// encrypt and send data to remote system
SECURITY_STATUS ssl_send (void)
{
SecBufferDesc msg;
SecBuffer sb[4];
// stream header
sb[0].pvBuffer = pbBufferOut;
sb[0].cbBuffer = Sizes.cbHeader;
sb[0].BufferType = SECBUFFER_STREAM_HEADER;
// stream data
sb[1].pvBuffer = pbBufferOut + Sizes.cbHeader;
sb[1].cbBuffer = cbDataOut;
sb[1].BufferType = SECBUFFER_DATA;
// stream trailer
sb[2].pvBuffer = pbBufferOut + Sizes.cbHeader + cbDataOut;
sb[2].cbBuffer = Sizes.cbTrailer;
sb[2].BufferType = SECBUFFER_STREAM_TRAILER;
sb[3].pvBuffer = SECBUFFER_EMPTY;
sb[3].cbBuffer = SECBUFFER_EMPTY;
sb[3].BufferType = SECBUFFER_EMPTY;
msg.ulVersion = SECBUFFER_VERSION;
msg.cBuffers = 4;
msg.pBuffers = sb;
// encrypt
ss = sspi->EncryptMessage (&hContext, 0, &msg, 0);
// send
if (ss==SEC_E_OK) {
send (s, pbBufferOut, sb[0].cbBuffer + sb[1].cbBuffer + sb[2].cbBuffer, 0);
}
return ss;
}
int NetlibSslWrite(SslHandle *ssl, const char *buf, int num)
{
if (ssl == NULL) return SOCKET_ERROR;
SecPkgContext_StreamSizes Sizes;
SECURITY_STATUS scRet = g_pSSPI->QueryContextAttributes(&ssl->hContext, SECPKG_ATTR_STREAM_SIZES, &Sizes);
if (scRet != SEC_E_OK)
return scRet;
PUCHAR pbDataBuffer = (PUCHAR)mir_calloc(Sizes.cbMaximumMessage + Sizes.cbHeader + Sizes.cbTrailer);
PUCHAR pbMessage = pbDataBuffer + Sizes.cbHeader;
DWORD sendOff = 0;
while (sendOff < (DWORD)num) {
DWORD cbMessage = min(Sizes.cbMaximumMessage, (DWORD)num - sendOff);
memcpy(pbMessage, buf + sendOff, cbMessage);
SecBuffer Buffers[4] = { 0 };
Buffers[0].pvBuffer = pbDataBuffer;
Buffers[0].cbBuffer = Sizes.cbHeader;
Buffers[0].BufferType = SECBUFFER_STREAM_HEADER;
Buffers[1].pvBuffer = pbMessage;
Buffers[1].cbBuffer = cbMessage;
Buffers[1].BufferType = SECBUFFER_DATA;
Buffers[2].pvBuffer = pbMessage + cbMessage;
Buffers[2].cbBuffer = Sizes.cbTrailer;
Buffers[2].BufferType = SECBUFFER_STREAM_TRAILER;
Buffers[3].BufferType = SECBUFFER_EMPTY;
SecBufferDesc Message;
Message.ulVersion = SECBUFFER_VERSION;
Message.cBuffers = _countof(Buffers);
Message.pBuffers = Buffers;
if (g_pSSPI->EncryptMessage != NULL)
scRet = g_pSSPI->EncryptMessage(&ssl->hContext, 0, &Message, 0);
else
scRet = ((ENCRYPT_MESSAGE_FN)g_pSSPI->Reserved3)(&ssl->hContext, 0, &Message, 0);
if (FAILED(scRet)) break;
// Calculate encrypted packet size
DWORD cbData = Buffers[0].cbBuffer + Buffers[1].cbBuffer + Buffers[2].cbBuffer;
// Send the encrypted data to the server.
cbData = send(ssl->s, (char*)pbDataBuffer, cbData, 0);
if (cbData == SOCKET_ERROR || cbData == 0) {
Netlib_Logf(NULL, "SSL failure sending data (%d)", WSAGetLastError());
scRet = SEC_E_INTERNAL_ERROR;
break;
}
sendOff += cbMessage;
}
mir_free(pbDataBuffer);
return scRet == SEC_E_OK ? num : SOCKET_ERROR;
}
char* CompleteGssapi(HANDLE hSecurity, unsigned char *szChallenge, unsigned chlsz)
{
if (!szChallenge || !szChallenge[0]) return NULL;
NtlmHandleType* hNtlm = (NtlmHandleType*)hSecurity;
unsigned char inDataBuffer[1024];
SecBuffer inBuffers[2] =
{
{ sizeof(inDataBuffer), SECBUFFER_DATA, inDataBuffer },
{ chlsz, SECBUFFER_STREAM, szChallenge },
};
SecBufferDesc inBuffersDesc = { SECBUFFER_VERSION, 2, inBuffers };
unsigned long qop = 0;
SECURITY_STATUS sc = g_pSSPI->DecryptMessage(&hNtlm->hClientContext, &inBuffersDesc, 0, &qop);
if (sc != SEC_E_OK)
{
ReportSecError(sc, __LINE__);
return NULL;
}
unsigned char LayerMask = inDataBuffer[0];
unsigned int MaxMessageSize = htonl(*(unsigned*)&inDataBuffer[1]);
SecPkgContext_Sizes sizes;
sc = g_pSSPI->QueryContextAttributes(&hNtlm->hClientContext, SECPKG_ATTR_SIZES, &sizes);
if (sc != SEC_E_OK)
{
ReportSecError(sc, __LINE__);
return NULL;
}
unsigned char *tokenBuffer = (unsigned char*)alloca(sizes.cbSecurityTrailer);
unsigned char *paddingBuffer = (unsigned char*)alloca(sizes.cbBlockSize);
unsigned char outDataBuffer[4] = { 1, 0, 16, 0 };
SecBuffer outBuffers[3] =
{
{ sizes.cbSecurityTrailer, SECBUFFER_TOKEN, tokenBuffer },
{ sizeof(outDataBuffer), SECBUFFER_DATA, outDataBuffer },
{ sizes.cbBlockSize, SECBUFFER_PADDING, paddingBuffer }
};
SecBufferDesc outBuffersDesc = { SECBUFFER_VERSION, 3, outBuffers };
sc = g_pSSPI->EncryptMessage(&hNtlm->hClientContext, SECQOP_WRAP_NO_ENCRYPT, &outBuffersDesc, 0);
if (sc != SEC_E_OK)
{
ReportSecError(sc, __LINE__);
return NULL;
}
unsigned i, ressz = 0;
for (i = 0; i < outBuffersDesc.cBuffers; i++)
ressz += outBuffersDesc.pBuffers[i].cbBuffer;
unsigned char *response = (unsigned char*)alloca(ressz), *p = response;
for (i = 0; i < outBuffersDesc.cBuffers; i++)
{
memcpy(p, outBuffersDesc.pBuffers[i].pvBuffer, outBuffersDesc.pBuffers[i].cbBuffer);
p += outBuffersDesc.pBuffers[i].cbBuffer;
}
NETLIBBASE64 nlb64;
nlb64.cbDecoded = ressz;
nlb64.pbDecoded = response;
nlb64.cchEncoded = Netlib_GetBase64EncodedBufferSize(nlb64.cbDecoded);
nlb64.pszEncoded = (char*)alloca(nlb64.cchEncoded);
if (!NetlibBase64Encode(0,(LPARAM)&nlb64)) return NULL;
return mir_strdup(nlb64.pszEncoded);
}
