Commit Graph

50 Commits

Author SHA1 Message Date
Ondrej Holy
73991c48ce [winpr,ncrypt] obtain module path from provider
Currently, the module path is hardcoded in the build_pkinit_args function.
Let's obtain the module path from provider as a preparation for the
follow-up changes.
2024-04-22 17:42:52 +02:00
Armin Novak
1b7e0ffb97 [core,smartcard] allow userhint to match UPN
the username might match the UPN of the smartcard certificate. If not
fall back to compare to userHint
2024-04-04 14:05:39 +02:00
akallabeth
d7ebec5a65 [tidy] move loop variable declaration to loop 2024-02-22 12:31:50 +01:00
akallabeth
0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
akallabeth
207def5c56 [clang-tidy] readability-isolate-declaration 2024-02-15 11:49:16 +01:00
Armin Novak
6e6559c41a [settings] fix type mismatch warnings 2023-11-24 14:54:56 +01:00
Armin Novak
6c01433f6a [core,smartcardlogon] fix warnings 2023-07-27 20:02:43 +02:00
Armin Novak
81e95e51ca [winpr,ncrypt] log problems during cert enumeration 2023-06-07 23:05:54 +02:00
fifthdegree
449b96adb2 Use popup browser for AAD auth in SDL client
Optionally build the SDL client with Qt WebEngine to create a popup
browser for authentication to AAD. Also change the URL output on the
command line to use the "nativeclient" redirect for easier copy/pasting
of the authorization code.
2023-05-23 06:04:55 +02:00
fifthdegree
ba7fdcb5f0 Move alloc_sprintf into the winpr string api 2023-05-23 06:04:55 +02:00
David Fort
a659290bd9 [smartcard] fix smartcard listing with /kerberos:pkcs11-module:<path>
When a PKCS11 module was provided, the CSP could not be set by command line
arguments, leading to an error when loading the ncrypt module, and an empty
smartcard list.
2023-05-17 10:50:45 +02:00
Martin Fleisz
4859a5dfd4 core: Fix possible memory leak in smartcard certificate enumeration
When enumerating smartcard certificates we check if we have duplicates
in our certificate list. In case we detect a duplicate we just return
`TRUE` (indicating that we consumed the certificate info) but do not
free the smartcard info instance.
2023-04-28 11:45:59 +02:00
akallabeth
a5b42f0f84 [includes] untangled circular includes 2023-03-15 08:22:23 +01:00
akallabeth
34c056e163 [core,smartcard] fix WCHAR compare, use _wcscmp 2023-03-09 11:17:37 +01:00
Martin Fleisz
09b2096cf2 core: Add CAPI support for enumerating smart card key containers
Windows seems to favor using the legacy Crypto API (CAPI) for
enumerating RSA key containers and only relies on the newer CNG APIs for
ECC keys.

This PR adds support for CAPI key container enumeration on Windows.

The PR also fixes an issue where the CSP was always set to the MS Base
Smart Card Provider during NLA authentication.
2023-02-22 17:10:47 +01:00
Armin Novak
25023d3a3a [client,scard] fix missing callback instance arg
every callback requires context, add freerdp* instance just as the
Authenticate et al callbacks already have
2023-02-15 13:34:18 +01:00
akallabeth
87b30958a6 [cyrpto] unify PEM read/write
use crypto_read_pem and crypto_write_pem in all places required
2023-02-12 20:17:11 +01:00
akallabeth
4499a55f43 [core,smartcardlogon] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
7ab917dca8 Fixed Wsign-compare warnings 2022-12-09 15:58:26 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
2022-11-28 10:42:36 +01:00
Armin Novak
31c1700c0c Fixed -Wunused-variable 2022-11-21 10:12:31 +01:00
Richard E. Silverman
2c39bb41a8 fix use of return code from list_provider_keys()
list_provider_keys() returns a Boolean, true == success. But
smartcard_hw_enumerateCerts() expects the return value on success to
be ERROR_SUCCESS == 0, and so inverts success/failure.
2022-11-16 11:50:15 +01:00
akallabeth
1e67db7c08 Do blockwise write, use winpr_DeleteFile 2022-10-25 13:58:05 +02:00
akallabeth
6e7b91c5ad Fixed smartcard logon file leak
The certificate and private key temporary files have not been
cleaned up under certain error conditions.
2022-10-25 13:58:05 +02:00
akallabeth
a8650d9a3d Fix certificate and private key checks for smartcard logon 2022-10-25 13:58:05 +02:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
2022-10-24 22:22:00 +02:00
fifthdegree
eb04eb0008 Support using smartcard for gateway authentication 2022-10-19 18:55:38 +02:00
fifthdegree
e847f159a6 Try to use the smartcard key name Windows uses
Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
2022-10-19 18:55:38 +02:00
fifthdegree
9d0beaccae smartcardlogon: choose a single smartcard to use
Require a single smartcard certificate to be chosen and define a
callback to choose when more than one is available.
2022-10-19 18:55:38 +02:00
David Fort
57d2a27980 fix smartcard listing
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:

* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
2022-10-14 12:05:16 +02:00
David Fort
f76c14c256 fix smartcard logon with smartcard emulation
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.

It also add debug statement for the listing of smartcard keys / certs.

This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
2022-10-13 12:03:58 +02:00
David Fort
3947294ffb Adjust smartcard listing
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.

This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
2022-10-06 16:06:35 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254)
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
David Fort
c7ef66f978
smartcard: also filter certificate by domain name (#8160)
Command line username is used to filter the smartcard certificates during enumeration,
this patch also add the domain as a filter.
2022-08-30 09:00:47 +02:00
fifthdegree
decc55c30d
smartcardlogon: make error retrieving atr non-fatal (#8087)
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
2022-07-22 09:42:18 +02:00
Martin Fleisz
145caf829b core: Use _strdup instead of strdup 2022-07-21 15:59:43 +02:00
akallabeth
3d9c972d5c
Replace direct rdpSettings access with getter/setter (#7867)
* Replace direct rdpSettings access with getter/setter

* Fixed xf_gdi_update_screen const warning
2022-05-02 10:55:44 +02:00
akallabeth
6fd71fe737 Eliminate Dead nested assignment warnings 2022-04-28 12:37:19 +02:00
David Fort
f232562d8b smartcard: take in account the module path for listing smartcards
The PKCS1 module was taken only for the kerberos part.
Also make as exported the winpr_NCryptOpenStorageProviderEx function.
2022-04-15 09:06:09 +02:00
akallabeth
7b5ebced28 Fixed use of rdpSettings, prefer getter/setter 2022-03-28 15:52:32 +02:00
akallabeth
850e0b107f Discard SmartcardCerts in case of error. 2022-03-03 08:15:28 +01:00
David Fort
f33c679552 smartcard: fix smartcard enumeration
There was a bug in smartcard listing that was leading to be unable to open a key
with slotId != 0. When any error or skipped item was happening during listing
the code was crashing.
2022-03-03 08:15:28 +01:00
Armin Novak
150674f341 Moved headers to appropriate places 2022-02-24 08:52:25 +01:00
David Fort
0435b5a65d Implement smartcard logon 2022-02-24 08:52:25 +01:00
Armin Novak
b3790d7454 Removed Smartcard files from settings
* Removed file names from settings
* Added temporary file creation for pkinit
2022-02-24 08:52:25 +01:00
Armin Novak
649527ef8d Fixed const correctness of freerdp_smartcard_list 2022-02-24 08:52:25 +01:00
David Fort
44c82cd929 Fixes various akallabeth remarks 2022-02-24 08:52:25 +01:00
David Fort
6a5521bb84 fix snprintf usage 2022-02-24 08:52:25 +01:00
Armin Novak
99d63ea89e Fixed missing static and WINPR_API 2022-02-24 08:52:25 +01:00
David Fort
cb351a099d Enable smartcard NLA logon 2022-02-24 08:52:25 +01:00