BOOL ntlm_client_init(rdpNtlm* ntlm, BOOL http, LPCTSTR user, LPCTSTR domain, LPCTSTR password,
SecPkgContext_Bindings* Bindings)
{
SECURITY_STATUS status;
ntlm->http = http;
ntlm->Bindings = Bindings;
ntlm->table = InitSecurityInterfaceEx(0);
if (!ntlm->table)
return FALSE;
sspi_SetAuthIdentity(&(ntlm->identity), user, domain, password);
status = ntlm->table->QuerySecurityPackageInfo(NTLM_SSP_NAME, &ntlm->pPackageInfo);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
return FALSE;
}
ntlm->cbMaxToken = ntlm->pPackageInfo->cbMaxToken;
status = ntlm->table->AcquireCredentialsHandle(NULL, NTLM_SSP_NAME,
SECPKG_CRED_OUTBOUND, NULL, &ntlm->identity, NULL, NULL,
&ntlm->credentials, &ntlm->expiration);
if (status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [0x%08"PRIX32"]",
GetSecurityStatusString(status), status);
return FALSE;
}
ntlm->haveContext = FALSE;
ntlm->haveInputBuffer = FALSE;
ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
ntlm->fContextReq = 0;
if (ntlm->http)
{
/* flags for HTTP authentication */
ntlm->fContextReq |= ISC_REQ_CONFIDENTIALITY;
}
else
{
/**
* flags for RPC authentication:
* RPC_C_AUTHN_LEVEL_PKT_INTEGRITY:
* ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH |
* ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT
*/
ntlm->fContextReq |= ISC_REQ_USE_DCE_STYLE;
ntlm->fContextReq |= ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH;
ntlm->fContextReq |= ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT;
}
return TRUE;
}
int nla_server_init(rdpNla* nla)
{
rdpTls* tls = nla->transport->tls;
if (!sspi_SecBufferAlloc(&nla->PublicKey, tls->PublicKeyLength))
{
WLog_ERR(TAG, "Failed to allocate SecBuffer for public key");
return -1;
}
CopyMemory(nla->PublicKey.pvBuffer, tls->PublicKey, tls->PublicKeyLength);
if (nla->SspiModule)
{
HMODULE hSSPI;
INIT_SECURITY_INTERFACE pInitSecurityInterface;
hSSPI = LoadLibrary(nla->SspiModule);
if (!hSSPI)
{
WLog_ERR(TAG, "Failed to load SSPI module: %s", nla->SspiModule);
return -1;
}
#ifdef UNICODE
pInitSecurityInterface = (INIT_SECURITY_INTERFACE) GetProcAddress(hSSPI, "InitSecurityInterfaceW");
#else
pInitSecurityInterface = (INIT_SECURITY_INTERFACE) GetProcAddress(hSSPI, "InitSecurityInterfaceA");
#endif
nla->table = pInitSecurityInterface();
}
else
{
nla->table = InitSecurityInterfaceEx(0);
}
nla->status = nla->table->QuerySecurityPackageInfo(NLA_PKG_NAME, &nla->pPackageInfo);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
nla->cbMaxToken = nla->pPackageInfo->cbMaxToken;
nla->status = nla->table->AcquireCredentialsHandle(NULL, NLA_PKG_NAME,
SECPKG_CRED_INBOUND, NULL, NULL, NULL, NULL, &nla->credentials, &nla->expiration);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
nla->haveContext = FALSE;
nla->haveInputBuffer = FALSE;
nla->havePubKeyAuth = FALSE;
ZeroMemory(&nla->inputBuffer, sizeof(SecBuffer));
ZeroMemory(&nla->outputBuffer, sizeof(SecBuffer));
ZeroMemory(&nla->inputBufferDesc, sizeof(SecBufferDesc));
ZeroMemory(&nla->outputBufferDesc, sizeof(SecBufferDesc));
ZeroMemory(&nla->ContextSizes, sizeof(SecPkgContext_Sizes));
/*
* from tspkg.dll: 0x00000112
* ASC_REQ_MUTUAL_AUTH
* ASC_REQ_CONFIDENTIALITY
* ASC_REQ_ALLOCATE_MEMORY
*/
nla->fContextReq = 0;
nla->fContextReq |= ASC_REQ_MUTUAL_AUTH;
nla->fContextReq |= ASC_REQ_CONFIDENTIALITY;
nla->fContextReq |= ASC_REQ_CONNECTION;
nla->fContextReq |= ASC_REQ_USE_SESSION_KEY;
nla->fContextReq |= ASC_REQ_REPLAY_DETECT;
nla->fContextReq |= ASC_REQ_SEQUENCE_DETECT;
nla->fContextReq |= ASC_REQ_EXTENDED_ERROR;
return 1;
}
int nla_client_init(rdpNla* nla)
{
char* spn;
int length;
rdpTls* tls = NULL;
BOOL PromptPassword = FALSE;
freerdp* instance = nla->instance;
rdpSettings* settings = nla->settings;
WINPR_SAM* sam;
WINPR_SAM_ENTRY* entry;
nla->state = NLA_STATE_INITIAL;
if (settings->RestrictedAdminModeRequired)
settings->DisableCredentialsDelegation = TRUE;
if ((!settings->Password) || (!settings->Username)
|| (!strlen(settings->Username)))
{
PromptPassword = TRUE;
}
if (PromptPassword && settings->Username && strlen(settings->Username))
{
sam = SamOpen(TRUE);
if (sam)
{
entry = SamLookupUserA(sam, settings->Username, strlen(settings->Username), NULL, 0);
if (entry)
{
/**
* The user could be found in SAM database.
* Use entry in SAM database later instead of prompt
*/
PromptPassword = FALSE;
SamFreeEntry(sam, entry);
}
SamClose(sam);
}
}
#ifndef _WIN32
if (PromptPassword)
{
if (settings->RestrictedAdminModeRequired)
{
if ((settings->PasswordHash) && (strlen(settings->PasswordHash) > 0))
PromptPassword = FALSE;
}
}
#endif
if (PromptPassword)
{
if (instance->Authenticate)
{
BOOL proceed = instance->Authenticate(instance,
&settings->Username, &settings->Password, &settings->Domain);
if (!proceed)
{
freerdp_set_last_error(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
return 0;
}
}
}
if (!settings->Username)
{
nla_identity_free(nla->identity);
nla->identity = NULL;
}
else
sspi_SetAuthIdentity(nla->identity, settings->Username, settings->Domain,
settings->Password);
#ifndef _WIN32
{
SEC_WINNT_AUTH_IDENTITY* identity = nla->identity;
if (!identity)
{
WLog_ERR(TAG, "NLA identity=%p", identity);
return -1;
}
if (settings->RestrictedAdminModeRequired)
{
if (settings->PasswordHash)
{
if (strlen(settings->PasswordHash) == 32)
{
free(identity->Password);
identity->PasswordLength = ConvertToUnicode(CP_UTF8, 0,
settings->PasswordHash, -1, &identity->Password, 0) - 1;
/**
* Multiply password hash length by 64 to obtain a length exceeding
* the maximum (256) and use it this for hash identification in WinPR.
*/
identity->PasswordLength = 32 * 64; /* 2048 */
}
}
}
}
#endif
tls = nla->transport->tls;
if (!tls)
{
WLog_ERR(TAG, "Unknown NLA transport layer");
return -1;
}
if (!sspi_SecBufferAlloc(&nla->PublicKey, tls->PublicKeyLength))
{
WLog_ERR(TAG, "Failed to allocate sspic secBuffer");
return -1;
}
CopyMemory(nla->PublicKey.pvBuffer, tls->PublicKey, tls->PublicKeyLength);
length = sizeof(TERMSRV_SPN_PREFIX) + strlen(settings->ServerHostname);
spn = (SEC_CHAR*) malloc(length + 1);
if (!spn)
return -1;
sprintf(spn, "%s%s", TERMSRV_SPN_PREFIX, settings->ServerHostname);
#ifdef UNICODE
nla->ServicePrincipalName = NULL;
ConvertToUnicode(CP_UTF8, 0, spn, -1, &nla->ServicePrincipalName, 0);
free(spn);
#else
nla->ServicePrincipalName = spn;
#endif
nla->table = InitSecurityInterfaceEx(0);
nla->status = nla->table->QuerySecurityPackageInfo(NLA_PKG_NAME, &nla->pPackageInfo);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
nla->cbMaxToken = nla->pPackageInfo->cbMaxToken;
nla->status = nla->table->AcquireCredentialsHandle(NULL, NLA_PKG_NAME,
SECPKG_CRED_OUTBOUND, NULL, nla->identity, NULL, NULL, &nla->credentials,
&nla->expiration);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
nla->haveContext = FALSE;
nla->haveInputBuffer = FALSE;
nla->havePubKeyAuth = FALSE;
ZeroMemory(&nla->inputBuffer, sizeof(SecBuffer));
ZeroMemory(&nla->outputBuffer, sizeof(SecBuffer));
ZeroMemory(&nla->ContextSizes, sizeof(SecPkgContext_Sizes));
/*
* from tspkg.dll: 0x00000132
* ISC_REQ_MUTUAL_AUTH
* ISC_REQ_CONFIDENTIALITY
* ISC_REQ_USE_SESSION_KEY
* ISC_REQ_ALLOCATE_MEMORY
*/
nla->fContextReq = ISC_REQ_MUTUAL_AUTH | ISC_REQ_CONFIDENTIALITY | ISC_REQ_USE_SESSION_KEY;
return 1;
}
