我试图在未加入域的计算机上验证用户的Windows凭据。看起来应该可以使用SSPI API,但我一直无法使它工作。不同域上的Windows用户凭据验证
我包含了我一直在尝试的代码(为简洁起见省略了资源清理)。这是信息的重要棋子:
域控制器: control.dundermifflin.com
域: DUNDERMIFFLIN
用户: jim_halpert
通行证:比斯利
(I” m在有空隙的网络上进行测试,因此与真正的dundermifflin.com没有任何DNS冲突。)
我得到的错误是SEC_E_LOGON_DENIED。我确信用户名和密码是正确的,因为我可以与其他应用程序一起登录该用户。任何人都可以将我指向正确的方向吗?
#include <Windows.h>
#define SECURITY_WIN32
#include <Security.h>
#include <crtdbg.h>
#pragma comment(lib, "Secur32.lib")
int main()
{
SEC_CHAR* principal = "HOST/control.dundermifflin.com";
SEC_CHAR* spn = NULL;
SEC_CHAR* domain = "DUNDERMIFFLIN";
SEC_CHAR* user = "jim_halpert";
SEC_CHAR* pass = "beesly";
/////////////////////////////////////////////
// Fill out the authentication information //
/////////////////////////////////////////////
SEC_WINNT_AUTH_IDENTITY auth;
auth.Domain = reinterpret_cast<unsigned char*>(domain);
auth.DomainLength = strlen(domain);
auth.User = reinterpret_cast<unsigned char*>(user);
auth.UserLength = strlen(user);
auth.Password = reinterpret_cast<unsigned char*>(pass);
auth.PasswordLength = strlen(pass);
auth.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
////////////////////////////////////////////
// Allocate the client and server buffers //
////////////////////////////////////////////
char clientOutBufferData[8192];
char serverOutBufferData[8192];
SecBuffer clientOutBuffer;
SecBufferDesc clientOutBufferDesc;
SecBuffer serverOutBuffer;
SecBufferDesc serverOutBufferDesc;
///////////////////////////////////////////
// Get the client and server credentials //
///////////////////////////////////////////
CredHandle clientCredentials;
CredHandle serverCredentials;
SECURITY_STATUS status;
status = ::AcquireCredentialsHandle(principal,
"Negotiate",
SECPKG_CRED_OUTBOUND,
NULL,
&auth,
NULL,
NULL,
&clientCredentials,
NULL);
_ASSERT(status == SEC_E_OK);
status = ::AcquireCredentialsHandle(principal,
"Negotiate",
SECPKG_CRED_INBOUND,
NULL,
NULL,
NULL,
NULL,
&serverCredentials,
NULL);
_ASSERT(status == SEC_E_OK);
//////////////////////////////////////
// Initialize the security contexts //
//////////////////////////////////////
CtxtHandle clientContext = {};
unsigned long clientContextAttr = 0;
CtxtHandle serverContext = {};
unsigned long serverContextAttr = 0;
/////////////////////////////
// Clear the client buffer //
/////////////////////////////
clientOutBuffer.BufferType = SECBUFFER_TOKEN;
clientOutBuffer.cbBuffer = sizeof clientOutBufferData;
clientOutBuffer.pvBuffer = clientOutBufferData;
clientOutBufferDesc.cBuffers = 1;
clientOutBufferDesc.pBuffers = &clientOutBuffer;
clientOutBufferDesc.ulVersion = SECBUFFER_VERSION;
///////////////////////////////////
// Initialize the client context //
///////////////////////////////////
status = InitializeSecurityContext(&clientCredentials,
NULL,
spn,
0,
0,
SECURITY_NATIVE_DREP,
NULL,
0,
&clientContext,
&clientOutBufferDesc,
&clientContextAttr,
NULL);
_ASSERT(status == SEC_I_CONTINUE_NEEDED);
/////////////////////////////
// Clear the server buffer //
/////////////////////////////
serverOutBuffer.BufferType = SECBUFFER_TOKEN;
serverOutBuffer.cbBuffer = sizeof serverOutBufferData;
serverOutBuffer.pvBuffer = serverOutBufferData;
serverOutBufferDesc.cBuffers = 1;
serverOutBufferDesc.pBuffers = &serverOutBuffer;
serverOutBufferDesc.ulVersion = SECBUFFER_VERSION;
//////////////////////////////////////////////////////
// Accept the client security context on the server //
//////////////////////////////////////////////////////
status = AcceptSecurityContext(&serverCredentials,
NULL,
&clientOutBufferDesc,
0,
SECURITY_NATIVE_DREP,
&serverContext,
&serverOutBufferDesc,
&serverContextAttr,
NULL);
_ASSERT(status == SEC_I_CONTINUE_NEEDED);
/////////////////////////////
// Clear the client buffer //
/////////////////////////////
clientOutBuffer.BufferType = SECBUFFER_TOKEN;
clientOutBuffer.cbBuffer = sizeof clientOutBufferData;
clientOutBuffer.pvBuffer = clientOutBufferData;
clientOutBufferDesc.cBuffers = 1;
clientOutBufferDesc.pBuffers = &clientOutBuffer;
clientOutBufferDesc.ulVersion = SECBUFFER_VERSION;
///////////////////////////////////////
// Give the client the server buffer //
///////////////////////////////////////
status = InitializeSecurityContext(&clientCredentials,
&clientContext,
spn,
0,
0,
SECURITY_NATIVE_DREP,
&serverOutBufferDesc,
0,
&clientContext,
&clientOutBufferDesc,
&clientContextAttr,
NULL);
_ASSERT(status == SEC_E_OK);
//////////////////////////////////////////////////////
// Accept the client security context on the server //
//////////////////////////////////////////////////////
status = AcceptSecurityContext(&serverCredentials,
&serverContext,
&clientOutBufferDesc,
0,
SECURITY_NATIVE_DREP,
&serverContext,
&serverOutBufferDesc,
&serverContextAttr,
NULL);
_ASSERT(status == SEC_E_LOGON_DENIED);
}
你可能想编辑出安全漏洞的用户名pass ...; – 2009-08-10 22:59:55