mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libwinpr-sspi: fix server-side NTLM confidentiality

Browse Source
This commit is contained in:
Marc-André Moreau 2012-05-20 18:32:22 -04:00
parent 14daf31bbc
commit 81a2c3c705
2 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
libwinpr-sspi/NTLM/ntlm.c
View File

@ -279,10 +279,15 @@ SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(PCredHandle phCredential, P
if (!context) if (!context)
{ {
context = ntlm_ContextNew(); context = ntlm_ContextNew();
if (!context) if (!context)
return SEC_E_INSUFFICIENT_MEMORY ; return SEC_E_INSUFFICIENT_MEMORY;
context->server = true; context->server = true;
if (fContextReq & ASC_REQ_CONFIDENTIALITY)
context->confidentiality = true;
credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential); credentials = (CREDENTIALS*) sspi_SecureHandleGetLowerPointer(phCredential);
ntlm_SetContextIdentity(context, &credentials->identity); ntlm_SetContextIdentity(context, &credentials->identity);
@ -390,7 +395,7 @@ SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextA(PCredHandle phCredenti
{ {
context = ntlm_ContextNew(); context = ntlm_ContextNew();
if (!context) if (!context)
return SEC_E_INSUFFICIENT_MEMORY ; return SEC_E_INSUFFICIENT_MEMORY;
if (fContextReq & ISC_REQ_CONFIDENTIALITY) if (fContextReq & ISC_REQ_CONFIDENTIALITY)
context->confidentiality = true; context->confidentiality = true;
@ -570,8 +575,6 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, uint32 fQOP
else else
memcpy(data_buffer->pvBuffer, data, length); memcpy(data_buffer->pvBuffer, data, length);
free(data);
#ifdef WITH_DEBUG_NTLM #ifdef WITH_DEBUG_NTLM
printf("Data Buffer (length = %d)\n", length); printf("Data Buffer (length = %d)\n", length);
freerdp_hexdump(data, length); freerdp_hexdump(data, length);
@ -582,6 +585,8 @@ SECURITY_STATUS SEC_ENTRY ntlm_EncryptMessage(PCtxtHandle phContext, uint32 fQOP
printf("\n"); printf("\n");
#endif #endif
free(data);
/* RC4-encrypt first 8 bytes of digest */ /* RC4-encrypt first 8 bytes of digest */
crypto_rc4(context->SendRc4Seal, 8, digest, checksum); crypto_rc4(context->SendRc4Seal, 8, digest, checksum);
@ -647,6 +652,17 @@ SECURITY_STATUS SEC_ENTRY ntlm_DecryptMessage(PCtxtHandle phContext, PSecBufferD
HMAC_Update(&hmac, data_buffer->pvBuffer, data_buffer->cbBuffer); HMAC_Update(&hmac, data_buffer->pvBuffer, data_buffer->cbBuffer);
HMAC_Final(&hmac, digest, NULL); HMAC_Final(&hmac, digest, NULL);
HMAC_CTX_cleanup(&hmac); HMAC_CTX_cleanup(&hmac);
#ifdef WITH_DEBUG_NTLM
printf("Encrypted Data Buffer (length = %d)\n", length);
freerdp_hexdump(data, length);
printf("\n");
printf("Data Buffer (length = %d)\n", data_buffer->cbBuffer);
freerdp_hexdump(data_buffer->pvBuffer, data_buffer->cbBuffer);
printf("\n");
#endif
free(data); free(data);
/* RC4-encrypt first 8 bytes of digest */ /* RC4-encrypt first 8 bytes of digest */

6
libwinpr-sspi/credssp.c
View File

@ -420,8 +420,8 @@ int credssp_server_authenticate(rdpCredssp* credssp)
memset(&output_buffer, 0, sizeof(SecBuffer)); memset(&output_buffer, 0, sizeof(SecBuffer));
memset(&credssp->ContextSizes, 0, sizeof(SecPkgContext_Sizes)); memset(&credssp->ContextSizes, 0, sizeof(SecPkgContext_Sizes));
fContextReq = ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | fContextReq = ASC_REQ_REPLAY_DETECT | ASC_REQ_SEQUENCE_DETECT |
ISC_REQ_CONFIDENTIALITY | ISC_REQ_DELEGATE; ASC_REQ_CONFIDENTIALITY | ASC_REQ_DELEGATE;
while (true) while (true)
{ {
@ -458,7 +458,7 @@ int credssp_server_authenticate(rdpCredssp* credssp)
status = credssp->table->AcceptSecurityContext(&credentials, status = credssp->table->AcceptSecurityContext(&credentials,
have_context? &credssp->context: NULL, have_context? &credssp->context: NULL,
&input_buffer_desc, 0, SECURITY_NATIVE_DREP, &credssp->context, &input_buffer_desc, fContextReq, SECURITY_NATIVE_DREP, &credssp->context,
&output_buffer_desc, &pfContextAttr, &expiration); &output_buffer_desc, &pfContextAttr, &expiration);
if (input_buffer.pvBuffer != NULL) if (input_buffer.pvBuffer != NULL)