1

Can someone help me with a simple example on how to authenticate against a java sasl server a windows C++ client with windows API: I mean using AcquireCredentialsHandle, InitializeSecurityContext...

The best result I got at the moment is with this configuration:

set(&credentials, "username", "password", "domain");
ss= AcquireCredentialsHandle(NULL, "WDigest", SECPKG_CRED_OUTBOUND, NULL      
                            , &credentials, NULL, NULL, &hCred, &tsExpiry);
OutBuffers[0].pvBuffer = NULL;
OutBuffers[0].BufferType = SECBUFFER_TOKEN;
OutBuffers[0].cbBuffer = 0;
OutBuffer.cBuffers = 1;
OutBuffer.pBuffers = OutBuffers;
OutBuffer.ulVersion = SECBUFFER_VERSION;
scRet = InitializeSecurityContext(&hCred, NULL, "server", ISC_REQ_ALLOCATE_MEMORY
                                 , 0, SECURITY_NATIVE_DREP, NULL, 0, hContext
                                 , &OutBuffer, &dwSSPIOutFlags, &tsExpiry);

ss result is OK, and scRet is SEC_I_CONTINUE_NEEDED, but the outBuffers[0] is empty so I have nothing to send to the server to continue the authentication procedure.

rigazilla
  • 131
  • 1
  • 1
  • 8
  • 1
    you confuse *digest* with *schannel* (where client in first call use 0 as input buffer). in *digest* visa versa - first server call [AcceptSecurityContext](https://technet.microsoft.com/en-us/library/aa374600.aspx) and client than call [InitializeSecurityContext](https://technet.microsoft.com/en-us/library/aa375505.aspx) and input buffer must be not empty, but [this](https://msdn.microsoft.com/en-us/library/windows/desktop/aa376104(v=vs.85).aspx) – RbMm Mar 31 '17 at 21:14
  • Thanks @RbMm! Your comment really helped me. I've fixed my digest procedure this way: – rigazilla Apr 04 '17 at 08:19
  • 1 ask the server for the challenge 2 fill the SECBUFFER_TOKEN with the server response and call InitializeSecurityContext 3 send the OutBuff to the server 4 loop to 2 until authentication completes – rigazilla Apr 04 '17 at 08:29

0 Answers0