📄 userapi.cxx
字号:
UNREFERENCED_PARAMETER(fQOP);
UNREFERENCED_PARAMETER(MessageSeqNo);
pContext = ReferenceUserContext(ContextHandle, FALSE);
if (pContext == NULL)
{
Status = STATUS_INVALID_HANDLE;
SspPrint(( SSP_CRITICAL, "SpMakeSignature, ReferenceUserContext returns NULL\n" ));
goto CleanUp;
}
Status = SspSignSealHelper(
pContext,
eSign,
pMessage,
MessageSeqNo,
&Sig,
&pSig
);
if( !NT_SUCCESS(Status) ) {
SspPrint(( SSP_CRITICAL, "SpMakeSignature, SspSignSealHelper returns %lx\n", Status ));
goto CleanUp;
}
RtlCopyMemory(
pSig,
&Sig,
NTLMSSP_MESSAGE_SIGNATURE_SIZE
);
CleanUp:
if (pContext != NULL)
{
SubStatus = DereferenceUserContext(pContext);
// Don't destroy real status
if (NT_SUCCESS(Status))
{
Status = SubStatus;
}
}
SspPrint(( SSP_API, "Leaving SpMakeSignature: 0x%lx\n", Status ));
return(SspNtStatusToSecStatus(Status, SEC_E_INTERNAL_ERROR));
}
//+-------------------------------------------------------------------------
//
// Function: SpVerifySignature
//
// Synopsis: Verifies a signed message buffer by calculating a checksum over all
// the non-read only data buffers and encrypting the checksum
// along with a nonce.
//
// Effects:
//
// Arguments: ContextHandle - Handle of the context to use to sign the
// message.
// MessageBuffers - Contains an array of signed buffers and
// a signature buffer.
// MessageSequenceNumber - Sequence number for this message,
// only used in datagram cases.
// QualityOfProtection - Unused flags.
//
// Requires: STATUS_INVALID_HANDLE - the context could not be found or
// was not configured for message integrity.
// STATUS_INVALID_PARAMETER - the signature buffer could not
// be found or was too small.
//
// Returns:
//
// Notes: This was stolen from net\svcdlls\ntlmssp\client\sign.c ,
// routine SspHandleVerifyMessage. It's possible that
// bugs got copied too
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
SpVerifySignature(
IN ULONG_PTR ContextHandle,
IN PSecBufferDesc pMessage,
IN ULONG MessageSeqNo,
OUT PULONG pfQOP
)
{
SspPrint(( SSP_API, "Entering SpVerifySignature\n" ));
NTSTATUS Status = S_OK;
NTSTATUS SubStatus = S_OK;
PNTLM_CLIENT_CONTEXT pContext;
NTLMSSP_MESSAGE_SIGNATURE Sig;
PNTLMSSP_MESSAGE_SIGNATURE pSig; // pointer to buffer with sig in it
UNREFERENCED_PARAMETER(pfQOP);
pContext = ReferenceUserContext(ContextHandle, FALSE);
if (!pContext)
{
Status = STATUS_INVALID_HANDLE;
SspPrint(( SSP_CRITICAL, "SpVerifySignature, ReferenceUserContext returns NULL\n" ));
goto CleanUp;
}
Status = SspSignSealHelper(
pContext,
eVerify,
pMessage,
MessageSeqNo,
&Sig,
&pSig
);
if (!NT_SUCCESS(Status))
{
SspPrint(( SSP_CRITICAL, "SpVerifySignature, SspSignSealHelper returns %lx\n", Status ));
goto CleanUp;
}
if (pSig->Version != NTLM_SIGN_VERSION) {
Status = SEC_E_INVALID_TOKEN;
goto CleanUp;
}
// validate the signature...
if (pSig->CheckSum != Sig.CheckSum)
{
Status = SEC_E_MESSAGE_ALTERED;
goto CleanUp;
}
// with MD5 sig, this now matters!
if (pSig->RandomPad != Sig.RandomPad)
{
Status = SEC_E_MESSAGE_ALTERED;
goto CleanUp;
}
if (pSig->Nonce != Sig.Nonce)
{
Status = SEC_E_OUT_OF_SEQUENCE;
goto CleanUp;
}
CleanUp:
if (pContext != NULL)
{
SubStatus = DereferenceUserContext(pContext);
// Don't destroy real status
if (NT_SUCCESS(Status))
{
Status = SubStatus;
}
}
SspPrint(( SSP_API, "Leaving SpVerifySignature: 0x%lx\n", Status ));
return(SspNtStatusToSecStatus(Status, SEC_E_INTERNAL_ERROR));
}
//+-------------------------------------------------------------------------
//
// Function: SpSealMessage
//
// Synopsis: Verifies a signed message buffer by calculating a checksum over all
// the non-read only data buffers and encrypting the checksum
// along with a nonce.
//
// Effects:
//
// Arguments: ContextHandle - Handle of the context to use to sign the
// message.
// MessageBuffers - Contains an array of signed buffers and
// a signature buffer.
// MessageSequenceNumber - Sequence number for this message,
// only used in datagram cases.
// QualityOfProtection - Unused flags.
//
// Requires: STATUS_INVALID_HANDLE - the context could not be found or
// was not configured for message integrity.
// STATUS_INVALID_PARAMETER - the signature buffer could not
// be found or was too small.
//
// Returns:
//
// Notes: This was stolen from net\svcdlls\ntlmssp\client\sign.c ,
// routine SspHandleSealMessage. It's possible that
// bugs got copied too
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
SpSealMessage(
IN ULONG_PTR ContextHandle,
IN ULONG fQOP,
IN PSecBufferDesc pMessage,
IN ULONG MessageSeqNo
)
{
SspPrint(( SSP_API, "Entering SpSealMessage\n" ));
NTSTATUS Status = S_OK;
NTSTATUS SubStatus = S_OK;
PNTLM_CLIENT_CONTEXT pContext;
NTLMSSP_MESSAGE_SIGNATURE Sig;
PNTLMSSP_MESSAGE_SIGNATURE pSig; // pointer to buffer where sig goes
UNREFERENCED_PARAMETER(fQOP);
pContext = ReferenceUserContext(ContextHandle, FALSE);
if (!pContext)
{
Status = STATUS_INVALID_HANDLE;
SspPrint(( SSP_CRITICAL, "SpSealMessage, ReferenceUserContext returns NULL\n" ));
goto CleanUp;
}
Status = SspSignSealHelper(
pContext,
eSeal,
pMessage,
MessageSeqNo,
&Sig,
&pSig
);
if (!NT_SUCCESS(Status))
{
SspPrint(( SSP_CRITICAL, "SpVerifySignature, SspSignSealHelper returns %lx\n", Status ));
goto CleanUp;
}
RtlCopyMemory(
pSig,
&Sig,
NTLMSSP_MESSAGE_SIGNATURE_SIZE
);
CleanUp:
if (pContext != NULL)
{
SubStatus = DereferenceUserContext(pContext);
// Don't destroy real status
if (NT_SUCCESS(Status))
{
Status = SubStatus;
}
}
SspPrint(( SSP_API, "Leaving SpSealMessage: 0x%lx\n", Status ));
return(SspNtStatusToSecStatus(Status, SEC_E_INTERNAL_ERROR));
}
//+-------------------------------------------------------------------------
//
// Function: SpUnsealMessage
//
// Synopsis: Verifies a signed message buffer by calculating a checksum over all
// the non-read only data buffers and encrypting the checksum
// along with a nonce.
//
// Effects:
//
// Arguments: ContextHandle - Handle of the context to use to sign the
// message.
// MessageBuffers - Contains an array of signed buffers and
// a signature buffer.
// MessageSequenceNumber - Sequence number for this message,
// only used in datagram cases.
// QualityOfProtection - Unused flags.
//
// Requires: STATUS_INVALID_HANDLE - the context could not be found or
// was not configured for message integrity.
// STATUS_INVALID_PARAMETER - the signature buffer could not
// be found or was too small.
//
// Returns:
//
// Notes: This was stolen from net\svcdlls\ntlmssp\client\sign.c ,
// routine SspHandleUnsealMessage. It's possible that
// bugs got copied too
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
SpUnsealMessage(
IN ULONG_PTR ContextHandle,
IN PSecBufferDesc pMessage,
IN ULONG MessageSeqNo,
OUT PULONG pfQOP
)
{
SspPrint(( SSP_API, "Entering SpUnsealMessage\n" ));
NTSTATUS Status = S_OK;
NTSTATUS SubStatus = S_OK;
PNTLM_CLIENT_CONTEXT pContext;
NTLMSSP_MESSAGE_SIGNATURE Sig;
PNTLMSSP_MESSAGE_SIGNATURE pSig; // pointer to buffer where sig goes
UNREFERENCED_PARAMETER(pfQOP);
pContext = ReferenceUserContext(ContextHandle, FALSE);
if (!pContext)
{
Status = STATUS_INVALID_HANDLE;
SspPrint(( SSP_CRITICAL, "SpUnsealMessage, ReferenceUserContext returns NULL\n" ));
goto CleanUp;
}
Status = SspSignSealHelper(
pContext,
eUnseal,
pMessage,
MessageSeqNo,
&Sig,
&pSig
);
if (!NT_SUCCESS(Status))
{
SspPrint(( SSP_CRITICAL, "SpUnsealMessage, SspSignSealHelper returns %lx\n", Status ));
goto CleanUp;
}
if (pSig->Version != NTLM_SIGN_VERSION) {
Status = SEC_E_INVALID_TOKEN;
goto CleanUp;
}
// validate the signature...
if (pSig->CheckSum != Sig.CheckSum)
{
Status = SEC_E_MESSAGE_ALTERED;
goto CleanUp;
}
if (pSig->RandomPad != Sig.RandomPad)
{
Status = SEC_E_MESSAGE_ALTERED;
goto CleanUp;
}
if (pSig->Nonce != Sig.Nonce)
{
Status = SEC_E_OUT_OF_SEQUENCE;
goto CleanUp;
}
CleanUp:
if (pContext != NULL)
{
SubStatus = DereferenceUserContext(pContext);
// Don't destroy real status
if (NT_SUCCESS(Status))
{
Status = SubStatus;
}
}
SspPrint(( SSP_API, "Leaving SpUnsealMessage: 0x%lx\n", Status ));
return(SspNtStatusToSecStatus(Status, SEC_E_INTERNAL_ERROR));
}
//+-------------------------------------------------------------------------
//
// Function: SpGetContextToken
//
// Synopsis: returns a pointer to the token for a server-side context
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
SpGetContextToken(
IN ULONG_PTR ContextHandle,
OUT PHANDLE ImpersonationToken
)
{
SspPrint(( SSP_API, "Entering SpGetContextToken\n" ));
NTSTATUS Status = S_OK;
PNTLM_CLIENT_CONTEXT pContext;
pContext = ReferenceUserContext(ContextHandle, FALSE);
if (pContext && pContext->ClientTokenHandle)
{
*ImpersonationToken = pContext->ClientTokenHandle;
Status= S_OK;
goto CleanUp;
}
Status = STATUS_INVALID_HANDLE;
SspPrint(( SSP_CRITICAL, "SpGetContextToken, no token handle\n" ));
CleanUp:
if (pContext != NULL)
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -