From 3b87cc0c07d55e454ce6662c888af5646b5baf0f Mon Sep 17 00:00:00 2001 From: Martin Fleisz Date: Thu, 2 Jul 2015 18:50:49 +0200 Subject: [PATCH] Fixed server and client NLA state machine. When using NULL credentials (current context) the server state machine did not send back the required authentication token. On client side erroneous checks prevented sending the appropriate public key. --- libfreerdp/core/nla.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index 88192b916..815c4aeec 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -404,9 +404,10 @@ int nla_client_recv(rdpNla* nla) } nla_encrypt_public_key_echo(nla); - } - if (nla->outputBuffer.cbBuffer < 1) + + } + else if (nla->outputBuffer.cbBuffer < 1) return -1; nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer; @@ -422,7 +423,8 @@ int nla_client_recv(rdpNla* nla) } nla_buffer_free(nla); - nla->state = NLA_STATE_PUB_KEY_AUTH; + if (nla->status == SEC_E_OK) + nla->state = NLA_STATE_PUB_KEY_AUTH; status = 1; } else if (nla->state == NLA_STATE_PUB_KEY_AUTH) @@ -654,6 +656,21 @@ int nla_server_authenticate(rdpNla* nla) if (nla->status == SEC_E_OK) { + if (nla->outputBuffer.cbBuffer != 0) + { + if (!nla_send(nla)) + { + nla_buffer_free(nla); + return -1; + } + + if (nla_recv(nla) < 0) + return -1; + + WLog_DBG(TAG, "Receiving pubkey Token"); + nla_buffer_print(nla); + } + nla->havePubKeyAuth = TRUE; if (nla->table->QueryContextAttributes(&nla->context, SECPKG_ATTR_SIZES, &nla->ContextSizes) != SEC_E_OK)