Author: sserapion
Date: Sun May 29 10:23:00 2011
New Revision: 51991
URL: http://svn.reactos.org/svn/reactos?rev=51991&view=rev
Log:
[NTLMSSP]
- Implement QueryContextAttributes(SECPKG_ATTR_SIZES and SECPKG_ATTR_FLAGS).
- Fix confusion with UNICODE_STRING.Length, it should contain the size in bytes
of the string.
- WIP
Modified:
branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c
branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c?rev=51991&r1=51990&r2=51991&view=diff
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c [iso-8859-1]
(original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/calculations.c [iso-8859-1]
Sun May 29 10:23:00 2011
@@ -112,7 +112,7 @@
const PUCHAR session_base_key,
const PUCHAR lm_challenge_resonse,
const PUCHAR server_challenge,
- PUCHAR key_exchange_key)
+ PUCHAR key_exchange_key)
{
/* fix me */
memcpy(key_exchange_key, session_base_key, 16);
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c?rev=51991&r1=51990&r2=51991&view=diff
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c [iso-8859-1]
(original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/context.c [iso-8859-1] Sun
May 29 10:23:00 2011
@@ -399,21 +399,9 @@
goto fail;
}
- /* set results */
+ /* set result */
phNewContext->dwUpper = NegotiateFlags;
phNewContext->dwLower = newContext;
-
- /* build blob with the nego message */
- SecBufferDesc BufferDesc;
- BufferDesc.ulVersion = SECBUFFER_VERSION;
- BufferDesc.cBuffers = 1;
- BufferDesc.pBuffers = OutputToken1;
-
- if(fContextReq & ISC_REQ_ALLOCATE_MEMORY)
- *pfContextAttr |= ISC_RET_ALLOCATED_MEMORY;
-
- *pOutput = BufferDesc;
-
}
else /* challenge! */
{
@@ -433,28 +421,34 @@
}
}
- /* get second output token */
- ret = NtlmGetSecBuffer(pOutput,
- 1,
- &OutputToken2,
- TRUE);
- if(!ret)
- {
- /* not fatal, aparently */
- ERR("Failed to get output token!\n");
- }
-
- TRACE("phContext->dwLower %lx\n", phContext->dwLower);
- NtlmHandleChallengeMessage(phContext->dwLower,
- fContextReq,
- InputToken1,
- InputToken2,
- &OutputToken1,
- &OutputToken2,
- pfContextAttr,
- ptsExpiry,
- &NegotiateFlags);
- }
+ ret = NtlmHandleChallengeMessage(phNewContext->dwLower,
+ fContextReq,
+ InputToken1,
+ InputToken2,
+ OutputToken1,
+ OutputToken2,
+ pfContextAttr,
+ ptsExpiry,
+ &NegotiateFlags);
+
+ if(!NT_SUCCESS(ret))
+ {
+ ERR("NtlmHandleChallengeMessage failed with %lx\n", ret);
+ goto fail;
+ }
+
+ }
+
+ /* build blob with the output message */
+ SecBufferDesc BufferDesc;
+ BufferDesc.ulVersion = SECBUFFER_VERSION;
+ BufferDesc.cBuffers = 1;
+ BufferDesc.pBuffers = OutputToken1;
+
+ if(fContextReq & ISC_REQ_ALLOCATE_MEMORY)
+ *pfContextAttr |= ISC_RET_ALLOCATED_MEMORY;
+
+ *pOutput = BufferDesc;
return ret;
@@ -520,13 +514,42 @@
ULONG ulAttribute,
void *pBuffer)
{
+ SECURITY_STATUS ret = SEC_E_OK;
+ PNTLMSSP_CONTEXT context = NtlmReferenceContext(phContext->dwLower);
+
TRACE("%p %lx %p\n", phContext, ulAttribute, pBuffer);
- if (!phContext)
+
+ if (!context)
return SEC_E_INVALID_HANDLE;
- UNIMPLEMENTED;
-
- return SEC_E_UNSUPPORTED_FUNCTION;
+ switch(ulAttribute)
+ {
+ case SECPKG_ATTR_SIZES:
+ {
+ PSecPkgContext_Sizes spcs = (PSecPkgContext_Sizes) pBuffer;
+ spcs->cbMaxToken = NTLM_MAX_BUF;
+ spcs->cbMaxSignature = sizeof(MESSAGE_SIGNATURE);
+ spcs->cbBlockSize = 0;
+ spcs->cbSecurityTrailer = sizeof(MESSAGE_SIGNATURE);
+ break;
+ }
+ case SECPKG_ATTR_FLAGS:
+ {
+ PSecPkgContext_Flags spcf = (PSecPkgContext_Flags)pBuffer;
+ spcf->Flags = 0;
+ if(context->NegotiateFlags & NTLMSSP_NEGOTIATE_SIGN)
+ spcf->Flags |= ISC_RET_INTEGRITY;
+ if(context->NegotiateFlags & NTLMSSP_NEGOTIATE_SEAL)
+ spcf->Flags |= ISC_RET_CONFIDENTIALITY;
+ break;
+ }
+ default:
+ FIXME("ulAttribute %lx unsupported\n", ulAttribute);
+ ret = SEC_E_UNSUPPORTED_FUNCTION;
+ }
+
+ NtlmDereferenceContext((ULONG_PTR)context);
+ return ret;
}
SECURITY_STATUS
@@ -553,9 +576,8 @@
SECURITY_STATUS ret = SEC_E_OK;
PSecBuffer InputToken1, InputToken2;
PSecBuffer OutputToken1;
- ULONG_PTR newContext;
-
- TRACE("%p %p %p %lx %lx %p %p %p %p\n", phCredential, phContext, pInput,
+
+ TRACE("AcceptSecurityContext %p %p %p %lx %lx %p %p %p %p\n",
phCredential, phContext, pInput,
fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
ptsExpiry);
/* get first input token */
@@ -577,7 +599,7 @@
if(!ret)
{
ERR("Failed to get input token!\n");
- return SEC_E_INVALID_TOKEN;
+ //return SEC_E_INVALID_TOKEN;
}
/* get first output token */
@@ -592,7 +614,7 @@
}
/* first call */
- if(!phContext && !InputToken2->cbBuffer)
+ if(!phContext && !InputToken2)
{
if(!phCredential)
{
@@ -601,17 +623,17 @@
}
ret = NtlmHandleNegotiateMessage(phCredential->dwLower,
- &newContext,
+ &phNewContext->dwLower,
fContextReq,
InputToken1,
&OutputToken1,
pfContextAttr,
ptsExpiry);
- phNewContext = (PCtxtHandle)newContext;
}
else
+ {
WARN("Handle Authenticate UNIMPLEMENTED!\n");
-
+ }
//if(!NT_SUCCESS(ret))
UNIMPLEMENTED;
@@ -650,9 +672,6 @@
return ret;
}
-/***********************************************************************
- * RevertSecurityContext
- */
SECURITY_STATUS
SEC_ENTRY
RevertSecurityContext(PCtxtHandle phContext)
@@ -681,8 +700,8 @@
SECURITY_STATUS
SEC_ENTRY
-ApplyControlToken(IN PCtxtHandle phContext,
- IN PSecBufferDesc pInput)
+ApplyControlToken(IN PCtxtHandle phContext,
+ IN PSecBufferDesc pInput)
{
UNIMPLEMENTED;
Modified: branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c
URL:
http://svn.reactos.org/svn/reactos/branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c?rev=51991&r1=51990&r2=51991&view=diff
==============================================================================
--- branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c [iso-8859-1]
(original)
+++ branches/sspi-bringup/reactos/dll/win32/ntlmssp/credentials.c [iso-8859-1]
Sun May 29 10:23:00 2011
@@ -196,10 +196,7 @@
pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
if (pGetKeyFn || pGetKeyArgument)
- {
WARN("msdn says these should always be null!\n");
- return ret;
- }
//initialize to null
RtlInitUnicodeString(&username, NULL);
@@ -224,13 +221,13 @@
if(auth_data->User)
{
- int len = auth_data->UserLength;
- username.Buffer = NtlmAllocate((len+1) * sizeof(WCHAR));
+ int len = auth_data->UserLength * sizeof(WCHAR);
+ username.Buffer = NtlmAllocate(len+sizeof(WCHAR));
if(username.Buffer)
{
- username.MaximumLength = username.Length = len+1;
- memcpy(username.Buffer, auth_data->User, len* sizeof(WCHAR));
- username.Buffer[len+1] = L'\0';
+ username.MaximumLength = username.Length = len;
+ memcpy(username.Buffer, auth_data->User, len);
+ username.Buffer[(len/sizeof(WCHAR))+1] = L'\0';
}
else
return SEC_E_INSUFFICIENT_MEMORY;
@@ -238,13 +235,13 @@
if(auth_data->Password)
{
- int len = auth_data->PasswordLength;
- password.Buffer = NtlmAllocate((len+1) * sizeof(WCHAR));
+ int len = auth_data->PasswordLength * sizeof(WCHAR);
+ password.Buffer = NtlmAllocate(len+sizeof(WCHAR));
if(password.Buffer)
{
- password.MaximumLength = password.Length = len+1;
- memcpy(password.Buffer, auth_data->Password, len*
sizeof(WCHAR));
- password.Buffer[len+1] = L'\0';
+ password.MaximumLength = password.Length = len;
+ memcpy(password.Buffer, auth_data->Password, len);
+ password.Buffer[(len/sizeof(WCHAR))+1] = L'\0';
}
else
return SEC_E_INSUFFICIENT_MEMORY;
@@ -252,13 +249,13 @@
if(auth_data->Domain)
{
- int len = auth_data->DomainLength;
- domain.Buffer = NtlmAllocate((len+1) * sizeof(WCHAR));
+ int len = auth_data->DomainLength * sizeof(WCHAR);
+ domain.Buffer = NtlmAllocate(len+sizeof(WCHAR));
if(domain.Buffer)
{
- domain.MaximumLength = domain.Length = len+1;
- memcpy(domain.Buffer, auth_data->Domain, len* sizeof(WCHAR));
- domain.Buffer[len+1] = L'\0';
+ domain.MaximumLength = domain.Length = len;
+ memcpy(domain.Buffer, auth_data->Domain, len);
+ domain.Buffer[(len/sizeof(WCHAR))+1] = L'\0';
}
else
return SEC_E_INSUFFICIENT_MEMORY;
@@ -292,7 +289,7 @@
if(password.Buffer != NULL)
{
- NtlmProtectMemory(password.Buffer, password.Length *
sizeof(WCHAR));
+ NtlmProtectMemory(password.Buffer, password.Length);
cred->Password = password;
}
