Improve NLA auth token debugging
This commit is contained in:
parent
a9d9908bde
commit
10ed4ec422
@ -144,8 +144,8 @@ struct rdp_nla
|
||||
SecPkgContext_Sizes ContextSizes;
|
||||
};
|
||||
|
||||
static BOOL nla_send(rdpNla* nla);
|
||||
static int nla_recv(rdpNla* nla);
|
||||
static BOOL nla_send(rdpNla* nla, const char* msg);
|
||||
static int nla_recv(rdpNla* nla, const char* msg);
|
||||
static void nla_buffer_print(rdpNla* nla);
|
||||
static void nla_buffer_free(rdpNla* nla);
|
||||
static SECURITY_STATUS nla_encrypt_public_key_echo(rdpNla* nla);
|
||||
@ -520,12 +520,8 @@ int nla_client_begin(rdpNla* nla)
|
||||
|
||||
nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer;
|
||||
nla->negoToken.cbBuffer = nla->outputBuffer.cbBuffer;
|
||||
WLog_DBG(TAG, "Sending Authentication Token");
|
||||
#if defined(WITH_DEBUG_NLA)
|
||||
winpr_HexDump(TAG, WLOG_DEBUG, nla->negoToken.pvBuffer, nla->negoToken.cbBuffer);
|
||||
#endif
|
||||
|
||||
if (!nla_send(nla))
|
||||
if (!nla_send(nla, "Client: Sending Authentication Token"))
|
||||
{
|
||||
nla_buffer_free(nla);
|
||||
return -1;
|
||||
@ -613,12 +609,8 @@ static int nla_client_recv(rdpNla* nla)
|
||||
|
||||
nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer;
|
||||
nla->negoToken.cbBuffer = nla->outputBuffer.cbBuffer;
|
||||
WLog_DBG(TAG, "Sending Authentication Token");
|
||||
#if defined(WITH_DEBUG_NLA)
|
||||
winpr_HexDump(TAG, WLOG_DEBUG, nla->negoToken.pvBuffer, nla->negoToken.cbBuffer);
|
||||
#endif
|
||||
|
||||
if (!nla_send(nla))
|
||||
if (!nla_send(nla, "Client: Sending Authentication Token"))
|
||||
{
|
||||
nla_buffer_free(nla);
|
||||
return -1;
|
||||
@ -658,7 +650,7 @@ static int nla_client_recv(rdpNla* nla)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!nla_send(nla))
|
||||
if (!nla_send(nla, "Client: Sending PubKeyAuth Token"))
|
||||
{
|
||||
nla_buffer_free(nla);
|
||||
return -1;
|
||||
@ -848,11 +840,9 @@ static int nla_server_authenticate(rdpNla* nla)
|
||||
nla->inputBufferDesc.pBuffers = &nla->inputBuffer;
|
||||
nla->inputBuffer.BufferType = SECBUFFER_TOKEN;
|
||||
|
||||
if (nla_recv(nla) < 0)
|
||||
if (nla_recv(nla, "Receiving Authentication Token") < 0)
|
||||
return -1;
|
||||
|
||||
WLog_DBG(TAG, "Receiving Authentication Token");
|
||||
nla_buffer_print(nla);
|
||||
nla->inputBuffer.pvBuffer = nla->negoToken.pvBuffer;
|
||||
nla->inputBuffer.cbBuffer = nla->negoToken.cbBuffer;
|
||||
|
||||
@ -935,17 +925,14 @@ static int nla_server_authenticate(rdpNla* nla)
|
||||
{
|
||||
if (nla->outputBuffer.cbBuffer != 0)
|
||||
{
|
||||
if (!nla_send(nla))
|
||||
if (!nla_send(nla, "Server: Sending response"))
|
||||
{
|
||||
nla_buffer_free(nla);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (nla_recv(nla) < 0)
|
||||
if (nla_recv(nla, "Receiving pubkey Token") < 0)
|
||||
return -1;
|
||||
|
||||
WLog_DBG(TAG, "Receiving pubkey Token");
|
||||
nla_buffer_print(nla);
|
||||
}
|
||||
|
||||
nla->havePubKeyAuth = TRUE;
|
||||
@ -1012,15 +999,12 @@ static int nla_server_authenticate(rdpNla* nla)
|
||||
|
||||
WLog_ERR(TAG, "AcceptSecurityContext status %s [0x%08" PRIX32 "]",
|
||||
GetSecurityStatusString(nla->status), nla->status);
|
||||
nla_send(nla);
|
||||
nla_send(nla, "Server: Sending AcceptSecurityContext error status");
|
||||
return -1; /* Access Denied */
|
||||
}
|
||||
|
||||
/* send authentication token */
|
||||
WLog_DBG(TAG, "Sending Authentication Token");
|
||||
nla_buffer_print(nla);
|
||||
|
||||
if (!nla_send(nla))
|
||||
if (!nla_send(nla, "Server: Sending Authentication Token"))
|
||||
{
|
||||
nla_buffer_free(nla);
|
||||
return -1;
|
||||
@ -1036,7 +1020,7 @@ static int nla_server_authenticate(rdpNla* nla)
|
||||
|
||||
/* Receive encrypted credentials */
|
||||
|
||||
if (nla_recv(nla) < 0)
|
||||
if (nla_recv(nla, "Receive Encryption Credentials") < 0)
|
||||
return -1;
|
||||
|
||||
nla->status = nla_decrypt_ts_credentials(nla);
|
||||
@ -1916,7 +1900,7 @@ static size_t nla_sizeof_ts_request(size_t length)
|
||||
* @param credssp
|
||||
*/
|
||||
|
||||
BOOL nla_send(rdpNla* nla)
|
||||
BOOL nla_send(rdpNla* nla, const char* msg)
|
||||
{
|
||||
BOOL rc = TRUE;
|
||||
wStream* s;
|
||||
@ -1928,6 +1912,9 @@ BOOL nla_send(rdpNla* nla)
|
||||
size_t error_code_context_length = 0;
|
||||
size_t error_code_length = 0;
|
||||
size_t client_nonce_length = 0;
|
||||
WLog_DBG(TAG, "%s", msg);
|
||||
nla_buffer_print(nla);
|
||||
|
||||
nego_tokens_length =
|
||||
(nla->negoToken.cbBuffer > 0) ? nla_sizeof_nego_tokens(nla->negoToken.cbBuffer) : 0;
|
||||
pub_key_auth_length =
|
||||
@ -2208,7 +2195,7 @@ int nla_recv_pdu(rdpNla* nla, wStream* s)
|
||||
return 1;
|
||||
}
|
||||
|
||||
int nla_recv(rdpNla* nla)
|
||||
int nla_recv(rdpNla* nla, const char* msg)
|
||||
{
|
||||
wStream* s;
|
||||
int status;
|
||||
@ -2216,7 +2203,7 @@ int nla_recv(rdpNla* nla)
|
||||
|
||||
if (!s)
|
||||
{
|
||||
WLog_ERR(TAG, "Stream_New failed!");
|
||||
WLog_ERR(TAG, "[%s] Stream_New failed!", __FUNCTION__);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -2224,18 +2211,21 @@ int nla_recv(rdpNla* nla)
|
||||
|
||||
if (status < 0)
|
||||
{
|
||||
WLog_ERR(TAG, "nla_recv() error: %d", status);
|
||||
WLog_ERR(TAG, "[%s] error: %d", __FUNCTION__, status);
|
||||
Stream_Free(s, TRUE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (nla_decode_ts_request(nla, s) < 1)
|
||||
{
|
||||
WLog_ERR(TAG, "[%s] Invalid data received, aborting", __FUNCTION__);
|
||||
Stream_Free(s, TRUE);
|
||||
return -1;
|
||||
}
|
||||
|
||||
Stream_Free(s, TRUE);
|
||||
WLog_DBG(TAG, "[%s] %s", __FUNCTION__, msg);
|
||||
nla_buffer_print(nla);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user