fixes for NLA under win32

This commit is contained in:
David Fort 2022-10-07 14:09:44 +02:00 committed by akallabeth
parent 7dde39de9d
commit f486fb1e92
2 changed files with 30 additions and 22 deletions

View File

@ -121,6 +121,7 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
const char* pkinit)
{
SECURITY_STATUS status;
void* identityPtr = NULL;
WINPR_ASSERT(auth);
WINPR_ASSERT(auth->table);
@ -130,13 +131,7 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
if (!credssp_auth_set_spn(auth, target_service, target_hostname))
return FALSE;
if (!identity)
{
status = auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name,
SECPKG_CRED_OUTBOUND, NULL, NULL, NULL,
NULL, &auth->credentials, NULL);
}
else
if (identity)
{
if (sspi_CopyAuthIdentity(&auth->identity.identity, identity) < 0)
return FALSE;
@ -152,11 +147,13 @@ BOOL credssp_auth_setup_client(rdpCredsspAuth* auth, const char* target_service,
}
}
status = auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name,
SECPKG_CRED_OUTBOUND, NULL, &auth->identity,
NULL, NULL, &auth->credentials, NULL);
identityPtr = &auth->identity;
}
status =
auth->table->AcquireCredentialsHandleA(NULL, auth->info->Name, SECPKG_CRED_OUTBOUND, NULL,
identityPtr, NULL, NULL, &auth->credentials, NULL);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandleA failed with %s [0x%08X]",
@ -263,7 +260,7 @@ int credssp_auth_authenticate(rdpCredsspAuth* auth)
{
SECURITY_STATUS status;
SecBuffer input_buffers[2] = { 0 };
SecBufferDesc input_buffer_desc = { SECBUFFER_VERSION, 2, input_buffers };
SecBufferDesc input_buffer_desc = { SECBUFFER_VERSION, 1, input_buffers };
CtxtHandle* context = NULL;
WINPR_ASSERT(auth);
@ -288,6 +285,8 @@ int credssp_auth_authenticate(rdpCredsspAuth* auth)
if (auth->bindings)
{
input_buffer_desc.cBuffers = 2;
input_buffers[1].BufferType = SECBUFFER_CHANNEL_BINDINGS;
input_buffers[1].cbBuffer = auth->bindings->BindingsLength;
input_buffers[1].pvBuffer = auth->bindings->Bindings;

View File

@ -51,6 +51,8 @@
#define SERVER_KEY "Software\\" FREERDP_VENDOR_STRING "\\" FREERDP_PRODUCT_STRING "\\Server"
#define NLA_AUTH_PKG "Negotiate"
/**
* TSRequest ::= SEQUENCE {
* version [0] INTEGER,
@ -198,15 +200,6 @@ static BOOL nla_adjust_settings_from_smartcard(rdpNla* nla)
if (!settings->SmartcardLogon)
return TRUE;
if (!settings->CspName)
{
if (!freerdp_settings_set_string(settings, FreeRDP_CspName, MS_SCARD_PROV_A))
{
WLog_ERR(TAG, "unable to set CSP name");
return FALSE;
}
}
if (!smartcard_enumerateCerts(settings, &certs, &count))
{
WLog_ERR(TAG, "unable to list smartcard certificates");
@ -229,6 +222,22 @@ static BOOL nla_adjust_settings_from_smartcard(rdpNla* nla)
/*
* just one result let's try to fill missing parameters
*/
if (!settings->CspName)
{
if (info->csp &&
ConvertFromUnicode(CP_UTF8, 0, info->csp, -1, &settings->CspName, 0, NULL, FALSE) <= 0)
{
WLog_ERR(TAG, "unable to set CSP name");
goto out;
}
else if (!(settings->CspName = _strdup(MS_SCARD_PROV_A)))
{
WLog_ERR(TAG, "unable to set CSP name");
goto out;
}
}
if (!settings->Username && info->userHint)
{
if (!freerdp_settings_set_string(settings, FreeRDP_Username, info->userHint))
@ -454,7 +463,7 @@ static int nla_client_init(rdpNla* nla)
if (!nla_adjust_settings_from_smartcard(nla))
return -1;
if (!credssp_auth_init(nla->auth, NEGO_SSP_NAME, NULL))
if (!credssp_auth_init(nla->auth, NLA_AUTH_PKG, NULL))
return -1;
if (!nla_client_setup_identity(nla))
@ -672,7 +681,7 @@ static int nla_server_init(rdpNla* nla)
return -1;
}
if (!credssp_auth_init(nla->auth, NEGO_SSP_NAME, NULL))
if (!credssp_auth_init(nla->auth, NLA_AUTH_PKG, NULL))
return -1;
if (!credssp_auth_setup_server(nla->auth))