FreeRDP
|
#include <freerdp/config.h>
#include <time.h>
#include <ctype.h>
#include <freerdp/log.h>
#include <freerdp/crypto/tls.h>
#include <freerdp/build-config.h>
#include <freerdp/peer.h>
#include <winpr/crt.h>
#include <winpr/assert.h>
#include <winpr/sam.h>
#include <winpr/sspi.h>
#include <winpr/print.h>
#include <winpr/tchar.h>
#include <winpr/dsparse.h>
#include <winpr/library.h>
#include <winpr/registry.h>
#include <winpr/ncrypt.h>
#include <winpr/cred.h>
#include <winpr/debug.h>
#include "nla.h"
#include "utils.h"
#include "tscredentials.h"
#include <freerdp/utils/smartcardlogon.h>
Macros | |
#define | TAG FREERDP_TAG("core.nla") |
#define | SERVER_KEY "Software\\" FREERDP_VENDOR_STRING "\\" FREERDP_PRODUCT_STRING "\\Server" |
#define | NLA_PKG_NAME NEGO_SSP_NAME |
#define | TERMSRV_SPN_PREFIX "TERMSRV/" |
Functions | |
static BOOL | nla_send (rdpNla *nla) |
static int | nla_server_recv (rdpNla *nla) |
static void | nla_buffer_free (rdpNla *nla) |
static SECURITY_STATUS | nla_encrypt_public_key_echo (rdpNla *nla) |
static SECURITY_STATUS | nla_encrypt_public_key_hash (rdpNla *nla) |
static SECURITY_STATUS | nla_decrypt_public_key_echo (rdpNla *nla) |
static SECURITY_STATUS | nla_decrypt_public_key_hash (rdpNla *nla) |
static SECURITY_STATUS | nla_encrypt_ts_credentials (rdpNla *nla) |
static SECURITY_STATUS | nla_decrypt_ts_credentials (rdpNla *nla) |
static BOOL | nla_read_ts_password_creds (rdpNla *nla, wStream *s) |
static void | nla_identity_free (SEC_WINNT_AUTH_IDENTITY *identity) |
static BOOL | nla_Digest_Update_From_SecBuffer (WINPR_DIGEST_CTX *ctx, const SecBuffer *buffer) |
static BOOL | nla_sec_buffer_alloc (SecBuffer *buffer, size_t size) |
static BOOL | nla_sec_buffer_alloc_from_data (SecBuffer *buffer, const BYTE *data, size_t offset, size_t size) |
static BOOL | nla_sec_buffer_alloc_from_buffer (SecBuffer *buffer, const SecBuffer *data, size_t offset) |
static BOOL | nla_decode_to_buffer (wStream *s, SecBuffer *buffer) |
static BOOL | nla_set_package_name (rdpNla *nla, const TCHAR *name) |
static SECURITY_STATUS | nla_update_package_name (rdpNla *nla) |
static SECURITY_STATUS | nla_query_context_sizes (rdpNla *nla) |
static SECURITY_STATUS | nla_initialize_security_context (rdpNla *nla, BOOL initial, SecBufferDesc *pInputBufferDesc, SecBufferDesc *pOutputBufferDesc) |
static BOOL | nla_complete_auth (rdpNla *nla, PSecBufferDesc pOutputBufferDesc) |
static SECURITY_STATUS | nla_decrypt (rdpNla *nla, SecBuffer *buffer, size_t headerLength) |
static SECURITY_STATUS | nla_encrypt (rdpNla *nla, SecBuffer *buffer, size_t headerLength) |
static size_t | ber_sizeof_sequence_octet_string (size_t length) |
static size_t | ber_write_sequence_octet_string (wStream *stream, BYTE context, const BYTE *value, size_t length) |
static size_t | ber_write_sequence_octet_string_from_secbuffer (wStream *stream, BYTE context, const SecBuffer *buffer) |
static BOOL | nla_adjust_settings_from_smartcard (rdpNla *nla) |
static BOOL | nla_client_setup_identity (rdpNla *nla) |
static const char * | parseInt (const char *v, INT32 *r) |
static BOOL | parseKerberosDeltat (const char *value, INT32 *dest, const char *message) |
static BOOL | nla_setup_kerberos (rdpNla *nla) |
static int | nla_client_init (rdpNla *nla) |
static BOOL | nla_client_send_token (rdpNla *nla, SecBufferDesc *token) |
int | nla_client_begin (rdpNla *nla) |
static int | nla_client_recv_nego_token (rdpNla *nla) |
static int | nla_client_recv_pub_key_auth (rdpNla *nla) |
static int | nla_client_recv (rdpNla *nla) |
static int | nla_client_authenticate (rdpNla *nla) |
static int | nla_server_init (rdpNla *nla) |
static wStream * | nla_server_recv_stream (rdpNla *nla) |
static BOOL | nla_server_recv_credentials (rdpNla *nla) |
static int | nla_server_authenticate (rdpNla *nla) |
int | nla_authenticate (rdpNla *nla) |
static void | ap_integer_increment_le (BYTE *number, size_t size) |
static void | ap_integer_decrement_le (BYTE *number, size_t size) |
static BOOL | nla_read_ts_credentials (rdpNla *nla, SecBuffer *data, size_t offset) |
static BOOL | nla_encode_ts_credentials (rdpNla *nla) |
static size_t | nla_sizeof_nego_token (size_t length) |
static size_t | nla_sizeof_nego_tokens (const SecBuffer *buffer) |
static size_t | nla_sizeof_pub_key_auth (const SecBuffer *buffer) |
static size_t | nla_sizeof_auth_info (const SecBuffer *buffer) |
static size_t | nla_sizeof_client_nonce (const SecBuffer *buffer) |
static size_t | nla_sizeof_ts_request (size_t length) |
static BOOL | nla_client_write_nego_token (wStream *s, const SecBuffer *negoToken) |
static int | nla_decode_ts_request (rdpNla *nla, wStream *s) |
int | nla_recv_pdu (rdpNla *nla, wStream *s) |
LPTSTR | nla_make_spn (const char *ServiceClass, const char *hostname) |
rdpNla * | nla_new (rdpContext *context, rdpTransport *transport) |
void | nla_free (rdpNla *nla) |
SEC_WINNT_AUTH_IDENTITY * | nla_get_identity (rdpNla *nla) |
NLA_STATE | nla_get_state (rdpNla *nla) |
BOOL | nla_set_state (rdpNla *nla, NLA_STATE state) |
BOOL | nla_set_service_principal (rdpNla *nla, LPTSTR principal) |
BOOL | nla_impersonate (rdpNla *nla) |
BOOL | nla_revert_to_self (rdpNla *nla) |
const char * | nla_get_state_str (NLA_STATE state) |
DWORD | nla_get_error (rdpNla *nla) |
Variables | |
static const BYTE | ClientServerHashMagic [] |
static const BYTE | ServerClientHashMagic [] |
static const UINT32 | NonceLength = 32 |
#define NLA_PKG_NAME NEGO_SSP_NAME |
TSRequest ::= SEQUENCE { version [0] INTEGER, negoTokens [1] NegoData OPTIONAL, authInfo [2] OCTET STRING OPTIONAL, pubKeyAuth [3] OCTET STRING OPTIONAL, errorCode [4] INTEGER OPTIONAL }
NegoData ::= SEQUENCE OF NegoDataItem
NegoDataItem ::= SEQUENCE { negoToken [0] OCTET STRING }
TSCredentials ::= SEQUENCE { credType [0] INTEGER, credentials [1] OCTET STRING }
TSPasswordCreds ::= SEQUENCE { domainName [0] OCTET STRING, userName [1] OCTET STRING, password [2] OCTET STRING }
TSSmartCardCreds ::= SEQUENCE { pin [0] OCTET STRING, cspData [1] TSCspDataDetail, userHint [2] OCTET STRING OPTIONAL, domainHint [3] OCTET STRING OPTIONAL }
TSCspDataDetail ::= SEQUENCE { keySpec [0] INTEGER, cardName [1] OCTET STRING OPTIONAL, readerName [2] OCTET STRING OPTIONAL, containerName [3] OCTET STRING OPTIONAL, cspName [4] OCTET STRING OPTIONAL }
#define SERVER_KEY "Software\\" FREERDP_VENDOR_STRING "\\" FREERDP_PRODUCT_STRING "\\Server" |
#define TAG FREERDP_TAG("core.nla") |
FreeRDP: A Remote Desktop Protocol Implementation Network Level Authentication (NLA)
Copyright 2010-2012 Marc-Andre Moreau marca Copyright 2015 Thincast Technologies GmbH Copyright 2015 DI (FH) Martin Haimberger ndre .more au@g mail. commarti Copyright 2016 Martin Fleisz n.ha imber ger@ thinc ast. commarti Copyright 2017 Dorian Ducournau n.fl eisz@ thin cast. comdoria Copyright 2022 David Fort n.du courn au@g mail. comconta ct@h arden ing- consu ltin g.com
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
#define TERMSRV_SPN_PREFIX "TERMSRV/" |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
int nla_authenticate | ( | rdpNla * | nla | ) |
Authenticate using CredSSP.
credssp |
|
static |
|
static |
int nla_client_begin | ( | rdpNla * | nla | ) |
|
static |
Initialize NTLM/Kerberos SSP authentication module (client).
credssp |
|
static |
|
static |
|
static |
|
static |
|
static |
The user could be found in SAM database. Use entry in SAM database later instead of prompt
Increase password hash length by LB_PASSWORD_MAX_LENGTH to obtain a length exceeding the maximum (LB_PASSWORD_MAX_LENGTH) and use it this for hash identification in WinPR.
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
Encode TSCredentials structure.
credssp |
|
static |
|
static |
|
static |
|
static |
void nla_free | ( | rdpNla * | nla | ) |
Free CredSSP state machine.
credssp |
DWORD nla_get_error | ( | rdpNla * | nla | ) |
SEC_WINNT_AUTH_IDENTITY* nla_get_identity | ( | rdpNla * | nla | ) |
NLA_STATE nla_get_state | ( | rdpNla * | nla | ) |
const char* nla_get_state_str | ( | NLA_STATE | state | ) |
|
static |
BOOL nla_impersonate | ( | rdpNla * | nla | ) |
|
static |
LPTSTR nla_make_spn | ( | const char * | ServiceClass, |
const char * | hostname | ||
) |
rdpNla* nla_new | ( | rdpContext * | context, |
rdpTransport * | transport | ||
) |
Create new CredSSP state machine.
transport |
|
static |
|
static |
|
static |
int nla_recv_pdu | ( | rdpNla * | nla, |
wStream * | s | ||
) |
BOOL nla_revert_to_self | ( | rdpNla * | nla | ) |
|
static |
|
static |
|
static |
|
static |
Send CredSSP message.
credssp |
|
static |
Authenticate with client using CredSSP (server).
credssp |
|
static |
Initialize NTLMSSP authentication module (server).
credssp |
|
static |
|
static |
|
static |
|
static |
BOOL nla_set_service_principal | ( | rdpNla * | nla, |
LPTSTR | principal | ||
) |
BOOL nla_set_state | ( | rdpNla * | nla, |
NLA_STATE | state | ||
) |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |
|
static |