Armin Novak
99f6c27488
Fixed uninitialized arguments.
2017-11-15 15:56:25 +01:00
David Fort
7bbc3cb8b7
Fix logic in nla_read_ts_credentials
2017-11-13 16:20:57 +01:00
dodo040
b81f168f0e
initial commit for kerberos support
2017-11-13 16:20:55 +01:00
Armin Novak
b86c0ba548
Fixed NLA default error to FREERDP_ERROR_AUTHENTICATION_FAILED
2017-11-08 11:32:34 +01:00
Armin Novak
7a73a0eb1b
Added additional NLA error mappings.
2017-11-06 09:49:03 +01:00
Armin Novak
367bddd7ad
Added better error mapping for NEGO results.
2017-10-25 09:58:13 +02:00
Armin Novak
bdae339268
Check and invalidate handles on free.
2017-09-19 12:36:13 +02:00
Armin Novak
11fa9f6753
Free credentials on exit.
2017-07-28 08:39:49 +02:00
Armin Novak
b0411d4faa
Unexported internal NLA functions.
2017-07-28 08:38:07 +02:00
Armin Novak
ceda244165
Fixed uninitialized values and leaks.
2017-07-28 08:35:31 +02:00
Armin Novak
0490aeb018
Fixed clang malloc integer overflow warnings.
2017-07-20 09:29:48 +02:00
davewheel
4bfb4dddbf
Add a callback to provide NTLM hashes on server-side
...
Adds a callback that allows servers to compute NTLM hashes by themselves. The typical
use of this callback is to provide a function that gives precomputed hash values.
Sponsored by: Wheel Systems (http://www.wheelsystems.com )
2017-05-18 14:24:24 +02:00
Armin Novak
88b6ff00d9
Fixed argument checks, formatting.
2017-03-03 14:11:28 +01:00
Armin Novak
b2c29158be
Scanbuild warning, argument checks and leak fixes.
...
* Added Stream_GetRemainingCapacity to check remaining stream size
before writes.
* Fixed shadow server memory leak.
* Fixed lots of scanbuild warnings
* Added missing argument checks in many functions
* Added missing static function declarations
2017-03-02 18:13:43 +01:00
Norbert Federa
f71b6b46e8
fix string format specifiers
...
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Marc-André Moreau
14cb6d33c6
freerdp: make modifications to NLA server-side fixes according to PR comments
2016-07-22 09:06:07 -04:00
Marc-André Moreau
801dc0f826
freerdp: add configurable NTLM SAM file option for server-side NLA
2016-07-21 18:58:24 -04:00
byteboon
158be3a9f0
fixed kerberos authentication
...
Details: cbSecurityTrailer was assumed to be a fixed length for all signatures, however for Kerberos authentication the signature may generate smaller than this value
2016-05-16 09:53:38 -07:00
Armin Novak
eacf2b542e
Fixed memory leaks.
2016-05-12 10:01:30 +02:00
Martin Fleisz
5d956ebbb1
core: correctly set last error on credssp errors
2016-03-21 16:58:09 +01:00
Martin Fleisz
34a7c1860d
core: Propagate credssp error code by setting last error
2016-03-21 10:23:18 +01:00
Martin Fleisz
1c2d315354
core: Add support for CredSSP version 3
2016-03-18 13:32:13 +01:00
Bernhard Miklautz
d73c4898c1
Add build-config.h
...
build-config.h should contain configure/compile time settings that are
relevant for projects that use FreeRDP.
For example the compiled in plugin search paths.
2015-11-09 15:54:22 +01:00
zihao.jiang
a7f4685c09
Sec/NLA: Support passwordless (blank password) login with NLA.
...
It was supported in freerdp 1.0.2 but not supported in lastest master.
We should take empty password if it is explicitly specified with /v option.
If a password is not specified, we could first try SAM file. If the user entry does not exist, prompt for password.
2015-10-10 01:48:41 +08:00
Armin Novak
18cea1c9ba
Replaced cbMaxSignature with cbSecurityTrailer
...
The token buffer size during authentication was constructed
from the wrong buffer size. These sizes are equal in case of
local account logins but differ with domain accounts.
2015-07-09 10:09:18 +02:00
Armin Novak
ecf6ffdcce
Fixed CompleteAuthToken return check.
2015-07-09 09:57:45 +02:00
Armin Novak
2fe5ecfc1b
Fixed wrong output in log messages.
2015-07-08 17:41:23 +02:00
Martin Fleisz
9a2d33af12
Fixed missing encrypt / decrypt success check.
...
The return of EncryptMessage and DecryptMessage was unchecked.
This lead to PLAINTEXT to be sent over the wire, a major security
issue.
2015-07-08 17:41:23 +02:00
Armin Novak
5b0ee9b7ab
Error checks and readable log messages.
2015-07-08 17:41:22 +02:00
Martin Fleisz
3b87cc0c07
Fixed server and client NLA state machine.
...
When using NULL credentials (current context)
the server state machine did not send back the
required authentication token.
On client side erroneous checks prevented sending
the appropriate public key.
2015-07-08 17:41:21 +02:00
Armin Novak
3a9db563fd
NLA: Fixed length check.
2015-07-01 16:05:11 +02:00
Armin Novak
8479c824fd
Fixed handling of optional TSPasswordCreds field.
2015-07-01 15:30:38 +02:00
Armin Novak
6c0e1af4af
NLA decrypt credentials fixed.
2015-07-01 14:31:55 +02:00
Norbert Federa
20878e50fe
Merge pull request #2724 from bmiklautz/leak_fix
...
Fix leaks in certificate and identity handling
2015-06-26 15:30:00 +02:00
Bernhard Miklautz
77ef5a80de
nla: clear identity memory before releasing
2015-06-26 15:12:33 +02:00
Armin Novak
e8bfa29bd2
Replaced registry keys with cmake defines.
2015-06-24 14:02:48 +02:00
Bernhard Miklautz
2e87d0ee52
Fix leaks in certificate and identity handling
2015-06-23 15:40:37 +02:00
Armin Novak
212db120e0
Fixed NULL pointer dereference.
2015-06-23 12:07:38 +02:00
Bernhard Miklautz
09445c2b0e
nla and cmdline: integrated feedback
...
* fix possible problems with 0 size lengths
* add return value checks
2015-06-23 10:14:11 +02:00
Bernhard Miklautz
06502e6a91
misc: integrate pull request feedback
2015-06-22 19:24:30 +02:00
David FORT
7c3f8f33ab
Fixes for malloc / calloc + other fixes
...
This patch contains:
* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
bf73f4e4f1
Fix unchecked strdups
...
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Marc-André Moreau
3b3ffce042
Merge pull request #2705 from akallabeth/sspi_fix_v2
...
Sspi fix v2 - Fixes static build
2015-06-22 10:19:22 -04:00
Marc-André Moreau
1e39d7728c
Merge pull request #2702 from akallabeth/nla_null_identity_support
...
NLA Use current users credentials if none provided.
2015-06-22 08:53:05 -04:00
Armin Novak
3c329aa207
Using InitSecurityInterfaceEx(0) now.
2015-06-17 13:23:44 +02:00
Armin Novak
34253f2664
Let SSPI module choose which implementation to use.
2015-06-15 15:21:21 +02:00
Armin Novak
219ca1c02b
NLA identity now a pointer, allowing NULL.
...
When NLA identity is NULL, the current user context
is used on windows.
2015-06-15 15:03:13 +02:00
Martin Haimberger
951a2d2210
stream: check stream_new in winpr and libfreerdp
...
also fixed a few things
2015-05-29 04:46:50 -07:00
Norbert Federa
1eff1a345e
free can handle NULL perfectly fine
2015-05-11 09:07:39 +02:00
Bernhard Miklautz
850de59b55
winpr: add checks for *alloc
...
Add missing checks if memory allocation was successful. Also adapt
caller(s) when possible.
2015-04-08 11:34:37 +02:00
Martin Fleisz
8d783bd2f0
Fix server side NLA
2015-03-23 08:33:14 +01:00
Marc-André Moreau
0e57706de5
libfreerdp-core: cleanup connect error codes, fix Win32 NLA
2015-02-17 21:01:27 -05:00
Marc-André Moreau
9c7b7ab561
libfreerdp-core: make NLA event-driven
2015-02-15 16:04:59 -05:00
Marc-André Moreau
eddfee56a3
libfreerdp-core: prepare client-side NLA for event-driven structure
2015-02-15 14:54:10 -05:00
Marc-André Moreau
ab5fdcc3f1
libfreerdp-core: NLA cleanup
2015-02-15 11:10:14 -05:00
Marc-André Moreau
889ccefe0d
libfreerdp-core: remove TlsIn/TlsOut from rdpTransport
2015-02-12 16:22:25 -05:00
Marc-André Moreau
70fab69347
libfreerdp-core: gateway connection refactoring
2015-02-11 14:27:29 -05:00
Marc-André Moreau
aa8b843250
libfreerdp-core: move stuff down from transport to tsg layer
2015-02-11 11:57:02 -05:00
Marc-André Moreau
e0b0c77ecb
libfreerdp-core: improve http parsing
2015-02-02 17:16:32 -05:00
Armin Novak
2f519d7f16
Replaced logging in libfreerdp with wlog defines.
2014-09-15 08:48:46 +02:00
Armin Novak
6762d73ae1
Fixed winpr_HexDump calls.
2014-09-09 16:33:05 +02:00
Armin Novak
b22b897389
Reformatted changed files.
2014-09-09 16:32:22 +02:00
Armin Novak
f8eae11bf3
Fixed calling of dump functions, updated API
2014-09-09 16:31:46 +02:00
Armin Novak
bcb5f90ee6
Replaced perror with DEBUG_WARN
2014-08-11 09:19:23 +02:00
Armin Novak
b897c6a433
Replaced fprintf(stderr with DEBUG_WARN
2014-08-07 22:20:35 +02:00
Armin Novak
f4c133eaf8
Replaced custom logging mechanism with WLog wrapper.
2014-08-07 16:51:24 +02:00
Bernhard Miklautz
bdad9524dc
refactor transport_read_pdu and check_fds
...
transport_check_fds and transport_read_pdu had almost the same
functionality: reading and validating one pdu at a time.
Now transport_read_pdu reads one pdu from the transport layer and verifies
that the pdu data is valid - as before.
transport_read_pdu also ensures that the stream is sealed and
rewound when the pdu is received completely.
transport_check_fds just uses transport_read_pdu and does *not* do
the verification a second time based on the stream.
Besides the clean up this fixes the following problems:
* transport_read always read 4 bytes. Fast-path input synchronize pdus
are only 3 bytes long. In this case on byte got lost in the stream
buffer which lead to "de-synchronization" of server and
client.
* Size check in tpdu_read_connection_confirm - already read bytes
weren't taken into account.
2014-07-24 16:34:59 +02:00
Bernhard Miklautz
47dd22ba87
transport refactor
...
rename transport_read to transport_read_pdu. This name is more
descriptive what the function actually does.
2014-07-24 16:34:59 +02:00
Marc-André Moreau
723e9a171b
libwinpr-sspi: fix server-side NLA
2014-06-10 14:38:17 -04:00
Marc-André Moreau
03cf7933d9
libwinpr-sspi: start implementing and using negotiate sspi module
2014-06-07 16:26:57 -04:00
Marc-André Moreau
a07f616895
libwinpr-sspi: improve link interface
2014-06-07 10:50:51 -04:00
Marc-André Moreau
220f885774
libwinpr-sspi: code hardening
2014-06-06 17:20:34 -04:00
Marc-André Moreau
940e6fbc15
libwinpr-sspi: make native sspi option dynamic
2014-06-06 15:34:12 -04:00
Hardening
2edd8bee12
Misc fixes to check OOM
2014-04-10 21:10:19 +02:00
Benoît LeBlanc
3e1dfc6311
updated context error messages. utility macros for getting error code CLASS/TYPE
2014-03-21 13:45:43 -04:00
Benoît LeBlanc
d1b9565f51
Added context-specific error management.
...
Added error codes to replace connectErrorCode.
2014-03-20 18:19:54 -04:00
Marc-André Moreau
87be2e0f80
freerdp: add option to disable credentials delegation
2014-02-14 00:43:31 -05:00
Marc-André Moreau
8a44b2baa6
libfreerdp-core: add spn-class option
2014-02-12 00:43:02 -05:00
Marc-André Moreau
cdcd290c44
wfreerdp: fix most build warnings
2014-02-10 22:12:13 -05:00
Marc-André Moreau
5e4f77b05f
Merge branch 'master' of github.com:mrthebunny/FreeRDP
2013-12-18 21:52:41 -05:00
Marc-André Moreau
51ad85e0ee
libfreerdp-core: send Access Denied TLS alert when server-side NLA fails
2013-12-18 19:44:18 -05:00
Benoît LeBlanc
3adff0ec60
- added CANCELEDBYUSER error code.
...
- AUTHENTICATIONERROR error code correclty set on gateway authentication (http error 401)
- Better error handling on connection errors and user cancelation
2013-12-13 10:11:36 -05:00
Marc-André Moreau
b8a1f7d6c0
freerdp: implement restricted admin mode pass-the-hash option
2013-11-06 10:02:58 -05:00
Marc-André Moreau
a3d0e271b5
freerdp: add restricted admin option
2013-11-06 01:51:55 -05:00
Marc-André Moreau
938d423ec9
freerdp: fix build on Windows
2013-10-30 17:56:44 -04:00
Marc-André Moreau
8c4b1361d1
libfreerdp-core: merge with TSG TLS update
2013-10-28 20:20:18 -04:00
Dan Bungert
66ecabb647
Final cleanups - merge ready.
2013-10-28 16:59:02 -06:00
Dan Bungert
f02daaa2d5
More cleanups - remove LWD and all references.
2013-10-28 15:46:28 -06:00
Dan Bungert
c025042d07
NLA over TLS support
...
Improve credssp transport layer handling, so that it works
with the correct TLS object.
2013-10-28 14:39:10 -06:00
Benoît LeBlanc
801c1fe1d6
- Fixed crash in tls_read (unchecked null pointer)
...
- also check for empty string on username and password to launch authentication callback
2013-10-18 16:23:29 -04:00
Armin Novak
022439aa4c
Fixed coverity issue 1047611
2013-09-05 12:14:32 +02:00
Bernhard Miklautz
0773bb9303
nla: invalidate sec handle after creation
...
If sec pointer isn't invalidated after creation it is not possible
to check if the upper and lower pointers are valid.
This fixes a segfault in the server part if the client disconnects before
the authentication was finished.
2013-07-01 19:24:19 +02:00
Marc-André Moreau
2bd6808432
freerdp: merge with master
2013-06-05 10:31:01 -04:00
Marc-André Moreau
6e0cbdddb1
Merge pull request #1261 from simon-engledew/master
...
Ber Encoding Issue
2013-06-03 16:41:29 -07:00
Vic Lee
fb9606ea77
core/nla: fix non-standard C gramma.
2013-05-23 13:34:34 -07:00
Simon Engledew
bceec08367
Finished merging missing changes from pull request #1257 ( https://github.com/FreeRDP/FreeRDP/pull/1257 - commit 0dc22d5
). Correctly report the length of ts_password_creds.
2013-05-22 14:29:33 +01:00
Simon Engledew
0dc22d5a30
Fixed a range of BER boundary encoding bugs which would occur when any NLA packet hit the 127 character mark. Removed ber#get_content_length as it was not behaving deterministically.
2013-05-21 16:06:00 +01:00
Marc-André Moreau
367ebf32a3
freerdp: make use of stream macros to access members
2013-05-15 12:14:26 -04:00
Marc-André Moreau
fdf3ddcf9e
freerdp: purge deprecated stream utils
2013-05-08 17:48:30 -04:00
Marc-André Moreau
5b92413843
freerdp: purge deprecated stream utils
2013-05-08 16:09:16 -04:00