Commit Graph

68 Commits

Author SHA1 Message Date
akallabeth
cd4d77af86 [settings] add deprecation warnings
direct struct access to rdpSettings now produces warnings if not
explicitly deactiaved by defining FREERDP_SETTINGS_INTERNAL_USE
2023-11-24 14:54:56 +01:00
Martin Fleisz
bb9c32ed72 gateway: Allow authentication using a NULL (current user) identity 2023-07-26 16:35:36 +02:00
Armin Novak
f8e8764ea8 [core,settings] unify identity from settings 2023-04-11 11:37:09 +02:00
akallabeth
34bc5e15f5 [core,gateway] fixed missing/wrong return 2023-02-14 08:43:23 +01:00
Martin Fleisz
1f903f80a5 core: Add possibility to distinguish between auth cancelled and no creds
Currently if the authentication callback returns `FALSE` the utils
function handle this as scenario as no credentials provided (returns
`AUTH_NO_CREDENTIALS)`.

This PR introduces a new `auth_status` called `AUTH_CANCELLED` that is
returned if the authentication callback returns `FALSE`. If the callback
returns `TRUE` and username or password are empty the util function will
continue to return `AUTH_NO_CREDENTIALS`.

THe PR also fixes some incorrect returns in RPC over HTTP gateway code.
2023-02-14 08:43:23 +01:00
Martin Fleisz
fbbcd9b8ef nla: Fix unicode issues with gateway code
Gateway code was passing a char string as the package name to
`credssp_auth_init`. When using Unicode builds this fails since
`QuerySecurityPackageInfo` expects a wchar string.

Additionally with unicode builds, `credssp_auth_pkg_name` causes string
type mismatches in the gateway code where a char string is expected.
2022-11-03 15:01:39 +01:00
akallabeth
7dde39de9d Fixed ownership of negoToken
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
  input buffer an takes ownership of that buffer
2022-10-09 21:34:26 +02:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
Armin Novak
3de6af34ed Removed unused module winhttp 2021-12-23 14:27:12 +01:00
akallabeth
07b789c880
Gateway legacy parser fix (#7362)
* Implemented missing TSG debug functions

* Refactored RPC gateway parser

Utilize wStream instead of custom binary parsing code, add proper
input validation.
Reported by Sunglin from the Knownsec 404 team & 0103 sec team
2021-10-15 11:45:08 +02:00
Armin Novak
50e9d3adf9 Implemented new AuthenticateEx callbacks. 2021-09-04 18:01:30 +02:00
Armin Novak
5fb59a23a9 Fixed lots of compilation warnings and type mismatches 2021-06-16 15:21:56 +02:00
akallabeth
b494a193db Refactored certificate API:
* Proper encapsulation
* known_hosts2 backend extended (storing PEM)
* New backend storing each host certificate in a file
2021-05-11 08:00:18 +02:00
Ondrej Holy
892cbe3261 Fix various memory leaks reported by Coverity
Covscan report contains various memory leak defects which were marked
as important. I have spent some time analyzing them and although they
were marked as important, most of them are in error cases, so probably
nothing serious. Let's fix most of them anyway. The rest are false
positives, or too complicated to fix, or already fixed in master, or
simply I am unsure about them.

Relates: https://github.com/FreeRDP/FreeRDP/issues/6981
2021-04-27 14:25:20 +02:00
Armin Novak
ac4bb3c103 End connection before user callbacks if aborted.
If somewhere in freerdp_connect freerdp_abort_connect was called
the user callbacks Authenticate, GatewayAuthenticate and
Verify[Changed|X509]Certificate[Ex] must not be called.
2020-02-19 16:44:42 +01:00
Armin Novak
7d252cdc8e Added freerdp_set_last_error_ex function
This new function allows better logging of call locations
for errors. Additionally added freerdp_set_error_log macro
to record function, file and line the error was set.

Signed-off-by: Armin Novak <armin.novak@thincast.com>
2020-01-08 17:39:25 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Martin Fleisz
645cd3208f core: Fix handling of PromptForCredentials setting
The prompt for credentials setting was incorrectly used in FreeRDP. If
this setting is set to 1 in a rdp file the client should prompt for
credentials even if it has credentials stored for this connection. If
the setting is set to 0 the client should either use the stored
credentials (if present) or ask for username/password otherwise.
This PR changes the old handling (if PromptForCredentials was set to 0
no credential prompting was done) to the desired behavior.
2019-08-20 16:25:08 +02:00
Armin Novak
3b38479ec5 Added PromptForCredentials setting. 2019-07-15 12:01:30 +02:00
Armin Novak
90d2e42600 Fixed ntlm_authenticate, split return from continue flag. 2018-11-13 11:22:37 +01:00
Armin Novak
847ee233f4 Fixed resource leak in rpc_ntlm_http_request 2018-10-25 12:49:42 +02:00
Armin Novak
88d310ff2c Fixed compiler warnings (casts, ...) 2018-10-18 09:09:30 +02:00
Armin Novak
fc9ff6d2fc Made gateway NTLM self contained. 2018-09-28 12:29:29 +02:00
Armin Novak
f5f155b057 Refactored RpcClient functions 2018-09-27 16:26:46 +02:00
Armin Novak
8a677d6cf2 Refactored rdg channel structs. 2018-09-27 16:05:14 +02:00
Armin Novak
d748adbf14 Refactored gateway ncacn HTTP to be self contained. 2018-09-27 15:19:41 +02:00
Armin Novak
a5fdf9e006 Refactored gateway HTTP to be self contained. 2018-09-27 15:04:41 +02:00
Armin Novak
c3f008c36c Functions static where appropriate. 2018-01-15 13:22:01 +01:00
Armin Novak
4ca6b9bf10 Unified random functions and remaining MD5. 2016-02-24 20:41:01 +01:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Marc-André Moreau
0e57706de5 libfreerdp-core: cleanup connect error codes, fix Win32 NLA 2015-02-17 21:01:27 -05:00
Marc-André Moreau
4ecff39eb6 libfreerdp-core: more tsg in/out channel refactoring 2015-02-12 14:08:38 -05:00
Marc-André Moreau
c92e82b3dc libfreerdp-core: improve TSG virtual connection and channel management 2015-02-12 12:03:15 -05:00
Marc-André Moreau
75cad064f1 libfreerdp-core: refactor tsg virtual connection, in/out channels 2015-02-11 15:26:22 -05:00
Marc-André Moreau
70fab69347 libfreerdp-core: gateway connection refactoring 2015-02-11 14:27:29 -05:00
Marc-André Moreau
f8259f94c5 libfreerdp-core: add event-driven RTS connection code 2015-02-03 20:39:47 -05:00
Marc-André Moreau
1bf0e2ee03 libfreerdp-core: add more IN/OUT gateway channel states 2015-02-03 16:33:45 -05:00
Marc-André Moreau
7b25f9130b libfreerdp-core: improve error handling in ts gateway 2015-02-03 14:44:31 -05:00
Marc-André Moreau
5aea07d401 libfreerdp-core: add better state machine transitions to ts gateway 2015-02-02 18:50:26 -05:00
Marc-André Moreau
e0b0c77ecb libfreerdp-core: improve http parsing 2015-02-02 17:16:32 -05:00
Marc-André Moreau
4239a1d4f4 libfreerdp-core: remove TS Gateway send queue 2015-02-01 20:47:43 -05:00
Marc-André Moreau
f79deaff7b libfreerdp-core: partial OUT channel recycling support 2015-01-13 16:35:34 -05:00
Marc-André Moreau
fc38dcc775 libfreerdp-core: gateway cleanup 2015-01-13 13:50:46 -05:00
Marc-André Moreau
cc2321d359 libfreerdp-core: fix leak and use after free in tsg ListDictionary usage 2014-12-11 17:08:22 -05:00
Marc-André Moreau
d8e10ac04a freerdp: patch leaks reported by valgrind when using TS Gateway 2014-12-11 11:25:34 -05:00
Hardening
dd6d829550 Allow transport_write calls to be non-blocking
This big patch allows to have non-blocking writes. To achieve
this, it slightly changes the way transport is handled. The misc transport
layers are handled with OpenSSL BIOs. In the chain we insert a
bufferedBIO that will bufferize write calls that couldn't be honored.

For an access with Tls security the BIO chain would look like this:
  FreeRdp Code ===> SSL bio ===> buffered BIO ===> socket BIO

The buffered BIO will store bytes that couldn't be send because of
blocking write calls.

This patch also rework TSG so that it would look like this in the
case of SSL security with TSG:
                                         (TSG in)
                              > SSL BIO => buffered BIO ==> socket BIO
                             /
FreeRdp => SSL BIO => TSG BIO
                             \
                              > SSL BIO => buffered BIO ==> socket BIO
                                        (TSG out)

So from the FreeRDP point of view sending something is only BIO_writing
on the frontBio (last BIO on the left).
2014-05-21 17:42:31 +02:00
Hardening
9f1d0201ec Changes for base64
This patch changes the prototype for decode_base64 so that the encode / decode
method are consistant (encode(BYTE *) => char* and decode(char*) => BYTE*).
It also does some improvements with unrolling loops so that end conditions are
tested only at the end.
The patch also adds some unitary tests.
Before the patch base64_decode() made valgrind complain about uninitialized
bits, after valgrind is happy and very quiet.
2014-05-11 22:49:10 +02:00
Zhang Zhaolong
69eee0709d core: fix memory leak in case of error out. 2014-04-26 12:08:30 +08:00