Commit Graph

131 Commits

Author SHA1 Message Date
Tobias
a4df4f7bbf
Do not prompt if blank password was provided 2018-09-19 15:36:24 +02:00
Armin Novak
62c1696d4c Removed use of unchecked sprintf 2018-08-27 14:34:42 +02:00
Ondrej Holy
2417a6a16c core/nla: Fix leak found by covscan
leaked_storage: Variable "s" going out of scope leaks the storage it points to.
2018-08-22 14:34:02 +02:00
Armin Novak
398da7340b Added no or missing credentail error. 2018-07-05 16:12:52 +02:00
Armin Novak
458e51eae8 Do not set password to identity if pth is used. 2018-05-04 10:40:55 +02:00
Armin Novak
5b961e9c75 Fixed /pth: Consistently treat the hash offset to password length. 2018-05-03 17:51:11 +02:00
Mariusz Zaborski
dc2c826edd Fix checking of krb in encrypt public key echo.
In commit 0e1a073384 there was a mistake -
originally code said different then kerberos. Because of that NLA authentication
of server side didn't work for me.
2018-04-09 15:09:38 +02:00
Martin Fleisz
5c59b5f2b8 cssp: Fix handling of nonce 2018-03-29 21:42:14 +02:00
Martin Fleisz
eb1f693fc4 cssp: Separate client/server version handling (#4502) 2018-03-23 12:12:08 +01:00
Martin Fleisz
e9ba4b58ec cssp: Fix warnings (#4503) 2018-03-21 12:57:58 +01:00
Martin Fleisz
8df96364f2 cssp: Add support for protocol version 6 2018-03-20 10:37:38 +01:00
Bernhard Miklautz
e7ae3f6bab fix nla: don't use server version
FreeRDP currently only supports CredSSP protocol version 3. However the
current implementation always sent back the version received by the
server indicating that this version was supported.
With recent windows updates applied the protocol changed and this approach
doesn't work anymore (see
https://msdn.microsoft.com/en-us/library/mt752485.aspx for protocol changes).

With this fix FreeRDP always sends version 3 as supported version.

Credit goes to @mfleisz.

Fixes #4449
2018-03-14 14:04:56 +01:00
Martin Fleisz
07f05c5cb3 nla: Add NULL pointer check 2018-03-06 15:39:03 +01:00
Armin Novak
53d2150e00 Fixed windows unicode authentication. 2018-02-13 11:29:56 +01:00
Armin Novak
29f2d2d9bb Fixed missing packageName setup in server NLA 2018-01-17 09:09:58 +01:00
Armin Novak
0e1a073384 Simplified package name comparisons. 2018-01-17 08:18:45 +01:00
Armin Novak
dc3d536398 Changed length arguments and return to size_t 2018-01-17 08:14:06 +01:00
Armin Novak
e4766c656e Fixed missing initialization warnings. 2017-12-21 11:04:32 +01:00
KOVACS Krisztian
7f5f40d392 core/nla: use RedirectionPassword if set in settings
Previously, the code prompted for the password even if a RedirectionPassword
was provided.

With this change the prompt is only shown if both settins->Password and
settings->RedirectionPassword is absent.
2017-12-06 16:32:56 +01:00
cedrozor
49f4b2a42e Fixed NLA for Negotiate and NTLM authentication (regression due to the recent addition of kerberos support) 2017-11-21 16:36:47 +01:00
Armin Novak
99f6c27488 Fixed uninitialized arguments. 2017-11-15 15:56:25 +01:00
David Fort
7bbc3cb8b7 Fix logic in nla_read_ts_credentials 2017-11-13 16:20:57 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00
Armin Novak
b86c0ba548 Fixed NLA default error to FREERDP_ERROR_AUTHENTICATION_FAILED 2017-11-08 11:32:34 +01:00
Armin Novak
7a73a0eb1b Added additional NLA error mappings. 2017-11-06 09:49:03 +01:00
Armin Novak
367bddd7ad Added better error mapping for NEGO results. 2017-10-25 09:58:13 +02:00
Armin Novak
bdae339268 Check and invalidate handles on free. 2017-09-19 12:36:13 +02:00
Armin Novak
11fa9f6753 Free credentials on exit. 2017-07-28 08:39:49 +02:00
Armin Novak
b0411d4faa Unexported internal NLA functions. 2017-07-28 08:38:07 +02:00
Armin Novak
ceda244165 Fixed uninitialized values and leaks. 2017-07-28 08:35:31 +02:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
davewheel
4bfb4dddbf Add a callback to provide NTLM hashes on server-side
Adds a callback that allows servers to compute NTLM hashes by themselves. The typical
use of this callback is to provide a function that gives precomputed hash values.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2017-05-18 14:24:24 +02:00
Armin Novak
88b6ff00d9 Fixed argument checks, formatting. 2017-03-03 14:11:28 +01:00
Armin Novak
b2c29158be Scanbuild warning, argument checks and leak fixes.
* Added Stream_GetRemainingCapacity to check remaining stream size
  before writes.
* Fixed shadow server memory leak.
* Fixed lots of scanbuild warnings
* Added missing argument checks in many functions
* Added missing static function declarations
2017-03-02 18:13:43 +01:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Marc-André Moreau
14cb6d33c6 freerdp: make modifications to NLA server-side fixes according to PR comments 2016-07-22 09:06:07 -04:00
Marc-André Moreau
801dc0f826 freerdp: add configurable NTLM SAM file option for server-side NLA 2016-07-21 18:58:24 -04:00
byteboon
158be3a9f0 fixed kerberos authentication
Details: cbSecurityTrailer was assumed to be a fixed length for all signatures, however for Kerberos authentication the signature may generate smaller than this value
2016-05-16 09:53:38 -07:00
Armin Novak
eacf2b542e Fixed memory leaks. 2016-05-12 10:01:30 +02:00
Martin Fleisz
5d956ebbb1 core: correctly set last error on credssp errors 2016-03-21 16:58:09 +01:00
Martin Fleisz
34a7c1860d core: Propagate credssp error code by setting last error 2016-03-21 10:23:18 +01:00
Martin Fleisz
1c2d315354 core: Add support for CredSSP version 3 2016-03-18 13:32:13 +01:00
Bernhard Miklautz
d73c4898c1 Add build-config.h
build-config.h should contain configure/compile time settings that are
relevant for projects that use FreeRDP.

For example the compiled in plugin search paths.
2015-11-09 15:54:22 +01:00
zihao.jiang
a7f4685c09 Sec/NLA: Support passwordless (blank password) login with NLA.
It was supported in freerdp 1.0.2 but not supported in lastest master.
We should take empty password if it is explicitly specified with /v option.
If a password is not specified, we could first try SAM file. If the user entry does not exist, prompt for password.
2015-10-10 01:48:41 +08:00
Armin Novak
18cea1c9ba Replaced cbMaxSignature with cbSecurityTrailer
The token buffer size during authentication was constructed
from the wrong buffer size. These sizes are equal in case of
local account logins but differ with domain accounts.
2015-07-09 10:09:18 +02:00
Armin Novak
ecf6ffdcce Fixed CompleteAuthToken return check. 2015-07-09 09:57:45 +02:00
Armin Novak
2fe5ecfc1b Fixed wrong output in log messages. 2015-07-08 17:41:23 +02:00
Martin Fleisz
9a2d33af12 Fixed missing encrypt / decrypt success check.
The return of EncryptMessage and DecryptMessage was unchecked.
This lead to PLAINTEXT to be sent over the wire, a major security
issue.
2015-07-08 17:41:23 +02:00
Armin Novak
5b0ee9b7ab Error checks and readable log messages. 2015-07-08 17:41:22 +02:00
Martin Fleisz
3b87cc0c07 Fixed server and client NLA state machine.
When using NULL credentials (current context)
the server state machine did not send back the
required authentication token.
On client side erroneous checks prevented sending
the appropriate public key.
2015-07-08 17:41:21 +02:00