Commit Graph

34 Commits

Author SHA1 Message Date
David Fort
a4bd5ba886 core, channels: client-side remote credential guard
This patch implements the client-side part of the remote credential guard feature
as described in MS-RDPEAR. The 2 main changes are: shipping the TSRemoteGuardaCreds in
NLA, and implement the rdpear channel that allows LSASS to remote all the calls to
our client. For now it's UNIX only as the windows implementation would be implemented
in a completely different way.
To test, you may establish you ccache and then connect with (RCG enabled on the server):
	xfreerdp /remoteGuard /u:<user> /d:<domain> /v<server>

That should log you in, and in the session you should not be asked for credentials when
doing mstsc /remoteGuard /v:<other server>.
2024-09-11 17:15:11 +02:00
akallabeth
bb42d425ed [gcc,clang] add support for attribute(malloc)
Mark all malloc like functions and add their appropriate free function
to let the compiler complain on mismatches
2024-02-02 15:10:40 +01:00
Hugues LEFEBVRE
b67afecf0f CredSSP with early user auth (nla_ext) support 2023-06-26 11:53:46 +02:00
Marc-André Moreau
3a8dce07ea expose last NLA/CredSSP SSPI error code (freerdp_get_nla_sspi_error) 2023-02-24 13:19:19 -05:00
Armin Novak
dd0d130f48 [crypto] make tls.h a private header
no need to uselessly export symbols that are not usable outside the
project
2023-01-14 08:50:26 +01:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00
Marc-André Moreau
1d5c0be5ec Add settings to load a custom SSPI shared library module 2022-06-01 15:16:12 +02:00
akallabeth
c2e882c509
Nla server cleanup && server auth fix (#7743)
* Reduce negotiate logging verbosity

* Remove duplicate pointers from rdpNla

* Fixed server nla auth

* Encapsulated nla_server_recv_credentials
2022-03-25 10:47:05 +01:00
akallabeth
8cc6582044
Unify struct definitions (#7633)
* Unified enum/struct definitions, fixed include issues

* Fixed mac compilation issues

* Added missing include

* Fixed windows server build warnings

* Fixed VS2010 build issue

* Removed unnecessary library linking

* Fixed ThreadPool WinXP compatibility

* Fixed pr review remarks
2022-02-14 14:59:22 +01:00
akallabeth
460fef545d Refactored NLA
* Simplified client/server state machine
* Encapsulated steps in functions
* Added proper debug logging so that state changes are easy to
  follow
2021-06-09 11:03:37 +02:00
Biswapriyo Nath
173ab04b59 Use same data types as calling function prototypes. 2021-05-31 13:38:19 +02:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
67be5258ad Exposing NLA functions to impersonate and revert context. 2019-03-08 10:10:43 +01:00
Armin Novak
82863a8518 Refactored NLA to be self contained. 2018-12-05 10:55:06 +01:00
Martin Fleisz
eb1f693fc4 cssp: Separate client/server version handling (#4502) 2018-03-23 12:12:08 +01:00
Martin Fleisz
8df96364f2 cssp: Add support for protocol version 6 2018-03-20 10:37:38 +01:00
Armin Novak
53d2150e00 Fixed windows unicode authentication. 2018-02-13 11:29:56 +01:00
dodo040
e0a9999fb2 fix: GSS API init, enterprise name management, variable names and format code 2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00
Armin Novak
8b9e3fa51e Fixed use of reserved keywords for include guards. 2017-07-20 09:35:41 +02:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Armin Novak
c7448c03fb Added FREERDP_LOCAL
CMake 2.8 does not support default visibility on windows.
To allow building tests add the FREERDP_LOCAL define for each
function that is internal to FreeRDP.
When build with testing these functions are exported and available
for use by tests.
2016-10-06 13:43:09 +02:00
Marc-André Moreau
801dc0f826 freerdp: add configurable NTLM SAM file option for server-side NLA 2016-07-21 18:58:24 -04:00
Marc-André Moreau
e4714f3422 freerdp: fix Hyper-V connectivity, fix issues #2421 and #3325 2016-05-11 15:52:36 -04:00
Martin Fleisz
1c2d315354 core: Add support for CredSSP version 3 2016-03-18 13:32:13 +01:00
Armin Novak
ada2b16c50 Unified RC4 functions. 2016-02-24 17:04:03 +01:00
Armin Novak
219ca1c02b NLA identity now a pointer, allowing NULL.
When NLA identity is NULL, the current user context
is used on windows.
2015-06-15 15:03:13 +02:00
Marc-André Moreau
9c7b7ab561 libfreerdp-core: make NLA event-driven 2015-02-15 16:04:59 -05:00
Marc-André Moreau
eddfee56a3 libfreerdp-core: prepare client-side NLA for event-driven structure 2015-02-15 14:54:10 -05:00
Marc-André Moreau
ab5fdcc3f1 libfreerdp-core: NLA cleanup 2015-02-15 11:10:14 -05:00
Marc-André Moreau
8a44b2baa6 libfreerdp-core: add spn-class option 2014-02-12 00:43:02 -05:00
Marc-André Moreau
8c8a82c31f libfreerdp-utils: purge old STREAM utils 2013-03-21 16:45:25 -04:00
Marc-André Moreau
b70bfc1579 libfreerdp-core: make NLA use transport abstraction layer 2012-11-14 21:30:21 -05:00
Marc-André Moreau
f19f3a6024 libfreerdp-crypto: move nla.c to libfreerdp-core 2012-11-14 21:19:17 -05:00