c++kerberossspi

how to configure the AcquireCredentialsHandleA correctly


I am trying to set up a windows SSPI program to read authenticate the current user (https://learn.microsoft.com/en-us/windows/win32/api/sspi/nf-sspi-acquirecredentialshandlea).

Strangely it is not working and giving me an error.

//ERROR DETAILS
// MessageId: SEC_E_INVALID_TOKEN
//
// MessageText:
//
// The token supplied to the function is invalid
//
#define SEC_E_INVALID_TOKEN HRESULT_TYPEDEF(0x80090308L)

The code I came up with is as follows.

    // Create an SSPI credential.
    Status = g_pSSPI->AcquireCredentialsHandleA(
    pN,                   // Name of principal          
    ppPackageInfo[2].Name,//sec_package_name.c_str,         
    SECPKG_CRED_OUTBOUND, // Flags indicating use
    NULL,                 // Pointer to logon ID
    cred_ptr,            // Package specific data
    NULL,                 // Pointer to GetKey() func
    NULL,                 // Value to pass to GetKey()
    phCreds,              // (out) Cred Handle
    &tsExpiry             // (out) Lifetime (optional)
);  

I am failing to understand how to give the details of the credentials here. I want to use kerberos here.

The cred_ptr is suppose to be a pointer to https://learn.microsoft.com/en-us/windows/win32/api/credssp/ns-credssp-credssp_cred But the MSDN just says

pSpnegoCred

A pointer to a set of Negotiate credentials.

How do I exactly fill it in?? Does anyone have a better understanding of this?

Thank you for your time.


Solution

  • If using the kerberos provider you pass a SEC_WINNT_AUTH_IDENTITY, not a CREDSSP_CRED.

    Take a look at AcquireCredentialsHandle (Kerberos), the page you were looking at is for the CredSSP but does not make that clear.