|
Lines 1-7
Link Here
|
| 1 |
/* -*- c-basic-offset: 8 -*- |
1 |
/* -*- c-basic-offset: 8 -*- |
| 2 |
rdesktop: A Remote Desktop Protocol client. |
2 |
rdesktop: A Remote Desktop Protocol client. |
| 3 |
CredSSP layer and kerberos support. |
3 |
CredSSP layer and kerberos support. |
| 4 |
Copyright 2012 Henrik Andersson <hean01@cendio.se> for Cendio AB |
4 |
Copyright 2012-2013 Henrik Andersson <hean01@cendio.se> for Cendio AB |
| 5 |
|
5 |
|
| 6 |
This program is free software: you can redistribute it and/or modify |
6 |
This program is free software: you can redistribute it and/or modify |
| 7 |
it under the terms of the GNU General Public License as published by |
7 |
it under the terms of the GNU General Public License as published by |
|
Lines 20-25
Link Here
|
| 20 |
#include <gssapi/gssapi.h> |
20 |
#include <gssapi/gssapi.h> |
| 21 |
#include "rdesktop.h" |
21 |
#include "rdesktop.h" |
| 22 |
|
22 |
|
|
|
23 |
extern RD_BOOL g_use_password_as_pin; |
| 24 |
|
| 23 |
static gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc = |
25 |
static gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc = |
| 24 |
{ 9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; |
26 |
{ 9, (void *) "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; |
| 25 |
|
27 |
|
|
Lines 285-290
Link Here
|
| 285 |
return out; |
287 |
return out; |
| 286 |
} |
288 |
} |
| 287 |
|
289 |
|
|
|
290 |
/* KeySpecs from wincrypt.h */ |
| 291 |
#define AT_KEYEXCHANGE 1 |
| 292 |
#define AT_SIGNATURE 2 |
| 293 |
|
| 294 |
static STREAM |
| 295 |
cssp_encode_tscspdatadetail(int keyspec, char *card, char *reader, char *container, char *csp) |
| 296 |
{ |
| 297 |
int i; |
| 298 |
STREAM out; |
| 299 |
STREAM h1, h2; |
| 300 |
struct stream tmp = { 0 }; |
| 301 |
struct stream message = { 0 }; |
| 302 |
|
| 303 |
// allocate local streams |
| 304 |
tmp.size = 4096; |
| 305 |
tmp.data = xmalloc(tmp.size); |
| 306 |
s_reset(&tmp); |
| 307 |
|
| 308 |
message.size = 4096; |
| 309 |
message.data = xmalloc(message.size); |
| 310 |
s_reset(&message); |
| 311 |
|
| 312 |
unsigned char serial[] = {AT_SIGNATURE & AT_KEYEXCHANGE}; |
| 313 |
|
| 314 |
#if 0 |
| 315 |
unsigned char serial[] = { |
| 316 |
0x00,0xFA, 0x9B, 0x3F, 0x5F, 0x9F, 0x0D, 0x58, 0xDB, |
| 317 |
0x28, 0x13, 0xA9, 0xA4, 0xC5, 0x78, 0x34, 0xE9 |
| 318 |
}; |
| 319 |
#endif |
| 320 |
|
| 321 |
// keySpec [0] |
| 322 |
s_reset(&tmp); |
| 323 |
for (i = 0; i < sizeof(serial); i++) |
| 324 |
out_uint8(&tmp, serial[i]); |
| 325 |
s_mark_end(&tmp); |
| 326 |
h2 = ber_wrap_hdr_data(BER_TAG_INTEGER, &tmp); |
| 327 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0, h2); |
| 328 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 329 |
s_free(h2); |
| 330 |
s_free(h1); |
| 331 |
|
| 332 |
#if 0 |
| 333 |
// cardName [1] |
| 334 |
s_reset(&tmp); |
| 335 |
for (i = 0; i < strlen(card); i++) |
| 336 |
out_uint16_le(&tmp, card[i]); |
| 337 |
s_mark_end(&tmp); |
| 338 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp); |
| 339 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1, h2); |
| 340 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 341 |
s_free(h2); |
| 342 |
s_free(h1); |
| 343 |
|
| 344 |
// readerName [2] |
| 345 |
s_reset(&tmp); |
| 346 |
for (i = 0; i < strlen(reader); i++) |
| 347 |
out_uint16_le(&tmp, reader[i]); |
| 348 |
s_mark_end(&tmp); |
| 349 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp); |
| 350 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 2, h2); |
| 351 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 352 |
s_free(h2); |
| 353 |
s_free(h1); |
| 354 |
|
| 355 |
// containerName [3] |
| 356 |
s_reset(&tmp); |
| 357 |
for (i = 0; i < strlen(container); i++) |
| 358 |
out_uint16_le(&tmp, container[i]); |
| 359 |
s_mark_end(&tmp); |
| 360 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp); |
| 361 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3, h2); |
| 362 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 363 |
s_free(h2); |
| 364 |
s_free(h1); |
| 365 |
|
| 366 |
// cspName [4] |
| 367 |
s_reset(&tmp); |
| 368 |
for (i = 0; i < strlen(csp); i++) |
| 369 |
out_uint16_le(&tmp, csp[i]); |
| 370 |
s_mark_end(&tmp); |
| 371 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp); |
| 372 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 4, h2); |
| 373 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 374 |
s_free(h2); |
| 375 |
s_free(h1); |
| 376 |
#endif |
| 377 |
s_mark_end(&message); |
| 378 |
|
| 379 |
// build message |
| 380 |
out = ber_wrap_hdr_data(BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED, &message); |
| 381 |
|
| 382 |
// cleanup |
| 383 |
free(tmp.data); |
| 384 |
free(message.data); |
| 385 |
return out; |
| 386 |
} |
| 387 |
|
| 388 |
static STREAM |
| 389 |
cssp_encode_tssmartcardcreds(char *username, char *password,char *domain) |
| 390 |
{ |
| 391 |
int i; |
| 392 |
STREAM out, h1, h2; |
| 393 |
struct stream tmp = { 0 }; |
| 394 |
struct stream message = { 0 }; |
| 395 |
|
| 396 |
// allocate local streams |
| 397 |
tmp.size = 4096; |
| 398 |
tmp.data = xmalloc(tmp.size); |
| 399 |
s_reset(&tmp); |
| 400 |
|
| 401 |
message.size = 4096; |
| 402 |
message.data = xmalloc(message.size); |
| 403 |
s_reset(&message); |
| 404 |
|
| 405 |
// pin [0] |
| 406 |
s_reset(&tmp); |
| 407 |
for (i = 0; i < strlen(password); i++) |
| 408 |
out_uint16_le(&tmp, password[i]); |
| 409 |
s_mark_end(&tmp); |
| 410 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp); |
| 411 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0, h2); |
| 412 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 413 |
s_free(h2); |
| 414 |
s_free(h1); |
| 415 |
|
| 416 |
// cspData[1] |
| 417 |
h2 = cssp_encode_tscspdatadetail(0x00, "", "", "identifiering", ""); |
| 418 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1, h2); |
| 419 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 420 |
s_free(h2); |
| 421 |
s_free(h1); |
| 422 |
|
| 423 |
// userHint [2] |
| 424 |
s_reset(&tmp); |
| 425 |
for (i = 0; i < strlen(username); i++) |
| 426 |
out_uint16_le(&tmp, username[i]); |
| 427 |
s_mark_end(&tmp); |
| 428 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp); |
| 429 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 2, h2); |
| 430 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 431 |
s_free(h2); |
| 432 |
s_free(h1); |
| 433 |
|
| 434 |
// domainHint [3] |
| 435 |
s_reset(&tmp); |
| 436 |
for (i = 0; i < strlen(domain); i++) |
| 437 |
out_uint16_le(&tmp, domain[i]); |
| 438 |
s_mark_end(&tmp); |
| 439 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, &tmp); |
| 440 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 3, h2); |
| 441 |
out_uint8p(&message, h1->data, s_length(h1)); |
| 442 |
s_free(h2); |
| 443 |
s_free(h1); |
| 444 |
|
| 445 |
|
| 446 |
s_mark_end(&message); |
| 447 |
|
| 448 |
// build message |
| 449 |
out = ber_wrap_hdr_data(BER_TAG_SEQUENCE | BER_TAG_CONSTRUCTED, &message); |
| 450 |
|
| 451 |
// cleanup |
| 452 |
free(tmp.data); |
| 453 |
free(message.data); |
| 454 |
return out; |
| 455 |
} |
| 456 |
|
| 288 |
STREAM |
457 |
STREAM |
| 289 |
cssp_encode_tscredentials(char *username, char *password, char *domain) |
458 |
cssp_encode_tscredentials(char *username, char *password, char *domain) |
| 290 |
{ |
459 |
{ |
|
Lines 304-310
Link Here
|
| 304 |
|
473 |
|
| 305 |
// credType [0] |
474 |
// credType [0] |
| 306 |
s_reset(&tmp); |
475 |
s_reset(&tmp); |
| 307 |
out_uint8(&tmp, 1); // TSPasswordCreds |
476 |
if (g_use_password_as_pin == False) |
|
|
477 |
{ |
| 478 |
out_uint8(&tmp, 1); // TSPasswordCreds |
| 479 |
} |
| 480 |
else |
| 481 |
{ |
| 482 |
out_uint8(&tmp, 2); // TSSmartCardCreds |
| 483 |
} |
| 484 |
|
| 308 |
s_mark_end(&tmp); |
485 |
s_mark_end(&tmp); |
| 309 |
h2 = ber_wrap_hdr_data(BER_TAG_INTEGER, &tmp); |
486 |
h2 = ber_wrap_hdr_data(BER_TAG_INTEGER, &tmp); |
| 310 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0, h2); |
487 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 0, h2); |
|
Lines 313-319
Link Here
|
| 313 |
s_free(h1); |
490 |
s_free(h1); |
| 314 |
|
491 |
|
| 315 |
// credentials [1] |
492 |
// credentials [1] |
| 316 |
h3 = cssp_encode_tspasswordcreds(username, password, domain); |
493 |
if (g_use_password_as_pin == False) |
|
|
494 |
{ |
| 495 |
h3 = cssp_encode_tspasswordcreds(username, password, domain); |
| 496 |
} |
| 497 |
else |
| 498 |
{ |
| 499 |
h3 = cssp_encode_tssmartcardcreds(username, password, domain); |
| 500 |
} |
| 501 |
|
| 317 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, h3); |
502 |
h2 = ber_wrap_hdr_data(BER_TAG_OCTET_STRING, h3); |
| 318 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1, h2); |
503 |
h1 = ber_wrap_hdr_data(BER_TAG_CTXT_SPECIFIC | BER_TAG_CONSTRUCTED | 1, h2); |
| 319 |
out_uint8p(&message, h1->data, s_length(h1)); |
504 |
out_uint8p(&message, h1->data, s_length(h1)); |
