libwinpr-sspi: fix server-side NTLM confidentiality
This commit is contained in:
Marc-André Moreau
parent
14daf31bbc
commit
81a2c3c705
@ -279,10 +279,15 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
|
||||
if (!context)
|
||||
{
|
||||
context = ntlm_ContextNew();
|
||||
|
||||
if (!context)
|
||||
return SEC_E_INSUFFICIENT_MEMORY ;
|
||||
return SEC_E_INSUFFICIENT_MEMORY;
|
||||
|
||||
context->server = true;
|
||||
|
||||
if (fContextReq & ASC_REQ_CONFIDENTIALITY)
|
||||
context->confidentiality = true;
|
||||
|
||||
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
|
||||
ntlm_SetContextIdentity(context, &credentials->identity);
|
||||
|
||||
@ -390,7 +395,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
|
||||
{
|
||||
context = ntlm_ContextNew();
|
||||
if (!context)
|
||||
return SEC_E_INSUFFICIENT_MEMORY ;
|
||||
return SEC_E_INSUFFICIENT_MEMORY;
|
||||
|
||||
if (fContextReq & ISC_REQ_CONFIDENTIALITY)
|
||||
context->confidentiality = true;
|
||||
@ -570,8 +575,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, uint32 fQOP
|
||||
else
|
||||
memcpy(data_buffer->pvBuffer, data, length);
|
||||
|
||||
free(data);
|
||||
|
||||
#ifdef WITH_DEBUG_NTLM
|
||||
printf("Data Buffer (length = %d)\n", length);
|
||||
freerdp_hexdump(data, length);
|
||||
@ -582,6 +585,8 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, uint32 fQOP
|
||||
printf("\n");
|
||||
#endif
|
||||
|
||||
free(data);
|
||||
|
||||
/* RC4-encrypt first 8 bytes of digest */
|
||||
crypto_rc4(context->SendRc4Seal, 8, digest, checksum);
|
||||
|
||||
@ -647,6 +652,17 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
|
||||
HMAC_Update(&hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
|
||||
HMAC_Final(&hmac, digest, NULL);
|
||||
HMAC_CTX_cleanup(&hmac);
|
||||
|
||||
#ifdef WITH_DEBUG_NTLM
|
||||
printf("Encrypted Data Buffer (length = %d)\n", length);
|
||||
freerdp_hexdump(data, length);
|
||||
printf("\n");
|
||||
|
||||
printf("Data Buffer (length = %d)\n", data_buffer->cbBuffer);
|
||||
freerdp_hexdump(data_buffer->pvBuffer, data_buffer->cbBuffer);
|
||||
printf("\n");
|
||||
#endif
|
||||
|
||||
free(data);
|
||||
|
||||
/* RC4-encrypt first 8 bytes of digest */
|
||||
|
||||
@ -420,8 +420,8 @@ int credssp_server_authenticate(rdpCredssp* credssp)
|
||||
memset(&output_buffer, 0, sizeof(SecBuffer));
|
||||
memset(&credssp->ContextSizes, 0, sizeof(SecPkgContext_Sizes));
|
||||
|
||||
fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT |
|
||||
ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE;
|
||||
fContextReq = ASC_REQ_REPLAY_DETECT | ASC_REQ_SEQUENCE_DETECT |
|
||||
ASC_REQ_CONFIDENTIALITY | ASC_REQ_DELEGATE;
|
||||
|
||||
while (true)
|
||||
{
|
||||
@ -458,7 +458,7 @@ int credssp_server_authenticate(rdpCredssp* credssp)
|
||||
|
||||
status = credssp->table->AcceptSecurityContext(&credentials,
|
||||
have_context? &credssp->context: NULL,
|
||||
&input_buffer_desc, 0, SECURITY_NATIVE_DREP, &credssp->context,
|
||||
&input_buffer_desc, fContextReq, SECURITY_NATIVE_DREP, &credssp->context,
|
||||
&output_buffer_desc, &pfContextAttr, &expiration);
|
||||
|
||||
if (input_buffer.pvBuffer != NULL)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user