ReceiveTempSMS/Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

secur32: Add handling of feature flags and session key to AcceptSecurityContext.

Browse Source
This commit is contained in:
Kai Blin 2006-08-15 02:02:46 +02:00 committed by Alexandre Julliard
parent fe43d5d484
commit cc17d97d23
1 changed files with 79 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
dlls/secur32/ntlm.c
View File

@ -734,7 +734,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry) PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
{ {
SECURITY_STATUS ret; SECURITY_STATUS ret;
char *buffer; char *buffer, *want_flags = NULL;
PBYTE bin; PBYTE bin;
int buffer_len, bin_len, max_len = NTLM_MAX_BUF; int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
ULONG ctxt_attr = 0; ULONG ctxt_attr = 0;
@ -786,17 +786,26 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
bin_len = pInput->pBuffers[0].cbBuffer; bin_len = pInput->pBuffers[0].cbBuffer;
/* Handle all the flags */ /* Handle all the flags */
want_flags = HeapAlloc(GetProcessHeap(), 0, 73);
if(want_flags == NULL)
{
TRACE("Failed to allocate memory for the want_flags!\n");
ret = SEC_E_INSUFFICIENT_MEMORY;
goto asc_end;
}
lstrcpyA(want_flags, "SF");
if(fContextReq & ASC_REQ_ALLOCATE_MEMORY) if(fContextReq & ASC_REQ_ALLOCATE_MEMORY)
{ {
FIXME("ASC_REQ_ALLOCATE_MEMORY stub\n"); FIXME("ASC_REQ_ALLOCATE_MEMORY stub\n");
} }
if(fContextReq & ASC_REQ_CONFIDENTIALITY) if(fContextReq & ASC_REQ_CONFIDENTIALITY)
{ {
FIXME("ASC_REQ_CONFIDENTIALITY stub\n"); lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
} }
if(fContextReq & ASC_REQ_CONNECTION) if(fContextReq & ASC_REQ_CONNECTION)
{ {
/* This is default, so we'll enable it */ /* This is default, so we'll enable it */
lstrcatA(want_flags, " NTLMSSP_FEATURE_SESSION_KEY");
ctxt_attr |= ASC_RET_CONNECTION; ctxt_attr |= ASC_RET_CONNECTION;
} }
if(fContextReq & ASC_REQ_EXTENDED_ERROR) if(fContextReq & ASC_REQ_EXTENDED_ERROR)
@ -805,7 +814,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
} }
if(fContextReq & ASC_REQ_INTEGRITY) if(fContextReq & ASC_REQ_INTEGRITY)
{ {
FIXME("ASC_REQ_INTEGRITY stub\n"); lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
} }
if(fContextReq & ASC_REQ_MUTUAL_AUTH) if(fContextReq & ASC_REQ_MUTUAL_AUTH)
{ {
@ -825,6 +834,17 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
} }
/* Done with the flags */ /* Done with the flags */
if(lstrlenA(want_flags) > 3)
{
TRACE("Server set want_flags: %s\n", debugstr_a(want_flags));
lstrcpynA(buffer, want_flags, max_len - 1);
if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
SEC_E_OK)
goto asc_end;
if(!strncmp(buffer, "BH", 2))
TRACE("Helper doesn't understand new command set\n");
}
/* This is the YR request from the client, encode to base64 */ /* This is the YR request from the client, encode to base64 */
memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len); memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
@ -887,7 +907,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
ret = SEC_E_INCOMPLETE_MESSAGE; ret = SEC_E_INCOMPLETE_MESSAGE;
goto asc_end; goto asc_end;
} }
if(pInput->cBuffers < 1) if(pInput->cBuffers < 1)
{ {
ret = SEC_E_INCOMPLETE_MESSAGE; ret = SEC_E_INCOMPLETE_MESSAGE;
@ -937,12 +957,67 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
} }
pOutput->pBuffers[0].cbBuffer = 0; pOutput->pBuffers[0].cbBuffer = 0;
ret = SEC_E_OK; ret = SEC_E_OK;
TRACE("Getting negotiated flags\n");
lstrcpynA(buffer, "GF", max_len - 1);
if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
goto asc_end;
if(buffer_len < 3)
{
TRACE("No flags negotiated, or helper does not support GF command\n");
}
else
{
TRACE("Negotiated %s\n", debugstr_a(buffer));
sscanf(buffer + 3, "%lx", &(helper->neg_flags));
TRACE("Stored 0x%08lx as flags\n", helper->neg_flags);
}
TRACE("Getting session key\n");
lstrcpynA(buffer, "GK", max_len - 1);
if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
goto asc_end;
if(buffer_len < 3)
TRACE("Helper does not support GK command\n");
else
{
if(strncmp(buffer, "BH ", 3) == 0)
{
TRACE("Helper sent %s\n", debugstr_a(buffer+3));
helper->valid_session_key = FALSE;
helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
/*FIXME: Generate the dummy session key = MD4(MD4(password))*/
memset(helper->session_key, 0 , 16);
}
else if(strncmp(buffer, "GK ", 3) == 0)
{
if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
&bin_len)) != SEC_E_OK)
{
TRACE("Failed to decode session key\n");
}
TRACE("Session key is %s\n", debugstr_a(buffer+3));
helper->valid_session_key = TRUE;
if(!helper->session_key)
helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
if(!helper->session_key)
{
TRACE("Failed to allocate memory for session key\n");
ret = SEC_E_INTERNAL_ERROR;
goto asc_end;
}
memcpy(helper->session_key, bin, bin_len);
}
}
} }
phNewContext->dwUpper = ctxt_attr; phNewContext->dwUpper = ctxt_attr;
phNewContext->dwLower = (ULONG_PTR)helper; phNewContext->dwLower = (ULONG_PTR)helper;
asc_end: asc_end:
HeapFree(GetProcessHeap(), 0, want_flags);
HeapFree(GetProcessHeap(), 0, buffer); HeapFree(GetProcessHeap(), 0, buffer);
HeapFree(GetProcessHeap(), 0, bin); HeapFree(GetProcessHeap(), 0, bin);
return ret; return ret;