From 44c82cd929efd76d2fa55677375ca761d6868589 Mon Sep 17 00:00:00 2001
From: David Fort <contact@hardening-consulting.com>
Date: Wed, 2 Feb 2022 10:59:05 +0100
Subject: [PATCH] Fixes various akallabeth remarks

---
 client/common/CMakeLists.txt                      |  3 ++-
 client/common/cmdline.c                           |  1 -
 .../utils => client/common}/smartcard_cli.c       |  2 +-
 libfreerdp/core/nla.c                             | 15 +++++++--------
 libfreerdp/core/smartcardlogon.c                  |  7 ++++---
 libfreerdp/core/smartcardlogon.h                  | 11 ++++++-----
 libfreerdp/utils/CMakeLists.txt                   |  1 -
 {scripts => tools}/update-rdpSettings             |  0
 {scripts => tools}/update-settings-tests          |  0
 9 files changed, 20 insertions(+), 20 deletions(-)
 rename {libfreerdp/utils => client/common}/smartcard_cli.c (96%)
 rename {scripts => tools}/update-rdpSettings (100%)
 rename {scripts => tools}/update-settings-tests (100%)

diff --git a/client/common/CMakeLists.txt b/client/common/CMakeLists.txt
index a83a8808d..01f637932 100644
--- a/client/common/CMakeLists.txt
+++ b/client/common/CMakeLists.txt
@@ -30,7 +30,8 @@ set(${MODULE_PREFIX}_SRCS
 	client_rails.c
 	cmdline.c
 	file.c
-	geometry.c)
+	geometry.c
+	smartcard_cli.c)
 
 foreach(FREERDP_CHANNELS_CLIENT_SRC ${FREERDP_CHANNELS_CLIENT_SRCS})
 	get_filename_component(NINC ${FREERDP_CHANNELS_CLIENT_SRC} PATH)
diff --git a/client/common/cmdline.c b/client/common/cmdline.c
index ed3c77739..8a2daa10e 100644
--- a/client/common/cmdline.c
+++ b/client/common/cmdline.c
@@ -480,7 +480,6 @@ BOOL freerdp_client_print_command_line_help_ex(int argc, char** argv,
 	printf("\n");
 	printf("Drive Redirection: /drive:home,/home/user\n");
 	printf("Smartcard Redirection: /smartcard:<device>\n");
-	printf("Smartcard logon with rdp only:                /smartcard-logon [/sec:rdp]\n");
 	printf("Smartcard logon with Kerberos authentication: /smartcard-logon /sec:nla\n");
 	printf("Those options are only accepted with /smartcard-logon:\n");
 	printf("    PIN code: /pin:<PIN code>\n");
diff --git a/libfreerdp/utils/smartcard_cli.c b/client/common/smartcard_cli.c
similarity index 96%
rename from libfreerdp/utils/smartcard_cli.c
rename to client/common/smartcard_cli.c
index 98479b79c..86668d761 100644
--- a/libfreerdp/utils/smartcard_cli.c
+++ b/client/common/smartcard_cli.c
@@ -17,7 +17,7 @@
  * limitations under the License.
  */
 #include <freerdp/utils/smartcard_cli.h>
-#include "../core/smartcardlogon.h"
+#include "../../libfreerdp/core/smartcardlogon.h"
 
 BOOL freerdp_smartcard_list(rdpSettings* settings)
 {
diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c
index 19c376b17..595fdd4c1 100644
--- a/libfreerdp/core/nla.c
+++ b/libfreerdp/core/nla.c
@@ -140,7 +140,7 @@ struct rdp_nla
 	LPTSTR ServicePrincipalName;
 	void* identityPtr;
 	SEC_WINNT_AUTH_IDENTITY* identity;
-	SEC_WINNT_AUTH_IDENTITY_EXW identityEx;
+	SEC_WINNT_AUTH_IDENTITY_EXA identityEx;
 	SEC_WINNT_AUTH_IDENTITY_WINPRA identityWinPr;
 	SEC_WINPR_KERBEROS_SETTINGS kerberosSettings;
 	PSecurityFunctionTable table;
@@ -687,15 +687,15 @@ static BOOL nla_client_setup_identity(rdpNla* nla)
 	{
 #ifdef _WIN32
 		{
-			SEC_WINNT_AUTH_IDENTITY_EXW* identityEx;
+			SEC_WINNT_AUTH_IDENTITY_EXA* identityEx;
 			CERT_CREDENTIAL_INFO certInfo = { sizeof(CERT_CREDENTIAL_INFO), { 0 } };
-			LPWSTR marshalledCredentials;
+			LPSTR marshalledCredentials;
 
 			identityEx = &nla->identityEx;
 			memcpy(certInfo.rgbHashOfCert, nla->kerberosSettings.certSha1,
 			       sizeof(certInfo.rgbHashOfCert));
 
-			if (!CredMarshalCredentialW(CertCredential, &certInfo, &marshalledCredentials))
+			if (!CredMarshalCredentialA(CertCredential, &certInfo, &marshalledCredentials))
 			{
 				WLog_ERR(TAG, "error marshalling cert credentials");
 				return FALSE;
@@ -703,9 +703,9 @@ static BOOL nla_client_setup_identity(rdpNla* nla)
 
 			identityEx->Version = SEC_WINNT_AUTH_IDENTITY_VERSION;
 			identityEx->Length = sizeof(*identityEx);
-			identityEx->User = (PUSHORT)marshalledCredentials;
-			identityEx->UserLength = _wcslen(marshalledCredentials);
-			if (ConvertToUnicode(CP_UTF8, 0, settings->Pin, -1, &identityEx->Password, 0) <= 0)
+			identityEx->User = (BYTE*)marshalledCredentials;
+			identityEx->UserLength = strlen(marshalledCredentials);
+			if (!(identityEx->Password = (BYTE*)strdup(settings->Pin)))
 				return FALSE;
 			identityEx->PasswordLength = strlen(settings->Pin);
 			identityEx->Domain = NULL;
@@ -1911,7 +1911,6 @@ fail:
 	return ret;
 }
 
-
 /**
  * Encode TSCredentials structure.
  * @param credssp
diff --git a/libfreerdp/core/smartcardlogon.c b/libfreerdp/core/smartcardlogon.c
index 606bdd6c4..960d117cf 100644
--- a/libfreerdp/core/smartcardlogon.c
+++ b/libfreerdp/core/smartcardlogon.c
@@ -132,11 +132,12 @@ static BOOL build_pkinit_args(rdpSettings* settings, SmartcardCert* scCert)
 	/* pkinit args only under windows
 	 * 		PKCS11:module_name=opensc-pkcs11.so
 	 */
-	size_t sz = strlen("PKCS11:module_name=:slotid=XXXXX");
+	size_t sz;
 	const char* pkModule = settings->Pkcs11Module ? settings->Pkcs11Module : "opensc-pkcs11.so";
 
-	sz += strlen(pkModule) + 1;
-
+	sz = _snprintf(NULL, 0, "PKCS11:module_name=%s:slotid=%" PRIu16, pkModule,
+	               (UINT16)scCert->slotId) +
+	     1;
 	scCert->pkinitArgs = malloc(sz);
 	if (!scCert->pkinitArgs)
 		return FALSE;
diff --git a/libfreerdp/core/smartcardlogon.h b/libfreerdp/core/smartcardlogon.h
index 8c0618b97..49f8391a1 100644
--- a/libfreerdp/core/smartcardlogon.h
+++ b/libfreerdp/core/smartcardlogon.h
@@ -22,7 +22,7 @@
 #include <freerdp/settings.h>
 #include <freerdp/crypto/crypto.h>
 
-typedef struct
+struct _SmartcardCert
 {
 	LPWSTR reader;
 	CryptoCert certificate;
@@ -37,11 +37,12 @@ typedef struct
 	BYTE atr[256];
 	DWORD atrLength;
 	BYTE sha1Hash[20];
-} SmartcardCert;
+};
+typedef struct _SmartcardCert SmartcardCert;
 
-void smartcardCert_Free(SmartcardCert* scCert);
+FREERDP_API void smartcardCert_Free(SmartcardCert* scCert);
 
-BOOL smartcard_enumerateCerts(rdpSettings* settings, SmartcardCert* scCert, DWORD count,
-                              DWORD* retCount);
+FREERDP_API BOOL smartcard_enumerateCerts(rdpSettings* settings, SmartcardCert* scCert, DWORD count,
+                                          DWORD* retCount);
 
 #endif /* LIBFREERDP_CORE_SMARTCARDLOGON_H */
diff --git a/libfreerdp/utils/CMakeLists.txt b/libfreerdp/utils/CMakeLists.txt
index 31d2216a8..2d02ac1fa 100644
--- a/libfreerdp/utils/CMakeLists.txt
+++ b/libfreerdp/utils/CMakeLists.txt
@@ -28,7 +28,6 @@ set(${MODULE_PREFIX}_SRCS
 	smartcard_operations.c
 	smartcard_pack.c
 	smartcard_call.c
-	smartcard_cli.c
 	stopwatch.c)
 
 freerdp_module_add(${${MODULE_PREFIX}_SRCS})
diff --git a/scripts/update-rdpSettings b/tools/update-rdpSettings
similarity index 100%
rename from scripts/update-rdpSettings
rename to tools/update-rdpSettings
diff --git a/scripts/update-settings-tests b/tools/update-settings-tests
similarity index 100%
rename from scripts/update-settings-tests
rename to tools/update-settings-tests