mirror of
https://github.com/morgan9e/FreeRDP
synced 2026-04-15 00:44:19 +09:00
Merge pull request #12163 from akallabeth/sspi-krb-heimdal
Sspi krb heimdal
This commit is contained in:
akallabeth
@@ -1337,14 +1337,11 @@ BOOL freerdp_nla_decrypt(rdpContext* context, const SecBuffer* inBuffer, SecBuff
|
||||
|
||||
SECURITY_STATUS freerdp_nla_QueryContextAttributes(rdpContext* context, DWORD ulAttr, PVOID pBuffer)
|
||||
{
|
||||
rdpNla* nla;
|
||||
|
||||
WINPR_ASSERT(context);
|
||||
WINPR_ASSERT(context->rdp);
|
||||
|
||||
if (context->rdp->nla)
|
||||
nla = context->rdp->nla;
|
||||
else
|
||||
rdpNla* nla = context->rdp->nla;
|
||||
if (!nla)
|
||||
nla = transport_get_nla(context->rdp->transport);
|
||||
|
||||
WINPR_ASSERT(nla);
|
||||
|
||||
@@ -1711,8 +1711,6 @@ static SECURITY_STATUS kerberos_ATTR_AUTH_IDENTITY(KRB_CONTEXT* context,
|
||||
SecPkgContext_AuthIdentity* AuthIdentity)
|
||||
{
|
||||
const SecPkgContext_AuthIdentity empty = { 0 };
|
||||
krb5glue_authenticator authenticator = NULL;
|
||||
char* name = NULL;
|
||||
|
||||
WINPR_ASSERT(context);
|
||||
WINPR_ASSERT(context->auth_ctx);
|
||||
@@ -1721,41 +1719,66 @@ static SECURITY_STATUS kerberos_ATTR_AUTH_IDENTITY(KRB_CONTEXT* context,
|
||||
WINPR_ASSERT(AuthIdentity);
|
||||
*AuthIdentity = empty;
|
||||
|
||||
krb5glue_authenticator authenticator = NULL;
|
||||
krb5_error_code rv = krb_log_exec(krb5_auth_con_getauthenticator, credentials->ctx,
|
||||
context->auth_ctx, &authenticator);
|
||||
if (rv)
|
||||
return krb5_error_to_SECURITY_STATUS(rv);
|
||||
goto fail;
|
||||
|
||||
krb5_data* realm_data = krb5_princ_realm(credentials->ctx, authenticator->client);
|
||||
if (realm_data->length > (sizeof(AuthIdentity->Domain) - 1))
|
||||
{
|
||||
krb5_free_authenticator(credentials->ctx, authenticator);
|
||||
return SEC_E_INTERNAL_ERROR;
|
||||
rv = -1;
|
||||
|
||||
#if defined(WITH_KRB5_HEIMDAL)
|
||||
const Realm data = authenticator->crealm;
|
||||
if (!data)
|
||||
goto fail;
|
||||
const size_t data_len = length_Realm(&data);
|
||||
#else
|
||||
krb5_data* realm_data = krb5_princ_realm(credentials->ctx, authenticator->client);
|
||||
if (!realm_data)
|
||||
goto fail;
|
||||
const char* data = realm_data->data;
|
||||
if (!data)
|
||||
goto fail;
|
||||
const size_t data_len = realm_data->length;
|
||||
#endif
|
||||
|
||||
if (data_len > (sizeof(AuthIdentity->Domain) - 1))
|
||||
goto fail;
|
||||
strncpy(AuthIdentity->Domain, data, data_len);
|
||||
}
|
||||
|
||||
rv = krb_log_exec(krb5_unparse_name_flags, credentials->ctx, authenticator->client,
|
||||
KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
|
||||
if (rv)
|
||||
{
|
||||
krb5_free_authenticator(credentials->ctx, authenticator);
|
||||
return krb5_error_to_SECURITY_STATUS(rv);
|
||||
}
|
||||
#if defined(WITH_KRB5_HEIMDAL)
|
||||
const PrincipalName* principal = &authenticator->cname;
|
||||
const size_t name_length = length_PrincipalName(principal);
|
||||
if (!principal->name_string.val)
|
||||
goto fail;
|
||||
const char* name = *principal->name_string.val;
|
||||
#else
|
||||
char* name = NULL;
|
||||
rv = krb_log_exec(krb5_unparse_name_flags, credentials->ctx, authenticator->client,
|
||||
KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
|
||||
if (rv)
|
||||
goto fail;
|
||||
|
||||
size_t name_length = strlen(name);
|
||||
if (name_length > (sizeof(AuthIdentity->User) - 1))
|
||||
{
|
||||
const size_t name_length = strlen(name);
|
||||
#endif
|
||||
|
||||
const bool ok = (name_length <= (sizeof(AuthIdentity->User) - 1));
|
||||
if (ok)
|
||||
strncpy(AuthIdentity->User, name, name_length);
|
||||
|
||||
rv = ok ? 0 : -1;
|
||||
|
||||
#if !defined(WITH_KRB5_HEIMDAL)
|
||||
krb5_free_unparsed_name(credentials->ctx, name);
|
||||
krb5_free_authenticator(credentials->ctx, authenticator);
|
||||
return SEC_E_INTERNAL_ERROR;
|
||||
#endif
|
||||
}
|
||||
|
||||
strncpy(AuthIdentity->User, name, name_length);
|
||||
strncpy(AuthIdentity->Domain, realm_data->data, realm_data->length);
|
||||
|
||||
krb5_free_unparsed_name(credentials->ctx, name);
|
||||
krb5_free_authenticator(credentials->ctx, authenticator);
|
||||
|
||||
return SEC_E_OK;
|
||||
fail:
|
||||
krb5glue_free_authenticator(credentials->ctx, authenticator);
|
||||
return krb5_error_to_SECURITY_STATUS(rv);
|
||||
}
|
||||
|
||||
static SECURITY_STATUS kerberos_ATTR_TICKET_LOGON(KRB_CONTEXT* context,
|
||||
|
||||
@@ -29,6 +29,8 @@
|
||||
typedef krb5_key krb5glue_key;
|
||||
typedef krb5_authenticator* krb5glue_authenticator;
|
||||
|
||||
#define krb5glue_free_authenticator(ctx, auth) krb5_free_authenticator((ctx), (auth))
|
||||
|
||||
#define krb5glue_crypto_length(ctx, key, type, size) \
|
||||
krb5_c_crypto_length(ctx, krb5_k_key_enctype(ctx, key), type, size)
|
||||
#define krb5glue_crypto_length_iov(ctx, key, iov, size) \
|
||||
@@ -57,6 +59,8 @@ krb5_prompt_type krb5glue_get_prompt_type(krb5_context ctx, krb5_prompt prompts[
|
||||
typedef krb5_crypto krb5glue_key;
|
||||
typedef krb5_authenticator krb5glue_authenticator;
|
||||
|
||||
#define krb5glue_free_authenticator(ctx, auth) krb5_free_authenticator((ctx), &(auth))
|
||||
|
||||
krb5_error_code krb5glue_crypto_length(krb5_context ctx, krb5glue_key key, int type,
|
||||
unsigned int* size);
|
||||
#define krb5glue_crypto_length_iov(ctx, key, iov, size) krb5_crypto_length_iov(ctx, key, iov, size)
|
||||
|
||||
Reference in New Issue
Block a user