[PATCH 2/2] secur32: Get rid of builtin NTLM support.
Hans Leidekker
hans at codeweavers.com
Fri Apr 30 09:42:21 CDT 2021
Signed-off-by: Hans Leidekker <hans at codeweavers.com>
---
dlls/secur32/Makefile.in | 7 +-
dlls/secur32/base64_codec.c | 192 ----
dlls/secur32/dispatcher.c | 335 ------
dlls/secur32/hmac_md5.c | 77 --
dlls/secur32/hmac_md5.h | 48 -
dlls/secur32/negotiate.c | 13 +-
dlls/secur32/ntlm.c | 2029 -----------------------------------
dlls/secur32/secur32_priv.h | 108 --
dlls/secur32/util.c | 187 ----
9 files changed, 13 insertions(+), 2983 deletions(-)
delete mode 100644 dlls/secur32/base64_codec.c
delete mode 100644 dlls/secur32/dispatcher.c
delete mode 100644 dlls/secur32/hmac_md5.c
delete mode 100644 dlls/secur32/hmac_md5.h
delete mode 100644 dlls/secur32/ntlm.c
delete mode 100644 dlls/secur32/util.c
diff --git a/dlls/secur32/Makefile.in b/dlls/secur32/Makefile.in
index c9acdee4572..89a7c8bd078 100644
--- a/dlls/secur32/Makefile.in
+++ b/dlls/secur32/Makefile.in
@@ -1,21 +1,16 @@
MODULE = secur32.dll
IMPORTLIB = secur32
-IMPORTS = netapi32 advapi32
+IMPORTS = advapi32
DELAYIMPORTS = crypt32
EXTRAINCL = $(GNUTLS_CFLAGS)
EXTRALIBS = $(SECURITY_LIBS)
C_SRCS = \
- base64_codec.c \
- dispatcher.c \
- hmac_md5.c \
lsa.c \
negotiate.c \
- ntlm.c \
schannel.c \
schannel_gnutls.c \
schannel_macosx.c \
secur32.c \
thunks.c \
- util.c \
wrapper.c
diff --git a/dlls/secur32/base64_codec.c b/dlls/secur32/base64_codec.c
deleted file mode 100644
index 9f5eaecc3d4..00000000000
--- a/dlls/secur32/base64_codec.c
+++ /dev/null
@@ -1,192 +0,0 @@
-/*
- * base64 encoder/decoder
- *
- * Copyright 2005 by Kai Blin
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- */
-
-#include "windef.h"
-#include "winerror.h"
-#include "sspi.h"
-#include "wine/debug.h"
-
-WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
-
-static const char b64[] =
-"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
- int max_len, int *out_len)
-{
- int div, i;
- PBYTE d = in_buf;
- int bytes = (in_len*8 + 5)/6, pad_bytes = (bytes % 4) ? 4 - (bytes % 4) : 0;
-
- TRACE("bytes is %d, pad bytes is %d\n", bytes, pad_bytes);
- *out_len = bytes + pad_bytes;
-
- if(bytes + pad_bytes + 1 > max_len)
- return SEC_E_BUFFER_TOO_SMALL;
-
- /* Three bytes of input give 4 chars of output */
- div = in_len / 3;
-
- i = 0;
- while(div > 0)
- {
- /* first char is the first 6 bits of the first byte*/
- out_buf[i + 0] = b64[ ( d[0] >> 2) & 0x3f ];
- /* second char is the last 2 bits of the first byte and the first 4
- * bits of the second byte */
- out_buf[i + 1] = b64[ ((d[0] << 4) & 0x30) | (d[1] >> 4 & 0x0f)];
- /* third char is the last 4 bits of the second byte and the first 2
- * bits of the third byte */
- out_buf[i + 2] = b64[ ((d[1] << 2) & 0x3c) | (d[2] >> 6 & 0x03)];
- /* fourth char is the remaining 6 bits of the third byte */
- out_buf[i + 3] = b64[ d[2] & 0x3f];
- i += 4;
- d += 3;
- div--;
- }
-
- switch(pad_bytes)
- {
- case 1:
- /* first char is the first 6 bits of the first byte*/
- out_buf[i + 0] = b64[ ( d[0] >> 2) & 0x3f ];
- /* second char is the last 2 bits of the first byte and the first 4
- * bits of the second byte */
- out_buf[i + 1] = b64[ ((d[0] << 4) & 0x30) | (d[1] >> 4 & 0x0f)];
- /* third char is the last 4 bits of the second byte padded with
- * two zeroes */
- out_buf[i + 2] = b64[ ((d[1] << 2) & 0x3c) ];
- /* fourth char is a = to indicate one byte of padding */
- out_buf[i + 3] = '=';
- out_buf[i + 4] = 0;
- break;
- case 2:
- /* first char is the first 6 bits of the first byte*/
- out_buf[i + 0] = b64[ ( d[0] >> 2) & 0x3f ];
- /* second char is the last 2 bits of the first byte padded with
- * four zeroes*/
- out_buf[i + 1] = b64[ ((d[0] << 4) & 0x30)];
- /* third char is = to indicate padding */
- out_buf[i + 2] = '=';
- /* fourth char is = to indicate padding */
- out_buf[i + 3] = '=';
- out_buf[i + 4] = 0;
- break;
- default:
- out_buf[i] = 0;
- }
-
- return SEC_E_OK;
-}
-
-static inline BYTE decode(char c)
-{
- if( c >= 'A' && c <= 'Z')
- return c - 'A';
- if( c >= 'a' && c <= 'z')
- return c - 'a' + 26;
- if( c >= '0' && c <= '9')
- return c - '0' + 52;
- if( c == '+')
- return 62;
- if( c == '/')
- return 63;
- else
- return 64;
-}
-
-SECURITY_STATUS decodeBase64(char *in_buf, int in_len, PBYTE out_buf,
- int max_len, int *out_len)
-{
- int len = in_len, i;
- char *d = in_buf;
- int ip0, ip1, ip2, ip3;
-
- TRACE("in_len: %d\n", in_len);
-
- if((in_len % 4) != 0)
- return SEC_E_INVALID_TOKEN;
-
- if(in_len > max_len)
- return SEC_E_BUFFER_TOO_SMALL;
-
- i = 0;
- while(len > 4)
- {
- if((ip0 = decode(d[0])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip1 = decode(d[1])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip2 = decode(d[2])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip3 = decode(d[3])) > 63)
- return SEC_E_INVALID_TOKEN;
-
- out_buf[i + 0] = (ip0 << 2) | (ip1 >> 4);
- out_buf[i + 1] = (ip1 << 4) | (ip2 >> 2);
- out_buf[i + 2] = (ip2 << 6) | ip3;
- len -= 4;
- i += 3;
- d += 4;
- }
-
- if(d[2] == '=')
- {
- if((ip0 = decode(d[0])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip1 = decode(d[1])) > 63)
- return SEC_E_INVALID_TOKEN;
-
- out_buf[i] = (ip0 << 2) | (ip1 >> 4);
- i++;
- }
- else if(d[3] == '=')
- {
- if((ip0 = decode(d[0])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip1 = decode(d[1])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip2 = decode(d[2])) > 63)
- return SEC_E_INVALID_TOKEN;
-
- out_buf[i + 0] = (ip0 << 2) | (ip1 >> 4);
- out_buf[i + 1] = (ip1 << 4) | (ip2 >> 2);
- i += 2;
- }
- else
- {
- if((ip0 = decode(d[0])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip1 = decode(d[1])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip2 = decode(d[2])) > 63)
- return SEC_E_INVALID_TOKEN;
- if((ip3 = decode(d[3])) > 63)
- return SEC_E_INVALID_TOKEN;
-
-
- out_buf[i + 0] = (ip0 << 2) | (ip1 >> 4);
- out_buf[i + 1] = (ip1 << 4) | (ip2 >> 2);
- out_buf[i + 2] = (ip2 << 6) | ip3;
- i += 3;
- }
- *out_len = i;
- return SEC_E_OK;
-}
diff --git a/dlls/secur32/dispatcher.c b/dlls/secur32/dispatcher.c
deleted file mode 100644
index 0871576848e..00000000000
--- a/dlls/secur32/dispatcher.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/*
- * Copyright 2005, 2006 Kai Blin
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * A dispatcher to run ntlm_auth for wine's sspi module.
- */
-
-#include "config.h"
-#include "wine/port.h"
-#include <stdarg.h>
-#include <stdio.h>
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-#include <sys/types.h>
-#ifdef HAVE_SYS_WAIT_H
-#include <sys/wait.h>
-#endif
-#include <errno.h>
-#include <stdlib.h>
-#include <fcntl.h>
-#include "windef.h"
-#include "winbase.h"
-#include "winerror.h"
-#include "sspi.h"
-#include "secur32_priv.h"
-#include "wine/debug.h"
-
-#define INITIAL_BUFFER_SIZE 200
-
-WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
-
-SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
- char* const argv[])
-{
-#ifdef HAVE_FORK
- int pipe_in[2];
- int pipe_out[2];
- int i;
- PNegoHelper helper;
-
- TRACE("%s ", debugstr_a(prog));
- for(i = 0; argv[i] != NULL; ++i)
- {
- TRACE("%s ", debugstr_a(argv[i]));
- }
- TRACE("\n");
-
-#ifdef HAVE_PIPE2
- if (pipe2( pipe_in, O_CLOEXEC ) < 0 )
-#endif
- {
- if( pipe(pipe_in) < 0 ) return SEC_E_INTERNAL_ERROR;
- fcntl( pipe_in[0], F_SETFD, FD_CLOEXEC );
- fcntl( pipe_in[1], F_SETFD, FD_CLOEXEC );
- }
-#ifdef HAVE_PIPE2
- if (pipe2( pipe_out, O_CLOEXEC ) < 0 )
-#endif
- {
- if( pipe(pipe_out) < 0 )
- {
- close(pipe_in[0]);
- close(pipe_in[1]);
- return SEC_E_INTERNAL_ERROR;
- }
- fcntl( pipe_out[0], F_SETFD, FD_CLOEXEC );
- fcntl( pipe_out[1], F_SETFD, FD_CLOEXEC );
- }
-
- if (!(helper = heap_alloc( sizeof(NegoHelper) )))
- {
- close(pipe_in[0]);
- close(pipe_in[1]);
- close(pipe_out[0]);
- close(pipe_out[1]);
- return SEC_E_INSUFFICIENT_MEMORY;
- }
-
- helper->helper_pid = fork();
-
- if(helper->helper_pid == -1)
- {
- close(pipe_in[0]);
- close(pipe_in[1]);
- close(pipe_out[0]);
- close(pipe_out[1]);
- heap_free( helper );
- return SEC_E_INTERNAL_ERROR;
- }
-
- if(helper->helper_pid == 0)
- {
- /* We're in the child now */
- dup2(pipe_out[0], 0);
- close(pipe_out[0]);
- close(pipe_out[1]);
-
- dup2(pipe_in[1], 1);
- close(pipe_in[0]);
- close(pipe_in[1]);
-
- execvp(prog, argv);
-
- /* Whoops, we shouldn't get here. Big badaboom.*/
- write(STDOUT_FILENO, "BH\n", 3);
- _exit(1);
- }
- else
- {
- *new_helper = helper;
- helper->major = helper->minor = helper->micro = -1;
- helper->com_buf = NULL;
- helper->com_buf_size = 0;
- helper->com_buf_offset = 0;
- helper->session_key = NULL;
- helper->neg_flags = 0;
- helper->crypt.ntlm.a4i = NULL;
- helper->crypt.ntlm2.send_a4i = NULL;
- helper->crypt.ntlm2.recv_a4i = NULL;
- helper->crypt.ntlm2.send_sign_key = NULL;
- helper->crypt.ntlm2.send_seal_key = NULL;
- helper->crypt.ntlm2.recv_sign_key = NULL;
- helper->crypt.ntlm2.recv_seal_key = NULL;
- helper->pipe_in = pipe_in[0];
- close(pipe_in[1]);
- helper->pipe_out = pipe_out[1];
- close(pipe_out[0]);
- }
-
- return SEC_E_OK;
-#else
- ERR( "no fork support on this platform\n" );
- return SEC_E_INTERNAL_ERROR;
-#endif
-}
-
-static SECURITY_STATUS read_line(PNegoHelper helper, int *offset_len)
-{
- char *newline;
- int read_size;
-
- if(helper->com_buf == NULL)
- {
- TRACE("Creating a new buffer for the helper\n");
- if (!(helper->com_buf = heap_alloc(INITIAL_BUFFER_SIZE)))
- return SEC_E_INSUFFICIENT_MEMORY;
-
- /* Created a new buffer, size is INITIAL_BUFFER_SIZE, offset is 0 */
- helper->com_buf_size = INITIAL_BUFFER_SIZE;
- helper->com_buf_offset = 0;
- }
-
- do
- {
- TRACE("offset = %d, size = %d\n", helper->com_buf_offset, helper->com_buf_size);
- if(helper->com_buf_offset + INITIAL_BUFFER_SIZE > helper->com_buf_size)
- {
- /* increment buffer size in INITIAL_BUFFER_SIZE steps */
- char *buf = heap_realloc(helper->com_buf, helper->com_buf_size + INITIAL_BUFFER_SIZE);
- TRACE("Resizing buffer!\n");
- if (!buf) return SEC_E_INSUFFICIENT_MEMORY;
- helper->com_buf_size += INITIAL_BUFFER_SIZE;
- helper->com_buf = buf;
- }
- if((read_size = read(helper->pipe_in, helper->com_buf + helper->com_buf_offset,
- helper->com_buf_size - helper->com_buf_offset)) <= 0)
- {
- return SEC_E_INTERNAL_ERROR;
- }
-
- TRACE("read_size = %d, read: %s\n", read_size,
- debugstr_a(helper->com_buf + helper->com_buf_offset));
- helper->com_buf_offset += read_size;
- newline = memchr(helper->com_buf, '\n', helper->com_buf_offset);
- }while(newline == NULL);
-
- /* Now, if there's a newline character, and we read more than that newline,
- * we have to store the offset so we can preserve the additional data.*/
- if( newline != helper->com_buf + helper->com_buf_offset)
- {
- TRACE("offset_len is calculated from %p - %p\n",
- (helper->com_buf + helper->com_buf_offset), newline+1);
- /* the length of the offset is the number of chars after the newline */
- *offset_len = (helper->com_buf + helper->com_buf_offset) - (newline + 1);
- }
- else
- {
- *offset_len = 0;
- }
-
- *newline = '\0';
-
- return SEC_E_OK;
-}
-
-static SECURITY_STATUS preserve_unused(PNegoHelper helper, int offset_len)
-{
- TRACE("offset_len = %d\n", offset_len);
-
- if(offset_len > 0)
- {
- memmove(helper->com_buf, helper->com_buf + helper->com_buf_offset,
- offset_len);
- helper->com_buf_offset = offset_len;
- }
- else
- {
- helper->com_buf_offset = 0;
- }
-
- TRACE("helper->com_buf_offset was set to: %d\n", helper->com_buf_offset);
- return SEC_E_OK;
-}
-
-SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer,
- unsigned int max_buflen, int *buflen)
-{
- int offset_len;
- SECURITY_STATUS sec_status = SEC_E_OK;
-
- TRACE("In helper: sending %s\n", debugstr_a(buffer));
-
- /* buffer + '\n' */
- write(helper->pipe_out, buffer, lstrlenA(buffer));
- write(helper->pipe_out, "\n", 1);
-
- if((sec_status = read_line(helper, &offset_len)) != SEC_E_OK)
- {
- return sec_status;
- }
-
- TRACE("In helper: received %s\n", debugstr_a(helper->com_buf));
- *buflen = lstrlenA(helper->com_buf);
-
- if( *buflen > max_buflen)
- {
- ERR("Buffer size too small(%d given, %d required) dropping data!\n",
- max_buflen, *buflen);
- return SEC_E_BUFFER_TOO_SMALL;
- }
-
- if( *buflen < 2 )
- {
- return SEC_E_ILLEGAL_MESSAGE;
- }
-
- /* We only get ERR if the input size is too big. On a GENSEC error,
- * ntlm_auth will return BH */
- if(strncmp(helper->com_buf, "ERR", 3) == 0)
- {
- return SEC_E_INVALID_TOKEN;
- }
-
- memcpy(buffer, helper->com_buf, *buflen+1);
-
- sec_status = preserve_unused(helper, offset_len);
-
- return sec_status;
-}
-
-void cleanup_helper(PNegoHelper helper)
-{
-
- TRACE("Killing helper %p\n", helper);
- if(helper == NULL)
- return;
-
- heap_free(helper->com_buf);
- heap_free(helper->session_key);
-
- /* closing stdin will terminate ntlm_auth */
- close(helper->pipe_out);
- close(helper->pipe_in);
-
-#ifdef HAVE_FORK
- if (helper->helper_pid > 0) /* reap child */
- {
- pid_t wret;
- do {
- wret = waitpid(helper->helper_pid, NULL, 0);
- } while (wret < 0 && errno == EINTR);
- }
-#endif
-
- heap_free(helper);
-}
-
-void check_version(PNegoHelper helper)
-{
- char temp[80];
- char *newline;
- int major = 0, minor = 0, micro = 0, ret;
-
- TRACE("Checking version of helper\n");
- if(helper != NULL)
- {
- int len = read(helper->pipe_in, temp, sizeof(temp)-1);
- if (len > 8)
- {
- if((newline = memchr(temp, '\n', len)) != NULL)
- *newline = '\0';
- else
- temp[len] = 0;
-
- TRACE("Exact version is %s\n", debugstr_a(temp));
- ret = sscanf(temp, "Version %d.%d.%d", &major, &minor, µ);
- if(ret != 3)
- {
- ERR("Failed to get the helper version.\n");
- helper->major = helper->minor = helper->micro = -1;
- }
- else
- {
- TRACE("Version recognized: %d.%d.%d\n", major, minor, micro);
- helper->major = major;
- helper->minor = minor;
- helper->micro = micro;
- }
- }
- }
-}
diff --git a/dlls/secur32/hmac_md5.c b/dlls/secur32/hmac_md5.c
deleted file mode 100644
index 3479178132d..00000000000
--- a/dlls/secur32/hmac_md5.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- * Copyright 2006 Kai Blin
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * This file implements RFC 2104 (HMAC) for the MD5 provider.
- * It is needed for NTLM2 signing and sealing.
- */
-
-#include "hmac_md5.h"
-
-void HMACMD5Init(HMAC_MD5_CTX *ctx, const unsigned char *key, unsigned int key_len)
-{
- int i;
- unsigned char inner_padding[64];
- unsigned char temp_key[16];
-
- if(key_len > 64)
- {
- MD5_CTX temp_ctx;
-
- MD5Init(&temp_ctx);
- MD5Update(&temp_ctx, key, key_len);
- MD5Final(&temp_ctx);
- memcpy(temp_key, temp_ctx.digest, 16);
-
- key = temp_key;
- key_len = 16;
- }
-
- memset(inner_padding, 0, 64);
- memset(ctx->outer_padding, 0, 64);
- memcpy(inner_padding, key, key_len);
- memcpy(ctx->outer_padding, key, key_len);
-
- for(i = 0; i < 64; ++i)
- {
- inner_padding[i] ^= 0x36;
- ctx->outer_padding[i] ^= 0x5c;
- }
-
- MD5Init(&(ctx->ctx));
- MD5Update(&(ctx->ctx), inner_padding, 64);
-}
-
-void HMACMD5Update(HMAC_MD5_CTX *ctx, const unsigned char *data, unsigned int data_len)
-{
- MD5Update(&(ctx->ctx), data, data_len);
-}
-
-void HMACMD5Final(HMAC_MD5_CTX *ctx, unsigned char *digest)
-{
- MD5_CTX outer_ctx;
- unsigned char inner_digest[16];
-
- MD5Final(&(ctx->ctx));
- memcpy(inner_digest, ctx->ctx.digest, 16);
-
- MD5Init(&outer_ctx);
- MD5Update(&outer_ctx, ctx->outer_padding, 64);
- MD5Update(&outer_ctx, inner_digest, 16);
- MD5Final(&outer_ctx);
-
- memcpy(digest, outer_ctx.digest, 16);
-}
diff --git a/dlls/secur32/hmac_md5.h b/dlls/secur32/hmac_md5.h
deleted file mode 100644
index 2bb46dc55ad..00000000000
--- a/dlls/secur32/hmac_md5.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright 2006 Kai Blin
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * This file holds the declarations needed for HMAC-MD5.
- */
-
-#ifndef _HMAC_MD5_H_
-#define _HMAC_MD5_H_
-
-#include <string.h>
-#include "windef.h"
-
-typedef struct
-{
- unsigned int i[2];
- unsigned int buf[4];
- unsigned char in[64];
- unsigned char digest[16];
-} MD5_CTX;
-
-typedef struct
-{
- MD5_CTX ctx;
- unsigned char outer_padding[64];
-} HMAC_MD5_CTX;
-
-void WINAPI MD5Init( MD5_CTX *ctx );
-void WINAPI MD5Update( MD5_CTX *ctx, const unsigned char *buf, unsigned int len );
-void WINAPI MD5Final( MD5_CTX *ctx );
-
-void HMACMD5Init(HMAC_MD5_CTX *ctx, const unsigned char *key, unsigned int key_len) DECLSPEC_HIDDEN;
-void HMACMD5Update(HMAC_MD5_CTX *ctx, const unsigned char *data, unsigned int data_len) DECLSPEC_HIDDEN;
-void HMACMD5Final(HMAC_MD5_CTX *ctx, unsigned char *digest) DECLSPEC_HIDDEN;
-#endif /*_HMAC_MD5_H_*/
diff --git a/dlls/secur32/negotiate.c b/dlls/secur32/negotiate.c
index 0df950093e4..6767790d09f 100644
--- a/dlls/secur32/negotiate.c
+++ b/dlls/secur32/negotiate.c
@@ -58,6 +58,17 @@ struct sec_handle
SecHandle handle_ntlm;
};
+/* matches layout from msv1_0 */
+struct ntlm_cred
+{
+ int mode;
+ char *username_arg;
+ char *domain_arg;
+ char *password;
+ int password_len;
+ int no_cached_credentials; /* don't try to use cached Samba credentials */
+};
+
/***********************************************************************
* AcquireCredentialsHandleW
*/
@@ -92,7 +103,7 @@ static SECURITY_STATUS SEC_ENTRY nego_AcquireCredentialsHandleW(
fCredentialUse, pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, &cred->handle_ntlm, ptsExpiry );
if (ret == SEC_E_OK)
{
- NtlmCredentials *ntlm_cred = (NtlmCredentials *)cred->handle_ntlm.dwLower;
+ struct ntlm_cred *ntlm_cred = (struct ntlm_cred *)cred->handle_ntlm.dwLower;
ntlm_cred->no_cached_credentials = (pAuthData == NULL);
cred->ntlm = package->provider;
}
diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
deleted file mode 100644
index 4e3fda3ea98..00000000000
--- a/dlls/secur32/ntlm.c
+++ /dev/null
@@ -1,2029 +0,0 @@
-/*
- * Copyright 2005, 2006 Kai Blin
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * This file implements the NTLM security provider.
- */
-
-#include <assert.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include "windef.h"
-#include "winbase.h"
-#include "winnls.h"
-#include "wincred.h"
-#include "winternl.h"
-#include "rpc.h"
-#include "sspi.h"
-#include "lm.h"
-#include "secur32_priv.h"
-#include "hmac_md5.h"
-#include "wine/unicode.h"
-#include "wine/debug.h"
-
-WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
-WINE_DECLARE_DEBUG_CHANNEL(winediag);
-
-#define NTLM_MAX_BUF 1904
-#define MIN_NTLM_AUTH_MAJOR_VERSION 3
-#define MIN_NTLM_AUTH_MINOR_VERSION 0
-#define MIN_NTLM_AUTH_MICRO_VERSION 25
-
-static CHAR ntlm_auth[] = "ntlm_auth";
-
-/***********************************************************************
- * QueryCredentialsAttributesA
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesA(
- PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
-{
- SECURITY_STATUS ret;
-
- TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
-
- if(ulAttribute == SECPKG_ATTR_NAMES)
- {
- FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
- ret = SEC_E_UNSUPPORTED_FUNCTION;
- }
- else
- ret = SEC_E_UNSUPPORTED_FUNCTION;
-
- return ret;
-}
-
-/***********************************************************************
- * QueryCredentialsAttributesW
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesW(
- PCredHandle phCredential, ULONG ulAttribute, PVOID pBuffer)
-{
- SECURITY_STATUS ret;
-
- TRACE("(%p, %d, %p)\n", phCredential, ulAttribute, pBuffer);
-
- if(ulAttribute == SECPKG_ATTR_NAMES)
- {
- FIXME("SECPKG_CRED_ATTR_NAMES: stub\n");
- ret = SEC_E_UNSUPPORTED_FUNCTION;
- }
- else
- ret = SEC_E_UNSUPPORTED_FUNCTION;
-
- return ret;
-}
-
-static char *ntlm_GetUsernameArg(LPCWSTR userW, INT userW_length)
-{
- static const char username_arg[] = "--username=";
- char *user;
- int unixcp_size;
-
- unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
- userW, userW_length, NULL, 0, NULL, NULL) + sizeof(username_arg);
- if (!(user = heap_alloc(unixcp_size))) return NULL;
- memcpy(user, username_arg, sizeof(username_arg) - 1);
- WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, userW, userW_length,
- user + sizeof(username_arg) - 1,
- unixcp_size - sizeof(username_arg) + 1, NULL, NULL);
- user[unixcp_size - 1] = '\0';
- return user;
-}
-
-static char *ntlm_GetDomainArg(LPCWSTR domainW, INT domainW_length)
-{
- static const char domain_arg[] = "--domain=";
- char *domain;
- int unixcp_size;
-
- unixcp_size = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
- domainW, domainW_length, NULL, 0, NULL, NULL) + sizeof(domain_arg);
- if (!(domain = heap_alloc(unixcp_size))) return NULL;
- memcpy(domain, domain_arg, sizeof(domain_arg) - 1);
- WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, domainW,
- domainW_length, domain + sizeof(domain_arg) - 1,
- unixcp_size - sizeof(domain) + 1, NULL, NULL);
- domain[unixcp_size - 1] = '\0';
- return domain;
-}
-
-/***********************************************************************
- * AcquireCredentialsHandleW
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
- SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse,
- PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
- PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
-{
- SECURITY_STATUS ret = SEC_E_INSUFFICIENT_MEMORY;
- PNtlmCredentials ntlm_cred = NULL;
- LPWSTR domain = NULL, user = NULL, password = NULL;
- PSEC_WINNT_AUTH_IDENTITY_W auth_data = NULL;
-
- TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p)\n",
- debugstr_w(pszPrincipal), debugstr_w(pszPackage), fCredentialUse,
- pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
-
- switch (fCredentialUse)
- {
- case SECPKG_CRED_INBOUND:
- if (!(ntlm_cred = heap_alloc(sizeof(*ntlm_cred)))) return SEC_E_INSUFFICIENT_MEMORY;
- ntlm_cred->mode = NTLM_SERVER;
- ntlm_cred->username_arg = NULL;
- ntlm_cred->domain_arg = NULL;
- ntlm_cred->password = NULL;
- ntlm_cred->pwlen = 0;
- ntlm_cred->no_cached_credentials = 0;
-
- phCredential->dwUpper = fCredentialUse;
- phCredential->dwLower = (ULONG_PTR)ntlm_cred;
- ret = SEC_E_OK;
- break;
-
- case SECPKG_CRED_OUTBOUND:
- auth_data = pAuthData;
- if (!(ntlm_cred = heap_alloc(sizeof(*ntlm_cred)))) return SEC_E_INSUFFICIENT_MEMORY;
-
- ntlm_cred->mode = NTLM_CLIENT;
- ntlm_cred->username_arg = NULL;
- ntlm_cred->domain_arg = NULL;
- ntlm_cred->password = NULL;
- ntlm_cred->pwlen = 0;
- ntlm_cred->no_cached_credentials = 0;
-
- if (pAuthData)
- {
- int domain_len = 0, user_len = 0, password_len = 0;
-
- if (auth_data->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI)
- {
- if (auth_data->DomainLength)
- {
- domain_len = MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Domain,
- auth_data->DomainLength, NULL, 0);
- if (!(domain = heap_alloc(sizeof(WCHAR) * domain_len))) goto done;
- MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Domain, auth_data->DomainLength,
- domain, domain_len);
- }
- if (auth_data->UserLength)
- {
- user_len = MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->User,
- auth_data->UserLength, NULL, 0);
- if (!(user = heap_alloc(sizeof(WCHAR) * user_len))) goto done;
- MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->User, auth_data->UserLength,
- user, user_len);
- }
- if (auth_data->PasswordLength)
- {
- password_len = MultiByteToWideChar(CP_ACP, 0,(char *)auth_data->Password,
- auth_data->PasswordLength, NULL, 0);
- if (!(password = heap_alloc(sizeof(WCHAR) * password_len))) goto done;
- MultiByteToWideChar(CP_ACP, 0, (char *)auth_data->Password, auth_data->PasswordLength,
- password, password_len);
- }
- }
- else
- {
- domain = auth_data->Domain;
- domain_len = auth_data->DomainLength;
-
- user = auth_data->User;
- user_len = auth_data->UserLength;
-
- password = auth_data->Password;
- password_len = auth_data->PasswordLength;
- }
-
- TRACE("Username is %s\n", debugstr_wn(user, user_len));
- TRACE("Domain name is %s\n", debugstr_wn(domain, domain_len));
-
- ntlm_cred->username_arg = ntlm_GetUsernameArg(user, user_len);
- ntlm_cred->domain_arg = ntlm_GetDomainArg(domain, domain_len);
-
- if (password_len)
- {
- ntlm_cred->pwlen = WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, password,
- password_len, NULL, 0, NULL, NULL);
- if (!(ntlm_cred->password = heap_alloc(ntlm_cred->pwlen))) goto done;
- WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS, password, password_len,
- ntlm_cred->password, ntlm_cred->pwlen, NULL, NULL);
- }
- }
-
- phCredential->dwUpper = fCredentialUse;
- phCredential->dwLower = (ULONG_PTR)ntlm_cred;
- TRACE("ACH phCredential->dwUpper: 0x%08lx, dwLower: 0x%08lx\n", phCredential->dwUpper,
- phCredential->dwLower);
- ret = SEC_E_OK;
- break;
-
- case SECPKG_CRED_BOTH:
- FIXME("AcquireCredentialsHandle: SECPKG_CRED_BOTH stub\n");
- ret = SEC_E_UNSUPPORTED_FUNCTION;
- break;
-
- default:
- ret = SEC_E_UNKNOWN_CREDENTIALS;
- }
-
-done:
- if (auth_data && (auth_data->Flags & SEC_WINNT_AUTH_IDENTITY_ANSI))
- {
- heap_free(domain);
- heap_free(user);
- heap_free(password);
- }
- if (ret != SEC_E_OK) heap_free( ntlm_cred );
-
- return ret;
-}
-
-/***********************************************************************
- * AcquireCredentialsHandleA
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleA(
- SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse,
- PLUID pLogonID, PVOID pAuthData, SEC_GET_KEY_FN pGetKeyFn,
- PVOID pGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
-{
- SECURITY_STATUS ret = SEC_E_INSUFFICIENT_MEMORY;
- int user_sizeW, domain_sizeW, passwd_sizeW;
- SEC_WCHAR *user = NULL, *domain = NULL, *passwd = NULL, *package = NULL;
- PSEC_WINNT_AUTH_IDENTITY_W pAuthDataW = NULL;
- PSEC_WINNT_AUTH_IDENTITY_A id = NULL;
-
- TRACE("(%s, %s, 0x%08x, %p, %p, %p, %p, %p, %p)\n",
- debugstr_a(pszPrincipal), debugstr_a(pszPackage), fCredentialUse,
- pLogonID, pAuthData, pGetKeyFn, pGetKeyArgument, phCredential, ptsExpiry);
-
- if (pszPackage)
- {
- int package_sizeW = MultiByteToWideChar(CP_ACP, 0, pszPackage, -1, NULL, 0);
- if (!(package = heap_alloc(package_sizeW * sizeof(SEC_WCHAR)))) return SEC_E_INSUFFICIENT_MEMORY;
- MultiByteToWideChar(CP_ACP, 0, pszPackage, -1, package, package_sizeW);
- }
-
- if (pAuthData)
- {
- id = pAuthData;
- if (id->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
- {
- if (!(pAuthDataW = heap_alloc(sizeof(SEC_WINNT_AUTH_IDENTITY_W)))) goto done;
-
- if (!id->UserLength) user_sizeW = 0;
- else
- {
- user_sizeW = MultiByteToWideChar(CP_ACP, 0, (LPCSTR)id->User, id->UserLength, NULL, 0);
- if (!(user = heap_alloc(user_sizeW * sizeof(SEC_WCHAR)))) goto done;
- MultiByteToWideChar(CP_ACP, 0, (LPCSTR)id->User, id->UserLength, user, user_sizeW);
- }
-
- if (!id->DomainLength) domain_sizeW = 0;
- else
- {
- domain_sizeW = MultiByteToWideChar(CP_ACP, 0, (LPCSTR)id->Domain, id->DomainLength, NULL, 0);
- if (!(domain = heap_alloc(domain_sizeW * sizeof(SEC_WCHAR)))) goto done;
- MultiByteToWideChar(CP_ACP, 0, (LPCSTR)id->Domain, id->DomainLength, domain, domain_sizeW);
- }
-
- if (!id->PasswordLength) passwd_sizeW = 0;
- else
- {
- passwd_sizeW = MultiByteToWideChar(CP_ACP, 0, (LPCSTR)id->Password, id->PasswordLength, NULL, 0);
- if (!(passwd = heap_alloc(passwd_sizeW * sizeof(SEC_WCHAR)))) goto done;
- MultiByteToWideChar(CP_ACP, 0, (LPCSTR)id->Password, id->PasswordLength, passwd, passwd_sizeW);
- }
-
- pAuthDataW->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
- pAuthDataW->User = user;
- pAuthDataW->UserLength = user_sizeW;
- pAuthDataW->Domain = domain;
- pAuthDataW->DomainLength = domain_sizeW;
- pAuthDataW->Password = passwd;
- pAuthDataW->PasswordLength = passwd_sizeW;
- }
- else pAuthDataW = (PSEC_WINNT_AUTH_IDENTITY_W)id;
- }
-
- ret = ntlm_AcquireCredentialsHandleW(NULL, package, fCredentialUse,
- pLogonID, pAuthDataW, pGetKeyFn, pGetKeyArgument, phCredential,
- ptsExpiry);
-
-done:
- heap_free(package);
- heap_free(user);
- heap_free(domain);
- heap_free(passwd);
- if (pAuthDataW != (PSEC_WINNT_AUTH_IDENTITY_W)id) heap_free(pAuthDataW);
-
- return ret;
-}
-
-/*************************************************************************
- * ntlm_GetTokenBufferIndex
- * Calculates the index of the secbuffer with BufferType == SECBUFFER_TOKEN
- * Returns index if found or -1 if not found.
- */
-static int ntlm_GetTokenBufferIndex(PSecBufferDesc pMessage)
-{
- UINT i;
-
- TRACE("%p\n", pMessage);
-
- for( i = 0; i < pMessage->cBuffers; ++i )
- {
- if(pMessage->pBuffers[i].BufferType == SECBUFFER_TOKEN)
- return i;
- }
-
- return -1;
-}
-
-/*************************************************************************
- * ntlm_GetDataBufferIndex
- * Calculates the index of the first secbuffer with BufferType == SECBUFFER_DATA
- * Returns index if found or -1 if not found.
- */
-static int ntlm_GetDataBufferIndex(PSecBufferDesc pMessage)
-{
- UINT i;
-
- TRACE("%p\n", pMessage);
-
- for( i = 0; i < pMessage->cBuffers; ++i )
- {
- if(pMessage->pBuffers[i].BufferType == SECBUFFER_DATA)
- return i;
- }
-
- return -1;
-}
-
-static BOOL ntlm_GetCachedCredential(const SEC_WCHAR *pszTargetName, PCREDENTIALW *cred)
-{
- LPCWSTR p;
- LPCWSTR pszHost;
- LPWSTR pszHostOnly;
- BOOL ret;
-
- if (!pszTargetName)
- return FALSE;
-
- /* try to get the start of the hostname from service principal name (SPN) */
- pszHost = strchrW(pszTargetName, '/');
- if (pszHost)
- {
- /* skip slash character */
- pszHost++;
-
- /* find end of host by detecting start of instance port or start of referrer */
- p = strchrW(pszHost, ':');
- if (!p)
- p = strchrW(pszHost, '/');
- if (!p)
- p = pszHost + strlenW(pszHost);
- }
- else /* otherwise not an SPN, just a host */
- {
- pszHost = pszTargetName;
- p = pszHost + strlenW(pszHost);
- }
-
- if (!(pszHostOnly = heap_alloc((p - pszHost + 1) * sizeof(WCHAR)))) return FALSE;
- memcpy(pszHostOnly, pszHost, (p - pszHost) * sizeof(WCHAR));
- pszHostOnly[p - pszHost] = '\0';
-
- ret = CredReadW(pszHostOnly, CRED_TYPE_DOMAIN_PASSWORD, 0, cred);
-
- heap_free(pszHostOnly);
- return ret;
-}
-
-/***********************************************************************
- * InitializeSecurityContextW
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
- PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName,
- ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
- PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
- PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
-{
- SECURITY_STATUS ret;
- PNtlmCredentials ntlm_cred;
- PNegoHelper helper = NULL;
- ULONG ctxt_attr = 0;
- char* buffer, *want_flags = NULL;
- PBYTE bin;
- int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
- int token_idx;
- SEC_CHAR *username = NULL;
- SEC_CHAR *domain = NULL;
- SEC_CHAR *password = NULL;
-
- TRACE("%p %p %s 0x%08x %d %d %p %d %p %p %p %p\n", phCredential, phContext,
- debugstr_w(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
- Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
-
- /****************************************
- * When communicating with the client, there can be the
- * following reply packets:
- * YR <base64 blob> should be sent to the server
- * PW should be sent back to helper with
- * base64 encoded password
- * AF <base64 blob> client is done, blob should be
- * sent to server with KK prefixed
- * GF <string list> A string list of negotiated flags
- * GK <base64 blob> base64 encoded session key
- * BH <char reason> something broke
- */
- /* The squid cache size is 2010 chars, and that's what ntlm_auth uses */
-
- if(TargetDataRep == SECURITY_NETWORK_DREP){
- TRACE("Setting SECURITY_NETWORK_DREP\n");
- }
-
- buffer = heap_alloc(sizeof(char) * NTLM_MAX_BUF);
- bin = heap_alloc(sizeof(BYTE) * NTLM_MAX_BUF);
-
- if((phContext == NULL) && (pInput == NULL))
- {
- static char helper_protocol[] = "--helper-protocol=ntlmssp-client-1";
- static CHAR credentials_argv[] = "--use-cached-creds";
- SEC_CHAR *client_argv[5];
- int pwlen = 0;
-
- TRACE("First time in ISC()\n");
-
- if(!phCredential)
- {
- ret = SEC_E_INVALID_HANDLE;
- goto isc_end;
- }
-
- /* As the server side of sspi never calls this, make sure that
- * the handler is a client handler.
- */
- ntlm_cred = (PNtlmCredentials)phCredential->dwLower;
- if(ntlm_cred->mode != NTLM_CLIENT)
- {
- TRACE("Cred mode = %d\n", ntlm_cred->mode);
- ret = SEC_E_INVALID_HANDLE;
- goto isc_end;
- }
-
- client_argv[0] = ntlm_auth;
- client_argv[1] = helper_protocol;
- if (!ntlm_cred->username_arg && !ntlm_cred->domain_arg)
- {
- LPWKSTA_USER_INFO_1 ui = NULL;
- NET_API_STATUS status;
- PCREDENTIALW cred;
-
- if (ntlm_GetCachedCredential(pszTargetName, &cred))
- {
- LPWSTR p;
- p = strchrW(cred->UserName, '\\');
- if (p)
- {
- domain = ntlm_GetDomainArg(cred->UserName, p - cred->UserName);
- p++;
- }
- else
- {
- domain = ntlm_GetDomainArg(NULL, 0);
- p = cred->UserName;
- }
-
- username = ntlm_GetUsernameArg(p, -1);
-
- if(cred->CredentialBlobSize != 0)
- {
- pwlen = WideCharToMultiByte(CP_UNIXCP,
- WC_NO_BEST_FIT_CHARS, (LPWSTR)cred->CredentialBlob,
- cred->CredentialBlobSize / sizeof(WCHAR), NULL, 0,
- NULL, NULL);
-
- password = heap_alloc(pwlen);
- WideCharToMultiByte(CP_UNIXCP, WC_NO_BEST_FIT_CHARS,
- (LPWSTR)cred->CredentialBlob,
- cred->CredentialBlobSize / sizeof(WCHAR),
- password, pwlen, NULL, NULL);
- }
-
- CredFree(cred);
-
- client_argv[2] = username;
- client_argv[3] = domain;
- client_argv[4] = NULL;
- }
- else
- {
- status = NetWkstaUserGetInfo(NULL, 1, (LPBYTE *)&ui);
- if (status != NERR_Success || ui == NULL || ntlm_cred->no_cached_credentials)
- {
- ret = SEC_E_NO_CREDENTIALS;
- goto isc_end;
- }
- username = ntlm_GetUsernameArg(ui->wkui1_username, -1);
- NetApiBufferFree(ui);
-
- TRACE("using cached credentials\n");
-
- client_argv[2] = username;
- client_argv[3] = credentials_argv;
- client_argv[4] = NULL;
- }
- }
- else
- {
- client_argv[2] = ntlm_cred->username_arg;
- client_argv[3] = ntlm_cred->domain_arg;
- client_argv[4] = NULL;
- }
-
- if((ret = fork_helper(&helper, ntlm_auth, client_argv)) != SEC_E_OK)
- goto isc_end;
-
- helper->mode = NTLM_CLIENT;
- helper->session_key = heap_alloc(16);
- if (!helper->session_key)
- {
- cleanup_helper(helper);
- ret = SEC_E_INSUFFICIENT_MEMORY;
- goto isc_end;
- }
-
- /* Generate the dummy session key = MD4(MD4(password))*/
- if(password || ntlm_cred->password)
- {
- SEC_WCHAR *unicode_password;
- int passwd_lenW;
-
- TRACE("Converting password to unicode.\n");
- passwd_lenW = MultiByteToWideChar(CP_ACP, 0,
- password ? password : ntlm_cred->password,
- password ? pwlen : ntlm_cred->pwlen,
- NULL, 0);
- unicode_password = heap_alloc(passwd_lenW * sizeof(SEC_WCHAR));
- MultiByteToWideChar(CP_ACP, 0, password ? password : ntlm_cred->password,
- password ? pwlen : ntlm_cred->pwlen, unicode_password, passwd_lenW);
-
- SECUR32_CreateNTLM1SessionKey((PBYTE)unicode_password,
- passwd_lenW * sizeof(SEC_WCHAR), helper->session_key);
- heap_free(unicode_password);
- }
- else
- memset(helper->session_key, 0, 16);
-
- /* Allocate space for a maximal string of
- * "SF NTLMSSP_FEATURE_SIGN NTLMSSP_FEATURE_SEAL
- * NTLMSSP_FEATURE_SESSION_KEY"
- */
- if (!(want_flags = heap_alloc(73)))
- {
- cleanup_helper(helper);
- ret = SEC_E_INSUFFICIENT_MEMORY;
- goto isc_end;
- }
- lstrcpyA(want_flags, "SF");
- if(fContextReq & ISC_REQ_CONFIDENTIALITY)
- {
- if(strstr(want_flags, "NTLMSSP_FEATURE_SEAL") == NULL)
- lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
- }
- if(fContextReq & ISC_REQ_CONNECTION)
- ctxt_attr |= ISC_RET_CONNECTION;
- if(fContextReq & ISC_REQ_EXTENDED_ERROR)
- ctxt_attr |= ISC_RET_EXTENDED_ERROR;
- if(fContextReq & ISC_REQ_INTEGRITY)
- {
- if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
- lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
- }
- if(fContextReq & ISC_REQ_MUTUAL_AUTH)
- ctxt_attr |= ISC_RET_MUTUAL_AUTH;
- if(fContextReq & ISC_REQ_REPLAY_DETECT)
- {
- if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
- lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
- }
- if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
- {
- if(strstr(want_flags, "NTLMSSP_FEATURE_SIGN") == NULL)
- lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
- }
- if(fContextReq & ISC_REQ_STREAM)
- FIXME("ISC_REQ_STREAM\n");
- if(fContextReq & ISC_REQ_USE_DCE_STYLE)
- ctxt_attr |= ISC_RET_USED_DCE_STYLE;
- if(fContextReq & ISC_REQ_DELEGATE)
- ctxt_attr |= ISC_RET_DELEGATE;
-
- /* If no password is given, try to use cached credentials. Fall back to an empty
- * password if this failed. */
- if(!password && !ntlm_cred->password)
- {
- lstrcpynA(buffer, "OK", max_len-1);
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
- {
- cleanup_helper(helper);
- goto isc_end;
- }
- /* If the helper replied with "PW", using cached credentials failed */
- if(!strncmp(buffer, "PW", 2))
- {
- TRACE("Using cached credentials failed.\n");
- lstrcpynA(buffer, "PW AA==", max_len-1);
- }
- else /* Just do a noop on the next run */
- lstrcpynA(buffer, "OK", max_len-1);
- }
- else
- {
- lstrcpynA(buffer, "PW ", max_len-1);
- if((ret = encodeBase64(password ? (unsigned char *)password : (unsigned char *)ntlm_cred->password,
- password ? pwlen : ntlm_cred->pwlen, buffer+3,
- max_len-3, &buffer_len)) != SEC_E_OK)
- {
- cleanup_helper(helper);
- goto isc_end;
- }
-
- }
-
- TRACE("Sending to helper: %s\n", debugstr_a(buffer));
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
- {
- cleanup_helper(helper);
- goto isc_end;
- }
-
- TRACE("Helper returned %s\n", debugstr_a(buffer));
-
- if(lstrlenA(want_flags) > 2)
- {
- TRACE("Want flags are %s\n", debugstr_a(want_flags));
- lstrcpynA(buffer, want_flags, max_len-1);
- if((ret = run_helper(helper, buffer, max_len, &buffer_len))
- != SEC_E_OK)
- {
- cleanup_helper(helper);
- goto isc_end;
- }
- if(!strncmp(buffer, "BH", 2))
- ERR("Helper doesn't understand new command set. Expect more things to fail.\n");
- }
-
- lstrcpynA(buffer, "YR", max_len-1);
-
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
- {
- cleanup_helper(helper);
- goto isc_end;
- }
-
- TRACE("%s\n", buffer);
-
- if(strncmp(buffer, "YR ", 3) != 0)
- {
- /* Something borked */
- TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
- ret = SEC_E_INTERNAL_ERROR;
- cleanup_helper(helper);
- goto isc_end;
- }
- if((ret = decodeBase64(buffer+3, buffer_len-3, bin,
- max_len-1, &bin_len)) != SEC_E_OK)
- {
- cleanup_helper(helper);
- goto isc_end;
- }
-
- /* put the decoded client blob into the out buffer */
-
- phNewContext->dwUpper = ctxt_attr;
- phNewContext->dwLower = (ULONG_PTR)helper;
-
- ret = SEC_I_CONTINUE_NEEDED;
- }
- else
- {
- int input_token_idx;
-
- /* handle second call here */
- /* encode server data to base64 */
- if (!pInput || ((input_token_idx = ntlm_GetTokenBufferIndex(pInput)) == -1))
- {
- ret = SEC_E_INVALID_TOKEN;
- goto isc_end;
- }
-
- if(!phContext)
- {
- ret = SEC_E_INVALID_HANDLE;
- goto isc_end;
- }
-
- /* As the server side of sspi never calls this, make sure that
- * the handler is a client handler.
- */
- helper = (PNegoHelper)phContext->dwLower;
- if(helper->mode != NTLM_CLIENT)
- {
- TRACE("Helper mode = %d\n", helper->mode);
- ret = SEC_E_INVALID_HANDLE;
- goto isc_end;
- }
-
- if (!pInput->pBuffers[input_token_idx].pvBuffer)
- {
- ret = SEC_E_INTERNAL_ERROR;
- goto isc_end;
- }
-
- if(pInput->pBuffers[input_token_idx].cbBuffer > max_len)
- {
- TRACE("pInput->pBuffers[%d].cbBuffer is: %d\n",
- input_token_idx,
- pInput->pBuffers[input_token_idx].cbBuffer);
- ret = SEC_E_INVALID_TOKEN;
- goto isc_end;
- }
- else
- bin_len = pInput->pBuffers[input_token_idx].cbBuffer;
-
- memcpy(bin, pInput->pBuffers[input_token_idx].pvBuffer, bin_len);
-
- lstrcpynA(buffer, "TT ", max_len-1);
-
- if((ret = encodeBase64(bin, bin_len, buffer+3,
- max_len-3, &buffer_len)) != SEC_E_OK)
- goto isc_end;
-
- TRACE("Server sent: %s\n", debugstr_a(buffer));
-
- /* send TT base64 blob to ntlm_auth */
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
- goto isc_end;
-
- TRACE("Helper replied: %s\n", debugstr_a(buffer));
-
- if( (strncmp(buffer, "KK ", 3) != 0) &&
- (strncmp(buffer, "AF ", 3) !=0))
- {
- TRACE("Helper returned %c%c\n", buffer[0], buffer[1]);
- ret = SEC_E_INVALID_TOKEN;
- goto isc_end;
- }
-
- /* decode the blob and send it to server */
- if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
- &bin_len)) != SEC_E_OK)
- {
- goto isc_end;
- }
-
- phNewContext->dwUpper = ctxt_attr;
- phNewContext->dwLower = (ULONG_PTR)helper;
-
- ret = SEC_E_OK;
- }
-
- /* put the decoded client blob into the out buffer */
-
- if (!pOutput || ((token_idx = ntlm_GetTokenBufferIndex(pOutput)) == -1))
- {
- TRACE("no SECBUFFER_TOKEN buffer could be found\n");
- ret = SEC_E_BUFFER_TOO_SMALL;
- if ((phContext == NULL) && (pInput == NULL))
- {
- cleanup_helper(helper);
- phNewContext->dwUpper = 0;
- phNewContext->dwLower = 0;
- }
- goto isc_end;
- }
-
- if (fContextReq & ISC_REQ_ALLOCATE_MEMORY)
- {
- pOutput->pBuffers[token_idx].pvBuffer = heap_alloc(bin_len);
- pOutput->pBuffers[token_idx].cbBuffer = bin_len;
- }
- else if (pOutput->pBuffers[token_idx].cbBuffer < bin_len)
- {
- TRACE("out buffer is NULL or has not enough space\n");
- ret = SEC_E_BUFFER_TOO_SMALL;
- if ((phContext == NULL) && (pInput == NULL))
- {
- cleanup_helper(helper);
- phNewContext->dwUpper = 0;
- phNewContext->dwLower = 0;
- }
- goto isc_end;
- }
-
- if (!pOutput->pBuffers[token_idx].pvBuffer)
- {
- TRACE("out buffer is NULL\n");
- ret = SEC_E_INTERNAL_ERROR;
- if ((phContext == NULL) && (pInput == NULL))
- {
- cleanup_helper(helper);
- phNewContext->dwUpper = 0;
- phNewContext->dwLower = 0;
- }
- goto isc_end;
- }
-
- pOutput->pBuffers[token_idx].cbBuffer = bin_len;
- memcpy(pOutput->pBuffers[token_idx].pvBuffer, bin, bin_len);
-
- if(ret == SEC_E_OK)
- {
- TRACE("Getting negotiated flags\n");
- lstrcpynA(buffer, "GF", max_len - 1);
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
- goto isc_end;
-
- if(buffer_len < 3)
- {
- TRACE("No flags negotiated.\n");
- helper->neg_flags = 0l;
- }
- else
- {
- TRACE("Negotiated %s\n", debugstr_a(buffer));
- sscanf(buffer + 3, "%x", &(helper->neg_flags));
- TRACE("Stored 0x%08x as flags\n", helper->neg_flags);
- }
-
- TRACE("Getting session key\n");
- lstrcpynA(buffer, "GK", max_len - 1);
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
- goto isc_end;
-
- if(strncmp(buffer, "BH", 2) == 0)
- TRACE("No key negotiated.\n");
- else if(strncmp(buffer, "GK ", 3) == 0)
- {
- if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
- &bin_len)) != SEC_E_OK)
- {
- TRACE("Failed to decode session key\n");
- }
- TRACE("Session key is %s\n", debugstr_a(buffer+3));
- heap_free(helper->session_key);
- if (!(helper->session_key = heap_alloc(bin_len)))
- {
- ret = SEC_E_INSUFFICIENT_MEMORY;
- goto isc_end;
- }
- memcpy(helper->session_key, bin, bin_len);
- }
-
- helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
- SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
- helper->crypt.ntlm.seq_num = 0l;
- SECUR32_CreateNTLM2SubKeys(helper);
- helper->crypt.ntlm2.send_a4i = SECUR32_arc4Alloc();
- helper->crypt.ntlm2.recv_a4i = SECUR32_arc4Alloc();
- SECUR32_arc4Init(helper->crypt.ntlm2.send_a4i,
- helper->crypt.ntlm2.send_seal_key, 16);
- SECUR32_arc4Init(helper->crypt.ntlm2.recv_a4i,
- helper->crypt.ntlm2.recv_seal_key, 16);
- helper->crypt.ntlm2.send_seq_no = 0l;
- helper->crypt.ntlm2.recv_seq_no = 0l;
- }
-
-isc_end:
- heap_free(username);
- heap_free(domain);
- heap_free(password);
- heap_free(want_flags);
- heap_free(buffer);
- heap_free(bin);
- return ret;
-}
-
-/***********************************************************************
- * InitializeSecurityContextA
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
- PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName,
- ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
- PSecBufferDesc pInput,ULONG Reserved2, PCtxtHandle phNewContext,
- PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
-{
- SECURITY_STATUS ret;
- SEC_WCHAR *target = NULL;
-
- TRACE("%p %p %s %d %d %d %p %d %p %p %p %p\n", phCredential, phContext,
- debugstr_a(pszTargetName), fContextReq, Reserved1, TargetDataRep, pInput,
- Reserved1, phNewContext, pOutput, pfContextAttr, ptsExpiry);
-
- if (pszTargetName)
- {
- int target_size = MultiByteToWideChar(CP_ACP, 0, pszTargetName, -1, NULL, 0);
- if (!(target = heap_alloc(target_size * sizeof(SEC_WCHAR)))) return SEC_E_INSUFFICIENT_MEMORY;
- MultiByteToWideChar(CP_ACP, 0, pszTargetName, -1, target, target_size);
- }
-
- ret = ntlm_InitializeSecurityContextW(phCredential, phContext, target,
- fContextReq, Reserved1, TargetDataRep, pInput, Reserved2,
- phNewContext, pOutput, pfContextAttr, ptsExpiry);
-
- heap_free(target);
- return ret;
-}
-
-/***********************************************************************
- * AcceptSecurityContext
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
- PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput,
- ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
- PSecBufferDesc pOutput, ULONG *pfContextAttr, PTimeStamp ptsExpiry)
-{
- SECURITY_STATUS ret;
- char *buffer, *want_flags = NULL;
- PBYTE bin;
- int buffer_len, bin_len, max_len = NTLM_MAX_BUF;
- ULONG ctxt_attr = 0;
- PNegoHelper helper;
- PNtlmCredentials ntlm_cred;
-
- TRACE("%p %p %p %d %d %p %p %p %p\n", phCredential, phContext, pInput,
- fContextReq, TargetDataRep, phNewContext, pOutput, pfContextAttr,
- ptsExpiry);
-
- buffer = heap_alloc(sizeof(char) * NTLM_MAX_BUF);
- bin = heap_alloc(sizeof(BYTE) * NTLM_MAX_BUF);
-
- if(TargetDataRep == SECURITY_NETWORK_DREP){
- TRACE("Using SECURITY_NETWORK_DREP\n");
- }
-
- if(phContext == NULL)
- {
- static CHAR server_helper_protocol[] = "--helper-protocol=squid-2.5-ntlmssp";
- SEC_CHAR *server_argv[] = { ntlm_auth,
- server_helper_protocol,
- NULL };
-
- if (!phCredential)
- {
- ret = SEC_E_INVALID_HANDLE;
- goto asc_end;
- }
-
- ntlm_cred = (PNtlmCredentials)phCredential->dwLower;
-
- if(ntlm_cred->mode != NTLM_SERVER)
- {
- ret = SEC_E_INVALID_HANDLE;
- goto asc_end;
- }
-
- /* This is the first call to AcceptSecurityHandle */
- if(pInput == NULL)
- {
- ret = SEC_E_INCOMPLETE_MESSAGE;
- goto asc_end;
- }
-
- if(pInput->cBuffers < 1)
- {
- ret = SEC_E_INCOMPLETE_MESSAGE;
- goto asc_end;
- }
-
- if(pInput->pBuffers[0].cbBuffer > max_len)
- {
- ret = SEC_E_INVALID_TOKEN;
- goto asc_end;
- }
- else
- bin_len = pInput->pBuffers[0].cbBuffer;
-
- if( (ret = fork_helper(&helper, ntlm_auth, server_argv)) !=
- SEC_E_OK)
- {
- ret = SEC_E_INTERNAL_ERROR;
- goto asc_end;
- }
- helper->mode = NTLM_SERVER;
-
- /* Handle all the flags */
- if (!(want_flags = heap_alloc(73)))
- {
- TRACE("Failed to allocate memory for the want_flags!\n");
- ret = SEC_E_INSUFFICIENT_MEMORY;
- cleanup_helper(helper);
- goto asc_end;
- }
- lstrcpyA(want_flags, "SF");
- if(fContextReq & ASC_REQ_ALLOCATE_MEMORY)
- {
- FIXME("ASC_REQ_ALLOCATE_MEMORY stub\n");
- }
- if(fContextReq & ASC_REQ_CONFIDENTIALITY)
- {
- lstrcatA(want_flags, " NTLMSSP_FEATURE_SEAL");
- }
- if(fContextReq & ASC_REQ_CONNECTION)
- {
- /* This is default, so we'll enable it */
- lstrcatA(want_flags, " NTLMSSP_FEATURE_SESSION_KEY");
- ctxt_attr |= ASC_RET_CONNECTION;
- }
- if(fContextReq & ASC_REQ_EXTENDED_ERROR)
- {
- FIXME("ASC_REQ_EXTENDED_ERROR stub\n");
- }
- if(fContextReq & ASC_REQ_INTEGRITY)
- {
- lstrcatA(want_flags, " NTLMSSP_FEATURE_SIGN");
- }
- if(fContextReq & ASC_REQ_MUTUAL_AUTH)
- {
- FIXME("ASC_REQ_MUTUAL_AUTH stub\n");
- }
- if(fContextReq & ASC_REQ_REPLAY_DETECT)
- {
- FIXME("ASC_REQ_REPLAY_DETECT stub\n");
- }
- if(fContextReq & ISC_REQ_SEQUENCE_DETECT)
- {
- FIXME("ASC_REQ_SEQUENCE_DETECT stub\n");
- }
- if(fContextReq & ISC_REQ_STREAM)
- {
- FIXME("ASC_REQ_STREAM stub\n");
- }
- /* Done with the flags */
-
- if(lstrlenA(want_flags) > 3)
- {
- TRACE("Server set want_flags: %s\n", debugstr_a(want_flags));
- lstrcpynA(buffer, want_flags, max_len - 1);
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
- SEC_E_OK)
- {
- cleanup_helper(helper);
- goto asc_end;
- }
- if(!strncmp(buffer, "BH", 2))
- TRACE("Helper doesn't understand new command set\n");
- }
-
- /* This is the YR request from the client, encode to base64 */
-
- memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
-
- lstrcpynA(buffer, "YR ", max_len-1);
-
- if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
- &buffer_len)) != SEC_E_OK)
- {
- cleanup_helper(helper);
- goto asc_end;
- }
-
- TRACE("Client sent: %s\n", debugstr_a(buffer));
-
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
- SEC_E_OK)
- {
- cleanup_helper(helper);
- goto asc_end;
- }
-
- TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
- /* The expected answer is TT <base64 blob> */
-
- if(strncmp(buffer, "TT ", 3) != 0)
- {
- ret = SEC_E_INTERNAL_ERROR;
- cleanup_helper(helper);
- goto asc_end;
- }
-
- if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
- &bin_len)) != SEC_E_OK)
- {
- cleanup_helper(helper);
- goto asc_end;
- }
-
- /* send this to the client */
- if(pOutput == NULL)
- {
- ret = SEC_E_INSUFFICIENT_MEMORY;
- cleanup_helper(helper);
- goto asc_end;
- }
-
- if(pOutput->cBuffers < 1)
- {
- ret = SEC_E_INSUFFICIENT_MEMORY;
- cleanup_helper(helper);
- goto asc_end;
- }
-
- pOutput->pBuffers[0].cbBuffer = bin_len;
- pOutput->pBuffers[0].BufferType = SECBUFFER_DATA;
- memcpy(pOutput->pBuffers[0].pvBuffer, bin, bin_len);
- ret = SEC_I_CONTINUE_NEEDED;
-
- }
- else
- {
- /* we expect a KK request from client */
- if(pInput == NULL)
- {
- ret = SEC_E_INCOMPLETE_MESSAGE;
- goto asc_end;
- }
-
- if(pInput->cBuffers < 1)
- {
- ret = SEC_E_INCOMPLETE_MESSAGE;
- goto asc_end;
- }
-
- helper = (PNegoHelper)phContext->dwLower;
-
- if(helper->mode != NTLM_SERVER)
- {
- ret = SEC_E_INVALID_HANDLE;
- goto asc_end;
- }
-
- if(pInput->pBuffers[0].cbBuffer > max_len)
- {
- ret = SEC_E_INVALID_TOKEN;
- goto asc_end;
- }
- else
- bin_len = pInput->pBuffers[0].cbBuffer;
-
- memcpy(bin, pInput->pBuffers[0].pvBuffer, bin_len);
-
- lstrcpynA(buffer, "KK ", max_len-1);
-
- if((ret = encodeBase64(bin, bin_len, buffer+3, max_len-3,
- &buffer_len)) != SEC_E_OK)
- {
- goto asc_end;
- }
-
- TRACE("Client sent: %s\n", debugstr_a(buffer));
-
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) !=
- SEC_E_OK)
- {
- goto asc_end;
- }
-
- TRACE("Reply from ntlm_auth: %s\n", debugstr_a(buffer));
-
- /* At this point, we get a NA if the user didn't authenticate, but a BH
- * if ntlm_auth could not connect to winbindd. Apart from running Wine
- * as root, there is no way to fix this for now, so just handle this as
- * a failed login. */
- if(strncmp(buffer, "AF ", 3) != 0)
- {
- if(strncmp(buffer, "NA ", 3) == 0)
- {
- ret = SEC_E_LOGON_DENIED;
- goto asc_end;
- }
- else
- {
- size_t ntlm_pipe_err_v3_len = strlen("BH NT_STATUS_ACCESS_DENIED");
- size_t ntlm_pipe_err_v4_len = strlen("BH NT_STATUS_UNSUCCESSFUL");
-
- if( (buffer_len >= ntlm_pipe_err_v3_len &&
- strncmp(buffer, "BH NT_STATUS_ACCESS_DENIED", ntlm_pipe_err_v3_len) == 0) ||
- (buffer_len >= ntlm_pipe_err_v4_len &&
- strncmp(buffer, "BH NT_STATUS_UNSUCCESSFUL", ntlm_pipe_err_v4_len) == 0) )
- {
- TRACE("Connection to winbindd failed\n");
- ret = SEC_E_LOGON_DENIED;
- }
- else
- ret = SEC_E_INTERNAL_ERROR;
-
- goto asc_end;
- }
- }
- pOutput->pBuffers[0].cbBuffer = 0;
-
- TRACE("Getting negotiated flags\n");
- lstrcpynA(buffer, "GF", max_len - 1);
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
- goto asc_end;
-
- if(buffer_len < 3)
- {
- TRACE("No flags negotiated, or helper does not support GF command\n");
- }
- else
- {
- TRACE("Negotiated %s\n", debugstr_a(buffer));
- sscanf(buffer + 3, "%x", &(helper->neg_flags));
- TRACE("Stored 0x%08x as flags\n", helper->neg_flags);
- }
-
- TRACE("Getting session key\n");
- lstrcpynA(buffer, "GK", max_len - 1);
- if((ret = run_helper(helper, buffer, max_len, &buffer_len)) != SEC_E_OK)
- goto asc_end;
-
- if(buffer_len < 3)
- TRACE("Helper does not support GK command\n");
- else
- {
- if(strncmp(buffer, "BH ", 3) == 0)
- {
- TRACE("Helper sent %s\n", debugstr_a(buffer+3));
- heap_free(helper->session_key);
- if (!(helper->session_key = heap_alloc(16)))
- {
- ret = SEC_E_INSUFFICIENT_MEMORY;
- goto asc_end;
- }
- /*FIXME: Generate the dummy session key = MD4(MD4(password))*/
- memset(helper->session_key, 0 , 16);
- }
- else if(strncmp(buffer, "GK ", 3) == 0)
- {
- if((ret = decodeBase64(buffer+3, buffer_len-3, bin, max_len,
- &bin_len)) != SEC_E_OK)
- {
- TRACE("Failed to decode session key\n");
- }
- TRACE("Session key is %s\n", debugstr_a(buffer+3));
- heap_free(helper->session_key);
- if (!(helper->session_key = heap_alloc(16)))
- {
- ret = SEC_E_INSUFFICIENT_MEMORY;
- goto asc_end;
- }
- memcpy(helper->session_key, bin, 16);
- }
- }
- helper->crypt.ntlm.a4i = SECUR32_arc4Alloc();
- SECUR32_arc4Init(helper->crypt.ntlm.a4i, helper->session_key, 16);
- helper->crypt.ntlm.seq_num = 0l;
- }
-
- phNewContext->dwUpper = ctxt_attr;
- phNewContext->dwLower = (ULONG_PTR)helper;
-
-asc_end:
- heap_free(want_flags);
- heap_free(buffer);
- heap_free(bin);
- return ret;
-}
-
-/***********************************************************************
- * CompleteAuthToken
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_CompleteAuthToken(PCtxtHandle phContext,
- PSecBufferDesc pToken)
-{
- /* We never need to call CompleteAuthToken anyway */
- TRACE("%p %p\n", phContext, pToken);
- if (!phContext)
- return SEC_E_INVALID_HANDLE;
-
- return SEC_E_OK;
-}
-
-/***********************************************************************
- * DeleteSecurityContext
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
-{
- PNegoHelper helper;
-
- TRACE("%p\n", phContext);
- if (!phContext)
- return SEC_E_INVALID_HANDLE;
-
- helper = (PNegoHelper)phContext->dwLower;
-
- phContext->dwUpper = 0;
- phContext->dwLower = 0;
-
- SECUR32_arc4Cleanup(helper->crypt.ntlm.a4i);
- SECUR32_arc4Cleanup(helper->crypt.ntlm2.send_a4i);
- SECUR32_arc4Cleanup(helper->crypt.ntlm2.recv_a4i);
- heap_free(helper->crypt.ntlm2.send_sign_key);
- heap_free(helper->crypt.ntlm2.send_seal_key);
- heap_free(helper->crypt.ntlm2.recv_sign_key);
- heap_free(helper->crypt.ntlm2.recv_seal_key);
-
- cleanup_helper(helper);
-
- return SEC_E_OK;
-}
-
-#define NTLM_COMMENT \
- { 'N', 'T', 'L', 'M', ' ', \
- 'S', 'e', 'c', 'u', 'r', 'i', 't', 'y', ' ', \
- 'P', 'a', 'c', 'k', 'a', 'g', 'e', 0}
-
-static CHAR ntlm_comment_A[] = NTLM_COMMENT;
-static WCHAR ntlm_comment_W[] = NTLM_COMMENT;
-
-#define NTLM_NAME {'N', 'T', 'L', 'M', 0}
-
-static char ntlm_name_A[] = NTLM_NAME;
-static WCHAR ntlm_name_W[] = NTLM_NAME;
-
-#define NTLM_CAPS ( \
- SECPKG_FLAG_INTEGRITY | \
- SECPKG_FLAG_PRIVACY | \
- SECPKG_FLAG_TOKEN_ONLY | \
- SECPKG_FLAG_CONNECTION | \
- SECPKG_FLAG_MULTI_REQUIRED | \
- SECPKG_FLAG_IMPERSONATION | \
- SECPKG_FLAG_ACCEPT_WIN32_NAME | \
- SECPKG_FLAG_NEGOTIABLE | \
- SECPKG_FLAG_LOGON | \
- SECPKG_FLAG_RESTRICTED_TOKENS )
-
-static const SecPkgInfoW infoW = {
- NTLM_CAPS,
- 1,
- RPC_C_AUTHN_WINNT,
- NTLM_MAX_BUF,
- ntlm_name_W,
- ntlm_comment_W
-};
-
-static const SecPkgInfoA infoA = {
- NTLM_CAPS,
- 1,
- RPC_C_AUTHN_WINNT,
- NTLM_MAX_BUF,
- ntlm_name_A,
- ntlm_comment_A
-};
-
-static SecPkgInfoA *ntlm_package_infoA = (SecPkgInfoA *)&infoA;
-static SecPkgInfoW *ntlm_package_infoW = (SecPkgInfoW *)&infoW;
-
-static SecPkgInfoW *build_package_infoW( const SecPkgInfoW *info )
-{
- SecPkgInfoW *ret;
- DWORD size_name = (strlenW(info->Name) + 1) * sizeof(WCHAR);
- DWORD size_comment = (strlenW(info->Comment) + 1) * sizeof(WCHAR);
-
- if (!(ret = heap_alloc( sizeof(*ret) + size_name + size_comment ))) return NULL;
- ret->fCapabilities = info->fCapabilities;
- ret->wVersion = info->wVersion;
- ret->wRPCID = info->wRPCID;
- ret->cbMaxToken = info->cbMaxToken;
- ret->Name = (SEC_WCHAR *)(ret + 1);
- memcpy( ret->Name, info->Name, size_name );
- ret->Comment = (SEC_WCHAR *)((char *)ret->Name + size_name);
- memcpy( ret->Comment, info->Comment, size_comment );
- return ret;
-}
-
-static SecPkgInfoA *build_package_infoA( const SecPkgInfoA *info )
-{
- SecPkgInfoA *ret;
- DWORD size_name = strlen(info->Name) + 1, size_comment = strlen(info->Comment) + 1;
-
- if (!(ret = heap_alloc( sizeof(*ret) + size_name + size_comment ))) return NULL;
- ret->fCapabilities = info->fCapabilities;
- ret->wVersion = info->wVersion;
- ret->wRPCID = info->wRPCID;
- ret->cbMaxToken = info->cbMaxToken;
- ret->Name = (SEC_CHAR *)(ret + 1);
- memcpy( ret->Name, info->Name, size_name );
- ret->Comment = ret->Name + size_name;
- memcpy( ret->Comment, info->Comment, size_comment );
- return ret;
-}
-
-/***********************************************************************
- * QueryContextAttributesW
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext,
- ULONG ulAttribute, void *pBuffer)
-{
- TRACE("%p %d %p\n", phContext, ulAttribute, pBuffer);
- if (!phContext)
- return SEC_E_INVALID_HANDLE;
-
- switch(ulAttribute)
- {
-#define _x(x) case (x) : FIXME(#x" stub\n"); break
- _x(SECPKG_ATTR_ACCESS_TOKEN);
- _x(SECPKG_ATTR_AUTHORITY);
- _x(SECPKG_ATTR_DCE_INFO);
- case SECPKG_ATTR_FLAGS:
- {
- PSecPkgContext_Flags spcf = (PSecPkgContext_Flags)pBuffer;
- PNegoHelper helper = (PNegoHelper)phContext->dwLower;
-
- spcf->Flags = 0;
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
- spcf->Flags |= ISC_RET_INTEGRITY;
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
- spcf->Flags |= ISC_RET_CONFIDENTIALITY;
- return SEC_E_OK;
- }
- _x(SECPKG_ATTR_KEY_INFO);
- _x(SECPKG_ATTR_LIFESPAN);
- _x(SECPKG_ATTR_NAMES);
- _x(SECPKG_ATTR_NATIVE_NAMES);
- case SECPKG_ATTR_NEGOTIATION_INFO:
- {
- SecPkgContext_NegotiationInfoW *info = (SecPkgContext_NegotiationInfoW *)pBuffer;
- if (!(info->PackageInfo = build_package_infoW( &infoW ))) return SEC_E_INSUFFICIENT_MEMORY;
- info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
- return SEC_E_OK;
- }
- _x(SECPKG_ATTR_PACKAGE_INFO);
- _x(SECPKG_ATTR_PASSWORD_EXPIRY);
- _x(SECPKG_ATTR_SESSION_KEY);
- case SECPKG_ATTR_SIZES:
- {
- PSecPkgContext_Sizes spcs = (PSecPkgContext_Sizes)pBuffer;
- spcs->cbMaxToken = NTLM_MAX_BUF;
- spcs->cbMaxSignature = 16;
- spcs->cbBlockSize = 0;
- spcs->cbSecurityTrailer = 16;
- return SEC_E_OK;
- }
- _x(SECPKG_ATTR_STREAM_SIZES);
- _x(SECPKG_ATTR_TARGET_INFORMATION);
-#undef _x
- default:
- TRACE("Unknown value %d passed for ulAttribute\n", ulAttribute);
- }
-
- return SEC_E_UNSUPPORTED_FUNCTION;
-}
-
-/***********************************************************************
- * QueryContextAttributesA
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext,
- ULONG ulAttribute, void *pBuffer)
-{
- switch(ulAttribute)
- {
- case SECPKG_ATTR_NEGOTIATION_INFO:
- {
- SecPkgContext_NegotiationInfoA *info = (SecPkgContext_NegotiationInfoA *)pBuffer;
- if (!(info->PackageInfo = build_package_infoA( &infoA ))) return SEC_E_INSUFFICIENT_MEMORY;
- info->NegotiationState = SECPKG_NEGOTIATION_COMPLETE;
- return SEC_E_OK;
- }
- default:
- return ntlm_QueryContextAttributesW( phContext, ulAttribute, pBuffer );
- }
-}
-
-/***********************************************************************
- * ImpersonateSecurityContext
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_ImpersonateSecurityContext(PCtxtHandle phContext)
-{
- SECURITY_STATUS ret;
-
- TRACE("%p\n", phContext);
- if (phContext)
- {
- ret = SEC_E_UNSUPPORTED_FUNCTION;
- }
- else
- {
- ret = SEC_E_INVALID_HANDLE;
- }
- return ret;
-}
-
-/***********************************************************************
- * RevertSecurityContext
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_RevertSecurityContext(PCtxtHandle phContext)
-{
- SECURITY_STATUS ret;
-
- TRACE("%p\n", phContext);
- if (phContext)
- {
- ret = SEC_E_UNSUPPORTED_FUNCTION;
- }
- else
- {
- ret = SEC_E_INVALID_HANDLE;
- }
- return ret;
-}
-
-/***********************************************************************
- * ntlm_CreateSignature
- * As both MakeSignature and VerifySignature need this, but different keys
- * are needed for NTLM2, the logic goes into a helper function.
- * To ensure maximal reusability, we can specify the direction as NTLM_SEND for
- * signing/encrypting and NTLM_RECV for verifying/decrypting. When encrypting,
- * the signature is encrypted after the message was encrypted, so
- * CreateSignature shouldn't do it. In this case, encrypt_sig can be set to
- * false.
- */
-static SECURITY_STATUS ntlm_CreateSignature(PNegoHelper helper, PSecBufferDesc pMessage,
- int token_idx, SignDirection direction, BOOL encrypt_sig)
-{
- ULONG sign_version = 1;
- UINT i;
- PBYTE sig;
- TRACE("%p, %p, %d, %d, %d\n", helper, pMessage, token_idx, direction,
- encrypt_sig);
-
- sig = pMessage->pBuffers[token_idx].pvBuffer;
-
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2 &&
- helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
- {
- BYTE digest[16];
- BYTE seq_no[4];
- HMAC_MD5_CTX hmac_md5_ctx;
-
- TRACE("Signing NTLM2 style\n");
-
- if(direction == NTLM_SEND)
- {
- seq_no[0] = (helper->crypt.ntlm2.send_seq_no >> 0) & 0xff;
- seq_no[1] = (helper->crypt.ntlm2.send_seq_no >> 8) & 0xff;
- seq_no[2] = (helper->crypt.ntlm2.send_seq_no >> 16) & 0xff;
- seq_no[3] = (helper->crypt.ntlm2.send_seq_no >> 24) & 0xff;
-
- ++(helper->crypt.ntlm2.send_seq_no);
-
- HMACMD5Init(&hmac_md5_ctx, helper->crypt.ntlm2.send_sign_key, 16);
- }
- else
- {
- seq_no[0] = (helper->crypt.ntlm2.recv_seq_no >> 0) & 0xff;
- seq_no[1] = (helper->crypt.ntlm2.recv_seq_no >> 8) & 0xff;
- seq_no[2] = (helper->crypt.ntlm2.recv_seq_no >> 16) & 0xff;
- seq_no[3] = (helper->crypt.ntlm2.recv_seq_no >> 24) & 0xff;
-
- ++(helper->crypt.ntlm2.recv_seq_no);
-
- HMACMD5Init(&hmac_md5_ctx, helper->crypt.ntlm2.recv_sign_key, 16);
- }
-
- HMACMD5Update(&hmac_md5_ctx, seq_no, 4);
- for( i = 0; i < pMessage->cBuffers; ++i )
- {
- if(pMessage->pBuffers[i].BufferType & SECBUFFER_DATA)
- HMACMD5Update(&hmac_md5_ctx, pMessage->pBuffers[i].pvBuffer,
- pMessage->pBuffers[i].cbBuffer);
- }
-
- HMACMD5Final(&hmac_md5_ctx, digest);
-
- if(encrypt_sig && helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
- {
- if(direction == NTLM_SEND)
- SECUR32_arc4Process(helper->crypt.ntlm2.send_a4i, digest, 8);
- else
- SECUR32_arc4Process(helper->crypt.ntlm2.recv_a4i, digest, 8);
- }
-
- /* The NTLM2 signature is the sign version */
- sig[ 0] = (sign_version >> 0) & 0xff;
- sig[ 1] = (sign_version >> 8) & 0xff;
- sig[ 2] = (sign_version >> 16) & 0xff;
- sig[ 3] = (sign_version >> 24) & 0xff;
- /* The first 8 bytes of the digest */
- memcpy(sig+4, digest, 8);
- /* And the sequence number */
- memcpy(sig+12, seq_no, 4);
-
- pMessage->pBuffers[token_idx].cbBuffer = 16;
-
- return SEC_E_OK;
- }
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_SIGN)
- {
- ULONG crc = 0U;
- TRACE("Signing NTLM1 style\n");
-
- for(i=0; i < pMessage->cBuffers; ++i)
- {
- if(pMessage->pBuffers[i].BufferType & SECBUFFER_DATA)
- crc = RtlComputeCrc32(crc, pMessage->pBuffers[i].pvBuffer, pMessage->pBuffers[i].cbBuffer);
- }
-
- sig[ 0] = (sign_version >> 0) & 0xff;
- sig[ 1] = (sign_version >> 8) & 0xff;
- sig[ 2] = (sign_version >> 16) & 0xff;
- sig[ 3] = (sign_version >> 24) & 0xff;
- memset(sig+4, 0, 4);
- sig[ 8] = (crc >> 0) & 0xff;
- sig[ 9] = (crc >> 8) & 0xff;
- sig[10] = (crc >> 16) & 0xff;
- sig[11] = (crc >> 24) & 0xff;
- sig[12] = (helper->crypt.ntlm.seq_num >> 0) & 0xff;
- sig[13] = (helper->crypt.ntlm.seq_num >> 8) & 0xff;
- sig[14] = (helper->crypt.ntlm.seq_num >> 16) & 0xff;
- sig[15] = (helper->crypt.ntlm.seq_num >> 24) & 0xff;
-
- ++(helper->crypt.ntlm.seq_num);
-
- if(encrypt_sig)
- SECUR32_arc4Process(helper->crypt.ntlm.a4i, sig+4, 12);
- return SEC_E_OK;
- }
-
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN || helper->neg_flags == 0)
- {
- TRACE("Creating a dummy signature.\n");
- /* A dummy signature is 0x01 followed by 15 bytes of 0x00 */
- memset(pMessage->pBuffers[token_idx].pvBuffer, 0, 16);
- memset(pMessage->pBuffers[token_idx].pvBuffer, 0x01, 1);
- pMessage->pBuffers[token_idx].cbBuffer = 16;
- return SEC_E_OK;
- }
-
- return SEC_E_UNSUPPORTED_FUNCTION;
-}
-
-/***********************************************************************
- * MakeSignature
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext,
- ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
-{
- PNegoHelper helper;
- int token_idx;
-
- TRACE("%p %d %p %d\n", phContext, fQOP, pMessage, MessageSeqNo);
- if (!phContext)
- return SEC_E_INVALID_HANDLE;
-
- if(fQOP)
- FIXME("Ignoring fQOP 0x%08x\n", fQOP);
-
- if(MessageSeqNo)
- FIXME("Ignoring MessageSeqNo\n");
-
- if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
- return SEC_E_INVALID_TOKEN;
-
- /* If we didn't find a SECBUFFER_TOKEN type buffer */
- if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
- return SEC_E_INVALID_TOKEN;
-
- if(pMessage->pBuffers[token_idx].cbBuffer < 16)
- return SEC_E_BUFFER_TOO_SMALL;
-
- helper = (PNegoHelper)phContext->dwLower;
- TRACE("Negotiated flags are: 0x%08x\n", helper->neg_flags);
-
- return ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, TRUE);
-}
-
-/***********************************************************************
- * VerifySignature
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
- PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
-{
- PNegoHelper helper;
- UINT i;
- int token_idx;
- SECURITY_STATUS ret;
- SecBufferDesc local_desc;
- PSecBuffer local_buff;
- BYTE local_sig[16];
-
- TRACE("%p %p %d %p\n", phContext, pMessage, MessageSeqNo, pfQOP);
- if(!phContext)
- return SEC_E_INVALID_HANDLE;
-
- if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
- return SEC_E_INVALID_TOKEN;
-
- if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
- return SEC_E_INVALID_TOKEN;
-
- if(pMessage->pBuffers[token_idx].cbBuffer < 16)
- return SEC_E_BUFFER_TOO_SMALL;
-
- if(MessageSeqNo)
- FIXME("Ignoring MessageSeqNo\n");
-
- helper = (PNegoHelper)phContext->dwLower;
- TRACE("Negotiated flags: 0x%08x\n", helper->neg_flags);
-
- local_buff = heap_alloc(pMessage->cBuffers * sizeof(SecBuffer));
-
- local_desc.ulVersion = SECBUFFER_VERSION;
- local_desc.cBuffers = pMessage->cBuffers;
- local_desc.pBuffers = local_buff;
-
- for(i=0; i < pMessage->cBuffers; ++i)
- {
- if(pMessage->pBuffers[i].BufferType == SECBUFFER_TOKEN)
- {
- local_buff[i].BufferType = SECBUFFER_TOKEN;
- local_buff[i].cbBuffer = 16;
- local_buff[i].pvBuffer = local_sig;
- }
- else
- {
- local_buff[i].BufferType = pMessage->pBuffers[i].BufferType;
- local_buff[i].cbBuffer = pMessage->pBuffers[i].cbBuffer;
- local_buff[i].pvBuffer = pMessage->pBuffers[i].pvBuffer;
- }
- }
-
- if((ret = ntlm_CreateSignature(helper, &local_desc, token_idx, NTLM_RECV, TRUE)) != SEC_E_OK)
- return ret;
-
- if(memcmp(((PBYTE)local_buff[token_idx].pvBuffer) + 8,
- ((PBYTE)pMessage->pBuffers[token_idx].pvBuffer) + 8, 8))
- ret = SEC_E_MESSAGE_ALTERED;
- else
- ret = SEC_E_OK;
-
- heap_free(local_buff);
- return ret;
-
-}
-
-/***********************************************************************
- * FreeCredentialsHandle
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle phCredential)
-{
- if (phCredential)
- {
- PNtlmCredentials ntlm_cred = (PNtlmCredentials) phCredential->dwLower;
- phCredential->dwUpper = 0;
- phCredential->dwLower = 0;
- if (ntlm_cred->password) memset(ntlm_cred->password, 0, ntlm_cred->pwlen);
- heap_free(ntlm_cred->password);
- heap_free(ntlm_cred->username_arg);
- heap_free(ntlm_cred->domain_arg);
- heap_free(ntlm_cred);
- }
-
- return SEC_E_OK;
-}
-
-/***********************************************************************
- * EncryptMessage
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
- ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
-{
- PNegoHelper helper;
- int token_idx, data_idx;
-
- TRACE("(%p %d %p %d)\n", phContext, fQOP, pMessage, MessageSeqNo);
-
- if(!phContext)
- return SEC_E_INVALID_HANDLE;
-
- if(fQOP)
- FIXME("Ignoring fQOP\n");
-
- if(MessageSeqNo)
- FIXME("Ignoring MessageSeqNo\n");
-
- if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
- return SEC_E_INVALID_TOKEN;
-
- if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
- return SEC_E_INVALID_TOKEN;
-
- if((data_idx = ntlm_GetDataBufferIndex(pMessage)) ==-1 )
- return SEC_E_INVALID_TOKEN;
-
- if(pMessage->pBuffers[token_idx].cbBuffer < 16)
- return SEC_E_BUFFER_TOO_SMALL;
-
- helper = (PNegoHelper) phContext->dwLower;
-
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2 &&
- helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
- {
- ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, FALSE);
- SECUR32_arc4Process(helper->crypt.ntlm2.send_a4i,
- pMessage->pBuffers[data_idx].pvBuffer,
- pMessage->pBuffers[data_idx].cbBuffer);
-
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCHANGE)
- SECUR32_arc4Process(helper->crypt.ntlm2.send_a4i,
- ((BYTE *)pMessage->pBuffers[token_idx].pvBuffer)+4, 8);
- }
- else
- {
- PBYTE sig;
- ULONG save_flags;
-
- /* EncryptMessage always produces real signatures, so make sure
- * NTLMSSP_NEGOTIATE_SIGN is set*/
- save_flags = helper->neg_flags;
- helper->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- ntlm_CreateSignature(helper, pMessage, token_idx, NTLM_SEND, FALSE);
- helper->neg_flags = save_flags;
-
- sig = pMessage->pBuffers[token_idx].pvBuffer;
-
- SECUR32_arc4Process(helper->crypt.ntlm.a4i,
- pMessage->pBuffers[data_idx].pvBuffer,
- pMessage->pBuffers[data_idx].cbBuffer);
- SECUR32_arc4Process(helper->crypt.ntlm.a4i, sig+4, 12);
-
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN || helper->neg_flags == 0)
- memset(sig+4, 0, 4);
- }
- return SEC_E_OK;
-}
-
-/***********************************************************************
- * DecryptMessage
- */
-static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext,
- PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP)
-{
- SECURITY_STATUS ret;
- ULONG ntlmssp_flags_save;
- PNegoHelper helper;
- int token_idx, data_idx;
- TRACE("(%p %p %d %p)\n", phContext, pMessage, MessageSeqNo, pfQOP);
-
- if(!phContext)
- return SEC_E_INVALID_HANDLE;
-
- if(MessageSeqNo)
- FIXME("Ignoring MessageSeqNo\n");
-
- if(!pMessage || !pMessage->pBuffers || pMessage->cBuffers < 2)
- return SEC_E_INVALID_TOKEN;
-
- if((token_idx = ntlm_GetTokenBufferIndex(pMessage)) == -1)
- return SEC_E_INVALID_TOKEN;
-
- if((data_idx = ntlm_GetDataBufferIndex(pMessage)) ==-1)
- return SEC_E_INVALID_TOKEN;
-
- if(pMessage->pBuffers[token_idx].cbBuffer < 16)
- return SEC_E_BUFFER_TOO_SMALL;
-
- helper = (PNegoHelper) phContext->dwLower;
-
- if(helper->neg_flags & NTLMSSP_NEGOTIATE_NTLM2 && helper->neg_flags & NTLMSSP_NEGOTIATE_SEAL)
- {
- SECUR32_arc4Process(helper->crypt.ntlm2.recv_a4i,
- pMessage->pBuffers[data_idx].pvBuffer,
- pMessage->pBuffers[data_idx].cbBuffer);
- }
- else
- {
- SECUR32_arc4Process(helper->crypt.ntlm.a4i,
- pMessage->pBuffers[data_idx].pvBuffer,
- pMessage->pBuffers[data_idx].cbBuffer);
- }
-
- /* Make sure we use a session key for the signature check, EncryptMessage
- * always does that, even in the dummy case */
- ntlmssp_flags_save = helper->neg_flags;
-
- helper->neg_flags |= NTLMSSP_NEGOTIATE_SIGN;
- ret = ntlm_VerifySignature(phContext, pMessage, MessageSeqNo, pfQOP);
-
- helper->neg_flags = ntlmssp_flags_save;
-
- return ret;
-}
-
-static const SecurityFunctionTableA ntlmTableA = {
- 1,
- NULL, /* EnumerateSecurityPackagesA */
- ntlm_QueryCredentialsAttributesA, /* QueryCredentialsAttributesA */
- ntlm_AcquireCredentialsHandleA, /* AcquireCredentialsHandleA */
- ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
- NULL, /* Reserved2 */
- ntlm_InitializeSecurityContextA, /* InitializeSecurityContextA */
- ntlm_AcceptSecurityContext, /* AcceptSecurityContext */
- ntlm_CompleteAuthToken, /* CompleteAuthToken */
- ntlm_DeleteSecurityContext, /* DeleteSecurityContext */
- NULL, /* ApplyControlToken */
- ntlm_QueryContextAttributesA, /* QueryContextAttributesA */
- ntlm_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
- ntlm_RevertSecurityContext, /* RevertSecurityContext */
- ntlm_MakeSignature, /* MakeSignature */
- ntlm_VerifySignature, /* VerifySignature */
- FreeContextBuffer, /* FreeContextBuffer */
- NULL, /* QuerySecurityPackageInfoA */
- NULL, /* Reserved3 */
- NULL, /* Reserved4 */
- NULL, /* ExportSecurityContext */
- NULL, /* ImportSecurityContextA */
- NULL, /* AddCredentialsA */
- NULL, /* Reserved8 */
- NULL, /* QuerySecurityContextToken */
- ntlm_EncryptMessage, /* EncryptMessage */
- ntlm_DecryptMessage, /* DecryptMessage */
- NULL, /* SetContextAttributesA */
-};
-
-static const SecurityFunctionTableW ntlmTableW = {
- 1,
- NULL, /* EnumerateSecurityPackagesW */
- ntlm_QueryCredentialsAttributesW, /* QueryCredentialsAttributesW */
- ntlm_AcquireCredentialsHandleW, /* AcquireCredentialsHandleW */
- ntlm_FreeCredentialsHandle, /* FreeCredentialsHandle */
- NULL, /* Reserved2 */
- ntlm_InitializeSecurityContextW, /* InitializeSecurityContextW */
- ntlm_AcceptSecurityContext, /* AcceptSecurityContext */
- ntlm_CompleteAuthToken, /* CompleteAuthToken */
- ntlm_DeleteSecurityContext, /* DeleteSecurityContext */
- NULL, /* ApplyControlToken */
- ntlm_QueryContextAttributesW, /* QueryContextAttributesW */
- ntlm_ImpersonateSecurityContext, /* ImpersonateSecurityContext */
- ntlm_RevertSecurityContext, /* RevertSecurityContext */
- ntlm_MakeSignature, /* MakeSignature */
- ntlm_VerifySignature, /* VerifySignature */
- FreeContextBuffer, /* FreeContextBuffer */
- NULL, /* QuerySecurityPackageInfoW */
- NULL, /* Reserved3 */
- NULL, /* Reserved4 */
- NULL, /* ExportSecurityContext */
- NULL, /* ImportSecurityContextW */
- NULL, /* AddCredentialsW */
- NULL, /* Reserved8 */
- NULL, /* QuerySecurityContextToken */
- ntlm_EncryptMessage, /* EncryptMessage */
- ntlm_DecryptMessage, /* DecryptMessage */
- NULL, /* SetContextAttributesW */
-};
-
-void SECUR32_initNTLMSP(void)
-{
- PNegoHelper helper;
- static CHAR version[] = "--version";
-
- SEC_CHAR *args[] = {
- ntlm_auth,
- version,
- NULL };
-
- if(fork_helper(&helper, ntlm_auth, args) != SEC_E_OK)
- helper = NULL;
- else
- check_version(helper);
-
- if( helper &&
- ((helper->major > MIN_NTLM_AUTH_MAJOR_VERSION) ||
- (helper->major == MIN_NTLM_AUTH_MAJOR_VERSION &&
- helper->minor > MIN_NTLM_AUTH_MINOR_VERSION) ||
- (helper->major == MIN_NTLM_AUTH_MAJOR_VERSION &&
- helper->minor == MIN_NTLM_AUTH_MINOR_VERSION &&
- helper->micro >= MIN_NTLM_AUTH_MICRO_VERSION)) )
- {
- SecureProvider *provider = SECUR32_addProvider(&ntlmTableA, &ntlmTableW, NULL);
- SECUR32_addPackages(provider, 1L, ntlm_package_infoA, ntlm_package_infoW);
- }
- else
- {
- ERR_(winediag)("%s was not found or is outdated. "
- "Make sure that ntlm_auth >= %d.%d.%d is in your path. "
- "Usually, you can find it in the winbind package of your distribution.\n",
- ntlm_auth,
- MIN_NTLM_AUTH_MAJOR_VERSION,
- MIN_NTLM_AUTH_MINOR_VERSION,
- MIN_NTLM_AUTH_MICRO_VERSION);
-
- }
- cleanup_helper(helper);
-}
diff --git a/dlls/secur32/secur32_priv.h b/dlls/secur32/secur32_priv.h
index ca0062056d6..5571ac290e1 100644
--- a/dlls/secur32/secur32_priv.h
+++ b/dlls/secur32/secur32_priv.h
@@ -44,65 +44,6 @@ typedef struct _SecurePackage
SecureProvider *provider;
} SecurePackage;
-typedef enum _helper_mode {
- NTLM_SERVER,
- NTLM_CLIENT,
- NUM_HELPER_MODES
-} HelperMode;
-
-typedef struct tag_arc4_info {
- unsigned char x, y;
- unsigned char state[256];
-} arc4_info;
-
-typedef struct _NegoHelper {
- pid_t helper_pid;
- HelperMode mode;
- int pipe_in;
- int pipe_out;
- int major;
- int minor;
- int micro;
- char *com_buf;
- int com_buf_size;
- int com_buf_offset;
- BYTE *session_key;
- ULONG neg_flags;
- struct {
- struct {
- ULONG seq_num;
- arc4_info *a4i;
- } ntlm;
- struct {
- BYTE *send_sign_key;
- BYTE *send_seal_key;
- BYTE *recv_sign_key;
- BYTE *recv_seal_key;
- ULONG send_seq_no;
- ULONG recv_seq_no;
- arc4_info *send_a4i;
- arc4_info *recv_a4i;
- } ntlm2;
- } crypt;
-} NegoHelper, *PNegoHelper;
-
-typedef struct _NtlmCredentials
-{
- HelperMode mode;
-
- /* these are all in the Unix codepage */
- char *username_arg;
- char *domain_arg;
- char *password; /* not nul-terminated */
- int pwlen;
- int no_cached_credentials; /* don't try to use cached Samba credentials */
-} NtlmCredentials, *PNtlmCredentials;
-
-typedef enum _sign_direction {
- NTLM_SEND,
- NTLM_RECV
-} SignDirection;
-
/* Allocates space for and initializes a new provider. If fnTableA or fnTableW
* is non-NULL, assumes the provider is built-in, and if moduleName is non-NULL,
* means must load the LSA/user mode functions tables from external SSP/AP module.
@@ -136,60 +77,11 @@ PSTR SECUR32_AllocMultiByteFromWide(PCWSTR str) DECLSPEC_HIDDEN;
/* Initialization functions for built-in providers */
void SECUR32_initSchannelSP(void) DECLSPEC_HIDDEN;
void SECUR32_initNegotiateSP(void) DECLSPEC_HIDDEN;
-void SECUR32_initNTLMSP(void) DECLSPEC_HIDDEN;
void load_auth_packages(void) DECLSPEC_HIDDEN;
/* Cleanup functions for built-in providers */
void SECUR32_deinitSchannelSP(void) DECLSPEC_HIDDEN;
-/* Functions from dispatcher.c used elsewhere in the code */
-SECURITY_STATUS fork_helper(PNegoHelper *new_helper, const char *prog,
- char * const argv[]) DECLSPEC_HIDDEN;
-
-SECURITY_STATUS run_helper(PNegoHelper helper, char *buffer,
- unsigned int max_buflen, int *buflen) DECLSPEC_HIDDEN;
-
-void cleanup_helper(PNegoHelper helper) DECLSPEC_HIDDEN;
-
-void check_version(PNegoHelper helper) DECLSPEC_HIDDEN;
-
-/* Functions from base64_codec.c used elsewhere */
-SECURITY_STATUS encodeBase64(PBYTE in_buf, int in_len, char* out_buf,
- int max_len, int *out_len) DECLSPEC_HIDDEN;
-
-SECURITY_STATUS decodeBase64(char *in_buf, int in_len, BYTE *out_buf,
- int max_len, int *out_len) DECLSPEC_HIDDEN;
-
-/* Functions from util.c */
-SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key) DECLSPEC_HIDDEN;
-SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper) DECLSPEC_HIDDEN;
-arc4_info *SECUR32_arc4Alloc(void) DECLSPEC_HIDDEN;
-void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen) DECLSPEC_HIDDEN;
-void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length) DECLSPEC_HIDDEN;
-void SECUR32_arc4Cleanup(arc4_info *a4i) DECLSPEC_HIDDEN;
-
-/* NTLMSSP flags indicating the negotiated features */
-#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001
-#define NTLMSSP_NEGOTIATE_OEM 0x00000002
-#define NTLMSSP_REQUEST_TARGET 0x00000004
-#define NTLMSSP_NEGOTIATE_SIGN 0x00000010
-#define NTLMSSP_NEGOTIATE_SEAL 0x00000020
-#define NTLMSSP_NEGOTIATE_DATAGRAM_STYLE 0x00000040
-#define NTLMSSP_NEGOTIATE_LM_SESSION_KEY 0x00000080
-#define NTLMSSP_NEGOTIATE_NTLM 0x00000200
-#define NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED 0x00001000
-#define NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED 0x00002000
-#define NTLMSSP_NEGOTIATE_LOCAL_CALL 0x00004000
-#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000
-#define NTLMSSP_NEGOTIATE_TARGET_TYPE_DOMAIN 0x00010000
-#define NTLMSSP_NEGOTIATE_TARGET_TYPE_SERVER 0x00020000
-#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000
-#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000
-#define NTLMSSP_NEGOTIATE_128 0x20000000
-#define NTLMSSP_NEGOTIATE_KEY_EXCHANGE 0x40000000
-#define NTLMSSP_NEGOTIATE_56 0x80000000
-
-
/* schannel internal interface */
typedef struct schan_imp_session_opaque *schan_imp_session;
diff --git a/dlls/secur32/util.c b/dlls/secur32/util.c
deleted file mode 100644
index b5cac5b6c06..00000000000
--- a/dlls/secur32/util.c
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright 2006 Kai Blin
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
- *
- * This file contains various helper functions needed for NTLM and maybe others
- */
-#include <stdarg.h>
-#include <stdio.h>
-#include "windef.h"
-#include "winbase.h"
-#include "rpc.h"
-#include "sspi.h"
-#include "secur32_priv.h"
-#include "wine/debug.h"
-
-WINE_DEFAULT_DEBUG_CHANNEL(ntlm);
-
-static const char client_to_server_sign_constant[] = "session key to client-to-server signing key magic constant";
-static const char client_to_server_seal_constant[] = "session key to client-to-server sealing key magic constant";
-static const char server_to_client_sign_constant[] = "session key to server-to-client signing key magic constant";
-static const char server_to_client_seal_constant[] = "session key to server-to-client sealing key magic constant";
-
-typedef struct
-{
- unsigned int buf[4];
- unsigned int i[2];
- unsigned char in[64];
- unsigned char digest[16];
-} MD4_CTX;
-
-/* And now the same with a different memory layout. */
-typedef struct
-{
- unsigned int i[2];
- unsigned int buf[4];
- unsigned char in[64];
- unsigned char digest[16];
-} MD5_CTX;
-
-VOID WINAPI MD4Init( MD4_CTX *ctx );
-VOID WINAPI MD4Update( MD4_CTX *ctx, const unsigned char *buf, unsigned int len );
-VOID WINAPI MD4Final( MD4_CTX *ctx );
-VOID WINAPI MD5Init( MD5_CTX *ctx );
-VOID WINAPI MD5Update( MD5_CTX *ctx, const unsigned char *buf, unsigned int len );
-VOID WINAPI MD5Final( MD5_CTX *ctx );
-
-SECURITY_STATUS SECUR32_CreateNTLM1SessionKey(PBYTE password, int len, PBYTE session_key)
-{
- MD4_CTX ctx;
- BYTE ntlm_hash[16];
-
- TRACE("(%p, %p)\n", password, session_key);
-
- MD4Init(&ctx);
- MD4Update(&ctx, password, len);
- MD4Final(&ctx);
-
- memcpy(ntlm_hash, ctx.digest, 0x10);
-
- MD4Init(&ctx);
- MD4Update(&ctx, ntlm_hash, 0x10u);
- MD4Final(&ctx);
-
- memcpy(session_key, ctx.digest, 0x10);
-
- return SEC_E_OK;
-}
-
-static void SECUR32_CalcNTLM2Subkey(const BYTE *session_key, const char *magic, PBYTE subkey)
-{
- MD5_CTX ctx;
-
- MD5Init(&ctx);
- MD5Update(&ctx, session_key, 16);
- MD5Update(&ctx, (const unsigned char*)magic, lstrlenA(magic)+1);
- MD5Final(&ctx);
- memcpy(subkey, ctx.digest, 16);
-}
-
-/* This assumes we do have a valid NTLM2 user session key */
-SECURITY_STATUS SECUR32_CreateNTLM2SubKeys(PNegoHelper helper)
-{
- helper->crypt.ntlm2.send_sign_key = heap_alloc(16);
- helper->crypt.ntlm2.send_seal_key = heap_alloc(16);
- helper->crypt.ntlm2.recv_sign_key = heap_alloc(16);
- helper->crypt.ntlm2.recv_seal_key = heap_alloc(16);
-
- if(helper->mode == NTLM_CLIENT)
- {
- SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_sign_constant,
- helper->crypt.ntlm2.send_sign_key);
- SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_seal_constant,
- helper->crypt.ntlm2.send_seal_key);
- SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_sign_constant,
- helper->crypt.ntlm2.recv_sign_key);
- SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_seal_constant,
- helper->crypt.ntlm2.recv_seal_key);
- }
- else
- {
- SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_sign_constant,
- helper->crypt.ntlm2.send_sign_key);
- SECUR32_CalcNTLM2Subkey(helper->session_key, server_to_client_seal_constant,
- helper->crypt.ntlm2.send_seal_key);
- SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_sign_constant,
- helper->crypt.ntlm2.recv_sign_key);
- SECUR32_CalcNTLM2Subkey(helper->session_key, client_to_server_seal_constant,
- helper->crypt.ntlm2.recv_seal_key);
- }
-
- return SEC_E_OK;
-}
-
-arc4_info *SECUR32_arc4Alloc(void)
-{
- arc4_info *a4i = heap_alloc(sizeof(arc4_info));
- return a4i;
-}
-
-/*
- * The arc4 code is based on dlls/advapi32/crypt_arc4.c by Mike McCormack,
- * which in turn is based on public domain code by Wei Dai
- */
-void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen)
-{
- unsigned int keyIndex = 0, stateIndex = 0;
- unsigned int i, a;
-
- TRACE("(%p, %p, %d)\n", a4i, key, keyLen);
-
- a4i->x = a4i->y = 0;
-
- for (i=0; i<256; i++)
- a4i->state[i] = i;
-
- for (i=0; i<256; i++)
- {
- a = a4i->state[i];
- stateIndex += key[keyIndex] + a;
- stateIndex &= 0xff;
- a4i->state[i] = a4i->state[stateIndex];
- a4i->state[stateIndex] = a;
- if (++keyIndex >= keyLen)
- keyIndex = 0;
- }
-
-}
-
-void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length)
-{
- BYTE *const s=a4i->state;
- unsigned int x = a4i->x;
- unsigned int y = a4i->y;
- unsigned int a, b;
-
- while(length--)
- {
- x = (x+1) & 0xff;
- a = s[x];
- y = (y+a) & 0xff;
- b = s[y];
- s[x] = b;
- s[y] = a;
- *inoutString++ ^= s[(a+b) & 0xff];
- }
-
- a4i->x = x;
- a4i->y = y;
-}
-
-void SECUR32_arc4Cleanup(arc4_info *a4i)
-{
- heap_free(a4i);
-}
--
2.30.2
More information about the wine-devel
mailing list