/* prepares a base64-encode challenge packet to be sent to the client
* note: domain should be upper_case
* note: the storage type for the returned value depends on
* base64_encode_bin. Currently this means static storage.
*/
const char *
ntlm_make_challenge(char *domain, char *domain_controller,
char *challenge_nonce, int challenge_nonce_len)
{
ntlm_challenge ch;
int pl = 0;
const char *encoded;
memset(&ch, 0, sizeof(ntlm_challenge)); /* reset */
memcpy(ch.signature, "NTLMSSP", 8); /* set the signature */
ch.type = WSWAP(NTLM_CHALLENGE); /* this is a challenge */
ntlm_add_to_payload(ch.payload, &pl, &ch.target, domain, strlen(domain),
NTLM_CHALLENGE_HEADER_OFFSET);
ch.flags = WSWAP(
REQUEST_NON_NT_SESSION_KEY |
CHALLENGE_TARGET_IS_DOMAIN |
NEGOTIATE_ALWAYS_SIGN |
NEGOTIATE_USE_NTLM |
NEGOTIATE_USE_LM |
NEGOTIATE_ASCII |
0
);
ch.context_low = 0; /* check this out */
ch.context_high = 0;
memcpy(ch.challenge, challenge_nonce, challenge_nonce_len);
encoded = base64_encode_bin((char *) &ch, NTLM_CHALLENGE_HEADER_OFFSET + pl);
return encoded;
}
const char * WINAPI SSP_ValidateNegotiateCredentials(PVOID PAutenticateBuf, int AutenticateLen, PBOOL fDone, int * Status, char * credentials)
{
DWORD cbOut = 0;
DWORD cbIn = 0;
const char * encoded = NULL;
memcpy(pClientBuf, PAutenticateBuf, AutenticateLen);
ZeroMemory(pServerBuf, cbMaxToken);
do {
if (!hModule)
break;
/* Prepare server message (authentication) */
cbIn = AutenticateLen;
cbOut = cbMaxToken;
if (!GenServerContext(&NTLM_asServer, pClientBuf, cbIn, pServerBuf, &cbOut,
fDone, credentials)) {
*Status = SSP_ERROR;
break;
}
*Status = SSP_OK;
} while (0);
if (pServerBuf != NULL && cbOut > 0)
encoded = base64_encode_bin((char *) pServerBuf, cbOut);
return encoded;
}
const char * WINAPI SSP_MakeNegotiateBlob(PVOID PNegotiateBuf, int NegotiateLen, PBOOL fDone, int * Status, char * credentials)
{
DWORD cbOut = 0;
DWORD cbIn = 0;
const char * encoded = NULL;
if (NTLM_asServer.fHaveCtxtHandle)
_DeleteSecurityContext(&NTLM_asServer.hctxt);
if (NTLM_asServer.fHaveCredHandle)
_FreeCredentialsHandle(&NTLM_asServer.hcred);
memcpy(pClientBuf, PNegotiateBuf, NegotiateLen);
ZeroMemory(pServerBuf, cbMaxToken);
ZeroMemory(&NTLM_asServer, sizeof(NTLM_asServer));
do {
if (!hModule)
break;
/* Prepare server message (challenge) */
cbIn = NegotiateLen;
cbOut = cbMaxToken;
if (!GenServerContext(&NTLM_asServer, pClientBuf, cbIn, pServerBuf, &cbOut,
fDone, credentials)) {
*Status = SSP_ERROR;
break;
}
*Status = SSP_OK;
} while (0);
if (pServerBuf != NULL && cbOut > 0)
encoded = base64_encode_bin((char *) pServerBuf, cbOut);
return encoded;
}
static void
authDigestNonceEncode(digest_nonce_h * nonce)
{
if (!nonce)
return;
if (nonce->hash.key)
xfree(nonce->hash.key);
nonce->hash.key = xstrdup(base64_encode_bin((char *) &(nonce->noncedata), sizeof(digest_nonce_data)));
}
const char * WINAPI SSP_MakeChallenge(PVOID PNegotiateBuf, int NegotiateLen)
{
BOOL fDone = FALSE;
PVOID fResult = NULL;
DWORD cbOut = 0;
DWORD cbIn = 0;
ntlm_challenge * challenge;
const char * encoded = NULL;
if (NTLM_asServer.fHaveCtxtHandle)
_DeleteSecurityContext(&NTLM_asServer.hctxt);
if (NTLM_asServer.fHaveCredHandle)
_FreeCredentialsHandle(&NTLM_asServer.hcred);
NTLM_LocalCall = FALSE;
Use_Unicode = FALSE;
memcpy(pClientBuf, PNegotiateBuf, NegotiateLen);
ZeroMemory(pServerBuf, cbMaxToken);
ZeroMemory(&NTLM_asServer, sizeof(NTLM_asServer));
do {
if (!hModule)
break;
/* Prepare server message (challenge) */
cbIn = NegotiateLen;
cbOut = cbMaxToken;
if (!GenServerContext(&NTLM_asServer, pClientBuf, cbIn, pServerBuf, &cbOut,
&fDone, NULL))
break;
fResult = pServerBuf;
} while (0);
if (fResult != NULL) {
challenge = (ntlm_challenge *) fResult;
Use_Unicode = NEGOTIATE_UNICODE & challenge->flags;
NTLM_LocalCall = NEGOTIATE_THIS_IS_LOCAL_CALL & challenge->flags;
encoded = base64_encode_bin((char *) fResult, cbOut);
}
return encoded;
}
