mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
19,721 Commits 6 Branches 74 Tags 84 MiB
fa21806734
Commit Graph

92 Commits

Author SHA1 Message Date
akallabeth
953aa6c436
[winpr,sspi] fix kerberos unused parameter warning 2024-10-01 13:04:35 +02:00
akallabeth
490ca0453b
[winpr,stream] use Stream_BufferAs instead of casting 2024-10-01 10:34:42 +02:00
akallabeth
dbe92795e3
[winpr,kerberos] fix possible NULL argument to strdup 2024-09-14 08:31:01 +02:00
akallabeth
71080e61b0
[warnings] fix a bunch of them 
* fix uninitialized variable warnings
 * modivy ndr_context_* functions to utilize WINPR_ATTR_MALLOC
 * build_krbtgt use winpr_asprintf
 * add proper Stream_Write_UINT64_BE
 2024-09-14 08:24:28 +02:00
David Fort
a4bd5ba886 core, channels: client-side remote credential guard 
This patch implements the client-side part of the remote credential guard feature
as described in MS-RDPEAR. The 2 main changes are: shipping the TSRemoteGuardaCreds in
NLA, and implement the rdpear channel that allows LSASS to remote all the calls to
our client. For now it's UNIX only as the windows implementation would be implemented
in a completely different way.
To test, you may establish you ccache and then connect with (RCG enabled on the server):
	xfreerdp /remoteGuard /u:<user> /d:<domain> /v<server>

That should log you in, and in the session you should not be asked for credentials when
doing mstsc /remoteGuard /v:<other server>.
 2024-09-11 17:15:11 +02:00
akallabeth
7d3b2aebfd
[warnings] silence WINPR_FALLTHROGH 2024-08-30 15:40:03 +02:00
akallabeth
6a3564407e
[warnings] fix clang-tidy issues in winpr 2024-08-29 15:20:39 +02:00
akallabeth
15def36dd6
fix #10448 2024-08-08 08:16:52 +02:00
akallabeth
a69dd9ad36
[sspi,krb] check for empty kdcUrl 2024-06-03 12:28:49 +02:00
akallabeth
1b8221e5bf [warnings] fix various minor warnings 2024-05-08 14:53:39 +02:00
akallabeth
3049181d9b [winpr,sspi] skip IP addresses for kerberos auth 
kerberos requires hostnames to authenticate, if we connect with a IP
address do not try kerberos based authentication
 2024-05-07 10:38:30 +02:00
akallabeth
71e78bedd7 [warnings] fixed sign and const 
* fix various char/BYTE sign warnings
* fix various const warnings
* fix format string size_t
* remove unused CMake variables
 2024-04-18 11:05:58 +02:00
akallabeth
9ced090cea [coverity] 1543043 Dereference null return value 2024-04-12 12:41:42 +02:00
akallabeth
f9d4b75610 [coverity] 1543101 Resource leak 2024-04-12 09:45:09 +02:00
akallabeth
e9e9e42a71 [coverity] 1543211 Resource leak 2024-04-12 09:45:09 +02:00
akallabeth
4a56e2f74c [winpr,kerberos] use profile_abandon 
suggested by @greghudson to just release the profile and not flush
changes back to config file. See #9766
 2024-04-03 15:37:43 +02:00
akallabeth
0e44b2c674 [clang-tidy] clang-analyzer-unix.Malloc 2024-02-15 11:49:16 +01:00
akallabeth
81d2c1f057 [clang-tidy] clang-analyzer-core.NullDereference 2024-02-15 11:49:16 +01:00
akallabeth
f69e1fe697 [clang-tidy] readability-duplicate-include 2024-02-15 11:49:16 +01:00
akallabeth
0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
akallabeth
207def5c56 [clang-tidy] readability-isolate-declaration 2024-02-15 11:49:16 +01:00
akallabeth
8b9c8732f3 [warnings] fix void pointer used in arithmetic 2024-02-12 10:23:27 +01:00
Armin Novak
5298580bbd [winpr,sspi] properly log all kerberos calls 
to ease debugging log each failure of a kerberos related function along
with location and function name
 2024-01-15 08:10:30 +01:00
Armin Novak
9575f386cd fixed WCHAR constants, use endian safe definitions 2023-12-20 09:03:58 +01:00
Armin Novak
879e68c02b [warnings] fixed -Wincompatible-pointer-types 2023-12-13 13:24:22 +01:00
akallabeth
c5cd40f1bc [winpr,sspi] add some missing krb5 return checks 2023-10-24 12:16:38 +02:00
akallabeth
afc9ddd15f [winpr,sspi] uppdercase on copy of string 2023-10-24 12:16:38 +02:00
akallabeth
9cee9b3c08 [c standard] use WINPR_FALLTHROUGH 
use the macro to silence intentional switch fallthrough locations
 2023-08-25 12:56:36 +02:00
Armin Novak
ef5c0e78ab [build] use define WINPR_FALLTHROUGH 
with c17 compatible compilers annotate with [[fallthrough]]
 2023-07-31 23:46:53 +02:00
akallabeth
ab677f8abe [warnings] fix -Wempty-translation-unit 2023-05-24 08:24:32 +02:00
fifthdegree
ba7fdcb5f0 Move alloc_sprintf into the winpr string api 2023-05-23 06:04:55 +02:00
fifthdegree
6abd9165e6 Only accept hostname for kdc-url 
For compatibility with windows
 2023-04-27 16:31:30 +02:00
fifthdegree
9368317a9f Plug some leaks in krb5glue_mit.c 2023-04-27 16:31:30 +02:00
fifthdegree
b1c4cb493f Set KDC URL in a way compatible with Windows 2023-04-27 16:31:30 +02:00
fifthdegree
201b743f20 Set pkinit_kdc_hostname when known 
Since Windows doesn't use id-pkinit-san in its certificates, it is
necessary to manually configure which hosts are valid KDCs. In the case
where a kdcUrl (or hostname) is provided to us, we can do that
configuration ourselves.
 2023-04-27 16:31:30 +02:00
Rubycat
207d886a90 Unique kerberos ccaches for parallel connections. 
The "MEMORY" ccache is shared in a process.
If a client uses it to make parallel connections,
the same ccache may be used for several clients with distinct
credentials.
To prevent such sharing we create a unique, dedicated ccache when
necessary with krb5_cc_new_unique.

We should destroy the ccaches we created, to avoid leaks.

The struct KRB_CREDENTIALS is extended to express the ccache ownership.
 2023-04-07 11:21:12 +02:00
akallabeth
c9e61ff0c5 [cmake] simplify krb5 detection 2023-02-27 11:18:02 +01:00
akallabeth
ee07a13130 [cleanup] fix compiler warnings 2023-01-26 09:30:17 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message 
prefer the log formatter to provide that information.
 2023-01-25 16:26:39 +01:00
akallabeth
92d3e3c64a [winpr] use WINPR_ prefix for conditional includes 2023-01-10 17:38:00 +01:00
fifthdegree
497ada661f Change the logic flow on error to a better style 
Use do-while and break instead of checking return value before every
line
 2022-12-13 14:26:45 +01:00
fifthdegree
e4b82cf0ef [kerberos] Assert expected pointer arguments 2022-12-13 14:26:45 +01:00
fifthdegree
3ffc32176d Support heimdal kerberos implementation 
Add support for heimdal kerberos in addition to mit kerberos
 2022-12-13 14:26:45 +01:00
fifthdegree
6c8e4d668d Don't free empty structures 2022-12-13 14:26:45 +01:00
fifthdegree
1e6c5fc782 Allow setting kdc hostname 
Use user-provided kdc hostname when given
 2022-12-13 14:26:45 +01:00
fifthdegree
ad87144ce5 Rename WITH_GSSAPI to WITH_KRB5 
Change cmake variables to not be gssapi specific
 2022-12-09 12:36:12 +01:00
akallabeth
c7bd8c3df9 [winpr,sspi] fix kerberos resource cleanup 
kerberos cache and keytab were not properly cleaned up for cases where
the credentials were not available in kerberos
 2022-12-09 11:08:11 +01:00
akallabeth
9ca34bc876 [winpr,sspi] fix memory leak in kerberos_InitializeSecurityContextA 2022-12-02 15:08:09 +01:00
akallabeth
b0aef46caf [winpr,krb] fixed kerbeos context handling 2022-12-02 15:08:09 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode 
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
 2022-11-28 10:42:36 +01:00