mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cfc37caeb8
FreeRDP/channels/rdpear/common/rdpear_asn1.c
David Fort a4bd5ba886 core, channels: client-side remote credential guard 
This patch implements the client-side part of the remote credential guard feature
as described in MS-RDPEAR. The 2 main changes are: shipping the TSRemoteGuardaCreds in
NLA, and implement the rdpear channel that allows LSASS to remote all the calls to
our client. For now it's UNIX only as the windows implementation would be implemented
in a completely different way.
To test, you may establish you ccache and then connect with (RCG enabled on the server):
	xfreerdp /remoteGuard /u:<user> /d:<domain> /v<server>

That should log you in, and in the session you should not be asked for credentials when
doing mstsc /remoteGuard /v:<other server>.
2024-09-11 17:15:11 +02:00

105 lines
2.5 KiB
C
Raw Blame History

/**
* FreeRDP: A Remote Desktop Protocol Implementation
* ASN1 routines for RDPEAR
*
* Copyright 2024 David Fort <contact@hardening-consulting.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <rdpear-common/rdpear_asn1.h>
#include <winpr/asn1.h>
wStream* rdpear_enc_Checksum(UINT32 cksumtype, krb5_checksum* csum)
{
/**
* Checksum ::= SEQUENCE {
* cksumtype [0] Int32,
* checksum [1] OCTET STRING
* }
*/
wStream* ret = NULL;
WinPrAsn1Encoder* enc = WinPrAsn1Encoder_New(WINPR_ASN1_DER);
if (!enc)
return NULL;
if (!WinPrAsn1EncSeqContainer(enc))
goto out;
if (!WinPrAsn1EncContextualInteger(enc, 0, (WinPrAsn1_INTEGER)cksumtype))
goto out;
WinPrAsn1_OctetString octets;
octets.data = (BYTE*)csum->contents;
octets.len = csum->length;
if (!WinPrAsn1EncContextualOctetString(enc, 1, &octets) || !WinPrAsn1EncEndContainer(enc))
goto out;
ret = Stream_New(NULL, 1024);
if (!ret)
goto out;
if (!WinPrAsn1EncToStream(enc, ret))
{
Stream_Free(ret, TRUE);
ret = NULL;
goto out;
}
out:
WinPrAsn1Encoder_Free(&enc);
return ret;
}
wStream* rdpear_enc_EncryptedData(UINT32 encType, krb5_data* payload)
{
/**
* EncryptedData ::= SEQUENCE {
* etype [0] Int32 -- EncryptionType --,
* kvno [1] UInt32 OPTIONAL,
* cipher [2] OCTET STRING -- ciphertext
* }
*/
wStream* ret = NULL;
WinPrAsn1Encoder* enc = WinPrAsn1Encoder_New(WINPR_ASN1_DER);
if (!enc)
return NULL;
if (!WinPrAsn1EncSeqContainer(enc))
goto out;
if (!WinPrAsn1EncContextualInteger(enc, 0, (WinPrAsn1_INTEGER)encType))
goto out;
WinPrAsn1_OctetString octets;
octets.data = (BYTE*)payload->data;
octets.len = payload->length;
if (!WinPrAsn1EncContextualOctetString(enc, 2, &octets) || !WinPrAsn1EncEndContainer(enc))
goto out;
ret = Stream_New(NULL, 1024);
if (!ret)
goto out;
if (!WinPrAsn1EncToStream(enc, ret))
{
Stream_Free(ret, TRUE);
ret = NULL;
goto out;
}
out:
WinPrAsn1Encoder_Free(&enc);
return ret;
}
Reference in New Issue View Git Blame Copy Permalink