diff --git a/libfreerdp-crypto/nla.c b/libfreerdp-crypto/nla.c
index 22fd5117f..df87c2232 100644
--- a/libfreerdp-crypto/nla.c
+++ b/libfreerdp-crypto/nla.c
@@ -90,7 +90,6 @@ void credssp_buffer_print(rdpCredssp* credssp);
void credssp_buffer_free(rdpCredssp* credssp);
SECURITY_STATUS credssp_encrypt_public_key_echo(rdpCredssp* credssp);
SECURITY_STATUS credssp_decrypt_public_key_echo(rdpCredssp* credssp);
-void credssp_encode_ts_credentials(rdpCredssp* credssp);
SECURITY_STATUS credssp_encrypt_ts_credentials(rdpCredssp* credssp);
SECURITY_STATUS credssp_decrypt_ts_credentials(rdpCredssp* credssp);
@@ -520,8 +519,6 @@ int credssp_server_authenticate(rdpCredssp* credssp)
return 0;
}
- printf("verifying public key echo\n");
-
credssp_decrypt_public_key_echo(credssp);
sspi_SecBufferFree(&credssp->negoToken);
@@ -678,7 +675,7 @@ SECURITY_STATUS credssp_decrypt_public_key_echo(rdpCredssp* credssp)
Message.ulVersion = SECBUFFER_VERSION;
Message.pBuffers = (PSecBuffer) &Buffers;
- status = credssp->table->DecryptMessage(&credssp->context, &Message, 0, &pfQOP);
+ status = credssp->table->DecryptMessage(&credssp->context, &Message, credssp->recv_seq_num++, &pfQOP);
if (status != SEC_E_OK)
{
@@ -887,7 +884,6 @@ void credssp_encode_ts_credentials(rdpCredssp* credssp)
SECURITY_STATUS credssp_encrypt_ts_credentials(rdpCredssp* credssp)
{
- BYTE* p;
SecBuffer Buffers[2];
SecBufferDesc Message;
SECURITY_STATUS status;
@@ -897,37 +893,32 @@ SECURITY_STATUS credssp_encrypt_ts_credentials(rdpCredssp* credssp)
Buffers[0].BufferType = SECBUFFER_TOKEN; /* Signature */
Buffers[1].BufferType = SECBUFFER_DATA; /* TSCredentials */
- Buffers[0].cbBuffer = 16;
- Buffers[0].pvBuffer = xzalloc(Buffers[0].cbBuffer);
+ sspi_SecBufferAlloc(&credssp->authInfo, credssp->ContextSizes.cbMaxSignature + credssp->ts_credentials.cbBuffer);
+
+ Buffers[0].cbBuffer = credssp->ContextSizes.cbMaxSignature;
+ Buffers[0].pvBuffer = credssp->authInfo.pvBuffer;
+ ZeroMemory(Buffers[0].pvBuffer, Buffers[0].cbBuffer);
Buffers[1].cbBuffer = credssp->ts_credentials.cbBuffer;
- Buffers[1].pvBuffer = malloc(Buffers[1].cbBuffer);
+ Buffers[1].pvBuffer = &((BYTE*) credssp->authInfo.pvBuffer)[Buffers[0].cbBuffer];
CopyMemory(Buffers[1].pvBuffer, credssp->ts_credentials.pvBuffer, Buffers[1].cbBuffer);
Message.cBuffers = 2;
Message.ulVersion = SECBUFFER_VERSION;
Message.pBuffers = (PSecBuffer) &Buffers;
- sspi_SecBufferAlloc(&credssp->authInfo, Buffers[0].cbBuffer + Buffers[1].cbBuffer);
-
status = credssp->table->EncryptMessage(&credssp->context, 0, &Message, credssp->send_seq_num++);
if (status != SEC_E_OK)
return status;
- p = (BYTE*) credssp->authInfo.pvBuffer;
- CopyMemory(p, Buffers[0].pvBuffer, Buffers[0].cbBuffer); /* Message Signature */
- CopyMemory(&p[Buffers[0].cbBuffer], Buffers[1].pvBuffer, Buffers[1].cbBuffer); /* Encrypted TSCredentials */
-
- free(Buffers[0].pvBuffer);
- free(Buffers[1].pvBuffer);
-
return SEC_E_OK;
}
SECURITY_STATUS credssp_decrypt_ts_credentials(rdpCredssp* credssp)
{
- BYTE* p;
+ int length;
+ BYTE* buffer;
ULONG pfQOP;
SecBuffer Buffers[2];
SecBufferDesc Message;
@@ -942,21 +933,20 @@ SECURITY_STATUS credssp_decrypt_ts_credentials(rdpCredssp* credssp)
return SEC_E_INVALID_TOKEN;
}
- Buffers[0].cbBuffer = 16;
- Buffers[0].pvBuffer = malloc(Buffers[0].cbBuffer);
- CopyMemory(Buffers[0].pvBuffer, credssp->authInfo.pvBuffer, Buffers[0].cbBuffer);
+ length = credssp->authInfo.cbBuffer;
+ buffer = (BYTE*) malloc(length);
+ CopyMemory(buffer, credssp->authInfo.pvBuffer, length);
- Buffers[1].cbBuffer = credssp->authInfo.cbBuffer - Buffers[0].cbBuffer;
- Buffers[1].pvBuffer = malloc(Buffers[1].cbBuffer);
- p = (BYTE*) credssp->authInfo.pvBuffer;
- CopyMemory(Buffers[1].pvBuffer, &p[Buffers[0].cbBuffer], Buffers[1].cbBuffer);
+ Buffers[0].cbBuffer = credssp->ContextSizes.cbMaxSignature;
+ Buffers[0].pvBuffer = buffer;
+
+ Buffers[1].cbBuffer = length - credssp->ContextSizes.cbMaxSignature;
+ Buffers[1].pvBuffer = &buffer[credssp->ContextSizes.cbMaxSignature];
Message.cBuffers = 2;
Message.ulVersion = SECBUFFER_VERSION;
Message.pBuffers = (PSecBuffer) &Buffers;
- sspi_SecBufferAlloc(&credssp->authInfo, Buffers[0].cbBuffer + Buffers[1].cbBuffer);
-
status = credssp->table->DecryptMessage(&credssp->context, &Message, credssp->recv_seq_num++, &pfQOP);
if (status != SEC_E_OK)
@@ -964,8 +954,7 @@ SECURITY_STATUS credssp_decrypt_ts_credentials(rdpCredssp* credssp)
credssp_read_ts_credentials(credssp, &Buffers[1]);
- free(Buffers[0].pvBuffer);
- free(Buffers[1].pvBuffer);
+ free(buffer);
return SEC_E_OK;
}
diff --git a/winpr/sspi/NTLM/ntlm_av_pairs.c b/winpr/sspi/NTLM/ntlm_av_pairs.c
index 86c4575bd..29167fca6 100644
--- a/winpr/sspi/NTLM/ntlm_av_pairs.c
+++ b/winpr/sspi/NTLM/ntlm_av_pairs.c
@@ -22,6 +22,7 @@
#include <winpr/crt.h>
#include <winpr/print.h>
+#include <winpr/sysinfo.h>
#include "ntlm_compute.h"
@@ -327,39 +328,68 @@ void ntlm_populate_av_pairs(NTLM_CONTEXT* context)
* @param NTLM context
*/
-char* test_NbDomainName = "FREERDP";
-char* test_NbComputerName = "FREERDP";
-char* test_DnsDomainName = "FreeRDP";
-char* test_DnsComputerName = "FreeRDP";
-
void ntlm_populate_server_av_pairs(NTLM_CONTEXT* context)
{
int length;
- AV_PAIRS* av_pairs = context->av_pairs;
+ DWORD nSize;
+ AV_PAIRS* av_pairs;
+ char* NbDomainName;
+ char* NbComputerName;
+ char* DnsDomainName;
+ char* DnsComputerName;
- av_pairs->NbDomainName.length = strlen(test_NbDomainName) * 2;
+ av_pairs = context->av_pairs;
+
+ nSize = 0;
+ GetComputerNameExA(ComputerNameNetBIOS, NULL, &nSize);
+ NbDomainName = malloc(nSize);
+ GetComputerNameExA(ComputerNameNetBIOS, NbDomainName, &nSize);
+ CharUpperA(NbDomainName);
+
+ nSize = 0;
+ GetComputerNameExA(ComputerNameNetBIOS, NULL, &nSize);
+ NbComputerName = malloc(nSize);
+ GetComputerNameExA(ComputerNameNetBIOS, NbComputerName, &nSize);
+ CharUpperA(NbComputerName);
+
+ nSize = 0;
+ GetComputerNameExA(ComputerNameDnsDomain, NULL, &nSize);
+ DnsDomainName = malloc(nSize);
+ GetComputerNameExA(ComputerNameDnsDomain, DnsDomainName, &nSize);
+
+ nSize = 0;
+ GetComputerNameExA(ComputerNameDnsHostname, NULL, &nSize);
+ DnsComputerName = malloc(nSize);
+ GetComputerNameExA(ComputerNameDnsHostname, DnsComputerName, &nSize);
+
+ av_pairs->NbDomainName.length = strlen(NbDomainName) * 2;
av_pairs->NbDomainName.value = (BYTE*) malloc(av_pairs->NbDomainName.length);
- MultiByteToWideChar(CP_ACP, 0, test_NbDomainName, strlen(test_NbDomainName),
+ MultiByteToWideChar(CP_ACP, 0, NbDomainName, strlen(NbDomainName),
(LPWSTR) av_pairs->NbDomainName.value, av_pairs->NbDomainName.length / 2);
- av_pairs->NbComputerName.length = strlen(test_NbDomainName) * 2;
+ av_pairs->NbComputerName.length = strlen(NbDomainName) * 2;
av_pairs->NbComputerName.value = (BYTE*) malloc(av_pairs->NbComputerName.length);
- MultiByteToWideChar(CP_ACP, 0, test_NbComputerName, strlen(test_NbComputerName),
+ MultiByteToWideChar(CP_ACP, 0, NbComputerName, strlen(NbComputerName),
(LPWSTR) av_pairs->NbComputerName.value, av_pairs->NbComputerName.length / 2);
- av_pairs->DnsDomainName.length = strlen(test_DnsDomainName) * 2;
+ av_pairs->DnsDomainName.length = strlen(DnsDomainName) * 2;
av_pairs->DnsDomainName.value = (BYTE*) malloc(av_pairs->DnsDomainName.length);
- MultiByteToWideChar(CP_ACP, 0, test_DnsDomainName, strlen(test_DnsDomainName),
+ MultiByteToWideChar(CP_ACP, 0, DnsDomainName, strlen(DnsDomainName),
(LPWSTR) av_pairs->DnsDomainName.value, av_pairs->DnsDomainName.length / 2);
- av_pairs->DnsComputerName.length = strlen(test_DnsComputerName) * 2;
+ av_pairs->DnsComputerName.length = strlen(DnsComputerName) * 2;
av_pairs->DnsComputerName.value = (BYTE*) malloc(av_pairs->DnsComputerName.length);
- MultiByteToWideChar(CP_ACP, 0, test_DnsComputerName, strlen(test_DnsComputerName),
+ MultiByteToWideChar(CP_ACP, 0, DnsComputerName, strlen(DnsComputerName),
(LPWSTR) av_pairs->DnsComputerName.value, av_pairs->DnsComputerName.length / 2);
length = ntlm_compute_av_pairs_length(context) + 4;
sspi_SecBufferAlloc(&context->TargetInfo, length);
ntlm_output_av_pairs(context, &context->TargetInfo);
+
+ free(NbDomainName);
+ free(NbComputerName);
+ free(DnsDomainName);
+ free(DnsComputerName);
}
/**