From 723e9a171b12dba474b772f8348facc1df5521e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= <marcandre.moreau@gmail.com>
Date: Tue, 10 Jun 2014 14:38:17 -0400
Subject: [PATCH] libwinpr-sspi: fix server-side NLA

---
 libfreerdp/core/nla.c               | 15 +++---
 server/X11/xf_peer.c                |  4 ++
 winpr/libwinpr/sspi/sspi_winpr.c    | 84 +++++++++++++++++++++++++++--
 winpr/libwinpr/sspi/test/TestNTLM.c | 11 ----
 4 files changed, 93 insertions(+), 21 deletions(-)

diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c
index 6d4dab3e7..f1573a5a0 100644
--- a/libfreerdp/core/nla.c
+++ b/libfreerdp/core/nla.c
@@ -322,11 +322,19 @@ int credssp_client_authenticate(rdpCredssp* credssp)
 			input_buffer.pvBuffer = NULL;
 		}
 
-		if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_E_OK))
+		if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED))
 		{
 			if (credssp->table->CompleteAuthToken)
 				credssp->table->CompleteAuthToken(&credssp->context, &output_buffer_desc);
 
+			if (status == SEC_I_COMPLETE_NEEDED)
+				status = SEC_E_OK;
+			else if (status == SEC_I_COMPLETE_AND_CONTINUE)
+				status = SEC_I_CONTINUE_NEEDED;
+		}
+
+		if (status == SEC_E_OK)
+		{
 			have_pub_key_auth = TRUE;
 
 			if (credssp->table->QueryContextAttributes(&credssp->context, SECPKG_ATTR_SIZES, &credssp->ContextSizes) != SEC_E_OK)
@@ -336,11 +344,6 @@ int credssp_client_authenticate(rdpCredssp* credssp)
 			}
 
 			credssp_encrypt_public_key_echo(credssp);
-
-			if (status == SEC_I_COMPLETE_NEEDED)
-				status = SEC_E_OK;
-			else if (status == SEC_I_COMPLETE_AND_CONTINUE)
-				status = SEC_I_CONTINUE_NEEDED;
 		}
 
 		/* send authentication token to server */
diff --git a/server/X11/xf_peer.c b/server/X11/xf_peer.c
index 443123c53..140dcd662 100644
--- a/server/X11/xf_peer.c
+++ b/server/X11/xf_peer.c
@@ -541,6 +541,10 @@ static void* xf_peer_main_loop(void* arg)
 	settings->RemoteFxCodec = TRUE;
 	settings->ColorDepth = 32;
 
+	settings->NlaSecurity = FALSE;
+	settings->TlsSecurity = TRUE;
+	settings->RdpSecurity = FALSE;
+
 	client->Capabilities = xf_peer_capabilities;
 	client->PostConnect = xf_peer_post_connect;
 	client->Activate = xf_peer_activate;
diff --git a/winpr/libwinpr/sspi/sspi_winpr.c b/winpr/libwinpr/sspi/sspi_winpr.c
index 4da7babd9..dee803b6b 100644
--- a/winpr/libwinpr/sspi/sspi_winpr.c
+++ b/winpr/libwinpr/sspi/sspi_winpr.c
@@ -1185,22 +1185,98 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesA(PCtxtHandle phContext, U
 
 SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityContextToken(PCtxtHandle phContext, HANDLE* phToken)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	SEC_CHAR* Name;
+	SECURITY_STATUS status;
+	SecurityFunctionTableW* table;
+
+	Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (!table->QuerySecurityContextToken)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->QuerySecurityContextToken(phContext, phToken);
+
+	return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	SEC_CHAR* Name;
+	SECURITY_STATUS status;
+	SecurityFunctionTableW* table;
+
+	Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (!table->SetContextAttributesW)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
+
+	return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	char* Name;
+	SECURITY_STATUS status;
+	SecurityFunctionTableA* table;
+
+	Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableAByNameA(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (!table->SetContextAttributesA)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
+
+	return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_RevertSecurityContext(PCtxtHandle phContext)
 {
-	return SEC_E_UNSUPPORTED_FUNCTION;
+	SEC_CHAR* Name;
+	SECURITY_STATUS status;
+	SecurityFunctionTableW* table;
+
+	Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+	if (!Name)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+	if (!table)
+		return SEC_E_SECPKG_NOT_FOUND;
+
+	if (!table->RevertSecurityContext)
+		return SEC_E_UNSUPPORTED_FUNCTION;
+
+	status = table->RevertSecurityContext(phContext);
+
+	return status;
 }
 
 /* Message Support */
diff --git a/winpr/libwinpr/sspi/test/TestNTLM.c b/winpr/libwinpr/sspi/test/TestNTLM.c
index 9ed5f26db..bf018a322 100644
--- a/winpr/libwinpr/sspi/test/TestNTLM.c
+++ b/winpr/libwinpr/sspi/test/TestNTLM.c
@@ -37,7 +37,6 @@ struct _TEST_NTLM_CLIENT
 	SecPkgInfo* pPackageInfo;
 	SecurityFunctionTable* table;
 	SEC_WINNT_AUTH_IDENTITY identity;
-	SecPkgContext_Sizes ContextSizes;
 };
 typedef struct _TEST_NTLM_CLIENT TEST_NTLM_CLIENT;
 
@@ -76,7 +75,6 @@ int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char*
 	ntlm->haveInputBuffer = FALSE;
 	ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
 	ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
-	ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
 
 	ntlm->fContextReq = 0;
 
@@ -202,13 +200,6 @@ int test_ntlm_client_authenticate(TEST_NTLM_CLIENT* ntlm)
 		if (ntlm->table->CompleteAuthToken)
 			ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
 
-		if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK)
-		{
-			fprintf(stderr, "QueryContextAttributes SECPKG_ATTR_SIZES failure status: %s (0x%04X)\n",
-				GetSecurityStatusString(status), status);
-			return -1;
-		}
-
 		if (status == SEC_I_COMPLETE_NEEDED)
 			status = SEC_E_OK;
 		else if (status == SEC_I_COMPLETE_AND_CONTINUE)
@@ -268,7 +259,6 @@ struct _TEST_NTLM_SERVER
 	SecPkgInfo* pPackageInfo;
 	SecurityFunctionTable* table;
 	SEC_WINNT_AUTH_IDENTITY identity;
-	SecPkgContext_Sizes ContextSizes;
 };
 typedef struct _TEST_NTLM_SERVER TEST_NTLM_SERVER;
 
@@ -394,7 +384,6 @@ int test_ntlm_server_init(TEST_NTLM_SERVER* ntlm)
 	ntlm->haveInputBuffer = FALSE;
 	ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
 	ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
-	ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
 
 	ntlm->fContextReq = 0;