mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,277 Commits 6 Branches 74 Tags 84 MiB
843680e543
Commit Graph

376 Commits

Author SHA1 Message Date
fifthdegree
ffe8e45aff Pass bindings through Negotiate on first call 2022-10-19 18:55:38 +02:00
akallabeth
43c5289928 Replaced memset/ZeroMemory with initializer 
* Addes WINPR_ASSERT on many occations
* Replaced memset with array initializer
* Replaced ZeroMemory with array initializer
 2022-10-14 12:11:01 +02:00
akallabeth
b70db86e51 Fixed uninitialized variable warnings 2022-10-14 11:16:23 +02:00
akallabeth
bba18b7af5 Fixed -Waddress warnings 2022-10-13 14:38:06 +02:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
akallabeth
2f84a4856c Fixed missing-field-initializers warnings 2022-10-11 13:28:30 +02:00
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
Martin Fleisz
b45f580055 sspi: Do not call copy on empty strings 
It might happen that the username/domain/password strings are set to an
empty string. This means that the null pointer check will pass but the
application will assert in the copy helper function.

This fix simple checks the length of the identity strings and only calls
copy in case the length is greater than 0.
 2022-10-11 12:15:47 +02:00
David Fort
58a3919435 winpr: add some checks in InitializeSecurityContext and AcceptSecurityContext 
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
 2022-10-10 09:01:04 +02:00
fifthdegree
d6c614b583 Fix bugs and add features in sspi packages 
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
 2022-10-06 21:33:01 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
fddb0dac75 add missing OOM checks 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00
Marc-André Moreau
80a1fc6a98 add SetCredentialsAttributes SSPI function 2022-09-30 19:33:12 +02:00
Marc-André Moreau
ee233eac39 add SetCredentialsAttributes(SECPKG_CRED_ATTR_KDC_URL) in Kerberos SSPI module 2022-09-30 19:33:12 +02:00
Marc-André Moreau
3224a43ee3 use SecurityFunctionTable version 3 with SetCredentialsAttributes function pointer 2022-09-30 19:33:12 +02:00
Marc-André Moreau
c7af6fabe0 add SetCredentialsAttribute to SecurityFunctionTable 2022-09-30 19:33:12 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254) 
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
 2022-09-29 14:55:27 +02:00
Armin Novak
b3f70b047d Fix OId compare 2022-09-13 09:16:55 +02:00
fifthdegree
7901a26a16
Kerberos User 2 User support (#8070) 
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
 2022-08-17 12:25:26 +02:00
fifthdegree
54bbe33123
spnego: add missing check (#8069) 
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
 2022-07-15 08:33:28 +02:00
fifthdegree
dfa231c0a5
spnego: correctly set output buffer size (#8060) 
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
 2022-07-12 10:08:44 +02:00
Armin Novak
36c7c0320b Fixed review comments 2022-07-07 17:31:49 +02:00
fifthdegree
362ae93a64 spnego: some cleanups and fixes 2022-07-07 17:31:49 +02:00
David Fort
8b5df3fa92 spnego: cleanup the guess of the input token 2022-07-07 17:31:49 +02:00
David Fort
b128ec4fba spnego: add various check and fixes 2022-07-07 17:31:49 +02:00
David Fort
6c834eaa15 winpr: adjust negotiate_GetMechByOID function 2022-07-07 17:31:49 +02:00
fifthdegree
2a3c92b4cc spnego: use winpr asn.1 library 2022-07-07 17:31:49 +02:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
akallabeth
5d1d3d6582 Fixed #8022: leaks in kerberos code 2022-06-30 23:00:48 +02:00
akallabeth
39bd78d2fb Fixed missing includes 2022-06-29 18:10:33 +02:00
akallabeth
7c85949f1d Fixed unused variable warnings 2022-06-29 18:10:33 +02:00
akallabeth
99cda9249f Fixed uninitialized warnings 2022-06-29 18:10:33 +02:00
akallabeth
684ada9c0e Fixed uninitialized warnings 2022-06-29 18:10:33 +02:00
akallabeth
25c120d25d Fixed type mismatches and memory leaks 2022-06-27 11:21:24 +02:00
akallabeth
bc8b4ade1c reformatted 2022-06-23 08:48:39 +02:00
fifthdegree
56d10c2d27 kerberos: don't get a tgt ticket for inbound creds 2022-06-21 10:27:17 +02:00
fifthdegree
8ac977e671 make sure existing ccache credentials are not expired 2022-06-21 10:27:17 +02:00
David Fort
a31574d359 kerberos: correctly detect missing credentials even with an empty cache 2022-06-21 10:27:17 +02:00
David Fort
90a2b9a10c Various fixes in negotiate.c 2022-06-21 10:27:17 +02:00
fifthdegree
b5ba6d135c retry on all errors from acquire_creds 2022-06-21 10:27:17 +02:00
fifthdegree
c51348a33b fixes 2022-06-21 10:27:17 +02:00
fifthdegree
e66b99f8dc deprecate old hash callback field 2022-06-21 10:27:17 +02:00
fifthdegree
6d3aa52496 set SAM file and hash callback on credential rather than context 2022-06-21 10:27:17 +02:00
fifthdegree
eeece1a027 server-side kerberos (and some fixes) 2022-06-21 10:27:17 +02:00
fifthdegree
8d9f990124 some more tweaks 2022-06-21 10:27:17 +02:00
fifthdegree
441fa01acb adjust ntlm unit test 2022-06-21 10:27:17 +02:00
fifthdegree
a359124339 some small fixes and changes 2022-06-21 10:27:17 +02:00
fifthdegree
1c012b09b8 implement proper SPNEGO negotiation 2022-06-21 10:27:17 +02:00
akallabeth
f25261e271 Unifiy string append functions 2022-06-17 08:41:46 +02:00