How to extract Kerberos token from the output buffer of windows SSPI API?

Vishnu Gopalakrishnan 126 Reputation points
2021-09-02T04:13:22.58+00:00

We have implemented Kerberos using Windows SSPI. The authentication was successful.
We want to store the Kerberos token for the future use.
How could we extract the token from the SecBufferDesc returned by the InitializeSecurityContext?
Also, how to check the token is correct or not?

bool bHaveCtxtHandle = false;
CtxtHandle contextHandle = { 0 };
SecBufferDesc outSecBufDesc;
SecBuffer outSecBuf;
SecBufferDesc inSecBufDesc;
ULONG ContextAttributes = 0U;
PBYTE pOutBuf = new BYTE[pkgInfo->cbMaxToken];
outSecBufDesc.ulVersion = 0;
outSecBufDesc.cBuffers = 1;
outSecBufDesc.pBuffers = &outSecBuf;
outSecBuf.cbBuffer = pkgInfo->cbMaxToken;
outSecBuf.BufferType = SECBUFFER_TOKEN;
outSecBuf.pvBuffer = pOutBuf;
lSecStatus = InitializeSecurityContext(&stCredHandle,
bHaveCtxtHandle ? &contextHandle : NULL,
pcPrincipalName,
ISC_REQ_USE_SUPPLIED_CREDS,
0,
SECURITY_NATIVE_DREP,
bHaveCtxtHandle ? &inSecBufDesc : NULL,
0,
&contextHandle,
&outSecBufDesc,
&ContextAttributes,
&SecurityContextLifetime);

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,476 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Xiaopo Yang - MSFT 11,746 Reputation points Microsoft Vendor
    2021-09-02T06:35:27.66+00:00