libfreerdp-auth: move authentication code out of libfreerdp-core
This commit is contained in:
parent
b8882a8ad2
commit
8cab067498
@ -163,6 +163,7 @@ add_subdirectory(libfreerdp-rail)
|
|||||||
add_subdirectory(libfreerdp-cache)
|
add_subdirectory(libfreerdp-cache)
|
||||||
add_subdirectory(libfreerdp-codec)
|
add_subdirectory(libfreerdp-codec)
|
||||||
add_subdirectory(libfreerdp-crypto)
|
add_subdirectory(libfreerdp-crypto)
|
||||||
|
add_subdirectory(libfreerdp-auth)
|
||||||
add_subdirectory(libfreerdp-channels)
|
add_subdirectory(libfreerdp-channels)
|
||||||
add_subdirectory(libfreerdp-core)
|
add_subdirectory(libfreerdp-core)
|
||||||
|
|
||||||
@ -189,3 +190,4 @@ string(TOLOWER ${CMAKE_PROJECT_NAME} CMAKE_PROJECT_NAME_lower)
|
|||||||
set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME_lower}-${FREERDP_VERSION_FULL}")
|
set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME_lower}-${FREERDP_VERSION_FULL}")
|
||||||
|
|
||||||
include(CPack)
|
include(CPack)
|
||||||
|
|
||||||
|
@ -26,8 +26,7 @@ typedef struct rdp_credssp rdpCredssp;
|
|||||||
#include <freerdp/crypto/ber.h>
|
#include <freerdp/crypto/ber.h>
|
||||||
#include <freerdp/crypto/crypto.h>
|
#include <freerdp/crypto/crypto.h>
|
||||||
|
|
||||||
#include "transport.h"
|
#include <freerdp/freerdp.h>
|
||||||
#include <freerdp/settings.h>
|
|
||||||
#include <freerdp/utils/blob.h>
|
#include <freerdp/utils/blob.h>
|
||||||
#include <freerdp/utils/memory.h>
|
#include <freerdp/utils/memory.h>
|
||||||
#include <freerdp/utils/stream.h>
|
#include <freerdp/utils/stream.h>
|
||||||
@ -37,16 +36,17 @@ typedef struct rdp_credssp rdpCredssp;
|
|||||||
|
|
||||||
struct rdp_credssp
|
struct rdp_credssp
|
||||||
{
|
{
|
||||||
|
rdpTls* tls;
|
||||||
|
freerdp* instance;
|
||||||
boolean server;
|
boolean server;
|
||||||
rdpBlob negoToken;
|
rdpBlob negoToken;
|
||||||
rdpBlob pubKeyAuth;
|
rdpBlob pubKeyAuth;
|
||||||
rdpBlob authInfo;
|
rdpBlob authInfo;
|
||||||
int send_seq_num;
|
int send_seq_num;
|
||||||
rdpBlob ts_credentials;
|
rdpBlob ts_credentials;
|
||||||
rdpSettings* settings;
|
|
||||||
CryptoRc4 rc4_seal_state;
|
CryptoRc4 rc4_seal_state;
|
||||||
struct _NTLMSSP *ntlmssp;
|
struct _NTLMSSP *ntlmssp;
|
||||||
struct rdp_transport* transport;
|
rdpSettings* settings;
|
||||||
};
|
};
|
||||||
|
|
||||||
int credssp_authenticate(rdpCredssp* credssp);
|
int credssp_authenticate(rdpCredssp* credssp);
|
||||||
@ -62,7 +62,7 @@ void credssp_encode_ts_credentials(rdpCredssp* credssp);
|
|||||||
void credssp_current_time(uint8* timestamp);
|
void credssp_current_time(uint8* timestamp);
|
||||||
void credssp_rc4k(uint8* key, int length, uint8* plaintext, uint8* ciphertext);
|
void credssp_rc4k(uint8* key, int length, uint8* plaintext, uint8* ciphertext);
|
||||||
|
|
||||||
rdpCredssp* credssp_new(rdpTransport* transport);
|
rdpCredssp* credssp_new(freerdp* instance, rdpTls* tls, rdpSettings* settings);
|
||||||
void credssp_free(rdpCredssp* credssp);
|
void credssp_free(rdpCredssp* credssp);
|
||||||
|
|
||||||
#endif /* __CREDSSP_H */
|
#endif /* __CREDSSP_H */
|
@ -35,6 +35,7 @@ typedef struct rdp_freerdp_peer freerdp_peer;
|
|||||||
#include <freerdp/types.h>
|
#include <freerdp/types.h>
|
||||||
#include <freerdp/settings.h>
|
#include <freerdp/settings.h>
|
||||||
#include <freerdp/extension.h>
|
#include <freerdp/extension.h>
|
||||||
|
#include <freerdp/utils/stream.h>
|
||||||
|
|
||||||
#include <freerdp/input.h>
|
#include <freerdp/input.h>
|
||||||
#include <freerdp/update.h>
|
#include <freerdp/update.h>
|
||||||
@ -109,6 +110,12 @@ FREERDP_API boolean freerdp_disconnect(freerdp* instance);
|
|||||||
FREERDP_API boolean freerdp_get_fds(freerdp* instance, void** rfds, int* rcount, void** wfds, int* wcount);
|
FREERDP_API boolean freerdp_get_fds(freerdp* instance, void** rfds, int* rcount, void** wfds, int* wcount);
|
||||||
FREERDP_API boolean freerdp_check_fds(freerdp* instance);
|
FREERDP_API boolean freerdp_check_fds(freerdp* instance);
|
||||||
|
|
||||||
|
FREERDP_API int freerdp_transport_read(freerdp* instance, STREAM* s);
|
||||||
|
FREERDP_API int freerdp_transport_write(freerdp* instance, STREAM* s);
|
||||||
|
|
||||||
|
FREERDP_API STREAM* freerdp_transport_recv_stream_init(freerdp* instance, int size);
|
||||||
|
FREERDP_API STREAM* freerdp_transport_send_stream_init(freerdp* instance, int size);
|
||||||
|
|
||||||
FREERDP_API void freerdp_send_keep_alive(freerdp* instance);
|
FREERDP_API void freerdp_send_keep_alive(freerdp* instance);
|
||||||
FREERDP_API uint32 freerdp_error_info(freerdp* instance);
|
FREERDP_API uint32 freerdp_error_info(freerdp* instance);
|
||||||
|
|
||||||
|
32
libfreerdp-auth/CMakeLists.txt
Normal file
32
libfreerdp-auth/CMakeLists.txt
Normal file
@ -0,0 +1,32 @@
|
|||||||
|
# FreeRDP: A Remote Desktop Protocol Client
|
||||||
|
# libfreerdp-auth cmake build script
|
||||||
|
#
|
||||||
|
# Copyright 2011 O.S. Systems Software Ltda.
|
||||||
|
# Copyright 2011 Otavio Salvador <otavio@ossystems.com.br>
|
||||||
|
# Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
set(FREERDP_AUTH_SRCS
|
||||||
|
credssp.c
|
||||||
|
ntlmssp.c)
|
||||||
|
|
||||||
|
add_library(freerdp-auth ${FREERDP_AUTH_SRCS})
|
||||||
|
|
||||||
|
set_target_properties(freerdp-auth PROPERTIES VERSION ${FREERDP_VERSION_FULL} SOVERSION ${FREERDP_VERSION} PREFIX "lib")
|
||||||
|
|
||||||
|
target_link_libraries(freerdp-auth freerdp-utils)
|
||||||
|
target_link_libraries(freerdp-auth freerdp-crypto)
|
||||||
|
|
||||||
|
install(TARGETS freerdp-auth DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||||
|
|
@ -22,9 +22,10 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include "ntlmssp.h"
|
#include <freerdp/auth/ntlmssp.h>
|
||||||
|
|
||||||
|
#include <freerdp/auth/credssp.h>
|
||||||
|
|
||||||
#include "credssp.h"
|
|
||||||
/**
|
/**
|
||||||
* TSRequest ::= SEQUENCE {
|
* TSRequest ::= SEQUENCE {
|
||||||
* version [0] INTEGER,
|
* version [0] INTEGER,
|
||||||
@ -76,7 +77,7 @@ int credssp_ntlmssp_client_init(rdpCredssp* credssp)
|
|||||||
{
|
{
|
||||||
freerdp* instance;
|
freerdp* instance;
|
||||||
NTLMSSP* ntlmssp = credssp->ntlmssp;
|
NTLMSSP* ntlmssp = credssp->ntlmssp;
|
||||||
rdpSettings* settings = credssp->transport->settings;
|
rdpSettings* settings = credssp->settings;
|
||||||
instance = (freerdp*) settings->instance;
|
instance = (freerdp*) settings->instance;
|
||||||
|
|
||||||
if ((settings->password == NULL) || (settings->username == NULL))
|
if ((settings->password == NULL) || (settings->username == NULL))
|
||||||
@ -266,7 +267,7 @@ void credssp_encrypt_public_key(rdpCredssp* credssp, rdpBlob* d)
|
|||||||
uint8 signature[16];
|
uint8 signature[16];
|
||||||
rdpBlob encrypted_public_key;
|
rdpBlob encrypted_public_key;
|
||||||
NTLMSSP *ntlmssp = credssp->ntlmssp;
|
NTLMSSP *ntlmssp = credssp->ntlmssp;
|
||||||
tls = credssp->transport->tls;
|
tls = credssp->tls;
|
||||||
|
|
||||||
freerdp_blob_alloc(d, tls->public_key.length + 16);
|
freerdp_blob_alloc(d, tls->public_key.length + 16);
|
||||||
ntlmssp_encrypt_message(ntlmssp, &tls->public_key, &encrypted_public_key, signature);
|
ntlmssp_encrypt_message(ntlmssp, &tls->public_key, &encrypted_public_key, signature);
|
||||||
@ -305,7 +306,7 @@ int credssp_verify_public_key(rdpCredssp* credssp, rdpBlob* d)
|
|||||||
uint8* signature;
|
uint8* signature;
|
||||||
rdpBlob public_key;
|
rdpBlob public_key;
|
||||||
rdpBlob encrypted_public_key;
|
rdpBlob encrypted_public_key;
|
||||||
rdpTls* tls = credssp->transport->tls;
|
rdpTls* tls = credssp->tls;
|
||||||
|
|
||||||
signature = d->data;
|
signature = d->data;
|
||||||
encrypted_public_key.data = (void*) (signature + 16);
|
encrypted_public_key.data = (void*) (signature + 16);
|
||||||
@ -572,7 +573,7 @@ void credssp_send(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rd
|
|||||||
ber_write_octet_string(s, pubKeyAuth->data, length);
|
ber_write_octet_string(s, pubKeyAuth->data, length);
|
||||||
}
|
}
|
||||||
|
|
||||||
transport_write(credssp->transport, s);
|
freerdp_transport_write(credssp->instance, s);
|
||||||
stream_free(s);
|
stream_free(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -592,8 +593,8 @@ int credssp_recv(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rdp
|
|||||||
int status;
|
int status;
|
||||||
uint32 version;
|
uint32 version;
|
||||||
|
|
||||||
s = transport_recv_stream_init(credssp->transport, 2048);
|
s = freerdp_transport_recv_stream_init(credssp->instance, 2048);
|
||||||
status = transport_read(credssp->transport, s);
|
status = freerdp_transport_read(credssp->instance, s);
|
||||||
|
|
||||||
if (status < 0)
|
if (status < 0)
|
||||||
return -1;
|
return -1;
|
||||||
@ -677,7 +678,7 @@ void credssp_current_time(uint8* timestamp)
|
|||||||
* @return new CredSSP state machine.
|
* @return new CredSSP state machine.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
rdpCredssp* credssp_new(rdpTransport* transport)
|
rdpCredssp* credssp_new(freerdp* instance, rdpTls* tls, rdpSettings* settings)
|
||||||
{
|
{
|
||||||
rdpCredssp* credssp;
|
rdpCredssp* credssp;
|
||||||
|
|
||||||
@ -685,11 +686,12 @@ rdpCredssp* credssp_new(rdpTransport* transport)
|
|||||||
|
|
||||||
if (credssp != NULL)
|
if (credssp != NULL)
|
||||||
{
|
{
|
||||||
credssp->transport = transport;
|
credssp->instance = instance;
|
||||||
credssp->send_seq_num = 0;
|
credssp->settings = settings;
|
||||||
credssp->settings = transport->settings;
|
credssp->server = settings->server_mode;
|
||||||
|
credssp->tls = tls;
|
||||||
|
|
||||||
credssp->server = credssp->settings->server_mode;
|
credssp->send_seq_num = 0;
|
||||||
|
|
||||||
if (credssp->server)
|
if (credssp->server)
|
||||||
credssp->ntlmssp = ntlmssp_server_new();
|
credssp->ntlmssp = ntlmssp_server_new();
|
@ -25,9 +25,9 @@
|
|||||||
#include <openssl/engine.h>
|
#include <openssl/engine.h>
|
||||||
#include <freerdp/utils/memory.h>
|
#include <freerdp/utils/memory.h>
|
||||||
|
|
||||||
#include "credssp.h"
|
#include <freerdp/auth/credssp.h>
|
||||||
|
|
||||||
#include "ntlmssp.h"
|
#include <freerdp/auth/ntlmssp.h>
|
||||||
|
|
||||||
#define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */
|
#define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */
|
||||||
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 /* V (1) */
|
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 /* V (1) */
|
@ -36,10 +36,6 @@ set(LIBFREERDP_CORE_SRCS
|
|||||||
info.h
|
info.h
|
||||||
input.c
|
input.c
|
||||||
input.h
|
input.h
|
||||||
credssp.c
|
|
||||||
credssp.h
|
|
||||||
ntlmssp.c
|
|
||||||
ntlmssp.h
|
|
||||||
license.c
|
license.c
|
||||||
license.h
|
license.h
|
||||||
errinfo.c
|
errinfo.c
|
||||||
@ -101,6 +97,7 @@ endif()
|
|||||||
target_link_libraries(freerdp-core freerdp-utils)
|
target_link_libraries(freerdp-core freerdp-utils)
|
||||||
target_link_libraries(freerdp-core freerdp-codec)
|
target_link_libraries(freerdp-core freerdp-codec)
|
||||||
target_link_libraries(freerdp-core freerdp-crypto)
|
target_link_libraries(freerdp-core freerdp-crypto)
|
||||||
|
target_link_libraries(freerdp-core freerdp-auth)
|
||||||
|
|
||||||
install(TARGETS freerdp-core DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
install(TARGETS freerdp-core DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||||
|
|
||||||
|
@ -127,6 +127,26 @@ boolean freerdp_check_fds(freerdp* instance)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int freerdp_transport_read(freerdp* instance, STREAM* s)
|
||||||
|
{
|
||||||
|
return transport_read(instance->context->rdp->transport, s);
|
||||||
|
}
|
||||||
|
|
||||||
|
int freerdp_transport_write(freerdp* instance, STREAM* s)
|
||||||
|
{
|
||||||
|
return transport_write(instance->context->rdp->transport, s);
|
||||||
|
}
|
||||||
|
|
||||||
|
STREAM* freerdp_transport_recv_stream_init(freerdp* instance, int size)
|
||||||
|
{
|
||||||
|
return transport_recv_stream_init(instance->context->rdp->transport, size);
|
||||||
|
}
|
||||||
|
|
||||||
|
STREAM* freerdp_transport_send_stream_init(freerdp* instance, int size)
|
||||||
|
{
|
||||||
|
return transport_send_stream_init(instance->context->rdp->transport, size);
|
||||||
|
}
|
||||||
|
|
||||||
void freerdp_send_keep_alive(freerdp* instance)
|
void freerdp_send_keep_alive(freerdp* instance)
|
||||||
{
|
{
|
||||||
input_send_synchronize_event(instance->context->rdp->input, 0);
|
input_send_synchronize_event(instance->context->rdp->input, 0);
|
||||||
|
@ -26,6 +26,8 @@
|
|||||||
#include <freerdp/utils/memory.h>
|
#include <freerdp/utils/memory.h>
|
||||||
#include <freerdp/utils/hexdump.h>
|
#include <freerdp/utils/hexdump.h>
|
||||||
|
|
||||||
|
#include <freerdp/auth/credssp.h>
|
||||||
|
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
@ -37,7 +39,6 @@
|
|||||||
|
|
||||||
#include "tpkt.h"
|
#include "tpkt.h"
|
||||||
#include "fastpath.h"
|
#include "fastpath.h"
|
||||||
#include "credssp.h"
|
|
||||||
#include "transport.h"
|
#include "transport.h"
|
||||||
|
|
||||||
#define BUFFER_SIZE 16384
|
#define BUFFER_SIZE 16384
|
||||||
@ -99,6 +100,9 @@ boolean transport_connect_tls(rdpTransport* transport)
|
|||||||
|
|
||||||
boolean transport_connect_nla(rdpTransport* transport)
|
boolean transport_connect_nla(rdpTransport* transport)
|
||||||
{
|
{
|
||||||
|
freerdp* instance;
|
||||||
|
rdpSettings* settings;
|
||||||
|
|
||||||
if (transport->tls == NULL)
|
if (transport->tls == NULL)
|
||||||
transport->tls = tls_new(transport->settings);
|
transport->tls = tls_new(transport->settings);
|
||||||
|
|
||||||
@ -113,8 +117,11 @@ boolean transport_connect_nla(rdpTransport* transport)
|
|||||||
if (transport->settings->authentication != true)
|
if (transport->settings->authentication != true)
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
settings = transport->settings;
|
||||||
|
instance = (freerdp*) settings->instance;
|
||||||
|
|
||||||
if (transport->credssp == NULL)
|
if (transport->credssp == NULL)
|
||||||
transport->credssp = credssp_new(transport);
|
transport->credssp = credssp_new(instance, transport->tls, settings);
|
||||||
|
|
||||||
if (credssp_authenticate(transport->credssp) < 0)
|
if (credssp_authenticate(transport->credssp) < 0)
|
||||||
{
|
{
|
||||||
@ -153,6 +160,9 @@ boolean transport_accept_tls(rdpTransport* transport)
|
|||||||
|
|
||||||
boolean transport_accept_nla(rdpTransport* transport)
|
boolean transport_accept_nla(rdpTransport* transport)
|
||||||
{
|
{
|
||||||
|
freerdp* instance;
|
||||||
|
rdpSettings* settings;
|
||||||
|
|
||||||
if (transport->tls == NULL)
|
if (transport->tls == NULL)
|
||||||
transport->tls = tls_new(transport->settings);
|
transport->tls = tls_new(transport->settings);
|
||||||
|
|
||||||
@ -167,8 +177,11 @@ boolean transport_accept_nla(rdpTransport* transport)
|
|||||||
if (transport->settings->authentication != true)
|
if (transport->settings->authentication != true)
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
|
settings = transport->settings;
|
||||||
|
instance = (freerdp*) settings->instance;
|
||||||
|
|
||||||
if (transport->credssp == NULL)
|
if (transport->credssp == NULL)
|
||||||
transport->credssp = credssp_new(transport);
|
transport->credssp = credssp_new(instance, transport->tls, settings);
|
||||||
|
|
||||||
if (credssp_authenticate(transport->credssp) < 0)
|
if (credssp_authenticate(transport->credssp) < 0)
|
||||||
{
|
{
|
||||||
|
@ -31,8 +31,7 @@ typedef struct rdp_transport rdpTransport;
|
|||||||
|
|
||||||
#include "tcp.h"
|
#include "tcp.h"
|
||||||
#include <freerdp/crypto/tls.h>
|
#include <freerdp/crypto/tls.h>
|
||||||
|
#include <freerdp/auth/credssp.h>
|
||||||
#include "credssp.h"
|
|
||||||
|
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <freerdp/types.h>
|
#include <freerdp/types.h>
|
||||||
|
@ -28,6 +28,7 @@ add_library(freerdp-crypto ${FREERDP_CRYPTO_SRCS})
|
|||||||
|
|
||||||
set_target_properties(freerdp-crypto PROPERTIES VERSION ${FREERDP_VERSION_FULL} SOVERSION ${FREERDP_VERSION} PREFIX "lib")
|
set_target_properties(freerdp-crypto PROPERTIES VERSION ${FREERDP_VERSION_FULL} SOVERSION ${FREERDP_VERSION} PREFIX "lib")
|
||||||
|
|
||||||
|
target_link_libraries(freerdp-crypto freerdp-utils)
|
||||||
target_link_libraries(freerdp-crypto ${OPENSSL_LIBRARIES})
|
target_link_libraries(freerdp-crypto ${OPENSSL_LIBRARIES})
|
||||||
|
|
||||||
install(TARGETS freerdp-crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
install(TARGETS freerdp-crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||||
|
Loading…
Reference in New Issue
Block a user