mirror of
https://github.com/morgan9e/FreeRDP
synced 2026-04-15 00:44:19 +09:00
libwinpr-sspi: fix WinPR NTLM SSPI module
This commit is contained in:
Marc-André Moreau
@@ -124,7 +124,7 @@ int credssp_ntlm_client_init(rdpCredssp* credssp)
|
||||
sprintf(spn, "%s%s", TERMSRV_SPN_PREFIX, settings->hostname);
|
||||
|
||||
#ifdef UNICODE
|
||||
credssp->ServicePrincipalName = (LPCTSTR) malloc(length * 2 + 2);
|
||||
credssp->ServicePrincipalName = (LPTSTR) malloc(length * 2 + 2);
|
||||
MultiByteToWideChar(CP_ACP, 0, spn, length,
|
||||
(LPWSTR) credssp->ServicePrincipalName, length);
|
||||
free(spn);
|
||||
@@ -238,8 +238,6 @@ int credssp_client_authenticate(rdpCredssp* credssp)
|
||||
SECURITY_NATIVE_DREP, (have_input_buffer) ? &input_buffer_desc : NULL,
|
||||
0, &credssp->context, &output_buffer_desc, &pfContextAttr, &expiration);
|
||||
|
||||
freerdp_hexdump(credssp->identity.User, credssp->identity.UserLength);
|
||||
|
||||
if (input_buffer.pvBuffer != NULL)
|
||||
{
|
||||
free(input_buffer.pvBuffer);
|
||||
@@ -739,6 +737,7 @@ void credssp_read_ts_password_creds(rdpCredssp* credssp, STREAM* s)
|
||||
credssp->identity.Domain = (UINT16*) malloc(length);
|
||||
CopyMemory(credssp->identity.Domain, s->p, credssp->identity.DomainLength);
|
||||
stream_seek(s, credssp->identity.DomainLength);
|
||||
credssp->identity.DomainLength /= 2;
|
||||
|
||||
/* [1] userName (OCTET STRING) */
|
||||
ber_read_contextual_tag(s, 1, &length, true);
|
||||
@@ -747,6 +746,7 @@ void credssp_read_ts_password_creds(rdpCredssp* credssp, STREAM* s)
|
||||
credssp->identity.User = (UINT16*) malloc(length);
|
||||
CopyMemory(credssp->identity.User, s->p, credssp->identity.UserLength);
|
||||
stream_seek(s, credssp->identity.UserLength);
|
||||
credssp->identity.UserLength /= 2;
|
||||
|
||||
/* [2] password (OCTET STRING) */
|
||||
ber_read_contextual_tag(s, 2, &length, true);
|
||||
@@ -755,6 +755,7 @@ void credssp_read_ts_password_creds(rdpCredssp* credssp, STREAM* s)
|
||||
credssp->identity.Password = (UINT16*) malloc(length);
|
||||
CopyMemory(credssp->identity.Password, s->p, credssp->identity.PasswordLength);
|
||||
stream_seek(s, credssp->identity.PasswordLength);
|
||||
credssp->identity.PasswordLength /= 2;
|
||||
}
|
||||
|
||||
void credssp_write_ts_password_creds(rdpCredssp* credssp, STREAM* s)
|
||||
@@ -1042,9 +1043,6 @@ void credssp_send(rdpCredssp* credssp)
|
||||
ber_write_octet_string(s, credssp->pubKeyAuth.pvBuffer, length);
|
||||
}
|
||||
|
||||
printf("Sending Token (%d)\n", stream_get_length(s));
|
||||
freerdp_hexdump(s->data, stream_get_length(s));
|
||||
|
||||
tls_write(credssp->tls, s->data, stream_get_length(s));
|
||||
stream_free(s);
|
||||
}
|
||||
@@ -1072,9 +1070,6 @@ int credssp_recv(rdpCredssp* credssp)
|
||||
return -1;
|
||||
}
|
||||
|
||||
printf("Receiving Token (%d)\n", s->size);
|
||||
freerdp_hexdump(s->data, s->size);
|
||||
|
||||
/* TSRequest */
|
||||
ber_read_sequence_tag(s, &length);
|
||||
ber_read_contextual_tag(s, 0, &length, true);
|
||||
|
||||
@@ -62,7 +62,7 @@ NTLM_CONTEXT* ntlm_ContextNew()
|
||||
{
|
||||
context->ntlm_v2 = 0;
|
||||
context->NegotiateFlags = 0;
|
||||
context->SendVersionInfo = 1;
|
||||
context->SendVersionInfo = 0;
|
||||
context->LmCompatibilityLevel = 3;
|
||||
context->state = NTLM_STATE_INITIAL;
|
||||
context->SuppressExtendedProtection = 1;
|
||||
@@ -186,14 +186,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesW(PCredHandle phCredent
|
||||
{
|
||||
if (ulAttribute == SECPKG_CRED_ATTR_NAMES)
|
||||
{
|
||||
CREDENTIALS* credentials;
|
||||
//SecPkgCredentials_Names* credential_names = (SecPkgCredentials_Names*) pBuffer;
|
||||
|
||||
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
|
||||
|
||||
//if (credentials->identity.Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
|
||||
// credential_names->sUserName = xstrdup((char*) credentials->identity.User);
|
||||
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
@@ -204,14 +196,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesA(PCredHandle phCredent
|
||||
{
|
||||
if (ulAttribute == SECPKG_CRED_ATTR_NAMES)
|
||||
{
|
||||
CREDENTIALS* credentials;
|
||||
//SecPkgCredentials_Names* credential_names = (SecPkgCredentials_Names*) pBuffer;
|
||||
|
||||
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
|
||||
|
||||
//if (credentials->identity.Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
|
||||
// credential_names->sUserName = xstrdup((char*) credentials->identity.User);
|
||||
|
||||
return SEC_E_OK;
|
||||
}
|
||||
|
||||
@@ -231,7 +215,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
|
||||
PSecBuffer input_buffer;
|
||||
PSecBuffer output_buffer;
|
||||
|
||||
context = sspi_SecureHandleGetLowerPointer(phContext);
|
||||
context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);
|
||||
|
||||
if (!context)
|
||||
{
|
||||
@@ -346,7 +330,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
|
||||
PSecBuffer input_buffer;
|
||||
PSecBuffer output_buffer;
|
||||
|
||||
context = sspi_SecureHandleGetLowerPointer(phContext);
|
||||
context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);
|
||||
|
||||
if (!context)
|
||||
{
|
||||
@@ -437,7 +421,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
|
||||
{
|
||||
NTLM_CONTEXT* context;
|
||||
|
||||
context = sspi_SecureHandleGetLowerPointer(phContext);
|
||||
context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);
|
||||
|
||||
if (!context)
|
||||
return SEC_E_INVALID_HANDLE;
|
||||
@@ -496,7 +480,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
|
||||
PSecBuffer data_buffer = NULL;
|
||||
PSecBuffer signature_buffer = NULL;
|
||||
|
||||
context = sspi_SecureHandleGetLowerPointer(phContext);
|
||||
context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext);
|
||||
|
||||
for (index = 0; index < (int) pMessage->cBuffers; index++)
|
||||
{
|
||||
|
||||
@@ -169,8 +169,8 @@ void ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash)
|
||||
sam = SamOpen(1);
|
||||
|
||||
entry = SamLookupUserW(sam,
|
||||
(LPWSTR) context->identity.User, context->identity.UserLength,
|
||||
(LPWSTR) context->identity.Domain, context->identity.DomainLength);
|
||||
(LPWSTR) context->identity.User, context->identity.UserLength * 2,
|
||||
(LPWSTR) context->identity.Domain, context->identity.DomainLength * 2);
|
||||
|
||||
if (entry != NULL)
|
||||
{
|
||||
@@ -186,9 +186,9 @@ void ntlm_compute_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash)
|
||||
{
|
||||
if (context->identity.PasswordLength > 0)
|
||||
{
|
||||
NTOWFv2W((LPWSTR) context->identity.Password, context->identity.PasswordLength,
|
||||
(LPWSTR) context->identity.User, context->identity.UserLength,
|
||||
(LPWSTR) context->identity.Domain, context->identity.DomainLength, (BYTE*) hash);
|
||||
NTOWFv2W((LPWSTR) context->identity.Password, context->identity.PasswordLength * 2,
|
||||
(LPWSTR) context->identity.User, context->identity.UserLength * 2,
|
||||
(LPWSTR) context->identity.Domain, context->identity.DomainLength * 2, (BYTE*) hash);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -956,10 +956,10 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer
|
||||
if (context->ntlm_v2 < 1)
|
||||
WorkstationLen = 0;
|
||||
|
||||
DomainNameLen = (UINT16) context->identity.DomainLength;
|
||||
DomainNameLen = (UINT16) context->identity.DomainLength * 2;
|
||||
DomainNameBuffer = (BYTE*) context->identity.Domain;
|
||||
|
||||
UserNameLen = (UINT16) context->identity.UserLength;
|
||||
UserNameLen = (UINT16) context->identity.UserLength * 2;
|
||||
UserNameBuffer = (BYTE*) context->identity.User;
|
||||
|
||||
LmChallengeResponseLen = (UINT16) 24;
|
||||
|
||||
@@ -329,16 +329,16 @@ void sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, SEC_WINNT_AUTH_IDE
|
||||
identity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
|
||||
|
||||
identity->UserLength = srcIdentity->UserLength;
|
||||
identity->User = malloc(identity->UserLength + 2);
|
||||
CopyMemory(identity->User, srcIdentity->User, identity->UserLength);
|
||||
identity->User = (UINT16*) malloc(identity->UserLength * sizeof(WCHAR));
|
||||
CopyMemory(identity->User, srcIdentity->User, identity->UserLength * sizeof(WCHAR));
|
||||
|
||||
identity->DomainLength = srcIdentity->DomainLength;
|
||||
identity->Domain = malloc(identity->DomainLength + 2);
|
||||
CopyMemory(identity->Domain, srcIdentity->Domain, identity->DomainLength);
|
||||
identity->Domain = (UINT16*) malloc(identity->DomainLength * sizeof(WCHAR));
|
||||
CopyMemory(identity->Domain, srcIdentity->Domain, identity->DomainLength * sizeof(WCHAR));
|
||||
|
||||
identity->PasswordLength = srcIdentity->PasswordLength;
|
||||
identity->Password = malloc(identity->PasswordLength + 2);
|
||||
CopyMemory(identity->Password, srcIdentity->Password, identity->PasswordLength);
|
||||
identity->Password = (UINT16*) malloc(identity->PasswordLength * sizeof(WCHAR));
|
||||
CopyMemory(identity->Password, srcIdentity->Password, identity->PasswordLength * sizeof(WCHAR));
|
||||
}
|
||||
|
||||
void sspi_GlobalInit()
|
||||
|
||||
Reference in New Issue
Block a user