gateway: Do not encrypt message during RPC NTLM auth

Commit 2de7a4c249 introduced major changes
in the gateway authentication code. One of these changes was to decouple
NTLM specific authentication from the gateway code.

However with these changes, gateway authenciation with the old RPC code
stopped working and returned an authentication error. The problem is
that currently `credssp_auth_encrypt` encrypts the given message along
creating a signature.

The old code prevented encryption of the message by specifying
`SECBUFFER_READONLY` on the message buffer. The native Windows SSPI then
leaves this buffer as-is and gateway authentication works again.

This fix only applies to Windows platforms using the native SSPI API.
Interestingly this works on other platforms using the WinPR SSPI so
there seems to be a difference between the implementations (but that's a
topic for another PR).
This commit is contained in:
Martin Fleisz 2023-04-20 10:35:16 +02:00 committed by akallabeth
parent 4be3950fd8
commit 73911425d4
2 changed files with 3 additions and 0 deletions

View File

@ -498,6 +498,8 @@ BOOL credssp_auth_encrypt(rdpCredsspAuth* auth, const SecBuffer* plaintext, SecB
buffers[0].pvBuffer = buf; buffers[0].pvBuffer = buf;
buffers[1].BufferType = SECBUFFER_DATA; buffers[1].BufferType = SECBUFFER_DATA;
if (plaintext->BufferType & SECBUFFER_READONLY)
buffers[1].BufferType |= SECBUFFER_READONLY;
buffers[1].pvBuffer = buf + auth->sizes.cbSecurityTrailer; buffers[1].pvBuffer = buf + auth->sizes.cbSecurityTrailer;
buffers[1].cbBuffer = plaintext->cbBuffer; buffers[1].cbBuffer = plaintext->cbBuffer;
CopyMemory(buffers[1].pvBuffer, plaintext->pvBuffer, plaintext->cbBuffer); CopyMemory(buffers[1].pvBuffer, plaintext->pvBuffer, plaintext->cbBuffer);

View File

@ -1064,6 +1064,7 @@ BOOL rpc_client_write_call(rdpRpc* rpc, wStream* s, UINT16 opnum)
plaintext.pvBuffer = buffer; plaintext.pvBuffer = buffer;
plaintext.cbBuffer = offset; plaintext.cbBuffer = offset;
plaintext.BufferType = SECBUFFER_READONLY;
if (!credssp_auth_encrypt(auth, &plaintext, &ciphertext, &size, rpc->SendSeqNum++)) if (!credssp_auth_encrypt(auth, &plaintext, &ciphertext, &size, rpc->SendSeqNum++))
goto fail; goto fail;