diff --git a/libfreerdp/core/gateway/ncacn_http.c b/libfreerdp/core/gateway/ncacn_http.c index fec6d6158..01c14dfb6 100644 --- a/libfreerdp/core/gateway/ncacn_http.c +++ b/libfreerdp/core/gateway/ncacn_http.c @@ -27,6 +27,7 @@ #include #include "../utils.h" +#include "../settings.h" #define TAG FREERDP_TAG("core.gateway.ntlm") @@ -176,8 +177,8 @@ BOOL rpc_ncacn_http_auth_init(rdpContext* context, RpcChannel* channel) if (!credssp_auth_init(auth, AUTH_PKG, tls->Bindings)) return FALSE; - if (sspi_SetAuthIdentityA(&identity, settings->GatewayUsername, settings->GatewayDomain, - settings->GatewayPassword) < 0) + if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername, + FreeRDP_GatewayDomain, FreeRDP_GatewayPassword)) return FALSE; const BOOL res = diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c index e9ee61e87..59e084955 100644 --- a/libfreerdp/core/gateway/rdg.c +++ b/libfreerdp/core/gateway/rdg.c @@ -40,6 +40,7 @@ #include "../../crypto/opensslcompat.h" #include "rpc_fault.h" #include "../utils.h" +#include "../settings.h" #define TAG FREERDP_TAG("core.gateway.rdg") @@ -1708,31 +1709,18 @@ static BOOL rdg_auth_init(rdpRdg* rdg, rdpTls* tls, TCHAR* authPkg) return FALSE; } -#ifdef _WIN32 if (doSCLogon) { - CERT_CREDENTIAL_INFO certInfo = { sizeof(CERT_CREDENTIAL_INFO), { 0 } }; - LPSTR marshalledCredentials; - - memcpy(certInfo.rgbHashOfCert, rdg->smartcard->sha1Hash, sizeof(certInfo.rgbHashOfCert)); - - if (!CredMarshalCredentialA(CertCredential, &certInfo, &marshalledCredentials)) - { - WLog_ERR(TAG, "error marshaling cert credentials"); + if (!identity_set_from_smartcard_hash(&identity, settings, FreeRDP_GatewayUsername, + FreeRDP_GatewayDomain, FreeRDP_GatewayPassword, + rdg->smartcard->sha1Hash, + sizeof(rdg->smartcard->sha1Hash))) return FALSE; - } - - if (sspi_SetAuthIdentityA(&identity, marshalledCredentials, NULL, - settings->GatewayPassword) < 0) - return FALSE; - - CredFree(marshalledCredentials); } else -#endif { - if (sspi_SetAuthIdentityA(&identity, settings->GatewayUsername, settings->GatewayDomain, - settings->GatewayPassword) < 0) + if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername, + FreeRDP_GatewayDomain, FreeRDP_GatewayPassword)) return FALSE; } diff --git a/libfreerdp/core/gateway/rpc_bind.c b/libfreerdp/core/gateway/rpc_bind.c index ec07edbef..2dfa5116d 100644 --- a/libfreerdp/core/gateway/rpc_bind.c +++ b/libfreerdp/core/gateway/rpc_bind.c @@ -30,6 +30,7 @@ #include "rpc_bind.h" #include "../utils.h" +#include "../settings.h" #define TAG FREERDP_TAG("core.gateway.rpc") @@ -150,8 +151,8 @@ static int rpc_bind_setup(rdpRpc* rpc) if (!credssp_auth_init(rpc->auth, AUTH_PKG, NULL)) return -1; - if (sspi_SetAuthIdentityA(&identity, settings->GatewayUsername, settings->GatewayDomain, - settings->GatewayPassword) < 0) + if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername, + FreeRDP_GatewayDomain, FreeRDP_GatewayPassword)) return -1; if (!credssp_auth_setup_client(rpc->auth, NULL, settings->GatewayHostname, &identity, NULL)) diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index 58026a12b..938a8434e 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -46,6 +46,7 @@ #include "utils.h" #include "credssp_auth.h" #include +#include "settings.h" #define TAG FREERDP_TAG("core.nla") @@ -270,52 +271,6 @@ out: return ret; } -static void zfree(WCHAR* str, size_t len) -{ - if (str) - memset(str, 0, len * sizeof(WCHAR)); - free(str); -} - -static BOOL nla_set_identity_from_settings_with_pwd(rdpNla* nla, const rdpSettings* settings, - size_t UserId, size_t DomainId, - const WCHAR* Password, size_t pwdLen) -{ - WINPR_ASSERT(nla); - WINPR_ASSERT(settings); - - size_t UserLen = 0; - size_t DomainLen = 0; - - WCHAR* Username = freerdp_settings_get_string_as_utf16(settings, UserId, &UserLen); - WCHAR* Domain = freerdp_settings_get_string_as_utf16(settings, DomainId, &DomainLen); - - sspi_FreeAuthIdentity(nla->identity); - const int rc = sspi_SetAuthIdentityWithLengthW(nla->identity, Username, UserLen, Domain, - DomainLen, Password, pwdLen); - zfree(Username, UserLen); - zfree(Domain, DomainLen); - if (rc < 0) - return FALSE; - return TRUE; -} - -static BOOL nla_set_identity_from_settings(rdpNla* nla, const rdpSettings* settings, size_t UserId, - size_t DomainId, size_t PwdId) -{ - WINPR_ASSERT(nla); - WINPR_ASSERT(settings); - - size_t PwdLen = 0; - - WCHAR* Password = freerdp_settings_get_string_as_utf16(settings, PwdId, &PwdLen); - - const BOOL rc = - nla_set_identity_from_settings_with_pwd(nla, settings, UserId, DomainId, Password, PwdLen); - zfree(Password, PwdLen); - return rc; -} - static BOOL nla_client_setup_identity(rdpNla* nla) { BOOL PromptPassword = FALSE; @@ -402,33 +357,10 @@ static BOOL nla_client_setup_identity(rdpNla* nla) return FALSE; } -#ifdef _WIN32 - CERT_CREDENTIAL_INFO certInfo = { sizeof(CERT_CREDENTIAL_INFO), { 0 } }; - LPWSTR marshalledCredentials = NULL; - - memcpy(certInfo.rgbHashOfCert, nla->certSha1, sizeof(certInfo.rgbHashOfCert)); - - if (!CredMarshalCredentialW(CertCredential, &certInfo, &marshalledCredentials)) - { - WLog_ERR(TAG, "error marshalling cert credentials"); + if (!identity_set_from_smartcard_hash(nla->identity, settings, FreeRDP_Username, + FreeRDP_Domain, FreeRDP_Password, nla->certSha1, + sizeof(nla->certSha1))) return FALSE; - } - - size_t pwdLen = 0; - WCHAR* Password = freerdp_settings_get_string_as_utf16(settings, FreeRDP_Password, &pwdLen); - const int rc = sspi_SetAuthIdentityWithLengthW(nla->identity, marshalledCredentials, - _wcslen(marshalledCredentials), NULL, 0, - Password, pwdLen); - zfree(Password, pwdLen); - CredFree(marshalledCredentials); - if (rc < 0) - return FALSE; - -#else - if (!nla_set_identity_from_settings(nla, settings, FreeRDP_Username, FreeRDP_Domain, - FreeRDP_Password)) - return FALSE; -#endif /* _WIN32 */ } else { @@ -436,8 +368,8 @@ static BOOL nla_client_setup_identity(rdpNla* nla) if (settings->RedirectionPassword && (settings->RedirectionPasswordLength > 0)) { - if (!nla_set_identity_from_settings_with_pwd( - nla, settings, FreeRDP_Username, FreeRDP_Domain, + if (!identity_set_from_settings_with_pwd( + nla->identity, settings, FreeRDP_Username, FreeRDP_Domain, (const WCHAR*)settings->RedirectionPassword, settings->RedirectionPasswordLength / sizeof(WCHAR))) return FALSE; @@ -449,8 +381,8 @@ static BOOL nla_client_setup_identity(rdpNla* nla) { if (settings->PasswordHash && strlen(settings->PasswordHash) == 32) { - if (!nla_set_identity_from_settings(nla, settings, FreeRDP_Username, FreeRDP_Domain, - FreeRDP_PasswordHash)) + if (!identity_set_from_settings(nla->identity, settings, FreeRDP_Username, + FreeRDP_Domain, FreeRDP_PasswordHash)) return FALSE; /** @@ -465,8 +397,8 @@ static BOOL nla_client_setup_identity(rdpNla* nla) if (usePassword) { - if (!nla_set_identity_from_settings(nla, settings, FreeRDP_Username, FreeRDP_Domain, - FreeRDP_Password)) + if (!identity_set_from_settings(nla->identity, settings, FreeRDP_Username, + FreeRDP_Domain, FreeRDP_Password)) return FALSE; } } diff --git a/libfreerdp/core/settings.c b/libfreerdp/core/settings.c index c4bd156f7..fd46fd96f 100644 --- a/libfreerdp/core/settings.c +++ b/libfreerdp/core/settings.c @@ -1140,3 +1140,79 @@ out_fail: #ifdef _MSC_VER #pragma warning(pop) #endif + +static void zfree(WCHAR* str, size_t len) +{ + if (str) + memset(str, 0, len * sizeof(WCHAR)); + free(str); +} + +BOOL identity_set_from_settings_with_pwd(SEC_WINNT_AUTH_IDENTITY* identity, + const rdpSettings* settings, size_t UserId, + size_t DomainId, const WCHAR* Password, size_t pwdLen) +{ + WINPR_ASSERT(identity); + WINPR_ASSERT(settings); + + size_t UserLen = 0; + size_t DomainLen = 0; + + WCHAR* Username = freerdp_settings_get_string_as_utf16(settings, UserId, &UserLen); + WCHAR* Domain = freerdp_settings_get_string_as_utf16(settings, DomainId, &DomainLen); + + const int rc = sspi_SetAuthIdentityWithLengthW(identity, Username, UserLen, Domain, DomainLen, + Password, pwdLen); + zfree(Username, UserLen); + zfree(Domain, DomainLen); + if (rc < 0) + return FALSE; + return TRUE; +} + +BOOL identity_set_from_settings(SEC_WINNT_AUTH_IDENTITY_W* identity, const rdpSettings* settings, + size_t UserId, size_t DomainId, size_t PwdId) +{ + WINPR_ASSERT(identity); + WINPR_ASSERT(settings); + + size_t PwdLen = 0; + + WCHAR* Password = freerdp_settings_get_string_as_utf16(settings, PwdId, &PwdLen); + + const BOOL rc = + identity_set_from_settings_with_pwd(identity, settings, UserId, DomainId, Password, PwdLen); + zfree(Password, PwdLen); + return rc; +} + +BOOL identity_set_from_smartcard_hash(SEC_WINNT_AUTH_IDENTITY_W* identity, + const rdpSettings* settings, size_t userId, size_t domainId, + size_t pwdId, const BYTE* certSha1, size_t sha1len) +{ +#ifdef _WIN32 + CERT_CREDENTIAL_INFO certInfo = { sizeof(CERT_CREDENTIAL_INFO), { 0 } }; + LPWSTR marshalledCredentials = NULL; + + memcpy(certInfo.rgbHashOfCert, certSha1, MIN(sha1len, sizeof(certInfo.rgbHashOfCert))); + + if (!CredMarshalCredentialW(CertCredential, &certInfo, &marshalledCredentials)) + { + WLog_ERR(TAG, "error marshalling cert credentials"); + return FALSE; + } + + size_t pwdLen = 0; + WCHAR* Password = freerdp_settings_get_string_as_utf16(settings, pwdId, &pwdLen); + const int rc = sspi_SetAuthIdentityWithLengthW( + identity, marshalledCredentials, _wcslen(marshalledCredentials), NULL, 0, Password, pwdLen); + zfree(Password, pwdLen); + CredFree(marshalledCredentials); + if (rc < 0) + return FALSE; + +#else + if (!identity_set_from_settings(identity, settings, userId, domainId, pwdId)) + return FALSE; +#endif /* _WIN32 */ +} diff --git a/libfreerdp/core/settings.h b/libfreerdp/core/settings.h index 55a36a3ea..19aaeac0e 100644 --- a/libfreerdp/core/settings.h +++ b/libfreerdp/core/settings.h @@ -22,6 +22,7 @@ #define FREERDP_LIB_CORE_SETTINGS_H #include +#include #include @@ -40,4 +41,16 @@ FREERDP_LOCAL BOOL freerdp_settings_set_string_copy_(rdpSettings* settings, size const char* val, size_t len, BOOL cleanup); FREERDP_LOCAL BOOL freerdp_capability_buffer_allocate(rdpSettings* settings, UINT32 count); +FREERDP_LOCAL BOOL identity_set_from_settings_with_pwd(SEC_WINNT_AUTH_IDENTITY_W* identity, + const rdpSettings* settings, size_t UserId, + size_t DomainId, const WCHAR* Password, + size_t pwdLen); +FREERDP_LOCAL BOOL identity_set_from_settings(SEC_WINNT_AUTH_IDENTITY_W* identity, + const rdpSettings* settings, size_t UserId, + size_t DomainId, size_t PwdId); +FREERDP_LOCAL BOOL identity_set_from_smartcard_hash(SEC_WINNT_AUTH_IDENTITY_W* identity, + const rdpSettings* settings, size_t userId, + size_t domainId, size_t pwdId, + const BYTE* certSha1, size_t sha1len); + #endif /* FREERDP_LIB_CORE_SETTINGS_H */