libwinpr-sspi: fix server-side NLA

diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c
index 6d4dab3..f1573a5 100644 (file)
--- a/libfreerdp/core/nla.c
+++ b/libfreerdp/core/nla.c
@@ -322,11 +322,19 @@ int credssp_client_authenticate(rdpCredssp* credssp)
                        input_buffer.pvBuffer = NULL;
                }
 
-               if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED) || (status == SEC_E_OK))
+               if ((status == SEC_I_COMPLETE_AND_CONTINUE) || (status == SEC_I_COMPLETE_NEEDED))
                {
                        if (credssp->table->CompleteAuthToken)
                                credssp->table->CompleteAuthToken(&credssp->context, &output_buffer_desc);
 
+                       if (status == SEC_I_COMPLETE_NEEDED)
+                               status = SEC_E_OK;
+                       else if (status == SEC_I_COMPLETE_AND_CONTINUE)
+                               status = SEC_I_CONTINUE_NEEDED;
+               }
+
+               if (status == SEC_E_OK)
+               {
                        have_pub_key_auth = TRUE;
 
                        if (credssp->table->QueryContextAttributes(&credssp->context, SECPKG_ATTR_SIZES, &credssp->ContextSizes) != SEC_E_OK)
@@ -336,11 +344,6 @@ int credssp_client_authenticate(rdpCredssp* credssp)
                        }
 
                        credssp_encrypt_public_key_echo(credssp);
-
-                       if (status == SEC_I_COMPLETE_NEEDED)
-                               status = SEC_E_OK;
-                       else if (status == SEC_I_COMPLETE_AND_CONTINUE)
-                               status = SEC_I_CONTINUE_NEEDED;
                }
 
                /* send authentication token to server */

diff --git a/server/X11/xf_peer.c b/server/X11/xf_peer.c
index 443123c..140dcd6 100644 (file)
--- a/server/X11/xf_peer.c
+++ b/server/X11/xf_peer.c
@@ -541,6 +541,10 @@ static void* xf_peer_main_loop(void* arg)
        settings->RemoteFxCodec = TRUE;
        settings->ColorDepth = 32;
 
+       settings->NlaSecurity = FALSE;
+       settings->TlsSecurity = TRUE;
+       settings->RdpSecurity = FALSE;
+
        client->Capabilities = xf_peer_capabilities;
        client->PostConnect = xf_peer_post_connect;
        client->Activate = xf_peer_activate;

diff --git a/winpr/libwinpr/sspi/sspi_winpr.c b/winpr/libwinpr/sspi/sspi_winpr.c
index 4da7bab..dee803b 100644 (file)
--- a/winpr/libwinpr/sspi/sspi_winpr.c
+++ b/winpr/libwinpr/sspi/sspi_winpr.c
@@ -1185,22 +1185,98 @@ SECURITY_STATUS SEC_ENTRY winpr_QueryContextAttributesA(PCtxtHandle phContext, U
 
 SECURITY_STATUS SEC_ENTRY winpr_QuerySecurityContextToken(PCtxtHandle phContext, HANDLE* phToken)
 {
-       return SEC_E_UNSUPPORTED_FUNCTION;
+       SEC_CHAR* Name;
+       SECURITY_STATUS status;
+       SecurityFunctionTableW* table;
+
+       Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+       if (!Name)
+               return SEC_E_SECPKG_NOT_FOUND;
+
+       table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+       if (!table)
+               return SEC_E_SECPKG_NOT_FOUND;
+
+       if (!table->QuerySecurityContextToken)
+               return SEC_E_UNSUPPORTED_FUNCTION;
+
+       status = table->QuerySecurityContextToken(phContext, phToken);
+
+       return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesW(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer)
 {
-       return SEC_E_UNSUPPORTED_FUNCTION;
+       SEC_CHAR* Name;
+       SECURITY_STATUS status;
+       SecurityFunctionTableW* table;
+
+       Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+       if (!Name)
+               return SEC_E_SECPKG_NOT_FOUND;
+
+       table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+       if (!table)
+               return SEC_E_SECPKG_NOT_FOUND;
+
+       if (!table->SetContextAttributesW)
+               return SEC_E_UNSUPPORTED_FUNCTION;
+
+       status = table->SetContextAttributesW(phContext, ulAttribute, pBuffer, cbBuffer);
+
+       return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_SetContextAttributesA(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer)
 {
-       return SEC_E_UNSUPPORTED_FUNCTION;
+       char* Name;
+       SECURITY_STATUS status;
+       SecurityFunctionTableA* table;
+
+       Name = (char*) sspi_SecureHandleGetUpperPointer(phContext);
+
+       if (!Name)
+               return SEC_E_SECPKG_NOT_FOUND;
+
+       table = sspi_GetSecurityFunctionTableAByNameA(Name);
+
+       if (!table)
+               return SEC_E_SECPKG_NOT_FOUND;
+
+       if (!table->SetContextAttributesA)
+               return SEC_E_UNSUPPORTED_FUNCTION;
+
+       status = table->SetContextAttributesA(phContext, ulAttribute, pBuffer, cbBuffer);
+
+       return status;
 }
 
 SECURITY_STATUS SEC_ENTRY winpr_RevertSecurityContext(PCtxtHandle phContext)
 {
-       return SEC_E_UNSUPPORTED_FUNCTION;
+       SEC_CHAR* Name;
+       SECURITY_STATUS status;
+       SecurityFunctionTableW* table;
+
+       Name = (SEC_CHAR*) sspi_SecureHandleGetUpperPointer(phContext);
+
+       if (!Name)
+               return SEC_E_SECPKG_NOT_FOUND;
+
+       table = sspi_GetSecurityFunctionTableWByNameA(Name);
+
+       if (!table)
+               return SEC_E_SECPKG_NOT_FOUND;
+
+       if (!table->RevertSecurityContext)
+               return SEC_E_UNSUPPORTED_FUNCTION;
+
+       status = table->RevertSecurityContext(phContext);
+
+       return status;
 }
 
 /* Message Support */

diff --git a/winpr/libwinpr/sspi/test/TestNTLM.c b/winpr/libwinpr/sspi/test/TestNTLM.c
index 9ed5f26..bf018a3 100644 (file)
--- a/winpr/libwinpr/sspi/test/TestNTLM.c
+++ b/winpr/libwinpr/sspi/test/TestNTLM.c
@@ -37,7 +37,6 @@ struct _TEST_NTLM_CLIENT
        SecPkgInfo* pPackageInfo;
        SecurityFunctionTable* table;
        SEC_WINNT_AUTH_IDENTITY identity;
-       SecPkgContext_Sizes ContextSizes;
 };
 typedef struct _TEST_NTLM_CLIENT TEST_NTLM_CLIENT;
 
@@ -76,7 +75,6 @@ int test_ntlm_client_init(TEST_NTLM_CLIENT* ntlm, const char* user, const char*
        ntlm->haveInputBuffer = FALSE;
        ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
        ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
-       ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
 
        ntlm->fContextReq = 0;
 
@@ -202,13 +200,6 @@ int test_ntlm_client_authenticate(TEST_NTLM_CLIENT* ntlm)
                if (ntlm->table->CompleteAuthToken)
                        ntlm->table->CompleteAuthToken(&ntlm->context, &ntlm->outputBufferDesc);
 
-               if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK)
-               {
-                       fprintf(stderr, "QueryContextAttributes SECPKG_ATTR_SIZES failure status: %s (0x%04X)\n",
-                               GetSecurityStatusString(status), status);
-                       return -1;
-               }
-
                if (status == SEC_I_COMPLETE_NEEDED)
                        status = SEC_E_OK;
                else if (status == SEC_I_COMPLETE_AND_CONTINUE)
@@ -268,7 +259,6 @@ struct _TEST_NTLM_SERVER
        SecPkgInfo* pPackageInfo;
        SecurityFunctionTable* table;
        SEC_WINNT_AUTH_IDENTITY identity;
-       SecPkgContext_Sizes ContextSizes;
 };
 typedef struct _TEST_NTLM_SERVER TEST_NTLM_SERVER;
 
@@ -394,7 +384,6 @@ int test_ntlm_server_init(TEST_NTLM_SERVER* ntlm)
        ntlm->haveInputBuffer = FALSE;
        ZeroMemory(&ntlm->inputBuffer, sizeof(SecBuffer));
        ZeroMemory(&ntlm->outputBuffer, sizeof(SecBuffer));
-       ZeroMemory(&ntlm->ContextSizes, sizeof(SecPkgContext_Sizes));
 
        ntlm->fContextReq = 0;