mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,234 Commits 6 Branches 74 Tags 84 MiB
ffe8e45aff
Commit Graph

69 Commits

Author SHA1 Message Date
fifthdegree
ffe8e45aff Pass bindings through Negotiate on first call 2022-10-19 18:55:38 +02:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
akallabeth
2f84a4856c Fixed missing-field-initializers warnings 2022-10-11 13:28:30 +02:00
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
David Fort
58a3919435 winpr: add some checks in InitializeSecurityContext and AcceptSecurityContext 
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
 2022-10-10 09:01:04 +02:00
fifthdegree
d6c614b583 Fix bugs and add features in sspi packages 
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
 2022-10-06 21:33:01 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00
Marc-André Moreau
80a1fc6a98 add SetCredentialsAttributes SSPI function 2022-09-30 19:33:12 +02:00
Marc-André Moreau
3224a43ee3 use SecurityFunctionTable version 3 with SetCredentialsAttributes function pointer 2022-09-30 19:33:12 +02:00
Armin Novak
b3f70b047d Fix OId compare 2022-09-13 09:16:55 +02:00
fifthdegree
7901a26a16
Kerberos User 2 User support (#8070) 
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
 2022-08-17 12:25:26 +02:00
fifthdegree
54bbe33123
spnego: add missing check (#8069) 
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
 2022-07-15 08:33:28 +02:00
fifthdegree
dfa231c0a5
spnego: correctly set output buffer size (#8060) 
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
 2022-07-12 10:08:44 +02:00
Armin Novak
36c7c0320b Fixed review comments 2022-07-07 17:31:49 +02:00
fifthdegree
362ae93a64 spnego: some cleanups and fixes 2022-07-07 17:31:49 +02:00
David Fort
8b5df3fa92 spnego: cleanup the guess of the input token 2022-07-07 17:31:49 +02:00
David Fort
b128ec4fba spnego: add various check and fixes 2022-07-07 17:31:49 +02:00
David Fort
6c834eaa15 winpr: adjust negotiate_GetMechByOID function 2022-07-07 17:31:49 +02:00
fifthdegree
2a3c92b4cc spnego: use winpr asn.1 library 2022-07-07 17:31:49 +02:00
akallabeth
39bd78d2fb Fixed missing includes 2022-06-29 18:10:33 +02:00
akallabeth
99cda9249f Fixed uninitialized warnings 2022-06-29 18:10:33 +02:00
akallabeth
684ada9c0e Fixed uninitialized warnings 2022-06-29 18:10:33 +02:00
akallabeth
25c120d25d Fixed type mismatches and memory leaks 2022-06-27 11:21:24 +02:00
akallabeth
bc8b4ade1c reformatted 2022-06-23 08:48:39 +02:00
fifthdegree
8ac977e671 make sure existing ccache credentials are not expired 2022-06-21 10:27:17 +02:00
David Fort
90a2b9a10c Various fixes in negotiate.c 2022-06-21 10:27:17 +02:00
fifthdegree
c51348a33b fixes 2022-06-21 10:27:17 +02:00
fifthdegree
6d3aa52496 set SAM file and hash callback on credential rather than context 2022-06-21 10:27:17 +02:00
fifthdegree
eeece1a027 server-side kerberos (and some fixes) 2022-06-21 10:27:17 +02:00
fifthdegree
8d9f990124 some more tweaks 2022-06-21 10:27:17 +02:00
fifthdegree
a359124339 some small fixes and changes 2022-06-21 10:27:17 +02:00
fifthdegree
1c012b09b8 implement proper SPNEGO negotiation 2022-06-21 10:27:17 +02:00
akallabeth
c2e882c509
Nla server cleanup && server auth fix (#7743) 
* Reduce negotiate logging verbosity

* Remove duplicate pointers from rdpNla

* Fixed server nla auth

* Encapsulated nla_server_recv_credentials
 2022-03-25 10:47:05 +01:00
Armin Novak
6ed50b4b1d Refactored WinPR includes 2022-03-03 11:26:48 +01:00
David Fort
cb351a099d Enable smartcard NLA logon 2022-02-24 08:52:25 +01:00
Armin Novak
8231a7e7a7 Added runtime configuration option for kerberos/NTLM fallback 2022-02-15 13:43:36 +00:00
akallabeth
2d2627deab
Fixed SSPI fallback to NTLM (#7642) 
* Fixed SSPI fallback to NTLM

* Fixed wide/ansi mixup

* WITH_GSS fixes

* Move to WinPR as this is not related to FreeRDP
* Add option WITH_GSS_NO_NTLM_FALLBACK to disable NTLM fallback

* Abort NLA if status is SEC_E_NO_CREDENTIALS

* Properly invalidate sspi::SubContext
 2022-02-15 09:04:17 +01:00
akallabeth
8cc6582044
Unify struct definitions (#7633) 
* Unified enum/struct definitions, fixed include issues

* Fixed mac compilation issues

* Added missing include

* Fixed windows server build warnings

* Fixed VS2010 build issue

* Removed unnecessary library linking

* Fixed ThreadPool WinXP compatibility

* Fixed pr review remarks
 2022-02-14 14:59:22 +01:00
David Fort
02535ea200 winpr: fix a crash when kerberos fails during negociation 2022-01-19 18:03:52 +01:00
Armin Novak
610396e197 Fixed compilation warnings 
Try to get the number of warnings down
 2021-08-02 10:28:06 +02:00
akallabeth
6726772d8d Fixed integer warnings 2021-06-18 09:41:02 +02:00
Armin Novak
7d0e54e5f8 Added log message for not implemented NEGOTIATE functions. 2020-08-10 16:00:16 +02:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Pascal J. Bourguignon
15f2bafeab Cleaned up const char** -> char** for argv, since we definitely do modify the argv! 
(we overwrite the password and pin arguments).
This implies changes in the argument parsing tests that now must pass a mutable argv
(copied from the statically declared test argvs).
Some other const inconsistency have been dealt with too.
 2018-06-06 16:43:09 +02:00
Armin Novak
53d2150e00 Fixed windows unicode authentication. 2018-02-13 11:29:56 +01:00
Armin Novak
29f2d2d9bb Fixed missing packageName setup in server NLA 2018-01-17 09:09:58 +01:00
Armin Novak
c62fde53a4 Fix #4306: 
* Do not reset context when changing package.
* All functions not exported static.
 2018-01-16 10:31:08 +01:00
dodo040
e0a9999fb2 fix: GSS API init, enterprise name management, variable names and format code 2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00