mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check return values for SetCredentialsAttributes, throw warnings for unsupported attributes

Browse Source
This commit is contained in:
Marc-André Moreau 2022-09-30 11:23:21 -04:00 committed by David Fort
parent cd6fcaacb4
commit 479e891545
3 changed files with 33 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libfreerdp/core/nla.c
View File

@ -946,6 +946,7 @@ static BOOL nla_setup_kerberos(rdpNla* nla)
static BOOL nla_client_init_cred_handle(rdpNla* nla)
{
SECURITY_STATUS secStatus;
SEC_WINPR_KERBEROS_SETTINGS* kerbSettings;
WINPR_ASSERT(nla);
@ -962,16 +963,21 @@ static BOOL nla_client_init_cred_handle(rdpNla* nla)
if (!secAttr.KdcUrl)
return FALSE;
nla->table->SetCredentialsAttributesW(&nla->credentials, SECPKG_CRED_ATTR_KDC_URL,
(void*)&secAttr, sizeof(secAttr));
secStatus = nla->table->SetCredentialsAttributesW(
&nla->credentials, SECPKG_CRED_ATTR_KDC_URL, (void*)&secAttr, sizeof(secAttr));
free(secAttr.KdcUrl);
#else
SecPkgCredentials_KdcUrlA secAttr = { NULL };
secAttr.KdcUrl = kerbSettings->kdcUrl;
nla->table->SetCredentialsAttributesA(&nla->credentials, SECPKG_CRED_ATTR_KDC_URL,
(void*)&secAttr, sizeof(secAttr));
secStatus = nla->table->SetCredentialsAttributesA(
&nla->credentials, SECPKG_CRED_ATTR_KDC_URL, (void*)&secAttr, sizeof(secAttr));
#endif
if (secStatus != SEC_E_OK)
{
WLog_WARN(TAG, "Explicit Kerberos KDC URL (%s) injection is not supported",
kerbSettings->kdcUrl);
}
}
return TRUE;

3
winpr/libwinpr/sspi/Kerberos/kerberos.c
View File

@ -1294,8 +1294,7 @@ static SECURITY_STATUS SEC_ENTRY kerberos_SetCredentialsAttributesX(PCredHandle
}
}
WLog_WARN(TAG, "Kerberos SSPI module does not support KDC URL injection yet: %s",
credentials->kdc_url);
return SEC_E_UNSUPPORTED_FUNCTION;
}
return SEC_E_UNSUPPORTED_FUNCTION;

31
winpr/libwinpr/sspi/Negotiate/negotiate.c
View File

@ -1207,6 +1207,8 @@ static SECURITY_STATUS SEC_ENTRY negotiate_SetCredentialsAttributesW(PCredHandle
void* pBuffer, ULONG cbBuffer)
{
MechCred* creds;
BOOL success = FALSE;
SECURITY_STATUS secStatus;
creds = sspi_SecureHandleGetLowerPointer(phCredential);
@ -1217,18 +1219,21 @@ static SECURITY_STATUS SEC_ENTRY negotiate_SetCredentialsAttributesW(PCredHandle
{
MechCred* cred = &creds[i];
if (!cred->valid)
continue;
WINPR_ASSERT(cred->mech);
WINPR_ASSERT(cred->mech->pkg);
WINPR_ASSERT(cred->mech->pkg->table);
WINPR_ASSERT(cred->mech->pkg->table_w->SetCredentialsAttributesW);
cred->mech->pkg->table_w->SetCredentialsAttributesW(&cred->cred, ulAttribute, pBuffer,
cbBuffer);
secStatus = cred->mech->pkg->table_w->SetCredentialsAttributesW(&cred->cred, ulAttribute,
pBuffer, cbBuffer);
if (secStatus == SEC_E_OK)
{
success = TRUE;
}
}
return SEC_E_OK;
// return success if at least one submodule accepts the credential attribute
return (success ? SEC_E_OK : SEC_E_UNSUPPORTED_FUNCTION);
}
static SECURITY_STATUS SEC_ENTRY negotiate_SetCredentialsAttributesA(PCredHandle phCredential,
@ -1236,6 +1241,8 @@ static SECURITY_STATUS SEC_ENTRY negotiate_SetCredentialsAttributesA(PCredHandle
void* pBuffer, ULONG cbBuffer)
{
MechCred* creds;
BOOL success = FALSE;
SECURITY_STATUS secStatus;
creds = sspi_SecureHandleGetLowerPointer(phCredential);
@ -1253,11 +1260,17 @@ static SECURITY_STATUS SEC_ENTRY negotiate_SetCredentialsAttributesA(PCredHandle
WINPR_ASSERT(cred->mech->pkg);
WINPR_ASSERT(cred->mech->pkg->table);
WINPR_ASSERT(cred->mech->pkg->table->SetCredentialsAttributesA);
cred->mech->pkg->table->SetCredentialsAttributesA(&cred->cred, ulAttribute, pBuffer,
cbBuffer);
secStatus = cred->mech->pkg->table->SetCredentialsAttributesA(&cred->cred, ulAttribute,
pBuffer, cbBuffer);
if (secStatus == SEC_E_OK)
{
success = TRUE;
}
}
return SEC_E_OK;
// return success if at least one submodule accepts the credential attribute
return (success ? SEC_E_OK : SEC_E_UNSUPPORTED_FUNCTION);
}
static SECURITY_STATUS SEC_ENTRY negotiate_AcquireCredentialsHandleW(