In commit 0e1a073384 there was a mistake -
originally code said different then kerberos. Because of that NLA authentication
of server side didn't work for me.
FreeRDP currently only supports CredSSP protocol version 3. However the
current implementation always sent back the version received by the
server indicating that this version was supported.
With recent windows updates applied the protocol changed and this approach
doesn't work anymore (see
https://msdn.microsoft.com/en-us/library/mt752485.aspx for protocol changes).
With this fix FreeRDP always sends version 3 as supported version.
Credit goes to @mfleisz.
Fixes#4449
Previously, the code prompted for the password even if a RedirectionPassword
was provided.
With this change the prompt is only shown if both settins->Password and
settings->RedirectionPassword is absent.
Adds a callback that allows servers to compute NTLM hashes by themselves. The typical
use of this callback is to provide a function that gives precomputed hash values.
Sponsored by: Wheel Systems (http://www.wheelsystems.com)
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
Details: cbSecurityTrailer was assumed to be a fixed length for all signatures, however for Kerberos authentication the signature may generate smaller than this value
build-config.h should contain configure/compile time settings that are
relevant for projects that use FreeRDP.
For example the compiled in plugin search paths.
It was supported in freerdp 1.0.2 but not supported in lastest master.
We should take empty password if it is explicitly specified with /v option.
If a password is not specified, we could first try SAM file. If the user entry does not exist, prompt for password.
The token buffer size during authentication was constructed
from the wrong buffer size. These sizes are equal in case of
local account logins but differ with domain accounts.
When using NULL credentials (current context)
the server state machine did not send back the
required authentication token.
On client side erroneous checks prevented sending
the appropriate public key.