Sec/NLA: Support passwordless (blank password) login with NLA.

It was supported in freerdp 1.0.2 but not supported in lastest master.
We should take empty password if it is explicitly specified with /v option.
If a password is not specified, we could first try SAM file. If the user entry does not exist, prompt for password.

diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c
index e89af63..0fcbaa5 100644 (file)
--- a/libfreerdp/core/nla.c
+++ b/libfreerdp/core/nla.c
@@ -33,6 +33,7 @@
 #include <freerdp/crypto/tls.h>
 
 #include <winpr/crt.h>
+#include <winpr/sam.h>
 #include <winpr/sspi.h>
 #include <winpr/print.h>
 #include <winpr/tchar.h>
@@ -144,6 +145,8 @@ int nla_client_init(rdpNla* nla)
        BOOL PromptPassword = FALSE;
        freerdp* instance = nla->instance;
        rdpSettings* settings = nla->settings;
+       WINPR_SAM* sam;
+       WINPR_SAM_ENTRY* entry;
 
        nla->state = NLA_STATE_INITIAL;
 
@@ -151,11 +154,33 @@ int nla_client_init(rdpNla* nla)
                settings->DisableCredentialsDelegation = TRUE;
 
        if ((!settings->Password) || (!settings->Username)
-                       || (!strlen(settings->Password)) || (!strlen(settings->Username)))
+                       || (!strlen(settings->Username)))
        {
                PromptPassword = TRUE;
        }
 
+       if (PromptPassword && settings->Username && strlen(settings->Username))
+       {
+               sam = SamOpen(TRUE);
+
+               if (sam)
+               {
+                       entry = SamLookupUserA(sam, settings->Username, strlen(settings->Username), NULL, 0);
+
+                       if (entry)
+                       {
+                               /**
+                                * The user could be found in SAM database.
+                                * Use entry in SAM database later instead of prompt
+                                */
+                               PromptPassword = FALSE;
+                               SamFreeEntry(sam, entry);
+                       }
+
+                       SamClose(sam);
+               }
+       }
+
 #ifndef _WIN32
        if (PromptPassword)
        {

diff --git a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
index 178556d..131e522 100644 (file)
--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
@@ -298,7 +298,7 @@ int ntlm_compute_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
                                                 (LPWSTR) credentials->identity.Domain, credentials->identity.DomainLength * 2,
                                                 (BYTE*) hash);
        }
-       else if (credentials->identity.PasswordLength > 0)
+       else if (credentials->identity.Password)
        {
                NTOWFv2W((LPWSTR) credentials->identity.Password, credentials->identity.PasswordLength * 2,
                                 (LPWSTR) credentials->identity.User, credentials->identity.UserLength * 2,

diff --git a/winpr/libwinpr/sspi/sspi_winpr.c b/winpr/libwinpr/sspi/sspi_winpr.c
index cde1196..2e7c723 100644 (file)
--- a/winpr/libwinpr/sspi/sspi_winpr.c
+++ b/winpr/libwinpr/sspi/sspi_winpr.c
@@ -447,7 +447,7 @@ int sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, SEC_WINNT_AUTH_IDEN
        if (identity->PasswordLength > 256)
                identity->PasswordLength /= SSPI_CREDENTIALS_HASH_LENGTH_FACTOR;
 
-       if (identity->PasswordLength > 0)
+       if (srcIdentity->Password)
        {
                identity->Password = (UINT16*) malloc((identity->PasswordLength + 1) * sizeof(WCHAR));