libfreerdp-auth: move authentication code out of libfreerdp-core

This commit is contained in:
Marc-André Moreau 2012-02-17 17:12:21 -05:00
parent b8882a8ad2
commit 8cab067498
12 changed files with 102 additions and 29 deletions

View File

@ -163,6 +163,7 @@ add_subdirectory(libfreerdp-rail)
add_subdirectory(libfreerdp-cache) add_subdirectory(libfreerdp-cache)
add_subdirectory(libfreerdp-codec) add_subdirectory(libfreerdp-codec)
add_subdirectory(libfreerdp-crypto) add_subdirectory(libfreerdp-crypto)
add_subdirectory(libfreerdp-auth)
add_subdirectory(libfreerdp-channels) add_subdirectory(libfreerdp-channels)
add_subdirectory(libfreerdp-core) add_subdirectory(libfreerdp-core)
@ -189,3 +190,4 @@ string(TOLOWER ${CMAKE_PROJECT_NAME} CMAKE_PROJECT_NAME_lower)
set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME_lower}-${FREERDP_VERSION_FULL}") set(CPACK_SOURCE_PACKAGE_FILE_NAME "${CMAKE_PROJECT_NAME_lower}-${FREERDP_VERSION_FULL}")
include(CPack) include(CPack)

View File

@ -26,8 +26,7 @@ typedef struct rdp_credssp rdpCredssp;
#include <freerdp/crypto/ber.h> #include <freerdp/crypto/ber.h>
#include <freerdp/crypto/crypto.h> #include <freerdp/crypto/crypto.h>
#include "transport.h" #include <freerdp/freerdp.h>
#include <freerdp/settings.h>
#include <freerdp/utils/blob.h> #include <freerdp/utils/blob.h>
#include <freerdp/utils/memory.h> #include <freerdp/utils/memory.h>
#include <freerdp/utils/stream.h> #include <freerdp/utils/stream.h>
@ -37,16 +36,17 @@ typedef struct rdp_credssp rdpCredssp;
struct rdp_credssp struct rdp_credssp
{ {
rdpTls* tls;
freerdp* instance;
boolean server; boolean server;
rdpBlob negoToken; rdpBlob negoToken;
rdpBlob pubKeyAuth; rdpBlob pubKeyAuth;
rdpBlob authInfo; rdpBlob authInfo;
int send_seq_num; int send_seq_num;
rdpBlob ts_credentials; rdpBlob ts_credentials;
rdpSettings* settings;
CryptoRc4 rc4_seal_state; CryptoRc4 rc4_seal_state;
struct _NTLMSSP *ntlmssp; struct _NTLMSSP *ntlmssp;
struct rdp_transport* transport; rdpSettings* settings;
}; };
int credssp_authenticate(rdpCredssp* credssp); int credssp_authenticate(rdpCredssp* credssp);
@ -62,7 +62,7 @@ void credssp_encode_ts_credentials(rdpCredssp* credssp);
void credssp_current_time(uint8* timestamp); void credssp_current_time(uint8* timestamp);
void credssp_rc4k(uint8* key, int length, uint8* plaintext, uint8* ciphertext); void credssp_rc4k(uint8* key, int length, uint8* plaintext, uint8* ciphertext);
rdpCredssp* credssp_new(rdpTransport* transport); rdpCredssp* credssp_new(freerdp* instance, rdpTls* tls, rdpSettings* settings);
void credssp_free(rdpCredssp* credssp); void credssp_free(rdpCredssp* credssp);
#endif /* __CREDSSP_H */ #endif /* __CREDSSP_H */

View File

@ -35,6 +35,7 @@ typedef struct rdp_freerdp_peer freerdp_peer;
#include <freerdp/types.h> #include <freerdp/types.h>
#include <freerdp/settings.h> #include <freerdp/settings.h>
#include <freerdp/extension.h> #include <freerdp/extension.h>
#include <freerdp/utils/stream.h>
#include <freerdp/input.h> #include <freerdp/input.h>
#include <freerdp/update.h> #include <freerdp/update.h>
@ -109,6 +110,12 @@ FREERDP_API boolean freerdp_disconnect(freerdp* instance);
FREERDP_API boolean freerdp_get_fds(freerdp* instance, void** rfds, int* rcount, void** wfds, int* wcount); FREERDP_API boolean freerdp_get_fds(freerdp* instance, void** rfds, int* rcount, void** wfds, int* wcount);
FREERDP_API boolean freerdp_check_fds(freerdp* instance); FREERDP_API boolean freerdp_check_fds(freerdp* instance);
FREERDP_API int freerdp_transport_read(freerdp* instance, STREAM* s);
FREERDP_API int freerdp_transport_write(freerdp* instance, STREAM* s);
FREERDP_API STREAM* freerdp_transport_recv_stream_init(freerdp* instance, int size);
FREERDP_API STREAM* freerdp_transport_send_stream_init(freerdp* instance, int size);
FREERDP_API void freerdp_send_keep_alive(freerdp* instance); FREERDP_API void freerdp_send_keep_alive(freerdp* instance);
FREERDP_API uint32 freerdp_error_info(freerdp* instance); FREERDP_API uint32 freerdp_error_info(freerdp* instance);

View File

@ -0,0 +1,32 @@
# FreeRDP: A Remote Desktop Protocol Client
# libfreerdp-auth cmake build script
#
# Copyright 2011 O.S. Systems Software Ltda.
# Copyright 2011 Otavio Salvador <otavio@ossystems.com.br>
# Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set(FREERDP_AUTH_SRCS
credssp.c
ntlmssp.c)
add_library(freerdp-auth ${FREERDP_AUTH_SRCS})
set_target_properties(freerdp-auth PROPERTIES VERSION ${FREERDP_VERSION_FULL} SOVERSION ${FREERDP_VERSION} PREFIX "lib")
target_link_libraries(freerdp-auth freerdp-utils)
target_link_libraries(freerdp-auth freerdp-crypto)
install(TARGETS freerdp-auth DESTINATION ${CMAKE_INSTALL_LIBDIR})

View File

@ -22,9 +22,10 @@
#endif #endif
#include <time.h> #include <time.h>
#include "ntlmssp.h" #include <freerdp/auth/ntlmssp.h>
#include <freerdp/auth/credssp.h>
#include "credssp.h"
/** /**
* TSRequest ::= SEQUENCE { * TSRequest ::= SEQUENCE {
* version [0] INTEGER, * version [0] INTEGER,
@ -76,7 +77,7 @@ int credssp_ntlmssp_client_init(rdpCredssp* credssp)
{ {
freerdp* instance; freerdp* instance;
NTLMSSP* ntlmssp = credssp->ntlmssp; NTLMSSP* ntlmssp = credssp->ntlmssp;
rdpSettings* settings = credssp->transport->settings; rdpSettings* settings = credssp->settings;
instance = (freerdp*) settings->instance; instance = (freerdp*) settings->instance;
if ((settings->password == NULL) || (settings->username == NULL)) if ((settings->password == NULL) || (settings->username == NULL))
@ -266,7 +267,7 @@ void credssp_encrypt_public_key(rdpCredssp* credssp, rdpBlob* d)
uint8 signature[16]; uint8 signature[16];
rdpBlob encrypted_public_key; rdpBlob encrypted_public_key;
NTLMSSP *ntlmssp = credssp->ntlmssp; NTLMSSP *ntlmssp = credssp->ntlmssp;
tls = credssp->transport->tls; tls = credssp->tls;
freerdp_blob_alloc(d, tls->public_key.length + 16); freerdp_blob_alloc(d, tls->public_key.length + 16);
ntlmssp_encrypt_message(ntlmssp, &tls->public_key, &encrypted_public_key, signature); ntlmssp_encrypt_message(ntlmssp, &tls->public_key, &encrypted_public_key, signature);
@ -305,7 +306,7 @@ int credssp_verify_public_key(rdpCredssp* credssp, rdpBlob* d)
uint8* signature; uint8* signature;
rdpBlob public_key; rdpBlob public_key;
rdpBlob encrypted_public_key; rdpBlob encrypted_public_key;
rdpTls* tls = credssp->transport->tls; rdpTls* tls = credssp->tls;
signature = d->data; signature = d->data;
encrypted_public_key.data = (void*) (signature + 16); encrypted_public_key.data = (void*) (signature + 16);
@ -572,7 +573,7 @@ void credssp_send(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rd
ber_write_octet_string(s, pubKeyAuth->data, length); ber_write_octet_string(s, pubKeyAuth->data, length);
} }
transport_write(credssp->transport, s); freerdp_transport_write(credssp->instance, s);
stream_free(s); stream_free(s);
} }
@ -592,8 +593,8 @@ int credssp_recv(rdpCredssp* credssp, rdpBlob* negoToken, rdpBlob* authInfo, rdp
int status; int status;
uint32 version; uint32 version;
s = transport_recv_stream_init(credssp->transport, 2048); s = freerdp_transport_recv_stream_init(credssp->instance, 2048);
status = transport_read(credssp->transport, s); status = freerdp_transport_read(credssp->instance, s);
if (status < 0) if (status < 0)
return -1; return -1;
@ -677,7 +678,7 @@ void credssp_current_time(uint8* timestamp)
* @return new CredSSP state machine. * @return new CredSSP state machine.
*/ */
rdpCredssp* credssp_new(rdpTransport* transport) rdpCredssp* credssp_new(freerdp* instance, rdpTls* tls, rdpSettings* settings)
{ {
rdpCredssp* credssp; rdpCredssp* credssp;
@ -685,11 +686,12 @@ rdpCredssp* credssp_new(rdpTransport* transport)
if (credssp != NULL) if (credssp != NULL)
{ {
credssp->transport = transport; credssp->instance = instance;
credssp->send_seq_num = 0; credssp->settings = settings;
credssp->settings = transport->settings; credssp->server = settings->server_mode;
credssp->tls = tls;
credssp->server = credssp->settings->server_mode; credssp->send_seq_num = 0;
if (credssp->server) if (credssp->server)
credssp->ntlmssp = ntlmssp_server_new(); credssp->ntlmssp = ntlmssp_server_new();

View File

@ -25,9 +25,9 @@
#include <openssl/engine.h> #include <openssl/engine.h>
#include <freerdp/utils/memory.h> #include <freerdp/utils/memory.h>
#include "credssp.h" #include <freerdp/auth/credssp.h>
#include "ntlmssp.h" #include <freerdp/auth/ntlmssp.h>
#define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */ #define NTLMSSP_NEGOTIATE_56 0x80000000 /* W (0) */
#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 /* V (1) */ #define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 /* V (1) */

View File

@ -36,10 +36,6 @@ set(LIBFREERDP_CORE_SRCS
info.h info.h
input.c input.c
input.h input.h
credssp.c
credssp.h
ntlmssp.c
ntlmssp.h
license.c license.c
license.h license.h
errinfo.c errinfo.c
@ -101,6 +97,7 @@ endif()
target_link_libraries(freerdp-core freerdp-utils) target_link_libraries(freerdp-core freerdp-utils)
target_link_libraries(freerdp-core freerdp-codec) target_link_libraries(freerdp-core freerdp-codec)
target_link_libraries(freerdp-core freerdp-crypto) target_link_libraries(freerdp-core freerdp-crypto)
target_link_libraries(freerdp-core freerdp-auth)
install(TARGETS freerdp-core DESTINATION ${CMAKE_INSTALL_LIBDIR}) install(TARGETS freerdp-core DESTINATION ${CMAKE_INSTALL_LIBDIR})

View File

@ -127,6 +127,26 @@ boolean freerdp_check_fds(freerdp* instance)
return true; return true;
} }
int freerdp_transport_read(freerdp* instance, STREAM* s)
{
return transport_read(instance->context->rdp->transport, s);
}
int freerdp_transport_write(freerdp* instance, STREAM* s)
{
return transport_write(instance->context->rdp->transport, s);
}
STREAM* freerdp_transport_recv_stream_init(freerdp* instance, int size)
{
return transport_recv_stream_init(instance->context->rdp->transport, size);
}
STREAM* freerdp_transport_send_stream_init(freerdp* instance, int size)
{
return transport_send_stream_init(instance->context->rdp->transport, size);
}
void freerdp_send_keep_alive(freerdp* instance) void freerdp_send_keep_alive(freerdp* instance)
{ {
input_send_synchronize_event(instance->context->rdp->input, 0); input_send_synchronize_event(instance->context->rdp->input, 0);

View File

@ -26,6 +26,8 @@
#include <freerdp/utils/memory.h> #include <freerdp/utils/memory.h>
#include <freerdp/utils/hexdump.h> #include <freerdp/utils/hexdump.h>
#include <freerdp/auth/credssp.h>
#include <time.h> #include <time.h>
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
@ -37,7 +39,6 @@
#include "tpkt.h" #include "tpkt.h"
#include "fastpath.h" #include "fastpath.h"
#include "credssp.h"
#include "transport.h" #include "transport.h"
#define BUFFER_SIZE 16384 #define BUFFER_SIZE 16384
@ -99,6 +100,9 @@ boolean transport_connect_tls(rdpTransport* transport)
boolean transport_connect_nla(rdpTransport* transport) boolean transport_connect_nla(rdpTransport* transport)
{ {
freerdp* instance;
rdpSettings* settings;
if (transport->tls == NULL) if (transport->tls == NULL)
transport->tls = tls_new(transport->settings); transport->tls = tls_new(transport->settings);
@ -113,8 +117,11 @@ boolean transport_connect_nla(rdpTransport* transport)
if (transport->settings->authentication != true) if (transport->settings->authentication != true)
return true; return true;
settings = transport->settings;
instance = (freerdp*) settings->instance;
if (transport->credssp == NULL) if (transport->credssp == NULL)
transport->credssp = credssp_new(transport); transport->credssp = credssp_new(instance, transport->tls, settings);
if (credssp_authenticate(transport->credssp) < 0) if (credssp_authenticate(transport->credssp) < 0)
{ {
@ -153,6 +160,9 @@ boolean transport_accept_tls(rdpTransport* transport)
boolean transport_accept_nla(rdpTransport* transport) boolean transport_accept_nla(rdpTransport* transport)
{ {
freerdp* instance;
rdpSettings* settings;
if (transport->tls == NULL) if (transport->tls == NULL)
transport->tls = tls_new(transport->settings); transport->tls = tls_new(transport->settings);
@ -167,8 +177,11 @@ boolean transport_accept_nla(rdpTransport* transport)
if (transport->settings->authentication != true) if (transport->settings->authentication != true)
return true; return true;
settings = transport->settings;
instance = (freerdp*) settings->instance;
if (transport->credssp == NULL) if (transport->credssp == NULL)
transport->credssp = credssp_new(transport); transport->credssp = credssp_new(instance, transport->tls, settings);
if (credssp_authenticate(transport->credssp) < 0) if (credssp_authenticate(transport->credssp) < 0)
{ {

View File

@ -31,8 +31,7 @@ typedef struct rdp_transport rdpTransport;
#include "tcp.h" #include "tcp.h"
#include <freerdp/crypto/tls.h> #include <freerdp/crypto/tls.h>
#include <freerdp/auth/credssp.h>
#include "credssp.h"
#include <time.h> #include <time.h>
#include <freerdp/types.h> #include <freerdp/types.h>

View File

@ -28,6 +28,7 @@ add_library(freerdp-crypto ${FREERDP_CRYPTO_SRCS})
set_target_properties(freerdp-crypto PROPERTIES VERSION ${FREERDP_VERSION_FULL} SOVERSION ${FREERDP_VERSION} PREFIX "lib") set_target_properties(freerdp-crypto PROPERTIES VERSION ${FREERDP_VERSION_FULL} SOVERSION ${FREERDP_VERSION} PREFIX "lib")
target_link_libraries(freerdp-crypto freerdp-utils)
target_link_libraries(freerdp-crypto ${OPENSSL_LIBRARIES}) target_link_libraries(freerdp-crypto ${OPENSSL_LIBRARIES})
install(TARGETS freerdp-crypto DESTINATION ${CMAKE_INSTALL_LIBDIR}) install(TARGETS freerdp-crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})