negotiate.c File Reference

#include <winpr/config.h>
#include <winpr/crt.h>
#include <winpr/assert.h>
#include <winpr/sspi.h>
#include <winpr/tchar.h>
#include <winpr/registry.h>
#include <winpr/build-config.h>
#include "negotiate.h"
#include "../sspi.h"
#include "../../log.h"

Macros
#define	TAG   WINPR_TAG("negotiate")

Enumerations
enum	NegState {   NOSTATE = -1, ACCEPT_COMPLETED, ACCEPT_INCOMPLETE, REJECT,   REQUEST_MIC }

Functions
void	ntlm_reset_cipher_state (PSecHandle)
static INLINE size_t	asn_tlv_length (size_t len)
static INLINE size_t	asn_contextual_length (size_t len)
static BYTE *	negotiate_write_tlv (BYTE *buf, BYTE tag, size_t len, const BYTE *value)
static BYTE *	negotiate_write_contextual_tlv (BYTE *buf, BYTE contextual, BYTE tag, size_t len, const BYTE *value)
static BYTE *	negotiate_read_tlv (BYTE *buf, BYTE *tag, size_t *len, size_t *bytes_remain)
static NEGOTIATE_CONTEXT *	negotiate_ContextNew (NEGOTIATE_CONTEXT *init_context)
static void	negotiate_ContextFree (NEGOTIATE_CONTEXT *context)
static BOOL	negotiate_oid_compare (const sspi_gss_OID_desc *oid1, const sspi_gss_OID_desc *oid2)
static const char *	negotiate_mech_name (const sspi_gss_OID_desc *oid)
static const Mech *	negotiate_GetMechByOID (sspi_gss_OID_desc oid)
static PSecHandle	negotiate_FindCredential (MechCred *creds, const Mech *mech)
static BOOL	negotiate_get_dword (HKEY hKey, const char *subkey, DWORD *pdwValue)
static BOOL	negotiate_get_config (BOOL *kerberos, BOOL *ntlm)
static BOOL	negotiate_write_neg_token (PSecBuffer output_buffer, NegToken *token)
static BOOL	negotiate_read_neg_token (PSecBuffer input, NegToken *token)
static SECURITY_STATUS	negotiate_mic_exchange (NEGOTIATE_CONTEXT *context, NegToken *input_token, NegToken *output_token, PSecBuffer output_buffer)
static SECURITY_STATUS SEC_ENTRY	negotiate_InitializeSecurityContextW (PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY	negotiate_InitializeSecurityContextA (PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR *pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY	negotiate_AcceptSecurityContext (PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp)
static SECURITY_STATUS SEC_ENTRY	negotiate_CompleteAuthToken (PCtxtHandle phContext, PSecBufferDesc pToken)
static SECURITY_STATUS SEC_ENTRY	negotiate_DeleteSecurityContext (PCtxtHandle phContext)
static SECURITY_STATUS SEC_ENTRY	negotiate_ImpersonateSecurityContext (PCtxtHandle phContext)
static SECURITY_STATUS SEC_ENTRY	negotiate_RevertSecurityContext (PCtxtHandle phContext)
static SECURITY_STATUS SEC_ENTRY	negotiate_QueryContextAttributesW (PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY	negotiate_QueryContextAttributesA (PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY	negotiate_SetContextAttributesW (PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer, ULONG cbBuffer)
static SECURITY_STATUS SEC_ENTRY	negotiate_SetContextAttributesA (PCtxtHandle phContext, ULONG ulAttribute, void *pBuffer, ULONG cbBuffer)
static SECURITY_STATUS SEC_ENTRY	negotiate_AcquireCredentialsHandleW (SEC_WCHAR *pszPrincipal, SEC_WCHAR *pszPackage, ULONG fCredentialUse, void *pvLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY	negotiate_AcquireCredentialsHandleA (SEC_CHAR *pszPrincipal, SEC_CHAR *pszPackage, ULONG fCredentialUse, void *pvLogonID, void *pAuthData, SEC_GET_KEY_FN pGetKeyFn, void *pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry)
static SECURITY_STATUS SEC_ENTRY	negotiate_QueryCredentialsAttributesW (PCredHandle phCredential, ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY	negotiate_QueryCredentialsAttributesA (PCredHandle phCredential, ULONG ulAttribute, void *pBuffer)
static SECURITY_STATUS SEC_ENTRY	negotiate_FreeCredentialsHandle (PCredHandle phCredential)
static SECURITY_STATUS SEC_ENTRY	negotiate_EncryptMessage (PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
static SECURITY_STATUS SEC_ENTRY	negotiate_DecryptMessage (PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG *pfQOP)
static SECURITY_STATUS SEC_ENTRY	negotiate_MakeSignature (PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo)
static SECURITY_STATUS SEC_ENTRY	negotiate_VerifySignature (PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, ULONG *pfQOP)

Variables
static const char	NEGO_REG_KEY []
const SecurityFunctionTableA	NTLM_SecurityFunctionTableA
const SecurityFunctionTableW	NTLM_SecurityFunctionTableW
const SecurityFunctionTableA	KERBEROS_SecurityFunctionTableA
const SecurityFunctionTableW	KERBEROS_SecurityFunctionTableW
const SecPkgInfoA	NEGOTIATE_SecPkgInfoA
static WCHAR	NEGOTIATE_SecPkgInfoW_Name [] = { 'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', '\0' }
static WCHAR	NEGOTIATE_SecPkgInfoW_Comment []
const SecPkgInfoW	NEGOTIATE_SecPkgInfoW
static const sspi_gss_OID_desc	spnego_OID = { 6, "\x2b\x06\x01\x05\x05\x02" }
static const sspi_gss_OID_desc	kerberos_OID = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }
static const sspi_gss_OID_desc	kerberos_wrong_OID = { 9, "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02" }
static const sspi_gss_OID_desc	ntlm_OID = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" }
static const SecPkg	SecPkgTable []
static const Mech	MechTable []
static const size_t	MECH_COUNT = sizeof(MechTable) / sizeof(Mech)
const SecurityFunctionTableA	NEGOTIATE_SecurityFunctionTableA
const SecurityFunctionTableW	NEGOTIATE_SecurityFunctionTableW

Macro Definition Documentation

TAG

#define TAG   WINPR_TAG("negotiate")

WinPR: Windows Portable Runtime Negotiate Security Package

Copyright 2011-2014 Marc-Andre Moreau marca.nosp@m.ndre.nosp@m..more.nosp@m.au@g.nosp@m.mail..nosp@m.com Copyright 2017 Dorian Ducournau doria.nosp@m.n.du.nosp@m.courn.nosp@m.au@g.nosp@m.mail..nosp@m.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Enumeration Type Documentation

NegState

enum NegState

Enumerator
NOSTATE
ACCEPT_COMPLETED
ACCEPT_INCOMPLETE
REJECT
REQUEST_MIC

Function Documentation

asn_contextual_length()

static INLINE size_t asn_contextual_length ( size_t  len )

static

Here is the call graph for this function:

Here is the caller graph for this function:

asn_tlv_length()

static INLINE size_t asn_tlv_length ( size_t  len )

static

Here is the caller graph for this function:

negotiate_AcceptSecurityContext()

static SECURITY_STATUS SEC_ENTRY negotiate_AcceptSecurityContext ( PCredHandle  phCredential, PCtxtHandle  phContext, PSecBufferDesc  pInput, ULONG  fContextReq, ULONG  TargetDataRep, PCtxtHandle  phNewContext, PSecBufferDesc  pOutput, PULONG  pfContextAttr, PTimeStamp  ptsTimeStamp  )

static

Here is the call graph for this function:

negotiate_AcquireCredentialsHandleA()

static SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleA ( SEC_CHAR *  pszPrincipal, SEC_CHAR *  pszPackage, ULONG  fCredentialUse, void *  pvLogonID, void *  pAuthData, SEC_GET_KEY_FN  pGetKeyFn, void *  pvGetKeyArgument, PCredHandle  phCredential, PTimeStamp  ptsExpiry  )

static

Here is the call graph for this function:

negotiate_AcquireCredentialsHandleW()

static SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW ( SEC_WCHAR *  pszPrincipal, SEC_WCHAR *  pszPackage, ULONG  fCredentialUse, void *  pvLogonID, void *  pAuthData, SEC_GET_KEY_FN  pGetKeyFn, void *  pvGetKeyArgument, PCredHandle  phCredential, PTimeStamp  ptsExpiry  )

static

Here is the call graph for this function:

negotiate_CompleteAuthToken()

static SECURITY_STATUS SEC_ENTRY negotiate_CompleteAuthToken ( PCtxtHandle  phContext, PSecBufferDesc  pToken  )

static

Here is the call graph for this function:

negotiate_ContextFree()

static void negotiate_ContextFree ( NEGOTIATE_CONTEXT *  context )

static

Here is the caller graph for this function:

negotiate_ContextNew()

static NEGOTIATE_CONTEXT* negotiate_ContextNew ( NEGOTIATE_CONTEXT *  init_context )

static

Here is the caller graph for this function:

negotiate_DecryptMessage()

static SECURITY_STATUS SEC_ENTRY negotiate_DecryptMessage ( PCtxtHandle  phContext, PSecBufferDesc  pMessage, ULONG  MessageSeqNo, ULONG *  pfQOP  )

static

Here is the call graph for this function:

negotiate_DeleteSecurityContext()

static SECURITY_STATUS SEC_ENTRY negotiate_DeleteSecurityContext ( PCtxtHandle  phContext )

static

Here is the call graph for this function:

negotiate_EncryptMessage()

static SECURITY_STATUS SEC_ENTRY negotiate_EncryptMessage ( PCtxtHandle  phContext, ULONG  fQOP, PSecBufferDesc  pMessage, ULONG  MessageSeqNo  )

static

Here is the call graph for this function:

negotiate_FindCredential()

static PSecHandle negotiate_FindCredential ( MechCred *  creds, const Mech *  mech  )

static

Here is the caller graph for this function:

negotiate_FreeCredentialsHandle()

static SECURITY_STATUS SEC_ENTRY negotiate_FreeCredentialsHandle ( PCredHandle  phCredential )

static

Here is the call graph for this function:

negotiate_get_config()

static BOOL negotiate_get_config ( BOOL *  kerberos, BOOL *  ntlm  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_get_dword()

static BOOL negotiate_get_dword ( HKEY  hKey, const char *  subkey, DWORD *  pdwValue  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_GetMechByOID()

static const Mech* negotiate_GetMechByOID ( sspi_gss_OID_desc  oid )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_ImpersonateSecurityContext()

static SECURITY_STATUS SEC_ENTRY negotiate_ImpersonateSecurityContext ( PCtxtHandle  phContext )

static

negotiate_InitializeSecurityContextA()

static SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextA ( PCredHandle  phCredential, PCtxtHandle  phContext, SEC_CHAR *  pszTargetName, ULONG  fContextReq, ULONG  Reserved1, ULONG  TargetDataRep, PSecBufferDesc  pInput, ULONG  Reserved2, PCtxtHandle  phNewContext, PSecBufferDesc  pOutput, PULONG  pfContextAttr, PTimeStamp  ptsExpiry  )

static

Here is the call graph for this function:

negotiate_InitializeSecurityContextW()

static SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW ( PCredHandle  phCredential, PCtxtHandle  phContext, SEC_WCHAR *  pszTargetName, ULONG  fContextReq, ULONG  Reserved1, ULONG  TargetDataRep, PSecBufferDesc  pInput, ULONG  Reserved2, PCtxtHandle  phNewContext, PSecBufferDesc  pOutput, PULONG  pfContextAttr, PTimeStamp  ptsExpiry  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_MakeSignature()

static SECURITY_STATUS SEC_ENTRY negotiate_MakeSignature ( PCtxtHandle  phContext, ULONG  fQOP, PSecBufferDesc  pMessage, ULONG  MessageSeqNo  )

static

Here is the call graph for this function:

negotiate_mech_name()

static const char* negotiate_mech_name ( const sspi_gss_OID_desc *  oid )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_mic_exchange()

static SECURITY_STATUS negotiate_mic_exchange ( NEGOTIATE_CONTEXT *  context, NegToken *  input_token, NegToken *  output_token, PSecBuffer  output_buffer  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_oid_compare()

static BOOL negotiate_oid_compare ( const sspi_gss_OID_desc *  oid1, const sspi_gss_OID_desc *  oid2  )

static

Here is the caller graph for this function:

negotiate_QueryContextAttributesA()

static SECURITY_STATUS SEC_ENTRY negotiate_QueryContextAttributesA ( PCtxtHandle  phContext, ULONG  ulAttribute, void *  pBuffer  )

static

Here is the call graph for this function:

negotiate_QueryContextAttributesW()

static SECURITY_STATUS SEC_ENTRY negotiate_QueryContextAttributesW ( PCtxtHandle  phContext, ULONG  ulAttribute, void *  pBuffer  )

static

Here is the call graph for this function:

negotiate_QueryCredentialsAttributesA()

static SECURITY_STATUS SEC_ENTRY negotiate_QueryCredentialsAttributesA ( PCredHandle  phCredential, ULONG  ulAttribute, void *  pBuffer  )

static

negotiate_QueryCredentialsAttributesW()

static SECURITY_STATUS SEC_ENTRY negotiate_QueryCredentialsAttributesW ( PCredHandle  phCredential, ULONG  ulAttribute, void *  pBuffer  )

static

negotiate_read_neg_token()

static BOOL negotiate_read_neg_token ( PSecBuffer  input, NegToken *  token  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_read_tlv()

static BYTE* negotiate_read_tlv ( BYTE *  buf, BYTE *  tag, size_t *  len, size_t *  bytes_remain  )

static

Here is the caller graph for this function:

negotiate_RevertSecurityContext()

static SECURITY_STATUS SEC_ENTRY negotiate_RevertSecurityContext ( PCtxtHandle  phContext )

static

negotiate_SetContextAttributesA()

static SECURITY_STATUS SEC_ENTRY negotiate_SetContextAttributesA ( PCtxtHandle  phContext, ULONG  ulAttribute, void *  pBuffer, ULONG  cbBuffer  )

static

Here is the call graph for this function:

negotiate_SetContextAttributesW()

static SECURITY_STATUS SEC_ENTRY negotiate_SetContextAttributesW ( PCtxtHandle  phContext, ULONG  ulAttribute, void *  pBuffer, ULONG  cbBuffer  )

static

Here is the call graph for this function:

negotiate_VerifySignature()

static SECURITY_STATUS SEC_ENTRY negotiate_VerifySignature ( PCtxtHandle  phContext, PSecBufferDesc  pMessage, ULONG  MessageSeqNo, ULONG *  pfQOP  )

static

Here is the call graph for this function:

negotiate_write_contextual_tlv()

static BYTE* negotiate_write_contextual_tlv ( BYTE *  buf, BYTE  contextual, BYTE  tag, size_t  len, const BYTE *  value  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_write_neg_token()

static BOOL negotiate_write_neg_token ( PSecBuffer  output_buffer, NegToken *  token  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

negotiate_write_tlv()

static BYTE* negotiate_write_tlv ( BYTE *  buf, BYTE  tag, size_t  len, const BYTE *  value  )

static

Here is the call graph for this function:

Here is the caller graph for this function:

ntlm_reset_cipher_state()

void ntlm_reset_cipher_state

(

PSecHandle

)

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

kerberos_OID

const sspi_gss_OID_desc kerberos_OID = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }

static

KERBEROS_SecurityFunctionTableA

const SecurityFunctionTableA KERBEROS_SecurityFunctionTableA

KERBEROS_SecurityFunctionTableW

const SecurityFunctionTableW KERBEROS_SecurityFunctionTableW

kerberos_wrong_OID

const sspi_gss_OID_desc kerberos_wrong_OID = { 9, "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02" }

static

MECH_COUNT

const size_t MECH_COUNT = sizeof(MechTable) / sizeof(Mech)

static

MechTable

const Mech MechTable[]

static

Initial value:

= {
        { &kerberos_OID, &SecPkgTable[0], 0, TRUE },
        { &ntlm_OID, &SecPkgTable[1], 0, FALSE },
}

NEGO_REG_KEY

const char NEGO_REG_KEY[]

static

Initial value:

=
    "Software\\" WINPR_VENDOR_STRING "\\" WINPR_PRODUCT_STRING "\\SSPI\\Negotiate"

NEGOTIATE_SecPkgInfoA

const SecPkgInfoA NEGOTIATE_SecPkgInfoA

Initial value:

= {
        0x00083BB3,                    
        1,                             
        0x0009,                        
        0x00002FE0,                    
        "Negotiate",                   
        "Microsoft Package Negotiator" 
}

NEGOTIATE_SecPkgInfoW

const SecPkgInfoW NEGOTIATE_SecPkgInfoW

Initial value:

= {
        0x00083BB3,                   
        1,                            
        0x0009,                       
        0x00002FE0,                   
        NEGOTIATE_SecPkgInfoW_Name,   
        NEGOTIATE_SecPkgInfoW_Comment 
}

NEGOTIATE_SecPkgInfoW_Comment

WCHAR NEGOTIATE_SecPkgInfoW_Comment[]

static

Initial value:

= { 'M', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', ' ',
                                                     'P', 'a', 'c', 'k', 'a', 'g', 'e', ' ', 'N', 'e',
                                                     'g', 'o', 't', 'i', 'a', 't', 'o', 'r', '\0' }

NEGOTIATE_SecPkgInfoW_Name

WCHAR NEGOTIATE_SecPkgInfoW_Name[] = { 'N', 'e', 'g', 'o', 't', 'i', 'a', 't', 'e', '\0' }

static

NEGOTIATE_SecurityFunctionTableA

const SecurityFunctionTableA NEGOTIATE_SecurityFunctionTableA

Initial value:

= {
        1,                                     
        NULL,                                  
        negotiate_QueryCredentialsAttributesA, 
        negotiate_AcquireCredentialsHandleA,   
        negotiate_FreeCredentialsHandle,       
        NULL,                                  
        negotiate_InitializeSecurityContextA,  
        negotiate_AcceptSecurityContext,       
        negotiate_CompleteAuthToken,           
        negotiate_DeleteSecurityContext,       
        NULL,                                  
        negotiate_QueryContextAttributesA,     
        negotiate_ImpersonateSecurityContext,  
        negotiate_RevertSecurityContext,       
        negotiate_MakeSignature,               
        negotiate_VerifySignature,             
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        negotiate_EncryptMessage,              
        negotiate_DecryptMessage,              
        negotiate_SetContextAttributesA,       
}

NEGOTIATE_SecurityFunctionTableW

const SecurityFunctionTableW NEGOTIATE_SecurityFunctionTableW

Initial value:

= {
        1,                                     
        NULL,                                  
        negotiate_QueryCredentialsAttributesW, 
        negotiate_AcquireCredentialsHandleW,   
        negotiate_FreeCredentialsHandle,       
        NULL,                                  
        negotiate_InitializeSecurityContextW,  
        negotiate_AcceptSecurityContext,       
        negotiate_CompleteAuthToken,           
        negotiate_DeleteSecurityContext,       
        NULL,                                  
        negotiate_QueryContextAttributesW,     
        negotiate_ImpersonateSecurityContext,  
        negotiate_RevertSecurityContext,       
        negotiate_MakeSignature,               
        negotiate_VerifySignature,             
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        NULL,                                  
        negotiate_EncryptMessage,              
        negotiate_DecryptMessage,              
        negotiate_SetContextAttributesW,       
}

ntlm_OID

const sspi_gss_OID_desc ntlm_OID = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" }

static

NTLM_SecurityFunctionTableA

const SecurityFunctionTableA NTLM_SecurityFunctionTableA

NTLM_SecurityFunctionTableW

const SecurityFunctionTableW NTLM_SecurityFunctionTableW

SecPkgTable

const SecPkg SecPkgTable[]

static

Initial value:

= {
        { KERBEROS_SSP_NAME, &KERBEROS_SecurityFunctionTableA, &KERBEROS_SecurityFunctionTableW },
        { NTLM_SSP_NAME, &NTLM_SecurityFunctionTableA, &NTLM_SecurityFunctionTableW }
}

spnego_OID

const sspi_gss_OID_desc spnego_OID = { 6, "\x2b\x06\x01\x05\x05\x02" }

static