Commit Graph

248 Commits

Author SHA1 Message Date
Armin Novak
4be62f7047 Fixed OpenSSL 1.1 no legacy compile issues. 2017-04-06 11:25:25 +02:00
Armin Novak
99c45405cb Fixed GetEnvironmentVariable. 2017-03-03 12:43:00 +01:00
Armin Novak
b2c29158be Scanbuild warning, argument checks and leak fixes.
* Added Stream_GetRemainingCapacity to check remaining stream size
  before writes.
* Fixed shadow server memory leak.
* Fixed lots of scanbuild warnings
* Added missing argument checks in many functions
* Added missing static function declarations
2017-03-02 18:13:43 +01:00
Armin Novak
b11de26f98 Fixed GetComputerNameExA return checks. 2017-02-27 11:49:53 +01:00
akallabeth
8a22052b61 Fixed memory leaks. 2017-02-25 08:35:37 +01:00
akallabeth
705c0c1e12 Fixed GetComputerNameExA calls. #3815 2017-02-24 21:58:08 +01:00
Armin Novak
198bc6d9e1 Fixed compiler warnings. 2017-02-16 13:17:49 +01:00
Armin Novak
4f44cdc561 Use INIT_ONCE for SSPI initialisation. #3471 2017-02-13 18:06:27 +01:00
Ilya Shipitsin
102913e808 make cppcheck a bit happier:
[channels/printer/client/printer_cups.c:103]: (error) Resource leak: fp
[server/Mac/mf_event.c:195]: (error) Memory leak: event_queue
[server/shadow/shadow_capture.c:233]: (error) Memory leak: capture
[winpr/libwinpr/sspi/test/TestSchannel.c:440]: (error) Memory leak: lpTokenIn
[winpr/libwinpr/thread/argv.c:198]: (error) Memory leak: lpEscapedChars
[winpr/libwinpr/utils/sam.c:312]: (error) Memory leak: entry
2017-01-25 17:09:25 +05:00
Martin Fleisz
ac090520c3 Fix compilation with OpenSSL 1.1.0 using MSVC 2017-01-09 16:43:28 +01:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Norbert Federa
53bd98883e winpr/crypt api changes and memory leak fixes
- winpr_HMAC_New() now just returnes the opaque WINPR_HMAC_CTX* pointer
  which has to be passed to winpr_HMAC_Init() for (re)initialization
  and since winpr_HMAC_Final() no more frees the context you always have to
  use the new function winpr_HMAC_Free() once winpr_HMAC_New() has succeded

- winpr_Digest_New() now just returns the opaque WINPR_DIGEST_CTX* pointer
  which has to be passed to winpr_Digest_Init() for (re)initialization
  and since winpr_Digest_Final() no more frees the context you always have to
  use the new function winpr_Digest_Free() once winpr_Digest_New() has succeded
2016-11-24 18:27:29 +01:00
Norbert Federa
7befab856c Support for OpenSSL 1.1.0 2016-11-24 17:50:09 +01:00
Martin Fleisz
71765b72e3 Merge pull request #3284 from ondrejholy/endianness
Endianness fixes
2016-08-25 08:17:52 +02:00
Marc-André Moreau
14cb6d33c6 freerdp: make modifications to NLA server-side fixes according to PR comments 2016-07-22 09:06:07 -04:00
Marc-André Moreau
801dc0f826 freerdp: add configurable NTLM SAM file option for server-side NLA 2016-07-21 18:58:24 -04:00
Marc-André Moreau
1ffbd774e9 freerdp: fix sending of TLS alert on NLA failure, add better handling of server-side NLA in shadow server 2016-07-21 17:53:20 -04:00
Norbert Federa
333a1110f5 winpr/sspi/ntlm: fix computer name len calculation
The lpnSize parameter for GetComputerNameEx specifies the total
size of the buffer (in characters).
However, the current code calculated the amount of bytes.
Since only GetComputerNameExA was used and because sizeof(CHAR) == 1
the result was correct but the math was wrong.
Credit goes to @byteboon
2016-06-30 17:15:40 +02:00
Norbert Federa
26ed09a14f winpr/sspi/ntlm: fix GetComputerNameExA parameters
On input, the lpnSize [in, out] parameter for GetComputerNameEx()
specifies the total size of the buffer (in characters).
Several functions in ntlm.c were off by one which caused ntlm to fail
if the netbios hostname's strlen was exactly MAX_COMPUTERNAME_LENGTH.
2016-06-14 12:37:37 +02:00
Norbert Federa
e718fb324b fix race conditions, tests and some invalid return values
Since the current winpr implementation for overlapped operations is
incomplete and buggy, all affected functions will now fail if they are
called with a set FILE_FLAG_OVERLAPPED flag or a non-null pointer to
a OVERLAPPED structure.

winpr/nt:
- use proper one-time initialization on win32
- fix TestNtCreateFile
- fix broken/incomplete _RtlAnsiStringToUnicodeString
- unimplemented functions return appropriate error codes

winpr/pipe:
- improved TestPipeCreateNamedPipe
- rewrite the completely broken TestPipeCreateNamedPipeOverlapped test

rdtk:
- improve test and don't blindly return success

winpr/synch:
- fix race condition in TestSynchTimerQueue

winpr/ssspi:
- fix TestEnumerateSecurityPackages printf output
- fix TestQuerySecurityPackageInfo printf output

winpr/environment:
- fix GetEnvironmentStrings printf output

winpr/comm:
- unimplemented functions return appropriate error codes

winpr/io:
- unimplemented functions return appropriate error codes

winpr/thread:
- implement SwitchToThread() via sched_yield()
2016-06-01 16:26:26 +02:00
Ondrej Holy
0e353cce2e winpr/ntlm: Fix endianness in NTLM authentication
This patch fixes NTLM authentication to work properly on a big endian
machines. Freerdp exited with the following error without recent commits:
[09:50:20:914] [13821:13822] [ERROR][com.freerdp.core.transport] - BIO_read returned an error: error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
[09:50:20:914] [13821:13822] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_CONNECT_TRANSPORT_FAILED [0x2000D]
[09:50:20:914] [13821:13822] [ERROR][com.freerdp.client.x11] - Freerdp connect error exit status 1

https://github.com/FreeRDP/FreeRDP/issues/2520
2016-05-30 13:37:15 +02:00
Ondrej Holy
95a1b53940 winpr/ntlm: Fix endianness in ntlm_av_pair_list
Data in ntlm_av_pair_list are accessed directly, which doesn't work on
big endian machines currently. The recieved data are stored as little
endian. Use conversion macros from endian.h to load and store the data
properly.

https://github.com/FreeRDP/FreeRDP/issues/2520
2016-05-30 13:37:15 +02:00
Marc-André Moreau
915b9a15b1 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	winpr/libwinpr/bcrypt/CMakeLists.txt
2016-05-11 11:05:17 -04:00
Marc-André Moreau
4d629a7999 freerdp: UWP porting 2016-03-29 16:03:15 -04:00
Bernhard Miklautz
9e8c6c99b6 First shot on fixing over linking
If a target is linked against libraries with cmake
(target_link_libraries) and the libraries are not marked as PRIVATE
they are "exported" and in case a other target is linked against this
target it is also linked against *all* (not private) libraries.

Without declaring private libraries PRIVATE a lot of over linking
(linking against unneeded libraries) was done.
2016-03-29 18:14:34 +02:00
Bernhard Miklautz
014f31db35 Merge pull request #3171 from akallabeth/crypto_simplification
Crypto simplification
2016-02-29 17:10:53 +01:00
Armin Novak
68c402ac58 Removed windows module.def files.
All symbols exported from libraries are declared
using *_API defines.
2016-02-29 15:18:47 +01:00
Armin Novak
b429d230cb Refactored crypto *_New functions. 2016-02-29 09:00:02 +01:00
Armin Novak
92c15783dc Updated RC4 API, fixed crashing bug. 2016-02-28 11:19:29 +01:00
Armin Novak
f997421098 Unified hmac functions. 2016-02-24 21:50:08 +01:00
davewheel
a971f9e4bc Handle more NTLM attributes
This patch adds the management of more NTLM attributes.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-20 22:21:05 +01:00
Bernhard Miklautz
d73c4898c1 Add build-config.h
build-config.h should contain configure/compile time settings that are
relevant for projects that use FreeRDP.

For example the compiled in plugin search paths.
2015-11-09 15:54:22 +01:00
Marc-André Moreau
863939fd58 Merge pull request #2919 from realjiangms/fix_allow_empty_password
Sec/NLA: Support passwordless (blank password) login with NLA.
2015-10-13 10:40:28 -04:00
Marc-André Moreau
87780a850d Merge branch 'master' of github.com:FreeRDP/FreeRDP into mbedtls 2015-10-09 15:58:50 -04:00
Marc-André Moreau
4f769866d7 winpr: make clean non-OpenSSL build possible (without schannel, makecert) 2015-10-09 15:57:41 -04:00
zihao.jiang
a7f4685c09 Sec/NLA: Support passwordless (blank password) login with NLA.
It was supported in freerdp 1.0.2 but not supported in lastest master.
We should take empty password if it is explicitly specified with /v option.
If a password is not specified, we could first try SAM file. If the user entry does not exist, prompt for password.
2015-10-10 01:48:41 +08:00
Marc-André Moreau
87c42127c7 libwinpr-sspi: remove OpenSSL dependency in NTLM SSPI module 2015-10-08 16:48:58 -04:00
Marc-André Moreau
7521ecd759 libwinpr-crypto: add basic hashing and HMAC support with OpenSSL/mbedTLS 2015-10-08 13:58:55 -04:00
Marc-André Moreau
ac62d43e0f winpr: isolate OpenSSL 2015-10-06 10:56:24 -04:00
Marc-André Moreau
8a5c55788b libwinpr-sspi: don't warn about non-error security statuses 2015-09-17 11:16:20 -04:00
Armin Novak
48ccf73a36 More SSPI logging. 2015-07-08 17:41:22 +02:00
Armin Novak
7360cb638a Erasing memory on credentials or SecBuffer free. 2015-07-08 17:41:21 +02:00
Bernhard Miklautz
1cee185e3c hardening: check fread and fwrite return values 2015-06-26 20:38:30 +02:00
Armin Novak
e8bfa29bd2 Replaced registry keys with cmake defines. 2015-06-24 14:02:48 +02:00
Armin Novak
fbbc1affd0 ifdef variables used with specific build options. 2015-06-23 16:20:59 +02:00
Bernhard Miklautz
af81a91ea7 windows: fix compilation and warnings 2015-06-22 19:31:25 +02:00
Bernhard Miklautz
06502e6a91 misc: integrate pull request feedback 2015-06-22 19:24:30 +02:00
Bernhard Miklautz
fc6a3cf3c1 sspi/ntlm: integrate pull request comments 2015-06-22 19:23:58 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
David FORT
16d36e3083 A malloc() pass on WinPR
This patch treats remaining non-checked mallocs. And changes to calloc in places
where it makes sense
2015-06-22 19:10:00 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Armin Novak
5dff9c4f9e Removed duplicate function tables, respecting WITH_NATIVE_SSPI 2015-06-17 13:24:11 +02:00
Hardening
1b366816a2 Merge pull request #2608 from oshogbo/master
Add check to protect memcpy(3) from using NULL pointer.
2015-05-29 10:49:42 +02:00
Mariusz Zaborski
80958751e4 Add check to protect memcpy(3) from using NULL pointer.
The ntlm_construct_challenge_target_info function can potentially pass NULL as
argument to the ntlm_av_pair_add function (for example DnsDomainName.Buffer).
This NULL finally lands in the CopyMemory (which is macro to the memcpy(3)
function) which can't handle NULL.
2015-05-25 08:32:48 +02:00
Konrad Witaszczyk
29d3b0bebb QueryContextAttributes shouldn't return an error when a user or a domain
is empty.
2015-05-18 09:42:17 +02:00
Konrad Witaszczyk
95f9e6a641 Pass valid context to CompleteAuthToken function in Negotiate Security Package. 2015-05-15 13:02:40 +02:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
Norbert Federa
25fc866a58 Fix unchecked CreateThread calls and misc fixes 2015-05-05 13:55:48 +02:00
Bernhard Miklautz
850de59b55 winpr: add checks for *alloc
Add missing checks if memory allocation was successful. Also adapt
caller(s) when possible.
2015-04-08 11:34:37 +02:00
Armin Novak
831b74d519 Fixed memory leak. 2014-11-16 17:07:48 +01:00
Armin Novak
9339411c9b Fixed memory leak. 2014-11-16 15:53:39 +01:00
Armin Novak
7756cfb7a4 Fixed memory leaks. 2014-11-16 14:56:08 +01:00
Armin Novak
3d28c9dbf1 Fixed sspi_CopyAuthIdentity, now checking source struct, if it is ANSI encoded. 2014-10-17 11:43:41 +02:00
Marc-André Moreau
c4588fb14f libfreerdp-core: remove dependency on OPENSSL_Applink on Windows 2014-09-19 17:11:56 -04:00
Marc-André Moreau
2a5192b027 Merge branch 'master' of github.com:awakecoding/FreeRDP into egfx
Conflicts:
	client/Windows/wf_cliprdr.h
	client/Windows/wf_event.h
	client/X11/xf_client.c
	client/X11/xf_gdi.c
	libfreerdp/gdi/gdi.c
	server/Mac/mf_input.c
2014-09-17 19:09:56 -04:00
Marc-André Moreau
f0bff7e890 libwinpr-sspi: fix NTLM strict error check 2014-09-17 18:44:59 -04:00
Armin Novak
81a4081279 Decreased logging verbosity. 2014-09-16 09:37:45 +02:00
Armin Novak
6a26e33695 Fixed winpr_HexDump calls in debug mode. 2014-09-09 16:32:22 +02:00
Armin Novak
b22b897389 Reformatted changed files. 2014-09-09 16:32:22 +02:00
Armin Novak
7e3a1b3073 Now using macro to generate module specific log tag. 2014-09-09 16:32:04 +02:00
Armin Novak
28ece6bb46 Replaced stdio logging with WLog 2014-09-09 16:31:46 +02:00
Norbert Federa
cdcdec99bc OpenSSL thread safety
freerdp/winpr had the following issues:
* The non reentrant SSL_library_init() was called concurrently (crash)
* Missing code/api to set the eventually required OpenSSL static and dynamic locking callbacks
* Missing code/api to free the application-global or thread-local OpenSSL data and tables

This commit creates two new winpr functions:

BOOL winpr_InitializeSSL(DWORD flags):

Use the flag WINPR_SSL_INIT_ALREADY_INITIALIZED if you want to tell winpr that
your application has already initialized OpenSSL.
If required use the flag WINPR_SSL_INIT_ENABLE_LOCKING to tell winpr that it
should set the OpenSSL static and dynamic locking callbacks.
Otherwise just call it with the flag WINPR_SSL_INIT_DEFAULT.

The recommended way is that your application calls this function once before
any threads are created. However, in order to support lazy OpenSSL library
initialization winpr_InitializeSSL() can also safely be called multiple times
and concurrently because it uses the new InitOnceExecuteOnce() function to
guarantee that the initialization is only performed successfully once during
the life time of the calling process.

BOOL winpr_CleanupSSL(DWORD flags):

If you create a thread that uses SSL you should call this function before the
thread returns using the flag WINPR_SSL_CLEANUP_THREAD in order to clean up
the thread-local OpenSSL data and tables.
Call the function with the flag WINPR_SSL_CLEANUP_GLOBAL before terminating
your application.

Note: This commit only replaced the current occurences of the
SSL_load_error_strings(); SSL_library_init(); pairs in the freerdp source
with winpr_InitializeSSL(). None of the server or client applications has been
changed according to the recommended usage described above (TBDL).
2014-07-28 21:55:57 +02:00
Armin Novak
ad3255354d Added WITH_LIBRARY_VERSIONING, allowing to build shared libraries without
SOVERSION information. (required by Android)
2014-07-11 11:53:58 +02:00
Bernhard Miklautz
6a49bcfe40 winpr: always build "monolitic"
winpr is now always build as single library.
The build option MONOLITHIC_BUILD doesn't influence this behavior anymore.

The only exception is winpr-makecert-tool which is still build as extra
library.

This obsoletes complex_libraries for winpr.
2014-07-10 11:10:58 +02:00
Marc-André Moreau
948d137426 libwinpr-sspi: add support for passing NTLMv2 hash 2014-06-18 16:02:13 -04:00
Marc-André Moreau
e272bc923e libwinpr-sspi: fix server-side NTLM authentication against NTLMv2 without key exchange 2014-06-18 14:42:35 -04:00
Marc-André Moreau
adbfcf53ea libwinpr-sspi: fix failing test 2014-06-10 18:09:51 -04:00
Marc-André Moreau
1b93dca6c0 libwinpr-sspi: add support for querying user+domain and setting NTLM hash 2014-06-10 16:38:16 -04:00
Marc-André Moreau
723e9a171b libwinpr-sspi: fix server-side NLA 2014-06-10 14:38:17 -04:00
Marc-André Moreau
8a343c3e6d libwinpr-sspi: fix memory leaks 2014-06-10 14:16:02 -04:00
Marc-André Moreau
a27c7d85ed libwinpr-sspi: patch some memory leaks 2014-06-10 08:40:04 -04:00
Marc-André Moreau
0ebc7e2ab4 libwinpr-sspi: add custom API for passing NTLM hashes and credentials dynamically 2014-06-09 15:25:00 -04:00
Marc-André Moreau
ac9b527991 libwinpr-sspi: fix NTLM SPN context helper 2014-06-08 09:14:49 -04:00
Marc-André Moreau
1c0ba4ca9a libwinpr-sspi: add tests for NTLM 2014-06-07 18:28:02 -04:00
Marc-André Moreau
66d2b3ed93 libwinpr-sspi: fix server-side negotiate module 2014-06-07 17:08:07 -04:00
Marc-André Moreau
a37c6bb653 libwinpr-sspi: fix build on Linux 2014-06-07 16:46:32 -04:00
Marc-André Moreau
03cf7933d9 libwinpr-sspi: start implementing and using negotiate sspi module 2014-06-07 16:26:57 -04:00
Marc-André Moreau
576e0c4d1a libwinpr-sspi: fix exporting of SSPI API 2014-06-07 14:43:02 -04:00
Marc-André Moreau
a07f616895 libwinpr-sspi: improve link interface 2014-06-07 10:50:51 -04:00
Marc-André Moreau
1b5a2340d2 libwinpr-sspi: even more code hardening 2014-06-07 00:17:11 -04:00
Marc-André Moreau
220f885774 libwinpr-sspi: code hardening 2014-06-06 17:20:34 -04:00
Marc-André Moreau
940e6fbc15 libwinpr-sspi: make native sspi option dynamic 2014-06-06 15:34:12 -04:00
Marc-André Moreau
907a29d0ba libwinpr-sspi: isolate winpr implementation 2014-06-05 22:54:31 -04:00
Marc-André Moreau
c5a1a8ac27 libwinpr-sspi: fix native sspi build 2014-06-05 22:10:08 -04:00
Marc-André Moreau
a202fe4057 freerdp: fix several type related warnings 2014-05-08 18:02:02 -04:00
Bernhard Miklautz
b817e92e5e cmake: mark required libraries for export 2014-04-23 10:16:02 +02:00
Marc-André Moreau
d64f86d52c wfreerdp: fix 64-bit build 2014-02-10 00:34:17 -05:00
Marc-André Moreau
b5bef07e50 wfreerdp: fix building against OpenSSL with MONOLITHIC_BUILD and shared libraries 2014-02-01 19:53:45 -05:00
Marc-André Moreau
9bdfbcd556 wfreerdp: fix test build issues 2014-02-01 12:50:28 -05:00
Marc-André Moreau
21a259927a libwinpr-sspi: fix encoding of server-side NTLM challenge message 2014-01-24 13:02:45 -05:00