archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/protocols/msv_sspi/test/lib/msvsharelevel.cxx

1163 lines
36 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. msvsharelevel.cxx
  9. Abstract:
  11. msvsharelevel
  13. Author:
  15. Larry Zhu (LZhu) January 1, 2002 Created
  17. Environment:
  19. User Mode
  21. Revision History:
  23. --*/
  25. #include "precomp.hxx"
  26. #pragma hdrstop
  28. #include "msvsharelevel.hxx"
  30. NTSTATUS
  31. GetNtlmChallengeMessage(
  32. IN OPTIONAL UNICODE_STRING* pPassword,
  33. IN OPTIONAL UNICODE_STRING* pUserName,
  34. IN OPTIONAL UNICODE_STRING* pDomainName,
  35. OUT ULONG* pcbNtlmChallengeMessage,
  36. OUT NTLM_CHALLENGE_MESSAGE** ppNtlmChallengeMessage
  37. )
  38. {
  39. TNtStatus Status;
  41. UCHAR* pWhere = NULL;
  43. ULONG cbNtlmChallengeMessage = 0;
  44. NTLM_CHALLENGE_MESSAGE* pNtlmChallengeMessage = NULL;
  46. *ppNtlmChallengeMessage = NULL;
  47. *pcbNtlmChallengeMessage = 0;
  49. cbNtlmChallengeMessage = (pPassword ? pPassword->Length : 0)
  50. + (pUserName ? pUserName->Length : 0)
  51. + (pDomainName ? pDomainName->Length : 0)
  52. + ROUND_UP_COUNT(sizeof(NTLM_CHALLENGE_MESSAGE), sizeof(ULONG_PTR));
  53. pNtlmChallengeMessage = (NTLM_CHALLENGE_MESSAGE*) new CHAR[cbNtlmChallengeMessage];
  55. Status DBGCHK = pNtlmChallengeMessage ? STATUS_SUCCESS : STATUS_NO_MEMORY;
  57. if (NT_SUCCESS(Status))
  58. {
  59. RtlZeroMemory(pNtlmChallengeMessage, cbNtlmChallengeMessage);
  60. pWhere = (UCHAR*) (pNtlmChallengeMessage + 1);
  61. SspCopyStringAsString32(
  62. pNtlmChallengeMessage,
  63. (STRING*) pPassword,
  64. &pWhere,
  65. &pNtlmChallengeMessage->Password
  66. );
  67. SspCopyStringAsString32(
  68. pNtlmChallengeMessage,
  69. (STRING*) pUserName,
  70. &pWhere,
  71. &pNtlmChallengeMessage->UserName
  72. );
  73. SspCopyStringAsString32(
  74. pNtlmChallengeMessage,
  75. (STRING*) pDomainName,
  76. &pWhere,
  77. &pNtlmChallengeMessage->DomainName
  78. );
  79. *ppNtlmChallengeMessage = pNtlmChallengeMessage;
  80. pNtlmChallengeMessage = NULL;
  81. *pcbNtlmChallengeMessage = cbNtlmChallengeMessage;
  82. }
  84. if (pNtlmChallengeMessage)
  85. {
  86. delete [] pNtlmChallengeMessage;
  87. }
  89. return Status;
  90. }
  92. NTSTATUS
  93. GetNegociateMessage(
  94. IN OPTIONAL OEM_STRING* pOemDomainName,
  95. IN OPTIONAL OEM_STRING* pOemWorkstationName,
  96. IN ULONG NegotiateFlags,
  97. OUT ULONG* pcbNegotiateMessage,
  98. OUT NEGOTIATE_MESSAGE** ppNegotiateMessage
  99. )
  100. {
  101. TNtStatus Status = STATUS_SUCCESS;
  103. NEGOTIATE_MESSAGE* pNegotiateMessage = NULL;
  104. ULONG cbNegotiateMessage = 0;
  106. PUCHAR pWhere = NULL;
  108. *ppNegotiateMessage = NULL;
  109. *pcbNegotiateMessage = 0;
  111. cbNegotiateMessage = sizeof(NEGOTIATE_MESSAGE);
  113. if (pOemDomainName && pOemDomainName->Length && (NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED & NegotiateFlags))
  114. {
  115. cbNegotiateMessage += pOemDomainName->MaximumLength;
  116. }
  118. if (pOemWorkstationName && pOemWorkstationName->Length && (NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED & NegotiateFlags))
  119. {
  120. cbNegotiateMessage += pOemWorkstationName->MaximumLength;
  121. }
  123. pNegotiateMessage = (NEGOTIATE_MESSAGE*) new char[cbNegotiateMessage];
  124. Status DBGCHK = pNegotiateMessage ? S_OK : E_OUTOFMEMORY;
  126. if (NT_SUCCESS(Status))
  127. {
  128. RtlZeroMemory(pNegotiateMessage, cbNegotiateMessage);
  130. cbNegotiateMessage = sizeof(NEGOTIATE_MESSAGE);
  131. strcpy(reinterpret_cast<char*>(pNegotiateMessage->Signature), NTLMSSP_SIGNATURE);
  132. pNegotiateMessage->MessageType = NtLmNegotiate;
  134. pWhere = (UCHAR*)(pNegotiateMessage + 1);
  136. if (pOemDomainName && pOemDomainName->Length && (NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED & NegotiateFlags))
  137. {
  138. SspCopyStringAsString32(
  139. pNegotiateMessage,
  140. (STRING*)pOemDomainName,
  141. &pWhere,
  142. &pNegotiateMessage->OemDomainName
  143. );
  144. }
  146. if (pOemWorkstationName && pOemWorkstationName->Length && (NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED & NegotiateFlags))
  147. {
  148. SspCopyStringAsString32(
  149. pNegotiateMessage,
  150. (STRING*) pOemWorkstationName,
  151. &pWhere,
  152. &pNegotiateMessage->OemWorkstationName);
  153. }
  155. pNegotiateMessage->NegotiateFlags = NegotiateFlags;
  157. *ppNegotiateMessage = pNegotiateMessage;
  158. pNegotiateMessage = NULL;
  159. *pcbNegotiateMessage = cbNegotiateMessage;
  160. }
  162. if (pNegotiateMessage)
  163. {
  164. delete [] pNegotiateMessage;
  165. }
  167. return Status;
  168. }
  170. NTSTATUS
  171. GetChallengeMessage(
  172. IN ULONG ContextReqFlags,
  173. IN OPTIONAL ULONG cbNegotiateMessage,
  174. IN ULONG TargetFlags,
  175. IN UNICODE_STRING* pTargetInfo,
  176. IN UNICODE_STRING* pTargetName,
  177. IN PNEGOTIATE_MESSAGE pNegotiateMessage,
  178. IN UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH],
  179. OUT PULONG pcbChallengeMessage,
  180. OUT CHALLENGE_MESSAGE** ppChallengeMessage,
  181. OUT PULONG pContextAttributes
  182. )
  183. {
  184. TNtStatus Status = STATUS_SUCCESS;
  186. ULONG ContextAttributes = 0;
  188. STRING StringTargetName = {0};
  189. ULONG ChallengeMessageTargetFlags = 0;
  191. CHALLENGE_MESSAGE* pChallengeMessage = NULL;
  192. ULONG cbChallengeMessage = 0;
  193. PUCHAR pWhere = NULL;
  195. STRING OemWorkstationName = {0};
  196. STRING OemDomainName = {0};
  198. ULONG NegotiateFlagsKeyStrength = NTLMSSP_NEGOTIATE_56;
  200. *ppChallengeMessage = NULL;
  201. *pContextAttributes = 0;
  204. if ((ContextReqFlags & ASC_REQ_IDENTIFY) != 0)
  205. {
  206. ContextAttributes |= ASC_RET_IDENTIFY;
  207. }
  209. if ( (ContextReqFlags & ASC_REQ_DATAGRAM) != 0 )
  210. {
  211. ContextAttributes |= ASC_RET_DATAGRAM;
  212. }
  214. if ((ContextReqFlags & ASC_REQ_CONNECTION) != 0 )
  215. {
  216. ContextAttributes |= ASC_RET_CONNECTION;
  217. }
  219. if ((ContextReqFlags & ASC_REQ_INTEGRITY) != 0 )
  220. {
  221. ContextAttributes |= ASC_RET_INTEGRITY;
  222. }
  224. if ((ContextReqFlags & ASC_REQ_REPLAY_DETECT) != 0)
  225. {
  226. ContextAttributes |= ASC_RET_REPLAY_DETECT;
  227. }
  229. if ( (ContextReqFlags & ASC_REQ_SEQUENCE_DETECT ) != 0)
  230. {
  231. ContextAttributes |= ASC_RET_SEQUENCE_DETECT;
  232. }
  234. if ((ContextReqFlags & ASC_REQ_ALLOW_NON_USER_LOGONS ) != 0)
  235. {
  236. ContextAttributes |= ASC_RET_ALLOW_NON_USER_LOGONS;
  237. }
  239. if ( ContextReqFlags & ASC_REQ_CONFIDENTIALITY )
  240. {
  241. ContextAttributes|= ASC_RET_CONFIDENTIALITY;
  242. }
  244. NegotiateFlagsKeyStrength |= NTLMSSP_NEGOTIATE_128;
  247. //
  248. // Get the pNegotiateMessage. If we are re-establishing a datagram
  249. // context then there may not be one.
  250. //
  252. if ( cbNegotiateMessage >= sizeof(OLD_NEGOTIATE_MESSAGE) )
  253. {
  254. //
  255. // Compute the TargetName to return in the ChallengeMessage.
  256. //
  258. if ( pNegotiateMessage->NegotiateFlags & NTLMSSP_REQUEST_TARGET ||
  259. pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM2)
  260. {
  262. Status DBGCHK = RtlDuplicateUnicodeString(
  263. RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING | RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE,
  264. pTargetName, (UNICODE_STRING*) &StringTargetName
  265. );
  267. if (NT_SUCCESS(Status) && ( 0 == (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_UNICODE)) )
  268. {
  269. Status DBGCHK = RtlUnicodeStringToOemString((POEM_STRING) &StringTargetName, (PCUNICODE_STRING)&StringTargetName, FALSE);
  270. }
  272. //
  273. // if client is NTLM2-aware, send it target info AV pairs
  274. //
  276. if (NT_SUCCESS(Status))
  277. {
  279. ChallengeMessageTargetFlags = TargetFlags | NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO;
  280. }
  281. }
  282. else
  283. {
  284. ChallengeMessageTargetFlags = 0;
  285. }
  288. //
  289. // Allocate a Challenge message
  290. //
  292. if (NT_SUCCESS(Status))
  293. {
  294. cbChallengeMessage = sizeof(*pChallengeMessage)
  295. + pTargetName->Length + pTargetInfo->Length;
  297. pChallengeMessage = (CHALLENGE_MESSAGE*)
  298. new CHAR [cbChallengeMessage];
  299. Status DBGCHK = pChallengeMessage ? STATUS_SUCCESS : STATUS_NO_MEMORY;
  300. }
  302. if (NT_SUCCESS(Status))
  303. {
  304. RtlZeroMemory(pChallengeMessage, cbChallengeMessage);
  305. pChallengeMessage->NegotiateFlags = 0;
  307. //
  308. // Check that both sides can use the same authentication model. For
  309. // compatibility with beta 1 and 2 (builds 612 and 683), no requested
  310. // authentication type is assumed to be NTLM. If NetWare is explicitly
  311. // asked for, it is assumed that NTLM would have been also, so if it
  312. // wasn't, return an error.
  313. //
  315. if ( (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NETWARE) &&
  316. ((pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM) == 0) &&
  317. ((pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM2) == 0)
  318. )
  319. {
  320. Status DBGCHK = STATUS_NOT_SUPPORTED;
  321. }
  322. else
  323. {
  324. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM;
  325. }
  326. }
  328. //
  329. // if client can do NTLM2, nuke LM_KEY
  330. //
  332. if (NT_SUCCESS(Status))
  333. {
  334. if (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM2)
  335. {
  336. pNegotiateMessage->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
  338. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM2;
  339. }
  340. else if (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_LM_KEY)
  341. {
  342. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_LM_KEY;
  343. }
  345. //
  346. // If the client wants to always sign messages, so be it.
  347. //
  349. if (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN )
  350. {
  351. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
  352. }
  354. //
  355. // If the caller wants identify level, so be it.
  356. //
  358. if (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_IDENTIFY )
  359. {
  360. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_IDENTIFY;
  362. ContextAttributes |= ASC_RET_IDENTIFY;
  363. }
  365. //
  366. // Determine if the caller wants OEM or UNICODE
  367. //
  368. // Prefer UNICODE if caller allows both.
  369. //
  371. if ( pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_UNICODE )
  372. {
  373. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_UNICODE;
  374. }
  375. else if ( pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_OEM )
  376. {
  377. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_OEM;
  378. }
  379. else
  380. {
  381. Status DBGCHK = SEC_E_INVALID_TOKEN;
  382. }
  383. }
  385. if (NT_SUCCESS(Status))
  386. {
  387. //
  388. // Client wants Sign capability, OK.
  389. //
  391. if (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_SIGN)
  392. {
  393. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
  395. ContextAttributes |= (ASC_RET_SEQUENCE_DETECT | ASC_RET_REPLAY_DETECT);
  396. }
  398. //
  399. // Client wants Seal, OK.
  400. //
  402. if (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_SEAL)
  403. {
  404. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
  406. ContextAttributes |= ASC_RET_CONFIDENTIALITY;
  407. }
  409. if (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
  410. {
  411. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
  413. }
  415. if ( (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_56) &&
  416. (NegotiateFlagsKeyStrength & NTLMSSP_NEGOTIATE_56) )
  417. {
  418. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_56;
  419. }
  421. if ( (pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_128) &&
  422. (NegotiateFlagsKeyStrength & NTLMSSP_NEGOTIATE_128) )
  423. {
  424. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_128;
  425. }
  428. //
  429. // If the client supplied the Domain Name and User Name,
  430. // and did not request datagram, see if the client is running
  431. // on this local machine.
  432. //
  434. if ( ( (pNegotiateMessage->NegotiateFlags &
  435. NTLMSSP_NEGOTIATE_DATAGRAM) == 0) &&
  436. ( (pNegotiateMessage->NegotiateFlags &
  437. (NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED|
  438. NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)) ==
  439. (NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED|
  440. NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED) ) )
  441. {
  443. //
  444. // The client must pass the new negotiate message if they pass
  445. // these flags
  446. //
  448. if (cbNegotiateMessage < sizeof(NEGOTIATE_MESSAGE))
  449. {
  450. Status DBGCHK = SEC_E_INVALID_TOKEN;
  451. }
  453. //
  454. // Convert the names to absolute references so we
  455. // can compare them
  456. //
  458. if (NT_SUCCESS(Status))
  459. {
  460. Status DBGCHK = SspConvertRelativeToAbsolute(
  461. pNegotiateMessage,
  462. cbNegotiateMessage,
  463. &pNegotiateMessage->OemDomainName,
  464. FALSE, // No special alignment
  465. FALSE,
  466. &OemDomainName
  467. );
  468. }
  469. }
  471. if (NT_SUCCESS(Status))
  472. {
  473. Status DBGCHK = SspConvertRelativeToAbsolute(
  474. pNegotiateMessage,
  475. cbNegotiateMessage,
  476. &pNegotiateMessage->OemWorkstationName,
  477. FALSE, // No special alignment
  478. FALSE,
  479. &OemWorkstationName
  480. );
  481. }
  482. }
  484. //
  485. // Check if datagram is being negotiated
  486. //
  488. if ( NT_SUCCESS(Status) &&
  489. ((pNegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM) ==
  490. NTLMSSP_NEGOTIATE_DATAGRAM) )
  491. {
  492. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_DATAGRAM;
  493. }
  494. }
  495. else
  496. {
  497. //
  498. // No negotiate message. We need to check if the caller is asking
  499. // for datagram.
  500. //
  502. SspiPrint(SSPI_WARN, TEXT("GetChallengeMessage get OLD_NEGOTIATE_MESSAGE\n"))
  503. ;
  504. if ((ContextReqFlags & ASC_REQ_DATAGRAM) == 0)
  505. {
  506. Status DBGCHK = SEC_E_INVALID_TOKEN;
  507. }
  509. //
  510. // always send target info -- new for NTLM3!
  511. //
  512. if (NT_SUCCESS(Status))
  513. {
  514. ChallengeMessageTargetFlags = NTLMSSP_NEGOTIATE_TARGET_INFO;
  516. cbChallengeMessage = sizeof(*pChallengeMessage) + pTargetInfo->Length;
  519. pChallengeMessage = (CHALLENGE_MESSAGE*) new CHAR[cbChallengeMessage];
  521. Status DBGCHK = pChallengeMessage ? S_OK : STATUS_NO_MEMORY;
  522. }
  524. //
  525. // Record in the context that we are doing datagram. We will tell
  526. // the client everything we can negotiate and let it decide what
  527. // to negotiate.
  528. //
  530. if (NT_SUCCESS(Status))
  531. {
  532. RtlZeroMemory(pChallengeMessage, cbChallengeMessage);
  534. pChallengeMessage->NegotiateFlags = NTLMSSP_NEGOTIATE_DATAGRAM |
  535. NTLMSSP_NEGOTIATE_UNICODE |
  536. NTLMSSP_NEGOTIATE_OEM |
  537. NTLMSSP_NEGOTIATE_SIGN |
  538. NTLMSSP_NEGOTIATE_LM_KEY |
  539. NTLMSSP_NEGOTIATE_NTLM |
  540. NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
  541. NTLMSSP_NEGOTIATE_IDENTIFY |
  542. NTLMSSP_NEGOTIATE_NTLM2 |
  543. NTLMSSP_NEGOTIATE_KEY_EXCH |
  544. NegotiateFlagsKeyStrength;
  546. pChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
  547. }
  548. }
  550. //
  551. // Build the Challenge Message
  552. //
  554. if (NT_SUCCESS(Status))
  555. {
  556. strcpy((PSTR) pChallengeMessage->Signature, NTLMSSP_SIGNATURE );
  558. pChallengeMessage->MessageType = NtLmChallenge;
  559. RtlCopyMemory(
  560. pChallengeMessage->Challenge,
  561. ChallengeToClient,
  562. MSV1_0_CHALLENGE_LENGTH
  563. );
  564. pWhere = (PUCHAR) (pChallengeMessage + 1);
  566. SspCopyStringAsString32(pChallengeMessage,
  567. (PSTRING) pTargetName,
  568. &pWhere,
  569. &pChallengeMessage->TargetName);
  571. SspCopyStringAsString32(pChallengeMessage,
  572. (PSTRING)pTargetInfo,
  573. &pWhere,
  574. &pChallengeMessage->TargetInfo);
  576. pChallengeMessage->NegotiateFlags |= ChallengeMessageTargetFlags;
  578. SspiPrint(SSPI_LOG, TEXT("GetChallengeMessage pNegotiateMessage->NegotiateFlags %#x, pChallengeMessage->NegotiateFlags %#x\n"),
  579. pNegotiateMessage->NegotiateFlags, pChallengeMessage->NegotiateFlags);
  580. SspiPrintHex(SSPI_LOG, TEXT("pNegotiateMessage"), cbNegotiateMessage, pNegotiateMessage);
  581. SspiPrintHex(SSPI_LOG, TEXT("pChallengeMessage"), cbChallengeMessage, pChallengeMessage);
  583. *ppChallengeMessage = pChallengeMessage;
  584. pChallengeMessage = NULL;
  585. *pContextAttributes = ContextReqFlags;
  586. *pcbChallengeMessage = cbChallengeMessage;
  587. }
  590. if (pChallengeMessage)
  591. {
  592. delete [] pChallengeMessage;
  593. }
  595. RtlFreeUnicodeString((PUNICODE_STRING) &StringTargetName);
  597. return Status;
  598. }
  600. NTSTATUS
  601. GetAuthenticateMessage(
  602. IN PCredHandle phCredentialHandle,
  603. IN ULONG fContextReq,
  604. IN PTSTR pszTargetName,
  605. IN ULONG TargetDataRep,
  606. IN ULONG cbNtlmChallengeMessage,
  607. IN OPTIONAL NTLM_CHALLENGE_MESSAGE* pNtlmChallengeMessage,
  608. IN ULONG cbChallengeMessage,
  609. IN CHALLENGE_MESSAGE* pChallengeMessage,
  610. OUT PCtxtHandle phClientContextHandle,
  611. OUT ULONG* pfContextAttr,
  612. OUT ULONG* pcbAuthMessage,
  613. OUT AUTHENTICATE_MESSAGE** ppAuthMessage,
  614. OUT NTLM_INITIALIZE_RESPONSE* pInitResponse
  615. )
  616. {
  617. TNtStatus Status = S_OK;
  619. ULONG fContextAttr = 0;
  620. CtxtHandle hClientCtxtHandle;
  622. SecBufferDesc InBuffDesc = {0};
  623. SecBuffer InBuffs[2] = {0};
  624. SecBufferDesc OutBuffDesc = {0};
  625. SecBuffer OutBuffs[2] = {0};
  627. TimeStamp Expiry = {0};
  629. SecInvalidateHandle(&hClientCtxtHandle);
  630. SecInvalidateHandle(phClientContextHandle);
  632. InBuffDesc.pBuffers = InBuffs;
  633. InBuffDesc.cBuffers = 1;
  634. InBuffDesc.ulVersion = 0;
  635. InBuffs[0].pvBuffer = pChallengeMessage;
  636. InBuffs[0].cbBuffer = cbChallengeMessage;
  637. InBuffs[0].BufferType = SECBUFFER_TOKEN;
  639. if ((fContextReq & ISC_REQ_USE_SUPPLIED_CREDS)
  640. && (pNtlmChallengeMessage && cbNtlmChallengeMessage))
  641. {
  642. InBuffDesc.cBuffers = 2;
  643. InBuffs[1].pvBuffer = pNtlmChallengeMessage;
  644. InBuffs[1].cbBuffer = cbNtlmChallengeMessage;
  645. InBuffs[1].BufferType = SECBUFFER_TOKEN;
  647. if (0 == (fContextReq & ISC_REQ_USE_SUPPLIED_CREDS))
  648. {
  649. fContextReq |= ISC_REQ_USE_SUPPLIED_CREDS;
  650. SspiPrint(SSPI_WARN, TEXT("Creds supplied but ISC_REQ_USE_SUPPLIED_CREDS was not set, added\n"));
  651. }
  652. }
  654. OutBuffDesc.pBuffers = OutBuffs;
  655. OutBuffDesc.cBuffers = 2;
  656. OutBuffDesc.ulVersion = 0;
  658. if (0 == (fContextReq & ISC_REQ_ALLOCATE_MEMORY))
  659. {
  660. fContextReq |= ISC_REQ_ALLOCATE_MEMORY;
  661. SspiPrint(SSPI_LOG, TEXT("ISC_REQ_ALLOCATE_MEMORY was not set, added\n"));
  662. }
  664. OutBuffs[0].pvBuffer = NULL;
  665. OutBuffs[0].cbBuffer = 0;
  666. OutBuffs[0].BufferType = SECBUFFER_TOKEN;
  667. OutBuffs[1].pvBuffer = NULL;
  668. OutBuffs[1].cbBuffer = 0;
  669. OutBuffs[1].BufferType = SECBUFFER_TOKEN;
  671. SspiPrint(SSPI_LOG, TEXT("GetAuthenticateMessage calling InitializeSecurityContext pszTargetName (%s), fContextReq %#x, TargetDataRep %#x, hCred %#x:%#x\n"),
  672. pszTargetName, fContextReq, TargetDataRep, phCredentialHandle->dwUpper, phCredentialHandle->dwLower);
  674. Status DBGCHK = InitializeSecurityContext(
  675. phCredentialHandle,
  676. NULL,
  677. pszTargetName,
  678. fContextReq,
  679. 0,
  680. TargetDataRep,
  681. &InBuffDesc,
  682. 0,
  683. &hClientCtxtHandle,
  684. &OutBuffDesc,
  685. &fContextAttr,
  686. &Expiry
  687. );
  689. if (NT_SUCCESS(Status))
  690. {
  691. *phClientContextHandle = hClientCtxtHandle;
  692. SecInvalidateHandle(&hClientCtxtHandle);
  694. *pfContextAttr = fContextAttr;
  696. *ppAuthMessage = (AUTHENTICATE_MESSAGE *) OutBuffs[0].pvBuffer;
  697. OutBuffs[0].pvBuffer = NULL;
  699. *pcbAuthMessage = OutBuffs[0].cbBuffer;
  701. ASSERT(sizeof(*pInitResponse) == OutBuffs[1].cbBuffer);
  702. RtlCopyMemory(pInitResponse, OutBuffs[1].pvBuffer, sizeof(*pInitResponse));
  704. SspiPrint(SSPI_LOG, TEXT("ClientCtxtHandle is %#x:%#x, fContextAttr %#x\n"),
  705. phClientContextHandle->dwUpper, phClientContextHandle->dwLower, *pfContextAttr);
  707. SspiPrintHex(SSPI_LOG, TEXT("AuthMessage"), *pcbAuthMessage, *ppAuthMessage);
  708. SspiPrintHex(SSPI_LOG, TEXT("UserSessionKey"), MSV1_0_USER_SESSION_KEY_LENGTH, pInitResponse->UserSessionKey);
  709. SspiPrintHex(SSPI_LOG, TEXT("LanmanSessionKey"), MSV1_0_LANMAN_SESSION_KEY_LENGTH, pInitResponse->LanmanSessionKey);
  711. SspiPrintSysTimeAsLocalTime(SSPI_LOG, TEXT("Expiry"), &Expiry);
  712. }
  714. if (OutBuffs[0].pvBuffer)
  715. {
  716. FreeContextBuffer(OutBuffs[0].pvBuffer);
  717. }
  719. if (OutBuffs[1].pvBuffer)
  720. {
  721. FreeContextBuffer(OutBuffs[1].pvBuffer);
  722. }
  724. return Status;
  725. }
  727. NTSTATUS
  728. MsvChallenge(
  729. IN OPTIONAL PTSTR pszCredPrincipal,
  730. IN OPTIONAL LUID* pCredLogonID,
  731. IN OPTIONAL VOID* pAuthData,
  732. IN OEM_STRING* pOemDomainName,
  733. IN OEM_STRING* pOemWorkstationName,
  734. IN ULONG NegotiateFlags,
  735. IN ULONG TargetFlags,
  736. IN BOOLEAN bForceGuest,
  737. IN ULONG fContextAttr,
  738. IN ULONG TargetDataRep,
  739. IN UNICODE_STRING* pPassword,
  740. IN UNICODE_STRING* pUserName,
  741. IN UNICODE_STRING* pDomainName,
  742. IN UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH],
  743. IN OPTIONAL UNICODE_STRING* pDnsDomainName,
  744. IN OPTIONAL UNICODE_STRING* pDnsComputerName,
  745. IN OPTIONAL UNICODE_STRING* pDnsTreeName,
  746. IN OPTIONAL UNICODE_STRING* pComputerName,
  747. IN OPTIONAL UNICODE_STRING* pComputerDomainName,
  748. OUT ULONG* pcbAuthMessage,
  749. OUT AUTHENTICATE_MESSAGE** ppAuthMessage,
  750. OUT PCtxtHandle phCliCtxt,
  751. OUT ULONG* pfContextAttr
  752. )
  753. {
  755. TNtStatus Status;
  756. UNICODE_STRING TargetInfo = {0};
  758. WCHAR ScratchBuffer[2 * DNS_MAX_NAME_LENGTH + 2] = {0};
  759. UNICODE_STRING TargetName = {0, sizeof(ScratchBuffer), ScratchBuffer};
  762. NTLM_CHALLENGE_MESSAGE* pNtlmChallengeMessage = NULL;
  763. ULONG cbNtlmChallengeMessage = 0;
  765. NEGOTIATE_MESSAGE* pNegotiateMessage = NULL;
  766. ULONG cbNegotiateMessage = 0;
  768. CHALLENGE_MESSAGE* pChallengeMesssage = NULL;
  769. ULONG cbChallengeMessage = 0;
  771. AUTHENTICATE_MESSAGE* pAuthMessage = NULL;
  772. ULONG cbAuthMessage = 0;
  774. NTLM_INITIALIZE_RESPONSE InitResponse = {0};
  776. CtxtHandle hCliCtxt;
  777. CredHandle hCliCred;
  779. SecInvalidateHandle(&hCliCred);
  780. SecInvalidateHandle(&hCliCtxt);
  782. *pfContextAttr = 0;
  783. SecInvalidateHandle(phCliCtxt);
  784. *ppAuthMessage = NULL;
  785. *pcbAuthMessage = 0;
  787. SspiPrint(SSPI_LOG, TEXT("MsvChallenge CredPrincipal %s, NegotiateFlags %#x, TargetFlags %#x, bForceGuest %#x")
  788. TEXT("fContextAttr %#x, TargetDataRep %#x, pAuthData %p, pCredLogonID %p\n"),
  789. pszCredPrincipal, NegotiateFlags, TargetFlags, bForceGuest, fContextAttr, TargetDataRep, pAuthData, pCredLogonID);
  790. DebugPrintf(SSPI_LOG, "OemDomainName (%s), OemWorkstation (%s)\n", pOemDomainName, pOemWorkstationName);
  791. SspiPrintHex(SSPI_LOG, TEXT("ChallengeToClient"), MSV1_0_CHALLENGE_LENGTH, ChallengeToClient);
  792. SspiPrint(SSPI_LOG, TEXT("pPassword %wZ, pUserName %wZ, pDomainName %wZ, pDnsDomainName %wZ, pDnsComputerName %wZ, pDnsTreeName %wZ, pComputerName %wZ, pComputerDomainName %wZ\n"),
  793. pPassword, pUserName, pDomainName, pDnsDomainName, pDnsComputerName, pDnsTreeName, pComputerName, pComputerDomainName);
  795. if (pComputerDomainName && pComputerDomainName->Length)
  796. {
  797. //
  798. // Target name is of form "domain name\0computer name"
  799. //
  801. RtlCopyMemory(ScratchBuffer, pComputerDomainName->Buffer, pComputerDomainName->Length);
  802. if (pComputerName && pComputerName->Length)
  803. {
  804. RtlCopyMemory(ScratchBuffer + (pComputerDomainName->Length / sizeof(WCHAR)) + 1, pComputerName->Buffer, pComputerName->Length);
  806. TargetName.Length = pComputerDomainName->Length + pComputerName->Length + 1;
  807. }
  808. else
  809. {
  810. TargetName.Length = pComputerDomainName->Length;
  811. }
  812. }
  813. else if (pComputerName && pComputerName->Length)
  814. {
  815. RtlCopyMemory(ScratchBuffer, pComputerName->Buffer, pComputerName->Length);
  816. TargetName.Length = pComputerName->Length;
  817. }
  819. SspiPrintHex(SSPI_LOG, TEXT("MsvChallenge TargetName"), TargetName.Length, TargetName.Buffer);
  821. Status DBGCHK = GetNegociateMessage(
  822. pOemDomainName,
  823. pOemWorkstationName,
  824. NegotiateFlags,
  825. &cbNegotiateMessage,
  826. &pNegotiateMessage
  827. );
  829. if (NT_SUCCESS(Status))
  830. {
  831. Status DBGCHK = GetTargetInfo(
  832. TargetFlags,
  833. bForceGuest,
  834. pDnsDomainName,
  835. pDnsComputerName,
  836. pDnsTreeName,
  837. &TargetName,
  838. pComputerName,
  839. &TargetInfo
  840. );
  841. }
  843. if (NT_SUCCESS(Status))
  844. {
  845. Status DBGCHK = GetChallengeMessage(
  846. fContextAttr,
  847. cbNegotiateMessage,
  848. TargetFlags,
  849. &TargetInfo,
  850. &TargetName,
  851. pNegotiateMessage,
  852. ChallengeToClient,
  853. &cbChallengeMessage,
  854. &pChallengeMesssage,
  855. &fContextAttr
  856. );
  857. }
  859. if (NT_SUCCESS(Status)
  860. && ((pPassword && pPassword->Length)
  861. || (pDomainName && pDomainName->Length)
  862. || (pUserName && pUserName->Length)))
  863. {
  864. if (0 == (fContextAttr & ISC_REQ_USE_SUPPLIED_CREDS))
  865. {
  866. SspiPrint(SSPI_WARN, TEXT("MsvChallenge explicit cred supplied, but ISC_REQ_USE_SUPPLIED_CREDS was not set, added\n"));
  867. fContextAttr |= ISC_REQ_USE_SUPPLIED_CREDS;
  868. }
  870. Status DBGCHK = GetNtlmChallengeMessage(
  871. pPassword,
  872. pUserName,
  873. pDomainName,
  874. &cbNtlmChallengeMessage,
  875. &pNtlmChallengeMessage
  876. );
  877. }
  879. if (NT_SUCCESS(Status))
  880. {
  881. Status DBGCHK = GetCredHandle(
  882. pszCredPrincipal,
  883. pCredLogonID,
  884. TEXT("NTLM"),
  885. pAuthData,
  886. SECPKG_CRED_OUTBOUND,
  887. &hCliCred
  888. );
  889. }
  891. #if defined(UNICODE) || defined(_UNICODE)
  893. if (NT_SUCCESS(Status))
  894. {
  895. SspiPrint(SSPI_LOG, TEXT("MsvChallenge hCliCred %#x:%#x\n"), hCliCred.dwUpper, hCliCred.dwLower);
  897. Status DBGCHK = GetAuthenticateMessage(
  898. &hCliCred,
  899. fContextAttr,
  900. TargetName.Buffer,
  901. TargetDataRep,
  902. cbNtlmChallengeMessage,
  903. pNtlmChallengeMessage,
  904. cbChallengeMessage,
  905. pChallengeMesssage,
  906. &hCliCtxt,
  907. &fContextAttr,
  908. &cbAuthMessage,
  909. &pAuthMessage,
  910. &InitResponse
  911. );
  912. }
  914. #else
  916. ANSI_STRING AnsiTargetName = {0};
  918. //
  919. // RtlUnicodeStringToAnsiString appends the NULL
  920. //
  922. if (NT_SUCCESS(Status))
  923. {
  924. Status DBGCHK = RtlUnicodeStringToAnsiString(&AnsiTargetName, &TargetName, TRUE);
  925. }
  927. if (NT_SUCCESS(Status))
  928. {
  929. SspiPrint(SSPI_LOG, TEXT("MsvChallenge hCliCred %#x:%#x\n"), hCliCred.dwUpper, hCliCred.dwLower);
  931. Status DBGCHK = GetAuthenticateMessage(
  932. &hCliCred,
  933. fContextAttr,
  934. AnsiTargetName.Buffer,
  935. TargetDataRep,
  936. cbNtlmChallengeMessage,
  937. pNtlmChallengeMessage,
  938. cbChallengeMessage,
  939. pChallengeMesssage,
  940. &hCliCtxt,
  941. &fContextAttr,
  942. &cbAuthMessage,
  943. &pAuthMessage,
  944. &InitResponse
  945. );
  946. }
  948. RtlFreeAnsiString(&AnsiTargetName);
  950. #endif
  952. if (NT_SUCCESS(Status))
  953. {
  954. *phCliCtxt = hCliCtxt;
  955. SecInvalidateHandle(&hCliCtxt);
  956. *ppAuthMessage = pAuthMessage;
  958. pAuthMessage = NULL;
  959. *pcbAuthMessage = cbAuthMessage;
  960. *pfContextAttr = fContextAttr;
  961. }
  963. if (SecIsValidHandle(&hCliCtxt))
  964. {
  965. DeleteSecurityContext(&hCliCtxt);
  966. }
  968. if (SecIsValidHandle(&hCliCred))
  969. {
  970. DeleteSecurityContext(&hCliCred);
  971. }
  973. if (pAuthMessage)
  974. {
  975. FreeContextBuffer(pAuthMessage);
  976. }
  978. if (pNegotiateMessage)
  979. {
  980. delete[] pNegotiateMessage;
  981. }
  983. if (pChallengeMesssage)
  984. {
  985. delete [] pChallengeMesssage;
  986. }
  988. if (pNtlmChallengeMessage)
  989. {
  990. delete [] pNtlmChallengeMessage;
  991. }
  993. return Status;
  994. }
  996. NTSTATUS
  997. GetAuthenticateResponse(
  998. IN PCredHandle pServerCredHandle,
  999. IN ULONG fContextAttr,
  1000. IN ULONG TargetDataRep,
  1001. IN ULONG cbAuthMessage,
  1002. IN AUTHENTICATE_MESSAGE* pAuthMessage,
  1003. IN NTLM_AUTHENTICATE_MESSAGE* pNtlmAuthMessage,
  1004. OUT PCtxtHandle phServerCtxtHandle,
  1005. OUT ULONG* pfContextAttr,
  1006. OUT NTLM_ACCEPT_RESPONSE* pAcceptResponse
  1007. )
  1008. {
  1010. TNtStatus Status = STATUS_SUCCESS;
  1012. CtxtHandle hServerCtxtHandle;
  1014. SecBufferDesc InBuffDesc = {0};
  1015. SecBuffer InBuffs[2] = {0};
  1016. SecBufferDesc OutBuffDesc = {0};
  1017. SecBuffer OutBuff = {0};
  1019. TimeStamp Expiry = {0};
  1021. SecInvalidateHandle(&hServerCtxtHandle);
  1022. SecInvalidateHandle(phServerCtxtHandle);
  1025. InBuffDesc.pBuffers = InBuffs;
  1026. InBuffDesc.cBuffers = 2;
  1027. InBuffDesc.ulVersion = 0;
  1028. InBuffs[0].pvBuffer = pAuthMessage;
  1029. InBuffs[0].cbBuffer = cbAuthMessage;
  1030. InBuffs[0].BufferType = SECBUFFER_TOKEN;
  1031. InBuffs[1].pvBuffer = pNtlmAuthMessage;
  1032. InBuffs[1].cbBuffer = sizeof(*pNtlmAuthMessage);
  1033. InBuffs[1].BufferType = SECBUFFER_TOKEN;
  1035. OutBuffDesc.pBuffers = &OutBuff;
  1036. OutBuffDesc.cBuffers = 1;
  1037. OutBuffDesc.ulVersion = 0;
  1038. OutBuff.pvBuffer = pAcceptResponse;
  1039. OutBuff.cbBuffer = sizeof(*pAcceptResponse);
  1040. OutBuff.BufferType = SECBUFFER_TOKEN;
  1042. if (fContextAttr & ASC_REQ_ALLOCATE_MEMORY)
  1043. {
  1044. SspiPrint(SSPI_WARN, TEXT("Authenticate ASC_REQ_ALLOCATE_MEMORY was set, removed\n"));
  1045. fContextAttr &= ~(ASC_REQ_ALLOCATE_MEMORY);
  1046. }
  1048. SspiPrint(SSPI_LOG, TEXT("GetAuthenticateResponse calling AcceptSecurityContext fContextAttr %#x, TargetDataRep %#x, hCred %#x:%#x\n"),
  1049. fContextAttr, TargetDataRep, pServerCredHandle->dwUpper, pServerCredHandle->dwLower);
  1051. Status DBGCHK = AcceptSecurityContext(
  1052. pServerCredHandle,
  1053. NULL,
  1054. &InBuffDesc,
  1055. fContextAttr,
  1056. TargetDataRep,
  1057. &hServerCtxtHandle,
  1058. &OutBuffDesc,
  1059. &fContextAttr,
  1060. &Expiry
  1061. );
  1062. if (NT_SUCCESS(Status))
  1063. {
  1064. *phServerCtxtHandle = hServerCtxtHandle;
  1065. SecInvalidateHandle(&hServerCtxtHandle);
  1066. *pfContextAttr = fContextAttr;
  1068. ASSERT(sizeof(*pAcceptResponse) == OutBuff.cbBuffer);
  1069. RtlCopyMemory(pAcceptResponse, OutBuff.pvBuffer, sizeof(*pAcceptResponse));
  1071. SspiPrint(SSPI_LOG, TEXT("ServerCtxtHandle is %#x:%#x, fContextAttr %#x\n"),
  1072. phServerCtxtHandle->dwUpper, phServerCtxtHandle->dwLower, *pfContextAttr);
  1074. SspiPrint(SSPI_LOG, TEXT("Authenticate LogonId %#x:%#x, UserFlags %#x\n"),
  1075. pAcceptResponse->LogonId.HighPart, pAcceptResponse->LogonId.LowPart, pAcceptResponse->UserFlags);
  1076. SspiPrintSysTimeAsLocalTime(SSPI_LOG, TEXT("KickoffTime"), &pAcceptResponse->KickoffTime);
  1077. SspiPrintHex(SSPI_LOG, TEXT("UserSessionKey"), MSV1_0_USER_SESSION_KEY_LENGTH, pAcceptResponse->UserSessionKey);
  1078. SspiPrintHex(SSPI_LOG, TEXT("LanmanSessionKey"), MSV1_0_LANMAN_SESSION_KEY_LENGTH, pAcceptResponse->LanmanSessionKey);
  1079. SspiPrintSysTimeAsLocalTime(SSPI_LOG, TEXT("Expiry"), &Expiry);
  1080. }
  1082. if (SecIsValidHandle(&hServerCtxtHandle))
  1083. {
  1084. DeleteSecurityContext(&hServerCtxtHandle);
  1085. }
  1087. return Status;
  1088. }
  1090. NTSTATUS
  1091. MsvAuthenticate(
  1092. IN OPTIONAL PTSTR pszCredPrincipal,
  1093. IN OPTIONAL LUID* pCredLogonID,
  1094. IN OPTIONAL VOID* pAuthData,
  1095. IN ULONG fContextAttr,
  1096. IN ULONG TargetDataRep,
  1097. IN ULONG cbAuthMessage,
  1098. IN AUTHENTICATE_MESSAGE* pAuthMessage,
  1099. IN NTLM_AUTHENTICATE_MESSAGE* pNtlmAuthMessage,
  1100. OUT PCtxtHandle phServerCtxt,
  1101. OUT ULONG* pfContextAttr
  1102. )
  1103. {
  1104. TNtStatus Status;
  1106. CredHandle hServerCred;
  1107. CtxtHandle hServerCtxt;
  1109. NTLM_ACCEPT_RESPONSE AcceptResponse = {0};
  1111. SecInvalidateHandle(&hServerCred);
  1112. SecInvalidateHandle(&hServerCtxt);
  1114. SspiPrint(SSPI_LOG, TEXT("MsvAuthenticate pszCredPrincipal %s, fContextAttr %#x, TargetDataRep %#x, pCredLogonID %p, pAuthData %p\n"),
  1115. pszCredPrincipal, fContextAttr, TargetDataRep, pCredLogonID, pAuthData);
  1116. SspiPrintHex(SSPI_LOG, TEXT("pAuthMessage"), cbAuthMessage, pAuthMessage);
  1117. SspiPrintHex(SSPI_LOG, TEXT("pNtlmAuthMessage->ChallengeToClient"), MSV1_0_CHALLENGE_LENGTH, pNtlmAuthMessage->ChallengeToClient);
  1118. SspiPrint(SSPI_LOG, TEXT("pNtlmAuthMessage->ParameterControl %#x\n"), pNtlmAuthMessage->ParameterControl);
  1120. Status DBGCHK = GetCredHandle(
  1121. pszCredPrincipal,
  1122. pCredLogonID,
  1123. TEXT("NTLM"),
  1124. pAuthData,
  1125. SECPKG_CRED_INBOUND,
  1126. &hServerCred
  1127. );
  1129. if (NT_SUCCESS(Status))
  1130. {
  1131. Status DBGCHK = GetAuthenticateResponse(
  1132. &hServerCred,
  1133. fContextAttr,
  1134. TargetDataRep,
  1135. cbAuthMessage,
  1136. pAuthMessage,
  1137. pNtlmAuthMessage,
  1138. &hServerCtxt,
  1139. &fContextAttr,
  1140. &AcceptResponse
  1141. );
  1142. }
  1144. if (NT_SUCCESS(Status))
  1145. {
  1146. *pfContextAttr = fContextAttr;
  1147. *phServerCtxt = hServerCtxt;
  1148. SecInvalidateHandle(&hServerCtxt);
  1149. }
  1151. if (SecIsValidHandle(&hServerCtxt))
  1152. {
  1153. DeleteSecurityContext(&hServerCtxt);
  1154. }
  1156. if (SecIsValidHandle(&hServerCred))
  1157. {
  1158. FreeCredentialsHandle(&hServerCred);
  1159. }
  1161. return Status;
  1162. }