【发布时间】:2019-07-26 22:34:33
【问题描述】:
我正在尝试让 Win32 SSPI API 验证来自客户端的 challenge response。对AcceptSecurityContext 的调用总是以 SEC_E_INVALID_TOKEN (0x80090308) 或 SEC_E_INTERNAL_ERROR (0x80090304) 失败。
我已将问题简化为以下示例代码:
#define SECURITY_WIN32
#define WIN32_LEAN_AND_MEAN
#include <Windows.h>
#include <security.h>
#include <wdigest.h>
#include <cstdlib>
#include <string>
#include <iostream>
#pragma comment(lib, "Secur32.lib")
using namespace std::string_literals;
int main()
{
auto const realm = L"realm"s;
auto const client_method = "GET"s;
auto const client_target = L"HTTP/TARGETMACHINE"s;
auto const client_uri = L"/"s;
auto const client_uri_utf8 = "/"s;
// server generate digest challenge
PSecPkgInfoW package_info;
auto result = QuerySecurityPackageInfoW(const_cast<LPWSTR>(WDIGEST_SP_NAME_W), &package_info);
if (result != SEC_E_OK)
{
return EXIT_FAILURE;
}
CredHandle serverCredHandle;
TimeStamp lifetime;
result = AcquireCredentialsHandleW(nullptr, const_cast<LPWSTR>(WDIGEST_SP_NAME_W), SECPKG_CRED_INBOUND, nullptr, nullptr, nullptr, nullptr, &serverCredHandle, &lifetime);
if (result != SEC_E_OK)
{
return EXIT_FAILURE;
}
SecBuffer challengeInBuffers[5];
// token
challengeInBuffers[0].BufferType = SECBUFFER_TOKEN;
challengeInBuffers[0].cbBuffer = 0;
challengeInBuffers[0].pvBuffer = nullptr;
// method
challengeInBuffers[1].BufferType = SECBUFFER_PKG_PARAMS;
challengeInBuffers[1].cbBuffer = 0;
challengeInBuffers[1].pvBuffer = nullptr;
// uri
challengeInBuffers[2].BufferType = SECBUFFER_PKG_PARAMS;
challengeInBuffers[2].cbBuffer = 0;
challengeInBuffers[2].pvBuffer = nullptr;
// body hash
challengeInBuffers[3].BufferType = SECBUFFER_PKG_PARAMS;
challengeInBuffers[3].cbBuffer = 0;
challengeInBuffers[3].pvBuffer = nullptr;
// realm
challengeInBuffers[4].BufferType = SECBUFFER_PKG_PARAMS;
challengeInBuffers[4].cbBuffer = realm.size() * sizeof(wchar_t);
challengeInBuffers[4].pvBuffer = const_cast<void*>(static_cast<void const*>(realm.c_str()));
SecBufferDesc challengeInBufferDesc;
challengeInBufferDesc.ulVersion = 0;
challengeInBufferDesc.cBuffers = 5;
challengeInBufferDesc.pBuffers = challengeInBuffers;
std::string challenge;
challenge.resize(package_info->cbMaxToken);
SecBuffer challengeOutBuffer;
challengeOutBuffer.BufferType = SECBUFFER_TOKEN;
challengeOutBuffer.cbBuffer = challenge.size();
challengeOutBuffer.pvBuffer = const_cast<void*>(static_cast<void const*>(challenge.data()));
SecBufferDesc challengeOutBufferDesc;
challengeOutBufferDesc.ulVersion = 0;
challengeOutBufferDesc.cBuffers = 1;
challengeOutBufferDesc.pBuffers = &challengeOutBuffer;
CtxtHandle serverContextHandle;
unsigned long outContextAttributes;
result = AcceptSecurityContext(&serverCredHandle, nullptr, &challengeInBufferDesc, 0, SECURITY_NETWORK_DREP, &serverContextHandle, &challengeOutBufferDesc, &outContextAttributes, &lifetime);
if (result != SEC_I_CONTINUE_NEEDED)
{
return EXIT_FAILURE;
}
challenge.resize(challengeOutBuffer.cbBuffer);
std::cout << "Challenge: [" << challenge << "]\n";
// client challenge response generation
SEC_WINNT_AUTH_IDENTITY_W auth_data;
auth_data.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
auth_data.User = nullptr;
auth_data.UserLength = 0;
auth_data.Domain = nullptr;
auth_data.DomainLength = 0;
auth_data.Password = nullptr;
auth_data.PasswordLength = 0;
CredHandle clientCredHandle;
result = AcquireCredentialsHandleW(nullptr, const_cast<LPWSTR>(WDIGEST_SP_NAME_W), SECPKG_CRED_OUTBOUND, nullptr, &auth_data, nullptr, nullptr, &clientCredHandle, &lifetime);
if (result != SEC_E_OK)
{
return EXIT_FAILURE;
}
SecBuffer challengeResponseInBuffers[4];
// token
challengeResponseInBuffers[0].BufferType = SECBUFFER_TOKEN;
challengeResponseInBuffers[0].cbBuffer = challenge.size();
challengeResponseInBuffers[0].pvBuffer = const_cast<void*>(static_cast<void const*>(challenge.data()));
// method
challengeResponseInBuffers[1].BufferType = SECBUFFER_PKG_PARAMS;
challengeResponseInBuffers[1].cbBuffer = client_method.size();
challengeResponseInBuffers[1].pvBuffer = const_cast<void*>(static_cast<void const*>(client_method.data()));
// body hash
challengeResponseInBuffers[2].BufferType = SECBUFFER_PKG_PARAMS;
challengeResponseInBuffers[2].cbBuffer = 0;
challengeResponseInBuffers[2].pvBuffer = nullptr;
// target
challengeResponseInBuffers[3].BufferType = SECBUFFER_STREAM;
challengeResponseInBuffers[3].cbBuffer = client_target.size() * sizeof(wchar_t);
challengeResponseInBuffers[3].pvBuffer = const_cast<void*>(static_cast<void const*>(client_target.data()));
SecBufferDesc challengeResponseInBufferDesc;
challengeResponseInBufferDesc.ulVersion = 0;
challengeResponseInBufferDesc.cBuffers = 4;
challengeResponseInBufferDesc.pBuffers = challengeResponseInBuffers;
std::string challengeResponse;
challengeResponse.resize(package_info->cbMaxToken);
SecBuffer challengeResponseOutBuffer;
challengeResponseOutBuffer.BufferType = SECBUFFER_TOKEN;
challengeResponseOutBuffer.cbBuffer = challengeResponse.size();
challengeResponseOutBuffer.pvBuffer = const_cast<void*>(static_cast<void const*>(challengeResponse.data()));
SecBufferDesc challengeResponseOutBufferDesc;
challengeResponseOutBufferDesc.ulVersion = 0;
challengeResponseOutBufferDesc.cBuffers = 1;
challengeResponseOutBufferDesc.pBuffers = &challengeResponseOutBuffer;
CtxtHandle clientContextHandle;
result = InitializeSecurityContextW(&clientCredHandle, nullptr, const_cast<SEC_WCHAR*>(client_uri.c_str()), 0, 0, SECURITY_NETWORK_DREP, &challengeResponseInBufferDesc, 0, &clientContextHandle, &challengeResponseOutBufferDesc, &outContextAttributes, &lifetime);
if(result != SEC_E_OK)
{
return EXIT_FAILURE;
}
challengeResponse.resize(challengeResponseOutBuffer.cbBuffer);
std::cout << "Challenge Response: [" << challengeResponse << "]\n";
// server verify challenge response
SecBuffer verifyChallengeResponseInBuffers[5];
// token
verifyChallengeResponseInBuffers[0].BufferType = SECBUFFER_TOKEN;
verifyChallengeResponseInBuffers[0].cbBuffer = challengeResponse.size();
verifyChallengeResponseInBuffers[0].pvBuffer = const_cast<void*>(static_cast<void const*>(challengeResponse.data()));
// method
verifyChallengeResponseInBuffers[1].BufferType = SECBUFFER_PKG_PARAMS;
verifyChallengeResponseInBuffers[1].cbBuffer = client_method.size();
verifyChallengeResponseInBuffers[1].pvBuffer = const_cast<void*>(static_cast<void const*>(client_method.data()));
// uri
verifyChallengeResponseInBuffers[2].BufferType = SECBUFFER_PKG_PARAMS;
verifyChallengeResponseInBuffers[2].cbBuffer = client_uri_utf8.size();
verifyChallengeResponseInBuffers[2].pvBuffer = const_cast<void*>(static_cast<void const*>(client_uri_utf8.data()));
// body hash
verifyChallengeResponseInBuffers[3].BufferType = SECBUFFER_PKG_PARAMS;
verifyChallengeResponseInBuffers[3].cbBuffer = 0;
verifyChallengeResponseInBuffers[3].pvBuffer = nullptr;
// realm
verifyChallengeResponseInBuffers[4].BufferType = SECBUFFER_PKG_PARAMS;
verifyChallengeResponseInBuffers[4].cbBuffer = realm.size() * sizeof(wchar_t);
verifyChallengeResponseInBuffers[4].pvBuffer = const_cast<void*>(static_cast<void const*>(realm.c_str()));
SecBufferDesc verifyChallengeResponseInBufferDesc;
verifyChallengeResponseInBufferDesc.ulVersion = 0;
verifyChallengeResponseInBufferDesc.cBuffers = 5;
verifyChallengeResponseInBufferDesc.pBuffers = verifyChallengeResponseInBuffers;
std::string verifyChallengeResponse;
verifyChallengeResponse.resize(package_info->cbMaxToken);
SecBuffer verifyChallengeResponseOutBuffer;
challengeOutBuffer.BufferType = SECBUFFER_TOKEN;
challengeOutBuffer.cbBuffer = verifyChallengeResponse.size();
challengeOutBuffer.pvBuffer = const_cast<void*>(static_cast<void const*>(verifyChallengeResponse.data()));
SecBufferDesc verifyChallengeResponseOutBufferDesc;
verifyChallengeResponseOutBufferDesc.ulVersion = 0;
verifyChallengeResponseOutBufferDesc.cBuffers = 1;
verifyChallengeResponseOutBufferDesc.pBuffers = &verifyChallengeResponseOutBuffer;
result = AcceptSecurityContext(&serverCredHandle, &serverContextHandle, &verifyChallengeResponseInBufferDesc, 0, SECURITY_NETWORK_DREP, &serverContextHandle, &verifyChallengeResponseOutBufferDesc, &outContextAttributes, &lifetime);
if (result != SEC_I_COMPLETE_NEEDED)
{
std::cout << "Challenge Response Verification Failed with [0x" << std::hex << result << "]";
return EXIT_FAILURE;
}
std::cout << "Challenge Response Verified";
return EXIT_SUCCESS;
}
我得到的输出是:
挑战: [QOP = “AUTH”,算法MD5 =-sess,则随机数= “+升级+ v1db70e06e6d35dfd59df6fcd8d3cf7f7671d23e810144d5012972e89ccadaa398f05e8d5ab7a9c0eb3d52b00f4446530312ac45e30f4ac02c”,字符集= UTF-8,境界= “境界”] P>
挑战回应: [用户名= “”,境界= “域”,随机数= “+升级+ v1db70e06e6d35dfd59df6fcd8d3cf7f7671d23e810144d5012972e89ccadaa398f05e8d5ab7a9c0eb3d52b00f4446530312ac45e30f4ac02c”,URI = “/”,cnonce = “+升级+ v15c1d89757bd55776df6e2788dcdca9220f6aa1af03856d237a0e37a8136b5a44”,NC = 00000001,算法= MD5-sess,则响应=“ee315ddeed6f2d3d68b6cafff9f7d52e ",qop="auth",charset=utf-8,hashed-dirs="service-name,channel-binding",service-name="",channel-binding="000000000000000000000000000000000"]
质询响应验证失败并显示 [0x80090308]
我尝试改变质询/质询响应和验证部分的输入,但没有实际结果。
MSDN 文档似乎没有太多帮助,我对这个摘要 API 的大部分见解都来自此处的 .net 参考源: https://referencesource.microsoft.com/#System/net/System/Net/_NTAuthentication.cs
有人知道我做错了什么吗?
更新:
对于下面答案中的示例应用程序,我的机器输出 UseLogonCredential 设置为“1”(尽管我用它测试了“1”和“0”,输出完全相同)我得到以下输出:
Capabilities: 0x800304
wVersion: 0x1
Max Token Size: 0x1000
SERVER: AcquireCredentialsHandle SUCCESS
CLIENT: AcquireCredentialsHandle SUCCESS
CLIENT: InitializeSecurityContext: SEC_I__CONTINUE_NEEDED
SERVER: AcceptSecurityContext: SEC_I__CONTINUE_NEEDED
CLIENT: InitializeSecurityContext: SEC_I_CONTINUE_NEEDED
AcceptSecurityContext SUCCESS
InitializeSecurityContext (2) failed with 0x8009030A
这对我来说看起来像是在工作,但我不明白为什么你仍然需要最后一个客户端 InitializeSecurityContext ,因为服务器端已经验证了它?
我也可以取出第一个“CLIENT:InitializeSecurityContext”,因为它不需要并返回一个“空白”令牌,如果删除它仍然可以正常工作。
我无法继续使用客户端的当前用户凭据,我必须提供具有有效凭据的 SEC_WINNT_AUTH_IDENTITY。这有什么原因吗?
【问题讨论】: