Commit Graph

23 Commits

Author SHA1 Message Date
fifthdegree
b1c4cb493f Set KDC URL in a way compatible with Windows 2023-04-27 16:31:30 +02:00
Martin Fleisz
73911425d4 gateway: Do not encrypt message during RPC NTLM auth
Commit 2de7a4c249 introduced major changes
in the gateway authentication code. One of these changes was to decouple
NTLM specific authentication from the gateway code.

However with these changes, gateway authenciation with the old RPC code
stopped working and returned an authentication error. The problem is
that currently `credssp_auth_encrypt` encrypts the given message along
creating a signature.

The old code prevented encryption of the message by specifying
`SECBUFFER_READONLY` on the message buffer. The native Windows SSPI then
leaves this buffer as-is and gateway authentication works again.

This fix only applies to Windows platforms using the native SSPI API.
Interestingly this works on other platforms using the WinPR SSPI so
there seems to be a difference between the implementations (but that's a
topic for another PR).
2023-04-21 08:15:00 +02:00
akallabeth
1a951a7ebc [core,credssp] simplified name cache 2023-04-06 16:15:45 +02:00
Armin Novak
f4462f69e1 [core,credssp] fix logging with unicode
convert argument to proper type before logging
2023-04-05 11:40:22 +02:00
Marc-André Moreau
3a8dce07ea expose last NLA/CredSSP SSPI error code (freerdp_get_nla_sspi_error) 2023-02-24 13:19:19 -05:00
akallabeth
aeef6045b7 [core,credssp] initialize stack variables 2023-01-27 10:07:01 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Armin Novak
a8d3693b27 [core,credssp] fix conversion from unicode
there was a mixup in the conversion and WCHAR was treated as utf8.
2022-12-15 14:57:29 +01:00
akallabeth
4033698266 [core,credssp] Add additional checks
* Better state checks
* Improved log messages
* Assertions for debug builds
2022-12-02 15:08:09 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
2022-11-28 10:42:36 +01:00
Armin Novak
7c5652c15a Fixed -Wmissing-prototypes 2022-11-21 10:12:31 +01:00
Martin Fleisz
fbbcd9b8ef nla: Fix unicode issues with gateway code
Gateway code was passing a char string as the package name to
`credssp_auth_init`. When using Unicode builds this fails since
`QuerySecurityPackageInfo` expects a wchar string.

Additionally with unicode builds, `credssp_auth_pkg_name` causes string
type mismatches in the gateway code where a char string is expected.
2022-11-03 15:01:39 +01:00
akallabeth
43c5289928 Replaced memset/ZeroMemory with initializer
* Addes WINPR_ASSERT on many occations
* Replaced memset with array initializer
* Replaced ZeroMemory with array initializer
2022-10-14 12:11:01 +02:00
Marc-André Moreau
47aaaf4693 Fix CredSSP extended credential attributes on Windows (SECPKG_CRED_ATTR_KDC_URL) 2022-10-13 16:49:01 +02:00
David Fort
8d3069e879 fix leak of NegoToken 2022-10-13 12:03:58 +02:00
Marc-André Moreau
21740743f7 Fix CredSSP with Windows Kerberos SSPI module 2022-10-13 09:48:13 +02:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
David Fort
cd0a33dbf2 nla: context must be NULL on first call to AcceptSecurityContext or InitializeSecurityContext 2022-10-10 09:01:04 +02:00
David Fort
467816a7a5 nla: fix unicode and non unicode build 2022-10-10 09:01:04 +02:00
David Fort
f486fb1e92 fixes for NLA under win32 2022-10-10 09:01:04 +02:00
akallabeth
7dde39de9d Fixed ownership of negoToken
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
  input buffer an takes ownership of that buffer
2022-10-09 21:34:26 +02:00
fifthdegree
2a6950f366 Only pass in authData for server creds when needed
If not using one of the winpr server-specific options then pass NULL as
authData for AcquireCredentialsHandle to use default creds (in Windows)
2022-10-06 21:33:01 +02:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00