fixes for NLA under win32
This commit is contained in:
parent
7dde39de9d
commit
f486fb1e92
@ -121,6 +121,7 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
|
|||||||
const char* pkinit)
|
const char* pkinit)
|
||||||
{
|
{
|
||||||
SECURITY_STATUS status;
|
SECURITY_STATUS status;
|
||||||
|
void* identityPtr = NULL;
|
||||||
|
|
||||||
WINPR_ASSERT(auth);
|
WINPR_ASSERT(auth);
|
||||||
WINPR_ASSERT(auth->table);
|
WINPR_ASSERT(auth->table);
|
||||||
@ -130,13 +131,7 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
|
|||||||
if (!credssp_auth_set_spn(auth, target_service, target_hostname))
|
if (!credssp_auth_set_spn(auth, target_service, target_hostname))
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
if (!identity)
|
if (identity)
|
||||||
{
|
|
||||||
status = auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name,
|
|
||||||
SECPKG_CRED_OUTBOUND, NULL, NULL, NULL,
|
|
||||||
NULL, &auth->credentials, NULL);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
{
|
||||||
if (sspi_CopyAuthIdentity(&auth->identity.identity, identity) < 0)
|
if (sspi_CopyAuthIdentity(&auth->identity.identity, identity) < 0)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
@ -152,11 +147,13 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
status = auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name,
|
identityPtr = &auth->identity;
|
||||||
SECPKG_CRED_OUTBOUND, NULL, &auth->identity,
|
|
||||||
NULL, NULL, &auth->credentials, NULL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
status =
|
||||||
|
auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name, SECPKG_CRED_OUTBOUND, NULL,
|
||||||
|
identityPtr, NULL, NULL, &auth->credentials, NULL);
|
||||||
|
|
||||||
if (status != SEC_E_OK)
|
if (status != SEC_E_OK)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "AcquireCredentialsHandleA failed with %s [0x%08X]",
|
WLog_ERR(TAG, "AcquireCredentialsHandleA failed with %s [0x%08X]",
|
||||||
@ -263,7 +260,7 @@ int credssp_auth_authenticate(rdpCredsspAuth* auth)
|
|||||||
{
|
{
|
||||||
SECURITY_STATUS status;
|
SECURITY_STATUS status;
|
||||||
SecBuffer input_buffers[2] = { 0 };
|
SecBuffer input_buffers[2] = { 0 };
|
||||||
SecBufferDesc input_buffer_desc = { SECBUFFER_VERSION, 2, input_buffers };
|
SecBufferDesc input_buffer_desc = { SECBUFFER_VERSION, 1, input_buffers };
|
||||||
CtxtHandle* context = NULL;
|
CtxtHandle* context = NULL;
|
||||||
|
|
||||||
WINPR_ASSERT(auth);
|
WINPR_ASSERT(auth);
|
||||||
@ -288,6 +285,8 @@ int credssp_auth_authenticate(rdpCredsspAuth* auth)
|
|||||||
|
|
||||||
if (auth->bindings)
|
if (auth->bindings)
|
||||||
{
|
{
|
||||||
|
input_buffer_desc.cBuffers = 2;
|
||||||
|
|
||||||
input_buffers[1].BufferType = SECBUFFER_CHANNEL_BINDINGS;
|
input_buffers[1].BufferType = SECBUFFER_CHANNEL_BINDINGS;
|
||||||
input_buffers[1].cbBuffer = auth->bindings->BindingsLength;
|
input_buffers[1].cbBuffer = auth->bindings->BindingsLength;
|
||||||
input_buffers[1].pvBuffer = auth->bindings->Bindings;
|
input_buffers[1].pvBuffer = auth->bindings->Bindings;
|
||||||
|
@ -51,6 +51,8 @@
|
|||||||
|
|
||||||
#define SERVER_KEY "Software\\" FREERDP_VENDOR_STRING "\\" FREERDP_PRODUCT_STRING "\\Server"
|
#define SERVER_KEY "Software\\" FREERDP_VENDOR_STRING "\\" FREERDP_PRODUCT_STRING "\\Server"
|
||||||
|
|
||||||
|
#define NLA_AUTH_PKG "Negotiate"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* TSRequest ::= SEQUENCE {
|
* TSRequest ::= SEQUENCE {
|
||||||
* version [0] INTEGER,
|
* version [0] INTEGER,
|
||||||
@ -198,15 +200,6 @@ static BOOL nla_adjust_settings_from_smartcard(rdpNla* nla)
|
|||||||
if (!settings->SmartcardLogon)
|
if (!settings->SmartcardLogon)
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
||||||
if (!settings->CspName)
|
|
||||||
{
|
|
||||||
if (!freerdp_settings_set_string(settings, FreeRDP_CspName, MS_SCARD_PROV_A))
|
|
||||||
{
|
|
||||||
WLog_ERR(TAG, "unable to set CSP name");
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!smartcard_enumerateCerts(settings, &certs, &count))
|
if (!smartcard_enumerateCerts(settings, &certs, &count))
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "unable to list smartcard certificates");
|
WLog_ERR(TAG, "unable to list smartcard certificates");
|
||||||
@ -229,6 +222,22 @@ static BOOL nla_adjust_settings_from_smartcard(rdpNla* nla)
|
|||||||
/*
|
/*
|
||||||
* just one result let's try to fill missing parameters
|
* just one result let's try to fill missing parameters
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
if (!settings->CspName)
|
||||||
|
{
|
||||||
|
if (info->csp &&
|
||||||
|
ConvertFromUnicode(CP_UTF8, 0, info->csp, -1, &settings->CspName, 0, NULL, FALSE) <= 0)
|
||||||
|
{
|
||||||
|
WLog_ERR(TAG, "unable to set CSP name");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
else if (!(settings->CspName = _strdup(MS_SCARD_PROV_A)))
|
||||||
|
{
|
||||||
|
WLog_ERR(TAG, "unable to set CSP name");
|
||||||
|
goto out;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (!settings->Username && info->userHint)
|
if (!settings->Username && info->userHint)
|
||||||
{
|
{
|
||||||
if (!freerdp_settings_set_string(settings, FreeRDP_Username, info->userHint))
|
if (!freerdp_settings_set_string(settings, FreeRDP_Username, info->userHint))
|
||||||
@ -454,7 +463,7 @@ static int nla_client_init(rdpNla* nla)
|
|||||||
if (!nla_adjust_settings_from_smartcard(nla))
|
if (!nla_adjust_settings_from_smartcard(nla))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (!credssp_auth_init(nla->auth, NEGO_SSP_NAME, NULL))
|
if (!credssp_auth_init(nla->auth, NLA_AUTH_PKG, NULL))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (!nla_client_setup_identity(nla))
|
if (!nla_client_setup_identity(nla))
|
||||||
@ -672,7 +681,7 @@ static int nla_server_init(rdpNla* nla)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!credssp_auth_init(nla->auth, NEGO_SSP_NAME, NULL))
|
if (!credssp_auth_init(nla->auth, NLA_AUTH_PKG, NULL))
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
if (!credssp_auth_setup_server(nla->auth))
|
if (!credssp_auth_setup_server(nla->auth))
|
||||||
|
Loading…
Reference in New Issue
Block a user