I managed to get this working by bastardizing Win32::IntAuth
(which I believe has a bug in it). Essentially I wasn't holding the partial context created during the creation of the Type 2 token, this and the fact that there was an error in Win32::IntAuth
:
my $buf_size = 4096;
my $sec_inbuf = pack("L L P$buf_size", $buf_size, SECBUFFER_TOKEN, $token);
This was causing a token error as it wasn't the correct length of the token, therefore:
my $sec_inbuf = pack("L L P" . length($token), length($token), SECBUFFER_TOKEN, $token);
Produced the correct results.
The previous code was changed to:
...
sub handleType1 {
my $response = shift();
my $message = shift();
print "handleType1 - |", ${$message}, "|\n";
my $challenge = acceptSecurityContext(${$message});
${$response}->status(401);
${$response}->header("WWW-Authenticate" => "NTLM " . $challenge);
}
...
sub handleType3 {
my $response = shift();
my $message = shift();
print "handleType3 - ", ${$message}, "\n";
if (acceptSecurityContext(${$message})) {
${$response}->status(200);
} else {
${$response}->status(401);
}
}
...
acceptSecurityContext is a function that follows this pseudoish code:
credentials = Win32->AcquireCredentialsHandle(...)
challenge = Win32->AcceptSecurityContext(credentials, token, globalCtx ? globalCtx : 0, ...)