diff --git a/winpr/sspi/CredSSP/credssp.c b/winpr/sspi/CredSSP/credssp.c index 51e0d1f04..62b67104c 100644 --- a/winpr/sspi/CredSSP/credssp.c +++ b/winpr/sspi/CredSSP/credssp.c @@ -84,13 +84,15 @@ void credssp_SetContextIdentity(rdpCredssp* context, char* user, char* domain, c context->identity.UserLength = strlen(user) * 2; context->identity.User = (uint16*) malloc(context->identity.UserLength); - MultiByteToWideChar(CP_ACP, 0, user, strlen(user), (LPWSTR) context->identity.User, context->identity.UserLength / 2); + MultiByteToWideChar(CP_ACP, 0, user, strlen(user), + (LPWSTR) context->identity.User, context->identity.UserLength / 2); if (domain) { - context->identity.DomainLength = strlen(user) * 2; + context->identity.DomainLength = strlen(domain) * 2; context->identity.Domain = (uint16*) malloc(context->identity.DomainLength); - MultiByteToWideChar(CP_ACP, 0, user, strlen(user), (LPWSTR) context->identity.Domain, context->identity.DomainLength / 2); + MultiByteToWideChar(CP_ACP, 0, domain, strlen(domain), + (LPWSTR) context->identity.Domain, context->identity.DomainLength / 2); } else { @@ -100,7 +102,8 @@ void credssp_SetContextIdentity(rdpCredssp* context, char* user, char* domain, c context->identity.PasswordLength = strlen(password) * 2; context->identity.Password = (uint16*) malloc(context->identity.PasswordLength); - MultiByteToWideChar(CP_ACP, 0, password, strlen(password), (LPWSTR) context->identity.Password, context->identity.PasswordLength / 2); + MultiByteToWideChar(CP_ACP, 0, password, strlen(password), + (LPWSTR) context->identity.Password, context->identity.PasswordLength / 2); } /** diff --git a/winpr/sspi/Kerberos/kerberos.c b/winpr/sspi/Kerberos/kerberos.c index ae9a67f56..d42149e23 100644 --- a/winpr/sspi/Kerberos/kerberos.c +++ b/winpr/sspi/Kerberos/kerberos.c @@ -37,6 +37,7 @@ #include "kerberos_encode.h" #include "kerberos_decode.h" +#include #include #include @@ -301,8 +302,8 @@ void kerberos_ContextFree(KRB_CONTEXT* krb_ctx) free(krb_ctx->tgskey); } - krb_free_ticket(&(krb_ctx->asticket)); - krb_free_ticket(&(krb_ctx->tgsticket)); + kerberos_free_ticket(&(krb_ctx->asticket)); + kerberos_free_ticket(&(krb_ctx->tgsticket)); krb_ctx->state = KRB_STATE_FINAL; } } @@ -379,49 +380,54 @@ SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA(PCredHandle phCre void krb_SetContextIdentity(KRB_CONTEXT* context, SEC_WINNT_AUTH_IDENTITY* identity) { - size_t size; - /* TEMPORARY workaround for utf8 TODO: UTF16 to utf8 */ - identity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; context->identity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI) { - context->identity.User = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->User, &size); - context->identity.UserLength = (uint32) size; + context->identity.UserLength = strlen((char*) identity->User) * 2; + context->identity.User = (UINT16*) malloc(context->identity.UserLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->User, strlen((char*) identity->User), + (LPWSTR) context->identity.User, context->identity.UserLength / 2); if (identity->DomainLength > 0) { - context->identity.Domain = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Domain, &size); - context->identity.DomainLength = (uint32) size; + context->identity.DomainLength = strlen((char*) identity->Domain) * 2; + context->identity.Domain = (UINT16*) malloc(context->identity.DomainLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->Domain, strlen((char*) identity->Domain), + (LPWSTR) context->identity.Domain, context->identity.DomainLength / 2); } else { - context->identity.Domain = (uint16*) NULL; + context->identity.Domain = (UINT16*) NULL; context->identity.DomainLength = 0; } - context->identity.Password = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Password, &size); - context->identity.PasswordLength = (uint32) size; + context->identity.PasswordLength = strlen((char*) identity->Password) * 2; + context->identity.Password = (UINT16*) malloc(context->identity.PasswordLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->Password, strlen((char*) identity->Password), + (LPWSTR) context->identity.Password, context->identity.PasswordLength / 2); } else { - context->identity.User = (uint16*) xzalloc(identity->UserLength + 1); + context->identity.User = (UINT16*) malloc(identity->UserLength); memcpy(context->identity.User, identity->User, identity->UserLength); + context->identity.UserLength = identity->UserLength; if (identity->DomainLength > 0) { - context->identity.Domain = (uint16*) malloc(identity->DomainLength); + context->identity.Domain = (UINT16*) malloc(identity->DomainLength); memcpy(context->identity.Domain, identity->Domain, identity->DomainLength); + context->identity.DomainLength = identity->DomainLength; } else { - context->identity.Domain = (uint16*) NULL; + context->identity.Domain = (UINT16*) NULL; context->identity.DomainLength = 0; } - context->identity.Password = (uint16*) xzalloc(identity->PasswordLength + 1); + context->identity.Password = (UINT16*) malloc(identity->PasswordLength); memcpy(context->identity.Password, identity->Password, identity->PasswordLength); - identity->Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; + context->identity.PasswordLength = identity->PasswordLength; } } @@ -518,7 +524,11 @@ PCtxtHandle krbctx_client_init(rdpSettings* settings, SEC_WINNT_AUTH_IDENTITY* i krb_ctx->realm = xstrtoup(settings->kerberos_realm); krb_ctx->cname = xstrdup((char*)krb_ctx->identity.User); krb_ctx->settings = settings; - krb_ctx->passwd.data = freerdp_uniconv_out(krb_ctx->uniconv, (char*) krb_ctx->identity.Password, (size_t*) &(krb_ctx->passwd.length)); + + krb_ctx->passwd.length = strlen((char*) krb_ctx->identity.Password) * 2; + krb_ctx->passwd.data = (uint16*) malloc(krb_ctx->passwd.length); + MultiByteToWideChar(CP_ACP, 0, (char*) krb_ctx->identity.Password, strlen((char*) krb_ctx->identity.Password), + (LPWSTR) krb_ctx->passwd.data, krb_ctx->passwd.length / 2); fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE; @@ -643,7 +653,7 @@ void krb_asreq_send(KRB_CONTEXT* krb_ctx, uint8 errcode) freerdp_blob_free(&msg); stream_free(s); stream_free(paenc); - krb_free_asreq(krb_asreq); + kerberos_free_asreq(krb_asreq); free(krb_asreq); } @@ -731,7 +741,7 @@ int krb_asrep_recv(KRB_CONTEXT* krb_ctx) krb_ctx->state = KRB_PACKET_ERROR; /* clean up */ - krb_free_asrep(krb_asrep); + kerberos_free_asrep(krb_asrep); free(krb_asrep); goto finish; } @@ -820,7 +830,7 @@ void krb_tgsreq_send(KRB_CONTEXT* krb_ctx, uint8 errcode) freerdp_blob_free(krb_auth->cksum); free(krb_auth->cksum); free(krb_auth); - krb_free_tgsreq(krb_tgsreq); + kerberos_free_tgsreq(krb_tgsreq); free(krb_tgsreq); stream_free(sapreq); stream_free(s); @@ -866,7 +876,7 @@ int krb_tgsrep_recv(KRB_CONTEXT* krb_ctx) krb_ctx->state = KRB_PACKET_ERROR; /* clean up */ - krb_free_tgsrep(krb_tgsrep); + kerberos_free_tgsrep(krb_tgsrep); free(krb_tgsrep); goto finish; } @@ -923,7 +933,7 @@ int krb_verify_kdcrep(KRB_CONTEXT* krb_ctx, KrbKDCREP* kdc_rep, int msgtype) /* Verify KDC-REP-PART */ if(reppart->nonce != krb_ctx->nonce || strcasecmp(reppart->realm, krb_ctx->realm) || strcasecmp(reppart->sname, krb_ctx->sname)) { - krb_free_reppart(reppart); + kerberos_free_reppart(reppart); free(reppart); krb_ctx->state = KRB_PACKET_ERROR; return -1; @@ -934,7 +944,7 @@ int krb_verify_kdcrep(KRB_CONTEXT* krb_ctx, KrbKDCREP* kdc_rep, int msgtype) krb_save_ticket(krb_ctx, kdc_rep); freerdp_blob_copy(&(key->skey), &(reppart->key.skey)); key->enctype = reppart->key.enctype; - krb_free_reppart(reppart); + kerberos_free_reppart(reppart); free(reppart); return 0; } @@ -1070,7 +1080,7 @@ KrbTGSREQ* krb_tgsreq_new(KRB_CONTEXT* krb_ctx, uint8 errcode) return krb_tgsreq; } -void krb_free_ticket(Ticket* ticket) +void kerberos_free_ticket(Ticket* ticket) { if (ticket != NULL) { @@ -1081,7 +1091,7 @@ void krb_free_ticket(Ticket* ticket) } } -void krb_free_padata(PAData** padata) +void kerberos_free_padata(PAData** padata) { PAData** lpa_data; lpa_data = padata; @@ -1095,20 +1105,20 @@ void krb_free_padata(PAData** padata) } } -void krb_free_kdcrep(KrbKDCREP* kdc_rep) +void kerberos_free_kdcrep(KrbKDCREP* kdc_rep) { if(kdc_rep != NULL) { - krb_free_padata(kdc_rep->padata); + kerberos_free_padata(kdc_rep->padata); free(kdc_rep->cname); free(kdc_rep->realm); - krb_free_ticket(&(kdc_rep->etgt)); + kerberos_free_ticket(&(kdc_rep->etgt)); freerdp_blob_free(&(kdc_rep->enc_part.encblob)); kdc_rep->enc_part.encblob.data = NULL; } } -void krb_free_reppart(ENCKDCREPPart* reppart) +void kerberos_free_reppart(ENCKDCREPPart* reppart) { if(reppart != NULL) { @@ -1118,7 +1128,7 @@ void krb_free_reppart(ENCKDCREPPart* reppart) } } -void krb_free_req_body(KDCReqBody* req_body) +void kerberos_free_req_body(KDCReqBody* req_body) { if(req_body != NULL) { @@ -1131,37 +1141,37 @@ void krb_free_req_body(KDCReqBody* req_body) } } -void krb_free_asreq(KrbASREQ* krb_asreq) +void kerberos_free_asreq(KrbASREQ* krb_asreq) { if(krb_asreq != NULL) { - krb_free_padata(krb_asreq->padata); - krb_free_req_body(&(krb_asreq->req_body)); + kerberos_free_padata(krb_asreq->padata); + kerberos_free_req_body(&(krb_asreq->req_body)); } } -void krb_free_asrep(KrbASREP* krb_asrep) +void kerberos_free_asrep(KrbASREP* krb_asrep) { if(krb_asrep != NULL) { - krb_free_kdcrep(&(krb_asrep->kdc_rep)); + kerberos_free_kdcrep(&(krb_asrep->kdc_rep)); } } -void krb_free_tgsreq(KrbTGSREQ* krb_tgsreq) +void kerberos_free_tgsreq(KrbTGSREQ* krb_tgsreq) { if(krb_tgsreq != NULL) { - krb_free_padata(krb_tgsreq->padata); - krb_free_req_body(&(krb_tgsreq->req_body)); + kerberos_free_padata(krb_tgsreq->padata); + kerberos_free_req_body(&(krb_tgsreq->req_body)); } } -void krb_free_tgsrep(KrbTGSREP* krb_tgsrep) +void kerberos_free_tgsrep(KrbTGSREP* krb_tgsrep) { if (krb_tgsrep != NULL) { - krb_free_kdcrep(&(krb_tgsrep->kdc_rep)); + kerberos_free_kdcrep(&(krb_tgsrep->kdc_rep)); } } diff --git a/winpr/sspi/Kerberos/kerberos.h b/winpr/sspi/Kerberos/kerberos.h index d142df95b..831e24dcb 100644 --- a/winpr/sspi/Kerberos/kerberos.h +++ b/winpr/sspi/Kerberos/kerberos.h @@ -40,13 +40,13 @@ #include #include -#define MSKRB_OID "1.2.840.48018.1.2.2" -#define STDKRB_OID "1.2.840.113554.1.2.2" +#define MSKRB_OID "1.2.840.48018.1.2.2" +#define STDKRB_OID "1.2.840.113554.1.2.2" -#define SERVICE "_kerberos." -#define KRB_VERSION 5 -#define KRB_SERVER "krbtgt/" -#define APP_SERVER "TERMSRV/" +#define SERVICE "_kerberos." +#define KRB_VERSION 5 +#define KRB_SERVER "krbtgt/" +#define APP_SERVER "TERMSRV/" #define KRB_NAME_PRINCIPAL 1 #define KRB_NAME_SERVICE 2 @@ -59,17 +59,17 @@ #define KRB_TAG_APREQ 14 #define KRB_TAG_APREP 15 #define KRB_TAG_ERROR 30 -#define KRB_TAG_U2UTGTREQ 16 -#define KRB_TAG_U2UTGTREP 16 +#define KRB_TAG_U2UTGTREQ 16 +#define KRB_TAG_U2UTGTREP 16 #define NAME_TYPE_PRINCIPAL 1 #define NAME_TYPE_SERVICE 2 /* KRB ERROR */ -#define KDC_ERR_PREAUTH_FAILED 24 +#define KDC_ERR_PREAUTH_FAILED 24 #define KDC_ERR_PREAUTH_REQ 25 #define KRB_AP_ERR_SKEW 37 -#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 +#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6 #define PA_ENCTYPE_INFO 11 #define PA_ENCTYPE_INFO2 19 @@ -77,12 +77,12 @@ /* ENCRYPTION TYPE */ #define ETYPE_DES_CBC_CRC 1 #define ETYPE_DES_CBC_MD5 3 -#define ETYPE_AES128_CTS_HMAC 17 -#define ETYPE_AES256_CTS_HMAC 18 +#define ETYPE_AES128_CTS_HMAC 17 +#define ETYPE_AES256_CTS_HMAC 18 #define ETYPE_RC4_HMAC 23 /* CHECKSUM TYPE */ -#define KRB_CKSUM_HMAC_MD5 -138 +#define KRB_CKSUM_HMAC_MD5 -138 /* AD TYPE */ #define AD_IF_RELEVANT 1 @@ -214,7 +214,7 @@ struct _KRB_AS_REQ { int pvno; int type; - boolean pa_pac_request; + boolean pa_pac_request; PAData** padata; KDCReqBody req_body; }; @@ -224,7 +224,7 @@ struct _KRB_TGS_REQ { int pvno; int type; - boolean pa_pac_request; + boolean pa_pac_request; PAData** padata; KDCReqBody req_body; }; @@ -293,7 +293,6 @@ struct _KRB_CONTEXT char* realm; char* sname; char* hostname; - SEC_WINNT_AUTH_IDENTITY identity; rdpBlob passwd; sint32 enctype; time_t clockskew; @@ -305,6 +304,7 @@ struct _KRB_CONTEXT KrbENCKey* tgskey; KRBCTX_STATE state; CtxtHandle context; + SEC_WINNT_AUTH_IDENTITY identity; }; typedef struct _KRB_CONTEXT KRB_CONTEXT; @@ -335,16 +335,16 @@ KrbASREQ* krb_asreq_new(KRB_CONTEXT* krb_ctx, uint8 errcode); KrbTGSREQ* krb_tgsreq_new(KRB_CONTEXT* krb_Rss, uint8 errcode); KrbAPREQ* krb_apreq_new(KRB_CONTEXT* krb_ctx, Ticket* ticket, Authenticator* krb_auth); -void krb_ContextFree(KRB_CONTEXT* krb_ctx); -void krb_free_ticket(Ticket* ticket); -void krb_free_padata(PAData** padata); -void krb_free_req_body(KDCReqBody* req_body); -void krb_free_kdcrep(KrbKDCREP* kdc_rep); -void krb_free_reppart(ENCKDCREPPart* reppart); -void krb_free_asreq(KrbASREQ* krb_asreq); -void krb_free_asrep(KrbASREP* krb_asrep); -void krb_free_tgsreq(KrbTGSREQ* krb_tgsreq); -void krb_free_tgsrep(KrbTGSREP* krb_tgsrep); +void kerberos_ContextFree(KRB_CONTEXT* krb_ctx); +void kerberos_free_ticket(Ticket* ticket); +void kerberos_free_padata(PAData** padata); +void kerberos_free_req_body(KDCReqBody* req_body); +void kerberos_free_kdcrep(KrbKDCREP* kdc_rep); +void kerberos_free_reppart(ENCKDCREPPart* reppart); +void kerberos_free_asreq(KrbASREQ* krb_asreq); +void kerberos_free_asrep(KrbASREP* krb_asrep); +void kerberos_free_tgsreq(KrbTGSREQ* krb_tgsreq); +void kerberos_free_tgsrep(KrbTGSREP* krb_tgsrep); void krb_free_krb_error(KrbERROR* krb_err); -#endif /* FREERDP_SSPI_KERBEROS_PRIVATE_H */ +#endif /* WINPR_SSPI_KERBEROS_PRIVATE_H */ diff --git a/winpr/sspi/Kerberos/kerberos_decode.c b/winpr/sspi/Kerberos/kerberos_decode.c index d06854d99..7d1ba226b 100644 --- a/winpr/sspi/Kerberos/kerberos_decode.c +++ b/winpr/sspi/Kerberos/kerberos_decode.c @@ -493,7 +493,7 @@ int krb_decode_ticket(STREAM* s, uint8 tag, Ticket* ticket) err: stream_set_mark(s, bm); - krb_free_ticket(ticket); + kerberos_free_ticket(ticket); return 0; } @@ -571,7 +571,7 @@ int krb_decode_kdc_rep(STREAM* s, KrbKDCREP* kdc_rep, sint32 maxlen) return totlen; err: - krb_free_kdcrep(kdc_rep); + kerberos_free_kdcrep(kdc_rep); return 0; } @@ -785,7 +785,7 @@ ENCKDCREPPart* krb_decode_enc_reppart(rdpBlob* msg, uint8 apptag) stream_free(s) ; return reppart; err: - krb_free_reppart(reppart); + kerberos_free_reppart(reppart); xfree(reppart); stream_detach(s) ; stream_free(s) ; diff --git a/winpr/sspi/NTLM/ntlm.c b/winpr/sspi/NTLM/ntlm.c index 105420e0f..61154239d 100644 --- a/winpr/sspi/NTLM/ntlm.c +++ b/winpr/sspi/NTLM/ntlm.c @@ -36,47 +36,52 @@ char* NTLM_PACKAGE_NAME = "NTLM"; void ntlm_SetContextIdentity(NTLM_CONTEXT* context, SEC_WINNT_AUTH_IDENTITY* identity) { - size_t size; context->identity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI) { - context->identity.User = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->User, &size); - context->identity.UserLength = (uint32) size; + context->identity.UserLength = strlen((char*) identity->User) * 2; + context->identity.User = (UINT16*) malloc(context->identity.UserLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->User, strlen((char*) identity->User), + (LPWSTR) context->identity.User, context->identity.UserLength / 2); if (identity->DomainLength > 0) { - context->identity.Domain = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Domain, &size); - context->identity.DomainLength = (uint32) size; + context->identity.DomainLength = strlen((char*) identity->Domain) * 2; + context->identity.Domain = (UINT16*) malloc(context->identity.DomainLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->Domain, strlen((char*) identity->Domain), + (LPWSTR) context->identity.Domain, context->identity.DomainLength / 2); } else { - context->identity.Domain = (uint16*) NULL; + context->identity.Domain = (UINT16*) NULL; context->identity.DomainLength = 0; } - context->identity.Password = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Password, &size); - context->identity.PasswordLength = (uint32) size; + context->identity.PasswordLength = strlen((char*) identity->Password) * 2; + context->identity.Password = (UINT16*) malloc(context->identity.PasswordLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->Password, strlen((char*) identity->Password), + (LPWSTR) context->identity.Password, context->identity.PasswordLength / 2); } else { - context->identity.User = (uint16*) malloc(identity->UserLength); + context->identity.User = (UINT16*) malloc(identity->UserLength); memcpy(context->identity.User, identity->User, identity->UserLength); context->identity.UserLength = identity->UserLength; if (identity->DomainLength > 0) { - context->identity.Domain = (uint16*) malloc(identity->DomainLength); + context->identity.Domain = (UINT16*) malloc(identity->DomainLength); memcpy(context->identity.Domain, identity->Domain, identity->DomainLength); context->identity.DomainLength = identity->DomainLength; } else { - context->identity.Domain = (uint16*) NULL; + context->identity.Domain = (UINT16*) NULL; context->identity.DomainLength = 0; } - context->identity.Password = (uint16*) malloc(identity->PasswordLength); + context->identity.Password = (UINT16*) malloc(identity->PasswordLength); memcpy(context->identity.Password, identity->Password, identity->PasswordLength); context->identity.PasswordLength = identity->PasswordLength; } @@ -84,16 +89,18 @@ void ntlm_SetContextIdentity(NTLM_CONTEXT* context, SEC_WINNT_AUTH_IDENTITY* ide void ntlm_SetContextWorkstation(NTLM_CONTEXT* context, char* Workstation) { - size_t size; - context->Workstation = (uint16*) freerdp_uniconv_out(context->uniconv, Workstation, &size); - context->WorkstationLength = (uint32) size; + context->WorkstationLength = strlen(Workstation) * 2; + context->Workstation = (UINT16*) malloc(context->WorkstationLength); + MultiByteToWideChar(CP_ACP, 0, Workstation, strlen(Workstation), + (LPWSTR) context->Workstation, context->WorkstationLength / 2); } void ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName) { - size_t size; - context->TargetName.pvBuffer = (uint16*) freerdp_uniconv_out(context->uniconv, TargetName, &size); - context->TargetName.cbBuffer = (uint32) size; + context->TargetName.cbBuffer = strlen(TargetName) * 2; + context->TargetName.pvBuffer = (void*) malloc(context->TargetName.cbBuffer); + MultiByteToWideChar(CP_ACP, 0, TargetName, strlen(TargetName), + (LPWSTR) context->TargetName.pvBuffer, context->TargetName.cbBuffer / 2); } NTLM_CONTEXT* ntlm_ContextNew() @@ -107,7 +114,6 @@ NTLM_CONTEXT* ntlm_ContextNew() context->ntlm_v2 = false; context->NegotiateFlags = 0; context->state = NTLM_STATE_INITIAL; - context->uniconv = freerdp_uniconv_new(); context->av_pairs = (AV_PAIRS*) xzalloc(sizeof(AV_PAIRS)); } @@ -119,7 +125,6 @@ void ntlm_ContextFree(NTLM_CONTEXT* context) if (!context) return; - freerdp_uniconv_free(context->uniconv); crypto_rc4_free(context->SendRc4Seal); crypto_rc4_free(context->RecvRc4Seal); sspi_SecBufferFree(&context->NegotiateMessage); @@ -129,6 +134,7 @@ void ntlm_ContextFree(NTLM_CONTEXT* context) sspi_SecBufferFree(&context->TargetName); sspi_SecBufferFree(&context->NtChallengeResponse); sspi_SecBufferFree(&context->LmChallengeResponse); + free(context->identity.User); free(context->identity.Password); free(context->identity.Domain); @@ -590,7 +596,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, /* RC4-encrypt first 8 bytes of digest */ crypto_rc4(context->SendRc4Seal, 8, digest, checksum); - signature = (uint8*) signature_buffer->pvBuffer; + signature = (BYTE*) signature_buffer->pvBuffer; /* Concatenate version, ciphertext and sequence number to build signature */ memcpy(signature, (void*) &version, 4); @@ -613,11 +619,11 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD int length; void* data; HMAC_CTX hmac; - uint8 digest[16]; - uint8 checksum[8]; - uint32 version = 1; + BYTE digest[16]; + BYTE checksum[8]; + UINT32 version = 1; NTLM_CONTEXT* context; - uint8 expected_signature[16]; + BYTE expected_signature[16]; PSecBuffer data_buffer = NULL; PSecBuffer signature_buffer = NULL; diff --git a/winpr/sspi/NTLM/ntlm.h b/winpr/sspi/NTLM/ntlm.h index fafcae766..47d532d1e 100644 --- a/winpr/sspi/NTLM/ntlm.h +++ b/winpr/sspi/NTLM/ntlm.h @@ -39,8 +39,8 @@ typedef enum _NTLM_STATE NTLM_STATE; struct _AV_PAIR { - uint16 length; - uint8* value; + UINT16 length; + BYTE* value; }; typedef struct _AV_PAIR AV_PAIR; @@ -55,7 +55,7 @@ struct _AV_PAIRS AV_PAIR Restrictions; AV_PAIR TargetName; AV_PAIR ChannelBindings; - uint32 Flags; + UINT32 Flags; }; typedef struct _AV_PAIRS AV_PAIRS; @@ -80,20 +80,19 @@ struct _NTLM_CONTEXT boolean server; boolean ntlm_v2; NTLM_STATE state; - UNICONV* uniconv; int SendSeqNum; int RecvSeqNum; boolean confidentiality; CryptoRc4 SendRc4Seal; CryptoRc4 RecvRc4Seal; - uint8* SendSigningKey; - uint8* RecvSigningKey; - uint8* SendSealingKey; - uint8* RecvSealingKey; + BYTE* SendSigningKey; + BYTE* RecvSigningKey; + BYTE* SendSealingKey; + BYTE* RecvSealingKey; AV_PAIRS* av_pairs; - uint32 NegotiateFlags; - uint16* Workstation; - uint32 WorkstationLength; + UINT32 NegotiateFlags; + UINT16* Workstation; + UINT32 WorkstationLength; SEC_WINNT_AUTH_IDENTITY identity; SecBuffer NegotiateMessage; SecBuffer ChallengeMessage; @@ -102,19 +101,19 @@ struct _NTLM_CONTEXT SecBuffer TargetName; SecBuffer NtChallengeResponse; SecBuffer LmChallengeResponse; - uint8 Timestamp[8]; - uint8 ServerChallenge[8]; - uint8 ClientChallenge[8]; - uint8 SessionBaseKey[16]; - uint8 KeyExchangeKey[16]; - uint8 RandomSessionKey[16]; - uint8 ExportedSessionKey[16]; - uint8 EncryptedRandomSessionKey[16]; - uint8 ClientSigningKey[16]; - uint8 ClientSealingKey[16]; - uint8 ServerSigningKey[16]; - uint8 ServerSealingKey[16]; - uint8 MessageIntegrityCheck[16]; + BYTE Timestamp[8]; + BYTE ServerChallenge[8]; + BYTE ClientChallenge[8]; + BYTE SessionBaseKey[16]; + BYTE KeyExchangeKey[16]; + BYTE RandomSessionKey[16]; + BYTE ExportedSessionKey[16]; + BYTE EncryptedRandomSessionKey[16]; + BYTE ClientSigningKey[16]; + BYTE ClientSealingKey[16]; + BYTE ServerSigningKey[16]; + BYTE ServerSealingKey[16]; + BYTE MessageIntegrityCheck[16]; }; typedef struct _NTLM_CONTEXT NTLM_CONTEXT; diff --git a/winpr/sspi/NTLM/ntlm_av_pairs.c b/winpr/sspi/NTLM/ntlm_av_pairs.c index 6e62837a5..5d3d1f953 100644 --- a/winpr/sspi/NTLM/ntlm_av_pairs.c +++ b/winpr/sspi/NTLM/ntlm_av_pairs.c @@ -20,6 +20,7 @@ #include "ntlm.h" #include "../sspi.h" +#include #include #include @@ -336,20 +337,27 @@ char* test_DnsComputerName = "FreeRDP"; void ntlm_populate_server_av_pairs(NTLM_CONTEXT* context) { int length; - size_t size; AV_PAIRS* av_pairs = context->av_pairs; - av_pairs->NbDomainName.value = (uint8*) freerdp_uniconv_out(context->uniconv, test_NbDomainName, &size); - av_pairs->NbDomainName.length = (uint16) size; + av_pairs->NbDomainName.length = strlen(test_NbDomainName) * 2; + av_pairs->NbDomainName.value = (uint8*) malloc(av_pairs->NbDomainName.length); + MultiByteToWideChar(CP_ACP, 0, test_NbDomainName, strlen(test_NbDomainName), + (LPWSTR) av_pairs->NbDomainName.value, av_pairs->NbDomainName.length / 2); - av_pairs->NbComputerName.value = (uint8*) freerdp_uniconv_out(context->uniconv, test_NbComputerName, &size); - av_pairs->NbComputerName.length = (uint16) size; + av_pairs->NbComputerName.length = strlen(test_NbDomainName) * 2; + av_pairs->NbComputerName.value = (uint8*) malloc(av_pairs->NbComputerName.length); + MultiByteToWideChar(CP_ACP, 0, test_NbComputerName, strlen(test_NbComputerName), + (LPWSTR) av_pairs->NbComputerName.value, av_pairs->NbComputerName.length / 2); - av_pairs->DnsDomainName.value = (uint8*) freerdp_uniconv_out(context->uniconv, test_DnsDomainName, &size); - av_pairs->DnsDomainName.length = (uint16) size; + av_pairs->DnsDomainName.length = strlen(test_DnsDomainName) * 2; + av_pairs->DnsDomainName.value = (uint8*) malloc(av_pairs->DnsDomainName.length); + MultiByteToWideChar(CP_ACP, 0, test_DnsDomainName, strlen(test_DnsDomainName), + (LPWSTR) av_pairs->DnsDomainName.value, av_pairs->DnsDomainName.length / 2); - av_pairs->DnsComputerName.value = (uint8*) freerdp_uniconv_out(context->uniconv, test_DnsComputerName, &size); - av_pairs->DnsComputerName.length = (uint16) size; + av_pairs->DnsComputerName.length = strlen(test_DnsComputerName) * 2; + av_pairs->DnsComputerName.value = (uint8*) malloc(av_pairs->DnsComputerName.length); + MultiByteToWideChar(CP_ACP, 0, test_DnsComputerName, strlen(test_DnsComputerName), + (LPWSTR) av_pairs->DnsComputerName.value, av_pairs->DnsComputerName.length / 2); length = ntlm_compute_av_pairs_length(context) + 4; sspi_SecBufferAlloc(&context->TargetInfo, length); diff --git a/winpr/sspi/NTLM/ntlm_compute.c b/winpr/sspi/NTLM/ntlm_compute.c index aa74f5b59..e75d1ef5f 100644 --- a/winpr/sspi/NTLM/ntlm_compute.c +++ b/winpr/sspi/NTLM/ntlm_compute.c @@ -219,7 +219,6 @@ void ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash) char* data; char* line; int length; - size_t size; char* db_user; char* db_hash; uint16* User; @@ -262,8 +261,10 @@ void ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash) db_user = line; db_hash = &line[length + 1]; - User = (uint16*) freerdp_uniconv_out(context->uniconv, db_user, &size); - UserLength = (uint32) size; + UserLength = strlen(db_user) * 2; + User = (uint16*) malloc(UserLength); + MultiByteToWideChar(CP_ACP, 0, db_user, strlen(db_user), + (LPWSTR) User, UserLength / 2); if (UserLength == context->identity.UserLength) { @@ -300,7 +301,7 @@ void ntlm_compute_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash) /* Concatenate(Uppercase(username),domain)*/ memcpy(p, context->identity.User, context->identity.UserLength); - freerdp_uniconv_uppercase(context->uniconv, p, context->identity.UserLength / 2); + CharUpperBuffW(p, context->identity.UserLength / 2); memcpy(&p[context->identity.UserLength], context->identity.Domain, context->identity.DomainLength); diff --git a/winpr/sspi/Negotiate/negotiate.c b/winpr/sspi/Negotiate/negotiate.c index 8816e0d32..7506e17bf 100644 --- a/winpr/sspi/Negotiate/negotiate.c +++ b/winpr/sspi/Negotiate/negotiate.c @@ -48,46 +48,54 @@ const SecPkgInfoW NEGOTIATE_SecPkgInfoW = void negotiate_SetContextIdentity(NEGOTIATE_CONTEXT* context, SEC_WINNT_AUTH_IDENTITY* identity) { - size_t size; context->identity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI) { - context->identity.User = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->User, &size); - context->identity.UserLength = (uint32) size; + context->identity.UserLength = strlen((char*) identity->User) * 2; + context->identity.User = (UINT16*) malloc(context->identity.UserLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->User, strlen((char*) identity->User), + (LPWSTR) context->identity.User, context->identity.UserLength / 2); if (identity->DomainLength > 0) { - context->identity.Domain = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Domain, &size); - context->identity.DomainLength = (uint32) size; + context->identity.DomainLength = strlen((char*) identity->Domain) * 2; + context->identity.Domain = (UINT16*) malloc(context->identity.DomainLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->Domain, strlen((char*) identity->Domain), + (LPWSTR) context->identity.Domain, context->identity.DomainLength / 2); } else { - context->identity.Domain = (uint16*) NULL; + context->identity.Domain = (UINT16*) NULL; context->identity.DomainLength = 0; } - context->identity.Password = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Password, &size); - context->identity.PasswordLength = (uint32) size; + context->identity.PasswordLength = strlen((char*) identity->Password) * 2; + context->identity.Password = (UINT16*) malloc(context->identity.PasswordLength); + MultiByteToWideChar(CP_ACP, 0, (char*) identity->Password, strlen((char*) identity->Password), + (LPWSTR) context->identity.Password, context->identity.PasswordLength / 2); } else { - context->identity.User = (uint16*) malloc(identity->UserLength); + context->identity.User = (UINT16*) malloc(identity->UserLength); memcpy(context->identity.User, identity->User, identity->UserLength); + context->identity.UserLength = identity->UserLength; if (identity->DomainLength > 0) { - context->identity.Domain = (uint16*) malloc(identity->DomainLength); + context->identity.Domain = (UINT16*) malloc(identity->DomainLength); memcpy(context->identity.Domain, identity->Domain, identity->DomainLength); + context->identity.DomainLength = identity->DomainLength; } else { - context->identity.Domain = (uint16*) NULL; + context->identity.Domain = (UINT16*) NULL; context->identity.DomainLength = 0; } - context->identity.Password = (uint16*) malloc(identity->PasswordLength); + context->identity.Password = (UINT16*) malloc(identity->PasswordLength); memcpy(context->identity.Password, identity->Password, identity->PasswordLength); + context->identity.PasswordLength = identity->PasswordLength; } }