Importing SSPI context

---

• From: Kasparov <ganesh.tambat@xxxxxxxxx>
• Date: Mon, 11 Aug 2008 22:41:50 -0700 (PDT)

---

I am new to SSPI and trying out an app that

1) accepts connections from client (NTLM)
2) impersonates the user
3) exports the security context
4) imports the security context
5) uses the imported security context to impersonate again.

First 4 steps are getting executed correctly but on the 5 th step I am
getting invalid handle error. I am not sure whats going wrong here and
the documentation available is very limited. Any pointers are much
appreciated. Please see the code snippet below: (I have pasted only
the SSPI related calls)

*****
/*
Accept security context from client: Start

rc = (pf->QuerySecurityPackageInfo)( "NTLM", &secPackInfo );
rc = (pf->AcquireCredentialsHandle)( NULL, "NTLM",
SECPKG_CRED_INBOUND,
NULL, NULL, NULL, NULL, &cred, &useBefore );

rc = (pf->AcceptSecurityContext)( &cred, haveContext? &srvCtx: NULL,
&ibd, 0, SECURITY_NATIVE_DREP, &srvCtx, &obd, &ctxAttr,
&useBefore );


if ( rc == SEC_I_COMPLETE_AND_CONTINUE || rc ==
SEC_I_COMPLETE_NEEDED )
{
if ( pf->CompleteAuthToken != NULL ) // only if implemented
(pf->CompleteAuthToken)( &srvCtx, &obd );
if ( rc == SEC_I_COMPLETE_NEEDED )
rc = SEC_E_OK;
else if ( rc == SEC_I_COMPLETE_AND_CONTINUE )
rc = SEC_I_CONTINUE_NEEDED;
}

Accept security context from client: End
*/

PSecBuffer pPackedContext;
rc = (pf->ImpersonateSecurityContext)( &srvCtx );
(pf->RevertSecurityContext)( &srvCtx );

rc = (pf->ExportSecurityContext)((PCtxtHandle)&srvCtx,
SECPKG_CONTEXT_EXPORT_RESET_NEW | SECPKG_CONTEXT_EXPORT_DELETE_OLD,
pPackedContext, 0);

(pf->FreeContextBuffer)( secPackInfo );

CtxtHandle srvCtxGanesh;

rc = (pf->ImportSecurityContext)("NTLM", pPackedContext, 0,
&srvCtxGanesh);

rc = (pf->ImpersonateSecurityContext)( &srvCtxGanesh );

*****






.

---

• Follow-Ups:
  • Re: Importing SSPI context
    • From: Kasparov

• Prev by Date: CryptVerifySignature fails with error NTE_BAD_SIGNATURE
• Next by Date: Re: Importing SSPI context
• Previous by thread: CryptVerifySignature fails with error NTE_BAD_SIGNATURE
• Next by thread: Re: Importing SSPI context
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Using SSPI in a client/server environment ... Are you truly saying that the client code calls AcceptSecurityContext? ... this data up and sends it to the server. ... I tried keeping the security context handle for the server and restoring it ... (microsoft.public.platformsdk.security) How can network share be accessed in IOCP ... A NT service program runs in localsystem security context and this ... service program services clients through the IOCP model. ... thread can impersonate a client, how can the dispatched overlapped i/o ... (microsoft.public.win32.programmer.kernel) Re: SMS Admin Console in Windows Vista ... establish a security context with the client" I can use the SMS ... Management Console without any problems. ... (microsoft.public.sms.admin) RE: SE_ASSIGNPRIMARYTOKEN_NAME ... you have a server application and want it to create a client process by impersonating the client. ... 1>Start the impersonation by using an impersonation function, ... 4>Use the primary token in a call to the CreateProcessAsUser function to create a process in the client's security context. ... (microsoft.public.platformsdk.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.platformsdk.security  > 2008-08