20#include <winpr/config.h>
26#include <winpr/assert.h>
27#include <winpr/print.h>
28#include <winpr/stream.h>
29#include <winpr/sysinfo.h>
31#include "ntlm_compute.h"
33#include "ntlm_message.h"
36#define TAG WINPR_TAG("sspi.NTLM")
38#define NTLM_CheckAndLogRequiredCapacity(tag, s, nmemb, what) \
39 Stream_CheckAndLogRequiredCapacityEx(tag, WLOG_WARN, s, nmemb, 1, "%s(%s:%" PRIuz ") " what, \
40 __func__, __FILE__, (size_t)__LINE__)
42static const char NTLM_SIGNATURE[8] = {
'N',
'T',
'L',
'M',
'S',
'S',
'P',
'\0' };
46const char* ntlm_get_negotiate_string(UINT32 flag)
48 if (flag & NTLMSSP_NEGOTIATE_56)
49 return "NTLMSSP_NEGOTIATE_56";
50 if (flag & NTLMSSP_NEGOTIATE_KEY_EXCH)
51 return "NTLMSSP_NEGOTIATE_KEY_EXCH";
52 if (flag & NTLMSSP_NEGOTIATE_128)
53 return "NTLMSSP_NEGOTIATE_128";
54 if (flag & NTLMSSP_RESERVED1)
55 return "NTLMSSP_RESERVED1";
56 if (flag & NTLMSSP_RESERVED2)
57 return "NTLMSSP_RESERVED2";
58 if (flag & NTLMSSP_RESERVED3)
59 return "NTLMSSP_RESERVED3";
60 if (flag & NTLMSSP_NEGOTIATE_VERSION)
61 return "NTLMSSP_NEGOTIATE_VERSION";
62 if (flag & NTLMSSP_RESERVED4)
63 return "NTLMSSP_RESERVED4";
64 if (flag & NTLMSSP_NEGOTIATE_TARGET_INFO)
65 return "NTLMSSP_NEGOTIATE_TARGET_INFO";
66 if (flag & NTLMSSP_REQUEST_NON_NT_SESSION_KEY)
67 return "NTLMSSP_REQUEST_NON_NT_SESSION_KEY";
68 if (flag & NTLMSSP_RESERVED5)
69 return "NTLMSSP_RESERVED5";
70 if (flag & NTLMSSP_NEGOTIATE_IDENTIFY)
71 return "NTLMSSP_NEGOTIATE_IDENTIFY";
72 if (flag & NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY)
73 return "NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY";
74 if (flag & NTLMSSP_RESERVED6)
75 return "NTLMSSP_RESERVED6";
76 if (flag & NTLMSSP_TARGET_TYPE_SERVER)
77 return "NTLMSSP_TARGET_TYPE_SERVER";
78 if (flag & NTLMSSP_TARGET_TYPE_DOMAIN)
79 return "NTLMSSP_TARGET_TYPE_DOMAIN";
80 if (flag & NTLMSSP_NEGOTIATE_ALWAYS_SIGN)
81 return "NTLMSSP_NEGOTIATE_ALWAYS_SIGN";
82 if (flag & NTLMSSP_RESERVED7)
83 return "NTLMSSP_RESERVED7";
84 if (flag & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
85 return "NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED";
86 if (flag & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
87 return "NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED";
88 if (flag & NTLMSSP_NEGOTIATE_ANONYMOUS)
89 return "NTLMSSP_NEGOTIATE_ANONYMOUS";
90 if (flag & NTLMSSP_RESERVED8)
91 return "NTLMSSP_RESERVED8";
92 if (flag & NTLMSSP_NEGOTIATE_NTLM)
93 return "NTLMSSP_NEGOTIATE_NTLM";
94 if (flag & NTLMSSP_RESERVED9)
95 return "NTLMSSP_RESERVED9";
96 if (flag & NTLMSSP_NEGOTIATE_LM_KEY)
97 return "NTLMSSP_NEGOTIATE_LM_KEY";
98 if (flag & NTLMSSP_NEGOTIATE_DATAGRAM)
99 return "NTLMSSP_NEGOTIATE_DATAGRAM";
100 if (flag & NTLMSSP_NEGOTIATE_SEAL)
101 return "NTLMSSP_NEGOTIATE_SEAL";
102 if (flag & NTLMSSP_NEGOTIATE_SIGN)
103 return "NTLMSSP_NEGOTIATE_SIGN";
104 if (flag & NTLMSSP_RESERVED10)
105 return "NTLMSSP_RESERVED10";
106 if (flag & NTLMSSP_REQUEST_TARGET)
107 return "NTLMSSP_REQUEST_TARGET";
108 if (flag & NTLMSSP_NEGOTIATE_OEM)
109 return "NTLMSSP_NEGOTIATE_OEM";
110 if (flag & NTLMSSP_NEGOTIATE_UNICODE)
111 return "NTLMSSP_NEGOTIATE_UNICODE";
112 return "NTLMSSP_NEGOTIATE_UNKNOWN";
115#if defined(WITH_DEBUG_NTLM)
118 WINPR_ASSERT(fields);
121 WLog_VRB(TAG,
"%s (Len: %" PRIu16
" MaxLen: %" PRIu16
" BufferOffset: %" PRIu32
")", name,
122 fields->Len, fields->MaxLen, fields->BufferOffset);
125 winpr_HexDump(TAG, WLOG_TRACE, fields->Buffer, fields->Len);
128static void ntlm_print_negotiate_flags(UINT32 flags)
130 WLog_VRB(TAG,
"negotiateFlags \"0x%08" PRIX32
"\"", flags);
132 for (
int i = 31; i >= 0; i--)
134 if ((flags >> i) & 1)
136 const char* str = ntlm_get_negotiate_string(1u << i);
137 WLog_VRB(TAG,
"\t%s (%d),", str, (31 - i));
142static void ntlm_print_negotiate_message(
const SecBuffer* NegotiateMessage,
145 WINPR_ASSERT(NegotiateMessage);
146 WINPR_ASSERT(message);
148 WLog_VRB(TAG,
"NEGOTIATE_MESSAGE (length = %" PRIu32
")", NegotiateMessage->cbBuffer);
149 winpr_HexDump(TAG, WLOG_TRACE, NegotiateMessage->pvBuffer, NegotiateMessage->cbBuffer);
150 ntlm_print_negotiate_flags(message->NegotiateFlags);
152 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
153 ntlm_print_version_info(&(message->Version));
156static void ntlm_print_challenge_message(
const SecBuffer* ChallengeMessage,
160 WINPR_ASSERT(ChallengeMessage);
161 WINPR_ASSERT(message);
163 WLog_VRB(TAG,
"CHALLENGE_MESSAGE (length = %" PRIu32
")", ChallengeMessage->cbBuffer);
164 winpr_HexDump(TAG, WLOG_TRACE, ChallengeMessage->pvBuffer, ChallengeMessage->cbBuffer);
165 ntlm_print_negotiate_flags(message->NegotiateFlags);
167 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
168 ntlm_print_version_info(&(message->Version));
170 ntlm_print_message_fields(&(message->TargetName),
"TargetName");
171 ntlm_print_message_fields(&(message->TargetInfo),
"TargetInfo");
173 if (ChallengeTargetInfo && (ChallengeTargetInfo->cbBuffer > 0))
175 WLog_VRB(TAG,
"ChallengeTargetInfo (%" PRIu32
"):", ChallengeTargetInfo->cbBuffer);
176 ntlm_print_av_pair_list(ChallengeTargetInfo->pvBuffer, ChallengeTargetInfo->cbBuffer);
180static void ntlm_print_authenticate_message(
const SecBuffer* AuthenticateMessage,
184 WINPR_ASSERT(AuthenticateMessage);
185 WINPR_ASSERT(message);
187 WLog_VRB(TAG,
"AUTHENTICATE_MESSAGE (length = %" PRIu32
")", AuthenticateMessage->cbBuffer);
188 winpr_HexDump(TAG, WLOG_TRACE, AuthenticateMessage->pvBuffer, AuthenticateMessage->cbBuffer);
189 ntlm_print_negotiate_flags(message->NegotiateFlags);
191 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
192 ntlm_print_version_info(&(message->Version));
194 if (AuthenticateTargetInfo && (AuthenticateTargetInfo->cbBuffer > 0))
196 WLog_VRB(TAG,
"AuthenticateTargetInfo (%" PRIu32
"):", AuthenticateTargetInfo->cbBuffer);
197 ntlm_print_av_pair_list(AuthenticateTargetInfo->pvBuffer, AuthenticateTargetInfo->cbBuffer);
200 ntlm_print_message_fields(&(message->DomainName),
"DomainName");
201 ntlm_print_message_fields(&(message->UserName),
"UserName");
202 ntlm_print_message_fields(&(message->Workstation),
"Workstation");
203 ntlm_print_message_fields(&(message->LmChallengeResponse),
"LmChallengeResponse");
204 ntlm_print_message_fields(&(message->NtChallengeResponse),
"NtChallengeResponse");
205 ntlm_print_message_fields(&(message->EncryptedRandomSessionKey),
"EncryptedRandomSessionKey");
207 if (flags & MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK)
209 WLog_VRB(TAG,
"MessageIntegrityCheck (length = 16)");
210 winpr_HexDump(TAG, WLOG_TRACE, message->MessageIntegrityCheck,
211 sizeof(message->MessageIntegrityCheck));
215static void ntlm_print_authentication_complete(
const NTLM_CONTEXT* context)
217 WINPR_ASSERT(context);
219 WLog_VRB(TAG,
"ClientChallenge");
220 winpr_HexDump(TAG, WLOG_TRACE, context->ClientChallenge, 8);
221 WLog_VRB(TAG,
"ServerChallenge");
222 winpr_HexDump(TAG, WLOG_TRACE, context->ServerChallenge, 8);
223 WLog_VRB(TAG,
"SessionBaseKey");
224 winpr_HexDump(TAG, WLOG_TRACE, context->SessionBaseKey, 16);
225 WLog_VRB(TAG,
"KeyExchangeKey");
226 winpr_HexDump(TAG, WLOG_TRACE, context->KeyExchangeKey, 16);
227 WLog_VRB(TAG,
"ExportedSessionKey");
228 winpr_HexDump(TAG, WLOG_TRACE, context->ExportedSessionKey, 16);
229 WLog_VRB(TAG,
"RandomSessionKey");
230 winpr_HexDump(TAG, WLOG_TRACE, context->RandomSessionKey, 16);
231 WLog_VRB(TAG,
"ClientSigningKey");
232 winpr_HexDump(TAG, WLOG_TRACE, context->ClientSigningKey, 16);
233 WLog_VRB(TAG,
"ClientSealingKey");
234 winpr_HexDump(TAG, WLOG_TRACE, context->ClientSealingKey, 16);
235 WLog_VRB(TAG,
"ServerSigningKey");
236 winpr_HexDump(TAG, WLOG_TRACE, context->ServerSigningKey, 16);
237 WLog_VRB(TAG,
"ServerSealingKey");
238 winpr_HexDump(TAG, WLOG_TRACE, context->ServerSealingKey, 16);
239 WLog_VRB(TAG,
"Timestamp");
240 winpr_HexDump(TAG, WLOG_TRACE, context->Timestamp, 8);
247 WINPR_ASSERT(header);
249 if (!Stream_CheckAndLogRequiredLength(TAG, s, 12))
252 Stream_Read(s, header->Signature, 8);
253 Stream_Read_UINT32(s, header->MessageType);
255 if (strncmp((
char*)header->Signature, NTLM_SIGNATURE, 8) != 0)
257 char Signature[
sizeof(header->Signature) * 3 + 1] = WINPR_C_ARRAY_INIT;
258 winpr_BinToHexStringBuffer(header->Signature,
sizeof(header->Signature), Signature,
259 sizeof(Signature), TRUE);
261 WLog_ERR(TAG,
"NTLM_MESSAGE_HEADER Invalid signature, got %s, expected %s", Signature,
266 if (header->MessageType != expected)
268 WLog_ERR(TAG,
"NTLM_MESSAGE_HEADER Invalid message type, got %s, expected %s",
269 ntlm_message_type_string(header->MessageType), ntlm_message_type_string(expected));
279 WINPR_ASSERT(header);
281 if (!NTLM_CheckAndLogRequiredCapacity(TAG, s,
sizeof(NTLM_SIGNATURE) + 4ull,
282 "NTLM_MESSAGE_HEADER::header"))
285 Stream_Write(s, header->Signature,
sizeof(NTLM_SIGNATURE));
286 Stream_Write_UINT32(s, header->MessageType);
293 WINPR_ASSERT(header);
295 CopyMemory(header->Signature, NTLM_SIGNATURE,
sizeof(NTLM_SIGNATURE));
296 header->MessageType = MessageType;
303 WINPR_ASSERT(fields);
305 if (!Stream_CheckAndLogRequiredLength(TAG, s, 8))
308 ntlm_free_message_fields_buffer(fields);
310 Stream_Read_UINT16(s, fields->Len);
311 Stream_Read_UINT16(s, fields->MaxLen);
312 Stream_Read_UINT32(s, fields->BufferOffset);
320 WINPR_ASSERT(fields);
322 MaxLen = fields->MaxLen;
323 if (fields->MaxLen < 1)
324 MaxLen = fields->Len;
326 if (!NTLM_CheckAndLogRequiredCapacity(TAG, (s), 8,
"NTLM_MESSAGE_FIELDS::header"))
329 Stream_Write_UINT16(s, fields->Len);
330 Stream_Write_UINT16(s, MaxLen);
331 Stream_Write_UINT32(s, fields->BufferOffset);
338 WINPR_ASSERT(fields);
340 ntlm_free_message_fields_buffer(fields);
343 const size_t offset = 1ull * fields->BufferOffset + fields->Len;
345 if (fields->BufferOffset > UINT32_MAX - fields->Len)
348 "NTLM_MESSAGE_FIELDS::BufferOffset %" PRIu32
349 " too large, maximum allowed is %" PRIu32,
350 fields->BufferOffset, UINT32_MAX - fields->Len);
354 if (offset > Stream_Length(s))
357 "NTLM_MESSAGE_FIELDS::Buffer offset %" PRIuz
" beyond received data %" PRIuz,
358 offset, Stream_Length(s));
362 fields->Buffer = (PBYTE)malloc(fields->Len);
366 WLog_ERR(TAG,
"NTLM_MESSAGE_FIELDS::Buffer allocation of %" PRIu16
"bytes failed",
371 if (!Stream_SetPosition(s, fields->BufferOffset))
373 ntlm_free_message_fields_buffer(fields);
376 Stream_Read(s, fields->Buffer, fields->Len);
385 WINPR_ASSERT(fields);
389 if (!Stream_SetPosition(s, fields->BufferOffset))
391 if (!NTLM_CheckAndLogRequiredCapacity(TAG, (s), fields->Len,
"NTLM_MESSAGE_FIELDS::Len"))
394 Stream_Write(s, fields->Buffer, fields->Len);
406 free(fields->Buffer);
409 fields->Buffer =
nullptr;
410 fields->BufferOffset = 0;
413static BOOL ntlm_read_negotiate_flags(
wStream* s, UINT32* flags, UINT32 required,
const char* name)
415 UINT32 NegotiateFlags = 0;
416 char buffer[1024] = WINPR_C_ARRAY_INIT;
421 if (!Stream_CheckAndLogRequiredLength(TAG, s, 4))
424 Stream_Read_UINT32(s, NegotiateFlags);
426 if ((NegotiateFlags & required) != required)
428 WLog_ERR(TAG,
"%s::NegotiateFlags invalid flags 0x08%" PRIx32
", 0x%08" PRIx32
" required",
429 name, NegotiateFlags, required);
433 WLog_DBG(TAG,
"Read flags %s",
434 ntlm_negotiate_flags_string(buffer, ARRAYSIZE(buffer), NegotiateFlags));
435 *flags = NegotiateFlags;
439static BOOL ntlm_write_negotiate_flags(
wStream* s, UINT32 flags,
const char* name)
441 char buffer[1024] = WINPR_C_ARRAY_INIT;
445 if (!Stream_CheckAndLogRequiredCapacityEx(TAG, WLOG_WARN, s, 4ull, 1ull,
446 "%s(%s:%" PRIuz
") %s::NegotiateFlags", __func__,
447 __FILE__, (
size_t)__LINE__, name))
450 WLog_DBG(TAG,
"Write flags %s", ntlm_negotiate_flags_string(buffer, ARRAYSIZE(buffer), flags));
451 Stream_Write_UINT32(s, flags);
455static BOOL ntlm_read_message_integrity_check(
wStream* s,
size_t* offset, BYTE* data,
size_t size,
456 WINPR_ATTR_UNUSED
const char* name)
459 WINPR_ASSERT(offset);
461 WINPR_ASSERT(size == WINPR_MD5_DIGEST_LENGTH);
464 *offset = Stream_GetPosition(s);
466 if (!Stream_CheckAndLogRequiredLength(TAG, s, size))
469 Stream_Read(s, data, size);
473static BOOL ntlm_write_message_integrity_check(
wStream* s,
size_t offset,
const BYTE* data,
474 size_t size, WINPR_ATTR_UNUSED
const char* name)
478 WINPR_ASSERT(size == WINPR_MD5_DIGEST_LENGTH);
481 const size_t pos = Stream_GetPosition(s);
483 if (!NTLM_CheckAndLogRequiredCapacity(TAG, s, offset,
"MessageIntegrityCheck::offset"))
486 if (!Stream_SetPosition(s, offset))
488 if (!NTLM_CheckAndLogRequiredCapacity(TAG, s, size,
"MessageIntegrityCheck::size"))
491 Stream_Write(s, data, size);
492 return Stream_SetPosition(s, pos);
497 wStream sbuffer = WINPR_C_ARRAY_INIT;
501 WINPR_ASSERT(context);
502 WINPR_ASSERT(buffer);
505 WINPR_ASSERT(message);
509 wStream* s = Stream_StaticConstInit(&sbuffer, buffer->pvBuffer, buffer->cbBuffer);
512 return SEC_E_INTERNAL_ERROR;
514 if (!ntlm_read_message_header(s, &message->header, MESSAGE_TYPE_NEGOTIATE))
515 return SEC_E_INVALID_TOKEN;
517 if (!ntlm_read_negotiate_flags(s, &message->NegotiateFlags,
518 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
519 NTLMSSP_NEGOTIATE_UNICODE,
520 "NTLM_NEGOTIATE_MESSAGE"))
521 return SEC_E_INVALID_TOKEN;
523 context->NegotiateFlags = message->NegotiateFlags;
528 if (!ntlm_read_message_fields(s, &(message->DomainName)))
529 return SEC_E_INVALID_TOKEN;
535 if (!ntlm_read_message_fields(s, &(message->Workstation)))
536 return SEC_E_INVALID_TOKEN;
539 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
541 if (!ntlm_read_version_info(s, &(message->Version)))
542 return SEC_E_INVALID_TOKEN;
545 if (!ntlm_read_message_fields_buffer(s, &message->DomainName))
546 return SEC_E_INVALID_TOKEN;
548 if (!ntlm_read_message_fields_buffer(s, &message->Workstation))
549 return SEC_E_INVALID_TOKEN;
551 length = Stream_GetPosition(s);
552 WINPR_ASSERT(length <= UINT32_MAX);
553 buffer->cbBuffer = (ULONG)length;
555 if (!sspi_SecBufferAlloc(&context->NegotiateMessage, (ULONG)length))
556 return SEC_E_INTERNAL_ERROR;
558 CopyMemory(context->NegotiateMessage.pvBuffer, buffer->pvBuffer, buffer->cbBuffer);
559 context->NegotiateMessage.BufferType = buffer->BufferType;
560#if defined(WITH_DEBUG_NTLM)
561 ntlm_print_negotiate_message(&context->NegotiateMessage, message);
563 ntlm_change_state(context, NTLM_STATE_CHALLENGE);
564 return SEC_I_CONTINUE_NEEDED;
569 wStream sbuffer = WINPR_C_ARRAY_INIT;
573 WINPR_ASSERT(context);
574 WINPR_ASSERT(buffer);
577 WINPR_ASSERT(message);
581 wStream* s = Stream_StaticInit(&sbuffer, buffer->pvBuffer, buffer->cbBuffer);
584 return SEC_E_INTERNAL_ERROR;
586 if (!ntlm_populate_message_header(&message->header, MESSAGE_TYPE_NEGOTIATE))
587 return SEC_E_INTERNAL_ERROR;
591 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_56;
592 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_VERSION;
593 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_LM_KEY;
594 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_OEM;
597 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
598 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_128;
599 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY;
600 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
601 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM;
602 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
603 message->NegotiateFlags |= NTLMSSP_REQUEST_TARGET;
604 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_UNICODE;
606 if (context->confidentiality)
607 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
609 if (context->SendVersionInfo)
610 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_VERSION;
612 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
614 if (!ntlm_get_version_info(&(message->Version)))
615 return SEC_E_INTERNAL_ERROR;
618 context->NegotiateFlags = message->NegotiateFlags;
620 if (!ntlm_write_message_header(s, &message->header))
621 return SEC_E_INTERNAL_ERROR;
623 if (!ntlm_write_negotiate_flags(s, message->NegotiateFlags,
"NTLM_NEGOTIATE_MESSAGE"))
624 return SEC_E_INTERNAL_ERROR;
628 if (!ntlm_write_message_fields(s, &(message->DomainName)))
629 return SEC_E_INTERNAL_ERROR;
633 if (!ntlm_write_message_fields(s, &(message->Workstation)))
634 return SEC_E_INTERNAL_ERROR;
636 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
638 if (!ntlm_write_version_info(s, &(message->Version)))
639 return SEC_E_INTERNAL_ERROR;
642 length = Stream_GetPosition(s);
643 WINPR_ASSERT(length <= UINT32_MAX);
644 buffer->cbBuffer = (ULONG)length;
646 if (!sspi_SecBufferAlloc(&context->NegotiateMessage, (ULONG)length))
647 return SEC_E_INTERNAL_ERROR;
649 CopyMemory(context->NegotiateMessage.pvBuffer, buffer->pvBuffer, buffer->cbBuffer);
650 context->NegotiateMessage.BufferType = buffer->BufferType;
651#if defined(WITH_DEBUG_NTLM)
652 ntlm_print_negotiate_message(&context->NegotiateMessage, message);
654 ntlm_change_state(context, NTLM_STATE_CHALLENGE);
655 return SEC_I_CONTINUE_NEEDED;
660 SECURITY_STATUS status = SEC_E_INVALID_TOKEN;
661 wStream sbuffer = WINPR_C_ARRAY_INIT;
663 size_t StartOffset = 0;
664 size_t PayloadOffset = 0;
667 if (!context || !buffer)
668 return SEC_E_INTERNAL_ERROR;
670 if (!ntlm_generate_client_challenge(context))
671 return SEC_E_INTERNAL_ERROR;
674 WINPR_ASSERT(message);
678 wStream* s = Stream_StaticConstInit(&sbuffer, buffer->pvBuffer, buffer->cbBuffer);
681 return SEC_E_INTERNAL_ERROR;
683 StartOffset = Stream_GetPosition(s);
685 if (!ntlm_read_message_header(s, &message->header, MESSAGE_TYPE_CHALLENGE))
688 if (!ntlm_read_message_fields(s, &(message->TargetName)))
691 if (!ntlm_read_negotiate_flags(s, &message->NegotiateFlags, 0,
"NTLM_CHALLENGE_MESSAGE"))
694 context->NegotiateFlags = message->NegotiateFlags;
696 if (!Stream_CheckAndLogRequiredLength(TAG, s, 16))
699 Stream_Read(s, message->ServerChallenge, 8);
700 CopyMemory(context->ServerChallenge, message->ServerChallenge, 8);
701 Stream_Read(s, message->Reserved, 8);
703 if (!ntlm_read_message_fields(s, &(message->TargetInfo)))
706 if (context->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
708 if (!ntlm_read_version_info(s, &(message->Version)))
713 PayloadOffset = Stream_GetPosition(s);
715 status = SEC_E_INTERNAL_ERROR;
716 if (message->TargetName.Len > 0)
718 if (!ntlm_read_message_fields_buffer(s, &(message->TargetName)))
722 if (message->TargetInfo.Len > 0)
724 size_t cbAvTimestamp = 0;
726 if (!ntlm_read_message_fields_buffer(s, &(message->TargetInfo)))
729 context->ChallengeTargetInfo.pvBuffer = message->TargetInfo.Buffer;
730 context->ChallengeTargetInfo.cbBuffer = message->TargetInfo.Len;
732 ntlm_av_pair_get((
NTLM_AV_PAIR*)message->TargetInfo.Buffer, message->TargetInfo.Len,
733 MsvAvTimestamp, &cbAvTimestamp);
737 PBYTE ptr = ntlm_av_pair_get_value_pointer(AvTimestamp, cbAvTimestamp);
739 if (!ptr || (AvTimestamp->AvLen < 8))
743 context->UseMIC = TRUE;
745 CopyMemory(context->ChallengeTimestamp, ptr, 8);
749 length = (PayloadOffset - StartOffset) + message->TargetName.Len + message->TargetInfo.Len;
750 if (length > buffer->cbBuffer)
753 if (!sspi_SecBufferAlloc(&context->ChallengeMessage, (ULONG)length))
756 if (context->ChallengeMessage.pvBuffer)
757 CopyMemory(context->ChallengeMessage.pvBuffer, Stream_Buffer(s) + StartOffset, length);
758#if defined(WITH_DEBUG_NTLM)
759 ntlm_print_challenge_message(&context->ChallengeMessage, message,
nullptr);
765 if (!ntlm_construct_authenticate_target_info(context))
768 sspi_SecBufferFree(&context->ChallengeTargetInfo);
769 context->ChallengeTargetInfo.pvBuffer = context->AuthenticateTargetInfo.pvBuffer;
770 context->ChallengeTargetInfo.cbBuffer = context->AuthenticateTargetInfo.cbBuffer;
773 ntlm_generate_timestamp(context);
776 const SECURITY_STATUS rc = ntlm_compute_lm_v2_response(context);
785 const SECURITY_STATUS rc2 =
786 ntlm_compute_ntlm_v2_response(context);
794 if (!ntlm_generate_key_exchange_key(context))
796 if (!ntlm_generate_random_session_key(context))
798 if (!ntlm_generate_exported_session_key(context))
800 if (!ntlm_encrypt_random_session_key(context))
804 status = SEC_E_ENCRYPT_FAILURE;
805 if (!ntlm_generate_client_signing_key(context))
807 if (!ntlm_generate_server_signing_key(context))
810 if (!ntlm_generate_client_sealing_key(context))
812 if (!ntlm_generate_server_sealing_key(context))
815 if (!ntlm_init_rc4_seal_states(context))
817#if defined(WITH_DEBUG_NTLM)
818 ntlm_print_authentication_complete(context);
820 ntlm_change_state(context, NTLM_STATE_AUTHENTICATE);
821 status = SEC_I_CONTINUE_NEEDED;
823 ntlm_free_message_fields_buffer(&(message->TargetName));
829 wStream sbuffer = WINPR_C_ARRAY_INIT;
831 UINT32 PayloadOffset = 0;
834 WINPR_ASSERT(context);
835 WINPR_ASSERT(buffer);
838 WINPR_ASSERT(message);
842 wStream* s = Stream_StaticInit(&sbuffer, buffer->pvBuffer, buffer->cbBuffer);
845 return SEC_E_INTERNAL_ERROR;
847 if (!ntlm_get_version_info(&(message->Version)))
848 return SEC_E_INTERNAL_ERROR;
849 if (!ntlm_generate_server_challenge(context))
850 return SEC_E_INTERNAL_ERROR;
851 ntlm_generate_timestamp(context);
853 if (!ntlm_construct_challenge_target_info(context))
854 return SEC_E_INTERNAL_ERROR;
856 CopyMemory(message->ServerChallenge, context->ServerChallenge, 8);
857 message->NegotiateFlags = context->NegotiateFlags;
858 if (!ntlm_populate_message_header(&message->header, MESSAGE_TYPE_CHALLENGE))
859 return SEC_E_INTERNAL_ERROR;
862 if (!ntlm_write_message_header(s, &message->header))
863 return SEC_E_INTERNAL_ERROR;
865 if (message->NegotiateFlags & NTLMSSP_REQUEST_TARGET)
867 message->TargetName.Len = (UINT16)context->TargetName.cbBuffer;
868 message->TargetName.Buffer = (PBYTE)context->TargetName.pvBuffer;
871 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
873 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_TARGET_INFO)
875 message->TargetInfo.Len = (UINT16)context->ChallengeTargetInfo.cbBuffer;
876 message->TargetInfo.Buffer = (PBYTE)context->ChallengeTargetInfo.pvBuffer;
881 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
884 message->TargetName.BufferOffset = PayloadOffset;
885 message->TargetInfo.BufferOffset = message->TargetName.BufferOffset + message->TargetName.Len;
887 if (!ntlm_write_message_fields(s, &(message->TargetName)))
888 return SEC_E_INTERNAL_ERROR;
890 if (!ntlm_write_negotiate_flags(s, message->NegotiateFlags,
"NTLM_CHALLENGE_MESSAGE"))
891 return SEC_E_INTERNAL_ERROR;
893 if (!NTLM_CheckAndLogRequiredCapacity(TAG, s, 16,
"NTLM_CHALLENGE_MESSAGE::ServerChallenge"))
894 return SEC_E_INTERNAL_ERROR;
896 Stream_Write(s, message->ServerChallenge, 8);
897 Stream_Write(s, message->Reserved, 8);
900 if (!ntlm_write_message_fields(s, &(message->TargetInfo)))
901 return SEC_E_INTERNAL_ERROR;
903 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
905 if (!ntlm_write_version_info(s, &(message->Version)))
906 return SEC_E_INTERNAL_ERROR;
910 if (message->NegotiateFlags & NTLMSSP_REQUEST_TARGET)
912 if (!ntlm_write_message_fields_buffer(s, &(message->TargetName)))
913 return SEC_E_INTERNAL_ERROR;
916 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_TARGET_INFO)
918 if (!ntlm_write_message_fields_buffer(s, &(message->TargetInfo)))
919 return SEC_E_INTERNAL_ERROR;
922 length = Stream_GetPosition(s);
923 WINPR_ASSERT(length <= UINT32_MAX);
924 buffer->cbBuffer = (ULONG)length;
926 if (!sspi_SecBufferAlloc(&context->ChallengeMessage, (ULONG)length))
927 return SEC_E_INTERNAL_ERROR;
929 CopyMemory(context->ChallengeMessage.pvBuffer, Stream_Buffer(s), length);
930#if defined(WITH_DEBUG_NTLM)
931 ntlm_print_challenge_message(&context->ChallengeMessage, message,
932 &context->ChallengeTargetInfo);
934 ntlm_change_state(context, NTLM_STATE_AUTHENTICATE);
935 return SEC_I_CONTINUE_NEEDED;
940 SECURITY_STATUS status = SEC_E_INVALID_TOKEN;
941 wStream sbuffer = WINPR_C_ARRAY_INIT;
945 size_t PayloadBufferOffset = 0;
948 WINPR_ASSERT(context);
949 WINPR_ASSERT(buffer);
952 WINPR_ASSERT(credentials);
955 WINPR_ASSERT(message);
959 wStream* s = Stream_StaticConstInit(&sbuffer, buffer->pvBuffer, buffer->cbBuffer);
962 return SEC_E_INTERNAL_ERROR;
964 if (!ntlm_read_message_header(s, &message->header, MESSAGE_TYPE_AUTHENTICATE))
967 if (!ntlm_read_message_fields(
968 s, &(message->LmChallengeResponse)))
971 if (!ntlm_read_message_fields(
972 s, &(message->NtChallengeResponse)))
975 if (!ntlm_read_message_fields(s, &(message->DomainName)))
978 if (!ntlm_read_message_fields(s, &(message->UserName)))
981 if (!ntlm_read_message_fields(s, &(message->Workstation)))
984 if (!ntlm_read_message_fields(
986 &(message->EncryptedRandomSessionKey)))
989 if (!ntlm_read_negotiate_flags(s, &message->NegotiateFlags, 0,
"NTLM_AUTHENTICATE_MESSAGE"))
992 context->NegotiateKeyExchange = (message->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH) != 0;
994 if ((context->NegotiateKeyExchange && !message->EncryptedRandomSessionKey.Len) ||
995 (!context->NegotiateKeyExchange && message->EncryptedRandomSessionKey.Len))
998 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
1000 if (!ntlm_read_version_info(s, &(message->Version)))
1004 PayloadBufferOffset = Stream_GetPosition(s);
1006 status = SEC_E_INTERNAL_ERROR;
1007 if (!ntlm_read_message_fields_buffer(s, &(message->DomainName)))
1010 if (!ntlm_read_message_fields_buffer(s, &(message->UserName)))
1013 if (!ntlm_read_message_fields_buffer(s, &(message->Workstation)))
1016 if (!ntlm_read_message_fields_buffer(s,
1017 &(message->LmChallengeResponse)))
1020 if (!ntlm_read_message_fields_buffer(s,
1021 &(message->NtChallengeResponse)))
1024 if (ntlm_SetContextWorkstationX(context, TRUE, message->Workstation.Buffer,
1025 message->Workstation.Len) != SEC_E_OK)
1028 if (message->NtChallengeResponse.Len > 0)
1030 size_t cbAvFlags = 0;
1032 wStream* snt = Stream_StaticConstInit(&ssbuffer, message->NtChallengeResponse.Buffer,
1033 message->NtChallengeResponse.Len);
1038 status = SEC_E_INVALID_TOKEN;
1039 if (!ntlm_read_ntlm_v2_response(snt, &(context->NTLMv2Response)))
1041 status = SEC_E_INTERNAL_ERROR;
1043 context->NtChallengeResponse.pvBuffer = message->NtChallengeResponse.Buffer;
1044 context->NtChallengeResponse.cbBuffer = message->NtChallengeResponse.Len;
1045 sspi_SecBufferFree(&(context->ChallengeTargetInfo));
1046 context->ChallengeTargetInfo.pvBuffer = (
void*)context->NTLMv2Response.Challenge.AvPairs;
1047 context->ChallengeTargetInfo.cbBuffer = message->NtChallengeResponse.Len - (28 + 16);
1048 CopyMemory(context->ClientChallenge, context->NTLMv2Response.Challenge.ClientChallenge, 8);
1050 ntlm_av_pair_get(context->NTLMv2Response.Challenge.AvPairs,
1051 context->NTLMv2Response.Challenge.cbAvPairs, MsvAvFlags, &cbAvFlags);
1055 const BYTE* ptr = ntlm_av_pair_get_value_pointer(AvFlags, cbAvFlags);
1056 if (!ptr || (AvFlags->AvLen < 4))
1058 flags = winpr_Data_Get_UINT32(ptr);
1062 if (!ntlm_read_message_fields_buffer(
1063 s, &(message->EncryptedRandomSessionKey)))
1066 if (message->EncryptedRandomSessionKey.Len > 0)
1068 if (message->EncryptedRandomSessionKey.Len != 16)
1071 CopyMemory(context->EncryptedRandomSessionKey, message->EncryptedRandomSessionKey.Buffer,
1075 length = Stream_GetPosition(s);
1076 WINPR_ASSERT(length <= UINT32_MAX);
1078 if (!sspi_SecBufferAlloc(&context->AuthenticateMessage, (ULONG)length))
1081 CopyMemory(context->AuthenticateMessage.pvBuffer, Stream_Buffer(s), length);
1082 buffer->cbBuffer = (ULONG)length;
1083 if (!Stream_SetPosition(s, PayloadBufferOffset))
1086 if (flags & MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK)
1088 status = SEC_E_INVALID_TOKEN;
1089 if (!ntlm_read_message_integrity_check(
1090 s, &context->MessageIntegrityCheckOffset, message->MessageIntegrityCheck,
1091 sizeof(message->MessageIntegrityCheck),
"NTLM_AUTHENTICATE_MESSAGE"))
1095 status = SEC_E_INTERNAL_ERROR;
1097#if defined(WITH_DEBUG_NTLM)
1098 ntlm_print_authenticate_message(&context->AuthenticateMessage, message, flags,
nullptr);
1101 if (message->UserName.Len > 0)
1103 credentials->identity.User = (UINT16*)calloc(message->UserName.Len +
sizeof(WCHAR), 1);
1105 if (!credentials->identity.User)
1108 CopyMemory(credentials->identity.User, message->UserName.Buffer, message->UserName.Len);
1109 credentials->identity.UserLength = message->UserName.Len /
sizeof(WCHAR);
1112 if (message->DomainName.Len > 0)
1114 credentials->identity.Domain = (UINT16*)calloc(message->DomainName.Len +
sizeof(WCHAR), 1);
1116 if (!credentials->identity.Domain)
1119 CopyMemory(credentials->identity.Domain, message->DomainName.Buffer,
1120 message->DomainName.Len);
1121 credentials->identity.DomainLength = message->DomainName.Len /
sizeof(WCHAR);
1124 if (context->NegotiateFlags & NTLMSSP_NEGOTIATE_LM_KEY)
1126 const SECURITY_STATUS rc = ntlm_compute_lm_v2_response(context);
1135 const SECURITY_STATUS rc = ntlm_compute_ntlm_v2_response(context);
1144 if (!ntlm_generate_key_exchange_key(context))
1147 if (!ntlm_decrypt_random_session_key(context))
1150 if (!ntlm_generate_exported_session_key(context))
1153 if (flags & MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK)
1155 BYTE messageIntegrityCheck[16] = WINPR_C_ARRAY_INIT;
1157 if (!ntlm_compute_message_integrity_check(context, messageIntegrityCheck,
1158 sizeof(messageIntegrityCheck)))
1161 &((PBYTE)context->AuthenticateMessage.pvBuffer)[context->MessageIntegrityCheckOffset],
1162 message->MessageIntegrityCheck,
sizeof(message->MessageIntegrityCheck));
1164 if (memcmp(messageIntegrityCheck, message->MessageIntegrityCheck,
1165 sizeof(message->MessageIntegrityCheck)) != 0)
1167 WLog_ERR(TAG,
"Message Integrity Check (MIC) verification failed!");
1168#ifdef WITH_DEBUG_NTLM
1169 WLog_ERR(TAG,
"Expected MIC:");
1170 winpr_HexDump(TAG, WLOG_ERROR, messageIntegrityCheck,
sizeof(messageIntegrityCheck));
1171 WLog_ERR(TAG,
"Actual MIC:");
1172 winpr_HexDump(TAG, WLOG_ERROR, message->MessageIntegrityCheck,
1173 sizeof(message->MessageIntegrityCheck));
1175 status = SEC_E_MESSAGE_ALTERED;
1191#ifdef WITH_DEBUG_NTLM
1192 WLog_VRB(TAG,
"No MIC present, using NtProofString for verification.");
1195 if (memcmp(context->NTLMv2Response.Response, context->NtProofString, 16) != 0)
1197 WLog_ERR(TAG,
"NtProofString verification failed!");
1198#ifdef WITH_DEBUG_NTLM
1199 WLog_ERR(TAG,
"Expected NtProofString:");
1200 winpr_HexDump(TAG, WLOG_ERROR, context->NtProofString,
sizeof(context->NtProofString));
1201 WLog_ERR(TAG,
"Actual NtProofString:");
1202 winpr_HexDump(TAG, WLOG_ERROR, context->NTLMv2Response.Response,
1203 sizeof(context->NTLMv2Response));
1205 status = SEC_E_LOGON_DENIED;
1211 if (!ntlm_generate_client_signing_key(context))
1213 if (!ntlm_generate_server_signing_key(context))
1216 if (!ntlm_generate_client_sealing_key(context))
1218 if (!ntlm_generate_server_sealing_key(context))
1221 if (!ntlm_init_rc4_seal_states(context))
1223#if defined(WITH_DEBUG_NTLM)
1224 ntlm_print_authentication_complete(context);
1226 ntlm_change_state(context, NTLM_STATE_FINAL);
1230 ntlm_free_message_fields_buffer(&(message->DomainName));
1231 ntlm_free_message_fields_buffer(&(message->UserName));
1232 ntlm_free_message_fields_buffer(&(message->Workstation));
1233 ntlm_free_message_fields_buffer(&(message->LmChallengeResponse));
1238 if (context->NtChallengeResponse.pvBuffer != message->NtChallengeResponse.Buffer)
1239 ntlm_free_message_fields_buffer(&(message->NtChallengeResponse));
1240 ntlm_free_message_fields_buffer(&(message->EncryptedRandomSessionKey));
1253 wStream sbuffer = WINPR_C_ARRAY_INIT;
1255 UINT32 PayloadBufferOffset = 0;
1258 WINPR_ASSERT(context);
1259 WINPR_ASSERT(buffer);
1262 WINPR_ASSERT(credentials);
1265 WINPR_ASSERT(message);
1269 wStream* s = Stream_StaticInit(&sbuffer, buffer->pvBuffer, buffer->cbBuffer);
1272 return SEC_E_INTERNAL_ERROR;
1274 if (context->NTLMv2)
1276 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_56;
1278 if (context->SendVersionInfo)
1279 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_VERSION;
1282 if (context->UseMIC)
1283 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_TARGET_INFO;
1285 if (context->SendWorkstationName)
1286 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED;
1288 if (context->confidentiality)
1289 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
1291 if (context->CHALLENGE_MESSAGE.NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
1292 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
1294 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_128;
1295 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY;
1296 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN;
1297 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM;
1298 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
1299 message->NegotiateFlags |= NTLMSSP_REQUEST_TARGET;
1300 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_UNICODE;
1302 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
1304 if (!ntlm_get_version_info(&(message->Version)))
1305 return SEC_E_INTERNAL_ERROR;
1308 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
1310 message->Workstation.Len = context->Workstation.Length;
1311 message->Workstation.Buffer = (BYTE*)context->Workstation.Buffer;
1314 if (credentials->identity.DomainLength > 0)
1316 message->NegotiateFlags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
1317 message->DomainName.Len = (UINT16)credentials->identity.DomainLength *
sizeof(WCHAR);
1318 message->DomainName.Buffer = (BYTE*)credentials->identity.Domain;
1321 message->UserName.Len = (UINT16)credentials->identity.UserLength *
sizeof(WCHAR);
1322 message->UserName.Buffer = (BYTE*)credentials->identity.User;
1323 message->LmChallengeResponse.Len = (UINT16)context->LmChallengeResponse.cbBuffer;
1324 message->LmChallengeResponse.Buffer = (BYTE*)context->LmChallengeResponse.pvBuffer;
1325 message->NtChallengeResponse.Len = (UINT16)context->NtChallengeResponse.cbBuffer;
1326 message->NtChallengeResponse.Buffer = (BYTE*)context->NtChallengeResponse.pvBuffer;
1328 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
1330 message->EncryptedRandomSessionKey.Len = 16;
1331 message->EncryptedRandomSessionKey.Buffer = context->EncryptedRandomSessionKey;
1334 PayloadBufferOffset = 64;
1336 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
1337 PayloadBufferOffset += 8;
1339 if (context->UseMIC)
1340 PayloadBufferOffset += 16;
1342 message->DomainName.BufferOffset = PayloadBufferOffset;
1343 message->UserName.BufferOffset = message->DomainName.BufferOffset + message->DomainName.Len;
1344 message->Workstation.BufferOffset = message->UserName.BufferOffset + message->UserName.Len;
1345 message->LmChallengeResponse.BufferOffset =
1346 message->Workstation.BufferOffset + message->Workstation.Len;
1347 message->NtChallengeResponse.BufferOffset =
1348 message->LmChallengeResponse.BufferOffset + message->LmChallengeResponse.Len;
1349 message->EncryptedRandomSessionKey.BufferOffset =
1350 message->NtChallengeResponse.BufferOffset + message->NtChallengeResponse.Len;
1351 if (!ntlm_populate_message_header(&message->header, MESSAGE_TYPE_AUTHENTICATE))
1352 return SEC_E_INVALID_TOKEN;
1353 if (!ntlm_write_message_header(s, &message->header))
1354 return SEC_E_INTERNAL_ERROR;
1355 if (!ntlm_write_message_fields(
1356 s, &(message->LmChallengeResponse)))
1357 return SEC_E_INTERNAL_ERROR;
1358 if (!ntlm_write_message_fields(
1359 s, &(message->NtChallengeResponse)))
1360 return SEC_E_INTERNAL_ERROR;
1361 if (!ntlm_write_message_fields(s, &(message->DomainName)))
1362 return SEC_E_INTERNAL_ERROR;
1363 if (!ntlm_write_message_fields(s, &(message->UserName)))
1364 return SEC_E_INTERNAL_ERROR;
1365 if (!ntlm_write_message_fields(s, &(message->Workstation)))
1366 return SEC_E_INTERNAL_ERROR;
1367 if (!ntlm_write_message_fields(
1369 &(message->EncryptedRandomSessionKey)))
1370 return SEC_E_INTERNAL_ERROR;
1371 if (!ntlm_write_negotiate_flags(s, message->NegotiateFlags,
"NTLM_AUTHENTICATE_MESSAGE"))
1372 return SEC_E_INTERNAL_ERROR;
1374 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_VERSION)
1376 if (!ntlm_write_version_info(s, &(message->Version)))
1377 return SEC_E_INTERNAL_ERROR;
1380 if (context->UseMIC)
1382 const BYTE data[WINPR_MD5_DIGEST_LENGTH] = WINPR_C_ARRAY_INIT;
1384 context->MessageIntegrityCheckOffset = Stream_GetPosition(s);
1385 if (!ntlm_write_message_integrity_check(s, Stream_GetPosition(s), data,
sizeof(data),
1386 "NTLM_AUTHENTICATE_MESSAGE"))
1387 return SEC_E_INTERNAL_ERROR;
1390 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED)
1392 if (!ntlm_write_message_fields_buffer(s, &(message->DomainName)))
1393 return SEC_E_INTERNAL_ERROR;
1396 if (!ntlm_write_message_fields_buffer(s, &(message->UserName)))
1397 return SEC_E_INTERNAL_ERROR;
1399 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED)
1401 if (!ntlm_write_message_fields_buffer(s, &(message->Workstation)))
1402 return SEC_E_INTERNAL_ERROR;
1405 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_LM_KEY)
1407 if (!ntlm_write_message_fields_buffer(
1408 s, &(message->LmChallengeResponse)))
1409 return SEC_E_INTERNAL_ERROR;
1411 if (!ntlm_write_message_fields_buffer(
1412 s, &(message->NtChallengeResponse)))
1413 return SEC_E_INTERNAL_ERROR;
1415 if (message->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH)
1417 if (!ntlm_write_message_fields_buffer(
1418 s, &(message->EncryptedRandomSessionKey)))
1419 return SEC_E_INTERNAL_ERROR;
1422 length = Stream_GetPosition(s);
1423 WINPR_ASSERT(length <= UINT32_MAX);
1425 if (!sspi_SecBufferAlloc(&context->AuthenticateMessage, (ULONG)length))
1426 return SEC_E_INTERNAL_ERROR;
1428 CopyMemory(context->AuthenticateMessage.pvBuffer, Stream_Buffer(s), length);
1429 buffer->cbBuffer = (ULONG)length;
1431 if (context->UseMIC)
1434 if (!ntlm_compute_message_integrity_check(context, message->MessageIntegrityCheck,
1435 sizeof(message->MessageIntegrityCheck)))
1436 return SEC_E_INTERNAL_ERROR;
1437 if (!ntlm_write_message_integrity_check(
1438 s, context->MessageIntegrityCheckOffset, message->MessageIntegrityCheck,
1439 sizeof(message->MessageIntegrityCheck),
"NTLM_AUTHENTICATE_MESSAGE"))
1440 return SEC_E_INTERNAL_ERROR;
1443#if defined(WITH_DEBUG_NTLM)
1444 ntlm_print_authenticate_message(&context->AuthenticateMessage, message,
1445 context->UseMIC ? MSV_AV_FLAGS_MESSAGE_INTEGRITY_CHECK : 0,
1446 &context->AuthenticateTargetInfo);
1448 ntlm_change_state(context, NTLM_STATE_FINAL);