bool CSSPIHandler::InitProtocol(const char *protocol)
{
if(QuerySecurityPackageInfoA( (char*)protocol, &m_secPackInfo ) != SEC_E_OK)
return false;
if(!m_secPackInfo)
return false;
m_currentProtocol = protocol;
return true;
}
static void test_kerberos(void)
{
SecPkgInfoA *info;
TimeStamp ttl;
CredHandle cred;
SECURITY_STATUS status;
SEC_CHAR provider[] = {'K','e','r','b','e','r','o','s',0};
static const ULONG expected_flags =
SECPKG_FLAG_INTEGRITY
| SECPKG_FLAG_PRIVACY
| SECPKG_FLAG_TOKEN_ONLY
| SECPKG_FLAG_DATAGRAM
| SECPKG_FLAG_CONNECTION
| SECPKG_FLAG_MULTI_REQUIRED
| SECPKG_FLAG_EXTENDED_ERROR
| SECPKG_FLAG_IMPERSONATION
| SECPKG_FLAG_ACCEPT_WIN32_NAME
| SECPKG_FLAG_NEGOTIABLE
| SECPKG_FLAG_GSS_COMPATIBLE
| SECPKG_FLAG_LOGON
| SECPKG_FLAG_MUTUAL_AUTH
| SECPKG_FLAG_DELEGATION
| SECPKG_FLAG_READONLY_WITH_CHECKSUM;
static const ULONG optional_mask =
SECPKG_FLAG_RESTRICTED_TOKENS
| SECPKG_FLAG_APPCONTAINER_CHECKS;
status = QuerySecurityPackageInfoA(provider, &info);
ok(status == SEC_E_OK, "Kerberos package not installed, skipping test\n");
if(status != SEC_E_OK)
return;
ok( (info->fCapabilities & ~optional_mask) == expected_flags, "got %08x, expected %08x\n", info->fCapabilities, expected_flags );
ok( info->wVersion == 1, "got %u\n", info->wVersion );
ok( info->wRPCID == RPC_C_AUTHN_GSS_KERBEROS, "got %u\n", info->wRPCID );
ok( info->cbMaxToken >= 12000, "got %u\n", info->cbMaxToken );
ok( !lstrcmpA( info->Name, "Kerberos" ), "got %s\n", info->Name );
ok( !lstrcmpA( info->Comment, "Microsoft Kerberos V1.0" ), "got %s\n", info->Comment );
FreeContextBuffer( info );
status = AcquireCredentialsHandleA( NULL, provider, SECPKG_CRED_OUTBOUND, NULL,
NULL, NULL, NULL, &cred, &ttl );
todo_wine ok( status == SEC_E_OK, "AcquireCredentialsHandleA returned %08x\n", status );
if(status == SEC_E_OK)
FreeCredentialHandle( &cred );
}
BOOL DoAuthentication (void)
{
SECURITY_STATUS ss;
DWORD cbIn;
DWORD cbOut;
DWORD g_cbMaxMessage;
BOOL done = FALSE;
BOOL fDone = FALSE;
BOOL fNewConversation = TRUE;
TimeStamp Lifetime;
PSecPkgInfoA pkgInfo;
CredHandle hcred;
CredHandle hCcred;
struct _SecHandle hctxt;
struct _SecHandle hCctxt;
PBYTE g_pInBuf = NULL;
PBYTE g_pOutBuf = NULL;
SEC_CHAR g_lpPackageName[1024];
PBYTE nonce, clientnonce, lmhash, nthash;
PCHAR pUserName = NULL;
DWORD cbUserName = 0;
lstrcpynA (g_lpPackageName, "NTLM",5);
ss = QuerySecurityPackageInfoA ( g_lpPackageName, &pkgInfo);
if (!SEC_SUCCESS(ss)) MyHandleError("Could not query package");
g_cbMaxMessage = pkgInfo->cbMaxToken;
FreeContextBuffer(pkgInfo);
g_pInBuf = (PBYTE) malloc (g_cbMaxMessage);
g_pOutBuf = (PBYTE) malloc (g_cbMaxMessage);
if (NULL == g_pInBuf || NULL == g_pOutBuf) MyHandleError("Memory allocation");
ss = AcquireCredentialsHandleA (NULL, g_lpPackageName, SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL, &hcred, &Lifetime);
if (!SEC_SUCCESS (ss)) MyHandleError("AcquireCreds failed");
cbOut = g_cbMaxMessage;
if (!GenClientContext ( NULL, 0, g_pOutBuf, &cbOut, &fDone, "NTLM", &hCcred, &hCctxt))
MyHandleError("Cant't generate client context");
printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut);//type1
PrintHexDump (cbOut, (PBYTE)g_pOutBuf);
memcpy(g_pInBuf,g_pOutBuf, cbOut);
cbIn = cbOut;
cbOut = g_cbMaxMessage;
if (!GenServerContext (g_pInBuf, cbIn, g_pOutBuf, &cbOut, &done, fNewConversation, &hcred, &hctxt))
MyHandleError("GenServerContext failed");
fNewConversation = FALSE;
printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut); //type2
PrintHexDump (cbOut, (PBYTE)g_pOutBuf);
memcpy(g_pInBuf,g_pOutBuf, cbOut);
cbIn = cbOut;
cbOut = g_cbMaxMessage;
nonce = (PBYTE) malloc (16);
memcpy (nonce, (void *)&g_pOutBuf[24], 8);
if (!GenClientContext (g_pInBuf, cbIn, g_pOutBuf, &cbOut, &fDone, "NTLM", &hCcred, &hCctxt))
MyHandleError("GenClientContext failed");
printf ("Type%hhd message (%lu bytes):\n",g_pOutBuf[8], cbOut);//type3
PrintHexDump (cbOut, (PBYTE)g_pOutBuf);
GetUserNameExA(NameSamCompatible, pUserName, &cbUserName);
pUserName = (PCHAR) malloc (cbUserName);
GetUserNameExA(NameSamCompatible, pUserName, &cbUserName);
cbUserName = (DWORD)((int)strchr(pUserName,'\\'));
*(char *)cbUserName = 0;
printf("g_pOutBuf[22]=%d\n",g_pOutBuf[22]);
if (g_pOutBuf[22] > 24)
{
printf("NTLMv2\n");
nthash = (PBYTE) malloc (16);
cbIn = g_pOutBuf[24] + (g_pOutBuf[25] << 8);
memcpy (nthash, (void *)&g_pOutBuf[cbIn], 16);
cbIn += 16;
clientnonce = (PBYTE) malloc (cbOut - cbIn - 16);
//memcpy (clientnonce, (void *)&g_pOutBuf[cbIn], 84);
memcpy (clientnonce, (void *)&g_pOutBuf[cbIn], cbOut - cbIn - 16);
printf("Nonce: ");
PrintHex (8, nonce);
printf("\nClientNonce: ");
PrintHex (cbOut - cbIn - 16, clientnonce);
printf("\nNThash: ");
PrintHex (16, nthash);
printf("\n");
printf("\nJTR: %s::%s", (unsigned char *)((int)cbUserName+1), (unsigned char *)pUserName);
printf(":");
PrintHex (8, nonce);
printf(":");
PrintHex (16, nthash);
printf(":");
PrintHex (cbOut - cbIn - 16, clientnonce);
printf("\n");
}
else if (g_pOutBuf[22] == 24)
{
printf("NTLM\n");
lmhash = (PBYTE) malloc (24);
cbIn = g_pOutBuf[16] + (g_pOutBuf[17] << 8);
memcpy (lmhash, (void *)&g_pOutBuf[cbIn], 24);
nthash = (PBYTE) malloc (24);
cbIn = g_pOutBuf[24] + (g_pOutBuf[25] << 8);
memcpy (nthash, (void *)&g_pOutBuf[cbIn], 24);
printf("\nNonce: ");
PrintHex (8, nonce);
printf("\nLMhash: ");
PrintHex (24, lmhash);
printf("\nNThash: ");
PrintHex (24, nthash);
printf("\nJTR: %s::%s", (unsigned char *)((int)cbUserName+1), (unsigned char *)pUserName);
printf(":");
PrintHex (24, lmhash);
printf(":");
PrintHex (24, nthash);
printf(":");
PrintHex (8, nonce);
printf("\n");
}
else
{
printf("Unknown hashtype");
}
return(TRUE);
}
OM_uint32 gss_init_sec_context (
OM_uint32 *minor_status,
gss_cred_id_t claimant_cred_handle,
gss_ctx_id_t *context_handle,
gss_name_t target_name,
gss_OID mech_type,
int req_flags,
int time_req,
gss_channel_bindings_t input_channel_bindings,
gss_buffer_t input_token,
gss_OID *actual_mech_types,
gss_buffer_t output_token,
int *ret_flags,
OM_int32 *time_rec)
{
SecPkgInfoA *secPackInfo = NULL;
gss_cred_id_t credhandle={0};
gss_ctx_id_t *pctx;
// SECBUFFER_TOKEN
// This buffer type is used to indicate the security token portion of the message.
// This is read-only for input parameters or read/write for output parameters.
SecBuffer InputBuf[1] = {input_token?input_token->length:0,SECBUFFER_TOKEN,input_token?input_token->value:0};
SecBuffer OutputBuf[1] = {0,SECBUFFER_TOKEN,NULL};
SecBufferDesc InBuffer[1] = {SECBUFFER_VERSION, 1, InputBuf};
SecBufferDesc OutBuffer[1] = {SECBUFFER_VERSION, 1, OutputBuf};
OM_uint32 ret;
TimeStamp tr;
unsigned long rf;
SECURITY_STATUS retq;
//
// Previously gserver passed ISC_REQ_ALLOCATE_MEMORY to InitializeSecurityContext
// but it returns SEC_E_BUFFER_TOO_SMALL - I think this is because
// only Digest and Schannel will allocate output buffers for you, even though the documentation
// doesn't make that clear for InitializeSecurityContext (see AcquireCredentialsHandle doco).
//
if((retq=QuerySecurityPackageInfoA( "Kerberos", &secPackInfo )) != SEC_E_OK)
return 0;
OutputBuf->BufferType = SECBUFFER_TOKEN; // preping a token here
OutputBuf->cbBuffer = secPackInfo->cbMaxToken;
OutputBuf->pvBuffer = malloc(secPackInfo->cbMaxToken);
if(claimant_cred_handle.dwLower==0 && claimant_cred_handle.dwUpper==0)
{
static gss_cred_id_t global_client_cred={0};
if(global_client_cred.dwLower==0 || global_client_cred.dwUpper==0)
{
ret = AcquireCredentialsHandleA(NULL,"Kerberos",SECPKG_CRED_OUTBOUND,NULL,NULL,NULL,NULL,&global_client_cred,NULL);
if(ret)
return ret;
}
credhandle = global_client_cred;
}
else
credhandle = claimant_cred_handle;
if(context_handle->dwLower==0 && context_handle->dwUpper==0)
pctx = NULL;
else
pctx = context_handle;
// note - only Digest and Schannel will allocate output buffers for you.
// so kerberos and other security contexts should not use ISC_REQ_ALLOCATE_MEMORY
// and also should not free them by calling the FreeContextBuffer function.
ret = InitializeSecurityContextA(
&credhandle, pctx, target_name, req_flags, 0, SECURITY_NETWORK_DREP,
input_token?InBuffer:NULL,0, pctx?NULL:context_handle, OutBuffer, &rf, &tr);
// really need to return if that didn't work...
if (ret != SEC_E_OK /*GSS_S_COMPLETE*/ && ret != SEC_I_CONTINUE_NEEDED /*GSS_S_CONTINUE_NEEDED*/ )
{
free(OutputBuf->pvBuffer);
OutputBuf->pvBuffer = NULL;
return ret;
}
output_token->length = OutputBuf[0].cbBuffer;
output_token->value = malloc((OutputBuf[0].cbBuffer)+100);
if (output_token->value!=NULL)
memcpy(output_token->value,OutputBuf[0].pvBuffer,output_token->length);
// only call this if InitializeSecurityContext successfully created the buffers for us
// FreeContextBuffer(OutBuffer);
// manually made the memory, so manually release it...
free(OutputBuf->pvBuffer);
OutputBuf->pvBuffer = NULL;
*minor_status = 0;
if(time_rec)
*time_rec=tr.LowPart;
if(ret_flags)
*ret_flags=rf;
return ret;
}
OM_uint32 gss_accept_sec_context (
OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
gss_cred_id_t verifier_cred_handle,
gss_buffer_t input_token,
gss_channel_bindings_t input_chan_bindings,
gss_name_t *src_name,
gss_OID *actual_mech_type,
gss_buffer_t output_token,
OM_uint32 *ret_flags,
OM_uint32 *time_rec,
gss_cred_id_t *delegated_cred_handle)
{
gss_cred_id_t credhandle={0};
gss_ctx_id_t *pctx;
DWORD cbmaxtoken;
PVOID pbuf;
// Get max token size
PSecPkgInfo pspi = NULL;
QuerySecurityPackageInfoA("Kerberos", &pspi);
cbmaxtoken = pspi->cbMaxToken;
FreeContextBuffer(pspi);
pbuf = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, (cbmaxtoken<12000)?12000:cbmaxtoken);
SecBuffer InputBuf[1] = {input_token->length,SECBUFFER_TOKEN,input_token->value};
SecBuffer OutputBuf[1] = {cbmaxtoken,SECBUFFER_TOKEN,pbuf};
SecBufferDesc InBuffer[1] = {SECBUFFER_VERSION, 1, InputBuf};
SecBufferDesc OutBuffer[1] = {SECBUFFER_VERSION, 1, OutputBuf};
OM_uint32 ret;
TimeStamp tr;
unsigned long rf;
if(context_handle->dwLower==0 && context_handle->dwUpper==0)
pctx = NULL;
else
pctx = context_handle;
ret = AcceptSecurityContext(&verifier_cred_handle, pctx, InBuffer, ASC_REQ_MUTUAL_AUTH,
SECURITY_NETWORK_DREP, context_handle, OutBuffer, &rf, &tr);
output_token->length = OutputBuf[0].cbBuffer;
output_token->value = malloc((OutputBuf[0].cbBuffer)+100);
if (output_token->value!=NULL)
memcpy(output_token->value,OutputBuf[0].pvBuffer,OutputBuf[0].cbBuffer);
HeapFree(GetProcessHeap(), 0, pbuf);
if(!ret)
{
SecPkgContext_NamesA names = {0};
QueryContextAttributes(context_handle, SECPKG_ATTR_NAMES, &names);
*src_name = strdup(names.sUserName);
FreeContextBuffer(&names);
}
*minor_status = 0;
if(time_rec)
*time_rec=tr.LowPart;
if(ret_flags)
*ret_flags=rf;
return ret;
}
