From 89b7c63f03311a873d63f7994911f2080de4cb1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= Date: Thu, 7 Jun 2012 00:14:47 -0400 Subject: [PATCH] libwinpr-sspi: fix WinPR NTLM SSPI module --- libfreerdp-crypto/nla.c | 13 ++++--------- winpr/sspi/NTLM/ntlm.c | 26 +++++--------------------- winpr/sspi/NTLM/ntlm_compute.c | 10 +++++----- winpr/sspi/NTLM/ntlm_message.c | 4 ++-- winpr/sspi/sspi.c | 12 ++++++------ 5 files changed, 22 insertions(+), 43 deletions(-) diff --git a/libfreerdp-crypto/nla.c b/libfreerdp-crypto/nla.c index c8137be8a..f0a0d731b 100644 --- a/libfreerdp-crypto/nla.c +++ b/libfreerdp-crypto/nla.c @@ -124,7 +124,7 @@ int credssp_ntlm_client_init(rdpCredssp* credssp) sprintf(spn, "%s%s", TERMSRV_SPN_PREFIX, settings->hostname); #ifdef UNICODE - credssp->ServicePrincipalName = (LPCTSTR) malloc(length * 2 + 2); + credssp->ServicePrincipalName = (LPTSTR) malloc(length * 2 + 2); MultiByteToWideChar(CP_ACP, 0, spn, length, (LPWSTR) credssp->ServicePrincipalName, length); free(spn); @@ -238,8 +238,6 @@ int credssp_client_authenticate(rdpCredssp* credssp) SECURITY_NATIVE_DREP, (have_input_buffer) ? &input_buffer_desc : NULL, 0, &credssp->context, &output_buffer_desc, &pfContextAttr, &expiration); - freerdp_hexdump(credssp->identity.User, credssp->identity.UserLength); - if (input_buffer.pvBuffer != NULL) { free(input_buffer.pvBuffer); @@ -739,6 +737,7 @@ void credssp_read_ts_password_creds(rdpCredssp* credssp, STREAM* s) credssp->identity.Domain = (UINT16*) malloc(length); CopyMemory(credssp->identity.Domain, s->p, credssp->identity.DomainLength); stream_seek(s, credssp->identity.DomainLength); + credssp->identity.DomainLength /= 2; /* [1] userName (OCTET STRING) */ ber_read_contextual_tag(s, 1, &length, true); @@ -747,6 +746,7 @@ void credssp_read_ts_password_creds(rdpCredssp* credssp, STREAM* s) credssp->identity.User = (UINT16*) malloc(length); CopyMemory(credssp->identity.User, s->p, credssp->identity.UserLength); stream_seek(s, credssp->identity.UserLength); + credssp->identity.UserLength /= 2; /* [2] password (OCTET STRING) */ ber_read_contextual_tag(s, 2, &length, true); @@ -755,6 +755,7 @@ void credssp_read_ts_password_creds(rdpCredssp* credssp, STREAM* s) credssp->identity.Password = (UINT16*) malloc(length); CopyMemory(credssp->identity.Password, s->p, credssp->identity.PasswordLength); stream_seek(s, credssp->identity.PasswordLength); + credssp->identity.PasswordLength /= 2; } void credssp_write_ts_password_creds(rdpCredssp* credssp, STREAM* s) @@ -1042,9 +1043,6 @@ void credssp_send(rdpCredssp* credssp) ber_write_octet_string(s, credssp->pubKeyAuth.pvBuffer, length); } - printf("Sending Token (%d)\n", stream_get_length(s)); - freerdp_hexdump(s->data, stream_get_length(s)); - tls_write(credssp->tls, s->data, stream_get_length(s)); stream_free(s); } @@ -1072,9 +1070,6 @@ int credssp_recv(rdpCredssp* credssp) return -1; } - printf("Receiving Token (%d)\n", s->size); - freerdp_hexdump(s->data, s->size); - /* TSRequest */ ber_read_sequence_tag(s, &length); ber_read_contextual_tag(s, 0, &length, true); diff --git a/winpr/sspi/NTLM/ntlm.c b/winpr/sspi/NTLM/ntlm.c index 81eb0cc4c..ba3480d31 100644 --- a/winpr/sspi/NTLM/ntlm.c +++ b/winpr/sspi/NTLM/ntlm.c @@ -62,7 +62,7 @@ NTLM_CONTEXT* ntlm_ContextNew() { context->ntlm_v2 = 0; context->NegotiateFlags = 0; - context->SendVersionInfo = 1; + context->SendVersionInfo = 0; context->LmCompatibilityLevel = 3; context->state = NTLM_STATE_INITIAL; context->SuppressExtendedProtection = 1; @@ -186,14 +186,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesW(PCredHandle phCredent { if (ulAttribute == SECPKG_CRED_ATTR_NAMES) { - CREDENTIALS* credentials; - //SecPkgCredentials_Names* credential_names = (SecPkgCredentials_Names*) pBuffer; - - credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); - - //if (credentials->identity.Flags == SEC_WINNT_AUTH_IDENTITY_ANSI) - // credential_names->sUserName = xstrdup((char*) credentials->identity.User); - return SEC_E_OK; } @@ -204,14 +196,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_QueryCredentialsAttributesA(PCredHandle phCredent { if (ulAttribute == SECPKG_CRED_ATTR_NAMES) { - CREDENTIALS* credentials; - //SecPkgCredentials_Names* credential_names = (SecPkgCredentials_Names*) pBuffer; - - credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); - - //if (credentials->identity.Flags == SEC_WINNT_AUTH_IDENTITY_ANSI) - // credential_names->sUserName = xstrdup((char*) credentials->identity.User); - return SEC_E_OK; } @@ -231,7 +215,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P PSecBuffer input_buffer; PSecBuffer output_buffer; - context = sspi_SecureHandleGetLowerPointer(phContext); + context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); if (!context) { @@ -346,7 +330,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti PSecBuffer input_buffer; PSecBuffer output_buffer; - context = sspi_SecureHandleGetLowerPointer(phContext); + context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); if (!context) { @@ -437,7 +421,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext) { NTLM_CONTEXT* context; - context = sspi_SecureHandleGetLowerPointer(phContext); + context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); if (!context) return SEC_E_INVALID_HANDLE; @@ -496,7 +480,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBuffer data_buffer = NULL; PSecBuffer signature_buffer = NULL; - context = sspi_SecureHandleGetLowerPointer(phContext); + context = (NTLM_CONTEXT*) sspi_SecureHandleGetLowerPointer(phContext); for (index = 0; index < (int) pMessage->cBuffers; index++) { diff --git a/winpr/sspi/NTLM/ntlm_compute.c b/winpr/sspi/NTLM/ntlm_compute.c index f605a227e..ae17013a9 100644 --- a/winpr/sspi/NTLM/ntlm_compute.c +++ b/winpr/sspi/NTLM/ntlm_compute.c @@ -169,8 +169,8 @@ void ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash) sam = SamOpen(1); entry = SamLookupUserW(sam, - (LPWSTR) context->identity.User, context->identity.UserLength, - (LPWSTR) context->identity.Domain, context->identity.DomainLength); + (LPWSTR) context->identity.User, context->identity.UserLength * 2, + (LPWSTR) context->identity.Domain, context->identity.DomainLength * 2); if (entry != NULL) { @@ -186,9 +186,9 @@ void ntlm_compute_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash) { if (context->identity.PasswordLength > 0) { - NTOWFv2W((LPWSTR) context->identity.Password, context->identity.PasswordLength, - (LPWSTR) context->identity.User, context->identity.UserLength, - (LPWSTR) context->identity.Domain, context->identity.DomainLength, (BYTE*) hash); + NTOWFv2W((LPWSTR) context->identity.Password, context->identity.PasswordLength * 2, + (LPWSTR) context->identity.User, context->identity.UserLength * 2, + (LPWSTR) context->identity.Domain, context->identity.DomainLength * 2, (BYTE*) hash); } else { diff --git a/winpr/sspi/NTLM/ntlm_message.c b/winpr/sspi/NTLM/ntlm_message.c index dc9312007..926d39f04 100644 --- a/winpr/sspi/NTLM/ntlm_message.c +++ b/winpr/sspi/NTLM/ntlm_message.c @@ -956,10 +956,10 @@ SECURITY_STATUS ntlm_write_AuthenticateMessage(NTLM_CONTEXT* context, PSecBuffer if (context->ntlm_v2 < 1) WorkstationLen = 0; - DomainNameLen = (UINT16) context->identity.DomainLength; + DomainNameLen = (UINT16) context->identity.DomainLength * 2; DomainNameBuffer = (BYTE*) context->identity.Domain; - UserNameLen = (UINT16) context->identity.UserLength; + UserNameLen = (UINT16) context->identity.UserLength * 2; UserNameBuffer = (BYTE*) context->identity.User; LmChallengeResponseLen = (UINT16) 24; diff --git a/winpr/sspi/sspi.c b/winpr/sspi/sspi.c index 4041d56ca..6d30464d5 100644 --- a/winpr/sspi/sspi.c +++ b/winpr/sspi/sspi.c @@ -329,16 +329,16 @@ void sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, SEC_WINNT_AUTH_IDE identity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; identity->UserLength = srcIdentity->UserLength; - identity->User = malloc(identity->UserLength + 2); - CopyMemory(identity->User, srcIdentity->User, identity->UserLength); + identity->User = (UINT16*) malloc(identity->UserLength * sizeof(WCHAR)); + CopyMemory(identity->User, srcIdentity->User, identity->UserLength * sizeof(WCHAR)); identity->DomainLength = srcIdentity->DomainLength; - identity->Domain = malloc(identity->DomainLength + 2); - CopyMemory(identity->Domain, srcIdentity->Domain, identity->DomainLength); + identity->Domain = (UINT16*) malloc(identity->DomainLength * sizeof(WCHAR)); + CopyMemory(identity->Domain, srcIdentity->Domain, identity->DomainLength * sizeof(WCHAR)); identity->PasswordLength = srcIdentity->PasswordLength; - identity->Password = malloc(identity->PasswordLength + 2); - CopyMemory(identity->Password, srcIdentity->Password, identity->PasswordLength); + identity->Password = (UINT16*) malloc(identity->PasswordLength * sizeof(WCHAR)); + CopyMemory(identity->Password, srcIdentity->Password, identity->PasswordLength * sizeof(WCHAR)); } void sspi_GlobalInit()