ntlm_av_pairs.c

 
#include <winpr/config.h>
 
#include <winpr/assert.h>
 
#include "ntlm.h"
#include "../sspi.h"
 
#include <winpr/crt.h>
#include <winpr/print.h>
#include <winpr/sysinfo.h>
#include <winpr/tchar.h>
#include <winpr/crypto.h>
 
#include "ntlm_compute.h"
 
#include "ntlm_av_pairs.h"
 
#include "../../log.h"
#define TAG WINPR_TAG("sspi.NTLM")
 
static BOOL ntlm_av_pair_get_next_offset(const NTLM_AV_PAIR* pAvPair, size_t size, size_t* pOffset);
 
static BOOL ntlm_av_pair_check_data(const NTLM_AV_PAIR* pAvPair, size_t cbAvPair, size_t size)
{
  size_t offset = 0;
  if (!pAvPair || cbAvPair < sizeof(NTLM_AV_PAIR) + size)
    return FALSE;
  if (!ntlm_av_pair_get_next_offset(pAvPair, cbAvPair, &offset))
    return FALSE;
  return cbAvPair >= offset;
}
 
static const char* get_av_pair_string(UINT16 pair)
{
  switch (pair)
  {
    case MsvAvEOL:
      return "MsvAvEOL";
    case MsvAvNbComputerName:
      return "MsvAvNbComputerName";
    case MsvAvNbDomainName:
      return "MsvAvNbDomainName";
    case MsvAvDnsComputerName:
      return "MsvAvDnsComputerName";
    case MsvAvDnsDomainName:
      return "MsvAvDnsDomainName";
    case MsvAvDnsTreeName:
      return "MsvAvDnsTreeName";
    case MsvAvFlags:
      return "MsvAvFlags";
    case MsvAvTimestamp:
      return "MsvAvTimestamp";
    case MsvAvSingleHost:
      return "MsvAvSingleHost";
    case MsvAvTargetName:
      return "MsvAvTargetName";
    case MsvAvChannelBindings:
      return "MsvAvChannelBindings";
    default:
      return "UNKNOWN";
  }
}
 
static BOOL ntlm_av_pair_check(const NTLM_AV_PAIR* pAvPair, size_t cbAvPair);
static NTLM_AV_PAIR* ntlm_av_pair_next(NTLM_AV_PAIR* pAvPairList, size_t* pcbAvPairList);
 
static INLINE void ntlm_av_pair_set_id(NTLM_AV_PAIR* pAvPair, UINT16 id)
{
  WINPR_ASSERT(pAvPair);
  winpr_Data_Write_UINT16(&pAvPair->AvId, id);
}
 
static INLINE void ntlm_av_pair_set_len(NTLM_AV_PAIR* pAvPair, UINT16 len)
{
  WINPR_ASSERT(pAvPair);
  winpr_Data_Write_UINT16(&pAvPair->AvLen, len);
}
 
static BOOL ntlm_av_pair_list_init(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList)
{
  NTLM_AV_PAIR* pAvPair = pAvPairList;
 
  if (!pAvPair || (cbAvPairList < sizeof(NTLM_AV_PAIR)))
    return FALSE;
 
  ntlm_av_pair_set_id(pAvPair, MsvAvEOL);
  ntlm_av_pair_set_len(pAvPair, 0);
  return TRUE;
}
 
static INLINE BOOL ntlm_av_pair_get_id(const NTLM_AV_PAIR* pAvPair, size_t size, UINT16* pair)
{
  if (!pAvPair || !pair)
    return FALSE;
 
  if (size < sizeof(NTLM_AV_PAIR))
    return FALSE;
 
  const UINT16 AvId = winpr_Data_Get_UINT16(&pAvPair->AvId);
 
  *pair = AvId;
  return TRUE;
}
 
ULONG ntlm_av_pair_list_length(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList)
{
  size_t cbAvPair = 0;
  NTLM_AV_PAIR* pAvPair = NULL;
 
  pAvPair = ntlm_av_pair_get(pAvPairList, cbAvPairList, MsvAvEOL, &cbAvPair);
  if (!pAvPair)
    return 0;
 
  if (pAvPair < pAvPairList)
    return 0;
 
  const size_t size = WINPR_ASSERTING_INT_CAST(size_t, ((PBYTE)pAvPair - (PBYTE)pAvPairList)) +
                      sizeof(NTLM_AV_PAIR);
  WINPR_ASSERT(size <= UINT32_MAX);
  WINPR_ASSERT(size >= 0);
  return (ULONG)size;
}
 
static INLINE BOOL ntlm_av_pair_get_len(const NTLM_AV_PAIR* pAvPair, size_t size, size_t* pAvLen)
{
  if (!pAvPair)
    return FALSE;
 
  if (size < sizeof(NTLM_AV_PAIR))
    return FALSE;
 
  const UINT16 AvLen = winpr_Data_Get_UINT16(&pAvPair->AvLen);
 
  *pAvLen = AvLen;
  return TRUE;
}
 
#ifdef WITH_DEBUG_NTLM
void ntlm_print_av_pair_list(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList)
{
  UINT16 pair = 0;
  size_t cbAvPair = cbAvPairList;
  NTLM_AV_PAIR* pAvPair = pAvPairList;
 
  if (!ntlm_av_pair_check(pAvPair, cbAvPair))
    return;
 
  WLog_VRB(TAG, "AV_PAIRs =");
 
  while (pAvPair && ntlm_av_pair_get_id(pAvPair, cbAvPair, &pair) && (pair != MsvAvEOL))
  {
    size_t cbLen = 0;
    ntlm_av_pair_get_len(pAvPair, cbAvPair, &cbLen);
 
    WLog_VRB(TAG, "\t%s AvId: %" PRIu16 " AvLen: %" PRIu16 "", get_av_pair_string(pair), pair);
    winpr_HexDump(TAG, WLOG_TRACE, ntlm_av_pair_get_value_pointer(pAvPair), cbLen);
 
    pAvPair = ntlm_av_pair_next(pAvPair, &cbAvPair);
  }
}
#endif
 
static ULONG ntlm_av_pair_list_size(ULONG AvPairsCount, ULONG AvPairsValueLength)
{
  /* size of headers + value lengths + terminating MsvAvEOL AV_PAIR */
  return ((AvPairsCount + 1) * 4) + AvPairsValueLength;
}
 
PBYTE ntlm_av_pair_get_value_pointer(NTLM_AV_PAIR* pAvPair)
{
  WINPR_ASSERT(pAvPair);
  return (PBYTE)pAvPair + sizeof(NTLM_AV_PAIR);
}
 
static BOOL ntlm_av_pair_get_next_offset(const NTLM_AV_PAIR* pAvPair, size_t size, size_t* pOffset)
{
  size_t avLen = 0;
  if (!pOffset)
    return FALSE;
 
  if (!ntlm_av_pair_get_len(pAvPair, size, &avLen))
    return FALSE;
  *pOffset = avLen + sizeof(NTLM_AV_PAIR);
  return TRUE;
}
 
static BOOL ntlm_av_pair_check(const NTLM_AV_PAIR* pAvPair, size_t cbAvPair)
{
  return ntlm_av_pair_check_data(pAvPair, cbAvPair, 0);
}
 
static NTLM_AV_PAIR* ntlm_av_pair_next(NTLM_AV_PAIR* pAvPair, size_t* pcbAvPair)
{
  size_t offset = 0;
 
  if (!pcbAvPair)
    return NULL;
  if (!ntlm_av_pair_check(pAvPair, *pcbAvPair))
    return NULL;
 
  if (!ntlm_av_pair_get_next_offset(pAvPair, *pcbAvPair, &offset))
    return NULL;
 
  *pcbAvPair -= offset;
  return (NTLM_AV_PAIR*)((PBYTE)pAvPair + offset);
}
 
NTLM_AV_PAIR* ntlm_av_pair_get(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList, NTLM_AV_ID AvId,
                               size_t* pcbAvPairListRemaining)
{
  UINT16 id = 0;
  size_t cbAvPair = cbAvPairList;
  NTLM_AV_PAIR* pAvPair = pAvPairList;
 
  if (!ntlm_av_pair_check(pAvPair, cbAvPair))
    pAvPair = NULL;
 
  while (pAvPair && ntlm_av_pair_get_id(pAvPair, cbAvPair, &id))
  {
    if (id == AvId)
      break;
    if (id == MsvAvEOL)
    {
      pAvPair = NULL;
      break;
    }
 
    pAvPair = ntlm_av_pair_next(pAvPair, &cbAvPair);
  }
 
  if (!pAvPair)
    cbAvPair = 0;
  if (pcbAvPairListRemaining)
    *pcbAvPairListRemaining = cbAvPair;
 
  return pAvPair;
}
 
static BOOL ntlm_av_pair_add(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList, NTLM_AV_ID AvId,
                             PBYTE Value, UINT16 AvLen)
{
  size_t cbAvPair = 0;
  NTLM_AV_PAIR* pAvPair = NULL;
 
  pAvPair = ntlm_av_pair_get(pAvPairList, cbAvPairList, MsvAvEOL, &cbAvPair);
 
  /* size of header + value length + terminating MsvAvEOL AV_PAIR */
  if (!pAvPair || cbAvPair < 2 * sizeof(NTLM_AV_PAIR) + AvLen)
    return FALSE;
 
  ntlm_av_pair_set_id(pAvPair, (UINT16)AvId);
  ntlm_av_pair_set_len(pAvPair, AvLen);
  if (AvLen)
  {
    WINPR_ASSERT(Value != NULL);
    CopyMemory(ntlm_av_pair_get_value_pointer(pAvPair), Value, AvLen);
  }
 
  pAvPair = ntlm_av_pair_next(pAvPair, &cbAvPair);
  return ntlm_av_pair_list_init(pAvPair, cbAvPair);
}
 
static BOOL ntlm_av_pair_add_copy(NTLM_AV_PAIR* pAvPairList, size_t cbAvPairList,
                                  NTLM_AV_PAIR* pAvPair, size_t cbAvPair)
{
  UINT16 pair = 0;
  size_t avLen = 0;
 
  if (!ntlm_av_pair_check(pAvPair, cbAvPair))
    return FALSE;
 
  if (!ntlm_av_pair_get_id(pAvPair, cbAvPair, &pair))
    return FALSE;
 
  if (!ntlm_av_pair_get_len(pAvPair, cbAvPair, &avLen))
    return FALSE;
 
  WINPR_ASSERT(avLen <= UINT16_MAX);
  return ntlm_av_pair_add(pAvPairList, cbAvPairList, pair,
                          ntlm_av_pair_get_value_pointer(pAvPair), (UINT16)avLen);
}
 
static char* get_name(COMPUTER_NAME_FORMAT type)
{
  DWORD nSize = 0;
 
  if (GetComputerNameExA(type, NULL, &nSize))
    return NULL;
 
  if (GetLastError() != ERROR_MORE_DATA)
    return NULL;
 
  char* computerName = calloc(1, nSize);
 
  if (!computerName)
    return NULL;
 
  if (!GetComputerNameExA(type, computerName, &nSize))
  {
    free(computerName);
    return NULL;
  }
 
  return computerName;
}
 
static int ntlm_get_target_computer_name(PUNICODE_STRING pName, COMPUTER_NAME_FORMAT type)
{
  int status = -1;
 
  WINPR_ASSERT(pName);
 
  char* name = get_name(ComputerNameNetBIOS);
  if (!name)
    return -1;
 
  CharUpperA(name);
 
  size_t len = 0;
  pName->Buffer = ConvertUtf8ToWCharAlloc(name, &len);
  free(name);
 
  if (!pName->Buffer || (len == 0) || (len > UINT16_MAX / sizeof(WCHAR)))
  {
    free(pName->Buffer);
    pName->Buffer = NULL;
    return status;
  }
 
  pName->Length = (USHORT)((len) * sizeof(WCHAR));
  pName->MaximumLength = pName->Length;
  return 1;
}
 
static void ntlm_free_unicode_string(PUNICODE_STRING string)
{
  if (string)
  {
    if (string->Length > 0)
    {
      free(string->Buffer);
      string->Buffer = NULL;
      string->Length = 0;
      string->MaximumLength = 0;
    }
  }
}
 
/*
typedef struct gss_channel_bindings_struct {
    OM_uint32 initiator_addrtype;
    gss_buffer_desc initiator_address;
    OM_uint32 acceptor_addrtype;
    gss_buffer_desc acceptor_address;
    gss_buffer_desc application_data;
} *gss_channel_bindings_t;
 */
 
static BOOL ntlm_md5_update_uint32_be(WINPR_DIGEST_CTX* md5, UINT32 num)
{
  BYTE be32[4];
  be32[0] = (num >> 0) & 0xFF;
  be32[1] = (num >> 8) & 0xFF;
  be32[2] = (num >> 16) & 0xFF;
  be32[3] = (num >> 24) & 0xFF;
  return winpr_Digest_Update(md5, be32, 4);
}
 
static void ntlm_compute_channel_bindings(NTLM_CONTEXT* context)
{
  WINPR_DIGEST_CTX* md5 = NULL;
  BYTE* ChannelBindingToken = NULL;
  UINT32 ChannelBindingTokenLength = 0;
  SEC_CHANNEL_BINDINGS* ChannelBindings = NULL;
 
  WINPR_ASSERT(context);
 
  ZeroMemory(context->ChannelBindingsHash, WINPR_MD5_DIGEST_LENGTH);
  ChannelBindings = context->Bindings.Bindings;
 
  if (!ChannelBindings)
    return;
 
  if (!(md5 = winpr_Digest_New()))
    return;
 
  if (!winpr_Digest_Init(md5, WINPR_MD_MD5))
    goto out;
 
  ChannelBindingTokenLength = context->Bindings.BindingsLength - sizeof(SEC_CHANNEL_BINDINGS);
  ChannelBindingToken = &((BYTE*)ChannelBindings)[ChannelBindings->dwApplicationDataOffset];
 
  if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->dwInitiatorAddrType))
    goto out;
 
  if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->cbInitiatorLength))
    goto out;
 
  if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->dwAcceptorAddrType))
    goto out;
 
  if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->cbAcceptorLength))
    goto out;
 
  if (!ntlm_md5_update_uint32_be(md5, ChannelBindings->cbApplicationDataLength))
    goto out;
 
  if (!winpr_Digest_Update(md5, (void*)ChannelBindingToken, ChannelBindingTokenLength))
    goto out;
 
  if (!winpr_Digest_Final(md5, context->ChannelBindingsHash, WINPR_MD5_DIGEST_LENGTH))
    goto out;
 
out:
  winpr_Digest_Free(md5);
}
 
static void ntlm_compute_single_host_data(NTLM_CONTEXT* context)
{
  WINPR_ASSERT(context);
  winpr_Data_Write_UINT32(&context->SingleHostData.Size, 48);
  winpr_Data_Write_UINT32(&context->SingleHostData.Z4, 0);
  winpr_Data_Write_UINT32(&context->SingleHostData.DataPresent, 1);
  winpr_Data_Write_UINT32(&context->SingleHostData.CustomData, SECURITY_MANDATORY_MEDIUM_RID);
  FillMemory(context->SingleHostData.MachineID, 32, 0xAA);
}
 
BOOL ntlm_construct_challenge_target_info(NTLM_CONTEXT* context)
{
  BOOL rc = FALSE;
  ULONG length = 0;
  ULONG AvPairsCount = 0;
  ULONG AvPairsLength = 0;
  NTLM_AV_PAIR* pAvPairList = NULL;
  size_t cbAvPairList = 0;
  UNICODE_STRING NbDomainName = { 0 };
  UNICODE_STRING NbComputerName = { 0 };
  UNICODE_STRING DnsDomainName = { 0 };
  UNICODE_STRING DnsComputerName = { 0 };
 
  WINPR_ASSERT(context);
 
  if (ntlm_get_target_computer_name(&NbDomainName, ComputerNameNetBIOS) < 0)
    goto fail;
 
  NbComputerName.Buffer = NULL;
 
  if (ntlm_get_target_computer_name(&NbComputerName, ComputerNameNetBIOS) < 0)
    goto fail;
 
  DnsDomainName.Buffer = NULL;
 
  if (ntlm_get_target_computer_name(&DnsDomainName, ComputerNameDnsDomain) < 0)
    goto fail;
 
  DnsComputerName.Buffer = NULL;
 
  if (ntlm_get_target_computer_name(&DnsComputerName, ComputerNameDnsHostname) < 0)
    goto fail;
 
  AvPairsCount = 5;
  AvPairsLength = NbDomainName.Length + NbComputerName.Length + DnsDomainName.Length +
                  DnsComputerName.Length + 8;
  length = ntlm_av_pair_list_size(AvPairsCount, AvPairsLength);
 
  if (!sspi_SecBufferAlloc(&context->ChallengeTargetInfo, length))
    goto fail;
 
  pAvPairList = (NTLM_AV_PAIR*)context->ChallengeTargetInfo.pvBuffer;
  cbAvPairList = context->ChallengeTargetInfo.cbBuffer;
 
  if (!ntlm_av_pair_list_init(pAvPairList, cbAvPairList))
    goto fail;
 
  if (!ntlm_av_pair_add(pAvPairList, cbAvPairList, MsvAvNbDomainName, (PBYTE)NbDomainName.Buffer,
                        NbDomainName.Length))
    goto fail;
 
  if (!ntlm_av_pair_add(pAvPairList, cbAvPairList, MsvAvNbComputerName,
                        (PBYTE)NbComputerName.Buffer, NbComputerName.Length))
    goto fail;
 
  if (!ntlm_av_pair_add(pAvPairList, cbAvPairList, MsvAvDnsDomainName,
                        (PBYTE)DnsDomainName.Buffer, DnsDomainName.Length))
    goto fail;
 
  if (!ntlm_av_pair_add(pAvPairList, cbAvPairList, MsvAvDnsComputerName,
                        (PBYTE)DnsComputerName.Buffer, DnsComputerName.Length))
    goto fail;
 
  if (!ntlm_av_pair_add(pAvPairList, cbAvPairList, MsvAvTimestamp, context->Timestamp,
                        sizeof(context->Timestamp)))
    goto fail;
 
  rc = TRUE;
fail:
  ntlm_free_unicode_string(&NbDomainName);
  ntlm_free_unicode_string(&NbComputerName);
  ntlm_free_unicode_string(&DnsDomainName);
  ntlm_free_unicode_string(&DnsComputerName);
  return rc;
}
 
BOOL ntlm_construct_authenticate_target_info(NTLM_CONTEXT* context)
{
  ULONG size = 0;
  ULONG AvPairsCount = 0;
  ULONG AvPairsValueLength = 0;
  NTLM_AV_PAIR* AvTimestamp = NULL;
  NTLM_AV_PAIR* AvNbDomainName = NULL;
  NTLM_AV_PAIR* AvNbComputerName = NULL;
  NTLM_AV_PAIR* AvDnsDomainName = NULL;
  NTLM_AV_PAIR* AvDnsComputerName = NULL;
  NTLM_AV_PAIR* AvDnsTreeName = NULL;
  NTLM_AV_PAIR* ChallengeTargetInfo = NULL;
  NTLM_AV_PAIR* AuthenticateTargetInfo = NULL;
  size_t cbAvTimestamp = 0;
  size_t cbAvNbDomainName = 0;
  size_t cbAvNbComputerName = 0;
  size_t cbAvDnsDomainName = 0;
  size_t cbAvDnsComputerName = 0;
  size_t cbAvDnsTreeName = 0;
  size_t cbChallengeTargetInfo = 0;
  size_t cbAuthenticateTargetInfo = 0;
 
  WINPR_ASSERT(context);
 
  AvPairsCount = 1;
  AvPairsValueLength = 0;
  ChallengeTargetInfo = (NTLM_AV_PAIR*)context->ChallengeTargetInfo.pvBuffer;
  cbChallengeTargetInfo = context->ChallengeTargetInfo.cbBuffer;
  AvNbDomainName = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo, MsvAvNbDomainName,
                                    &cbAvNbDomainName);
  AvNbComputerName = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo,
                                      MsvAvNbComputerName, &cbAvNbComputerName);
  AvDnsDomainName = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo,
                                     MsvAvDnsDomainName, &cbAvDnsDomainName);
  AvDnsComputerName = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo,
                                       MsvAvDnsComputerName, &cbAvDnsComputerName);
  AvDnsTreeName = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo, MsvAvDnsTreeName,
                                   &cbAvDnsTreeName);
  AvTimestamp = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo, MsvAvTimestamp,
                                 &cbAvTimestamp);
 
  if (AvNbDomainName)
  {
    size_t avLen = 0;
    if (!ntlm_av_pair_get_len(AvNbDomainName, cbAvNbDomainName, &avLen))
      goto fail;
    AvPairsCount++; /* MsvAvNbDomainName */
    AvPairsValueLength += avLen;
  }
 
  if (AvNbComputerName)
  {
    size_t avLen = 0;
    if (!ntlm_av_pair_get_len(AvNbComputerName, cbAvNbComputerName, &avLen))
      goto fail;
    AvPairsCount++; /* MsvAvNbComputerName */
    AvPairsValueLength += avLen;
  }
 
  if (AvDnsDomainName)
  {
    size_t avLen = 0;
    if (!ntlm_av_pair_get_len(AvDnsDomainName, cbAvDnsDomainName, &avLen))
      goto fail;
    AvPairsCount++; /* MsvAvDnsDomainName */
    AvPairsValueLength += avLen;
  }
 
  if (AvDnsComputerName)
  {
    size_t avLen = 0;
    if (!ntlm_av_pair_get_len(AvDnsComputerName, cbAvDnsComputerName, &avLen))
      goto fail;
    AvPairsCount++; /* MsvAvDnsComputerName */
    AvPairsValueLength += avLen;
  }
 
  if (AvDnsTreeName)
  {
    size_t avLen = 0;
    if (!ntlm_av_pair_get_len(AvDnsTreeName, cbAvDnsTreeName, &avLen))
      goto fail;
    AvPairsCount++; /* MsvAvDnsTreeName */
    AvPairsValueLength += avLen;
  }
 
  AvPairsCount++; /* MsvAvTimestamp */
  AvPairsValueLength += 8;
 
  if (context->UseMIC)
  {
    AvPairsCount++; /* MsvAvFlags */
    AvPairsValueLength += 4;
  }
 
  if (context->SendSingleHostData)
  {
    AvPairsCount++; /* MsvAvSingleHost */
    ntlm_compute_single_host_data(context);
    AvPairsValueLength += context->SingleHostData.Size;
  }
 
  if (!context->SuppressExtendedProtection)
  {
    AvPairsCount++; /* MsvAvChannelBindings */
    AvPairsValueLength += 16;
    ntlm_compute_channel_bindings(context);
 
    if (context->ServicePrincipalName.Length > 0)
    {
      AvPairsCount++; /* MsvAvTargetName */
      AvPairsValueLength += context->ServicePrincipalName.Length;
    }
  }
 
  size = ntlm_av_pair_list_size(AvPairsCount, AvPairsValueLength);
 
  if (context->NTLMv2)
    size += 8; /* unknown 8-byte padding */
 
  if (!sspi_SecBufferAlloc(&context->AuthenticateTargetInfo, size))
    goto fail;
 
  AuthenticateTargetInfo = (NTLM_AV_PAIR*)context->AuthenticateTargetInfo.pvBuffer;
  cbAuthenticateTargetInfo = context->AuthenticateTargetInfo.cbBuffer;
 
  if (!ntlm_av_pair_list_init(AuthenticateTargetInfo, cbAuthenticateTargetInfo))
    goto fail;
 
  if (AvNbDomainName)
  {
    if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvNbDomainName,
                               cbAvNbDomainName))
      goto fail;
  }
 
  if (AvNbComputerName)
  {
    if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
                               AvNbComputerName, cbAvNbComputerName))
      goto fail;
  }
 
  if (AvDnsDomainName)
  {
    if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
                               AvDnsDomainName, cbAvDnsDomainName))
      goto fail;
  }
 
  if (AvDnsComputerName)
  {
    if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
                               AvDnsComputerName, cbAvDnsComputerName))
      goto fail;
  }
 
  if (AvDnsTreeName)
  {
    if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvDnsTreeName,
                               cbAvDnsTreeName))
      goto fail;
  }
 
  if (AvTimestamp)
  {
    if (!ntlm_av_pair_add_copy(AuthenticateTargetInfo, cbAuthenticateTargetInfo, AvTimestamp,
                               cbAvTimestamp))
      goto fail;
  }
 
  if (context->UseMIC)
  {
    UINT32 flags = 0;
    winpr_Data_Write_UINT32(&flags, MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK);
 
    if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvFlags,
                          (PBYTE)&flags, 4))
      goto fail;
  }
 
  if (context->SendSingleHostData)
  {
    WINPR_ASSERT(context->SingleHostData.Size <= UINT16_MAX);
    if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvSingleHost,
                          (PBYTE)&context->SingleHostData,
                          (UINT16)context->SingleHostData.Size))
      goto fail;
  }
 
  if (!context->SuppressExtendedProtection)
  {
    if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo,
                          MsvAvChannelBindings, context->ChannelBindingsHash, 16))
      goto fail;
 
    if (context->ServicePrincipalName.Length > 0)
    {
      if (!ntlm_av_pair_add(AuthenticateTargetInfo, cbAuthenticateTargetInfo, MsvAvTargetName,
                            (PBYTE)context->ServicePrincipalName.Buffer,
                            context->ServicePrincipalName.Length))
        goto fail;
    }
  }
 
  if (context->NTLMv2)
  {
    NTLM_AV_PAIR* AvEOL = NULL;
    AvEOL = ntlm_av_pair_get(ChallengeTargetInfo, cbChallengeTargetInfo, MsvAvEOL, NULL);
 
    if (!AvEOL)
      goto fail;
 
    ZeroMemory(AvEOL, sizeof(NTLM_AV_PAIR));
  }
 
  return TRUE;
fail:
  sspi_SecBufferFree(&context->AuthenticateTargetInfo);
  return FALSE;
}