SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry) { SECURITY_STATUS status; NEGOTIATE_CONTEXT* context; context = (NEGOTIATE_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); if (!context) { context = negotiate_ContextNew(); if (!context) return SEC_E_INTERNAL_ERROR; sspi_SecureHandleSetLowerPointer(phNewContext, context); sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOTIATE_PACKAGE_NAME); } status = context->sspiA->InitializeSecurityContextA(phCredential, &(context->SubContext), pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, Reserved2, &(context->SubContext), pOutput, pfContextAttr, ptsExpiry); return status; }
SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp) { SECURITY_STATUS status; NEGOTIATE_CONTEXT* context; context = (NEGOTIATE_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); if (!context) { context = negotiate_ContextNew(); if (!context) return SEC_E_INTERNAL_ERROR; sspi_SecureHandleSetLowerPointer(phNewContext, context); sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME); } negotiate_SetSubPackage(context, (const char*) NTLM_SSP_NAME); /* server-side Kerberos not yet implemented */ status = context->sspiA->AcceptSecurityContext(phCredential, &(context->SubContext), pInput, fContextReq, TargetDataRep, &(context->SubContext), pOutput, pfContextAttr, ptsTimeStamp); if (status != SEC_E_OK) { WLog_WARN(TAG, "AcceptSecurityContext status %s [0x%08"PRIX32"]", GetSecurityStatusString(status), status); } return status; }
SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp) { SECURITY_STATUS status; NEGOTIATE_CONTEXT* context; context = (NEGOTIATE_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); if (!context) { context = negotiate_ContextNew(); if (!context) return SEC_E_INTERNAL_ERROR; sspi_SecureHandleSetLowerPointer(phNewContext, context); sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOTIATE_PACKAGE_NAME); } status = context->sspiA->AcceptSecurityContext(phCredential, &(context->SubContext), pInput, fContextReq, TargetDataRep, &(context->SubContext), pOutput, pfContextAttr, ptsTimeStamp); if (status != SEC_E_OK) { WLog_WARN(TAG, "AcceptSecurityContext status %s [%08X]", GetSecurityStatusString(status), status); } return status; }
SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry) { SECURITY_STATUS status; NEGOTIATE_CONTEXT* context; context = (NEGOTIATE_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); if (!context) { context = negotiate_ContextNew(); if (!context) return SEC_E_INTERNAL_ERROR; sspi_SecureHandleSetLowerPointer(phNewContext, context); sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGO_SSP_NAME); } /* if Kerberos has previously failed or WITH_GSSAPI is not defined, we use NTLM directly */ if (ErrorInitContextKerberos == FALSE) { if (!pInput) { negotiate_SetSubPackage(context, (const char*) KERBEROS_SSP_NAME); } status = context->sspiA->InitializeSecurityContextA(phCredential, &(context->SubContext), pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, Reserved2, &(context->SubContext), pOutput, pfContextAttr, ptsExpiry); if (status == SEC_E_NO_CREDENTIALS) { WLog_WARN(TAG, "No Kerberos credentials. Retry with NTLM"); ErrorInitContextKerberos = TRUE; context->sspiA->DeleteSecurityContext(&(context->SubContext)); negotiate_ContextFree(context); return status; } } else { if (!pInput) { context->sspiA->DeleteSecurityContext(&(context->SubContext)); negotiate_SetSubPackage(context, (const char*) NTLM_SSP_NAME); } status = context->sspiA->InitializeSecurityContextA(phCredential, &(context->SubContext), pszTargetName, fContextReq, Reserved1, TargetDataRep, pInput, Reserved2, &(context->SubContext), pOutput, pfContextAttr, ptsExpiry); } return status; }
SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, uint32 fContextReq, uint32 Reserved1, uint32 TargetDataRep, PSecBufferDesc pInput, uint32 Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, uint32* pfContextAttr, PTimeStamp ptsExpiry) { NEGOTIATE_CONTEXT* context; //SECURITY_STATUS status; CREDENTIALS* credentials; //PSecBuffer input_SecBuffer; PSecBuffer output_SecBuffer; //KrbTGTREQ krb_tgtreq; context = sspi_SecureHandleGetLowerPointer(phContext); if (!context) { context = negotiate_ContextNew(); credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); negotiate_SetContextIdentity(context, &credentials->identity); sspi_SecureHandleSetLowerPointer(phNewContext, context); sspi_SecureHandleSetUpperPointer(phNewContext, (void*) NEGOTIATE_PACKAGE_NAME); } if((!pInput) && (context->state == NEGOTIATE_STATE_INITIAL)) { if (!pOutput) return SEC_E_INVALID_TOKEN; if (pOutput->cBuffers < 1) return SEC_E_INVALID_TOKEN; output_SecBuffer = &pOutput->pBuffers[0]; if (output_SecBuffer->cbBuffer < 1) return SEC_E_INSUFFICIENT_MEMORY; } return SEC_E_OK; }