Commit Graph

77 Commits

Author SHA1 Message Date
akallabeth
2d248d1c96 [winpr,sspi] verbosly check NTLM context 2023-05-17 14:51:58 +02:00
akallabeth
93c5058aa5 [winpr,crypto] rc4 allocation check
* check success of winpr_RC4_New
* WINPR_ASSERT context when used
2023-05-17 14:51:58 +02:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Armin Novak
51e49b4329 [winpr,asn] Fixed a compiler warning
WinPrAsn1DecReadEnumerated expects an argument of type
WinPrAsn1_ENUMERATED* so ensure the variable referenced is of said type.
2022-12-15 14:57:29 +01:00
Armin Novak
f2016c77c5 [winpr] renamed WITH_GSS_NO_NTLM_FALLBACK 2022-12-09 12:36:12 +01:00
fifthdegree
ad87144ce5 Rename WITH_GSSAPI to WITH_KRB5
Change cmake variables to not be gssapi specific
2022-12-09 12:36:12 +01:00
Armin Novak
074f28073a [winpr,sspi] enable negotiate by default 2022-12-08 11:07:00 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
2022-11-28 10:42:36 +01:00
fifthdegree
ffe8e45aff Pass bindings through Negotiate on first call 2022-10-19 18:55:38 +02:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
akallabeth
2f84a4856c Fixed missing-field-initializers warnings 2022-10-11 13:28:30 +02:00
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
David Fort
58a3919435 winpr: add some checks in InitializeSecurityContext and AcceptSecurityContext
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
2022-10-10 09:01:04 +02:00
fifthdegree
d6c614b583 Fix bugs and add features in sspi packages
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
2022-10-06 21:33:01 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00
Marc-André Moreau
80a1fc6a98 add SetCredentialsAttributes SSPI function 2022-09-30 19:33:12 +02:00
Marc-André Moreau
3224a43ee3 use SecurityFunctionTable version 3 with SetCredentialsAttributes function pointer 2022-09-30 19:33:12 +02:00
Armin Novak
b3f70b047d Fix OId compare 2022-09-13 09:16:55 +02:00
fifthdegree
7901a26a16
Kerberos User 2 User support (#8070)
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
2022-08-17 12:25:26 +02:00
fifthdegree
54bbe33123
spnego: add missing check (#8069)
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
2022-07-15 08:33:28 +02:00
fifthdegree
dfa231c0a5
spnego: correctly set output buffer size (#8060)
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
2022-07-12 10:08:44 +02:00
Armin Novak
36c7c0320b Fixed review comments 2022-07-07 17:31:49 +02:00
fifthdegree
362ae93a64 spnego: some cleanups and fixes 2022-07-07 17:31:49 +02:00
David Fort
8b5df3fa92 spnego: cleanup the guess of the input token 2022-07-07 17:31:49 +02:00
David Fort
b128ec4fba spnego: add various check and fixes 2022-07-07 17:31:49 +02:00
David Fort
6c834eaa15 winpr: adjust negotiate_GetMechByOID function 2022-07-07 17:31:49 +02:00
fifthdegree
2a3c92b4cc spnego: use winpr asn.1 library 2022-07-07 17:31:49 +02:00
akallabeth
39bd78d2fb Fixed missing includes 2022-06-29 18:10:33 +02:00
akallabeth
99cda9249f Fixed uninitialized warnings 2022-06-29 18:10:33 +02:00
akallabeth
684ada9c0e Fixed uninitialized warnings 2022-06-29 18:10:33 +02:00
akallabeth
25c120d25d Fixed type mismatches and memory leaks 2022-06-27 11:21:24 +02:00
akallabeth
bc8b4ade1c reformatted 2022-06-23 08:48:39 +02:00
fifthdegree
8ac977e671 make sure existing ccache credentials are not expired 2022-06-21 10:27:17 +02:00
David Fort
90a2b9a10c Various fixes in negotiate.c 2022-06-21 10:27:17 +02:00
fifthdegree
c51348a33b fixes 2022-06-21 10:27:17 +02:00
fifthdegree
6d3aa52496 set SAM file and hash callback on credential rather than context 2022-06-21 10:27:17 +02:00
fifthdegree
eeece1a027 server-side kerberos (and some fixes) 2022-06-21 10:27:17 +02:00
fifthdegree
8d9f990124 some more tweaks 2022-06-21 10:27:17 +02:00
fifthdegree
a359124339 some small fixes and changes 2022-06-21 10:27:17 +02:00
fifthdegree
1c012b09b8 implement proper SPNEGO negotiation 2022-06-21 10:27:17 +02:00
akallabeth
c2e882c509
Nla server cleanup && server auth fix (#7743)
* Reduce negotiate logging verbosity

* Remove duplicate pointers from rdpNla

* Fixed server nla auth

* Encapsulated nla_server_recv_credentials
2022-03-25 10:47:05 +01:00
Armin Novak
6ed50b4b1d Refactored WinPR includes 2022-03-03 11:26:48 +01:00
David Fort
cb351a099d Enable smartcard NLA logon 2022-02-24 08:52:25 +01:00
Armin Novak
8231a7e7a7 Added runtime configuration option for kerberos/NTLM fallback 2022-02-15 13:43:36 +00:00
akallabeth
2d2627deab
Fixed SSPI fallback to NTLM (#7642)
* Fixed SSPI fallback to NTLM

* Fixed wide/ansi mixup

* WITH_GSS fixes

* Move to WinPR as this is not related to FreeRDP
* Add option WITH_GSS_NO_NTLM_FALLBACK to disable NTLM fallback

* Abort NLA if status is SEC_E_NO_CREDENTIALS

* Properly invalidate sspi::SubContext
2022-02-15 09:04:17 +01:00
akallabeth
8cc6582044
Unify struct definitions (#7633)
* Unified enum/struct definitions, fixed include issues

* Fixed mac compilation issues

* Added missing include

* Fixed windows server build warnings

* Fixed VS2010 build issue

* Removed unnecessary library linking

* Fixed ThreadPool WinXP compatibility

* Fixed pr review remarks
2022-02-14 14:59:22 +01:00
David Fort
02535ea200 winpr: fix a crash when kerberos fails during negociation 2022-01-19 18:03:52 +01:00
Armin Novak
610396e197 Fixed compilation warnings
Try to get the number of warnings down
2021-08-02 10:28:06 +02:00
akallabeth
6726772d8d Fixed integer warnings 2021-06-18 09:41:02 +02:00