Coverage Report

Created: 2025-08-26 06:31

/src/FreeRDP/winpr/libwinpr/sspi/NTLM/ntlm.c
Line
Count
Source (jump to first uncovered line)
1
/**
2
 * WinPR: Windows Portable Runtime
3
 * NTLM Security Package
4
 *
5
 * Copyright 2011-2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6
 *
7
 * Licensed under the Apache License, Version 2.0 (the "License");
8
 * you may not use this file except in compliance with the License.
9
 * You may obtain a copy of the License at
10
 *
11
 *     http://www.apache.org/licenses/LICENSE-2.0
12
 *
13
 * Unless required by applicable law or agreed to in writing, software
14
 * distributed under the License is distributed on an "AS IS" BASIS,
15
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
 * See the License for the specific language governing permissions and
17
 * limitations under the License.
18
 */
19
20
#include <winpr/config.h>
21
22
#include <winpr/crt.h>
23
#include <winpr/assert.h>
24
#include <winpr/sspi.h>
25
#include <winpr/print.h>
26
#include <winpr/string.h>
27
#include <winpr/tchar.h>
28
#include <winpr/sysinfo.h>
29
#include <winpr/registry.h>
30
#include <winpr/endian.h>
31
#include <winpr/build-config.h>
32
33
#include "ntlm.h"
34
#include "ntlm_export.h"
35
#include "../sspi.h"
36
37
#include "ntlm_message.h"
38
39
#include "../../log.h"
40
0
#define TAG WINPR_TAG("sspi.NTLM")
41
42
0
#define WINPR_KEY "Software\\" WINPR_VENDOR_STRING "\\" WINPR_PRODUCT_STRING "\\WinPR\\NTLM"
43
44
static char* NTLM_PACKAGE_NAME = "NTLM";
45
46
0
#define check_context(ctx) check_context_((ctx), __FILE__, __func__, __LINE__)
47
static BOOL check_context_(NTLM_CONTEXT* context, const char* file, const char* fkt, size_t line)
48
0
{
49
0
  BOOL rc = TRUE;
50
0
  wLog* log = WLog_Get(TAG);
51
0
  const DWORD log_level = WLOG_ERROR;
52
53
0
  if (!context)
54
0
  {
55
0
    if (WLog_IsLevelActive(log, log_level))
56
0
      WLog_PrintTextMessage(log, log_level, line, file, fkt, "invalid context");
57
58
0
    return FALSE;
59
0
  }
60
61
0
  if (!context->RecvRc4Seal)
62
0
  {
63
0
    if (WLog_IsLevelActive(log, log_level))
64
0
      WLog_PrintTextMessage(log, log_level, line, file, fkt, "invalid context->RecvRc4Seal");
65
0
    rc = FALSE;
66
0
  }
67
0
  if (!context->SendRc4Seal)
68
0
  {
69
0
    if (WLog_IsLevelActive(log, log_level))
70
0
      WLog_PrintTextMessage(log, log_level, line, file, fkt, "invalid context->SendRc4Seal");
71
0
    rc = FALSE;
72
0
  }
73
74
0
  if (!context->SendSigningKey)
75
0
  {
76
0
    if (WLog_IsLevelActive(log, log_level))
77
0
      WLog_PrintTextMessage(log, log_level, line, file, fkt,
78
0
                            "invalid context->SendSigningKey");
79
0
    rc = FALSE;
80
0
  }
81
0
  if (!context->RecvSigningKey)
82
0
  {
83
0
    if (WLog_IsLevelActive(log, log_level))
84
0
      WLog_PrintTextMessage(log, log_level, line, file, fkt,
85
0
                            "invalid context->RecvSigningKey");
86
0
    rc = FALSE;
87
0
  }
88
0
  if (!context->SendSealingKey)
89
0
  {
90
0
    if (WLog_IsLevelActive(log, log_level))
91
0
      WLog_PrintTextMessage(log, log_level, line, file, fkt,
92
0
                            "invalid context->SendSealingKey");
93
0
    rc = FALSE;
94
0
  }
95
0
  if (!context->RecvSealingKey)
96
0
  {
97
0
    if (WLog_IsLevelActive(log, log_level))
98
0
      WLog_PrintTextMessage(log, log_level, line, file, fkt,
99
0
                            "invalid context->RecvSealingKey");
100
0
    rc = FALSE;
101
0
  }
102
0
  return rc;
103
0
}
104
105
static char* get_name(COMPUTER_NAME_FORMAT type)
106
0
{
107
0
  DWORD nSize = 0;
108
109
0
  if (GetComputerNameExA(type, NULL, &nSize))
110
0
    return NULL;
111
112
0
  if (GetLastError() != ERROR_MORE_DATA)
113
0
    return NULL;
114
115
0
  char* computerName = calloc(1, nSize);
116
117
0
  if (!computerName)
118
0
    return NULL;
119
120
0
  if (!GetComputerNameExA(type, computerName, &nSize))
121
0
  {
122
0
    free(computerName);
123
0
    return NULL;
124
0
  }
125
126
0
  return computerName;
127
0
}
128
129
static int ntlm_SetContextWorkstation(NTLM_CONTEXT* context, char* Workstation)
130
0
{
131
0
  char* ws = Workstation;
132
0
  CHAR* computerName = NULL;
133
134
0
  WINPR_ASSERT(context);
135
136
0
  if (!Workstation)
137
0
  {
138
0
    computerName = get_name(ComputerNameNetBIOS);
139
0
    if (!computerName)
140
0
      return -1;
141
0
    ws = computerName;
142
0
  }
143
144
0
  size_t len = 0;
145
0
  context->Workstation.Buffer = ConvertUtf8ToWCharAlloc(ws, &len);
146
147
0
  free(computerName);
148
149
0
  if (!context->Workstation.Buffer || (len > UINT16_MAX / sizeof(WCHAR)))
150
0
    return -1;
151
152
0
  context->Workstation.Length = (USHORT)(len * sizeof(WCHAR));
153
0
  return 1;
154
0
}
155
156
static int ntlm_SetContextServicePrincipalNameW(NTLM_CONTEXT* context, LPWSTR ServicePrincipalName)
157
0
{
158
0
  WINPR_ASSERT(context);
159
160
0
  if (!ServicePrincipalName)
161
0
  {
162
0
    context->ServicePrincipalName.Buffer = NULL;
163
0
    context->ServicePrincipalName.Length = 0;
164
0
    return 1;
165
0
  }
166
167
0
  context->ServicePrincipalName.Length = (USHORT)(_wcslen(ServicePrincipalName) * 2);
168
0
  context->ServicePrincipalName.Buffer = (PWSTR)malloc(context->ServicePrincipalName.Length + 2);
169
170
0
  if (!context->ServicePrincipalName.Buffer)
171
0
    return -1;
172
173
0
  memcpy(context->ServicePrincipalName.Buffer, ServicePrincipalName,
174
0
         context->ServicePrincipalName.Length + 2);
175
0
  return 1;
176
0
}
177
178
static int ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName)
179
0
{
180
0
  char* name = TargetName;
181
0
  DWORD nSize = 0;
182
0
  CHAR* computerName = NULL;
183
184
0
  WINPR_ASSERT(context);
185
186
0
  if (!name)
187
0
  {
188
0
    if (GetComputerNameExA(ComputerNameNetBIOS, NULL, &nSize) ||
189
0
        GetLastError() != ERROR_MORE_DATA)
190
0
      return -1;
191
192
0
    computerName = calloc(nSize, sizeof(CHAR));
193
194
0
    if (!computerName)
195
0
      return -1;
196
197
0
    if (!GetComputerNameExA(ComputerNameNetBIOS, computerName, &nSize))
198
0
    {
199
0
      free(computerName);
200
0
      return -1;
201
0
    }
202
203
0
    if (nSize > MAX_COMPUTERNAME_LENGTH)
204
0
      computerName[MAX_COMPUTERNAME_LENGTH] = '\0';
205
206
0
    name = computerName;
207
208
0
    if (!name)
209
0
      return -1;
210
211
0
    CharUpperA(name);
212
0
  }
213
214
0
  size_t len = 0;
215
0
  context->TargetName.pvBuffer = ConvertUtf8ToWCharAlloc(name, &len);
216
217
0
  if (!context->TargetName.pvBuffer || (len > UINT16_MAX / sizeof(WCHAR)))
218
0
  {
219
0
    free(context->TargetName.pvBuffer);
220
0
    context->TargetName.pvBuffer = NULL;
221
222
0
    if (!TargetName)
223
0
      free(name);
224
225
0
    return -1;
226
0
  }
227
228
0
  context->TargetName.cbBuffer = (USHORT)(len * sizeof(WCHAR));
229
230
0
  if (!TargetName)
231
0
    free(name);
232
233
0
  return 1;
234
0
}
235
236
static NTLM_CONTEXT* ntlm_ContextNew(void)
237
0
{
238
0
  HKEY hKey = 0;
239
0
  LONG status = 0;
240
0
  DWORD dwType = 0;
241
0
  DWORD dwSize = 0;
242
0
  DWORD dwValue = 0;
243
0
  NTLM_CONTEXT* context = (NTLM_CONTEXT*)calloc(1, sizeof(NTLM_CONTEXT));
244
245
0
  if (!context)
246
0
    return NULL;
247
248
0
  context->NTLMv2 = TRUE;
249
0
  context->UseMIC = FALSE;
250
0
  context->SendVersionInfo = TRUE;
251
0
  context->SendSingleHostData = FALSE;
252
0
  context->SendWorkstationName = TRUE;
253
0
  context->NegotiateKeyExchange = TRUE;
254
0
  context->UseSamFileDatabase = TRUE;
255
0
  status = RegOpenKeyExA(HKEY_LOCAL_MACHINE, WINPR_KEY, 0, KEY_READ | KEY_WOW64_64KEY, &hKey);
256
257
0
  if (status == ERROR_SUCCESS)
258
0
  {
259
0
    if (RegQueryValueEx(hKey, _T("NTLMv2"), NULL, &dwType, (BYTE*)&dwValue, &dwSize) ==
260
0
        ERROR_SUCCESS)
261
0
      context->NTLMv2 = dwValue ? 1 : 0;
262
263
0
    if (RegQueryValueEx(hKey, _T("UseMIC"), NULL, &dwType, (BYTE*)&dwValue, &dwSize) ==
264
0
        ERROR_SUCCESS)
265
0
      context->UseMIC = dwValue ? 1 : 0;
266
267
0
    if (RegQueryValueEx(hKey, _T("SendVersionInfo"), NULL, &dwType, (BYTE*)&dwValue, &dwSize) ==
268
0
        ERROR_SUCCESS)
269
0
      context->SendVersionInfo = dwValue ? 1 : 0;
270
271
0
    if (RegQueryValueEx(hKey, _T("SendSingleHostData"), NULL, &dwType, (BYTE*)&dwValue,
272
0
                        &dwSize) == ERROR_SUCCESS)
273
0
      context->SendSingleHostData = dwValue ? 1 : 0;
274
275
0
    if (RegQueryValueEx(hKey, _T("SendWorkstationName"), NULL, &dwType, (BYTE*)&dwValue,
276
0
                        &dwSize) == ERROR_SUCCESS)
277
0
      context->SendWorkstationName = dwValue ? 1 : 0;
278
279
0
    if (RegQueryValueEx(hKey, _T("WorkstationName"), NULL, &dwType, NULL, &dwSize) ==
280
0
        ERROR_SUCCESS)
281
0
    {
282
0
      char* workstation = (char*)malloc(dwSize + 1);
283
284
0
      if (!workstation)
285
0
      {
286
0
        free(context);
287
0
        return NULL;
288
0
      }
289
290
0
      status = RegQueryValueExA(hKey, "WorkstationName", NULL, &dwType, (BYTE*)workstation,
291
0
                                &dwSize);
292
0
      if (status != ERROR_SUCCESS)
293
0
        WLog_WARN(TAG, "Key ''WorkstationName' not found");
294
0
      workstation[dwSize] = '\0';
295
296
0
      if (ntlm_SetContextWorkstation(context, workstation) < 0)
297
0
      {
298
0
        free(workstation);
299
0
        free(context);
300
0
        return NULL;
301
0
      }
302
303
0
      free(workstation);
304
0
    }
305
306
0
    RegCloseKey(hKey);
307
0
  }
308
309
  /*
310
   * Extended Protection is enabled by default in Windows 7,
311
   * but enabling it in WinPR breaks TS Gateway at this point
312
   */
313
0
  context->SuppressExtendedProtection = FALSE;
314
0
  status = RegOpenKeyEx(HKEY_LOCAL_MACHINE, _T("System\\CurrentControlSet\\Control\\LSA"), 0,
315
0
                        KEY_READ | KEY_WOW64_64KEY, &hKey);
316
317
0
  if (status == ERROR_SUCCESS)
318
0
  {
319
0
    if (RegQueryValueEx(hKey, _T("SuppressExtendedProtection"), NULL, &dwType, (BYTE*)&dwValue,
320
0
                        &dwSize) == ERROR_SUCCESS)
321
0
      context->SuppressExtendedProtection = dwValue ? 1 : 0;
322
323
0
    RegCloseKey(hKey);
324
0
  }
325
326
0
  context->NegotiateFlags = 0;
327
0
  context->LmCompatibilityLevel = 3;
328
0
  ntlm_change_state(context, NTLM_STATE_INITIAL);
329
0
  FillMemory(context->MachineID, sizeof(context->MachineID), 0xAA);
330
331
0
  if (context->NTLMv2)
332
0
    context->UseMIC = TRUE;
333
334
0
  return context;
335
0
}
336
337
static void ntlm_ContextFree(NTLM_CONTEXT* context)
338
0
{
339
0
  if (!context)
340
0
    return;
341
342
0
  winpr_RC4_Free(context->SendRc4Seal);
343
0
  winpr_RC4_Free(context->RecvRc4Seal);
344
0
  sspi_SecBufferFree(&context->NegotiateMessage);
345
0
  sspi_SecBufferFree(&context->ChallengeMessage);
346
0
  sspi_SecBufferFree(&context->AuthenticateMessage);
347
0
  sspi_SecBufferFree(&context->ChallengeTargetInfo);
348
0
  sspi_SecBufferFree(&context->TargetName);
349
0
  sspi_SecBufferFree(&context->NtChallengeResponse);
350
0
  sspi_SecBufferFree(&context->LmChallengeResponse);
351
0
  free(context->ServicePrincipalName.Buffer);
352
0
  free(context->Workstation.Buffer);
353
0
  free(context);
354
0
}
355
356
static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleW(
357
    WINPR_ATTR_UNUSED SEC_WCHAR* pszPrincipal, WINPR_ATTR_UNUSED SEC_WCHAR* pszPackage,
358
    ULONG fCredentialUse, WINPR_ATTR_UNUSED void* pvLogonID, void* pAuthData,
359
    SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
360
    WINPR_ATTR_UNUSED PTimeStamp ptsExpiry)
361
0
{
362
0
  SEC_WINPR_NTLM_SETTINGS* settings = NULL;
363
364
0
  if ((fCredentialUse != SECPKG_CRED_OUTBOUND) && (fCredentialUse != SECPKG_CRED_INBOUND) &&
365
0
      (fCredentialUse != SECPKG_CRED_BOTH))
366
0
  {
367
0
    return SEC_E_INVALID_PARAMETER;
368
0
  }
369
370
0
  SSPI_CREDENTIALS* credentials = sspi_CredentialsNew();
371
372
0
  if (!credentials)
373
0
    return SEC_E_INTERNAL_ERROR;
374
375
0
  credentials->fCredentialUse = fCredentialUse;
376
0
  credentials->pGetKeyFn = pGetKeyFn;
377
0
  credentials->pvGetKeyArgument = pvGetKeyArgument;
378
379
0
  if (pAuthData)
380
0
  {
381
0
    UINT32 identityFlags = sspi_GetAuthIdentityFlags(pAuthData);
382
383
0
    sspi_CopyAuthIdentity(&(credentials->identity),
384
0
                          (const SEC_WINNT_AUTH_IDENTITY_INFO*)pAuthData);
385
386
0
    if (identityFlags & SEC_WINNT_AUTH_IDENTITY_EXTENDED)
387
0
      settings = (((SEC_WINNT_AUTH_IDENTITY_WINPR*)pAuthData)->ntlmSettings);
388
0
  }
389
390
0
  if (settings)
391
0
  {
392
0
    if (settings->samFile)
393
0
    {
394
0
      credentials->ntlmSettings.samFile = _strdup(settings->samFile);
395
0
      if (!credentials->ntlmSettings.samFile)
396
0
      {
397
0
        sspi_CredentialsFree(credentials);
398
0
        return SEC_E_INSUFFICIENT_MEMORY;
399
0
      }
400
0
    }
401
0
    credentials->ntlmSettings.hashCallback = settings->hashCallback;
402
0
    credentials->ntlmSettings.hashCallbackArg = settings->hashCallbackArg;
403
0
  }
404
405
0
  sspi_SecureHandleSetLowerPointer(phCredential, (void*)credentials);
406
0
  sspi_SecureHandleSetUpperPointer(phCredential, (void*)NTLM_PACKAGE_NAME);
407
0
  return SEC_E_OK;
408
0
}
409
410
static SECURITY_STATUS SEC_ENTRY ntlm_AcquireCredentialsHandleA(
411
    SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage, ULONG fCredentialUse, void* pvLogonID,
412
    void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PCredHandle phCredential,
413
    PTimeStamp ptsExpiry)
414
0
{
415
0
  SECURITY_STATUS status = SEC_E_INSUFFICIENT_MEMORY;
416
0
  SEC_WCHAR* principal = NULL;
417
0
  SEC_WCHAR* package = NULL;
418
419
0
  if (pszPrincipal)
420
0
  {
421
0
    principal = ConvertUtf8ToWCharAlloc(pszPrincipal, NULL);
422
0
    if (!principal)
423
0
      goto fail;
424
0
  }
425
0
  if (pszPackage)
426
0
  {
427
0
    package = ConvertUtf8ToWCharAlloc(pszPackage, NULL);
428
0
    if (!package)
429
0
      goto fail;
430
0
  }
431
432
0
  status =
433
0
      ntlm_AcquireCredentialsHandleW(principal, package, fCredentialUse, pvLogonID, pAuthData,
434
0
                                     pGetKeyFn, pvGetKeyArgument, phCredential, ptsExpiry);
435
436
0
fail:
437
0
  free(principal);
438
0
  free(package);
439
440
0
  return status;
441
0
}
442
443
static SECURITY_STATUS SEC_ENTRY ntlm_FreeCredentialsHandle(PCredHandle phCredential)
444
0
{
445
0
  if (!phCredential)
446
0
    return SEC_E_INVALID_HANDLE;
447
448
0
  SSPI_CREDENTIALS* credentials =
449
0
      (SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
450
451
0
  if (!credentials)
452
0
    return SEC_E_INVALID_HANDLE;
453
454
0
  sspi_CredentialsFree(credentials);
455
0
  return SEC_E_OK;
456
0
}
457
458
static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesW(
459
    WINPR_ATTR_UNUSED PCredHandle phCredential, WINPR_ATTR_UNUSED ULONG ulAttribute,
460
    WINPR_ATTR_UNUSED void* pBuffer)
461
0
{
462
0
  if (ulAttribute == SECPKG_CRED_ATTR_NAMES)
463
0
  {
464
0
    return SEC_E_OK;
465
0
  }
466
467
0
  WLog_ERR(TAG, "TODO: Implement");
468
0
  return SEC_E_UNSUPPORTED_FUNCTION;
469
0
}
470
471
static SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesA(PCredHandle phCredential,
472
                                                                  ULONG ulAttribute, void* pBuffer)
473
0
{
474
0
  return ntlm_QueryCredentialsAttributesW(phCredential, ulAttribute, pBuffer);
475
0
}
476
477
/**
478
 * @see http://msdn.microsoft.com/en-us/library/windows/desktop/aa374707
479
 */
480
static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
481
    PCredHandle phCredential, PCtxtHandle phContext, PSecBufferDesc pInput, ULONG fContextReq,
482
    WINPR_ATTR_UNUSED ULONG TargetDataRep, PCtxtHandle phNewContext, PSecBufferDesc pOutput,
483
    WINPR_ATTR_UNUSED PULONG pfContextAttr, WINPR_ATTR_UNUSED PTimeStamp ptsTimeStamp)
484
0
{
485
0
  SECURITY_STATUS status = 0;
486
0
  SSPI_CREDENTIALS* credentials = NULL;
487
0
  PSecBuffer input_buffer = NULL;
488
0
  PSecBuffer output_buffer = NULL;
489
490
  /* behave like windows SSPIs that don't want empty context */
491
0
  if (phContext && !phContext->dwLower && !phContext->dwUpper)
492
0
    return SEC_E_INVALID_HANDLE;
493
494
0
  NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
495
496
0
  if (!context)
497
0
  {
498
0
    context = ntlm_ContextNew();
499
500
0
    if (!context)
501
0
      return SEC_E_INSUFFICIENT_MEMORY;
502
503
0
    context->server = TRUE;
504
505
0
    if (fContextReq & ASC_REQ_CONFIDENTIALITY)
506
0
      context->confidentiality = TRUE;
507
508
0
    credentials = (SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
509
0
    context->credentials = credentials;
510
0
    context->SamFile = credentials->ntlmSettings.samFile;
511
0
    context->HashCallback = credentials->ntlmSettings.hashCallback;
512
0
    context->HashCallbackArg = credentials->ntlmSettings.hashCallbackArg;
513
514
0
    ntlm_SetContextTargetName(context, NULL);
515
0
    sspi_SecureHandleSetLowerPointer(phNewContext, context);
516
0
    sspi_SecureHandleSetUpperPointer(phNewContext, (void*)NTLM_PACKAGE_NAME);
517
0
  }
518
519
0
  switch (ntlm_get_state(context))
520
0
  {
521
0
    case NTLM_STATE_INITIAL:
522
0
    {
523
0
      ntlm_change_state(context, NTLM_STATE_NEGOTIATE);
524
525
0
      if (!pInput)
526
0
        return SEC_E_INVALID_TOKEN;
527
528
0
      if (pInput->cBuffers < 1)
529
0
        return SEC_E_INVALID_TOKEN;
530
531
0
      input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);
532
533
0
      if (!input_buffer)
534
0
        return SEC_E_INVALID_TOKEN;
535
536
0
      if (input_buffer->cbBuffer < 1)
537
0
        return SEC_E_INVALID_TOKEN;
538
539
0
      status = ntlm_read_NegotiateMessage(context, input_buffer);
540
0
      if (status != SEC_I_CONTINUE_NEEDED)
541
0
        return status;
542
543
0
      if (ntlm_get_state(context) == NTLM_STATE_CHALLENGE)
544
0
      {
545
0
        if (!pOutput)
546
0
          return SEC_E_INVALID_TOKEN;
547
548
0
        if (pOutput->cBuffers < 1)
549
0
          return SEC_E_INVALID_TOKEN;
550
551
0
        output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);
552
553
0
        if (!output_buffer->BufferType)
554
0
          return SEC_E_INVALID_TOKEN;
555
556
0
        if (output_buffer->cbBuffer < 1)
557
0
          return SEC_E_INSUFFICIENT_MEMORY;
558
559
0
        return ntlm_write_ChallengeMessage(context, output_buffer);
560
0
      }
561
562
0
      return SEC_E_OUT_OF_SEQUENCE;
563
0
    }
564
565
0
    case NTLM_STATE_AUTHENTICATE:
566
0
    {
567
0
      if (!pInput)
568
0
        return SEC_E_INVALID_TOKEN;
569
570
0
      if (pInput->cBuffers < 1)
571
0
        return SEC_E_INVALID_TOKEN;
572
573
0
      input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);
574
575
0
      if (!input_buffer)
576
0
        return SEC_E_INVALID_TOKEN;
577
578
0
      if (input_buffer->cbBuffer < 1)
579
0
        return SEC_E_INVALID_TOKEN;
580
581
0
      status = ntlm_read_AuthenticateMessage(context, input_buffer);
582
583
0
      if (pOutput)
584
0
      {
585
0
        for (ULONG i = 0; i < pOutput->cBuffers; i++)
586
0
        {
587
0
          pOutput->pBuffers[i].cbBuffer = 0;
588
0
          pOutput->pBuffers[i].BufferType = SECBUFFER_TOKEN;
589
0
        }
590
0
      }
591
592
0
      return status;
593
0
    }
594
595
0
    default:
596
0
      return SEC_E_OUT_OF_SEQUENCE;
597
0
  }
598
0
}
599
600
static SECURITY_STATUS SEC_ENTRY
601
ntlm_ImpersonateSecurityContext(WINPR_ATTR_UNUSED PCtxtHandle phContext)
602
0
{
603
0
  return SEC_E_OK;
604
0
}
605
606
static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
607
    PCredHandle phCredential, PCtxtHandle phContext, SEC_WCHAR* pszTargetName, ULONG fContextReq,
608
    WINPR_ATTR_UNUSED ULONG Reserved1, WINPR_ATTR_UNUSED ULONG TargetDataRep, PSecBufferDesc pInput,
609
    WINPR_ATTR_UNUSED ULONG Reserved2, PCtxtHandle phNewContext, PSecBufferDesc pOutput,
610
    WINPR_ATTR_UNUSED PULONG pfContextAttr, WINPR_ATTR_UNUSED PTimeStamp ptsExpiry)
611
0
{
612
0
  SECURITY_STATUS status = 0;
613
0
  SSPI_CREDENTIALS* credentials = NULL;
614
0
  PSecBuffer input_buffer = NULL;
615
0
  PSecBuffer output_buffer = NULL;
616
617
  /* behave like windows SSPIs that don't want empty context */
618
0
  if (phContext && !phContext->dwLower && !phContext->dwUpper)
619
0
    return SEC_E_INVALID_HANDLE;
620
621
0
  NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
622
623
0
  if (pInput)
624
0
  {
625
0
    input_buffer = sspi_FindSecBuffer(pInput, SECBUFFER_TOKEN);
626
0
  }
627
628
0
  if (!context)
629
0
  {
630
0
    context = ntlm_ContextNew();
631
632
0
    if (!context)
633
0
      return SEC_E_INSUFFICIENT_MEMORY;
634
635
0
    if (fContextReq & ISC_REQ_CONFIDENTIALITY)
636
0
      context->confidentiality = TRUE;
637
638
0
    credentials = (SSPI_CREDENTIALS*)sspi_SecureHandleGetLowerPointer(phCredential);
639
0
    context->credentials = credentials;
640
641
0
    if (context->Workstation.Length < 1)
642
0
    {
643
0
      if (ntlm_SetContextWorkstation(context, NULL) < 0)
644
0
      {
645
0
        ntlm_ContextFree(context);
646
0
        return SEC_E_INTERNAL_ERROR;
647
0
      }
648
0
    }
649
650
0
    if (ntlm_SetContextServicePrincipalNameW(context, pszTargetName) < 0)
651
0
    {
652
0
      ntlm_ContextFree(context);
653
0
      return SEC_E_INTERNAL_ERROR;
654
0
    }
655
656
0
    sspi_SecureHandleSetLowerPointer(phNewContext, context);
657
0
    sspi_SecureHandleSetUpperPointer(phNewContext, NTLM_SSP_NAME);
658
0
  }
659
660
0
  if ((!input_buffer) || (ntlm_get_state(context) == NTLM_STATE_AUTHENTICATE))
661
0
  {
662
0
    if (!pOutput)
663
0
      return SEC_E_INVALID_TOKEN;
664
665
0
    if (pOutput->cBuffers < 1)
666
0
      return SEC_E_INVALID_TOKEN;
667
668
0
    output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);
669
670
0
    if (!output_buffer)
671
0
      return SEC_E_INVALID_TOKEN;
672
673
0
    if (output_buffer->cbBuffer < 1)
674
0
      return SEC_E_INVALID_TOKEN;
675
676
0
    if (ntlm_get_state(context) == NTLM_STATE_INITIAL)
677
0
      ntlm_change_state(context, NTLM_STATE_NEGOTIATE);
678
679
0
    if (ntlm_get_state(context) == NTLM_STATE_NEGOTIATE)
680
0
      return ntlm_write_NegotiateMessage(context, output_buffer);
681
682
0
    return SEC_E_OUT_OF_SEQUENCE;
683
0
  }
684
0
  else
685
0
  {
686
0
    if (!input_buffer)
687
0
      return SEC_E_INVALID_TOKEN;
688
689
0
    if (input_buffer->cbBuffer < 1)
690
0
      return SEC_E_INVALID_TOKEN;
691
692
0
    PSecBuffer channel_bindings = sspi_FindSecBuffer(pInput, SECBUFFER_CHANNEL_BINDINGS);
693
694
0
    if (channel_bindings)
695
0
    {
696
0
      context->Bindings.BindingsLength = channel_bindings->cbBuffer;
697
0
      context->Bindings.Bindings = (SEC_CHANNEL_BINDINGS*)channel_bindings->pvBuffer;
698
0
    }
699
700
0
    if (ntlm_get_state(context) == NTLM_STATE_CHALLENGE)
701
0
    {
702
0
      status = ntlm_read_ChallengeMessage(context, input_buffer);
703
704
0
      if (status != SEC_I_CONTINUE_NEEDED)
705
0
        return status;
706
707
0
      if (!pOutput)
708
0
        return SEC_E_INVALID_TOKEN;
709
710
0
      if (pOutput->cBuffers < 1)
711
0
        return SEC_E_INVALID_TOKEN;
712
713
0
      output_buffer = sspi_FindSecBuffer(pOutput, SECBUFFER_TOKEN);
714
715
0
      if (!output_buffer)
716
0
        return SEC_E_INVALID_TOKEN;
717
718
0
      if (output_buffer->cbBuffer < 1)
719
0
        return SEC_E_INSUFFICIENT_MEMORY;
720
721
0
      if (ntlm_get_state(context) == NTLM_STATE_AUTHENTICATE)
722
0
        return ntlm_write_AuthenticateMessage(context, output_buffer);
723
0
    }
724
725
0
    return SEC_E_OUT_OF_SEQUENCE;
726
0
  }
727
728
0
  return SEC_E_OUT_OF_SEQUENCE;
729
0
}
730
731
/**
732
 * @see http://msdn.microsoft.com/en-us/library/windows/desktop/aa375512%28v=vs.85%29.aspx
733
 */
734
static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(
735
    PCredHandle phCredential, PCtxtHandle phContext, SEC_CHAR* pszTargetName, ULONG fContextReq,
736
    ULONG Reserved1, ULONG TargetDataRep, PSecBufferDesc pInput, ULONG Reserved2,
737
    PCtxtHandle phNewContext, PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry)
738
0
{
739
0
  SECURITY_STATUS status = 0;
740
0
  SEC_WCHAR* pszTargetNameW = NULL;
741
742
0
  if (pszTargetName)
743
0
  {
744
0
    pszTargetNameW = ConvertUtf8ToWCharAlloc(pszTargetName, NULL);
745
0
    if (!pszTargetNameW)
746
0
      return SEC_E_INTERNAL_ERROR;
747
0
  }
748
749
0
  status = ntlm_InitializeSecurityContextW(phCredential, phContext, pszTargetNameW, fContextReq,
750
0
                                           Reserved1, TargetDataRep, pInput, Reserved2,
751
0
                                           phNewContext, pOutput, pfContextAttr, ptsExpiry);
752
0
  free(pszTargetNameW);
753
0
  return status;
754
0
}
755
756
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375354 */
757
758
static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
759
0
{
760
0
  NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
761
0
  ntlm_ContextFree(context);
762
0
  return SEC_E_OK;
763
0
}
764
765
SECURITY_STATUS ntlm_computeProofValue(NTLM_CONTEXT* ntlm, SecBuffer* ntproof)
766
0
{
767
0
  BYTE* blob = NULL;
768
0
  SecBuffer* target = NULL;
769
770
0
  WINPR_ASSERT(ntlm);
771
0
  WINPR_ASSERT(ntproof);
772
773
0
  target = &ntlm->ChallengeTargetInfo;
774
775
0
  if (!sspi_SecBufferAlloc(ntproof, 36 + target->cbBuffer))
776
0
    return SEC_E_INSUFFICIENT_MEMORY;
777
778
0
  blob = (BYTE*)ntproof->pvBuffer;
779
0
  CopyMemory(blob, ntlm->ServerChallenge, 8); /* Server challenge. */
780
0
  blob[8] = 1;                                /* Response version. */
781
0
  blob[9] = 1; /* Highest response version understood by the client. */
782
  /* Reserved 6B. */
783
0
  CopyMemory(&blob[16], ntlm->Timestamp, 8);       /* Time. */
784
0
  CopyMemory(&blob[24], ntlm->ClientChallenge, 8); /* Client challenge. */
785
  /* Reserved 4B. */
786
  /* Server name. */
787
0
  CopyMemory(&blob[36], target->pvBuffer, target->cbBuffer);
788
0
  return SEC_E_OK;
789
0
}
790
791
SECURITY_STATUS ntlm_computeMicValue(NTLM_CONTEXT* ntlm, SecBuffer* micvalue)
792
0
{
793
0
  BYTE* blob = NULL;
794
0
  ULONG msgSize = 0;
795
796
0
  WINPR_ASSERT(ntlm);
797
0
  WINPR_ASSERT(micvalue);
798
799
0
  msgSize = ntlm->NegotiateMessage.cbBuffer + ntlm->ChallengeMessage.cbBuffer +
800
0
            ntlm->AuthenticateMessage.cbBuffer;
801
802
0
  if (!sspi_SecBufferAlloc(micvalue, msgSize))
803
0
    return SEC_E_INSUFFICIENT_MEMORY;
804
805
0
  blob = (BYTE*)micvalue->pvBuffer;
806
0
  CopyMemory(blob, ntlm->NegotiateMessage.pvBuffer, ntlm->NegotiateMessage.cbBuffer);
807
0
  blob += ntlm->NegotiateMessage.cbBuffer;
808
0
  CopyMemory(blob, ntlm->ChallengeMessage.pvBuffer, ntlm->ChallengeMessage.cbBuffer);
809
0
  blob += ntlm->ChallengeMessage.cbBuffer;
810
0
  CopyMemory(blob, ntlm->AuthenticateMessage.pvBuffer, ntlm->AuthenticateMessage.cbBuffer);
811
0
  blob += ntlm->MessageIntegrityCheckOffset;
812
0
  ZeroMemory(blob, 16);
813
0
  return SEC_E_OK;
814
0
}
815
816
/* http://msdn.microsoft.com/en-us/library/windows/desktop/aa379337/ */
817
818
static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesW(PCtxtHandle phContext,
819
                                                              ULONG ulAttribute, void* pBuffer)
820
0
{
821
0
  if (!phContext)
822
0
    return SEC_E_INVALID_HANDLE;
823
824
0
  if (!pBuffer)
825
0
    return SEC_E_INSUFFICIENT_MEMORY;
826
827
0
  NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
828
0
  if (!check_context(context))
829
0
    return SEC_E_INVALID_HANDLE;
830
831
0
  if (ulAttribute == SECPKG_ATTR_SIZES)
832
0
  {
833
0
    SecPkgContext_Sizes* ContextSizes = (SecPkgContext_Sizes*)pBuffer;
834
0
    ContextSizes->cbMaxToken = 2010;
835
0
    ContextSizes->cbMaxSignature = 16;    /* the size of expected signature is 16 bytes */
836
0
    ContextSizes->cbBlockSize = 0;        /* no padding */
837
0
    ContextSizes->cbSecurityTrailer = 16; /* no security trailer appended in NTLM
838
                                contrary to Kerberos */
839
0
    return SEC_E_OK;
840
0
  }
841
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_IDENTITY)
842
0
  {
843
0
    SSPI_CREDENTIALS* credentials = NULL;
844
0
    const SecPkgContext_AuthIdentity empty = { 0 };
845
0
    SecPkgContext_AuthIdentity* AuthIdentity = (SecPkgContext_AuthIdentity*)pBuffer;
846
847
0
    WINPR_ASSERT(AuthIdentity);
848
0
    *AuthIdentity = empty;
849
850
0
    context->UseSamFileDatabase = FALSE;
851
0
    credentials = context->credentials;
852
853
0
    if (credentials->identity.UserLength > 0)
854
0
    {
855
0
      if (ConvertWCharNToUtf8(credentials->identity.User, credentials->identity.UserLength,
856
0
                              AuthIdentity->User, ARRAYSIZE(AuthIdentity->User)) <= 0)
857
0
        return SEC_E_INTERNAL_ERROR;
858
0
    }
859
860
0
    if (credentials->identity.DomainLength > 0)
861
0
    {
862
0
      if (ConvertWCharNToUtf8(credentials->identity.Domain,
863
0
                              credentials->identity.DomainLength, AuthIdentity->Domain,
864
0
                              ARRAYSIZE(AuthIdentity->Domain)) <= 0)
865
0
        return SEC_E_INTERNAL_ERROR;
866
0
    }
867
868
0
    return SEC_E_OK;
869
0
  }
870
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_NTPROOF_VALUE)
871
0
  {
872
0
    return ntlm_computeProofValue(context, (SecBuffer*)pBuffer);
873
0
  }
874
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_RANDKEY)
875
0
  {
876
0
    SecBuffer* randkey = NULL;
877
0
    randkey = (SecBuffer*)pBuffer;
878
879
0
    if (!sspi_SecBufferAlloc(randkey, 16))
880
0
      return (SEC_E_INSUFFICIENT_MEMORY);
881
882
0
    CopyMemory(randkey->pvBuffer, context->EncryptedRandomSessionKey, 16);
883
0
    return (SEC_E_OK);
884
0
  }
885
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_MIC)
886
0
  {
887
0
    SecBuffer* mic = (SecBuffer*)pBuffer;
888
0
    NTLM_AUTHENTICATE_MESSAGE* message = &context->AUTHENTICATE_MESSAGE;
889
890
0
    if (!sspi_SecBufferAlloc(mic, 16))
891
0
      return (SEC_E_INSUFFICIENT_MEMORY);
892
893
0
    CopyMemory(mic->pvBuffer, message->MessageIntegrityCheck, 16);
894
0
    return (SEC_E_OK);
895
0
  }
896
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_MIC_VALUE)
897
0
  {
898
0
    return ntlm_computeMicValue(context, (SecBuffer*)pBuffer);
899
0
  }
900
901
0
  WLog_ERR(TAG, "TODO: Implement ulAttribute=0x%08" PRIx32, ulAttribute);
902
0
  return SEC_E_UNSUPPORTED_FUNCTION;
903
0
}
904
905
static SECURITY_STATUS SEC_ENTRY ntlm_QueryContextAttributesA(PCtxtHandle phContext,
906
                                                              ULONG ulAttribute, void* pBuffer)
907
0
{
908
0
  return ntlm_QueryContextAttributesW(phContext, ulAttribute, pBuffer);
909
0
}
910
911
static SECURITY_STATUS SEC_ENTRY ntlm_SetContextAttributesW(PCtxtHandle phContext,
912
                                                            ULONG ulAttribute, void* pBuffer,
913
                                                            ULONG cbBuffer)
914
0
{
915
0
  if (!phContext)
916
0
    return SEC_E_INVALID_HANDLE;
917
918
0
  if (!pBuffer)
919
0
    return SEC_E_INVALID_PARAMETER;
920
921
0
  NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
922
0
  if (!context)
923
0
    return SEC_E_INVALID_HANDLE;
924
925
0
  if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_HASH)
926
0
  {
927
0
    SecPkgContext_AuthNtlmHash* AuthNtlmHash = (SecPkgContext_AuthNtlmHash*)pBuffer;
928
929
0
    if (cbBuffer < sizeof(SecPkgContext_AuthNtlmHash))
930
0
      return SEC_E_INVALID_PARAMETER;
931
932
0
    if (AuthNtlmHash->Version == 1)
933
0
      CopyMemory(context->NtlmHash, AuthNtlmHash->NtlmHash, 16);
934
0
    else if (AuthNtlmHash->Version == 2)
935
0
      CopyMemory(context->NtlmV2Hash, AuthNtlmHash->NtlmHash, 16);
936
937
0
    return SEC_E_OK;
938
0
  }
939
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_MESSAGE)
940
0
  {
941
0
    SecPkgContext_AuthNtlmMessage* AuthNtlmMessage = (SecPkgContext_AuthNtlmMessage*)pBuffer;
942
943
0
    if (cbBuffer < sizeof(SecPkgContext_AuthNtlmMessage))
944
0
      return SEC_E_INVALID_PARAMETER;
945
946
0
    if (AuthNtlmMessage->type == 1)
947
0
    {
948
0
      sspi_SecBufferFree(&context->NegotiateMessage);
949
950
0
      if (!sspi_SecBufferAlloc(&context->NegotiateMessage, AuthNtlmMessage->length))
951
0
        return SEC_E_INSUFFICIENT_MEMORY;
952
953
0
      CopyMemory(context->NegotiateMessage.pvBuffer, AuthNtlmMessage->buffer,
954
0
                 AuthNtlmMessage->length);
955
0
    }
956
0
    else if (AuthNtlmMessage->type == 2)
957
0
    {
958
0
      sspi_SecBufferFree(&context->ChallengeMessage);
959
960
0
      if (!sspi_SecBufferAlloc(&context->ChallengeMessage, AuthNtlmMessage->length))
961
0
        return SEC_E_INSUFFICIENT_MEMORY;
962
963
0
      CopyMemory(context->ChallengeMessage.pvBuffer, AuthNtlmMessage->buffer,
964
0
                 AuthNtlmMessage->length);
965
0
    }
966
0
    else if (AuthNtlmMessage->type == 3)
967
0
    {
968
0
      sspi_SecBufferFree(&context->AuthenticateMessage);
969
970
0
      if (!sspi_SecBufferAlloc(&context->AuthenticateMessage, AuthNtlmMessage->length))
971
0
        return SEC_E_INSUFFICIENT_MEMORY;
972
973
0
      CopyMemory(context->AuthenticateMessage.pvBuffer, AuthNtlmMessage->buffer,
974
0
                 AuthNtlmMessage->length);
975
0
    }
976
977
0
    return SEC_E_OK;
978
0
  }
979
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_TIMESTAMP)
980
0
  {
981
0
    SecPkgContext_AuthNtlmTimestamp* AuthNtlmTimestamp =
982
0
        (SecPkgContext_AuthNtlmTimestamp*)pBuffer;
983
984
0
    if (cbBuffer < sizeof(SecPkgContext_AuthNtlmTimestamp))
985
0
      return SEC_E_INVALID_PARAMETER;
986
987
0
    if (AuthNtlmTimestamp->ChallengeOrResponse)
988
0
      CopyMemory(context->ChallengeTimestamp, AuthNtlmTimestamp->Timestamp, 8);
989
0
    else
990
0
      CopyMemory(context->Timestamp, AuthNtlmTimestamp->Timestamp, 8);
991
992
0
    return SEC_E_OK;
993
0
  }
994
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_CLIENT_CHALLENGE)
995
0
  {
996
0
    SecPkgContext_AuthNtlmClientChallenge* AuthNtlmClientChallenge =
997
0
        (SecPkgContext_AuthNtlmClientChallenge*)pBuffer;
998
999
0
    if (cbBuffer < sizeof(SecPkgContext_AuthNtlmClientChallenge))
1000
0
      return SEC_E_INVALID_PARAMETER;
1001
1002
0
    CopyMemory(context->ClientChallenge, AuthNtlmClientChallenge->ClientChallenge, 8);
1003
0
    return SEC_E_OK;
1004
0
  }
1005
0
  else if (ulAttribute == SECPKG_ATTR_AUTH_NTLM_SERVER_CHALLENGE)
1006
0
  {
1007
0
    SecPkgContext_AuthNtlmServerChallenge* AuthNtlmServerChallenge =
1008
0
        (SecPkgContext_AuthNtlmServerChallenge*)pBuffer;
1009
1010
0
    if (cbBuffer < sizeof(SecPkgContext_AuthNtlmServerChallenge))
1011
0
      return SEC_E_INVALID_PARAMETER;
1012
1013
0
    CopyMemory(context->ServerChallenge, AuthNtlmServerChallenge->ServerChallenge, 8);
1014
0
    return SEC_E_OK;
1015
0
  }
1016
1017
0
  WLog_ERR(TAG, "TODO: Implement ulAttribute=%08" PRIx32, ulAttribute);
1018
0
  return SEC_E_UNSUPPORTED_FUNCTION;
1019
0
}
1020
1021
static SECURITY_STATUS SEC_ENTRY ntlm_SetContextAttributesA(PCtxtHandle phContext,
1022
                                                            ULONG ulAttribute, void* pBuffer,
1023
                                                            ULONG cbBuffer)
1024
0
{
1025
0
  return ntlm_SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
1026
0
}
1027
1028
static SECURITY_STATUS SEC_ENTRY ntlm_SetCredentialsAttributesW(
1029
    WINPR_ATTR_UNUSED PCredHandle phCredential, WINPR_ATTR_UNUSED ULONG ulAttribute,
1030
    WINPR_ATTR_UNUSED void* pBuffer, WINPR_ATTR_UNUSED ULONG cbBuffer)
1031
0
{
1032
0
  return SEC_E_UNSUPPORTED_FUNCTION;
1033
0
}
1034
1035
static SECURITY_STATUS SEC_ENTRY ntlm_SetCredentialsAttributesA(
1036
    WINPR_ATTR_UNUSED PCredHandle phCredential, WINPR_ATTR_UNUSED ULONG ulAttribute,
1037
    WINPR_ATTR_UNUSED void* pBuffer, WINPR_ATTR_UNUSED ULONG cbBuffer)
1038
0
{
1039
0
  return SEC_E_UNSUPPORTED_FUNCTION;
1040
0
}
1041
1042
static SECURITY_STATUS SEC_ENTRY ntlm_RevertSecurityContext(WINPR_ATTR_UNUSED PCtxtHandle phContext)
1043
0
{
1044
0
  return SEC_E_OK;
1045
0
}
1046
1047
static SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext,
1048
                                                     WINPR_ATTR_UNUSED ULONG fQOP,
1049
                                                     PSecBufferDesc pMessage, ULONG MessageSeqNo)
1050
0
{
1051
0
  const UINT32 SeqNo = MessageSeqNo;
1052
0
  UINT32 value = 0;
1053
0
  BYTE digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
1054
0
  BYTE checksum[8] = { 0 };
1055
0
  ULONG version = 1;
1056
0
  PSecBuffer data_buffer = NULL;
1057
0
  PSecBuffer signature_buffer = NULL;
1058
0
  NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
1059
0
  if (!check_context(context))
1060
0
    return SEC_E_INVALID_HANDLE;
1061
1062
0
  for (ULONG index = 0; index < pMessage->cBuffers; index++)
1063
0
  {
1064
0
    SecBuffer* cur = &pMessage->pBuffers[index];
1065
1066
0
    if (cur->BufferType & SECBUFFER_DATA)
1067
0
      data_buffer = cur;
1068
0
    else if (cur->BufferType & SECBUFFER_TOKEN)
1069
0
      signature_buffer = cur;
1070
0
  }
1071
1072
0
  if (!data_buffer)
1073
0
    return SEC_E_INVALID_TOKEN;
1074
1075
0
  if (!signature_buffer)
1076
0
    return SEC_E_INVALID_TOKEN;
1077
1078
  /* Copy original data buffer */
1079
0
  ULONG length = data_buffer->cbBuffer;
1080
0
  void* data = malloc(length);
1081
1082
0
  if (!data)
1083
0
    return SEC_E_INSUFFICIENT_MEMORY;
1084
1085
0
  CopyMemory(data, data_buffer->pvBuffer, length);
1086
  /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
1087
0
  WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
1088
1089
0
  if (hmac &&
1090
0
      winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH))
1091
0
  {
1092
0
    winpr_Data_Write_UINT32(&value, SeqNo);
1093
0
    winpr_HMAC_Update(hmac, (void*)&value, 4);
1094
0
    winpr_HMAC_Update(hmac, data, length);
1095
0
    winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
1096
0
    winpr_HMAC_Free(hmac);
1097
0
  }
1098
0
  else
1099
0
  {
1100
0
    winpr_HMAC_Free(hmac);
1101
0
    free(data);
1102
0
    return SEC_E_INSUFFICIENT_MEMORY;
1103
0
  }
1104
1105
  /* Encrypt message using with RC4, result overwrites original buffer */
1106
0
  if ((data_buffer->BufferType & SECBUFFER_READONLY) == 0)
1107
0
  {
1108
0
    if (context->confidentiality)
1109
0
      winpr_RC4_Update(context->SendRc4Seal, length, (BYTE*)data,
1110
0
                       (BYTE*)data_buffer->pvBuffer);
1111
0
    else
1112
0
      CopyMemory(data_buffer->pvBuffer, data, length);
1113
0
  }
1114
1115
#ifdef WITH_DEBUG_NTLM
1116
  WLog_DBG(TAG, "Data Buffer (length = %" PRIuz ")", length);
1117
  winpr_HexDump(TAG, WLOG_DEBUG, data, length);
1118
  WLog_DBG(TAG, "Encrypted Data Buffer (length = %" PRIu32 ")", data_buffer->cbBuffer);
1119
  winpr_HexDump(TAG, WLOG_DEBUG, data_buffer->pvBuffer, data_buffer->cbBuffer);
1120
#endif
1121
0
  free(data);
1122
  /* RC4-encrypt first 8 bytes of digest */
1123
0
  winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum);
1124
0
  if ((signature_buffer->BufferType & SECBUFFER_READONLY) == 0)
1125
0
  {
1126
0
    BYTE* signature = signature_buffer->pvBuffer;
1127
    /* Concatenate version, ciphertext and sequence number to build signature */
1128
0
    winpr_Data_Write_UINT32(signature, version);
1129
0
    CopyMemory(&signature[4], (void*)checksum, 8);
1130
0
    winpr_Data_Write_UINT32(&signature[12], SeqNo);
1131
0
  }
1132
0
  context->SendSeqNum++;
1133
#ifdef WITH_DEBUG_NTLM
1134
  WLog_DBG(TAG, "Signature (length = %" PRIu32 ")", signature_buffer->cbBuffer);
1135
  winpr_HexDump(TAG, WLOG_DEBUG, signature_buffer->pvBuffer, signature_buffer->cbBuffer);
1136
#endif
1137
0
  return SEC_E_OK;
1138
0
}
1139
1140
static SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage,
1141
                                                     ULONG MessageSeqNo,
1142
                                                     WINPR_ATTR_UNUSED PULONG pfQOP)
1143
0
{
1144
0
  const UINT32 SeqNo = (UINT32)MessageSeqNo;
1145
0
  UINT32 value = 0;
1146
0
  BYTE digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
1147
0
  BYTE checksum[8] = { 0 };
1148
0
  UINT32 version = 1;
1149
0
  BYTE expected_signature[WINPR_MD5_DIGEST_LENGTH] = { 0 };
1150
0
  PSecBuffer data_buffer = NULL;
1151
0
  PSecBuffer signature_buffer = NULL;
1152
0
  NTLM_CONTEXT* context = (NTLM_CONTEXT*)sspi_SecureHandleGetLowerPointer(phContext);
1153
0
  if (!check_context(context))
1154
0
    return SEC_E_INVALID_HANDLE;
1155
1156
0
  for (ULONG index = 0; index < pMessage->cBuffers; index++)
1157
0
  {
1158
0
    if (pMessage->pBuffers[index].BufferType == SECBUFFER_DATA)
1159
0
      data_buffer = &pMessage->pBuffers[index];
1160
0
    else if (pMessage->pBuffers[index].BufferType == SECBUFFER_TOKEN)
1161
0
      signature_buffer = &pMessage->pBuffers[index];
1162
0
  }
1163
1164
0
  if (!data_buffer)
1165
0
    return SEC_E_INVALID_TOKEN;
1166
1167
0
  if (!signature_buffer)
1168
0
    return SEC_E_INVALID_TOKEN;
1169
1170
  /* Copy original data buffer */
1171
0
  const ULONG length = data_buffer->cbBuffer;
1172
0
  void* data = malloc(length);
1173
1174
0
  if (!data)
1175
0
    return SEC_E_INSUFFICIENT_MEMORY;
1176
1177
0
  CopyMemory(data, data_buffer->pvBuffer, length);
1178
1179
  /* Decrypt message using with RC4, result overwrites original buffer */
1180
1181
0
  if (context->confidentiality)
1182
0
    winpr_RC4_Update(context->RecvRc4Seal, length, (BYTE*)data, (BYTE*)data_buffer->pvBuffer);
1183
0
  else
1184
0
    CopyMemory(data_buffer->pvBuffer, data, length);
1185
1186
  /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,data) using the client signing key */
1187
0
  WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
1188
1189
0
  if (hmac &&
1190
0
      winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH))
1191
0
  {
1192
0
    winpr_Data_Write_UINT32(&value, SeqNo);
1193
0
    winpr_HMAC_Update(hmac, (void*)&value, 4);
1194
0
    winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
1195
0
    winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
1196
0
    winpr_HMAC_Free(hmac);
1197
0
  }
1198
0
  else
1199
0
  {
1200
0
    winpr_HMAC_Free(hmac);
1201
0
    free(data);
1202
0
    return SEC_E_INSUFFICIENT_MEMORY;
1203
0
  }
1204
1205
#ifdef WITH_DEBUG_NTLM
1206
  WLog_DBG(TAG, "Encrypted Data Buffer (length = %" PRIuz ")", length);
1207
  winpr_HexDump(TAG, WLOG_DEBUG, data, length);
1208
  WLog_DBG(TAG, "Data Buffer (length = %" PRIu32 ")", data_buffer->cbBuffer);
1209
  winpr_HexDump(TAG, WLOG_DEBUG, data_buffer->pvBuffer, data_buffer->cbBuffer);
1210
#endif
1211
0
  free(data);
1212
  /* RC4-encrypt first 8 bytes of digest */
1213
0
  winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum);
1214
  /* Concatenate version, ciphertext and sequence number to build signature */
1215
0
  winpr_Data_Write_UINT32(expected_signature, version);
1216
0
  CopyMemory(&expected_signature[4], (void*)checksum, 8);
1217
0
  winpr_Data_Write_UINT32(&expected_signature[12], SeqNo);
1218
0
  context->RecvSeqNum++;
1219
1220
0
  if (memcmp(signature_buffer->pvBuffer, expected_signature, 16) != 0)
1221
0
  {
1222
    /* signature verification failed! */
1223
0
    WLog_ERR(TAG, "signature verification failed, something nasty is going on!");
1224
#ifdef WITH_DEBUG_NTLM
1225
    WLog_ERR(TAG, "Expected Signature:");
1226
    winpr_HexDump(TAG, WLOG_ERROR, expected_signature, 16);
1227
    WLog_ERR(TAG, "Actual Signature:");
1228
    winpr_HexDump(TAG, WLOG_ERROR, (BYTE*)signature_buffer->pvBuffer, 16);
1229
#endif
1230
0
    return SEC_E_MESSAGE_ALTERED;
1231
0
  }
1232
1233
0
  return SEC_E_OK;
1234
0
}
1235
1236
static SECURITY_STATUS SEC_ENTRY ntlm_MakeSignature(PCtxtHandle phContext,
1237
                                                    WINPR_ATTR_UNUSED ULONG fQOP,
1238
                                                    PSecBufferDesc pMessage, ULONG MessageSeqNo)
1239
0
{
1240
0
  PSecBuffer data_buffer = NULL;
1241
0
  PSecBuffer sig_buffer = NULL;
1242
0
  UINT32 seq_no = 0;
1243
0
  BYTE digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
1244
0
  BYTE checksum[8] = { 0 };
1245
1246
0
  NTLM_CONTEXT* context = sspi_SecureHandleGetLowerPointer(phContext);
1247
0
  if (!check_context(context))
1248
0
    return SEC_E_INVALID_HANDLE;
1249
1250
0
  for (ULONG i = 0; i < pMessage->cBuffers; i++)
1251
0
  {
1252
0
    if (pMessage->pBuffers[i].BufferType == SECBUFFER_DATA)
1253
0
      data_buffer = &pMessage->pBuffers[i];
1254
0
    else if (pMessage->pBuffers[i].BufferType == SECBUFFER_TOKEN)
1255
0
      sig_buffer = &pMessage->pBuffers[i];
1256
0
  }
1257
1258
0
  if (!data_buffer || !sig_buffer)
1259
0
    return SEC_E_INVALID_TOKEN;
1260
1261
0
  WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
1262
1263
0
  if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->SendSigningKey, WINPR_MD5_DIGEST_LENGTH))
1264
0
  {
1265
0
    winpr_HMAC_Free(hmac);
1266
0
    return SEC_E_INTERNAL_ERROR;
1267
0
  }
1268
1269
0
  winpr_Data_Write_UINT32(&seq_no, MessageSeqNo);
1270
0
  winpr_HMAC_Update(hmac, (BYTE*)&seq_no, 4);
1271
0
  winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
1272
0
  winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
1273
0
  winpr_HMAC_Free(hmac);
1274
1275
0
  winpr_RC4_Update(context->SendRc4Seal, 8, digest, checksum);
1276
1277
0
  BYTE* signature = sig_buffer->pvBuffer;
1278
0
  winpr_Data_Write_UINT32(signature, 1L);
1279
0
  CopyMemory(&signature[4], checksum, 8);
1280
0
  winpr_Data_Write_UINT32(&signature[12], seq_no);
1281
0
  sig_buffer->cbBuffer = 16;
1282
1283
0
  return SEC_E_OK;
1284
0
}
1285
1286
static SECURITY_STATUS SEC_ENTRY ntlm_VerifySignature(PCtxtHandle phContext,
1287
                                                      PSecBufferDesc pMessage, ULONG MessageSeqNo,
1288
                                                      WINPR_ATTR_UNUSED PULONG pfQOP)
1289
0
{
1290
0
  PSecBuffer data_buffer = NULL;
1291
0
  PSecBuffer sig_buffer = NULL;
1292
0
  UINT32 seq_no = 0;
1293
0
  BYTE digest[WINPR_MD5_DIGEST_LENGTH] = { 0 };
1294
0
  BYTE checksum[8] = { 0 };
1295
0
  BYTE signature[16] = { 0 };
1296
1297
0
  NTLM_CONTEXT* context = sspi_SecureHandleGetLowerPointer(phContext);
1298
0
  if (!check_context(context))
1299
0
    return SEC_E_INVALID_HANDLE;
1300
1301
0
  for (ULONG i = 0; i < pMessage->cBuffers; i++)
1302
0
  {
1303
0
    if (pMessage->pBuffers[i].BufferType == SECBUFFER_DATA)
1304
0
      data_buffer = &pMessage->pBuffers[i];
1305
0
    else if (pMessage->pBuffers[i].BufferType == SECBUFFER_TOKEN)
1306
0
      sig_buffer = &pMessage->pBuffers[i];
1307
0
  }
1308
1309
0
  if (!data_buffer || !sig_buffer)
1310
0
    return SEC_E_INVALID_TOKEN;
1311
1312
0
  WINPR_HMAC_CTX* hmac = winpr_HMAC_New();
1313
1314
0
  if (!winpr_HMAC_Init(hmac, WINPR_MD_MD5, context->RecvSigningKey, WINPR_MD5_DIGEST_LENGTH))
1315
0
  {
1316
0
    winpr_HMAC_Free(hmac);
1317
0
    return SEC_E_INTERNAL_ERROR;
1318
0
  }
1319
1320
0
  winpr_Data_Write_UINT32(&seq_no, MessageSeqNo);
1321
0
  winpr_HMAC_Update(hmac, (BYTE*)&seq_no, 4);
1322
0
  winpr_HMAC_Update(hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
1323
0
  winpr_HMAC_Final(hmac, digest, WINPR_MD5_DIGEST_LENGTH);
1324
0
  winpr_HMAC_Free(hmac);
1325
1326
0
  winpr_RC4_Update(context->RecvRc4Seal, 8, digest, checksum);
1327
1328
0
  winpr_Data_Write_UINT32(signature, 1L);
1329
0
  CopyMemory(&signature[4], checksum, 8);
1330
0
  winpr_Data_Write_UINT32(&signature[12], seq_no);
1331
1332
0
  if (memcmp(sig_buffer->pvBuffer, signature, 16) != 0)
1333
0
    return SEC_E_MESSAGE_ALTERED;
1334
1335
0
  return SEC_E_OK;
1336
0
}
1337
1338
const SecurityFunctionTableA NTLM_SecurityFunctionTableA = {
1339
  3,                                /* dwVersion */
1340
  NULL,                             /* EnumerateSecurityPackages */
1341
  ntlm_QueryCredentialsAttributesA, /* QueryCredentialsAttributes */
1342
  ntlm_AcquireCredentialsHandleA,   /* AcquireCredentialsHandle */
1343
  ntlm_FreeCredentialsHandle,       /* FreeCredentialsHandle */
1344
  NULL,                             /* Reserved2 */
1345
  ntlm_InitializeSecurityContextA,  /* InitializeSecurityContext */
1346
  ntlm_AcceptSecurityContext,       /* AcceptSecurityContext */
1347
  NULL,                             /* CompleteAuthToken */
1348
  ntlm_DeleteSecurityContext,       /* DeleteSecurityContext */
1349
  NULL,                             /* ApplyControlToken */
1350
  ntlm_QueryContextAttributesA,     /* QueryContextAttributes */
1351
  ntlm_ImpersonateSecurityContext,  /* ImpersonateSecurityContext */
1352
  ntlm_RevertSecurityContext,       /* RevertSecurityContext */
1353
  ntlm_MakeSignature,               /* MakeSignature */
1354
  ntlm_VerifySignature,             /* VerifySignature */
1355
  NULL,                             /* FreeContextBuffer */
1356
  NULL,                             /* QuerySecurityPackageInfo */
1357
  NULL,                             /* Reserved3 */
1358
  NULL,                             /* Reserved4 */
1359
  NULL,                             /* ExportSecurityContext */
1360
  NULL,                             /* ImportSecurityContext */
1361
  NULL,                             /* AddCredentials */
1362
  NULL,                             /* Reserved8 */
1363
  NULL,                             /* QuerySecurityContextToken */
1364
  ntlm_EncryptMessage,              /* EncryptMessage */
1365
  ntlm_DecryptMessage,              /* DecryptMessage */
1366
  ntlm_SetContextAttributesA,       /* SetContextAttributes */
1367
  ntlm_SetCredentialsAttributesA,   /* SetCredentialsAttributes */
1368
};
1369
1370
const SecurityFunctionTableW NTLM_SecurityFunctionTableW = {
1371
  3,                                /* dwVersion */
1372
  NULL,                             /* EnumerateSecurityPackages */
1373
  ntlm_QueryCredentialsAttributesW, /* QueryCredentialsAttributes */
1374
  ntlm_AcquireCredentialsHandleW,   /* AcquireCredentialsHandle */
1375
  ntlm_FreeCredentialsHandle,       /* FreeCredentialsHandle */
1376
  NULL,                             /* Reserved2 */
1377
  ntlm_InitializeSecurityContextW,  /* InitializeSecurityContext */
1378
  ntlm_AcceptSecurityContext,       /* AcceptSecurityContext */
1379
  NULL,                             /* CompleteAuthToken */
1380
  ntlm_DeleteSecurityContext,       /* DeleteSecurityContext */
1381
  NULL,                             /* ApplyControlToken */
1382
  ntlm_QueryContextAttributesW,     /* QueryContextAttributes */
1383
  ntlm_ImpersonateSecurityContext,  /* ImpersonateSecurityContext */
1384
  ntlm_RevertSecurityContext,       /* RevertSecurityContext */
1385
  ntlm_MakeSignature,               /* MakeSignature */
1386
  ntlm_VerifySignature,             /* VerifySignature */
1387
  NULL,                             /* FreeContextBuffer */
1388
  NULL,                             /* QuerySecurityPackageInfo */
1389
  NULL,                             /* Reserved3 */
1390
  NULL,                             /* Reserved4 */
1391
  NULL,                             /* ExportSecurityContext */
1392
  NULL,                             /* ImportSecurityContext */
1393
  NULL,                             /* AddCredentials */
1394
  NULL,                             /* Reserved8 */
1395
  NULL,                             /* QuerySecurityContextToken */
1396
  ntlm_EncryptMessage,              /* EncryptMessage */
1397
  ntlm_DecryptMessage,              /* DecryptMessage */
1398
  ntlm_SetContextAttributesW,       /* SetContextAttributes */
1399
  ntlm_SetCredentialsAttributesW,   /* SetCredentialsAttributes */
1400
};
1401
1402
const SecPkgInfoA NTLM_SecPkgInfoA = {
1403
  0x00082B37,             /* fCapabilities */
1404
  1,                      /* wVersion */
1405
  0x000A,                 /* wRPCID */
1406
  0x00000B48,             /* cbMaxToken */
1407
  "NTLM",                 /* Name */
1408
  "NTLM Security Package" /* Comment */
1409
};
1410
1411
static WCHAR NTLM_SecPkgInfoW_NameBuffer[32] = { 0 };
1412
static WCHAR NTLM_SecPkgInfoW_CommentBuffer[32] = { 0 };
1413
1414
const SecPkgInfoW NTLM_SecPkgInfoW = {
1415
  0x00082B37,                    /* fCapabilities */
1416
  1,                             /* wVersion */
1417
  0x000A,                        /* wRPCID */
1418
  0x00000B48,                    /* cbMaxToken */
1419
  NTLM_SecPkgInfoW_NameBuffer,   /* Name */
1420
  NTLM_SecPkgInfoW_CommentBuffer /* Comment */
1421
};
1422
1423
char* ntlm_negotiate_flags_string(char* buffer, size_t size, UINT32 flags)
1424
0
{
1425
0
  if (!buffer || (size == 0))
1426
0
    return buffer;
1427
1428
0
  (void)_snprintf(buffer, size, "[0x%08" PRIx32 "] ", flags);
1429
1430
0
  for (int x = 0; x < 31; x++)
1431
0
  {
1432
0
    const UINT32 mask = 1 << x;
1433
0
    size_t len = strnlen(buffer, size);
1434
0
    if (flags & mask)
1435
0
    {
1436
0
      const char* str = ntlm_get_negotiate_string(mask);
1437
0
      const size_t flen = strlen(str);
1438
1439
0
      if ((len > 0) && (buffer[len - 1] != ' '))
1440
0
      {
1441
0
        if (size - len < 1)
1442
0
          break;
1443
0
        winpr_str_append("|", buffer, size, NULL);
1444
0
        len++;
1445
0
      }
1446
1447
0
      if (size - len < flen)
1448
0
        break;
1449
0
      winpr_str_append(str, buffer, size, NULL);
1450
0
    }
1451
0
  }
1452
1453
0
  return buffer;
1454
0
}
1455
1456
const char* ntlm_message_type_string(UINT32 messageType)
1457
0
{
1458
0
  switch (messageType)
1459
0
  {
1460
0
    case MESSAGE_TYPE_NEGOTIATE:
1461
0
      return "MESSAGE_TYPE_NEGOTIATE";
1462
0
    case MESSAGE_TYPE_CHALLENGE:
1463
0
      return "MESSAGE_TYPE_CHALLENGE";
1464
0
    case MESSAGE_TYPE_AUTHENTICATE:
1465
0
      return "MESSAGE_TYPE_AUTHENTICATE";
1466
0
    default:
1467
0
      return "MESSAGE_TYPE_UNKNOWN";
1468
0
  }
1469
0
}
1470
1471
const char* ntlm_state_string(NTLM_STATE state)
1472
0
{
1473
0
  switch (state)
1474
0
  {
1475
0
    case NTLM_STATE_INITIAL:
1476
0
      return "NTLM_STATE_INITIAL";
1477
0
    case NTLM_STATE_NEGOTIATE:
1478
0
      return "NTLM_STATE_NEGOTIATE";
1479
0
    case NTLM_STATE_CHALLENGE:
1480
0
      return "NTLM_STATE_CHALLENGE";
1481
0
    case NTLM_STATE_AUTHENTICATE:
1482
0
      return "NTLM_STATE_AUTHENTICATE";
1483
0
    case NTLM_STATE_FINAL:
1484
0
      return "NTLM_STATE_FINAL";
1485
0
    default:
1486
0
      return "NTLM_STATE_UNKNOWN";
1487
0
  }
1488
0
}
1489
void ntlm_change_state(NTLM_CONTEXT* ntlm, NTLM_STATE state)
1490
0
{
1491
0
  WINPR_ASSERT(ntlm);
1492
0
  WLog_DBG(TAG, "change state from %s to %s", ntlm_state_string(ntlm->state),
1493
0
           ntlm_state_string(state));
1494
0
  ntlm->state = state;
1495
0
}
1496
1497
NTLM_STATE ntlm_get_state(NTLM_CONTEXT* ntlm)
1498
0
{
1499
0
  WINPR_ASSERT(ntlm);
1500
0
  return ntlm->state;
1501
0
}
1502
1503
BOOL ntlm_reset_cipher_state(PSecHandle phContext)
1504
0
{
1505
0
  NTLM_CONTEXT* context = sspi_SecureHandleGetLowerPointer(phContext);
1506
1507
0
  if (context)
1508
0
  {
1509
0
    check_context(context);
1510
0
    winpr_RC4_Free(context->SendRc4Seal);
1511
0
    winpr_RC4_Free(context->RecvRc4Seal);
1512
0
    context->SendRc4Seal = winpr_RC4_New(context->RecvSealingKey, 16);
1513
0
    context->RecvRc4Seal = winpr_RC4_New(context->SendSealingKey, 16);
1514
1515
0
    if (!context->SendRc4Seal)
1516
0
    {
1517
0
      WLog_ERR(TAG, "Failed to allocate context->SendRc4Seal");
1518
0
      return FALSE;
1519
0
    }
1520
0
    if (!context->RecvRc4Seal)
1521
0
    {
1522
0
      WLog_ERR(TAG, "Failed to allocate context->RecvRc4Seal");
1523
0
      return FALSE;
1524
0
    }
1525
0
  }
1526
1527
0
  return TRUE;
1528
0
}
1529
1530
BOOL NTLM_init(void)
1531
0
{
1532
0
  InitializeConstWCharFromUtf8(NTLM_SecPkgInfoA.Name, NTLM_SecPkgInfoW_NameBuffer,
1533
0
                               ARRAYSIZE(NTLM_SecPkgInfoW_NameBuffer));
1534
0
  InitializeConstWCharFromUtf8(NTLM_SecPkgInfoA.Comment, NTLM_SecPkgInfoW_CommentBuffer,
1535
0
                               ARRAYSIZE(NTLM_SecPkgInfoW_CommentBuffer));
1536
1537
0
  return TRUE;
1538
0
}