Armin Novak
18cea1c9ba
Replaced cbMaxSignature with cbSecurityTrailer
...
The token buffer size during authentication was constructed
from the wrong buffer size. These sizes are equal in case of
local account logins but differ with domain accounts.
2015-07-09 10:09:18 +02:00
Armin Novak
ecf6ffdcce
Fixed CompleteAuthToken return check.
2015-07-09 09:57:45 +02:00
Armin Novak
2fe5ecfc1b
Fixed wrong output in log messages.
2015-07-08 17:41:23 +02:00
Martin Fleisz
9a2d33af12
Fixed missing encrypt / decrypt success check.
...
The return of EncryptMessage and DecryptMessage was unchecked.
This lead to PLAINTEXT to be sent over the wire, a major security
issue.
2015-07-08 17:41:23 +02:00
Armin Novak
5b0ee9b7ab
Error checks and readable log messages.
2015-07-08 17:41:22 +02:00
Martin Fleisz
3b87cc0c07
Fixed server and client NLA state machine.
...
When using NULL credentials (current context)
the server state machine did not send back the
required authentication token.
On client side erroneous checks prevented sending
the appropriate public key.
2015-07-08 17:41:21 +02:00
Armin Novak
3a9db563fd
NLA: Fixed length check.
2015-07-01 16:05:11 +02:00
Armin Novak
8479c824fd
Fixed handling of optional TSPasswordCreds field.
2015-07-01 15:30:38 +02:00
Armin Novak
6c0e1af4af
NLA decrypt credentials fixed.
2015-07-01 14:31:55 +02:00
Norbert Federa
20878e50fe
Merge pull request #2724 from bmiklautz/leak_fix
...
Fix leaks in certificate and identity handling
2015-06-26 15:30:00 +02:00
Bernhard Miklautz
77ef5a80de
nla: clear identity memory before releasing
2015-06-26 15:12:33 +02:00
Armin Novak
e8bfa29bd2
Replaced registry keys with cmake defines.
2015-06-24 14:02:48 +02:00
Bernhard Miklautz
2e87d0ee52
Fix leaks in certificate and identity handling
2015-06-23 15:40:37 +02:00
Armin Novak
212db120e0
Fixed NULL pointer dereference.
2015-06-23 12:07:38 +02:00
Bernhard Miklautz
09445c2b0e
nla and cmdline: integrated feedback
...
* fix possible problems with 0 size lengths
* add return value checks
2015-06-23 10:14:11 +02:00
Bernhard Miklautz
06502e6a91
misc: integrate pull request feedback
2015-06-22 19:24:30 +02:00
David FORT
7c3f8f33ab
Fixes for malloc / calloc + other fixes
...
This patch contains:
* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
bf73f4e4f1
Fix unchecked strdups
...
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Marc-André Moreau
3b3ffce042
Merge pull request #2705 from akallabeth/sspi_fix_v2
...
Sspi fix v2 - Fixes static build
2015-06-22 10:19:22 -04:00
Marc-André Moreau
1e39d7728c
Merge pull request #2702 from akallabeth/nla_null_identity_support
...
NLA Use current users credentials if none provided.
2015-06-22 08:53:05 -04:00
Armin Novak
3c329aa207
Using InitSecurityInterfaceEx(0) now.
2015-06-17 13:23:44 +02:00
Armin Novak
34253f2664
Let SSPI module choose which implementation to use.
2015-06-15 15:21:21 +02:00
Armin Novak
219ca1c02b
NLA identity now a pointer, allowing NULL.
...
When NLA identity is NULL, the current user context
is used on windows.
2015-06-15 15:03:13 +02:00
Martin Haimberger
951a2d2210
stream: check stream_new in winpr and libfreerdp
...
also fixed a few things
2015-05-29 04:46:50 -07:00
Norbert Federa
1eff1a345e
free can handle NULL perfectly fine
2015-05-11 09:07:39 +02:00
Bernhard Miklautz
850de59b55
winpr: add checks for *alloc
...
Add missing checks if memory allocation was successful. Also adapt
caller(s) when possible.
2015-04-08 11:34:37 +02:00
Martin Fleisz
8d783bd2f0
Fix server side NLA
2015-03-23 08:33:14 +01:00
Marc-André Moreau
0e57706de5
libfreerdp-core: cleanup connect error codes, fix Win32 NLA
2015-02-17 21:01:27 -05:00
Marc-André Moreau
9c7b7ab561
libfreerdp-core: make NLA event-driven
2015-02-15 16:04:59 -05:00
Marc-André Moreau
eddfee56a3
libfreerdp-core: prepare client-side NLA for event-driven structure
2015-02-15 14:54:10 -05:00
Marc-André Moreau
ab5fdcc3f1
libfreerdp-core: NLA cleanup
2015-02-15 11:10:14 -05:00
Marc-André Moreau
889ccefe0d
libfreerdp-core: remove TlsIn/TlsOut from rdpTransport
2015-02-12 16:22:25 -05:00
Marc-André Moreau
70fab69347
libfreerdp-core: gateway connection refactoring
2015-02-11 14:27:29 -05:00
Marc-André Moreau
aa8b843250
libfreerdp-core: move stuff down from transport to tsg layer
2015-02-11 11:57:02 -05:00
Marc-André Moreau
e0b0c77ecb
libfreerdp-core: improve http parsing
2015-02-02 17:16:32 -05:00
Armin Novak
2f519d7f16
Replaced logging in libfreerdp with wlog defines.
2014-09-15 08:48:46 +02:00
Armin Novak
6762d73ae1
Fixed winpr_HexDump calls.
2014-09-09 16:33:05 +02:00
Armin Novak
b22b897389
Reformatted changed files.
2014-09-09 16:32:22 +02:00
Armin Novak
f8eae11bf3
Fixed calling of dump functions, updated API
2014-09-09 16:31:46 +02:00
Armin Novak
bcb5f90ee6
Replaced perror with DEBUG_WARN
2014-08-11 09:19:23 +02:00
Armin Novak
b897c6a433
Replaced fprintf(stderr with DEBUG_WARN
2014-08-07 22:20:35 +02:00
Armin Novak
f4c133eaf8
Replaced custom logging mechanism with WLog wrapper.
2014-08-07 16:51:24 +02:00
Bernhard Miklautz
bdad9524dc
refactor transport_read_pdu and check_fds
...
transport_check_fds and transport_read_pdu had almost the same
functionality: reading and validating one pdu at a time.
Now transport_read_pdu reads one pdu from the transport layer and verifies
that the pdu data is valid - as before.
transport_read_pdu also ensures that the stream is sealed and
rewound when the pdu is received completely.
transport_check_fds just uses transport_read_pdu and does *not* do
the verification a second time based on the stream.
Besides the clean up this fixes the following problems:
* transport_read always read 4 bytes. Fast-path input synchronize pdus
are only 3 bytes long. In this case on byte got lost in the stream
buffer which lead to "de-synchronization" of server and
client.
* Size check in tpdu_read_connection_confirm - already read bytes
weren't taken into account.
2014-07-24 16:34:59 +02:00
Bernhard Miklautz
47dd22ba87
transport refactor
...
rename transport_read to transport_read_pdu. This name is more
descriptive what the function actually does.
2014-07-24 16:34:59 +02:00
Marc-André Moreau
723e9a171b
libwinpr-sspi: fix server-side NLA
2014-06-10 14:38:17 -04:00
Marc-André Moreau
03cf7933d9
libwinpr-sspi: start implementing and using negotiate sspi module
2014-06-07 16:26:57 -04:00
Marc-André Moreau
a07f616895
libwinpr-sspi: improve link interface
2014-06-07 10:50:51 -04:00
Marc-André Moreau
220f885774
libwinpr-sspi: code hardening
2014-06-06 17:20:34 -04:00
Marc-André Moreau
940e6fbc15
libwinpr-sspi: make native sspi option dynamic
2014-06-06 15:34:12 -04:00
Hardening
2edd8bee12
Misc fixes to check OOM
2014-04-10 21:10:19 +02:00
Benoît LeBlanc
3e1dfc6311
updated context error messages. utility macros for getting error code CLASS/TYPE
2014-03-21 13:45:43 -04:00
Benoît LeBlanc
d1b9565f51
Added context-specific error management.
...
Added error codes to replace connectErrorCode.
2014-03-20 18:19:54 -04:00
Marc-André Moreau
87be2e0f80
freerdp: add option to disable credentials delegation
2014-02-14 00:43:31 -05:00
Marc-André Moreau
8a44b2baa6
libfreerdp-core: add spn-class option
2014-02-12 00:43:02 -05:00
Marc-André Moreau
cdcd290c44
wfreerdp: fix most build warnings
2014-02-10 22:12:13 -05:00
Marc-André Moreau
5e4f77b05f
Merge branch 'master' of github.com:mrthebunny/FreeRDP
2013-12-18 21:52:41 -05:00
Marc-André Moreau
51ad85e0ee
libfreerdp-core: send Access Denied TLS alert when server-side NLA fails
2013-12-18 19:44:18 -05:00
Benoît LeBlanc
3adff0ec60
- added CANCELEDBYUSER error code.
...
- AUTHENTICATIONERROR error code correclty set on gateway authentication (http error 401)
- Better error handling on connection errors and user cancelation
2013-12-13 10:11:36 -05:00
Marc-André Moreau
b8a1f7d6c0
freerdp: implement restricted admin mode pass-the-hash option
2013-11-06 10:02:58 -05:00
Marc-André Moreau
a3d0e271b5
freerdp: add restricted admin option
2013-11-06 01:51:55 -05:00
Marc-André Moreau
938d423ec9
freerdp: fix build on Windows
2013-10-30 17:56:44 -04:00
Marc-André Moreau
8c4b1361d1
libfreerdp-core: merge with TSG TLS update
2013-10-28 20:20:18 -04:00
Dan Bungert
66ecabb647
Final cleanups - merge ready.
2013-10-28 16:59:02 -06:00
Dan Bungert
f02daaa2d5
More cleanups - remove LWD and all references.
2013-10-28 15:46:28 -06:00
Dan Bungert
c025042d07
NLA over TLS support
...
Improve credssp transport layer handling, so that it works
with the correct TLS object.
2013-10-28 14:39:10 -06:00
Benoît LeBlanc
801c1fe1d6
- Fixed crash in tls_read (unchecked null pointer)
...
- also check for empty string on username and password to launch authentication callback
2013-10-18 16:23:29 -04:00
Armin Novak
022439aa4c
Fixed coverity issue 1047611
2013-09-05 12:14:32 +02:00
Bernhard Miklautz
0773bb9303
nla: invalidate sec handle after creation
...
If sec pointer isn't invalidated after creation it is not possible
to check if the upper and lower pointers are valid.
This fixes a segfault in the server part if the client disconnects before
the authentication was finished.
2013-07-01 19:24:19 +02:00
Marc-André Moreau
2bd6808432
freerdp: merge with master
2013-06-05 10:31:01 -04:00
Marc-André Moreau
6e0cbdddb1
Merge pull request #1261 from simon-engledew/master
...
Ber Encoding Issue
2013-06-03 16:41:29 -07:00
Vic Lee
fb9606ea77
core/nla: fix non-standard C gramma.
2013-05-23 13:34:34 -07:00
Simon Engledew
bceec08367
Finished merging missing changes from pull request #1257 ( https://github.com/FreeRDP/FreeRDP/pull/1257 - commit 0dc22d5
). Correctly report the length of ts_password_creds.
2013-05-22 14:29:33 +01:00
Simon Engledew
0dc22d5a30
Fixed a range of BER boundary encoding bugs which would occur when any NLA packet hit the 127 character mark. Removed ber#get_content_length as it was not behaving deterministically.
2013-05-21 16:06:00 +01:00
Marc-André Moreau
367ebf32a3
freerdp: make use of stream macros to access members
2013-05-15 12:14:26 -04:00
Marc-André Moreau
fdf3ddcf9e
freerdp: purge deprecated stream utils
2013-05-08 17:48:30 -04:00
Marc-André Moreau
5b92413843
freerdp: purge deprecated stream utils
2013-05-08 16:09:16 -04:00
Marc-André Moreau
51715636a5
freerdp: remove some deprecated stream utils
2013-04-29 22:35:15 -04:00
Hardening
7701c9d934
Replace printf(...) by fprintf(stderr, ...)
2013-03-28 23:06:34 +01:00
Marc-André Moreau
a8201b0d1b
libwinpr-utils: combine old and new stream utils
2013-03-21 15:19:33 -04:00
Marc-André Moreau
62eec0c2b5
libfreerdp-utils: rename internal members of STREAM to match new wStream
2013-03-21 15:01:46 -04:00
Alexander Gottwald
026e9996d3
Issue #847 : protocol deadlock in NLA
...
fix ber_get_content_length and der_get_content_length to work for values
around 0x80 and 0x100
Fix nego_token, auth_info and pub_key_auth content length calculation in
credssp_send to fix a lockup in NLA protocol.
2013-02-26 21:32:36 +01:00
rdp.effort
2a6c62520f
checks BER decoding result and stream size when processing NLA packets
2013-01-11 01:27:19 +01:00
Marc-André Moreau
a02090c09b
libfreerdp-utils: fix unicode conversion
2012-12-16 23:00:40 -05:00
Marc-André Moreau
6450ecd67f
libfreerdp-core: fix windows build
2012-12-12 23:18:20 -05:00
Marc-André Moreau
83473d11d1
channels: patch memory leaks, load addins from list
2012-11-19 13:26:56 -05:00
Marc-André Moreau
b70bfc1579
libfreerdp-core: make NLA use transport abstraction layer
2012-11-14 21:30:21 -05:00
Marc-André Moreau
f19f3a6024
libfreerdp-crypto: move nla.c to libfreerdp-core
2012-11-14 21:19:17 -05:00