libfreerdp-core/credssp.c

   1 /**
   2  * FreeRDP: A Remote Desktop Protocol Client
   3  * Credential Security Support Provider (CredSSP)
   4  *
   5  * Copyright 2010 Marc-Andre Moreau <marcandre.moreau@gmail.com>
   6  *
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *               http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  */
  19
  20 #ifndef _WIN32
  21 #include <unistd.h>
  22 #endif
  23
  24 #include <time.h>
  25 #include "ntlmssp.h"
  26
  27 #include "credssp.h"
  28 /**
  29  * TSRequest ::= SEQUENCE {
  30  *      version    [0] INTEGER,
  31  *      negoTokens [1] NegoData OPTIONAL,
  32  *      authInfo   [2] OCTET STRING OPTIONAL,
  33  *      pubKeyAuth [3] OCTET STRING OPTIONAL
  34  * }
  35  *
  36  * NegoData ::= SEQUENCE OF NegoDataItem
  37  *
  38  * NegoDataItem ::= SEQUENCE {
  39  *      negoToken [0] OCTET STRING
  40  * }
  41  *
  42  * TSCredentials ::= SEQUENCE {
  43  *      credType    [0] INTEGER,
  44  *      credentials [1] OCTET STRING
  45  * }
  46  *
  47  * TSPasswordCreds ::= SEQUENCE {
  48  *      domainName  [0] OCTET STRING,
  49  *      userName    [1] OCTET STRING,
  50  *      password    [2] OCTET STRING
  51  * }
  52  *
  53  * TSSmartCardCreds ::= SEQUENCE {
  54  *      pin        [0] OCTET STRING,
  55  *      cspData    [1] TSCspDataDetail,
  56  *      userHint   [2] OCTET STRING OPTIONAL,
  57  *      domainHint [3] OCTET STRING OPTIONAL
  58  * }
  59  *
  60  * TSCspDataDetail ::= SEQUENCE {
  61  *      keySpec       [0] INTEGER,
  62  *      cardName      [1] OCTET STRING OPTIONAL,
  63  *      readerName    [2] OCTET STRING OPTIONAL,
  64  *      containerName [3] OCTET STRING OPTIONAL,
  65  *      cspName       [4] OCTET STRING OPTIONAL
  66  * }
  67  *
  68  */
  69
  70 /**
  71  * Initialize NTLMSSP authentication module.
  72  * @param credssp
  73  */
  74
  75 int credssp_ntlmssp_init(rdpCredssp* credssp)
  76 {
  77         freerdp* instance;
  78         NTLMSSP* ntlmssp = credssp->ntlmssp;
  79         rdpSettings* settings = credssp->transport->settings;
  80         instance = (freerdp*) settings->instance;
  81
  82         if ((settings->password == NULL) || (settings->username == NULL))
  83         {
  84                 if(instance->Authenticate)
  85                 {
  86                         boolean proceed = instance->Authenticate(instance,
  87                                         &settings->username, &settings->password, &settings->domain);
  88                         if (!proceed)
  89                                 return 0;
  90                 }
  91         }
  92
  93         if (settings->ntlm_version == 2)
  94                 ntlmssp->ntlm_v2 = 1;
  95
  96         ntlmssp_set_password(ntlmssp, settings->password);
  97         ntlmssp_set_username(ntlmssp, settings->username);
  98
  99         if (ntlmssp->ntlm_v2)
 100         {
 101                 ntlmssp_set_workstation(ntlmssp, "WORKSTATION");
 102         }
 103
 104         if (settings->domain != NULL)
 105         {
 106                 if (strlen(settings->domain) > 0)
 107                         ntlmssp_set_domain(ntlmssp, settings->domain);
 108         }
 109         else
 110         {
 111                 ntlmssp_set_domain(ntlmssp, NULL);
 112         }
 113
 114         ntlmssp_generate_client_challenge(ntlmssp);
 115         ntlmssp_generate_random_session_key(ntlmssp);
 116         ntlmssp_generate_exported_session_key(ntlmssp);
 117
 118         return 1;
 119 }
 120
 121 /**
 122  * Get TLS public key.
 123  * @param credssp
 124  */
 125
 126 int credssp_get_public_key(rdpCredssp* credssp)
 127 {
 128         int status;
 129         CryptoCert cert;
 130
 131         cert = tls_get_certificate(credssp->transport->tls);
 132
 133         if (cert == NULL)
 134         {
 135                 printf("credssp_get_public_key: tls_get_certificate failed to return the server certificate.\n");
 136                 return 0;
 137         }
 138
 139         if (!tls_verify_certificate(credssp->transport->tls, cert, credssp->transport->settings->hostname))
 140                 tls_disconnect(credssp->transport->tls);
 141
 142         status = crypto_cert_get_public_key(cert, &credssp->public_key);
 143         crypto_cert_free(cert);
 144
 145         return status;
 146 }
 147
 148 /**
 149  * Authenticate with server using CredSSP.
 150  * @param credssp
 151  * @return 1 if authentication is successful
 152  */
 153
 154 int credssp_authenticate(rdpCredssp* credssp)
 155 {
 156         NTLMSSP* ntlmssp = credssp->ntlmssp;
 157         STREAM* s = stream_new(0);
 158         uint8* negoTokenBuffer = (uint8*) xmalloc(2048);
 159
 160         if (credssp_ntlmssp_init(credssp) == 0)
 161                 return 0;
 162
 163         if (credssp_get_public_key(credssp) == 0)
 164                 return 0;
 165
 166         /* NTLMSSP NEGOTIATE MESSAGE */
 167         stream_attach(s, negoTokenBuffer, 2048);
 168         ntlmssp_send(ntlmssp, s);
 169         credssp->negoToken.data = stream_get_head(s);
 170         credssp->negoToken.length = stream_get_length(s);
 171         credssp_send(credssp, &credssp->negoToken, NULL, NULL);
 172
 173         /* NTLMSSP CHALLENGE MESSAGE */
 174         if (credssp_recv(credssp, &credssp->negoToken, NULL, NULL) < 0)
 175                 return -1;
 176
 177         stream_attach(s, credssp->negoToken.data, credssp->negoToken.length);
 178         ntlmssp_recv(ntlmssp, s);
 179
 180         freerdp_blob_free(&credssp->negoToken);
 181
 182         /* NTLMSSP AUTHENTICATE MESSAGE */
 183         stream_attach(s, negoTokenBuffer, 2048);
 184         ntlmssp_send(ntlmssp, s);
 185
 186         /* The last NTLMSSP message is sent with the encrypted public key */
 187         credssp->negoToken.data = stream_get_head(s);
 188         credssp->negoToken.length = stream_get_length(s);
 189         credssp_encrypt_public_key(credssp, &credssp->pubKeyAuth);
 190         credssp_send(credssp, &credssp->negoToken, NULL, &credssp->pubKeyAuth);
 191         freerdp_blob_free(&credssp->pubKeyAuth);
 192
 193         /* Encrypted Public Key +1 */
 194         if (credssp_recv(credssp, &credssp->negoToken, NULL, &credssp->pubKeyAuth) < 0)
 195                 return -1;
 196
 197         if (credssp_verify_public_key(credssp, &credssp->pubKeyAuth) == 0)
 198         {
 199                 /* Failed to verify server public key echo */
 200                 return 0; /* DO NOT SEND CREDENTIALS! */
 201         }
 202
 203         freerdp_blob_free(&credssp->negoToken);
 204         freerdp_blob_free(&credssp->pubKeyAuth);
 205
 206         /* Send encrypted credentials */
 207         credssp_encode_ts_credentials(credssp);
 208         credssp_encrypt_ts_credentials(credssp, &credssp->authInfo);
 209         credssp_send(credssp, NULL, &credssp->authInfo, NULL);
 210         freerdp_blob_free(&credssp->authInfo);
 211
 212         xfree(s);
 213
 214         return 1;
 215 }
 216
 217 /**
 218  * Encrypt TLS public key using CredSSP.
 219  * @param credssp
 220  * @param s
 221  */
 222
 223 void credssp_encrypt_public_key(rdpCredssp* credssp, rdpBlob* d)
 224 {
 225         uint8* p;
 226         uint8 signature[16];
 227         rdpBlob encrypted_public_key;
 228         NTLMSSP *ntlmssp = credssp->ntlmssp;
 229
 230         freerdp_blob_alloc(d, credssp->public_key.length + 16);
 231         ntlmssp_encrypt_message(ntlmssp, &credssp->public_key, &encrypted_public_key, signature);
 232
 233 #ifdef WITH_DEBUG_NLA
 234         printf("Public Key (length = %d)\n", credssp->public_key.length);
 235         freerdp_hexdump(credssp->public_key.data, credssp->public_key.length);
 236         printf("\n");
 237
 238         printf("Encrypted Public Key (length = %d)\n", encrypted_public_key.length);
 239         freerdp_hexdump(encrypted_public_key.data, encrypted_public_key.length);
 240         printf("\n");
 241
 242         printf("Signature\n");
 243         freerdp_hexdump(signature, 16);
 244         printf("\n");
 245 #endif
 246
 247         p = (uint8*) d->data;
 248         memcpy(p, signature, 16); /* Message Signature */
 249         memcpy(&p[16], encrypted_public_key.data, encrypted_public_key.length); /* Encrypted Public Key */
 250
 251         freerdp_blob_free(&encrypted_public_key);
 252 }
 253
 254 /**
 255  * Verify TLS public key using CredSSP.
 256  * @param credssp
 257  * @param s
 258  * @return 1 if verification is successful, 0 otherwise
 259  */
 260
 261 int credssp_verify_public_key(rdpCredssp* credssp, rdpBlob* d)
 262 {
 263         uint8 *p1, *p2;
 264         uint8* signature;
 265         rdpBlob public_key;
 266         rdpBlob encrypted_public_key;
 267
 268         signature = d->data;
 269         encrypted_public_key.data = (void*) (signature + 16);
 270         encrypted_public_key.length = d->length - 16;
 271
 272         ntlmssp_decrypt_message(credssp->ntlmssp, &encrypted_public_key, &public_key, signature);
 273
 274         p1 = (uint8*) credssp->public_key.data;
 275         p2 = (uint8*) public_key.data;
 276
 277         p2[0]--;
 278
 279         if (memcmp(p1, p2, public_key.length) != 0)
 280         {
 281                 printf("Could not verify server's public key echo\n");
 282                 return 0;
 283         }
 284
 285         p2[0]++;
 286         freerdp_blob_free(&public_key);
 287         return 1;
 288 }
 289
 290 /**
 291  * Encrypt and sign TSCredentials structure.
 292  * @param credssp
 293  * @param s
 294  */
 295
 296 void credssp_encrypt_ts_credentials(rdpCredssp* credssp, rdpBlob* d)
 297 {
 298         uint8* p;
 299         uint8 signature[16];
 300         rdpBlob encrypted_ts_credentials;
 301         NTLMSSP* ntlmssp = credssp->ntlmssp;
 302
 303         freerdp_blob_alloc(d, credssp->ts_credentials.length + 16);
 304         ntlmssp_encrypt_message(ntlmssp, &credssp->ts_credentials, &encrypted_ts_credentials, signature);
 305
 306 #ifdef WITH_DEBUG_NLA
 307         printf("TSCredentials (length = %d)\n", credssp->ts_credentials.length);
 308         freerdp_hexdump(credssp->ts_credentials.data, credssp->ts_credentials.length);
 309         printf("\n");
 310
 311         printf("Encrypted TSCredentials (length = %d)\n", encrypted_ts_credentials.length);
 312         freerdp_hexdump(encrypted_ts_credentials.data, encrypted_ts_credentials.length);
 313         printf("\n");
 314
 315         printf("Signature\n");
 316         freerdp_hexdump(signature, 16);
 317         printf("\n");
 318 #endif
 319
 320         p = (uint8*) d->data;
 321         memcpy(p, signature, 16); /* Message Signature */
 322         memcpy(&p[16], encrypted_ts_credentials.data, encrypted_ts_credentials.length); /* Encrypted TSCredentials */
 323
 324         freerdp_blob_free(&encrypted_ts_credentials);
 325 }
 326
 327 int credssp_skip_ts_password_creds(rdpCredssp* credssp)
 328 {
 329         int length;
 330         int ts_password_creds_length = 0;
 331
 332         length = ber_skip_octet_string(credssp->ntlmssp->domain.length);
 333         length += ber_skip_contextual_tag(length);
 334         ts_password_creds_length += length;
 335
 336         length = ber_skip_octet_string(credssp->ntlmssp->username.length);
 337         length += ber_skip_contextual_tag(length);
 338         ts_password_creds_length += length;
 339
 340         length = ber_skip_octet_string(credssp->ntlmssp->password.length);
 341         length += ber_skip_contextual_tag(length);
 342         ts_password_creds_length += length;
 343
 344         length = ber_skip_sequence(ts_password_creds_length);
 345
 346         return length;
 347 }
 348
 349 void credssp_write_ts_password_creds(rdpCredssp* credssp, STREAM* s)
 350 {
 351         int length;
 352
 353         length = credssp_skip_ts_password_creds(credssp);
 354
 355         /* TSPasswordCreds (SEQUENCE) */
 356         length = ber_get_content_length(length);
 357         ber_write_sequence_tag(s, length);
 358
 359         /* [0] domainName (OCTET STRING) */
 360         ber_write_contextual_tag(s, 0, credssp->ntlmssp->domain.length + 2, true);
 361         ber_write_octet_string(s, credssp->ntlmssp->domain.data, credssp->ntlmssp->domain.length);
 362
 363         /* [1] userName (OCTET STRING) */
 364         ber_write_contextual_tag(s, 1, credssp->ntlmssp->username.length + 2, true);
 365         ber_write_octet_string(s, credssp->ntlmssp->username.data, credssp->ntlmssp->username.length);
 366
 367         /* [2] password (OCTET STRING) */
 368         ber_write_contextual_tag(s, 2, credssp->ntlmssp->password.length + 2, true);
 369         ber_write_octet_string(s, credssp->ntlmssp->password.data, credssp->ntlmssp->password.length);
 370 }
 371
 372 int credssp_skip_ts_credentials(rdpCredssp* credssp)
 373 {
 374         int length;
 375         int ts_password_creds_length;
 376         int ts_credentials_length = 0;
 377
 378         length = ber_skip_integer(0);
 379         length += ber_skip_contextual_tag(length);
 380         ts_credentials_length += length;
 381
 382         ts_password_creds_length = credssp_skip_ts_password_creds(credssp);
 383         length = ber_skip_octet_string(ts_password_creds_length);
 384         length += ber_skip_contextual_tag(length);
 385         ts_credentials_length += length;
 386
 387         length = ber_skip_sequence(ts_credentials_length);
 388
 389         return length;
 390 }
 391
 392 void credssp_write_ts_credentials(rdpCredssp* credssp, STREAM* s)
 393 {
 394         int length;
 395         int ts_password_creds_length;
 396
 397         length = credssp_skip_ts_credentials(credssp);
 398         ts_password_creds_length = credssp_skip_ts_password_creds(credssp);
 399
 400         /* TSCredentials (SEQUENCE) */
 401         length = ber_get_content_length(length);
 402         length -= ber_write_sequence_tag(s, length);
 403
 404         /* [0] credType (INTEGER) */
 405         length -= ber_write_contextual_tag(s, 0, 3, true);
 406         length -= ber_write_integer(s, 1);
 407
 408         /* [1] credentials (OCTET STRING) */
 409         length -= 1;
 410         length -= ber_write_contextual_tag(s, 1, length, true);
 411         length -= ber_write_octet_string_tag(s, ts_password_creds_length);
 412
 413         credssp_write_ts_password_creds(credssp, s);
 414 }
 415
 416 /**
 417  * Encode TSCredentials structure.
 418  * @param credssp
 419  */
 420
 421 void credssp_encode_ts_credentials(rdpCredssp* credssp)
 422 {
 423         STREAM* s;
 424         int length;
 425
 426         s = stream_new(0);
 427         length = credssp_skip_ts_credentials(credssp);
 428         freerdp_blob_alloc(&credssp->ts_credentials, length);
 429         stream_attach(s, credssp->ts_credentials.data, length);
 430
 431         credssp_write_ts_credentials(credssp, s);
 432         stream_detach(s);
 433         stream_free(s);
 434 }
 435
 436 int credssp_skip_nego_token(int length)
 437 {
 438         length = ber_skip_octet_string(length);
 439         length += ber_skip_contextual_tag(length);
 440         return length;
 441 }
 442
 443 int credssp_skip_nego_tokens(int length)
 444 {
 445         length = credssp_skip_nego_token(length);
 446         length += ber_skip_sequence_tag(length);
 447         length += ber_skip_sequence_tag(length);
 448         length += ber_skip_contextual_tag(length);
 449         return length;
 450 }
 451
 452 int credssp_skip_pub_key_auth(int length)
 453 {
 454         length = ber_skip_octet_string(length);
 455         length += ber_skip_contextual_tag(length);
 456         return length;
 457 }
 458
 459 int credssp_skip_auth_info(int length)
 460 {
 461         length = ber_skip_octet_string(length);
 462         length += ber_skip_contextual_tag(length);
 463         return length;
 464 }
 465
 466 int credssp_skip_ts_request(int length)
 467 {
 468         length += ber_skip_integer(2);
 469         length += ber_skip_contextual_tag(3);
 470         length += ber_skip_sequence_tag(length);
 471         return length;
 472 }
 473
 474 /**
 475  * Send CredSSP message.
 476  * @param credssp
 477  * @param negoToken
 478  * @param authInfo
 479  * @param pubKeyAuth
 480  */
 481
 482 void credssp_send(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rdpBlob* pubKeyAuth)
 483 {
 484         STREAM* s;
 485         int length;
 486         int ts_request_length;
 487         int nego_tokens_length;
 488         int pub_key_auth_length;
 489         int auth_info_length;
 490
 491         nego_tokens_length = (negoToken != NULL) ? credssp_skip_nego_tokens(negoToken->length) : 0;
 492         pub_key_auth_length = (pubKeyAuth != NULL) ? credssp_skip_pub_key_auth(pubKeyAuth->length) : 0;
 493         auth_info_length = (authInfo != NULL) ? credssp_skip_auth_info(authInfo->length) : 0;
 494
 495         length = nego_tokens_length + pub_key_auth_length + auth_info_length;
 496         ts_request_length = credssp_skip_ts_request(length);
 497
 498         s = stream_new(ts_request_length);
 499
 500         /* TSRequest */
 501         length = ber_get_content_length(ts_request_length);
 502         ber_write_sequence_tag(s, length); /* SEQUENCE */
 503         ber_write_contextual_tag(s, 0, 3, true); /* [0] version */
 504         ber_write_integer(s, 2); /* INTEGER */
 505
 506         /* [1] negoTokens (NegoData) */
 507         if (nego_tokens_length > 0)
 508         {
 509                 length = ber_get_content_length(nego_tokens_length);
 510                 length -= ber_write_contextual_tag(s, 1, length, true); /* NegoData */
 511                 length -= ber_write_sequence_tag(s, length); /* SEQUENCE OF NegoDataItem */
 512                 length -= ber_write_sequence_tag(s, length); /* NegoDataItem */
 513                 length -= ber_write_contextual_tag(s, 0, length, true); /* [0] negoToken */
 514                 ber_write_octet_string(s, negoToken->data, length); /* OCTET STRING */
 515         }
 516
 517         /* [2] authInfo (OCTET STRING) */
 518         if (auth_info_length > 0)
 519         {
 520                 length = ber_get_content_length(auth_info_length);
 521                 length -= ber_write_contextual_tag(s, 2, length, true);
 522                 ber_write_octet_string(s, authInfo->data, authInfo->length);
 523         }
 524
 525         /* [3] pubKeyAuth (OCTET STRING) */
 526         if (pub_key_auth_length > 0)
 527         {
 528                 length = ber_get_content_length(pub_key_auth_length);
 529                 length -= ber_write_contextual_tag(s, 3, length, true);
 530                 ber_write_octet_string(s, pubKeyAuth->data, length);
 531         }
 532
 533         transport_write(credssp->transport, s);
 534         stream_free(s);
 535 }
 536
 537 /**
 538  * Receive CredSSP message.
 539  * @param credssp
 540  * @param negoToken
 541  * @param authInfo
 542  * @param pubKeyAuth
 543  * @return
 544  */
 545
 546 int credssp_recv(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rdpBlob* pubKeyAuth)
 547 {
 548         STREAM* s;
 549         int length;
 550         int status;
 551         uint32 version;
 552
 553         s = transport_recv_stream_init(credssp->transport, 2048);
 554         status = transport_read(credssp->transport, s);
 555
 556         if (status < 0)
 557                 return -1;
 558
 559         /* TSRequest */
 560         ber_read_sequence_tag(s, &length);
 561         ber_read_contextual_tag(s, 0, &length, true);
 562         ber_read_integer(s, &version);
 563
 564         /* [1] negoTokens (NegoData) */
 565         if (ber_read_contextual_tag(s, 1, &length, true) != false)
 566         {
 567                 ber_read_sequence_tag(s, &length); /* SEQUENCE OF NegoDataItem */
 568                 ber_read_sequence_tag(s, &length); /* NegoDataItem */
 569                 ber_read_contextual_tag(s, 0, &length, true); /* [0] negoToken */
 570                 ber_read_octet_string(s, &length); /* OCTET STRING */
 571                 freerdp_blob_alloc(negoToken, length);
 572                 stream_read(s, negoToken->data, length);
 573         }
 574
 575         /* [2] authInfo (OCTET STRING) */
 576         if (ber_read_contextual_tag(s, 2, &length, true) != false)
 577         {
 578                 ber_read_octet_string(s, &length); /* OCTET STRING */
 579                 freerdp_blob_alloc(authInfo, length);
 580                 stream_read(s, authInfo->data, length);
 581         }
 582
 583         /* [3] pubKeyAuth (OCTET STRING) */
 584         if (ber_read_contextual_tag(s, 3, &length, true) != false)
 585         {
 586                 ber_read_octet_string(s, &length); /* OCTET STRING */
 587                 freerdp_blob_alloc(pubKeyAuth, length);
 588                 stream_read(s, pubKeyAuth->data, length);
 589         }
 590
 591         return 0;
 592 }
 593
 594 /**
 595  * Encrypt the given plain text using RC4 and the given key.
 596  * @param key RC4 key
 597  * @param length text length
 598  * @param plaintext plain text
 599  * @param ciphertext cipher text
 600  */
 601
 602 void credssp_rc4k(uint8* key, int length, uint8* plaintext, uint8* ciphertext)
 603 {
 604         CryptoRc4 rc4;
 605
 606         /* Initialize RC4 cipher with key */
 607         rc4 = crypto_rc4_init((void*) key, 16);
 608
 609         /* Encrypt plaintext with key */
 610         crypto_rc4(rc4, length, (void*) plaintext, (void*) ciphertext);
 611
 612         /* Free RC4 Cipher */
 613         crypto_rc4_free(rc4);
 614 }
 615
 616 /**
 617  * Get current time, in tenths of microseconds since midnight of January 1, 1601.
 618  * @param[out] timestamp 64-bit little-endian timestamp
 619  */
 620
 621 void credssp_current_time(uint8* timestamp)
 622 {
 623         uint64 time64;
 624
 625         /* Timestamp (8 bytes), represented as the number of tenths of microseconds since midnight of January 1, 1601 */
 626         time64 = time(NULL) + 11644473600LL; /* Seconds since January 1, 1601 */
 627         time64 *= 10000000; /* Convert timestamp to tenths of a microsecond */
 628
 629         memcpy(timestamp, &time64, 8); /* Copy into timestamp in little-endian */
 630 }
 631
 632 /**
 633  * Create new CredSSP state machine.
 634  * @param transport
 635  * @return new CredSSP state machine.
 636  */
 637
 638 rdpCredssp* credssp_new(rdpTransport* transport)
 639 {
 640         rdpCredssp* self;
 641
 642         self = (rdpCredssp*) xzalloc(sizeof(rdpCredssp));
 643
 644         if (self != NULL)
 645         {
 646                 self->transport = transport;
 647                 self->send_seq_num = 0;
 648                 self->ntlmssp = ntlmssp_new();
 649                 self->settings = transport->settings;
 650         }
 651
 652         return self;
 653 }
 654
 655 /**
 656  * Free CredSSP state machine.
 657  * @param credssp
 658  */
 659
 660 void credssp_free(rdpCredssp* credssp)
 661 {
 662         if (credssp != NULL)
 663         {
 664                 freerdp_blob_free(&credssp->public_key);
 665                 freerdp_blob_free(&credssp->ts_credentials);
 666
 667                 ntlmssp_free(credssp->ntlmssp);
 668                 xfree(credssp);
 669         }
 670 }