This patch adds the handling of basic NTLM commands. Because there's some mysterious
4 zero bytes after pickle header in Kerberos packets, not present in NTLM commands, the
patch also had to rework a bit the packet parsing / forging.
The patch also addresses a server-side bug when parsing supplemental creds, if the client
was sending an empty list, we were considering this as an error.
And finally we also implement the parsing of MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL.
This breaks the public API, anyway this was basically unused (as not parsed before) and
the previous API was wrong as what we receive is MSV1_0_REMOTE_SUPPLEMENTAL_CREDENTIAL
not MSV1_0_SUPPLEMENTAL_CREDENTIAL, so I guess the API breakage is ok.
There were various places where Stream_EnsureCapacity was called instead of the
expected Stream_EnsureRemainingCapacity. When the stream position is set to 0 the
2 calls are equivalent, but we had various places where it was not always the case.
* Keep BUILD_TESTING, but only run tests compatible with API (for
packaging)
* Add BUILD_TESTING_INTERNAL for all tests including internal function
tests that modify API to be run on our CI
This patch implements the client-side part of the remote credential guard feature
as described in MS-RDPEAR. The 2 main changes are: shipping the TSRemoteGuardaCreds in
NLA, and implement the rdpear channel that allows LSASS to remote all the calls to
our client. For now it's UNIX only as the windows implementation would be implemented
in a completely different way.
To test, you may establish you ccache and then connect with (RCG enabled on the server):
xfreerdp /remoteGuard /u:<user> /d:<domain> /v<server>
That should log you in, and in the session you should not be asked for credentials when
doing mstsc /remoteGuard /v:<other server>.
