a4bd5ba886
This patch implements the client-side part of the remote credential guard feature as described in MS-RDPEAR. The 2 main changes are: shipping the TSRemoteGuardaCreds in NLA, and implement the rdpear channel that allows LSASS to remote all the calls to our client. For now it's UNIX only as the windows implementation would be implemented in a completely different way. To test, you may establish you ccache and then connect with (RCG enabled on the server): xfreerdp /remoteGuard /u:<user> /d:<domain> /v<server> That should log you in, and in the session you should not be asked for credentials when doing mstsc /remoteGuard /v:<other server>.
83 lines
2.7 KiB
C
83 lines
2.7 KiB
C
/**
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
|
* Network Level Authentication (NLA)
|
|
*
|
|
* Copyright 2010-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef FREERDP_LIB_CORE_NLA_H
|
|
#define FREERDP_LIB_CORE_NLA_H
|
|
|
|
typedef struct rdp_nla rdpNla;
|
|
|
|
#include <freerdp/api.h>
|
|
#include <freerdp/freerdp.h>
|
|
|
|
#include <winpr/sspi.h>
|
|
#include <winpr/stream.h>
|
|
#include <winpr/crypto.h>
|
|
|
|
#include <freerdp/crypto/ber.h>
|
|
#include <freerdp/crypto/der.h>
|
|
#include <freerdp/crypto/crypto.h>
|
|
|
|
#include "transport.h"
|
|
|
|
typedef enum
|
|
{
|
|
NLA_STATE_INITIAL,
|
|
NLA_STATE_NEGO_TOKEN,
|
|
NLA_STATE_PUB_KEY_AUTH,
|
|
NLA_STATE_EARLY_USER_AUTH,
|
|
NLA_STATE_AUTH_INFO,
|
|
NLA_STATE_POST_NEGO,
|
|
NLA_STATE_FINAL
|
|
} NLA_STATE;
|
|
|
|
FREERDP_LOCAL int nla_authenticate(rdpNla* nla);
|
|
|
|
FREERDP_LOCAL int nla_client_begin(rdpNla* nla);
|
|
FREERDP_LOCAL int nla_recv_pdu(rdpNla* nla, wStream* s);
|
|
|
|
FREERDP_LOCAL SEC_WINNT_AUTH_IDENTITY* nla_get_identity(rdpNla* nla);
|
|
|
|
FREERDP_LOCAL NLA_STATE nla_get_state(rdpNla* nla);
|
|
FREERDP_LOCAL BOOL nla_set_state(rdpNla* nla, NLA_STATE state);
|
|
FREERDP_LOCAL const char* nla_get_state_str(NLA_STATE state);
|
|
|
|
FREERDP_LOCAL DWORD nla_get_error(rdpNla* nla);
|
|
FREERDP_LOCAL UINT32 nla_get_sspi_error(rdpNla* nla);
|
|
|
|
FREERDP_LOCAL BOOL nla_set_service_principal(rdpNla* nla, const char* service,
|
|
const char* hostname);
|
|
|
|
FREERDP_LOCAL BOOL nla_set_sspi_module(rdpNla* nla, const char* sspiModule);
|
|
FREERDP_LOCAL BOOL nla_sspi_module_init(rdpNla* nla);
|
|
|
|
FREERDP_LOCAL BOOL nla_impersonate(rdpNla* nla);
|
|
FREERDP_LOCAL BOOL nla_revert_to_self(rdpNla* nla);
|
|
|
|
FREERDP_LOCAL void nla_free(rdpNla* nla);
|
|
|
|
WINPR_ATTR_MALLOC(nla_free, 1)
|
|
FREERDP_LOCAL rdpNla* nla_new(rdpContext* context, rdpTransport* transport);
|
|
|
|
FREERDP_LOCAL void nla_set_early_user_auth(rdpNla* nla, BOOL earlyUserAuth);
|
|
FREERDP_LOCAL BOOL nla_encrypt(rdpNla* nla, const SecBuffer* inBuffer, SecBuffer* outBuffer);
|
|
FREERDP_LOCAL BOOL nla_decrypt(rdpNla* nla, const SecBuffer* inBuffer, SecBuffer* outBuffer);
|
|
FREERDP_LOCAL SECURITY_STATUS nla_QueryContextAttributes(rdpNla* nla, DWORD ulAttr, PVOID pBuffer);
|
|
|
|
#endif /* FREERDP_LIB_CORE_NLA_H */
|