libwinpr-sspi: parse CredSSP plaintext credentials

This commit is contained in:
Marc-André Moreau 2012-05-24 15:52:20 -04:00
parent 2ff8a103d6
commit f897159058
4 changed files with 184 additions and 128 deletions

View File

@ -70,8 +70,8 @@ FREERDP_API int ber_write_sequence_tag(STREAM* s, int length);
FREERDP_API int ber_skip_sequence(int length); FREERDP_API int ber_skip_sequence(int length);
FREERDP_API int ber_skip_sequence_tag(int length); FREERDP_API int ber_skip_sequence_tag(int length);
FREERDP_API boolean ber_read_bit_string(STREAM* s, int* length, uint8* padding); FREERDP_API boolean ber_read_bit_string(STREAM* s, int* length, uint8* padding);
FREERDP_API boolean ber_read_octet_string(STREAM* s, int* length);
FREERDP_API void ber_write_octet_string(STREAM* s, const uint8* oct_str, int length); FREERDP_API void ber_write_octet_string(STREAM* s, const uint8* oct_str, int length);
FREERDP_API boolean ber_read_octet_string_tag(STREAM* s, int* length);
FREERDP_API int ber_write_octet_string_tag(STREAM* s, int length); FREERDP_API int ber_write_octet_string_tag(STREAM* s, int length);
FREERDP_API int ber_skip_octet_string(int length); FREERDP_API int ber_skip_octet_string(int length);
FREERDP_API boolean ber_read_boolean(STREAM* s, boolean* value); FREERDP_API boolean ber_read_boolean(STREAM* s, boolean* value);

View File

@ -331,12 +331,12 @@ boolean mcs_recv_connect_initial(rdpMcs* mcs, STREAM* s)
return false; return false;
/* callingDomainSelector (OCTET_STRING) */ /* callingDomainSelector (OCTET_STRING) */
if (!ber_read_octet_string(s, &length)) if (!ber_read_octet_string_tag(s, &length))
return false; return false;
stream_seek(s, length); stream_seek(s, length);
/* calledDomainSelector (OCTET_STRING) */ /* calledDomainSelector (OCTET_STRING) */
if (!ber_read_octet_string(s, &length)) if (!ber_read_octet_string_tag(s, &length))
return false; return false;
stream_seek(s, length); stream_seek(s, length);
@ -353,7 +353,7 @@ boolean mcs_recv_connect_initial(rdpMcs* mcs, STREAM* s)
/* maximumParameters (DomainParameters) */ /* maximumParameters (DomainParameters) */
mcs_read_domain_parameters(s, &mcs->maximumParameters); mcs_read_domain_parameters(s, &mcs->maximumParameters);
if (!ber_read_octet_string(s, &length)) if (!ber_read_octet_string_tag(s, &length))
return false; return false;
if (!gcc_read_conference_create_request(s, mcs->transport->settings)) if (!gcc_read_conference_create_request(s, mcs->transport->settings))
@ -499,7 +499,7 @@ boolean mcs_recv_connect_response(rdpMcs* mcs, STREAM* s)
if (!mcs_read_domain_parameters(s, &(mcs->domainParameters))) if (!mcs_read_domain_parameters(s, &(mcs->domainParameters)))
return false; return false;
ber_read_octet_string(s, &length); ber_read_octet_string_tag(s, &length);
if (!gcc_read_conference_create_response(s, mcs->transport->settings)) if (!gcc_read_conference_create_response(s, mcs->transport->settings))
{ {

View File

@ -267,14 +267,6 @@ boolean ber_read_bit_string(STREAM* s, int* length, uint8* padding)
return true; return true;
} }
boolean ber_read_octet_string(STREAM* s, int* length)
{
ber_read_universal_tag(s, BER_TAG_OCTET_STRING, false);
ber_read_length(s, length);
return true;
}
/** /**
* Write a BER OCTET_STRING * Write a BER OCTET_STRING
* @param s stream * @param s stream
@ -289,6 +281,13 @@ void ber_write_octet_string(STREAM* s, const uint8* oct_str, int length)
stream_write(s, oct_str, length); stream_write(s, oct_str, length);
} }
boolean ber_read_octet_string_tag(STREAM* s, int* length)
{
ber_read_universal_tag(s, BER_TAG_OCTET_STRING, false);
ber_read_length(s, length);
return true;
}
int ber_write_octet_string_tag(STREAM* s, int length) int ber_write_octet_string_tag(STREAM* s, int length)
{ {
ber_write_universal_tag(s, BER_TAG_OCTET_STRING, false); ber_write_universal_tag(s, BER_TAG_OCTET_STRING, false);

View File

@ -712,6 +712,173 @@ SECURITY_STATUS credssp_verify_public_key_echo(rdpCredssp* credssp)
return SEC_E_OK; return SEC_E_OK;
} }
int credssp_skip_ts_password_creds(rdpCredssp* credssp)
{
int length;
int ts_password_creds_length = 0;
length = ber_skip_octet_string(credssp->identity.DomainLength);
length += ber_skip_contextual_tag(length);
ts_password_creds_length += length;
length = ber_skip_octet_string(credssp->identity.UserLength);
length += ber_skip_contextual_tag(length);
ts_password_creds_length += length;
length = ber_skip_octet_string(credssp->identity.PasswordLength);
length += ber_skip_contextual_tag(length);
ts_password_creds_length += length;
length = ber_skip_sequence(ts_password_creds_length);
return length;
}
void credssp_read_ts_password_creds(rdpCredssp* credssp, STREAM* s)
{
int length;
/* TSPasswordCreds (SEQUENCE) */
ber_read_sequence_tag(s, &length);
/* [0] domainName (OCTET STRING) */
ber_read_contextual_tag(s, 0, &length, true);
ber_read_octet_string_tag(s, &length);
credssp->identity.DomainLength = (uint32) length;
credssp->identity.Domain = (uint16*) malloc(length);
CopyMemory(credssp->identity.Domain, s->p, credssp->identity.DomainLength);
stream_seek(s, credssp->identity.DomainLength);
/* [1] userName (OCTET STRING) */
ber_read_contextual_tag(s, 1, &length, true);
ber_read_octet_string_tag(s, &length);
credssp->identity.UserLength = (uint32) length;
credssp->identity.User = (uint16*) malloc(length);
CopyMemory(credssp->identity.User, s->p, credssp->identity.UserLength);
stream_seek(s, credssp->identity.UserLength);
/* [2] password (OCTET STRING) */
ber_read_contextual_tag(s, 2, &length, true);
ber_read_octet_string_tag(s, &length);
credssp->identity.PasswordLength = (uint32) length;
credssp->identity.Password = (uint16*) malloc(length);
CopyMemory(credssp->identity.Password, s->p, credssp->identity.PasswordLength);
stream_seek(s, credssp->identity.PasswordLength);
}
void credssp_write_ts_password_creds(rdpCredssp* credssp, STREAM* s)
{
int length;
length = credssp_skip_ts_password_creds(credssp);
/* TSPasswordCreds (SEQUENCE) */
length = ber_get_content_length(length);
ber_write_sequence_tag(s, length);
/* [0] domainName (OCTET STRING) */
ber_write_contextual_tag(s, 0, credssp->identity.DomainLength + 2, true);
ber_write_octet_string(s, (BYTE*) credssp->identity.Domain, credssp->identity.DomainLength);
/* [1] userName (OCTET STRING) */
ber_write_contextual_tag(s, 1, credssp->identity.UserLength + 2, true);
ber_write_octet_string(s, (BYTE*) credssp->identity.User, credssp->identity.UserLength);
/* [2] password (OCTET STRING) */
ber_write_contextual_tag(s, 2, credssp->identity.PasswordLength + 2, true);
ber_write_octet_string(s, (BYTE*) credssp->identity.Password, credssp->identity.PasswordLength);
}
int credssp_skip_ts_credentials(rdpCredssp* credssp)
{
int length;
int ts_password_creds_length;
int ts_credentials_length = 0;
length = ber_skip_integer(0);
length += ber_skip_contextual_tag(length);
ts_credentials_length += length;
ts_password_creds_length = credssp_skip_ts_password_creds(credssp);
length = ber_skip_octet_string(ts_password_creds_length);
length += ber_skip_contextual_tag(length);
ts_credentials_length += length;
length = ber_skip_sequence(ts_credentials_length);
return length;
}
void credssp_read_ts_credentials(rdpCredssp* credssp, PSecBuffer ts_credentials)
{
STREAM* s;
int length;
int ts_password_creds_length;
s = stream_new(0);
stream_attach(s, ts_credentials->pvBuffer, ts_credentials->cbBuffer);
/* TSCredentials (SEQUENCE) */
ber_read_sequence_tag(s, &length);
/* [0] credType (INTEGER) */
ber_read_contextual_tag(s, 0, &length, true);
ber_read_integer(s, NULL);
/* [1] credentials (OCTET STRING) */
ber_read_contextual_tag(s, 1, &length, true);
ber_read_octet_string_tag(s, &ts_password_creds_length);
credssp_read_ts_password_creds(credssp, s);
stream_detach(s);
stream_free(s);
}
void credssp_write_ts_credentials(rdpCredssp* credssp, STREAM* s)
{
int length;
int ts_password_creds_length;
length = credssp_skip_ts_credentials(credssp);
ts_password_creds_length = credssp_skip_ts_password_creds(credssp);
/* TSCredentials (SEQUENCE) */
length = ber_get_content_length(length);
length -= ber_write_sequence_tag(s, length);
/* [0] credType (INTEGER) */
length -= ber_write_contextual_tag(s, 0, 3, true);
length -= ber_write_integer(s, 1);
/* [1] credentials (OCTET STRING) */
length -= 1;
length -= ber_write_contextual_tag(s, 1, length, true);
length -= ber_write_octet_string_tag(s, ts_password_creds_length);
credssp_write_ts_password_creds(credssp, s);
}
/**
* Encode TSCredentials structure.
* @param credssp
*/
void credssp_encode_ts_credentials(rdpCredssp* credssp)
{
STREAM* s;
int length;
s = stream_new(0);
length = credssp_skip_ts_credentials(credssp);
sspi_SecBufferAlloc(&credssp->ts_credentials, length);
stream_attach(s, credssp->ts_credentials.pvBuffer, length);
credssp_write_ts_credentials(credssp, s);
stream_detach(s);
stream_free(s);
}
SECURITY_STATUS credssp_encrypt_ts_credentials(rdpCredssp* credssp) SECURITY_STATUS credssp_encrypt_ts_credentials(rdpCredssp* credssp)
{ {
BYTE* p; BYTE* p;
@ -779,127 +946,17 @@ SECURITY_STATUS credssp_decrypt_ts_credentials(rdpCredssp* credssp)
status = credssp->table->DecryptMessage(&credssp->context, &Message, 1, 0); status = credssp->table->DecryptMessage(&credssp->context, &Message, 1, 0);
freerdp_hexdump(Buffers[0].pvBuffer, Buffers[0].cbBuffer);
freerdp_hexdump(Buffers[1].pvBuffer, Buffers[1].cbBuffer);
if (status != SEC_E_OK) if (status != SEC_E_OK)
return status; return status;
credssp_read_ts_credentials(credssp, &Buffers[1]);
free(Buffers[0].pvBuffer); free(Buffers[0].pvBuffer);
free(Buffers[1].pvBuffer); free(Buffers[1].pvBuffer);
return SEC_E_OK; return SEC_E_OK;
} }
int credssp_skip_ts_password_creds(rdpCredssp* credssp)
{
int length;
int ts_password_creds_length = 0;
length = ber_skip_octet_string(credssp->identity.DomainLength);
length += ber_skip_contextual_tag(length);
ts_password_creds_length += length;
length = ber_skip_octet_string(credssp->identity.UserLength);
length += ber_skip_contextual_tag(length);
ts_password_creds_length += length;
length = ber_skip_octet_string(credssp->identity.PasswordLength);
length += ber_skip_contextual_tag(length);
ts_password_creds_length += length;
length = ber_skip_sequence(ts_password_creds_length);
return length;
}
void credssp_write_ts_password_creds(rdpCredssp* credssp, STREAM* s)
{
int length;
length = credssp_skip_ts_password_creds(credssp);
/* TSPasswordCreds (SEQUENCE) */
length = ber_get_content_length(length);
ber_write_sequence_tag(s, length);
/* [0] domainName (OCTET STRING) */
ber_write_contextual_tag(s, 0, credssp->identity.DomainLength + 2, true);
ber_write_octet_string(s, (uint8*) credssp->identity.Domain, credssp->identity.DomainLength);
/* [1] userName (OCTET STRING) */
ber_write_contextual_tag(s, 1, credssp->identity.UserLength + 2, true);
ber_write_octet_string(s, (uint8*) credssp->identity.User, credssp->identity.UserLength);
/* [2] password (OCTET STRING) */
ber_write_contextual_tag(s, 2, credssp->identity.PasswordLength + 2, true);
ber_write_octet_string(s, (uint8*) credssp->identity.Password, credssp->identity.PasswordLength);
}
int credssp_skip_ts_credentials(rdpCredssp* credssp)
{
int length;
int ts_password_creds_length;
int ts_credentials_length = 0;
length = ber_skip_integer(0);
length += ber_skip_contextual_tag(length);
ts_credentials_length += length;
ts_password_creds_length = credssp_skip_ts_password_creds(credssp);
length = ber_skip_octet_string(ts_password_creds_length);
length += ber_skip_contextual_tag(length);
ts_credentials_length += length;
length = ber_skip_sequence(ts_credentials_length);
return length;
}
void credssp_write_ts_credentials(rdpCredssp* credssp, STREAM* s)
{
int length;
int ts_password_creds_length;
length = credssp_skip_ts_credentials(credssp);
ts_password_creds_length = credssp_skip_ts_password_creds(credssp);
/* TSCredentials (SEQUENCE) */
length = ber_get_content_length(length);
length -= ber_write_sequence_tag(s, length);
/* [0] credType (INTEGER) */
length -= ber_write_contextual_tag(s, 0, 3, true);
length -= ber_write_integer(s, 1);
/* [1] credentials (OCTET STRING) */
length -= 1;
length -= ber_write_contextual_tag(s, 1, length, true);
length -= ber_write_octet_string_tag(s, ts_password_creds_length);
credssp_write_ts_password_creds(credssp, s);
}
/**
* Encode TSCredentials structure.
* @param credssp
*/
void credssp_encode_ts_credentials(rdpCredssp* credssp)
{
STREAM* s;
int length;
s = stream_new(0);
length = credssp_skip_ts_credentials(credssp);
sspi_SecBufferAlloc(&credssp->ts_credentials, length);
stream_attach(s, credssp->ts_credentials.pvBuffer, length);
credssp_write_ts_credentials(credssp, s);
stream_detach(s);
stream_free(s);
}
int credssp_skip_nego_token(int length) int credssp_skip_nego_token(int length)
{ {
length = ber_skip_octet_string(length); length = ber_skip_octet_string(length);
@ -1031,7 +1088,7 @@ int credssp_recv(rdpCredssp* credssp)
ber_read_sequence_tag(s, &length); /* SEQUENCE OF NegoDataItem */ ber_read_sequence_tag(s, &length); /* SEQUENCE OF NegoDataItem */
ber_read_sequence_tag(s, &length); /* NegoDataItem */ ber_read_sequence_tag(s, &length); /* NegoDataItem */
ber_read_contextual_tag(s, 0, &length, true); /* [0] negoToken */ ber_read_contextual_tag(s, 0, &length, true); /* [0] negoToken */
ber_read_octet_string(s, &length); /* OCTET STRING */ ber_read_octet_string_tag(s, &length); /* OCTET STRING */
sspi_SecBufferAlloc(&credssp->negoToken, length); sspi_SecBufferAlloc(&credssp->negoToken, length);
stream_read(s, credssp->negoToken.pvBuffer, length); stream_read(s, credssp->negoToken.pvBuffer, length);
credssp->negoToken.cbBuffer = length; credssp->negoToken.cbBuffer = length;
@ -1040,7 +1097,7 @@ int credssp_recv(rdpCredssp* credssp)
/* [2] authInfo (OCTET STRING) */ /* [2] authInfo (OCTET STRING) */
if (ber_read_contextual_tag(s, 2, &length, true) != false) if (ber_read_contextual_tag(s, 2, &length, true) != false)
{ {
ber_read_octet_string(s, &length); /* OCTET STRING */ ber_read_octet_string_tag(s, &length); /* OCTET STRING */
sspi_SecBufferAlloc(&credssp->authInfo, length); sspi_SecBufferAlloc(&credssp->authInfo, length);
stream_read(s, credssp->authInfo.pvBuffer, length); stream_read(s, credssp->authInfo.pvBuffer, length);
credssp->authInfo.cbBuffer = length; credssp->authInfo.cbBuffer = length;
@ -1049,7 +1106,7 @@ int credssp_recv(rdpCredssp* credssp)
/* [3] pubKeyAuth (OCTET STRING) */ /* [3] pubKeyAuth (OCTET STRING) */
if (ber_read_contextual_tag(s, 3, &length, true) != false) if (ber_read_contextual_tag(s, 3, &length, true) != false)
{ {
ber_read_octet_string(s, &length); /* OCTET STRING */ ber_read_octet_string_tag(s, &length); /* OCTET STRING */
sspi_SecBufferAlloc(&credssp->pubKeyAuth, length); sspi_SecBufferAlloc(&credssp->pubKeyAuth, length);
stream_read(s, credssp->pubKeyAuth.pvBuffer, length); stream_read(s, credssp->pubKeyAuth.pvBuffer, length);
credssp->pubKeyAuth.cbBuffer = length; credssp->pubKeyAuth.cbBuffer = length;