📄 ssptest.c
字号:
if ( Password != NULL ) {
AuthIdentity.Password = Password;
AuthIdentity.PasswordLength = wcslen(Password);
}
AuthIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
#else
//
// BUGBUG: memory leak here
//
if ( DomainName != NULL ) {
AuthIdentity.Domain = (LPWSTR) NetpAllocStrFromWStr(DomainName);
AuthIdentity.DomainLength = wcslen(DomainName);
}
if ( UserName != NULL ) {
AuthIdentity.User = (LPWSTR) NetpAllocStrFromWStr(UserName);
AuthIdentity.UserLength = wcslen(UserName);
}
if ( Password != NULL ) {
AuthIdentity.Password = (LPWSTR) NetpAllocStrFromWStr(Password);
AuthIdentity.PasswordLength = wcslen(Password);
}
AuthIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
#endif
SecStatus = AcquireCredentialsHandle(
NULL, // New principal
NTLMSP_NAME, // Package Name
SECPKG_CRED_OUTBOUND,
NULL,
(DomainName == NULL && UserName == NULL && Password == NULL) ?
NULL : &AuthIdentity,
NULL,
NULL,
&CredentialHandle2,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "AcquireCredentialsHandle failed: " );
TmpStatus = GetLastError();
PrintStatus( SecStatus );
return;
}
if ( !QuietMode ) {
printf( "CredentialHandle2: 0x%lx 0x%lx ",
CredentialHandle2.dwLower, CredentialHandle2.dwUpper );
PrintTime( "Lifetime: ", Lifetime );
}
//
// Get the NegotiateMessage (ClientSide)
//
NegotiateDesc.ulVersion = 0;
NegotiateDesc.cBuffers = 1;
NegotiateDesc.pBuffers = &NegotiateBuffer;
NegotiateBuffer.cbBuffer = PackageInfo->cbMaxToken;
NegotiateBuffer.BufferType = SECBUFFER_TOKEN;
NegotiateBuffer.pvBuffer = LocalAlloc( 0, NegotiateBuffer.cbBuffer );
if ( NegotiateBuffer.pvBuffer == NULL ) {
printf( "Allocate NegotiateMessage failed: 0x%ld\n", GetLastError() );
return;
}
SecStatus = InitializeSecurityContext(
&CredentialHandle2,
NULL, // No Client context yet
L"\\\\Frank\\IPC$", // Faked target name
ISC_REQ_SEQUENCE_DETECT | ISC_REQ_DATAGRAM,
0, // Reserved 1
SECURITY_NATIVE_DREP,
NULL, // No initial input token
0, // Reserved 2
&ClientContextHandle,
&NegotiateDesc,
&ContextAttributes,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
if ( !QuietMode || !NT_SUCCESS(SecStatus) ) {
printf( "InitializeSecurityContext (negotiate): " );
PrintStatus( SecStatus );
}
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf( "\n\nNegotiate Message:\n" );
printf( "ClientContextHandle: 0x%lx 0x%lx Attributes: 0x%lx ",
ClientContextHandle.dwLower, ClientContextHandle.dwUpper,
ContextAttributes );
PrintTime( "Lifetime: ", Lifetime );
DumpBuffer( NegotiateBuffer.pvBuffer, NegotiateBuffer.cbBuffer );
}
//
// Get the ChallengeMessage (ServerSide)
//
NegotiateBuffer.BufferType |= SECBUFFER_READONLY;
ChallengeDesc.ulVersion = 0;
ChallengeDesc.cBuffers = 1;
ChallengeDesc.pBuffers = &ChallengeBuffer;
ChallengeBuffer.cbBuffer = PackageInfo->cbMaxToken;
ChallengeBuffer.BufferType = SECBUFFER_TOKEN;
ChallengeBuffer.pvBuffer = LocalAlloc( 0, ChallengeBuffer.cbBuffer );
if ( ChallengeBuffer.pvBuffer == NULL ) {
printf( "Allocate ChallengeMessage failed: 0x%ld\n", GetLastError() );
return;
}
SecStatus = AcceptSecurityContext(
&CredentialHandle1,
NULL, // No Server context yet
&NegotiateDesc,
ISC_REQ_SEQUENCE_DETECT | ISC_REQ_DATAGRAM,
SECURITY_NATIVE_DREP,
&ServerContextHandle,
&ChallengeDesc,
&ContextAttributes,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
if ( !QuietMode || !NT_SUCCESS(SecStatus) ) {
printf( "AcceptSecurityContext (Challenge): " );
PrintStatus( SecStatus );
}
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf( "\n\nChallenge Message:\n" );
printf( "ServerContextHandle: 0x%lx 0x%lx Attributes: 0x%lx ",
ServerContextHandle.dwLower, ServerContextHandle.dwUpper,
ContextAttributes );
PrintTime( "Lifetime: ", Lifetime );
DumpBuffer( ChallengeBuffer.pvBuffer, ChallengeBuffer.cbBuffer );
}
//
// Get the AuthenticateMessage (ClientSide)
//
ChallengeBuffer.BufferType |= SECBUFFER_READONLY;
AuthenticateDesc.ulVersion = 0;
AuthenticateDesc.cBuffers = 1;
AuthenticateDesc.pBuffers = &AuthenticateBuffer;
AuthenticateBuffer.cbBuffer = PackageInfo->cbMaxToken;
AuthenticateBuffer.BufferType = SECBUFFER_TOKEN;
AuthenticateBuffer.pvBuffer = LocalAlloc( 0, AuthenticateBuffer.cbBuffer );
if ( AuthenticateBuffer.pvBuffer == NULL ) {
printf( "Allocate AuthenticateMessage failed: 0x%ld\n", GetLastError() );
return;
}
SecStatus = InitializeSecurityContext(
NULL,
&ClientContextHandle,
L"\\\\Frank\\IPC$", // Faked target name
0,
0, // Reserved 1
SECURITY_NATIVE_DREP,
&ChallengeDesc,
0, // Reserved 2
&ClientContextHandle,
&AuthenticateDesc,
&ContextAttributes,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
printf( "InitializeSecurityContext (Authenticate): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf( "\n\nAuthenticate Message:\n" );
printf( "ClientContextHandle: 0x%lx 0x%lx Attributes: 0x%lx ",
ClientContextHandle.dwLower, ClientContextHandle.dwUpper,
ContextAttributes );
PrintTime( "Lifetime: ", Lifetime );
DumpBuffer( AuthenticateBuffer.pvBuffer, AuthenticateBuffer.cbBuffer );
}
//
// Finally authenticate the user (ServerSide)
//
AuthenticateBuffer.BufferType |= SECBUFFER_READONLY;
SecStatus = AcceptSecurityContext(
NULL,
&ServerContextHandle,
&AuthenticateDesc,
0,
SECURITY_NATIVE_DREP,
&ServerContextHandle,
NULL,
&ContextAttributes,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
printf( "AcceptSecurityContext (Challenge): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf( "\n\nFinal Authentication:\n" );
printf( "ServerContextHandle: 0x%lx 0x%lx Attributes: 0x%lx ",
ServerContextHandle.dwLower, ServerContextHandle.dwUpper,
ContextAttributes );
PrintTime( "Lifetime: ", Lifetime );
printf(" \n" );
}
//
// Query as many attributes as possible
//
SecStatus = QueryContextAttributes(
&ClientContextHandle,
SECPKG_ATTR_SIZES,
&ContextSizes );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
printf( "QueryContextAttributes (sizes): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf( "QuerySizes: %ld %ld %ld %ld\n",
ContextSizes.cbMaxToken,
ContextSizes.cbMaxSignature,
ContextSizes.cbBlockSize,
ContextSizes.cbSecurityTrailer );
}
SecStatus = QueryContextAttributes(
&ClientContextHandle,
SECPKG_ATTR_NAMES,
ContextNamesBuffer );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
printf( "QueryContextAttributes (names): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf( "QueryNames: %ws\n", ContextNames->sUserName );
}
SecStatus = QueryContextAttributes(
&ClientContextHandle,
SECPKG_ATTR_LIFESPAN,
&ContextLifespan );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
printf( "QueryContextAttributes (lifespan): " );
PrintStatus( SecStatus );
}
if ( NT_SUCCESS(SecStatus) )
{
if ( !QuietMode )
{
PrintTime(" Start:", ContextLifespan.tsStart );
PrintTime(" Expiry:", ContextLifespan.tsExpiry );
}
}
//
// Get the ChallengeMessage (ServerSide)
//
// Now make a third call to Initialize to check that RPC can
// reauthenticate.
//
AuthenticateBuffer.BufferType = SECBUFFER_TOKEN;
SecStatus = InitializeSecurityContext(
NULL,
&ClientContextHandle,
L"\\\\Frank\\IPC$", // Faked target name
0,
0, // Reserved 1
SECURITY_NATIVE_DREP,
NULL,
0, // Reserved 2
&ClientContextHandle,
&AuthenticateDesc,
&ContextAttributes,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
printf( "InitializeSecurityContext (Re-Authenticate): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Now try to re-authenticate the user (ServerSide)
//
AuthenticateBuffer.BufferType |= SECBUFFER_READONLY;
SecStatus = AcceptSecurityContext(
NULL,
&ServerContextHandle,
&AuthenticateDesc,
0,
SECURITY_NATIVE_DREP,
&ServerContextHandle,
NULL,
&ContextAttributes,
&Lifetime );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
printf( "AcceptSecurityContext (Re-authenticate): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Impersonate the client (ServerSide)
//
SecStatus = ImpersonateSecurityContext( &ServerContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
TmpStatus = GetLastError();
printf( "ImpersonateSecurityContext: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Do something while impersonating (Access the token)
//
{
NTSTATUS Status;
HANDLE TokenHandle = NULL;
//
// Open the token,
//
Status = NtOpenThreadToken(
NtCurrentThread(),
TOKEN_QUERY,
(BOOLEAN) TRUE, // Not really using the impersonation token
&TokenHandle );
if ( !NT_SUCCESS(Status) ) {
printf( "Access Thread token while impersonating: " );
PrintStatus( Status );
return;
} else {
(VOID) NtClose( TokenHandle );
}
}
//
// RevertToSelf (ServerSide)
//
SecStatus = RevertSecurityContext( &ServerContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "RevertSecurityContext: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Sign a message
//
SecStatus = MakeSignature(
&ClientContextHandle,
0,
&SignMessage,
0 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "MakeSignature: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf("\n Signature: \n");
DumpBuffer(SigBuffers[1].pvBuffer,SigBuffers[1].cbBuffer);
}
//
// Verify the signature
//
SecStatus = VerifySignature(
&ServerContextHandle,
&SignMessage,
0,
0 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "VerifySignature: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
//
// Sign a message, this time to check if it can detect a change in the
// message
//
SecStatus = MakeSignature(
&ClientContextHandle,
0,
&SignMessage,
0 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "MakeSignature: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf("\n Signature: \n");
DumpBuffer(SigBuffers[1].pvBuffer,SigBuffers[1].cbBuffer);
}
//
// Mess up the message to see if VerifySignature works
//
bDataBuffer[10] = 0xec;
//
// Verify the signature
//
SecStatus = VerifySignature(
&ServerContextHandle,
&SignMessage,
0,
0 );
if ( SecStatus != SEC_E_MESSAGE_ALTERED ) {
printf( "VerifySignature: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
// Export client context without deleting the old one.
SecStatus = ExportSecurityContext(
&ClientContextHandle,
0,
&ExportedBuffer,
NULL);
if ( SecStatus != STATUS_SUCCESS ) {
printf( "ExportSecurityContext: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
SecStatus = ImportSecurityContext(
NTLMSP_NAME, // Package Name
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -