libwinpr-sspi: fix server-side NLA

libfreerdp/core/nla.c

@@ -322,11 +322,19 @@ int credssp_client_authenticate(rdpCredssp* credssp)
 			input_buffer.pvBuffer = NULL;
 		}
 
-		if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_E_OK))
+		if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED))
 		{
 			if (credssp->table->CompleteAuthToken)
 				credssp->table->CompleteAuthToken(&credssp->context, &output_buffer_desc);
 
+			if (status == SEC_I_COMPLETE_NEEDED)
+				status = SEC_E_OK;
+			else if (status == SEC_I_COMPLETE_AND_CONTINUE)
+				status = SEC_I_CONTINUE_NEEDED;
+		}
+
+		if (status == SEC_E_OK)
+		{
 			have_pub_key_auth = TRUE;
 
 			if (credssp->table->QueryContextAttributes(&credssp->context, SECPKG_ATTR_SIZES, &credssp->ContextSizes) != SEC_E_OK)
@@ -336,11 +344,6 @@ int credssp_client_authenticate(rdpCredssp* credssp)
 			}
 
 			credssp_encrypt_public_key_echo(credssp);
-
-			if (status == SEC_I_COMPLETE_NEEDED)
-				status = SEC_E_OK;
-			else if (status == SEC_I_COMPLETE_AND_CONTINUE)
-				status = SEC_I_CONTINUE_NEEDED;
 		}
 
 		/* send authentication token to server */

server/X11/xf_peer.c

@@ -541,6 +541,10 @@ static void* xf_peer_main_loop(void* arg)
 	settings->RemoteFxCodec = TRUE;
 	settings->ColorDepth = 32;
 
+	settings->NlaSecurity = FALSE;
+	settings->TlsSecurity = TRUE;
+	settings->RdpSecurity = FALSE;
+
 	client->Capabilities = xf_peer_capabilities;
 	client->PostConnect = xf_peer_post_connect;
 	client->Activate = xf_peer_activate;

winpr/libwinpr/sspi/sspi_winpr.c

@@ -1185,22 +1185,98 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesA(PCtxtHandle phContext, U
 
 SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityContextToken(PCtxtHandle phContext, HANDLE* phToken)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	SEC_CHAR* Name;
+	SECURITY_STATUS status;
+	SecurityFunctionTableW* table;
+
+	Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (!table->QuerySecurityContextToken)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->QuerySecurityContextToken(phContext, phToken);
+
+	return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	SEC_CHAR* Name;
+	SECURITY_STATUS status;
+	SecurityFunctionTableW* table;
+
+	Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (!table->SetContextAttributesW)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
+
+	return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	char* Name;
+	SECURITY_STATUS status;
+	SecurityFunctionTableA* table;
+
+	Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableAByNameA(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (!table->SetContextAttributesA)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
+
+	return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_RevertSecurityContext(PCtxtHandle phContext)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	SEC_CHAR* Name;
+	SECURITY_STATUS status;
+	SecurityFunctionTableW* table;
+
+	Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (!table->RevertSecurityContext)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->RevertSecurityContext(phContext);
+
+	return status;
 }
 
 /* Message Support */

winpr/libwinpr/sspi/test/TestNTLM.c

@@ -37,7 +37,6 @@ struct _TEST_NTLM_CLIENT
 	SecPkgInfo* pPackageInfo;
 	SecurityFunctionTable* table;
 	SEC_WINNT_AUTH_IDENTITY identity;
-	SecPkgContext_Sizes ContextSizes;
 };
 typedef struct _TEST_NTLM_CLIENT TEST_NTLM_CLIENT;
 
@@ -76,7 +75,6 @@ int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char*
 	ntlm->haveInputBuffer = FALSE;
 	ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
 	ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
-	ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
 
 	ntlm->fContextReq = 0;
 
@@ -202,13 +200,6 @@ int test_ntlm_client_authenticate(TEST_NTLM_CLIENT* ntlm)
 		if (ntlm->table->CompleteAuthToken)
 			ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
 
-		if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK)
-		{
-			fprintf(stderr, "QueryContextAttributes SECPKG_ATTR_SIZES failure status: %s (0x%04X)\n",
-				GetSecurityStatusString(status), status);
-			return -1;
-		}
-
 		if (status == SEC_I_COMPLETE_NEEDED)
 			status = SEC_E_OK;
 		else if (status == SEC_I_COMPLETE_AND_CONTINUE)
@@ -268,7 +259,6 @@ struct _TEST_NTLM_SERVER
 	SecPkgInfo* pPackageInfo;
 	SecurityFunctionTable* table;
 	SEC_WINNT_AUTH_IDENTITY identity;
-	SecPkgContext_Sizes ContextSizes;
 };
 typedef struct _TEST_NTLM_SERVER TEST_NTLM_SERVER;
 
@@ -394,7 +384,6 @@ int test_ntlm_server_init(TEST_NTLM_SERVER* ntlm)
 	ntlm->haveInputBuffer = FALSE;
 	ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
 	ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
-	ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
 
 	ntlm->fContextReq = 0;