORY;
+ goto exit;
+ }
+
+ TRACE("message %p size %lu\n", chaMessage, messageSize);
+
+ /* build message */
+ strcpy(chaMessage->Signature, NTLMSSP_SIGNATURE);
+ chaMessage->MsgType = NtlmChallenge;
+ chaMessage->NegotiateFlags = context->NegotiateFlags;
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM;
+
+ /* generate challenge */
+ NtlmGenerateRandomBits(chaMessage->ServerChallenge, MSV1_0_CHALLENGE_LENGTH);
+ memcpy(context->Challenge, chaMessage->ServerChallenge,
MSV1_0_CHALLENGE_LENGTH);
+
+ offset = (ULONG_PTR)(chaMessage+1);
+
+ if(negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
+ {
+ negoMessage->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY;
+ }
+ else if(negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_LM_KEY)
+ {
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_LM_KEY;
+ }
+
+ if(negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
+
+ if(negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_SIGN)
+ {
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
+ *pContextAttr |= (ASC_RET_SEQUENCE_DETECT | ASC_RET_REPLAY_DETECT);
+ context->ContextFlags |= (ASC_RET_SEQUENCE_DETECT | ASC_RET_REPLAY_DETECT);
+ }
+
+ if (negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_SEAL)
+ {
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
+ *pContextAttr |= ASC_RET_CONFIDENTIALITY;
+ context->ContextFlags |= ASC_RET_CONFIDENTIALITY;
+ }
+
+ if(negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
+
+ /* client requested encryption */
+ if(negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_128)
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_128;
+ else if(negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_56)
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_56;
+
+ if(negoMessage->NegotiateFlags & NTLMSSP_REQUEST_INIT_RESP)
+ {
+ chaMessage->NegotiateFlags |= NTLMSSP_REQUEST_INIT_RESP;
*pContextAttr |= ASC_RET_IDENTIFY;
- newContext->ContextFlags |= ASC_RET_IDENTIFY;
- }
-
- if(ContextReq & ASC_REQ_DATAGRAM)
- {
- *pContextAttr |= ASC_RET_DATAGRAM;
- newContext->ContextFlags |= ASC_RET_DATAGRAM;
- }
-
- if(ContextReq & ASC_REQ_CONNECTION)
- {
- *pContextAttr |= ASC_RET_CONNECTION;
- newContext->ContextFlags |= ASC_RET_CONNECTION;
- }
-
- if(ContextReq & ASC_REQ_INTEGRITY)
- {
- *pContextAttr |= ASC_RET_INTEGRITY;
- newContext->ContextFlags |= ASC_RET_INTEGRITY;
- }
-
- if(ContextReq & ASC_REQ_REPLAY_DETECT)
- {
- *pContextAttr |= ASC_RET_REPLAY_DETECT;
- newContext->ContextFlags |= ASC_RET_REPLAY_DETECT;
- }
-
- if(ContextReq & ASC_REQ_SEQUENCE_DETECT)
- {
- *pContextAttr |= ASC_RET_SEQUENCE_DETECT;
- newContext->ContextFlags |= ASC_RET_SEQUENCE_DETECT;
- }
-
- if(ContextReq & ASC_REQ_ALLOW_NULL_SESSION)
- {
- newContext->ContextFlags |= ASC_REQ_ALLOW_NULL_SESSION;
- }
-
- if(ContextReq & ASC_REQ_ALLOW_NON_USER_LOGONS)
- {
- *pContextAttr |= ASC_RET_ALLOW_NON_USER_LOGONS;
- newContext->ContextFlags |= ASC_RET_ALLOW_NON_USER_LOGONS;
- }
-
- /* encryption */
- if(ContextReq & ASC_REQ_CONFIDENTIALITY)
- {
- *pContextAttr |= ASC_RET_CONFIDENTIALITY;
- newContext->ContextFlags |= ASC_RET_CONFIDENTIALITY;
- }
+ context->ContextFlags |= ASC_RET_IDENTIFY;
+ }
+
+ /* check for local call */
+ if((negoMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
&&
+ (negoMessage->NegotiateFlags &
NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED))
+ {
+ NtlmBlobToUnicodeString(InputToken, negoMessage->OemDomainName,
(PUNICODE_STRING)&OemDomainName);
+ NtlmBlobToUnicodeString(InputToken, negoMessage->OemWorkstationName,
(PUNICODE_STRING)&OemWorkstationName);
+
+ if (RtlEqualString(&OemWorkstationName, &NtlmOemComputerNameString,
FALSE)&&
+ RtlEqualString(&OemDomainName, &NtlmOemDomainNameString, FALSE))
+ {
+ TRACE("local negotiate detected!\n");
+ chaMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_LOCAL_CALL;
+ }
+ }
+
+ NtlmUnicodeStringToBlob((PVOID)chaMessage, &targetName,
&chaMessage->TargetName, &offset);
+ NtlmUnicodeStringToBlob((PVOID)chaMessage, &NtlmAvTargetInfo,
&chaMessage->TargetInfo, &offset);
+ chaMessage->NegotiateFlags |= targetFlags;
+
+ memcpy(OutputToken->pvBuffer, chaMessage, messageSize);
+ OutputToken->cbBuffer = messageSize;
+ context->State = ChallengeSent;
+ ret = SEC_I_CONTINUE_NEEDED;
exit:
- ERR("FIXME: HERE!!!!!!!!!!!!!!!");
+ if(chaMessage) NtlmFree(chaMessage);
+ if(negoMessage) NtlmFree(negoMessage);
+ if(cred) NtlmDereferenceCredential((ULONG_PTR)cred);
+ if(targetName.Buffer) NtlmFree(targetName.Buffer);
+ if(OemDomainName.Buffer) NtlmFree(OemDomainName.Buffer);
+ if(OemWorkstationName.Buffer) NtlmFree(OemWorkstationName.Buffer);
+
return ret;
}
@@ -261,59 +402,60 @@
IN ULONG ContextReq,
IN PSecBuffer InputToken1,
IN PSecBuffer InputToken2,
- IN OUT PSecBuffer *OutputToken1,
- IN OUT PSecBuffer *OutputToken2,
+ IN OUT PSecBuffer OutputToken1,
+ IN OUT PSecBuffer OutputToken2,
OUT PULONG pContextAttr,
OUT PTimeStamp ptsExpiry,
OUT PULONG NegotiateFlags)
{
SECURITY_STATUS ret = SEC_E_OK;
- PNTLMSSP_CONTEXT context;
- PCHALLENGE_MESSAGE challenge;
+ PNTLMSSP_CONTEXT context = NULL;
+ PCHALLENGE_MESSAGE challenge = NULL;
+ PNTLMSSP_CREDENTIAL cred = NULL;
BOOLEAN isUnicode;
+ TRACE("NtlmHandleChallengeMessage hContext %lx\n", hContext);
/* get context */
context = NtlmReferenceContext(hContext);
if(!context || !context->Credential)
{
ERR("NtlmHandleChallengeMessage invalid handle!\n");
ret = SEC_E_INVALID_HANDLE;
- goto exit;
+ goto fail;
}
/* re-authenticate call */
if(context->State == AuthenticateSent)
{
UNIMPLEMENTED;
+ goto fail;
}
else if(context->State != NegotiateSent)
{
- ERR("Context not in negotiate sent state!\n");
+ ERR("Context not in correct state!\n");
ret = SEC_E_OUT_OF_SEQUENCE;
- goto exit;
+ goto fail;
}
/* InputToken1 should contain a challenge message */
- TRACE("input token size %lx\n", InputToken1->cbBuffer);
if(InputToken1->cbBuffer > NTLM_MAX_BUF ||
InputToken1->cbBuffer < sizeof(CHALLENGE_MESSAGE))
{
ERR("Input token invalid!\n");
ret = SEC_E_INVALID_TOKEN;
- goto exit;
+ goto fail;
}
/* allocate a buffer for it */
- challenge = NtlmAllocate(InputToken1->cbBuffer);
- if(!challenge)
+ if(!(challenge = NtlmAllocate(sizeof(CHALLENGE_MESSAGE))))
{
ERR("failed to allocate challenge buffer!\n");
ret = SEC_E_INSUFFICIENT_MEMORY;
- goto exit;
+ goto fail;
}
/* copy it */
- memcpy(challenge, InputToken1->pvBuffer, InputToken1->cbBuffer);
+ memcpy(challenge, InputToken1->pvBuffer, sizeof(CHALLENGE_MESSAGE));
/* validate it */
if(strncmp(challenge->Signature, NTLMSSP_SIGNATURE, 8) &&
@@ -321,14 +463,14 @@
{
ERR("Input message not valid!\n");
ret = SEC_E_INVALID_TOKEN;
- goto exit;
+ goto fail;
}
TRACE("Got valid challege message! with flags:\n");
NtlmPrintNegotiateFlags(challenge->NegotiateFlags);
/* print challenge message and payloads */
- NtlmPrintHexDump((PBYTE)challenge, InputToken1->cbBuffer);
+ NtlmPrintHexDump((PBYTE)InputToken1->pvBuffer, InputToken1->cbBuffer);
if(challenge->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM)
{
@@ -364,14 +506,14 @@
/* these flags must be bad! */
ERR("challenge flags did not specify unicode or oem!\n");
ret = SEC_E_INVALID_TOKEN;
- goto exit;
+ goto fail;
}
/* support ntlm2 */
if(challenge->NegotiateFlags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
{
challenge->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
- context->NegotiateFlags &= ~(NTLMSSP_NEGOTIATE_LM_KEY);
+ context->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
}
else
{
@@ -383,7 +525,7 @@
{
ERR("netware authentication not supported!!!\n");
ret = SEC_E_UNSUPPORTED_FUNCTION;
- goto exit;
+ goto fail;
}
}
@@ -430,7 +572,7 @@
if(!NT_SUCCESS(ret))
{
ERR("could not get target info!\n");
- goto exit;
+ goto fail;
}
}
else
@@ -444,20 +586,23 @@
if(!NT_SUCCESS(ret))
{
ERR("could not get target info!\n");
- goto exit;
+ goto fail;
}
if(isUnicode)
FIXME("convert to unicode!\n");
}
- TRACE("ServerName %s\n", debugstr_w(ServerName.Buffer));
-
- PNTLMSSP_CREDENTIAL cred =
NtlmReferenceCredential((ULONG_PTR)context->Credential);
+
+
MSV1_0_NTLM3_RESPONSE NtResponse;
LM2_RESPONSE Lm2Response;
USER_SESSION_KEY UserSessionKey;
LM_SESSION_KEY LmSessionKey;
- NtlmUnProtectMemory(cred->Password.Buffer, cred->Password.Length *
sizeof(WCHAR));
+ if(!(cred = NtlmReferenceCredential((ULONG_PTR)context->Credential)))
+ goto fail;
+
+ /* unscramble password */
+ NtlmUnProtectMemory(cred->Password.Buffer, cred->Password.Length);
TRACE("cred: %s %s %s\n", debugstr_w(cred->UserName.Buffer),
debugstr_w(cred->Password.Buffer), debugstr_w(cred->DomainName.Buffer));
@@ -472,9 +617,255 @@
&UserSessionKey,
&LmSessionKey);
-exit:
+ PAUTHENTICATE_MESSAGE authmessage = NULL;
+ ULONG_PTR offset;
+
+ UNICODE_STRING NtResponseString;
+ //UNICODE_STRING LmResponseString;
+ UNICODE_STRING UserSessionKeyString;
+ UNICODE_STRING LmSessionKeyString;
+
+#define InitString(str, input) str.MaximumLength = str.Length =
sizeof(input)*sizeof(WCHAR); str.Buffer = (WCHAR*)&input
+ InitString(NtResponseString, NtResponse);
+ //InitString(LmResponseString, Lm2Response);
+ InitString(UserSessionKeyString, UserSessionKey);
+ InitString(LmSessionKeyString, LmSessionKey);
+
+ ULONG messageSize = sizeof(AUTHENTICATE_MESSAGE) +
+ ServerName.Length + cred->UserName.Length + cred->DomainName.Length +
+ NtResponseString.Length + UserSessionKeyString.Length +
LmSessionKeyString.Length;
+ //LmResponseString.Length;
+
+ if(!(authmessage = NtlmAllocate(messageSize)))
+ {
+ ret = SEC_E_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ strcpy(authmessage->Signature, NTLMSSP_SIGNATURE);
+ authmessage->MsgType = NtlmAuthenticate;
+
+ offset = (ULONG_PTR)(authmessage+1);
+
+ NtlmUnicodeStringToBlob((PVOID)authmessage,
+ &cred->DomainName,
+ &authmessage->DomainName,
+ &offset);
+
+ NtlmUnicodeStringToBlob((PVOID)authmessage,
+ &cred->UserName,
+ &authmessage->UserName,
+ &offset);
+
+ NtlmUnicodeStringToBlob((PVOID)authmessage,
+ &ServerName,
+ &authmessage->WorkstationName,
+ &offset);
+
+ //if(targetinfo)
+ //NtlmUnicodeStringToBlob((PVOID)authmessage,
+ // &LmResponseString,
+ // &authmessage->LmChallengeResponse,
+ // &offset);
+
+ NtlmUnicodeStringToBlob((PVOID)authmessage,
+ &NtResponseString,
+ &authmessage->NtChallengeResponse,
+ &offset);
+
+ NtlmUnicodeStringToBlob((PVOID)authmessage,
+ &UserSessionKeyString,
+ &authmessage->EncryptedRandomSessionKey,
+ &offset);
+
+ /* if should not allocate */
+ if (!(ContextReq & ISC_REQ_ALLOCATE_MEMORY))
+ {
+ /* not enough space */
+ if(messageSize > OutputToken1->cbBuffer)
+ {
+ ret = SEC_E_BUFFER_TOO_SMALL;
+ goto fail;
+ }
+ }
+ else
+ {
+ /* allocate */
+ if(!(OutputToken1->pvBuffer = NtlmAllocate(messageSize)))
+ {
+ ret = SEC_E_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+ }
+
+ OutputToken1->cbBuffer = messageSize; /* says wine test */
+ memcpy(OutputToken1->pvBuffer, authmessage, messageSize);
+ context->State = AuthenticateSent;
+ ret = SEC_E_OK;
+
+fail:
+ if(authmessage) NtlmFree(authmessage);
+ if(context) NtlmDereferenceContext((ULONG_PTR)context);
+ if(cred) NtlmDereferenceCredential((ULONG_PTR)cred);
ERR("handle challenge end\n");
-
return ret;
}
+SECURITY_STATUS
+NtlmHandleAuthenticateMessage(IN ULONG_PTR hContext,
+ IN ULONG ContextReq,
+ IN PSecBuffer InputToken,
+ OUT PSecBuffer OutputToken,
+ OUT PULONG pContextAttr,
+ OUT PTimeStamp ptsExpiry,
+ OUT PUCHAR pSessionKey,
+ OUT PULONG pfUserFlags)
+{
+ SECURITY_STATUS ret = SEC_E_OK;
+ PNTLMSSP_CONTEXT context = NULL;
+ PAUTHENTICATE_MESSAGE authMessage = NULL;
+ BOOLEAN isUnicode;
+
+ TRACE("NtlmHandleAuthenticateMessage hContext %x!\n", hContext);
+ /* get context */
+ if(!(context = NtlmReferenceContext(hContext)))
+ {
+ ret = SEC_E_INVALID_HANDLE;
+ goto fail;
+ }
+
+ TRACE("context->State %d\n", context->State);
+ if(context->State != ChallengeSent || context->State != Authenticated)
+ {
+ ERR("Context not in correct state!\n");
+ ret = SEC_E_OUT_OF_SEQUENCE;
+ goto fail;
+ }
+
+ /* re-authorize */
+ if(context->State == Authenticated)
+ UNIMPLEMENTED;
+
+ /* InputToken1 should contain a authenticate message */
+ TRACE("input token size %lx\n", InputToken->cbBuffer);
+ if(InputToken->cbBuffer > NTLM_MAX_BUF ||
+ InputToken->cbBuffer < sizeof(AUTHENTICATE_MESSAGE))
+ {
+ ERR("Input token invalid!\n");
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ /* allocate a buffer for it */
+ if(!(authMessage = NtlmAllocate(sizeof(AUTHENTICATE_MESSAGE))))
+ {
+ ERR("failed to allocate authMessage buffer!\n");
+ ret = SEC_E_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ /* copy it */
+ memcpy(authMessage, InputToken->pvBuffer, sizeof(AUTHENTICATE_MESSAGE));
+
+ /* validate it */
+ if(strncmp(authMessage->Signature, NTLMSSP_SIGNATURE, 8) &&
+ authMessage->MsgType == NtlmAuthenticate)
+ {
+ ERR("Input message not valid!\n");
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ /* datagram */
+ if(context->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM)
+ {
+ /* context and message dont agree on connection type! */
+ if(!(authMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM))
+ {
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ /* use message flags */
+ context->NegotiateFlags = authMessage->NegotiateFlags;
+
+ /* need a key */
+ if(context->NegotiateFlags & (NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL))
+ context->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
+
+ /* remove lm key */
+ if (context->NegotiateFlags & NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY)
+ context->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
+ }
+
+ /* supports unicode */
+ if(context->NegotiateFlags & NTLMSSP_NEGOTIATE_UNICODE)
+ {
+ context->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_OEM;
+ isUnicode = TRUE;
+ }
+ else if(context->NegotiateFlags & NTLMSSP_NEGOTIATE_OEM)
+ {
+ context->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_UNICODE;
+ isUnicode = FALSE;
+ }
+ else
+ {
+ /* these flags must be bad! */
+ ERR("authenticate flags did not specify unicode or oem!\n");
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ UNICODE_STRING LmChallengeResponse, NtChallengeResponse, SessionKey;
+ UNICODE_STRING UserName, Workstation, DomainName;
+
+ if(!NT_SUCCESS(NtlmBlobToUnicodeString(InputToken,
+ authMessage->LmChallengeResponse, &LmChallengeResponse)))
+ {
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ if(!NT_SUCCESS(NtlmBlobToUnicodeString(InputToken,
+ authMessage->NtChallengeResponse, &NtChallengeResponse)))
+ {
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ if(!NT_SUCCESS(NtlmBlobToUnicodeString(InputToken,
+ authMessage->UserName, &UserName)))
+ {
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ if(!NT_SUCCESS(NtlmBlobToUnicodeString(InputToken,
+ authMessage->WorkstationName, &Workstation)))
+ {
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ if(!NT_SUCCESS(NtlmBlobToUnicodeString(InputToken,
+ authMessage->DomainName, &DomainName)))
+ {
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ //if(NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
+ if(!NT_SUCCESS(NtlmBlobToUnicodeString(InputToken,
+ authMessage->EncryptedRandomSessionKey, &SessionKey)))
+ {
+ ret = SEC_E_INVALID_TOKEN;
+ goto fail;
+ }
+
+ ret = SEC_I_COMPLETE_NEEDED;
+
+fail:
+ NtlmDereferenceContext((ULONG_PTR)context);
+ return ret;
+}
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h [iso-8859-1] Mon May 30
21:02:50 2011
@@ -164,6 +164,14 @@
/* payload */
}AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
+typedef struct _MESSAGE_SIGNATURE
+{
+ ULONG Version;
+ ULONG RandomPad;
+ ULONG Checksum;
+ ULONG Nonce;
+}MESSAGE_SIGNATURE, *PMESSAGE_SIGNATURE;
+
/* basic functions */
VOID
@@ -173,14 +181,14 @@
VOID
NTOWFv2(
- PWCHAR password,
- PWCHAR user,
- PWCHAR domain,
+ const PWCHAR password,
+ const PWCHAR user,
+ const PWCHAR domain,
PUCHAR result);
VOID
LMOWFv1(
- PCCHAR password,
+ const PCCHAR password,
PUCHAR result);
VOID
@@ -275,15 +283,17 @@
IN ULONG_PTR hContext,
IN ULONG ContextReq,
IN PSecBuffer InputToken,
- OUT PSecBuffer *OutputToken);
+ OUT PSecBuffer OutputToken);
SECURITY_STATUS
NtlmHandleNegotiateMessage(
IN ULONG_PTR hCredential,
- IN OUT PULONG_PTR phContext,
+ IN OUT ULONG_PTR hContext,
IN ULONG fContextReq,
- IN PSecBuffer InputToken,
- OUT PSecBuffer *OutputToken,
+ IN PSecBuffer InputToken1,
+ IN PSecBuffer InputToken2,
+ OUT PSecBuffer OutputToken1,
+ OUT PSecBuffer OutputToken2,
OUT PULONG pContextAttr,
OUT PTimeStamp ptsExpiry);
@@ -293,8 +303,8 @@
IN ULONG ContextReq,
IN PSecBuffer InputToken1,
IN PSecBuffer InputToken2,
- IN OUT PSecBuffer *OutputToken1,
- IN OUT PSecBuffer *OutputToken2,
+ IN OUT PSecBuffer OutputToken1,
+ IN OUT PSecBuffer OutputToken2,
OUT PULONG ContextAttr,
OUT PTimeStamp ptsExpiry,
OUT PULONG NegotiateFlags);
@@ -303,15 +313,11 @@
NtlmHandleAuthenticateMessage(
IN ULONG_PTR hContext,
IN ULONG fContextReq,
- IN PSecBuffer *pInputTokens,
+ IN PSecBuffer InputToken,
OUT PSecBuffer OutputToken,
OUT PULONG pContextAttr,
OUT PTimeStamp ptsExpiry,
OUT PUCHAR pSessionKey,
- OUT PULONG pfNegotiateFlags,
- OUT PHANDLE TokenHandle,
- OUT PNTSTATUS pSubStatus,
- OUT PTimeStamp ptsPasswordExpiry,
OUT PULONG pfUserFlags);
/* helper functions */