fixes for NLA under win32

This commit is contained in:
David Fort 2022-10-07 14:09:44 +02:00 committed by akallabeth
parent 7dde39de9d
commit f486fb1e92
2 changed files with 30 additions and 22 deletions

View File

@ -121,6 +121,7 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
const char* pkinit) const char* pkinit)
{ {
SECURITY_STATUS status; SECURITY_STATUS status;
void* identityPtr = NULL;
WINPR_ASSERT(auth); WINPR_ASSERT(auth);
WINPR_ASSERT(auth->table); WINPR_ASSERT(auth->table);
@ -130,13 +131,7 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
if (!credssp_auth_set_spn(auth, target_service, target_hostname)) if (!credssp_auth_set_spn(auth, target_service, target_hostname))
return FALSE; return FALSE;
if (!identity) if (identity)
{
status = auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name,
SECPKG_CRED_OUTBOUND, NULL, NULL, NULL,
NULL, &auth->credentials, NULL);
}
else
{ {
if (sspi_CopyAuthIdentity(&auth->identity.identity, identity) < 0) if (sspi_CopyAuthIdentity(&auth->identity.identity, identity) < 0)
return FALSE; return FALSE;
@ -152,11 +147,13 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
} }
} }
status = auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name, identityPtr = &auth->identity;
SECPKG_CRED_OUTBOUND, NULL, &auth->identity,
NULL, NULL, &auth->credentials, NULL);
} }
status =
auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name, SECPKG_CRED_OUTBOUND, NULL,
identityPtr, NULL, NULL, &auth->credentials, NULL);
if (status != SEC_E_OK) if (status != SEC_E_OK)
{ {
WLog_ERR(TAG, "AcquireCredentialsHandleA failed with %s [0x%08X]", WLog_ERR(TAG, "AcquireCredentialsHandleA failed with %s [0x%08X]",
@ -263,7 +260,7 @@ int credssp_auth_authenticate(rdpCredsspAuth* auth)
{ {
SECURITY_STATUS status; SECURITY_STATUS status;
SecBuffer input_buffers[2] = { 0 }; SecBuffer input_buffers[2] = { 0 };
SecBufferDesc input_buffer_desc = { SECBUFFER_VERSION, 2, input_buffers }; SecBufferDesc input_buffer_desc = { SECBUFFER_VERSION, 1, input_buffers };
CtxtHandle* context = NULL; CtxtHandle* context = NULL;
WINPR_ASSERT(auth); WINPR_ASSERT(auth);
@ -288,6 +285,8 @@ int credssp_auth_authenticate(rdpCredsspAuth* auth)
if (auth->bindings) if (auth->bindings)
{ {
input_buffer_desc.cBuffers = 2;
input_buffers[1].BufferType = SECBUFFER_CHANNEL_BINDINGS; input_buffers[1].BufferType = SECBUFFER_CHANNEL_BINDINGS;
input_buffers[1].cbBuffer = auth->bindings->BindingsLength; input_buffers[1].cbBuffer = auth->bindings->BindingsLength;
input_buffers[1].pvBuffer = auth->bindings->Bindings; input_buffers[1].pvBuffer = auth->bindings->Bindings;

View File

@ -51,6 +51,8 @@
#define SERVER_KEY "Software\\" FREERDP_VENDOR_STRING "\\" FREERDP_PRODUCT_STRING "\\Server" #define SERVER_KEY "Software\\" FREERDP_VENDOR_STRING "\\" FREERDP_PRODUCT_STRING "\\Server"
#define NLA_AUTH_PKG "Negotiate"
/** /**
* TSRequest ::= SEQUENCE { * TSRequest ::= SEQUENCE {
* version [0] INTEGER, * version [0] INTEGER,
@ -198,15 +200,6 @@ static BOOL nla_adjust_settings_from_smartcard(rdpNla* nla)
if (!settings->SmartcardLogon) if (!settings->SmartcardLogon)
return TRUE; return TRUE;
if (!settings->CspName)
{
if (!freerdp_settings_set_string(settings, FreeRDP_CspName, MS_SCARD_PROV_A))
{
WLog_ERR(TAG, "unable to set CSP name");
return FALSE;
}
}
if (!smartcard_enumerateCerts(settings, &certs, &count)) if (!smartcard_enumerateCerts(settings, &certs, &count))
{ {
WLog_ERR(TAG, "unable to list smartcard certificates"); WLog_ERR(TAG, "unable to list smartcard certificates");
@ -229,6 +222,22 @@ static BOOL nla_adjust_settings_from_smartcard(rdpNla* nla)
/* /*
* just one result let's try to fill missing parameters * just one result let's try to fill missing parameters
*/ */
if (!settings->CspName)
{
if (info->csp &&
ConvertFromUnicode(CP_UTF8, 0, info->csp, -1, &settings->CspName, 0, NULL, FALSE) <= 0)
{
WLog_ERR(TAG, "unable to set CSP name");
goto out;
}
else if (!(settings->CspName = _strdup(MS_SCARD_PROV_A)))
{
WLog_ERR(TAG, "unable to set CSP name");
goto out;
}
}
if (!settings->Username && info->userHint) if (!settings->Username && info->userHint)
{ {
if (!freerdp_settings_set_string(settings, FreeRDP_Username, info->userHint)) if (!freerdp_settings_set_string(settings, FreeRDP_Username, info->userHint))
@ -454,7 +463,7 @@ static int nla_client_init(rdpNla* nla)
if (!nla_adjust_settings_from_smartcard(nla)) if (!nla_adjust_settings_from_smartcard(nla))
return -1; return -1;
if (!credssp_auth_init(nla->auth, NEGO_SSP_NAME, NULL)) if (!credssp_auth_init(nla->auth, NLA_AUTH_PKG, NULL))
return -1; return -1;
if (!nla_client_setup_identity(nla)) if (!nla_client_setup_identity(nla))
@ -672,7 +681,7 @@ static int nla_server_init(rdpNla* nla)
return -1; return -1;
} }
if (!credssp_auth_init(nla->auth, NEGO_SSP_NAME, NULL)) if (!credssp_auth_init(nla->auth, NLA_AUTH_PKG, NULL))
return -1; return -1;
if (!credssp_auth_setup_server(nla->auth)) if (!credssp_auth_setup_server(nla->auth))