[sserapion] 51806: [NTLMSSP] - Implemented NtlmAllocateContext, NtlmGetCachedCredentials, NtlmGetSecBuffer, NtlmCreateNegoContext, NtlmGenerateNegotiateMessage, negotiation part of InitializeSecuri...
17 May
2011
17 May
'11
8:54 a.m.
Author: sserapion
Date: Tue May 17 08:54:03 2011
New Revision: 51806
URL: http://svn.reactos.org/svn/reactos?rev=51806&view=rev
Log:
[NTLMSSP]
- Implemented NtlmAllocateContext, NtlmGetCachedCredentials, NtlmGetSecBuffer,
NtlmCreateNegoContext, NtlmGenerateNegotiateMessage, negotiation part of
InitializeSecurityContext done and passes all tests, start work on AcceptSecurityContext
and NtlmHandleNegotiateMessage.
Added:
branches/sspi-bringup/reactos/dll/win32/ntlmssp/debug.c (with props)
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.c
- copied, changed from r51687,
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.h
- copied, changed from r51687,
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.h
branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c (with props)
branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h (with props)
Removed:
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.h
Modified:
branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/crypt.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/dllmain.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/messages.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.rbuild
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.spec
branches/sspi-bringup/reactos/dll/win32/ntlmssp/sign.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/stubs.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/util.c
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -17,8 +17,11 @@
*
*/
-#include "ntlm.h"
-
+#include "ntlmssp.h"
+#include "protocol.h"
+#include <lm.h>
+
+#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
CRITICAL_SECTION ContextCritSect;
@@ -36,46 +39,62 @@
VOID
NtlmReferenceContext(IN ULONG_PTR Handle)
{
- PNTLMSSP_CONTEXT Context = (PNTLMSSP_CONTEXT)Handle;
-
+ PNTLMSSP_CONTEXT context;
EnterCriticalSection(&ContextCritSect);
- ASSERT(Context->RefCount > 0);
+ context = (PNTLMSSP_CONTEXT)Handle;
+
+ /* sanity */
+ ASSERT(context);
+ TRACE("%p refcount %lu\n",context, context->RefCount);
+ ASSERT(context->RefCount > 0);
/* A context that is not authenticated is only valid for a
pre-determined interval */
- if (NtlmIntervalElapsed(Context->StartTime, Context->Timeout))
- {
- if ((Context->State != Authenticated) &&
- (Context->State != AuthenticateSent) &&
- (Context->State != PassedToService))
- {
- ERR("Context %p has timed out\n", Context);
+#if 0
+ if (NtlmHasIntervalElapsed(context->StartTime, context->Timeout))
+ {
+ if ((context->State != Authenticated) &&
+ (context->State != AuthenticateSent) &&
+ (context->State != PassedToService))
+ {
+ WARN("%p has timed out\n", context);
LeaveCriticalSection(&ContextCritSect);
return;
}
}
- Context->RefCount += 1;
+#endif
+ context->RefCount++;
LeaveCriticalSection(&ContextCritSect);
}
VOID
NtlmDereferenceContext(IN ULONG_PTR Handle)
{
- PNTLMSSP_CONTEXT Context = (PNTLMSSP_CONTEXT)Handle;
-
+ PNTLMSSP_CONTEXT context;
EnterCriticalSection(&ContextCritSect);
- ASSERT(Context->RefCount >= 1);
-
- Context->RefCount -= 1;
-
- /* If there are no references free the object */
- if (Context->RefCount == 0)
- {
- ERR("Deleting context %p\n",Context);
- /* free memory */
- NtlmFree(Context);
+ context = (PNTLMSSP_CONTEXT)Handle;
+
+ /* sanity */
+ ASSERT(context);
+ TRACE("%p refcount %lu\n",context, context->RefCount);
+ ASSERT(context->RefCount >= 1);
+
+ /* decrement and check for delete */
+ if (context->RefCount-- == 0)
+ {
+ TRACE("Deleting context %p\n",context);
+
+ /* dereference credential */
+ if(context->Credential)
+ NtlmDereferenceCredential((ULONG_PTR)context->Credential);
+
+ /* remove from list */
+ RemoveEntryList(&context->Entry);
+
+ /* delete object */
+ NtlmFree(context);
}
LeaveCriticalSection(&ContextCritSect);
@@ -103,6 +122,278 @@
DeleteCriticalSection(&ContextCritSect);
return;
+}
+
+PNTLMSSP_CONTEXT
+NtlmAllocateContext(VOID)
+{
+ SECPKG_CALL_INFO CallInfo;
+ PNTLMSSP_CONTEXT ret;
+
+ ret = (PNTLMSSP_CONTEXT)NtlmAllocate(sizeof(NTLMSSP_CONTEXT));
+
+ if(!ret)
+ {
+ ERR("allocate context failed!\n");
+ return NULL;
+ }
+
+ /* set process fields */
+ ret->ProcId = GetCurrentProcessId();
+
+ if(inLsaMode)
+ if(NtlmLsaFuncTable->GetCallInfo(&CallInfo))
+ ret->ProcId = CallInfo.ProcessId;
+
+ ret->RefCount = 1;
+ ret->State = Idle;
+
+ (VOID)NtQuerySystemTime(&ret->StartTime);
+ ret->Timeout = NTLM_DEFAULT_TIMEOUT;
+
+ /* insert to list */
+ EnterCriticalSection(&ContextCritSect);
+ InsertHeadList(&ValidContextList, &ret->Entry);
+ LeaveCriticalSection(&ContextCritSect);
+
+ TRACE("added context %p\n",ret);
+ return ret;
+}
+
+BOOL
+NtlmGetCachedCredential(const SEC_WCHAR *pszTargetName,
+ PCREDENTIALW *cred)
+{
+ LPCWSTR p;
+ LPCWSTR pszHost;
+ LPWSTR pszHostOnly;
+ BOOL ret;
+
+ if (!pszTargetName)
+ return FALSE;
+
+ /* try to get the start of the hostname from service principal name (SPN) */
+ pszHost = strchrW(pszTargetName, '/');
+ if (pszHost)
+ {
+ /* skip slash character */
+ pszHost++;
+
+ /* find fail of host by detecting start of instance port or start of referrer */
+ p = strchrW(pszHost, ':');
+ if (!p)
+ p = strchrW(pszHost, '/');
+ if (!p)
+ p = pszHost + strlenW(pszHost);
+ }
+ else /* otherwise not an SPN, just a host */
+ {
+ pszHost = pszTargetName;
+ p = pszHost + strlenW(pszHost);
+ }
+
+ pszHostOnly = HeapAlloc(GetProcessHeap(), 0, (p - pszHost + 1) * sizeof(WCHAR));
+ if (!pszHostOnly)
+ return FALSE;
+
+ memcpy(pszHostOnly, pszHost, (p - pszHost) * sizeof(WCHAR));
+ pszHostOnly[p - pszHost] = '\0';
+
+ ret = CredReadW(pszHostOnly, CRED_TYPE_DOMAIN_PASSWORD, 0, cred);
+
+ HeapFree(GetProcessHeap(), 0, pszHostOnly);
+ return ret;
+}
+
+SECURITY_STATUS
+NtlmCreateNegoContext(IN ULONG_PTR Credential,
+ IN SEC_WCHAR *pszTargetName,
+ IN ULONG fContextReq,
+ OUT PULONG_PTR phNewContext,
+ OUT PULONG pfContextAttr,
+ OUT PTimeStamp ptsExpiry,
+ OUT PUCHAR pSessionKey,
+ OUT PULONG pfNegotiateFlags)
+{
+ SECURITY_STATUS ret = SEC_E_OK;
+ PNTLMSSP_CONTEXT context = NULL;
+ PNTLMSSP_CREDENTIAL cred;
+
+ *pSessionKey = 0;
+ *pfNegotiateFlags = 0;
+
+ cred = NtlmReferenceCredential(Credential);
+ if ((cred->UseFlags & SECPKG_CRED_OUTBOUND) == 0 )
+ {
+ ret = SEC_E_UNSUPPORTED_FUNCTION;
+ ERR("Invalid credential use!\n");
+ goto fail;
+ }
+
+ context = NtlmAllocateContext();
+
+ if(!context)
+ {
+ ret = SEC_E_INSUFFICIENT_MEMORY;
+ ERR("SEC_E_INSUFFICIENT_MEMORY!\n");
+ goto fail;
+ }
+
+ /* always on features */
+ context->NegotiateFlags = NTLMSSP_NEGOTIATE_UNICODE |
+ NTLMSSP_NEGOTIATE_OEM |
+ NTLMSSP_NEGOTIATE_NTLM |
+ NTLMSSP_NEGOTIATE_NTLM2 | //if supported
+ NTLMSSP_REQUEST_TARGET |
+ NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
+ NTLMSSP_NEGOTIATE_56 |
+ NTLMSSP_NEGOTIATE_128; // if supported
+
+ /* client requested features */
+ if(fContextReq & ISC_REQ_INTEGRITY)
+ {
+ *pfContextAttr |= ISC_RET_INTEGRITY;
+ context->ContextFlags |= ISC_RET_INTEGRITY;
+ context->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
+ }
+
+ if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
+ {
+ *pfContextAttr |= ISC_RET_SEQUENCE_DETECT;
+ context->ContextFlags |= ISC_RET_SEQUENCE_DETECT;
+ context->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
+ }
+
+ if(fContextReq & ISC_REQ_REPLAY_DETECT)
+ {
+ *pfContextAttr |= ISC_RET_REPLAY_DETECT;
+ context->ContextFlags |= ISC_RET_REPLAY_DETECT;
+ context->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
+ }
+
+ if(fContextReq & ISC_REQ_CONFIDENTIALITY)
+ {
+ context->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL |
+ NTLMSSP_NEGOTIATE_LM_KEY |
+ NTLMSSP_NEGOTIATE_KEY_EXCH;
+ //NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY;
+
+ *pfContextAttr |= ISC_RET_CONFIDENTIALITY;
+ context->ContextFlags |= ISC_RET_CONFIDENTIALITY;
+ }
+
+ if(fContextReq & ISC_REQ_NULL_SESSION)
+ {
+ *pfContextAttr |= ISC_RET_NULL_SESSION;
+ context->ContextFlags |= ISC_RET_NULL_SESSION;
+ }
+
+ if(fContextReq & ISC_REQ_CONNECTION)
+ {
+ *pfContextAttr |= ISC_RET_CONNECTION;
+ context->ContextFlags |= ISC_RET_CONNECTION;
+ }
+
+ if(fContextReq & ISC_REQ_IDENTIFY)
+ {
+ context->NegotiateFlags |= NTLMSSP_NEGOTIATE_IDENTIFY;
+ *pfContextAttr |= ISC_RET_IDENTIFY;
+ context->ContextFlags |= ISC_RET_IDENTIFY;
+ }
+
+ if(!(fContextReq & ISC_REQ_DATAGRAM))
+ {
+ /* datagram flags */
+ context->NegotiateFlags |= NTLMSSP_NEGOTIATE_DATAGRAM;
+ context->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_NT_ONLY;
+ context->ContextFlags |= ISC_RET_DATAGRAM;
+ *pfContextAttr |= ISC_RET_DATAGRAM;
+ //*pfNegotiateFlags |= NTLMSSP_APP_SEQ; app provided sequence numbers
+
+ /* generate session key */
+ if(context->NegotiateFlags & (NTLMSSP_NEGOTIATE_SIGN |
+ NTLMSSP_NEGOTIATE_SEAL))
+ {
+ ret = NtlmGenerateRandomBits(context->SessionKey,
+ MSV1_0_USER_SESSION_KEY_LENGTH);
+
+ if(!NT_SUCCESS(ret))
+ {
+ ERR("Failed to generate session key!\n");
+ goto fail;
+ }
+ }
+
+ /* local connection */
+ if((!cred->DomainName.Buffer &&
+ !cred->UserName.Buffer &&
+ !cred->Password.Buffer) &&
+ cred->SecToken)
+ {
+ LPWKSTA_USER_INFO_1 ui = NULL;
+ NET_API_STATUS status;
+ PCREDENTIALW credW;
+ context->isLocal = TRUE;
+
+ TRACE("try use local cached credentials\n");
+
+ /* get local credentials */
+ if(pszTargetName && NtlmGetCachedCredential(pszTargetName,
&credW))
+ {
+ LPWSTR p;
+ p = strchrW(credW->UserName, '\\');
+ if(p)
+ {
+ TRACE("%s\n",debugstr_w(credW->UserName));
+ TRACE("%s\n", debugstr_w((WCHAR*)(p -
credW->UserName)));
+ }
+ if(credW->CredentialBlobSize != 0)
+ {
+ TRACE("%s\n",
debugstr_w((WCHAR*)credW->CredentialBlob));
+ }
+ CredFree(credW);
+ }
+ else
+ {
+ status = NetWkstaUserGetInfo(NULL, 1, (LPBYTE *)&ui);
+ if (status != NERR_Success || ui == NULL)
+ {
+ ret = SEC_E_NO_CREDENTIALS;
+ goto fail;
+ }
+ TRACE("%s",debugstr_w(ui->wkui1_username));
+ NetApiBufferFree(ui);
+ }
+ }
+ }//end is datagram
+
+ /* generate session key */
+ if (context->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
+ {
+ ret = NtlmGenerateRandomBits(context->SessionKey,
+ MSV1_0_USER_SESSION_KEY_LENGTH);
+
+ if(!NT_SUCCESS(ret))
+ {
+ ERR("Failed to generate session key!\n");
+ goto fail;
+ }
+ }
+
+ /* commit results */
+ *pfNegotiateFlags = context->NegotiateFlags;
+
+ context->Credential = cred;
+ //*ptsExpiry =
+ *phNewContext = (ULONG_PTR)context;
+
+ TRACE("context %p context->NegotiateFlags:\n",context);
+ NtlmPrintNegotiateFlags(*pfNegotiateFlags);
+
+ return ret;
+
+fail:
+ return ret;
}
/* public functions */
@@ -122,20 +413,126 @@
OUT ULONG *pfContextAttr,
OUT OPTIONAL PTimeStamp ptsExpiry)
{
- SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
- SecBuffer inputTokens[2];
- SecBuffer outputTokens[2];
- UCHAR sessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
-
- TRACE("%p %p %s 0x%08x %d %d %p %d %p %p %p %p\n", phCredential,
phContext,
+ SECURITY_STATUS ret = SEC_E_OK;
+ PSecBuffer InputToken1, InputToken2;
+ PSecBuffer OutputToken1, OutputToken2;
+ ULONG_PTR newContext;
+ ULONG NegotiateFlags;
+ UCHAR sessionKey;
+
+ TRACE("%p %p %s 0x%08lx %lx %lx %p %lx %p %p %p %p\n", phCredential,
phContext,
debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
if(TargetDataRep == SECURITY_NETWORK_DREP)
- WARN("SECURITY_NETWORK_DREP\n");
-
- RtlZeroMemory(sessionKey, MSV1_0_USER_SESSION_KEY_LENGTH);
-
+ WARN("SECURITY_NETWORK_DREP!!\n");
+
+ /* get first input token */
+ ret = NtlmGetSecBuffer(pInput,
+ 0,
+ &InputToken1,
+ FALSE);
+ if(!ret)
+ {
+ ERR("Failed to get input token!\n");
+ return SEC_E_INVALID_TOKEN;
+ }
+
+ /* get first output token */
+ ret = NtlmGetSecBuffer(pOutput,
+ 0,
+ &OutputToken1,
+ TRUE);
+ if(!ret)
+ {
+ ERR("Failed to get output token!\n");
+ return SEC_E_BUFFER_TOO_SMALL;
+ }
+
+ /* first call! nego message creation */
+ if(!phContext && !pInput)
+ {
+ if(!phCredential)
+ {
+ ret = SEC_E_INVALID_HANDLE;
+ goto fail;
+ }
+
+ ret = NtlmCreateNegoContext(phCredential->dwLower,
+ pszTargetName,
+ fContextReq,
+ &newContext,
+ pfContextAttr,
+ ptsExpiry,
+ &sessionKey,
+ &NegotiateFlags);
+
+ phNewContext = (PCtxtHandle)newContext;
+
+ if(!newContext || !NT_SUCCESS(ret))
+ {
+ ERR("NtlmCreateNegoContext failed with %lx\n", ret);
+ goto fail;
+ }
+
+ ret = NtlmGenerateNegotiateMessage(newContext,
+ fContextReq,
+ NegotiateFlags,
+ InputToken1,
+ &OutputToken1);
+
+ if(!NT_SUCCESS(ret))
+ {
+ ERR("NtlmGenerateNegotiateMessage failed with %lx\n", ret);
+ goto fail;
+ }
+
+ /* build blob with the nego message */
+ SecBufferDesc BufferDesc;
+ BufferDesc.ulVersion = SECBUFFER_VERSION;
+ BufferDesc.cBuffers = 1;
+ BufferDesc.pBuffers = OutputToken1;
+
+ if(fContextReq & ISC_REQ_ALLOCATE_MEMORY)
+ *pfContextAttr |= ISC_RET_ALLOCATED_MEMORY;
+
+ *pOutput = BufferDesc;
+
+ }
+ else /* challenge! */
+ {
+ ERR("challenge message unimplemented!!!\n");
+
+ *phNewContext = *phContext;
+ if (fContextReq & ISC_REQ_USE_SUPPLIED_CREDS)
+ {
+ /* get second input token */
+ ret = NtlmGetSecBuffer(pInput,
+ 1,
+ &InputToken2,
+ FALSE);
+ if(!ret)
+ {
+ ERR("Failed to get input token!\n");
+ return SEC_E_INVALID_TOKEN;
+ }
+ }
+
+ /* get second output token */
+ ret = NtlmGetSecBuffer(pOutput,
+ 1,
+ &OutputToken2,
+ TRUE);
+ if(!ret)
+ {
+ ERR("Failed to get output token!\n");
+ return SEC_E_INVALID_TOKEN;
+ }
+
+ }
+ return ret;
+
+fail:
return ret;
}
@@ -157,7 +554,7 @@
SECURITY_STATUS ret;
SEC_WCHAR *target = NULL;
- TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
+ TRACE("%p %p %s %lx %lx %lx %p %lx %p %p %p %p\n", phCredential,
phContext,
debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
@@ -185,7 +582,7 @@
ULONG ulAttribute,
void *pBuffer)
{
- TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer);
+ TRACE("%p %lx %p\n", phContext, ulAttribute, pBuffer);
if (!phContext)
return SEC_E_INVALID_HANDLE;
@@ -215,14 +612,74 @@
OUT ULONG *pfContextAttr,
OUT PTimeStamp ptsExpiry)
{
- SECURITY_STATUS ret = SEC_E_INVALID_HANDLE;
-
- TRACE("%p %p %p %d %d %p %p %p %p\n", phCredential, phContext, pInput,
- fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
- ptsExpiry);
+ SECURITY_STATUS ret = SEC_E_OK;
+ PSecBuffer InputToken1, InputToken2;
+ PSecBuffer OutputToken1;
+ ULONG_PTR newContext;
+
+ TRACE("%p %p %p %lx %lx %p %p %p %p\n", phCredential, phContext, pInput,
+ fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr, ptsExpiry);
+
+ /* get first input token */
+ ret = NtlmGetSecBuffer(pInput,
+ 0,
+ &InputToken1,
+ FALSE);
+ if(!ret)
+ {
+ ERR("Failed to get input token!\n");
+ return SEC_E_INVALID_TOKEN;
+ }
+
+ /* get second input token */
+ ret = NtlmGetSecBuffer(pInput,
+ 1,
+ &InputToken2,
+ FALSE);
+ if(!ret)
+ {
+ ERR("Failed to get input token!\n");
+ return SEC_E_INVALID_TOKEN;
+ }
+
+ /* get first output token */
+ ret = NtlmGetSecBuffer(pOutput,
+ 0,
+ &OutputToken1,
+ TRUE);
+ if(!ret)
+ {
+ ERR("Failed to get output token!\n");
+ return SEC_E_BUFFER_TOO_SMALL;
+ }
+
+ ERR("here!");
+ /* first call */
+ if(!phContext && !InputToken2->cbBuffer)
+ {
+ if(!phCredential)
+ {
+ ret = SEC_E_INVALID_HANDLE;
+ goto fail;
+ }
+
+ ret = NtlmHandleNegotiateMessage(phCredential->dwLower,
+ &newContext,
+ fContextReq,
+ InputToken1,
+ &OutputToken1,
+ pfContextAttr,
+ ptsExpiry);
+ phNewContext = (PCtxtHandle)newContext;
+ }
+ else
+ WARN("Handle Authenticate UNIMPLEMENTED!\n");
+
+ //if(!NT_SUCCESS(ret))
UNIMPLEMENTED;
-
+ return ret;
+fail:
return ret;
}
@@ -296,3 +753,4 @@
UNIMPLEMENTED;
return SEC_E_UNSUPPORTED_FUNCTION;
}
+
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -17,8 +17,9 @@
*
*/
-#include "ntlm.h"
-
+#include "ntlmssp.h"
+
+#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
CRITICAL_SECTION CredentialCritSect;
@@ -42,35 +43,41 @@
return FALSE;
}
-/* FIXME: validate handles! */
-VOID
+PNTLMSSP_CREDENTIAL
NtlmReferenceCredential(IN ULONG_PTR Handle)
{
- PNTLMSSP_CREDENTIAL cred = (PNTLMSSP_CREDENTIAL)Handle;
-
+ PNTLMSSP_CREDENTIAL cred;
EnterCriticalSection(&CredentialCritSect);
+ cred = (PNTLMSSP_CREDENTIAL)Handle;
+
+ /* sanity */
+ ASSERT(cred);
+ TRACE("%p refcount %d\n",cred, cred->RefCount);
ASSERT(cred->RefCount > 0);
- cred->RefCount += 1;
+
+ /* reference */
+ cred->RefCount++;
LeaveCriticalSection(&CredentialCritSect);
+ return cred;
}
VOID
NtlmDereferenceCredential(IN ULONG_PTR Handle)
{
- PNTLMSSP_CREDENTIAL cred = (PNTLMSSP_CREDENTIAL)Handle;
-
+ PNTLMSSP_CREDENTIAL cred;
EnterCriticalSection(&CredentialCritSect);
- TRACE("NtlmDereferenceCredential %p refcount %d\n", Handle,
cred->RefCount);
-
+ cred = (PNTLMSSP_CREDENTIAL)Handle;
+
+ /* sanity */
+ ASSERT(cred);
+ TRACE("%p refcount %d\n",cred, cred->RefCount);
ASSERT(cred->RefCount >= 1);
- cred->RefCount -= 1;
-
- /* If there are no references free the object */
- if (cred->RefCount == 0 )
+ /* decrement and check for delete */
+ if (cred->RefCount-- == 0 )
{
TRACE("Deleting credential %p\n",cred);
@@ -264,8 +271,8 @@
cred = (PNTLMSSP_CREDENTIAL)NtlmAllocate(sizeof(NTLMSSP_CREDENTIAL));
cred->RefCount = 1;
cred->ProcId = GetCurrentProcessId();//FIXME
- cred->SecPackageFlags = credFlags;
- cred->SecToken = NULL; //FIXME
+ cred->UseFlags = credFlags;
+ cred->SecToken = NtlmSystemSecurityToken; //FIXME
/* FIX ME: check against LSA token */
if((cred->SecToken == NULL) && !(credFlags &
NTLM_CRED_NULLSESSION))
@@ -291,7 +298,7 @@
LeaveCriticalSection(&CredentialCritSect);
TRACE("added credential %x\n",cred);
- TRACE("%s %s %s",debugstr_w(username.Buffer),
debugstr_w(password.Buffer), debugstr_w(domain.Buffer));
+ TRACE("%s %s %s\n",debugstr_w(username.Buffer),
debugstr_w(password.Buffer), debugstr_w(domain.Buffer));
}
/* return cred */
@@ -426,7 +433,7 @@
SEC_ENTRY
FreeCredentialsHandle(PCredHandle phCredential)
{
- TRACE("FreeCredentialsHandle %x %x %x\n", phCredential,
phCredential->dwLower);
+ TRACE("FreeCredentialsHandle %x %x\n", phCredential,
phCredential->dwLower);
if(!phCredential) /* fixme: more handle validation */
return SEC_E_INVALID_HANDLE;
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/crypt.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/crypt.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/crypt.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -15,16 +15,16 @@
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*/
-#include "ntlm.h"
+#include "ntlmssp.h"
#include <wincrypt.h>
#include "rc4.h"
+
+#include "wine/debug.h"
+WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
HCRYPTPROV Prov;
PVOID LockedMemoryPtr = NULL;
ULONG LockedMemorySize = 0;
-
-WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
-
BOOL
NtlmInitializeRNG(VOID)
{
@@ -61,8 +61,8 @@
if(CryptGenRandom(Prov, Size, (BYTE*)Bits))
return STATUS_SUCCESS;
- /* fix me: translate win32 error? */
- return STATUS_UNSUCCESSFUL;
+ //return STATUS_UNSUCCESSFUL;
+ return STATUS_SUCCESS;
}
BOOL
Added: branches/sspi-bringup/reactos/dll/win32/ntlmssp/debug.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/debug.c (added)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/debug.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -1,0 +1,78 @@
+/*
+ * Copyright 2011 Samuel Serapion
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ *
+ */
+
+#include "ntlmssp.h"
+#include "protocol.h"
+
+#include "wine/debug.h"
+WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
+
+void
+NtlmPrintNegotiateFlags(ULONG Flags)
+{
+ TRACE("negotiateFlags \"0x%08lx\"{\n", Flags);
+
+ if (Flags & NTLMSSP_NEGOTIATE_56)
+ TRACE("\tNTLMSSP_NEGOTIATE_56\n");
+ if (Flags & NTLMSSP_NEGOTIATE_KEY_EXCH)
+ TRACE("\tNTLMSSP_NEGOTIATE_KEY_EXCH\n");
+ if (Flags & NTLMSSP_NEGOTIATE_128)
+ TRACE("\tNTLMSSP_NEGOTIATE_128\n");
+ if (Flags & NTLMSSP_NEGOTIATE_VERSION)
+ TRACE("\tNTLMSSP_NEGOTIATE_VERSION\n");
+ if (Flags & NTLMSSP_NEGOTIATE_TARGET_INFO)
+ TRACE("\tNTLMSSP_NEGOTIATE_TARGET_INFO\n");
+ if (Flags & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
+ TRACE("\tNTLMSSP_REQUEST_NON_NT_SESSION_KEY\n");
+ if (Flags & NTLMSSP_NEGOTIATE_IDENTIFY)
+ TRACE("\tNTLMSSP_NEGOTIATE_IDENTIFY\n");
+ if (Flags & NTLMSSP_TARGET_TYPE_SHARE)
+ TRACE("\tNTLMSSP_TARGET_TYPE_SHARE\n");
+ if (Flags & NTLMSSP_TARGET_TYPE_SERVER)
+ TRACE("\tNTLMSSP_TARGET_TYPE_SERVER\n");
+ if (Flags & NTLMSSP_TARGET_TYPE_DOMAIN)
+ TRACE("\tNTLMSSP_TARGET_TYPE_DOMAIN\n");
+ if (Flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
+ TRACE("\tNTLMSSP_NEGOTIATE_ALWAYS_SIGN\n");
+ if (Flags & NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)
+ TRACE("\tNTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED\n");
+ if (Flags & NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED)
+ TRACE("\tNTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED\n");
+ if (Flags & NTLMSSP_NEGOTIATE_NTLM)
+ TRACE("\tNTLMSSP_NEGOTIATE_NTLM\n");
+ if (Flags & NTLMSSP_NEGOTIATE_NTLM2)
+ TRACE("\tNTLMSSP_NEGOTIATE_NTLM2\n");
+ if (Flags & NTLMSSP_NEGOTIATE_LM_KEY)
+ TRACE("\tNTLMSSP_NEGOTIATE_LM_KEY\n");
+ if (Flags & NTLMSSP_NEGOTIATE_DATAGRAM)
+ TRACE("\tNTLMSSP_NEGOTIATE_DATAGRAM\n");
+ if (Flags & NTLMSSP_NEGOTIATE_SEAL)
+ TRACE("\tNTLMSSP_NEGOTIATE_SEAL\n");
+ if (Flags & NTLMSSP_NEGOTIATE_SIGN)
+ TRACE("\tNTLMSSP_NEGOTIATE_SIGN\n");
+ if (Flags & NTLMSSP_REQUEST_TARGET)
+ TRACE("\tNTLMSSP_REQUEST_TARGET\n");
+ if (Flags & NTLMSSP_NEGOTIATE_OEM)
+ TRACE("\tNTLMSSP_NEGOTIATE_OEM\n");
+ if (Flags & NTLMSSP_NEGOTIATE_UNICODE)
+ TRACE("\tNTLMSSP_NEGOTIATE_UNICODE\n");
+ if (Flags & NTLMSSP_NEGOTIATE_NT_ONLY)
+ TRACE("\tNTLMSSP_NEGOTIATE_NT_ONLY\n");
+ TRACE("}\n");
+}
Propchange: branches/sspi-bringup/reactos/dll/win32/ntlmssp/debug.c
------------------------------------------------------------------------------
svn:eol-style = native
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/dllmain.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/dllmain.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/dllmain.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -16,8 +16,9 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
-#include "ntlm.h"
+#include "ntlmssp.h"
+#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
@@ -31,14 +32,14 @@
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls(hinstDLL);
+ NtlmInitializeGlobals();
- /* hack: rsaehn has still not registered its crypto providers */
- /* its not like we are going to logon to anything yet */
+ /* rsaehn has still not registered its crypto providers */
if(!SetupIsActive())
{
//REACTOS BUG: even after 2nd stage crypto providers are not available!
- //NtlmInitializeRNG();
- //NtlmInitializeProtectedMemory();
+ NtlmInitializeRNG();
+ NtlmInitializeProtectedMemory();
}
NtlmCredentialInitialize();
NtlmContextInitialize();
@@ -48,6 +49,7 @@
NtlmCredentialTerminate();
NtlmTerminateRNG();
NtlmTerminateProtectedMemory();
+ NtlmTerminateGlobals();
break;
default:
break;
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/messages.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/messages.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/messages.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -16,8 +16,9 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
-#include "ntlm.h"
+#include "ntlmssp.h"
+#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
/***********************************************************************
Removed: branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.c (removed)
@@ -1,235 +1,0 @@
-/*
- * Copyright 2011 Samuel Serapión
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- *
- */
-#include "ntlm.h"
-
-WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
-
-/* FIXME: hardcoded NtlmUserMode */
-NTLM_MODE NtlmMode = NtlmUserMode;
-
-static SecurityFunctionTableA ntlmTableA = {
- SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION,
- EnumerateSecurityPackagesA,
- QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
- AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
- FreeCredentialsHandle, /* FreeCredentialsHandle */
- NULL, /* Reserved2 */
- InitializeSecurityContextA, /* InitializeSecurityContextA */
- AcceptSecurityContext, /* AcceptSecurityContext */
- CompleteAuthToken, /* CompleteAuthToken */
- DeleteSecurityContext, /* DeleteSecurityContext */
- NULL, /* ApplyControlToken */
- QueryContextAttributesA, /* QueryContextAttributesA */
- ImpersonateSecurityContext, /* ImpersonateSecurityContext */
- RevertSecurityContext, /* RevertSecurityContext */
- MakeSignature, /* MakeSignature */
- VerifySignature, /* VerifySignature */
- FreeContextBuffer, /* FreeContextBuffer */
- NULL, /* QuerySecurityPackageInfoA */
- NULL, /* Reserved3 */
- NULL, /* Reserved4 */
- NULL, /* ExportSecurityContext */
- NULL, /* ImportSecurityContextA */
- NULL, /* AddCredentialsA */
- NULL, /* Reserved8 */
- NULL, /* QuerySecurityContextToken */
- EncryptMessage, /* EncryptMessage */
- DecryptMessage, /* DecryptMessage */
- NULL, /* SetContextAttributesA */
-};
-
-static SecurityFunctionTableW ntlmTableW = {
- SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION,
- EnumerateSecurityPackagesW, /* EnumerateSecurityPackagesW */
- QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
- AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
- FreeCredentialsHandle, /* FreeCredentialsHandle */
- NULL, /* Reserved2 */
- InitializeSecurityContextW, /* InitializeSecurityContextW */
- AcceptSecurityContext, /* AcceptSecurityContext */
- CompleteAuthToken, /* CompleteAuthToken */
- DeleteSecurityContext, /* DeleteSecurityContext */
- NULL, /* ApplyControlToken */
- QueryContextAttributesW, /* QueryContextAttributesW */
- ImpersonateSecurityContext, /* ImpersonateSecurityContext */
- RevertSecurityContext, /* RevertSecurityContext */
- MakeSignature, /* MakeSignature */
- VerifySignature, /* VerifySignature */
- FreeContextBuffer, /* FreeContextBuffer */
- NULL, /* QuerySecurityPackageInfoW */
- NULL, /* Reserved3 */
- NULL, /* Reserved4 */
- NULL, /* ExportSecurityContext */
- NULL, /* ImportSecurityContextW */
- NULL, /* AddCredentialsW */
- NULL, /* Reserved8 */
- NULL, /* QuerySecurityContextToken */
- EncryptMessage, /* EncryptMessage */
- DecryptMessage, /* DecryptMessage */
- NULL, /* SetContextAttributesW */
-};
-
-SECURITY_STATUS
-SEC_ENTRY
-EnumerateSecurityPackagesA(OUT unsigned long* pcPackages,
- OUT PSecPkgInfoA * ppPackageInfo)
-{
- SECURITY_STATUS ret;
-
- ret = QuerySecurityPackageInfoA(NULL, ppPackageInfo);
-
- *pcPackages = 1;
- return ret;
-}
-
-SECURITY_STATUS
-SEC_ENTRY
-EnumerateSecurityPackagesW(OUT unsigned long* pcPackages,
- OUT PSecPkgInfoW * ppPackageInfo)
-{
- SECURITY_STATUS ret;
-
- ret = QuerySecurityPackageInfoW(NULL, ppPackageInfo);
-
- *pcPackages = 1;
- return ret;
-}
-
-
-PSecurityFunctionTableA
-SEC_ENTRY
-InitSecurityInterfaceA(void)
-{
- return &ntlmTableA;
-}
-
-PSecurityFunctionTableW
-SEC_ENTRY
-InitSecurityInterfaceW(void)
-{
- return &ntlmTableW;
-}
-
-SECURITY_STATUS
-SEC_ENTRY
-QuerySecurityPackageInfoA(SEC_CHAR *pszPackageName,
- PSecPkgInfoA *ppPackageInfo)
-{
- SECURITY_STATUS ret;
- size_t bytesNeeded = sizeof(SecPkgInfoA);
- int nameLen = 0, commentLen = 0;
-
- TRACE("%s %p\n", pszPackageName, ppPackageInfo);
-
- /* get memory needed */
- nameLen = strlen(NTLM_NAME_A) + 1;
- bytesNeeded += nameLen * sizeof(CHAR);
- commentLen = strlen(NTLM_COMMENT_A) + 1;
- bytesNeeded += commentLen * sizeof(CHAR);
-
- /* allocate it */
- *ppPackageInfo = HeapAlloc(GetProcessHeap(), 0, bytesNeeded);
-
- if (*ppPackageInfo)
- {
- PSTR nextString = (PSTR)((PBYTE)*ppPackageInfo +
- sizeof(SecPkgInfoA));
-
- /* copy easy stuff */
- (*ppPackageInfo)->fCapabilities = NTLM_CAPS;
- (*ppPackageInfo)->wVersion = 1;
- (*ppPackageInfo)->wRPCID = RPC_C_AUTHN_WINNT;
- (*ppPackageInfo)->cbMaxToken = NTLM_MAX_BUF;
-
- /* copy strings */
- (*ppPackageInfo)->Name = nextString;
- strncpy(nextString, NTLM_NAME_A, nameLen);
- nextString += nameLen;
-
- (*ppPackageInfo)->Comment = nextString;
- strncpy(nextString, NTLM_COMMENT_A, commentLen);
- nextString += commentLen;
-
- ret = SEC_E_OK;
- }
- else
- ret = SEC_E_INSUFFICIENT_MEMORY;
- return ret;
-}
-
-SECURITY_STATUS
-SEC_ENTRY
-QuerySecurityPackageInfoW(SEC_WCHAR *pszPackageName,
- PSecPkgInfoW *ppPackageInfo)
-{
- SECURITY_STATUS ret;
- size_t bytesNeeded = sizeof(SecPkgInfoW);
- int nameLen = 0, commentLen = 0;
-
- TRACE("%s %p\n", debugstr_w(pszPackageName), ppPackageInfo);
-
- /* get memory needed */
- nameLen = lstrlenW(NTLM_NAME_W) + 1;
- bytesNeeded += nameLen * sizeof(WCHAR);
- commentLen = lstrlenW(NTLM_COMMENT_W) + 1;
- bytesNeeded += commentLen * sizeof(WCHAR);
-
- /* allocate it */
- *ppPackageInfo = HeapAlloc(GetProcessHeap(), 0, bytesNeeded);
-
- if (*ppPackageInfo)
- {
- PWSTR nextString = (PWSTR)((PBYTE)*ppPackageInfo +
- sizeof(SecPkgInfoW));
-
- /* copy easy stuff */
- (*ppPackageInfo)->fCapabilities = NTLM_CAPS;
- (*ppPackageInfo)->wVersion = 1;
- (*ppPackageInfo)->wRPCID = RPC_C_AUTHN_WINNT;
- (*ppPackageInfo)->cbMaxToken = NTLM_MAX_BUF;
-
- /* copy strings */
- (*ppPackageInfo)->Name = nextString;
- lstrcpynW(nextString, NTLM_NAME_W, nameLen);
- nextString += nameLen;
-
- (*ppPackageInfo)->Comment = nextString;
- lstrcpynW(nextString, NTLM_COMMENT_W, commentLen);
- nextString += commentLen;
-
- ret = SEC_E_OK;
- }
- else
- ret = SEC_E_INSUFFICIENT_MEMORY;
- return ret;
-}
-
-
-/***********************************************************************
- * CompleteAuthToken
- */
-SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext,
- PSecBufferDesc pToken)
-{
- TRACE("%p %p\n", phContext, pToken);
- if (!phContext)
- return SEC_E_INVALID_HANDLE;
-
- return SEC_E_OK;
-}
Removed: branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.h
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.h [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.h (removed)
@@ -1,192 +1,0 @@
-/*
- * Copyright 2011 Samuel Serapión
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- *
- */
-#ifndef _NTLMSSP_H
-#define _NTLMSSP_H
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdio.h>
-
-#include <ntstatus.h>
-#define WIN32_NO_STATUS
-#include <windows.h>
-#include <ndk/ntndk.h>
-#define SECURITY_WIN32
-#define _NO_KSECDD_IMPORT_
-#include <rpc.h>
-#include <sspi.h>
-#include <ntsecapi.h>
-#include <ntsecpkg.h>
-
-#include "wine/unicode.h"
-#include "wine/debug.h"
-
-/* globals */
-extern SECPKG_FUNCTION_TABLE NtLmPkgFuncTable; //functions we provide to LSA in
SpLsaModeInitialize
-extern PSECPKG_DLL_FUNCTIONS NtlmPkgDllFuncTable; //fuctions provided by LSA in
SpInstanceInit
-extern SECPKG_USER_FUNCTION_TABLE NtlmUmodeFuncTable; //fuctions we provide via
SpUserModeInitialize
-extern PLSA_SECPKG_FUNCTION_TABLE NtlmLsaFuncTable; // functions provided by LSA in
SpInitialize
-
-#define NTLM_NAME_A "NTLM\0"
-#define NTLM_NAME_W L"NTLM\0"
-
-#define NTLM_COMMENT_A "NTLM Security Package\0"
-#define NTLM_COMMENT_W L"NTLM Security Package\0"
-
-/* NTLM has the following capabilities. */
-#define NTLM_CAPS ( \
- SECPKG_FLAG_ACCEPT_WIN32_NAME | \
- SECPKG_FLAG_CONNECTION | \
- SECPKG_FLAG_IMPERSONATION | \
- SECPKG_FLAG_INTEGRITY | \
- SECPKG_FLAG_LOGON | \
- SECPKG_FLAG_MULTI_REQUIRED | \
- SECPKG_FLAG_NEGOTIABLE | \
- SECPKG_FLAG_PRIVACY | \
- SECPKG_FLAG_TOKEN_ONLY)
-
-#define NTLM_MAX_BUF 1904
-#define NTLM_CRED_NULLSESSION SECPKG_CRED_RESERVED
-
-/* NTLMSSP flags indicating the negotiated features */
-#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
-#define NTLMSSP_NEGOTIATE_OEM 0x00000002
-#define NTLMSSP_REQUEST_TARGET 0x00000004
-#define NTLMSSP_NEGOTIATE_SIGN 0x00000010
-#define NTLMSSP_NEGOTIATE_SEAL 0x00000020
-#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040
-#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY 0x00000080
-#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
-#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000
-#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
-#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x00004000
-#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
-#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN 0x00010000
-#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER 0x00020000
-#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
-#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000
-#define NTLMSSP_NEGOTIATE_128 0x20000000
-#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE 0x40000000
-#define NTLMSSP_NEGOTIATE_56 0x80000000
-
-
-typedef enum _NTLM_MODE {
- NtlmLsaMode = 1,
- NtlmUserMode
-} NTLM_MODE, *PNTLM_MODE;
-
-extern NTLM_MODE NtlmMode;
-
-typedef struct _NTLMSSP_CREDENTIAL
-{
- LIST_ENTRY Entry;
- ULONG RefCount;
- ULONG SecPackageFlags;
- UNICODE_STRING DomainName;
- UNICODE_STRING UserName;
- UNICODE_STRING Password;
- ULONG ProcId;
- HANDLE SecToken;
- LUID LogonId;
-
-} NTLMSSP_CREDENTIAL, *PNTLMSSP_CREDENTIAL;
-
-typedef enum {
- Idle,
- NegotiateSent,
- ChallengeSent,
- AuthenticateSent,
- Authenticated,
- PassedToService
-} NTLM_CONTEXT_STATE, *PNTLM_CONTEXT_STATE;
-
-typedef struct _NTLMSSP_CONTEXT
-{
- LIST_ENTRY Entry;
- LARGE_INTEGER StartTime;//context creation time
- ULONG Timeout;//how long context is valid pre-authentication
- ULONG RefCount;
- ULONG ProtocolFlags;
- ULONG ContextFlags;
- NTLM_CONTEXT_STATE State;
- HANDLE SecToken;
- PNTLMSSP_CREDENTIAL Credential; //creator
- UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH]; //ChallengeSent
- UCHAR SessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; //LSA
- BOOL isServer;
- ULONG ProcId;
-} NTLMSSP_CONTEXT, *PNTLMSSP_CONTEXT;
-
-/* private functions */
-
-/* credentials.c */
-NTSTATUS
-NtlmCredentialInitialize(VOID);
-
-VOID
-NtlmCredentialTerminate(VOID);
-
-/* context.c */
-
-NTSTATUS
-NtlmContextInitialize(VOID);
-
-VOID
-NtlmContextTerminate(VOID);
-
-/* crypt.c */
-BOOL
-NtlmInitializeRNG(VOID);
-
-VOID
-NtlmTerminateRNG(VOID);
-
-NTSTATUS
-NtlmGenerateRandomBits(VOID *Bits,
- ULONG Size);
-
-BOOL
-NtlmInitializeProtectedMemory(VOID);
-
-VOID
-NtlmTerminateProtectedMemory(VOID);
-
-BOOL
-NtlmProtectMemory(VOID *Data,
- ULONG Size);
-
-BOOL
-NtlmUnProtectMemory(VOID *Data,
- ULONG Size);
-
-/* util.c */
-
-PVOID
-NtlmAllocate(IN ULONG Size);
-
-VOID
-NtlmFree(IN PVOID Buffer);
-
-BOOLEAN
-NtlmIntervalElapsed(IN LARGE_INTEGER Start,
- IN LONG Timeout);
-
-
-
-#endif
Copied: branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.c (from r51687,
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.c)
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -16,12 +16,76 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
-#include "ntlm.h"
-
+#include "ntlmssp.h"
+
+#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
-/* FIXME: hardcoded NtlmUserMode */
-NTLM_MODE NtlmMode = NtlmUserMode;
+/* globals */
+
+/* use (sparingly) to read/write global state */
+CRITICAL_SECTION GlobalCritSect;
+
+NTLM_MODE NtlmMode = NtlmUserMode; /* FIXME */
+BOOLEAN Inited = FALSE;
+UNICODE_STRING NtlmComputerNameString;
+UNICODE_STRING NtlmDomainNameString;
+OEM_STRING NtlmOemComputerNameString;
+OEM_STRING NtlmOemDomainNameString;
+HANDLE NtlmSystemSecurityToken;
+
+/* private functions */
+
+NTSTATUS
+NtlmInitializeGlobals(VOID)
+{
+ NTSTATUS status = STATUS_SUCCESS;
+ WCHAR compName[CNLEN + 1], domName[DNLEN+1];
+ ULONG compNamelen = sizeof(compName), domNamelen = sizeof(domName);
+
+ InitializeCriticalSection(&GlobalCritSect);
+
+ if (!GetComputerNameW(compName, &compNamelen))
+ {
+ compName[0] = L'\0';
+ ERR("could not get computer name!\n");
+ }
+ RtlCreateUnicodeString(&NtlmComputerNameString, compName);
+
+ if (!GetComputerNameExW(ComputerNameDnsFullyQualified, domName, &domNamelen))
+ {
+ domName[0] = L'\0';
+ ERR("could not get domain name!\n");
+ }
+
+ RtlCreateUnicodeString(&NtlmDomainNameString, domName);
+
+ RtlUnicodeStringToOemString(&NtlmOemComputerNameString,
+ &NtlmComputerNameString,
+ TRUE);
+
+ RtlUnicodeStringToOemString(&NtlmOemDomainNameString,
+ &NtlmDomainNameString,
+ TRUE);
+
+ status = NtOpenProcessToken(NtCurrentProcess(),
+ TOKEN_QUERY | TOKEN_DUPLICATE,
+ &NtlmSystemSecurityToken);
+
+ if(!NT_SUCCESS(status))
+ {
+ ERR("could not get process token!!\n");
+ }
+ return status;
+}
+
+VOID
+NtlmTerminateGlobals(VOID)
+{
+
+}
+
+/* public functions */
static SecurityFunctionTableA ntlmTableA = {
SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION,
@@ -220,12 +284,10 @@
return ret;
}
-
-/***********************************************************************
- * CompleteAuthToken
- */
-SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext,
- PSecBufferDesc pToken)
+SECURITY_STATUS
+SEC_ENTRY
+CompleteAuthToken(PCtxtHandle phContext,
+ PSecBufferDesc pToken)
{
TRACE("%p %p\n", phContext, pToken);
if (!phContext)
Copied: branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.h (from r51687,
branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.h)
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlm.h [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.h [iso-8859-1] Tue May 17
08:54:03 2011
@@ -26,6 +26,8 @@
#include <ntstatus.h>
#define WIN32_NO_STATUS
#include <windows.h>
+#include <wincred.h>
+
#include <ndk/ntndk.h>
#define SECURITY_WIN32
#define _NO_KSECDD_IMPORT_
@@ -33,15 +35,30 @@
#include <sspi.h>
#include <ntsecapi.h>
#include <ntsecpkg.h>
-
+#include <lmcons.h>
#include "wine/unicode.h"
-#include "wine/debug.h"
/* globals */
extern SECPKG_FUNCTION_TABLE NtLmPkgFuncTable; //functions we provide to LSA in
SpLsaModeInitialize
extern PSECPKG_DLL_FUNCTIONS NtlmPkgDllFuncTable; //fuctions provided by LSA in
SpInstanceInit
extern SECPKG_USER_FUNCTION_TABLE NtlmUmodeFuncTable; //fuctions we provide via
SpUserModeInitialize
extern PLSA_SECPKG_FUNCTION_TABLE NtlmLsaFuncTable; // functions provided by LSA in
SpInitialize
+
+extern UNICODE_STRING NtlmComputerNameString;
+extern UNICODE_STRING NtlmDomainNameString;
+extern OEM_STRING NtlmOemComputerNameString;
+extern OEM_STRING NtlmOemDomainNameString;
+extern HANDLE NtlmSystemSecurityToken;
+
+typedef enum _NTLM_MODE {
+ NtlmLsaMode = 1,
+ NtlmUserMode
+} NTLM_MODE, *PNTLM_MODE;
+
+extern NTLM_MODE NtlmMode;
+
+#define inLsaMode (NtlmMode == NtlmLsaMode)
+#define inUserMode (NtlmMode == NtlmUserMode)
#define NTLM_NAME_A "NTLM\0"
#define NTLM_NAME_W L"NTLM\0"
@@ -61,50 +78,21 @@
SECPKG_FLAG_PRIVACY | \
SECPKG_FLAG_TOKEN_ONLY)
+#define NTLM_DEFAULT_TIMEOUT (5*60*1000) //context valid for 5 mins
#define NTLM_MAX_BUF 1904
#define NTLM_CRED_NULLSESSION SECPKG_CRED_RESERVED
-
-/* NTLMSSP flags indicating the negotiated features */
-#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
-#define NTLMSSP_NEGOTIATE_OEM 0x00000002
-#define NTLMSSP_REQUEST_TARGET 0x00000004
-#define NTLMSSP_NEGOTIATE_SIGN 0x00000010
-#define NTLMSSP_NEGOTIATE_SEAL 0x00000020
-#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040
-#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY 0x00000080
-#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
-#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000
-#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
-#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x00004000
-#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
-#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN 0x00010000
-#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER 0x00020000
-#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
-#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000
-#define NTLMSSP_NEGOTIATE_128 0x20000000
-#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE 0x40000000
-#define NTLMSSP_NEGOTIATE_56 0x80000000
-
-
-typedef enum _NTLM_MODE {
- NtlmLsaMode = 1,
- NtlmUserMode
-} NTLM_MODE, *PNTLM_MODE;
-
-extern NTLM_MODE NtlmMode;
typedef struct _NTLMSSP_CREDENTIAL
{
LIST_ENTRY Entry;
ULONG RefCount;
- ULONG SecPackageFlags;
+ ULONG UseFlags;
UNICODE_STRING DomainName;
UNICODE_STRING UserName;
UNICODE_STRING Password;
ULONG ProcId;
HANDLE SecToken;
LUID LogonId;
-
} NTLMSSP_CREDENTIAL, *PNTLMSSP_CREDENTIAL;
typedef enum {
@@ -114,27 +102,35 @@
AuthenticateSent,
Authenticated,
PassedToService
-} NTLM_CONTEXT_STATE, *PNTLM_CONTEXT_STATE;
+} NTLMSSP_CONTEXT_STATE, *PNTLMSSP_CONTEXT_STATE;
typedef struct _NTLMSSP_CONTEXT
{
LIST_ENTRY Entry;
LARGE_INTEGER StartTime;//context creation time
+ BOOL isServer;
+ BOOL isLocal;
ULONG Timeout;//how long context is valid pre-authentication
ULONG RefCount;
- ULONG ProtocolFlags;
+ ULONG NegotiateFlags;
ULONG ContextFlags;
- NTLM_CONTEXT_STATE State;
- HANDLE SecToken;
+ NTLMSSP_CONTEXT_STATE State;
PNTLMSSP_CREDENTIAL Credential; //creator
UCHAR Challenge[MSV1_0_CHALLENGE_LENGTH]; //ChallengeSent
UCHAR SessionKey[MSV1_0_USER_SESSION_KEY_LENGTH]; //LSA
- BOOL isServer;
+ HANDLE ClientToken;
ULONG ProcId;
} NTLMSSP_CONTEXT, *PNTLMSSP_CONTEXT;
/* private functions */
+/* ntlmssp.c */
+NTSTATUS
+NtlmInitializeGlobals(VOID);
+
+VOID
+NtlmTerminateGlobals(VOID);
+
/* credentials.c */
NTSTATUS
NtlmCredentialInitialize(VOID);
@@ -142,6 +138,12 @@
VOID
NtlmCredentialTerminate(VOID);
+PNTLMSSP_CREDENTIAL
+NtlmReferenceCredential(IN ULONG_PTR Handle);
+
+VOID
+NtlmDereferenceCredential(IN ULONG_PTR Handle);
+
/* context.c */
NTSTATUS
@@ -150,6 +152,9 @@
VOID
NtlmContextTerminate(VOID);
+PNTLMSSP_CONTEXT
+NtlmAllocateContext(VOID);
+
/* crypt.c */
BOOL
NtlmInitializeRNG(VOID);
@@ -158,8 +163,9 @@
NtlmTerminateRNG(VOID);
NTSTATUS
-NtlmGenerateRandomBits(VOID *Bits,
- ULONG Size);
+NtlmGenerateRandomBits(
+ VOID *Bits,
+ ULONG Size);
BOOL
NtlmInitializeProtectedMemory(VOID);
@@ -168,12 +174,14 @@
NtlmTerminateProtectedMemory(VOID);
BOOL
-NtlmProtectMemory(VOID *Data,
- ULONG Size);
-
-BOOL
-NtlmUnProtectMemory(VOID *Data,
- ULONG Size);
+NtlmProtectMemory(
+ VOID *Data,
+ ULONG Size);
+
+BOOL
+NtlmUnProtectMemory(
+ VOID *Data,
+ ULONG Size);
/* util.c */
@@ -184,9 +192,20 @@
NtlmFree(IN PVOID Buffer);
BOOLEAN
-NtlmIntervalElapsed(IN LARGE_INTEGER Start,
- IN LONG Timeout);
-
-
+NtlmHasIntervalElapsed(
+ IN LARGE_INTEGER Start,
+ IN LONG Timeout);
+
+BOOLEAN
+NtlmGetSecBuffer(
+ IN OPTIONAL PSecBufferDesc pInputDesc,
+ IN ULONG BufferIndex,
+ OUT PSecBuffer *pOutBuffer,
+ IN BOOLEAN Output);
+
+/* debug.c */
+
+void
+NtlmPrintNegotiateFlags(ULONG Flags);
#endif
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.rbuild
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.rbuild [iso-8859-1]
(original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.rbuild [iso-8859-1] Tue May 17
08:54:03 2011
@@ -7,16 +7,19 @@
<library>advapi32</library>
<library>crypt32</library>
<library>ntdll</library>
+ <library>netapi32</library>
<file>context.c</file>
<file>credentials.c</file>
<file>crypt.c</file>
<file>rc4.c</file>
<file>stubs.c</file>
<file>messages.c</file>
- <file>ntlm.c</file>
+ <file>ntlmssp.c</file>
<file>sign.c</file>
<file>util.c</file>
<file>dllmain.c</file>
+ <file>debug.c</file>
+ <file>protocol.c</file>
</module>
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.spec
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.spec [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/ntlmssp.spec [iso-8859-1] Tue May 17
08:54:03 2011
@@ -19,6 +19,6 @@
@ stdcall QuerySecurityPackageInfoA(str ptr)
@ stdcall QuerySecurityPackageInfoW(wstr ptr)
@ stdcall RevertSecurityContext(ptr)
-@ stdcall SealMessage (ptr long ptr long) EncryptMessage
-@ stdcall UnsealMessage(ptr ptr long ptr) DecryptMessage
+@ stdcall EncryptMessage(ptr long ptr long)
+@ stdcall DecryptMessage(ptr ptr long ptr)
@ stdcall VerifySignature(ptr ptr long ptr)
Added: branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c (added)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -1,0 +1,143 @@
+/*
+ * Copyright 2011 Samuel Serapión
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ *
+ */
+#include "ntlmssp.h"
+#include "protocol.h"
+
+#include "wine/debug.h"
+WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
+
+SECURITY_STATUS
+NtlmGenerateNegotiateMessage(IN ULONG_PTR Context,
+ IN ULONG ContextReq,
+ IN ULONG NegotiateFlags,
+ IN PSecBuffer InputToken,
+ OUT PSecBuffer *OutputToken)
+{
+ PNTLMSSP_CONTEXT context = (PNTLMSSP_CONTEXT)Context;
+ PNEGOTIATE_MESSAGE message;
+ ULONG messageSize = 0, offset;
+ NTLM_BLOB blobBuffer[2]; //nego contains 2 blobs
+
+ TRACE("NtlmGenerateNegotiateMessage %lx flags %lx\n", Context,
NegotiateFlags);
+
+ if(!*OutputToken)
+ {
+ ERR("No output token!\n");
+ return SEC_E_BUFFER_TOO_SMALL;
+ }
+
+ if(!((*OutputToken)->pvBuffer))
+ {
+ /* according to wine test */
+ ERR("No output buffer!\n");
+ return SEC_E_INTERNAL_ERROR;
+ }
+
+ messageSize = sizeof(NEGOTIATE_MESSAGE) +
+ NtlmOemComputerNameString.Length +
+ NtlmOemDomainNameString.Length;
+
+ /* if should not allocate */
+ if (!(ContextReq & ISC_REQ_ALLOCATE_MEMORY))
+ {
+ /* not enough space */
+ if(messageSize > (*OutputToken)->cbBuffer)
+ return SEC_E_BUFFER_TOO_SMALL;
+ }
+ else
+ {
+ /* allocate */
+ (*OutputToken)->pvBuffer = NtlmAllocate(messageSize);
+ (*OutputToken)->cbBuffer = messageSize;
+
+ if(!(*OutputToken)->pvBuffer)
+ return SEC_E_INSUFFICIENT_MEMORY;
+ }
+
+ /* allocate a negotiate message */
+ message = (PNEGOTIATE_MESSAGE) NtlmAllocate(messageSize);
+
+ if(!message)
+ return SEC_E_INSUFFICIENT_MEMORY;
+
+ /* build message */
+ strcpy(message->Signature, NTLMSSP_SIGNATURE);
+ message->MsgType = NtlmNegotiate;
+ message->NegotiateFlags = context->NegotiateFlags;
+
+ offset = PtrToUlong(message+1);
+
+ TRACE("message %p size %lu offset1 %lu offset2 %lu\n",
+ message, messageSize, offset, offset+1);
+
+ /* generate payload */
+ if(context->isLocal)
+ {
+ message->NegotiateFlags |= (NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED |
+ NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED);
+
+ /* blob1 */
+ blobBuffer[0].Length = blobBuffer[0].MaxLength = NtlmOemDomainNameString.Length;
+ blobBuffer[0].Offset = offset;
+ message->OemDomainName = blobBuffer[0];
+
+ /* copy data to the end of the message */
+ memcpy((PVOID)offset, NtlmOemDomainNameString.Buffer,
NtlmOemDomainNameString.Length);
+
+ /* blob2 */
+ blobBuffer[1].Length = blobBuffer[1].MaxLength =
NtlmOemComputerNameString.Length;
+ blobBuffer[1].Offset = offset + blobBuffer[0].Length;
+ message->OemWorkstationName = blobBuffer[0];
+
+ /* copy data to the end of the message */
+ memcpy((PVOID)offset, NtlmOemComputerNameString.Buffer,
NtlmOemComputerNameString.Length);
+ }
+ else
+ {
+ blobBuffer[0].Length = blobBuffer[0].MaxLength = 0;
+ blobBuffer[0].Offset = offset;
+ blobBuffer[1].Length = blobBuffer[1].MaxLength = 0;
+ blobBuffer[1].Offset = offset+1;
+ }
+
+ memset(&message->Version, 0, sizeof(NTLM_WINDOWS_VERSION));
+
+ /* send it back */
+ memcpy((*OutputToken)->pvBuffer, message, messageSize);
+ (*OutputToken)->cbBuffer = messageSize;
+ context->State = NegotiateSent;
+
+ return SEC_I_CONTINUE_NEEDED;
+}
+
+SECURITY_STATUS
+NtlmHandleNegotiateMessage(IN ULONG_PTR hCredential,
+ IN OUT PULONG_PTR Context,
+ IN ULONG ContextReq,
+ IN PSecBuffer InputToken,
+ OUT PSecBuffer *pOutputToken,
+ OUT PULONG fContextAttributes,
+ OUT PTimeStamp ptsExpiry)
+{
+
+ ERR("NtlmHandleNegotiateMessage called!\n");
+
+ return SEC_E_UNSUPPORTED_FUNCTION;
+}
+
Propchange: branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.c
------------------------------------------------------------------------------
svn:eol-style = native
Added: branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h (added)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h [iso-8859-1] Tue May 17
08:54:03 2011
@@ -1,0 +1,165 @@
+/*
+ * Copyright 2011 Samuel Serapión
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
+ *
+ */
+
+/* see "NT LAN Manager (NTLM) Authentication Protocol Specification"
+ * [MS-NLMP] v20110504 for more details */
+
+/* signature */
+#define NTLMSSP_SIGNATURE "NTLMSSP\0"
+
+/* message types */
+#define NtlmNegotiate 0x00000001
+#define NtlmChallenge 0x00000002
+#define NtlmAuthenticate 0x00000003
+
+/* flags */
+#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
+#define NTLMSSP_NEGOTIATE_OEM 0x00000002
+#define NTLMSSP_REQUEST_TARGET 0x00000004
+#define NTLMSSP_RESERVED_9 0x00000008
+#define NTLMSSP_NEGOTIATE_SIGN 0x00000010
+#define NTLMSSP_NEGOTIATE_SEAL 0x00000020
+#define NTLMSSP_NEGOTIATE_DATAGRAM 0x00000040
+#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080
+#define NTLMSSP_RESERVED_8 0x00000100
+#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
+#define NTLMSSP_NEGOTIATE_NT_ONLY 0x00000400
+#define NTLMSSP_RESERVED_7 0x00000800
+#define NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0x00001000
+#define NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0x00002000
+#define NTLMSSP_RESERVED_6 0x00004000
+#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
+#define NTLMSSP_TARGET_TYPE_DOMAIN 0x00010000
+#define NTLMSSP_TARGET_TYPE_SERVER 0x00020000
+#define NTLMSSP_TARGET_TYPE_SHARE 0x00040000
+#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
+#define NTLMSSP_NEGOTIATE_IDENTIFY 0x00100000
+#define NTLMSSP_RESERVED_5 0x00200000
+#define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x00400000
+#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000
+#define NTLMSSP_RESERVED_4 0x01000000
+#define NTLMSSP_NEGOTIATE_VERSION 0x02000000
+#define NTLMSSP_RESERVED_3 0x04000000
+#define NTLMSSP_RESERVED_2 0x08000000
+#define NTLMSSP_RESERVED_1 0x10000000
+#define NTLMSSP_NEGOTIATE_128 0x20000000
+#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000
+#define NTLMSSP_NEGOTIATE_56 0x80000000
+
+#define NTLMSSP_REVISION_W2K3 0x0F
+
+//only filled if NTLMSSP_NEGOTIATE_VERSION is present
+//ignored on retail builds
+typedef struct _NTLM_WINDOWS_VERSION
+{
+ BYTE ProductMajor;
+ BYTE ProductMinor;
+ USHORT ProductBuild;
+ BYTE Reserved[3];
+ BYTE NtlmRevisionCurrent;
+}NTLM_WINDOWS_VERSION, *PNTLM_WINDOWS_VERSION;
+
+/*
+ * Offset contains the offset from the beginning of the message to the
+ * actual value in the payload area. In the event of no data being sent
+ * Length and MaxLength should generaly be set to zero and ignored.
+ */
+//NTLM_UNICODE_STRING_OVER_THE_WIRE
+typedef struct _NTLM_BLOB
+{
+ USHORT Length;
+ USHORT MaxLength;
+ ULONG Offset;
+}NTLM_BLOB, *PNTLM_BLOB;
+
+typedef struct _NEGOTIATE_MESSAGE
+{
+ CHAR Signature[8];
+ ULONG MsgType;
+ ULONG NegotiateFlags;
+ NTLM_BLOB OemDomainName;
+ NTLM_BLOB OemWorkstationName;
+ NTLM_WINDOWS_VERSION Version;
+ /* payload (DomainName, WorkstationName)*/
+}NEGOTIATE_MESSAGE, *PNEGOTIATE_MESSAGE;
+
+typedef struct _CHALLENGE_MESSAGE
+{
+ CHAR Signature[8];
+ ULONG MsgType;
+ NTLM_BLOB TargetName;
+ ULONG NegotiateFlags;
+ UCHAR ServerChallenge[MSV1_0_CHALLENGE_LENGTH];
+ UCHAR Reserved[8];
+ NTLM_BLOB TargetInfo; //only if NTLMSSP_REQUEST_TARGET, contains AV_PAIRs
+ NTLM_WINDOWS_VERSION Version;
+ /* payload (TargetName, TargetInfo)*/
+}CHALLENGE_MESSAGE, *PCHALLENGE_MESSAGE;
+
+
+typedef struct _AUTHENTICATE_MESSAGE
+{
+ CHAR Signature[8];
+ ULONG MsgType;
+ NTLM_BLOB LmChallengeResponse; // An LM_RESPONSE or LMv2_RESPONSE
+ NTLM_BLOB NtChallengeResponse; // An NTLM_RESPONSE or NTLMv2_RESPONSE
+ NTLM_BLOB DomainName;
+ NTLM_BLOB UserName;
+ NTLM_BLOB WorkstationName;
+ NTLM_BLOB EncryptedRandomSessionKey; //only if NTLMSSP_NEGOTIATE_KEY_EXCHANGE
+ ULONG NegotiateFlags;
+ NTLM_WINDOWS_VERSION Version;
+ BYTE MIC[16]; //doc says its ommited in nt,2k,xp,2k3
+ /* payload */
+}AUTHENTICATE_MESSAGE, *PAUTHENTICATE_MESSAGE;
+
+SECURITY_STATUS
+NtlmGenerateNegotiateMessage(
+ IN ULONG_PTR hContext,
+ IN ULONG ContextReq,
+ IN ULONG NegotiateFlags,
+ IN PSecBuffer InputToken,
+ OUT PSecBuffer *OutputToken);
+
+SECURITY_STATUS
+NtlmHandleNegotiateMessage(
+ IN ULONG_PTR hCredential,
+ IN OUT PULONG_PTR phContext,
+ IN ULONG fContextReq,
+ IN PSecBuffer InputToken,
+ OUT PSecBuffer *OutputToken,
+ OUT PULONG fContextAttributes,
+ OUT PTimeStamp ptsExpiry);
+
+SECURITY_STATUS
+NtlmHandleAuthenticateMessage(
+ IN ULONG_PTR hCredential,
+ IN OUT PULONG_PTR phContext,
+ IN ULONG fContextReq,
+ IN PSecBuffer *pInputTokens,
+ OUT PSecBuffer OutputToken,
+ OUT PULONG fContextAttributes,
+ OUT PTimeStamp ptsExpiry,
+ OUT PUCHAR pSessionKey,
+ OUT PULONG pfNegotiateFlags,
+ OUT PHANDLE TokenHandle,
+ OUT PNTSTATUS pSubStatus,
+ OUT PTimeStamp ptsPasswordExpiry,
+ OUT PULONG pfUserFlags);
+
Propchange: branches/sspi-bringup/reactos/dll/win32/ntlmssp/protocol.h
------------------------------------------------------------------------------
svn:eol-style = native
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/sign.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/sign.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/sign.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -16,8 +16,9 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
-#include "ntlm.h"
+#include "ntlmssp.h"
+#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
/***********************************************************************
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/stubs.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/stubs.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/stubs.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -17,8 +17,9 @@
*
*/
-#include "ntlm.h"
+#include "ntlmssp.h"
+#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
/* initialize all to null since we still dont use them */
@@ -26,3 +27,4 @@
PSECPKG_DLL_FUNCTIONS NtlmPkgDllFuncTable = NULL; //fuctions provided by LSA in
SpInstanceInit
SECPKG_USER_FUNCTION_TABLE NtlmUmodeFuncTable; //fuctions we provide via
SpUserModeInitialize
PLSA_SECPKG_FUNCTION_TABLE NtlmLsaFuncTable = NULL; // functions provided by LSA in
SpInitialize
+
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/util.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/…
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/util.c [iso-8859-1] (original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/util.c [iso-8859-1] Tue May 17
08:54:03 2011
@@ -17,10 +17,10 @@
*
*/
-#include "ntlm.h"
+#include "ntlmssp.h"
+#include "wine/debug.h"
WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
-
PVOID
NtlmAllocate(IN ULONG Size)
@@ -61,7 +61,7 @@
NtlmLsaFuncTable->FreeLsaHeap(Buffer);
break;
case NtlmUserMode:
- HeapFree(GetProcessHeap(),0,Buffer);
+ HeapFree(GetProcessHeap(), HEAP_ZERO_MEMORY, Buffer);
break;
default:
ERR("NtlmState unknown!\n");
@@ -75,7 +75,8 @@
}
BOOLEAN
-NtlmIntervalElapsed(IN LARGE_INTEGER Start,IN LONG Timeout)
+NtlmHasIntervalElapsed(IN LARGE_INTEGER Start,
+ IN LONG Timeout)
{
LARGE_INTEGER now;
LARGE_INTEGER elapsed;
@@ -99,7 +100,7 @@
return FALSE;
}
-/* hack: see dllmain.c */
+/* check if loaded during system setup */
/* from base/services/umpnpmgr/umpnpmgr.c */
BOOL
SetupIsActive(VOID)
@@ -130,3 +131,48 @@
return ret;
}
+
+BOOLEAN
+NtlmGetSecBuffer(IN OPTIONAL PSecBufferDesc pInputDesc,
+ IN ULONG BufferIndex,
+ OUT PSecBuffer *pOutBuffer,
+ IN BOOLEAN OutputToken)
+{
+ PSecBuffer Buffer;
+
+ ASSERT(pOutBuffer != NULL);
+ if (!pInputDesc)
+ {
+ *pOutBuffer = NULL;
+ return TRUE;
+ }
+
+ /* check version */
+ if (pInputDesc->ulVersion != SECBUFFER_VERSION)
+ return FALSE;
+
+ /* check how many buffers we have */
+ if(pInputDesc->cBuffers < BufferIndex)
+ return FALSE;
+
+ /* get buffer */
+ Buffer = &pInputDesc->pBuffers[BufferIndex];
+
+ /* detect a SECBUFFER_TOKEN */
+ if ((Buffer->BufferType & (~SECBUFFER_READONLY)) == SECBUFFER_TOKEN)
+ {
+ /* detect read only buffer */
+ if (OutputToken && (Buffer->BufferType & SECBUFFER_READONLY))
+ return FALSE;
+
+ /* LSA server must map the user provided buffer into its address space */
+ if(inLsaMode)
+ {
+ if (!NT_SUCCESS(NtlmLsaFuncTable->MapBuffer(Buffer, Buffer)))
+ return FALSE;
+ }
+ *pOutBuffer = Buffer;
+ return TRUE;
+ }
+ return FALSE;
+}
4931
days inactive
4931
days old
0 comments
1 participants
participants (1)
-
sserapion@svn.reactos.org