libwinpr-sspi: remove dependency on unicode utils
This commit is contained in:
Marc-André Moreau
parent
5207d65c2a
commit
4b72bcd3d7
@ -84,13 +84,15 @@ void credssp_SetContextIdentity(rdpCredssp* context, char* user, char* domain, c
|
||||
|
||||
context->identity.UserLength = strlen(user) * 2;
|
||||
context->identity.User = (uint16*) malloc(context->identity.UserLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, user, strlen(user), (LPWSTR) context->identity.User, context->identity.UserLength / 2);
|
||||
MultiByteToWideChar(CP_ACP, 0, user, strlen(user),
|
||||
(LPWSTR) context->identity.User, context->identity.UserLength / 2);
|
||||
|
||||
if (domain)
|
||||
{
|
||||
context->identity.DomainLength = strlen(user) * 2;
|
||||
context->identity.DomainLength = strlen(domain) * 2;
|
||||
context->identity.Domain = (uint16*) malloc(context->identity.DomainLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, user, strlen(user), (LPWSTR) context->identity.Domain, context->identity.DomainLength / 2);
|
||||
MultiByteToWideChar(CP_ACP, 0, domain, strlen(domain),
|
||||
(LPWSTR) context->identity.Domain, context->identity.DomainLength / 2);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -100,7 +102,8 @@ void credssp_SetContextIdentity(rdpCredssp* context, char* user, char* domain, c
|
||||
|
||||
context->identity.PasswordLength = strlen(password) * 2;
|
||||
context->identity.Password = (uint16*) malloc(context->identity.PasswordLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, password, strlen(password), (LPWSTR) context->identity.Password, context->identity.PasswordLength / 2);
|
||||
MultiByteToWideChar(CP_ACP, 0, password, strlen(password),
|
||||
(LPWSTR) context->identity.Password, context->identity.PasswordLength / 2);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -37,6 +37,7 @@
|
||||
#include "kerberos_encode.h"
|
||||
#include "kerberos_decode.h"
|
||||
|
||||
#include <winpr/crt.h>
|
||||
#include <winpr/sspi.h>
|
||||
|
||||
#include <freerdp/utils/tcp.h>
|
||||
@ -301,8 +302,8 @@ void kerberos_ContextFree(KRB_CONTEXT* krb_ctx)
|
||||
free(krb_ctx->tgskey);
|
||||
}
|
||||
|
||||
krb_free_ticket(&(krb_ctx->asticket));
|
||||
krb_free_ticket(&(krb_ctx->tgsticket));
|
||||
kerberos_free_ticket(&(krb_ctx->asticket));
|
||||
kerberos_free_ticket(&(krb_ctx->tgsticket));
|
||||
krb_ctx->state = KRB_STATE_FINAL;
|
||||
}
|
||||
}
|
||||
@ -379,49 +380,54 @@ SECURITY_STATUS SEC_ENTRY kerberos_QueryCredentialsAttributesA(PCredHandle phCre
|
||||
|
||||
void krb_SetContextIdentity(KRB_CONTEXT* context, SEC_WINNT_AUTH_IDENTITY* identity)
|
||||
{
|
||||
size_t size;
|
||||
/* TEMPORARY workaround for utf8 TODO: UTF16 to utf8 */
|
||||
identity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
|
||||
context->identity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
|
||||
|
||||
if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
|
||||
{
|
||||
context->identity.User = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->User, &size);
|
||||
context->identity.UserLength = (uint32) size;
|
||||
context->identity.UserLength = strlen((char*) identity->User) * 2;
|
||||
context->identity.User = (UINT16*) malloc(context->identity.UserLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->User, strlen((char*) identity->User),
|
||||
(LPWSTR) context->identity.User, context->identity.UserLength / 2);
|
||||
|
||||
if (identity->DomainLength > 0)
|
||||
{
|
||||
context->identity.Domain = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Domain, &size);
|
||||
context->identity.DomainLength = (uint32) size;
|
||||
context->identity.DomainLength = strlen((char*) identity->Domain) * 2;
|
||||
context->identity.Domain = (UINT16*) malloc(context->identity.DomainLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->Domain, strlen((char*) identity->Domain),
|
||||
(LPWSTR) context->identity.Domain, context->identity.DomainLength / 2);
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.Domain = (uint16*) NULL;
|
||||
context->identity.Domain = (UINT16*) NULL;
|
||||
context->identity.DomainLength = 0;
|
||||
}
|
||||
|
||||
context->identity.Password = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Password, &size);
|
||||
context->identity.PasswordLength = (uint32) size;
|
||||
context->identity.PasswordLength = strlen((char*) identity->Password) * 2;
|
||||
context->identity.Password = (UINT16*) malloc(context->identity.PasswordLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->Password, strlen((char*) identity->Password),
|
||||
(LPWSTR) context->identity.Password, context->identity.PasswordLength / 2);
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.User = (uint16*) xzalloc(identity->UserLength + 1);
|
||||
context->identity.User = (UINT16*) malloc(identity->UserLength);
|
||||
memcpy(context->identity.User, identity->User, identity->UserLength);
|
||||
context->identity.UserLength = identity->UserLength;
|
||||
|
||||
if (identity->DomainLength > 0)
|
||||
{
|
||||
context->identity.Domain = (uint16*) malloc(identity->DomainLength);
|
||||
context->identity.Domain = (UINT16*) malloc(identity->DomainLength);
|
||||
memcpy(context->identity.Domain, identity->Domain, identity->DomainLength);
|
||||
context->identity.DomainLength = identity->DomainLength;
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.Domain = (uint16*) NULL;
|
||||
context->identity.Domain = (UINT16*) NULL;
|
||||
context->identity.DomainLength = 0;
|
||||
}
|
||||
|
||||
context->identity.Password = (uint16*) xzalloc(identity->PasswordLength + 1);
|
||||
context->identity.Password = (UINT16*) malloc(identity->PasswordLength);
|
||||
memcpy(context->identity.Password, identity->Password, identity->PasswordLength);
|
||||
identity->Flags = SEC_WINNT_AUTH_IDENTITY_ANSI;
|
||||
context->identity.PasswordLength = identity->PasswordLength;
|
||||
}
|
||||
}
|
||||
|
||||
@ -518,7 +524,11 @@ PCtxtHandle krbctx_client_init(rdpSettings* settings, SEC_WINNT_AUTH_IDENTITY* i
|
||||
krb_ctx->realm = xstrtoup(settings->kerberos_realm);
|
||||
krb_ctx->cname = xstrdup((char*)krb_ctx->identity.User);
|
||||
krb_ctx->settings = settings;
|
||||
krb_ctx->passwd.data = freerdp_uniconv_out(krb_ctx->uniconv, (char*) krb_ctx->identity.Password, (size_t*) &(krb_ctx->passwd.length));
|
||||
|
||||
krb_ctx->passwd.length = strlen((char*) krb_ctx->identity.Password) * 2;
|
||||
krb_ctx->passwd.data = (uint16*) malloc(krb_ctx->passwd.length);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) krb_ctx->identity.Password, strlen((char*) krb_ctx->identity.Password),
|
||||
(LPWSTR) krb_ctx->passwd.data, krb_ctx->passwd.length / 2);
|
||||
|
||||
fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT |
|
||||
ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE;
|
||||
@ -643,7 +653,7 @@ void krb_asreq_send(KRB_CONTEXT* krb_ctx, uint8 errcode)
|
||||
freerdp_blob_free(&msg);
|
||||
stream_free(s);
|
||||
stream_free(paenc);
|
||||
krb_free_asreq(krb_asreq);
|
||||
kerberos_free_asreq(krb_asreq);
|
||||
free(krb_asreq);
|
||||
}
|
||||
|
||||
@ -731,7 +741,7 @@ int krb_asrep_recv(KRB_CONTEXT* krb_ctx)
|
||||
krb_ctx->state = KRB_PACKET_ERROR;
|
||||
|
||||
/* clean up */
|
||||
krb_free_asrep(krb_asrep);
|
||||
kerberos_free_asrep(krb_asrep);
|
||||
free(krb_asrep);
|
||||
goto finish;
|
||||
}
|
||||
@ -820,7 +830,7 @@ void krb_tgsreq_send(KRB_CONTEXT* krb_ctx, uint8 errcode)
|
||||
freerdp_blob_free(krb_auth->cksum);
|
||||
free(krb_auth->cksum);
|
||||
free(krb_auth);
|
||||
krb_free_tgsreq(krb_tgsreq);
|
||||
kerberos_free_tgsreq(krb_tgsreq);
|
||||
free(krb_tgsreq);
|
||||
stream_free(sapreq);
|
||||
stream_free(s);
|
||||
@ -866,7 +876,7 @@ int krb_tgsrep_recv(KRB_CONTEXT* krb_ctx)
|
||||
krb_ctx->state = KRB_PACKET_ERROR;
|
||||
|
||||
/* clean up */
|
||||
krb_free_tgsrep(krb_tgsrep);
|
||||
kerberos_free_tgsrep(krb_tgsrep);
|
||||
free(krb_tgsrep);
|
||||
goto finish;
|
||||
}
|
||||
@ -923,7 +933,7 @@ int krb_verify_kdcrep(KRB_CONTEXT* krb_ctx, KrbKDCREP* kdc_rep, int msgtype)
|
||||
/* Verify KDC-REP-PART */
|
||||
if(reppart->nonce != krb_ctx->nonce || strcasecmp(reppart->realm, krb_ctx->realm) || strcasecmp(reppart->sname, krb_ctx->sname))
|
||||
{
|
||||
krb_free_reppart(reppart);
|
||||
kerberos_free_reppart(reppart);
|
||||
free(reppart);
|
||||
krb_ctx->state = KRB_PACKET_ERROR;
|
||||
return -1;
|
||||
@ -934,7 +944,7 @@ int krb_verify_kdcrep(KRB_CONTEXT* krb_ctx, KrbKDCREP* kdc_rep, int msgtype)
|
||||
krb_save_ticket(krb_ctx, kdc_rep);
|
||||
freerdp_blob_copy(&(key->skey), &(reppart->key.skey));
|
||||
key->enctype = reppart->key.enctype;
|
||||
krb_free_reppart(reppart);
|
||||
kerberos_free_reppart(reppart);
|
||||
free(reppart);
|
||||
return 0;
|
||||
}
|
||||
@ -1070,7 +1080,7 @@ KrbTGSREQ* krb_tgsreq_new(KRB_CONTEXT* krb_ctx, uint8 errcode)
|
||||
return krb_tgsreq;
|
||||
}
|
||||
|
||||
void krb_free_ticket(Ticket* ticket)
|
||||
void kerberos_free_ticket(Ticket* ticket)
|
||||
{
|
||||
if (ticket != NULL)
|
||||
{
|
||||
@ -1081,7 +1091,7 @@ void krb_free_ticket(Ticket* ticket)
|
||||
}
|
||||
}
|
||||
|
||||
void krb_free_padata(PAData** padata)
|
||||
void kerberos_free_padata(PAData** padata)
|
||||
{
|
||||
PAData** lpa_data;
|
||||
lpa_data = padata;
|
||||
@ -1095,20 +1105,20 @@ void krb_free_padata(PAData** padata)
|
||||
}
|
||||
}
|
||||
|
||||
void krb_free_kdcrep(KrbKDCREP* kdc_rep)
|
||||
void kerberos_free_kdcrep(KrbKDCREP* kdc_rep)
|
||||
{
|
||||
if(kdc_rep != NULL)
|
||||
{
|
||||
krb_free_padata(kdc_rep->padata);
|
||||
kerberos_free_padata(kdc_rep->padata);
|
||||
free(kdc_rep->cname);
|
||||
free(kdc_rep->realm);
|
||||
krb_free_ticket(&(kdc_rep->etgt));
|
||||
kerberos_free_ticket(&(kdc_rep->etgt));
|
||||
freerdp_blob_free(&(kdc_rep->enc_part.encblob));
|
||||
kdc_rep->enc_part.encblob.data = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
void krb_free_reppart(ENCKDCREPPart* reppart)
|
||||
void kerberos_free_reppart(ENCKDCREPPart* reppart)
|
||||
{
|
||||
if(reppart != NULL)
|
||||
{
|
||||
@ -1118,7 +1128,7 @@ void krb_free_reppart(ENCKDCREPPart* reppart)
|
||||
}
|
||||
}
|
||||
|
||||
void krb_free_req_body(KDCReqBody* req_body)
|
||||
void kerberos_free_req_body(KDCReqBody* req_body)
|
||||
{
|
||||
if(req_body != NULL)
|
||||
{
|
||||
@ -1131,37 +1141,37 @@ void krb_free_req_body(KDCReqBody* req_body)
|
||||
}
|
||||
}
|
||||
|
||||
void krb_free_asreq(KrbASREQ* krb_asreq)
|
||||
void kerberos_free_asreq(KrbASREQ* krb_asreq)
|
||||
{
|
||||
if(krb_asreq != NULL)
|
||||
{
|
||||
krb_free_padata(krb_asreq->padata);
|
||||
krb_free_req_body(&(krb_asreq->req_body));
|
||||
kerberos_free_padata(krb_asreq->padata);
|
||||
kerberos_free_req_body(&(krb_asreq->req_body));
|
||||
}
|
||||
}
|
||||
|
||||
void krb_free_asrep(KrbASREP* krb_asrep)
|
||||
void kerberos_free_asrep(KrbASREP* krb_asrep)
|
||||
{
|
||||
if(krb_asrep != NULL)
|
||||
{
|
||||
krb_free_kdcrep(&(krb_asrep->kdc_rep));
|
||||
kerberos_free_kdcrep(&(krb_asrep->kdc_rep));
|
||||
}
|
||||
}
|
||||
|
||||
void krb_free_tgsreq(KrbTGSREQ* krb_tgsreq)
|
||||
void kerberos_free_tgsreq(KrbTGSREQ* krb_tgsreq)
|
||||
{
|
||||
if(krb_tgsreq != NULL)
|
||||
{
|
||||
krb_free_padata(krb_tgsreq->padata);
|
||||
krb_free_req_body(&(krb_tgsreq->req_body));
|
||||
kerberos_free_padata(krb_tgsreq->padata);
|
||||
kerberos_free_req_body(&(krb_tgsreq->req_body));
|
||||
}
|
||||
}
|
||||
|
||||
void krb_free_tgsrep(KrbTGSREP* krb_tgsrep)
|
||||
void kerberos_free_tgsrep(KrbTGSREP* krb_tgsrep)
|
||||
{
|
||||
if (krb_tgsrep != NULL)
|
||||
{
|
||||
krb_free_kdcrep(&(krb_tgsrep->kdc_rep));
|
||||
kerberos_free_kdcrep(&(krb_tgsrep->kdc_rep));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -40,13 +40,13 @@
|
||||
#include <freerdp/utils/stream.h>
|
||||
#include <freerdp/utils/blob.h>
|
||||
|
||||
#define MSKRB_OID "1.2.840.48018.1.2.2"
|
||||
#define STDKRB_OID "1.2.840.113554.1.2.2"
|
||||
#define MSKRB_OID "1.2.840.48018.1.2.2"
|
||||
#define STDKRB_OID "1.2.840.113554.1.2.2"
|
||||
|
||||
#define SERVICE "_kerberos."
|
||||
#define KRB_VERSION 5
|
||||
#define KRB_SERVER "krbtgt/"
|
||||
#define APP_SERVER "TERMSRV/"
|
||||
#define SERVICE "_kerberos."
|
||||
#define KRB_VERSION 5
|
||||
#define KRB_SERVER "krbtgt/"
|
||||
#define APP_SERVER "TERMSRV/"
|
||||
|
||||
#define KRB_NAME_PRINCIPAL 1
|
||||
#define KRB_NAME_SERVICE 2
|
||||
@ -59,17 +59,17 @@
|
||||
#define KRB_TAG_APREQ 14
|
||||
#define KRB_TAG_APREP 15
|
||||
#define KRB_TAG_ERROR 30
|
||||
#define KRB_TAG_U2UTGTREQ 16
|
||||
#define KRB_TAG_U2UTGTREP 16
|
||||
#define KRB_TAG_U2UTGTREQ 16
|
||||
#define KRB_TAG_U2UTGTREP 16
|
||||
|
||||
#define NAME_TYPE_PRINCIPAL 1
|
||||
#define NAME_TYPE_SERVICE 2
|
||||
|
||||
/* KRB ERROR */
|
||||
#define KDC_ERR_PREAUTH_FAILED 24
|
||||
#define KDC_ERR_PREAUTH_FAILED 24
|
||||
#define KDC_ERR_PREAUTH_REQ 25
|
||||
#define KRB_AP_ERR_SKEW 37
|
||||
#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6
|
||||
#define KDC_ERR_C_PRINCIPAL_UNKNOWN 6
|
||||
|
||||
#define PA_ENCTYPE_INFO 11
|
||||
#define PA_ENCTYPE_INFO2 19
|
||||
@ -77,12 +77,12 @@
|
||||
/* ENCRYPTION TYPE */
|
||||
#define ETYPE_DES_CBC_CRC 1
|
||||
#define ETYPE_DES_CBC_MD5 3
|
||||
#define ETYPE_AES128_CTS_HMAC 17
|
||||
#define ETYPE_AES256_CTS_HMAC 18
|
||||
#define ETYPE_AES128_CTS_HMAC 17
|
||||
#define ETYPE_AES256_CTS_HMAC 18
|
||||
#define ETYPE_RC4_HMAC 23
|
||||
|
||||
/* CHECKSUM TYPE */
|
||||
#define KRB_CKSUM_HMAC_MD5 -138
|
||||
#define KRB_CKSUM_HMAC_MD5 -138
|
||||
|
||||
/* AD TYPE */
|
||||
#define AD_IF_RELEVANT 1
|
||||
@ -214,7 +214,7 @@ struct _KRB_AS_REQ
|
||||
{
|
||||
int pvno;
|
||||
int type;
|
||||
boolean pa_pac_request;
|
||||
boolean pa_pac_request;
|
||||
PAData** padata;
|
||||
KDCReqBody req_body;
|
||||
};
|
||||
@ -224,7 +224,7 @@ struct _KRB_TGS_REQ
|
||||
{
|
||||
int pvno;
|
||||
int type;
|
||||
boolean pa_pac_request;
|
||||
boolean pa_pac_request;
|
||||
PAData** padata;
|
||||
KDCReqBody req_body;
|
||||
};
|
||||
@ -293,7 +293,6 @@ struct _KRB_CONTEXT
|
||||
char* realm;
|
||||
char* sname;
|
||||
char* hostname;
|
||||
SEC_WINNT_AUTH_IDENTITY identity;
|
||||
rdpBlob passwd;
|
||||
sint32 enctype;
|
||||
time_t clockskew;
|
||||
@ -305,6 +304,7 @@ struct _KRB_CONTEXT
|
||||
KrbENCKey* tgskey;
|
||||
KRBCTX_STATE state;
|
||||
CtxtHandle context;
|
||||
SEC_WINNT_AUTH_IDENTITY identity;
|
||||
};
|
||||
typedef struct _KRB_CONTEXT KRB_CONTEXT;
|
||||
|
||||
@ -335,16 +335,16 @@ KrbASREQ* krb_asreq_new(KRB_CONTEXT* krb_ctx, uint8 errcode);
|
||||
KrbTGSREQ* krb_tgsreq_new(KRB_CONTEXT* krb_Rss, uint8 errcode);
|
||||
KrbAPREQ* krb_apreq_new(KRB_CONTEXT* krb_ctx, Ticket* ticket, Authenticator* krb_auth);
|
||||
|
||||
void krb_ContextFree(KRB_CONTEXT* krb_ctx);
|
||||
void krb_free_ticket(Ticket* ticket);
|
||||
void krb_free_padata(PAData** padata);
|
||||
void krb_free_req_body(KDCReqBody* req_body);
|
||||
void krb_free_kdcrep(KrbKDCREP* kdc_rep);
|
||||
void krb_free_reppart(ENCKDCREPPart* reppart);
|
||||
void krb_free_asreq(KrbASREQ* krb_asreq);
|
||||
void krb_free_asrep(KrbASREP* krb_asrep);
|
||||
void krb_free_tgsreq(KrbTGSREQ* krb_tgsreq);
|
||||
void krb_free_tgsrep(KrbTGSREP* krb_tgsrep);
|
||||
void kerberos_ContextFree(KRB_CONTEXT* krb_ctx);
|
||||
void kerberos_free_ticket(Ticket* ticket);
|
||||
void kerberos_free_padata(PAData** padata);
|
||||
void kerberos_free_req_body(KDCReqBody* req_body);
|
||||
void kerberos_free_kdcrep(KrbKDCREP* kdc_rep);
|
||||
void kerberos_free_reppart(ENCKDCREPPart* reppart);
|
||||
void kerberos_free_asreq(KrbASREQ* krb_asreq);
|
||||
void kerberos_free_asrep(KrbASREP* krb_asrep);
|
||||
void kerberos_free_tgsreq(KrbTGSREQ* krb_tgsreq);
|
||||
void kerberos_free_tgsrep(KrbTGSREP* krb_tgsrep);
|
||||
void krb_free_krb_error(KrbERROR* krb_err);
|
||||
|
||||
#endif /* FREERDP_SSPI_KERBEROS_PRIVATE_H */
|
||||
#endif /* WINPR_SSPI_KERBEROS_PRIVATE_H */
|
||||
|
||||
@ -493,7 +493,7 @@ int krb_decode_ticket(STREAM* s, uint8 tag, Ticket* ticket)
|
||||
|
||||
err:
|
||||
stream_set_mark(s, bm);
|
||||
krb_free_ticket(ticket);
|
||||
kerberos_free_ticket(ticket);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -571,7 +571,7 @@ int krb_decode_kdc_rep(STREAM* s, KrbKDCREP* kdc_rep, sint32 maxlen)
|
||||
return totlen;
|
||||
|
||||
err:
|
||||
krb_free_kdcrep(kdc_rep);
|
||||
kerberos_free_kdcrep(kdc_rep);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -785,7 +785,7 @@ ENCKDCREPPart* krb_decode_enc_reppart(rdpBlob* msg, uint8 apptag)
|
||||
stream_free(s) ;
|
||||
return reppart;
|
||||
err:
|
||||
krb_free_reppart(reppart);
|
||||
kerberos_free_reppart(reppart);
|
||||
xfree(reppart);
|
||||
stream_detach(s) ;
|
||||
stream_free(s) ;
|
||||
|
||||
@ -36,47 +36,52 @@ char* NTLM_PACKAGE_NAME = "NTLM";
|
||||
|
||||
void ntlm_SetContextIdentity(NTLM_CONTEXT* context, SEC_WINNT_AUTH_IDENTITY* identity)
|
||||
{
|
||||
size_t size;
|
||||
context->identity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
|
||||
|
||||
if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
|
||||
{
|
||||
context->identity.User = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->User, &size);
|
||||
context->identity.UserLength = (uint32) size;
|
||||
context->identity.UserLength = strlen((char*) identity->User) * 2;
|
||||
context->identity.User = (UINT16*) malloc(context->identity.UserLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->User, strlen((char*) identity->User),
|
||||
(LPWSTR) context->identity.User, context->identity.UserLength / 2);
|
||||
|
||||
if (identity->DomainLength > 0)
|
||||
{
|
||||
context->identity.Domain = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Domain, &size);
|
||||
context->identity.DomainLength = (uint32) size;
|
||||
context->identity.DomainLength = strlen((char*) identity->Domain) * 2;
|
||||
context->identity.Domain = (UINT16*) malloc(context->identity.DomainLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->Domain, strlen((char*) identity->Domain),
|
||||
(LPWSTR) context->identity.Domain, context->identity.DomainLength / 2);
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.Domain = (uint16*) NULL;
|
||||
context->identity.Domain = (UINT16*) NULL;
|
||||
context->identity.DomainLength = 0;
|
||||
}
|
||||
|
||||
context->identity.Password = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Password, &size);
|
||||
context->identity.PasswordLength = (uint32) size;
|
||||
context->identity.PasswordLength = strlen((char*) identity->Password) * 2;
|
||||
context->identity.Password = (UINT16*) malloc(context->identity.PasswordLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->Password, strlen((char*) identity->Password),
|
||||
(LPWSTR) context->identity.Password, context->identity.PasswordLength / 2);
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.User = (uint16*) malloc(identity->UserLength);
|
||||
context->identity.User = (UINT16*) malloc(identity->UserLength);
|
||||
memcpy(context->identity.User, identity->User, identity->UserLength);
|
||||
context->identity.UserLength = identity->UserLength;
|
||||
|
||||
if (identity->DomainLength > 0)
|
||||
{
|
||||
context->identity.Domain = (uint16*) malloc(identity->DomainLength);
|
||||
context->identity.Domain = (UINT16*) malloc(identity->DomainLength);
|
||||
memcpy(context->identity.Domain, identity->Domain, identity->DomainLength);
|
||||
context->identity.DomainLength = identity->DomainLength;
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.Domain = (uint16*) NULL;
|
||||
context->identity.Domain = (UINT16*) NULL;
|
||||
context->identity.DomainLength = 0;
|
||||
}
|
||||
|
||||
context->identity.Password = (uint16*) malloc(identity->PasswordLength);
|
||||
context->identity.Password = (UINT16*) malloc(identity->PasswordLength);
|
||||
memcpy(context->identity.Password, identity->Password, identity->PasswordLength);
|
||||
context->identity.PasswordLength = identity->PasswordLength;
|
||||
}
|
||||
@ -84,16 +89,18 @@ void ntlm_SetContextIdentity(NTLM_CONTEXT* context, SEC_WINNT_AUTH_IDENTITY* ide
|
||||
|
||||
void ntlm_SetContextWorkstation(NTLM_CONTEXT* context, char* Workstation)
|
||||
{
|
||||
size_t size;
|
||||
context->Workstation = (uint16*) freerdp_uniconv_out(context->uniconv, Workstation, &size);
|
||||
context->WorkstationLength = (uint32) size;
|
||||
context->WorkstationLength = strlen(Workstation) * 2;
|
||||
context->Workstation = (UINT16*) malloc(context->WorkstationLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, Workstation, strlen(Workstation),
|
||||
(LPWSTR) context->Workstation, context->WorkstationLength / 2);
|
||||
}
|
||||
|
||||
void ntlm_SetContextTargetName(NTLM_CONTEXT* context, char* TargetName)
|
||||
{
|
||||
size_t size;
|
||||
context->TargetName.pvBuffer = (uint16*) freerdp_uniconv_out(context->uniconv, TargetName, &size);
|
||||
context->TargetName.cbBuffer = (uint32) size;
|
||||
context->TargetName.cbBuffer = strlen(TargetName) * 2;
|
||||
context->TargetName.pvBuffer = (void*) malloc(context->TargetName.cbBuffer);
|
||||
MultiByteToWideChar(CP_ACP, 0, TargetName, strlen(TargetName),
|
||||
(LPWSTR) context->TargetName.pvBuffer, context->TargetName.cbBuffer / 2);
|
||||
}
|
||||
|
||||
NTLM_CONTEXT* ntlm_ContextNew()
|
||||
@ -107,7 +114,6 @@ NTLM_CONTEXT* ntlm_ContextNew()
|
||||
context->ntlm_v2 = false;
|
||||
context->NegotiateFlags = 0;
|
||||
context->state = NTLM_STATE_INITIAL;
|
||||
context->uniconv = freerdp_uniconv_new();
|
||||
context->av_pairs = (AV_PAIRS*) xzalloc(sizeof(AV_PAIRS));
|
||||
}
|
||||
|
||||
@ -119,7 +125,6 @@ void ntlm_ContextFree(NTLM_CONTEXT* context)
|
||||
if (!context)
|
||||
return;
|
||||
|
||||
freerdp_uniconv_free(context->uniconv);
|
||||
crypto_rc4_free(context->SendRc4Seal);
|
||||
crypto_rc4_free(context->RecvRc4Seal);
|
||||
sspi_SecBufferFree(&context->NegotiateMessage);
|
||||
@ -129,6 +134,7 @@ void ntlm_ContextFree(NTLM_CONTEXT* context)
|
||||
sspi_SecBufferFree(&context->TargetName);
|
||||
sspi_SecBufferFree(&context->NtChallengeResponse);
|
||||
sspi_SecBufferFree(&context->LmChallengeResponse);
|
||||
|
||||
free(context->identity.User);
|
||||
free(context->identity.Password);
|
||||
free(context->identity.Domain);
|
||||
@ -590,7 +596,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, ULONG fQOP,
|
||||
/* RC4-encrypt first 8 bytes of digest */
|
||||
crypto_rc4(context->SendRc4Seal, 8, digest, checksum);
|
||||
|
||||
signature = (uint8*) signature_buffer->pvBuffer;
|
||||
signature = (BYTE*) signature_buffer->pvBuffer;
|
||||
|
||||
/* Concatenate version, ciphertext and sequence number to build signature */
|
||||
memcpy(signature, (void*) &version, 4);
|
||||
@ -613,11 +619,11 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
|
||||
int length;
|
||||
void* data;
|
||||
HMAC_CTX hmac;
|
||||
uint8 digest[16];
|
||||
uint8 checksum[8];
|
||||
uint32 version = 1;
|
||||
BYTE digest[16];
|
||||
BYTE checksum[8];
|
||||
UINT32 version = 1;
|
||||
NTLM_CONTEXT* context;
|
||||
uint8 expected_signature[16];
|
||||
BYTE expected_signature[16];
|
||||
PSecBuffer data_buffer = NULL;
|
||||
PSecBuffer signature_buffer = NULL;
|
||||
|
||||
|
||||
@ -39,8 +39,8 @@ typedef enum _NTLM_STATE NTLM_STATE;
|
||||
|
||||
struct _AV_PAIR
|
||||
{
|
||||
uint16 length;
|
||||
uint8* value;
|
||||
UINT16 length;
|
||||
BYTE* value;
|
||||
};
|
||||
typedef struct _AV_PAIR AV_PAIR;
|
||||
|
||||
@ -55,7 +55,7 @@ struct _AV_PAIRS
|
||||
AV_PAIR Restrictions;
|
||||
AV_PAIR TargetName;
|
||||
AV_PAIR ChannelBindings;
|
||||
uint32 Flags;
|
||||
UINT32 Flags;
|
||||
};
|
||||
typedef struct _AV_PAIRS AV_PAIRS;
|
||||
|
||||
@ -80,20 +80,19 @@ struct _NTLM_CONTEXT
|
||||
boolean server;
|
||||
boolean ntlm_v2;
|
||||
NTLM_STATE state;
|
||||
UNICONV* uniconv;
|
||||
int SendSeqNum;
|
||||
int RecvSeqNum;
|
||||
boolean confidentiality;
|
||||
CryptoRc4 SendRc4Seal;
|
||||
CryptoRc4 RecvRc4Seal;
|
||||
uint8* SendSigningKey;
|
||||
uint8* RecvSigningKey;
|
||||
uint8* SendSealingKey;
|
||||
uint8* RecvSealingKey;
|
||||
BYTE* SendSigningKey;
|
||||
BYTE* RecvSigningKey;
|
||||
BYTE* SendSealingKey;
|
||||
BYTE* RecvSealingKey;
|
||||
AV_PAIRS* av_pairs;
|
||||
uint32 NegotiateFlags;
|
||||
uint16* Workstation;
|
||||
uint32 WorkstationLength;
|
||||
UINT32 NegotiateFlags;
|
||||
UINT16* Workstation;
|
||||
UINT32 WorkstationLength;
|
||||
SEC_WINNT_AUTH_IDENTITY identity;
|
||||
SecBuffer NegotiateMessage;
|
||||
SecBuffer ChallengeMessage;
|
||||
@ -102,19 +101,19 @@ struct _NTLM_CONTEXT
|
||||
SecBuffer TargetName;
|
||||
SecBuffer NtChallengeResponse;
|
||||
SecBuffer LmChallengeResponse;
|
||||
uint8 Timestamp[8];
|
||||
uint8 ServerChallenge[8];
|
||||
uint8 ClientChallenge[8];
|
||||
uint8 SessionBaseKey[16];
|
||||
uint8 KeyExchangeKey[16];
|
||||
uint8 RandomSessionKey[16];
|
||||
uint8 ExportedSessionKey[16];
|
||||
uint8 EncryptedRandomSessionKey[16];
|
||||
uint8 ClientSigningKey[16];
|
||||
uint8 ClientSealingKey[16];
|
||||
uint8 ServerSigningKey[16];
|
||||
uint8 ServerSealingKey[16];
|
||||
uint8 MessageIntegrityCheck[16];
|
||||
BYTE Timestamp[8];
|
||||
BYTE ServerChallenge[8];
|
||||
BYTE ClientChallenge[8];
|
||||
BYTE SessionBaseKey[16];
|
||||
BYTE KeyExchangeKey[16];
|
||||
BYTE RandomSessionKey[16];
|
||||
BYTE ExportedSessionKey[16];
|
||||
BYTE EncryptedRandomSessionKey[16];
|
||||
BYTE ClientSigningKey[16];
|
||||
BYTE ClientSealingKey[16];
|
||||
BYTE ServerSigningKey[16];
|
||||
BYTE ServerSealingKey[16];
|
||||
BYTE MessageIntegrityCheck[16];
|
||||
};
|
||||
typedef struct _NTLM_CONTEXT NTLM_CONTEXT;
|
||||
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
#include "ntlm.h"
|
||||
#include "../sspi.h"
|
||||
|
||||
#include <winpr/crt.h>
|
||||
#include <freerdp/utils/stream.h>
|
||||
#include <freerdp/utils/hexdump.h>
|
||||
|
||||
@ -336,20 +337,27 @@ char* test_DnsComputerName = "FreeRDP";
|
||||
void ntlm_populate_server_av_pairs(NTLM_CONTEXT* context)
|
||||
{
|
||||
int length;
|
||||
size_t size;
|
||||
AV_PAIRS* av_pairs = context->av_pairs;
|
||||
|
||||
av_pairs->NbDomainName.value = (uint8*) freerdp_uniconv_out(context->uniconv, test_NbDomainName, &size);
|
||||
av_pairs->NbDomainName.length = (uint16) size;
|
||||
av_pairs->NbDomainName.length = strlen(test_NbDomainName) * 2;
|
||||
av_pairs->NbDomainName.value = (uint8*) malloc(av_pairs->NbDomainName.length);
|
||||
MultiByteToWideChar(CP_ACP, 0, test_NbDomainName, strlen(test_NbDomainName),
|
||||
(LPWSTR) av_pairs->NbDomainName.value, av_pairs->NbDomainName.length / 2);
|
||||
|
||||
av_pairs->NbComputerName.value = (uint8*) freerdp_uniconv_out(context->uniconv, test_NbComputerName, &size);
|
||||
av_pairs->NbComputerName.length = (uint16) size;
|
||||
av_pairs->NbComputerName.length = strlen(test_NbDomainName) * 2;
|
||||
av_pairs->NbComputerName.value = (uint8*) malloc(av_pairs->NbComputerName.length);
|
||||
MultiByteToWideChar(CP_ACP, 0, test_NbComputerName, strlen(test_NbComputerName),
|
||||
(LPWSTR) av_pairs->NbComputerName.value, av_pairs->NbComputerName.length / 2);
|
||||
|
||||
av_pairs->DnsDomainName.value = (uint8*) freerdp_uniconv_out(context->uniconv, test_DnsDomainName, &size);
|
||||
av_pairs->DnsDomainName.length = (uint16) size;
|
||||
av_pairs->DnsDomainName.length = strlen(test_DnsDomainName) * 2;
|
||||
av_pairs->DnsDomainName.value = (uint8*) malloc(av_pairs->DnsDomainName.length);
|
||||
MultiByteToWideChar(CP_ACP, 0, test_DnsDomainName, strlen(test_DnsDomainName),
|
||||
(LPWSTR) av_pairs->DnsDomainName.value, av_pairs->DnsDomainName.length / 2);
|
||||
|
||||
av_pairs->DnsComputerName.value = (uint8*) freerdp_uniconv_out(context->uniconv, test_DnsComputerName, &size);
|
||||
av_pairs->DnsComputerName.length = (uint16) size;
|
||||
av_pairs->DnsComputerName.length = strlen(test_DnsComputerName) * 2;
|
||||
av_pairs->DnsComputerName.value = (uint8*) malloc(av_pairs->DnsComputerName.length);
|
||||
MultiByteToWideChar(CP_ACP, 0, test_DnsComputerName, strlen(test_DnsComputerName),
|
||||
(LPWSTR) av_pairs->DnsComputerName.value, av_pairs->DnsComputerName.length / 2);
|
||||
|
||||
length = ntlm_compute_av_pairs_length(context) + 4;
|
||||
sspi_SecBufferAlloc(&context->TargetInfo, length);
|
||||
|
||||
@ -219,7 +219,6 @@ void ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash)
|
||||
char* data;
|
||||
char* line;
|
||||
int length;
|
||||
size_t size;
|
||||
char* db_user;
|
||||
char* db_hash;
|
||||
uint16* User;
|
||||
@ -262,8 +261,10 @@ void ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash)
|
||||
db_user = line;
|
||||
db_hash = &line[length + 1];
|
||||
|
||||
User = (uint16*) freerdp_uniconv_out(context->uniconv, db_user, &size);
|
||||
UserLength = (uint32) size;
|
||||
UserLength = strlen(db_user) * 2;
|
||||
User = (uint16*) malloc(UserLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, db_user, strlen(db_user),
|
||||
(LPWSTR) User, UserLength / 2);
|
||||
|
||||
if (UserLength == context->identity.UserLength)
|
||||
{
|
||||
@ -300,7 +301,7 @@ void ntlm_compute_ntlm_v2_hash(NTLM_CONTEXT* context, char* hash)
|
||||
|
||||
/* Concatenate(Uppercase(username),domain)*/
|
||||
memcpy(p, context->identity.User, context->identity.UserLength);
|
||||
freerdp_uniconv_uppercase(context->uniconv, p, context->identity.UserLength / 2);
|
||||
CharUpperBuffW(p, context->identity.UserLength / 2);
|
||||
|
||||
memcpy(&p[context->identity.UserLength], context->identity.Domain, context->identity.DomainLength);
|
||||
|
||||
|
||||
@ -48,46 +48,54 @@ const SecPkgInfoW NEGOTIATE_SecPkgInfoW =
|
||||
|
||||
void negotiate_SetContextIdentity(NEGOTIATE_CONTEXT* context, SEC_WINNT_AUTH_IDENTITY* identity)
|
||||
{
|
||||
size_t size;
|
||||
context->identity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
|
||||
|
||||
if (identity->Flags == SEC_WINNT_AUTH_IDENTITY_ANSI)
|
||||
{
|
||||
context->identity.User = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->User, &size);
|
||||
context->identity.UserLength = (uint32) size;
|
||||
context->identity.UserLength = strlen((char*) identity->User) * 2;
|
||||
context->identity.User = (UINT16*) malloc(context->identity.UserLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->User, strlen((char*) identity->User),
|
||||
(LPWSTR) context->identity.User, context->identity.UserLength / 2);
|
||||
|
||||
if (identity->DomainLength > 0)
|
||||
{
|
||||
context->identity.Domain = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Domain, &size);
|
||||
context->identity.DomainLength = (uint32) size;
|
||||
context->identity.DomainLength = strlen((char*) identity->Domain) * 2;
|
||||
context->identity.Domain = (UINT16*) malloc(context->identity.DomainLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->Domain, strlen((char*) identity->Domain),
|
||||
(LPWSTR) context->identity.Domain, context->identity.DomainLength / 2);
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.Domain = (uint16*) NULL;
|
||||
context->identity.Domain = (UINT16*) NULL;
|
||||
context->identity.DomainLength = 0;
|
||||
}
|
||||
|
||||
context->identity.Password = (uint16*) freerdp_uniconv_out(context->uniconv, (char*) identity->Password, &size);
|
||||
context->identity.PasswordLength = (uint32) size;
|
||||
context->identity.PasswordLength = strlen((char*) identity->Password) * 2;
|
||||
context->identity.Password = (UINT16*) malloc(context->identity.PasswordLength);
|
||||
MultiByteToWideChar(CP_ACP, 0, (char*) identity->Password, strlen((char*) identity->Password),
|
||||
(LPWSTR) context->identity.Password, context->identity.PasswordLength / 2);
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.User = (uint16*) malloc(identity->UserLength);
|
||||
context->identity.User = (UINT16*) malloc(identity->UserLength);
|
||||
memcpy(context->identity.User, identity->User, identity->UserLength);
|
||||
context->identity.UserLength = identity->UserLength;
|
||||
|
||||
if (identity->DomainLength > 0)
|
||||
{
|
||||
context->identity.Domain = (uint16*) malloc(identity->DomainLength);
|
||||
context->identity.Domain = (UINT16*) malloc(identity->DomainLength);
|
||||
memcpy(context->identity.Domain, identity->Domain, identity->DomainLength);
|
||||
context->identity.DomainLength = identity->DomainLength;
|
||||
}
|
||||
else
|
||||
{
|
||||
context->identity.Domain = (uint16*) NULL;
|
||||
context->identity.Domain = (UINT16*) NULL;
|
||||
context->identity.DomainLength = 0;
|
||||
}
|
||||
|
||||
context->identity.Password = (uint16*) malloc(identity->PasswordLength);
|
||||
context->identity.Password = (UINT16*) malloc(identity->PasswordLength);
|
||||
memcpy(context->identity.Password, identity->Password, identity->PasswordLength);
|
||||
context->identity.PasswordLength = identity->PasswordLength;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user