mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Error checks and readable log messages.

Browse Source
This commit is contained in:
Armin Novak 2015-07-07 13:46:05 +02:00
parent 7360cb638a
commit 5b0ee9b7ab
1 changed files with 116 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

145
libfreerdp/core/nla.c
View File

@ -113,17 +113,17 @@ void nla_identity_free(SEC_WINNT_AUTH_IDENTITY* identity)
{
if (identity->User)
{
memset(identity->User, 0, identity->UserLength*2);
memset(identity->User, 0, identity->UserLength * 2);
free(identity->User);
}
if (identity->Password)
{
memset(identity->Password, 0, identity->PasswordLength*2);
memset(identity->Password, 0, identity->PasswordLength * 2);
free(identity->Password);
}
if (identity->Domain)
{
memset(identity->Domain, 0, identity->DomainLength*2);
memset(identity->Domain, 0, identity->DomainLength * 2);
free(identity->Domain);
}
}
@ -258,7 +258,8 @@ int nla_client_init(rdpNla* nla)
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status: 0x%08X", nla->status);
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -269,7 +270,8 @@ int nla_client_init(rdpNla* nla)
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status: 0x%08X", nla->status);
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -315,10 +317,22 @@ int nla_client_begin(rdpNla* nla)
SECURITY_NATIVE_DREP, NULL, 0, &nla->context,
&nla->outputBufferDesc, &nla->pfContextAttr, &nla->expiration);
WLog_VRB(TAG, " InitializeSecurityContext status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
if ((nla->status == SEC_I_COMPLETE_AND_CONTINUE) || (nla->status == SEC_I_COMPLETE_NEEDED))
{
if (nla->table->CompleteAuthToken)
nla->table->CompleteAuthToken(&nla->context, &nla->outputBufferDesc);
{
SECURITY_STATUS status;
status = nla->table->CompleteAuthToken(&nla->context, &nla->outputBufferDesc);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "CompleteAuthToken status %s [%08X]",
GetSecurityStatusString(status), status);
}
}
if (nla->status == SEC_I_COMPLETE_NEEDED)
nla->status = SEC_E_OK;
@ -379,13 +393,24 @@ int nla_client_recv(rdpNla* nla)
SECURITY_NATIVE_DREP, &nla->inputBufferDesc,
0, &nla->context, &nla->outputBufferDesc, &nla->pfContextAttr, &nla->expiration);
WLog_VRB(TAG, "InitializeSecurityContext %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
free(nla->inputBuffer.pvBuffer);
nla->inputBuffer.pvBuffer = NULL;
if ((nla->status == SEC_I_COMPLETE_AND_CONTINUE) || (nla->status == SEC_I_COMPLETE_NEEDED))
{
if (nla->table->CompleteAuthToken)
nla->table->CompleteAuthToken(&nla->context, &nla->outputBufferDesc);
{
SECURITY_STATUS status;
status = nla->table->CompleteAuthToken(&nla->context, &nla->outputBufferDesc);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "CompleteAuthToken status %s [%08X]",
GetSecurityStatusString(status), status);
}
}
if (nla->status == SEC_I_COMPLETE_NEEDED)
nla->status = SEC_E_OK;
@ -397,9 +422,11 @@ int nla_client_recv(rdpNla* nla)
{
nla->havePubKeyAuth = TRUE;
if (nla->table->QueryContextAttributes(&nla->context, SECPKG_ATTR_SIZES, &nla->ContextSizes) != SEC_E_OK)
nla->status = nla->table->QueryContextAttributes(&nla->context, SECPKG_ATTR_SIZES, &nla->ContextSizes);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure");
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -435,7 +462,8 @@ int nla_client_recv(rdpNla* nla)
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "Could not verify public key echo!");
WLog_ERR(TAG, "Could not verify public key echo %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -444,7 +472,8 @@ int nla_client_recv(rdpNla* nla)
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "nla_encrypt_ts_credentials status: 0x%08X", nla->status);
WLog_ERR(TAG, "nla_encrypt_ts_credentials status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -456,7 +485,21 @@ int nla_client_recv(rdpNla* nla)
nla_buffer_free(nla);
nla->table->FreeCredentialsHandle(&nla->credentials);
nla->table->FreeContextBuffer(nla->pPackageInfo);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "FreeCredentialsHandle status %s [%08X]",
GetSecurityStatusString(status), status);
}
nla->status = nla->table->FreeContextBuffer(nla->pPackageInfo);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "FreeContextBuffer status %s [%08X]",
GetSecurityStatusString(status), status);
}
if (nla->status != SEC_E_OK)
return -1;
nla->state = NLA_STATE_AUTH_INFO;
status = 1;
@ -550,7 +593,8 @@ int nla_server_init(rdpNla* nla)
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status: 0x%08X", nla->status);
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -560,7 +604,8 @@ int nla_server_init(rdpNla* nla)
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status: 0x%08X", nla->status);
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -640,14 +685,23 @@ int nla_server_authenticate(rdpNla* nla)
&nla->inputBufferDesc, nla->fContextReq, SECURITY_NATIVE_DREP, &nla->context,
&nla->outputBufferDesc, &nla->pfContextAttr, &nla->expiration);
WLog_VRB(TAG, "AcceptSecurityContext status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
nla->negoToken.pvBuffer = nla->outputBuffer.pvBuffer;
nla->negoToken.cbBuffer = nla->outputBuffer.cbBuffer;
if ((nla->status == SEC_I_COMPLETE_AND_CONTINUE) || (nla->status == SEC_I_COMPLETE_NEEDED))
{
if (nla->table->CompleteAuthToken)
nla->table->CompleteAuthToken(&nla->context, &nla->outputBufferDesc);
{
SECURITY_STATUS status;
status = nla->table->CompleteAuthToken(&nla->context, &nla->outputBufferDesc);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "CompleteAuthToken status %s [%08X]",
GetSecurityStatusString(status), status);
}
}
if (nla->status == SEC_I_COMPLETE_NEEDED)
nla->status = SEC_E_OK;
else if (nla->status == SEC_I_COMPLETE_AND_CONTINUE)
@ -673,15 +727,19 @@ int nla_server_authenticate(rdpNla* nla)
nla->havePubKeyAuth = TRUE;
if (nla->table->QueryContextAttributes(&nla->context, SECPKG_ATTR_SIZES, &nla->ContextSizes) != SEC_E_OK)
nla->status = nla->table->QueryContextAttributes(&nla->context, SECPKG_ATTR_SIZES, &nla->ContextSizes);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure");
WLog_ERR(TAG, "QueryContextAttributes SECPKG_ATTR_SIZES failure %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
if (nla_decrypt_public_key_echo(nla) != SEC_E_OK)
nla->status = nla_decrypt_public_key_echo(nla);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "Error: could not verify client's public key echo");
WLog_ERR(TAG, "Error: could not verify client's public key echo %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -693,7 +751,8 @@ int nla_server_authenticate(rdpNla* nla)
if ((nla->status != SEC_E_OK) && (nla->status != SEC_I_CONTINUE_NEEDED))
{
WLog_ERR(TAG, "AcceptSecurityContext status: 0x%08X", nla->status);
WLog_ERR(TAG, "AcceptSecurityContext status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1; /* Access Denied */
}
@ -722,13 +781,15 @@ int nla_server_authenticate(rdpNla* nla)
if (nla_decrypt_ts_credentials(nla) != SEC_E_OK)
{
WLog_ERR(TAG, "Could not decrypt TSCredentials status: 0x%08X", nla->status);
WLog_ERR(TAG, "Could not decrypt TSCredentials status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "AcceptSecurityContext status: 0x%08X", nla->status);
WLog_ERR(TAG, "AcceptSecurityContext status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
@ -736,7 +797,8 @@ int nla_server_authenticate(rdpNla* nla)
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "ImpersonateSecurityContext status: 0x%08X", nla->status);
WLog_ERR(TAG, "ImpersonateSecurityContext status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
else
@ -745,12 +807,19 @@ int nla_server_authenticate(rdpNla* nla)
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "RevertSecurityContext status: 0x%08X", nla->status);
WLog_ERR(TAG, "RevertSecurityContext status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
}
nla->table->FreeContextBuffer(nla->pPackageInfo);
nla->status = nla->table->FreeContextBuffer(nla->pPackageInfo);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "DeleteSecurityContext status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
return 1;
}
@ -838,7 +907,8 @@ SECURITY_STATUS nla_encrypt_public_key_echo(rdpNla* nla)
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "EncryptMessage status: 0x%08X", status);
WLog_ERR(TAG, "EncryptMessage status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return status;
}
@ -884,7 +954,8 @@ SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla)
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "DecryptMessage failure: 0x%08X", status);
WLog_ERR(TAG, "DecryptMessage failure %s [%08X]",
GetSecurityStatusString(status), status);
return status;
}
@ -1178,7 +1249,11 @@ SECURITY_STATUS nla_encrypt_ts_credentials(rdpNla* nla)
status = nla->table->EncryptMessage(&nla->context, 0, &Message, nla->sendSeqNum++);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "EncryptMessage failure %s [%08X]",
GetSecurityStatusString(status), status);
return status;
}
return SEC_E_OK;
}
@ -1217,7 +1292,11 @@ SECURITY_STATUS nla_decrypt_ts_credentials(rdpNla* nla)
status = nla->table->DecryptMessage(&nla->context, &Message, nla->recvSeqNum++, &pfQOP);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "DecryptMessage failure %s [%08X]",
GetSecurityStatusString(status), status);
return status;
}
if(!nla_read_ts_credentials(nla, &Buffers[1]))
{
@ -1619,7 +1698,15 @@ void nla_free(rdpNla* nla)
return;
if (nla->table)
nla->table->DeleteSecurityContext(&nla->context);
{
SECURITY_STATUS status;
status = nla->table->DeleteSecurityContext(&nla->context);
if (status != SEC_E_OK)
{
WLog_WARN(TAG, "DeleteSecurityContext status %s [%08X]",
GetSecurityStatusString(status), status);
}
}
sspi_SecBufferFree(&nla->PublicKey);
sspi_SecBufferFree(&nla->tsCredentials);