These routines:
NCryptOpenStorageProvider()
winpr_NCryptOpenStorageProviderEx
would segfault with PKCS11 support enabled, if the user did not supply
a service provider name ("CSP"); they assumed the parameter
pszProviderName would always be non-NULL, but it's NULL in that case.
Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:
* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.
It also add debug statement for the listing of smartcard keys / certs.
This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
It might happen that the username/domain/password strings are set to an
empty string. This means that the null pointer check will pass but the
application will assert in the copy helper function.
This fix simple checks the length of the identity strings and only calls
copy in case the length is greater than 0.
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
* Fixed format strings to match arguments
Reviewed and replaced all %d specifiers to match proper type
* Added proxy dynamic channel command type to log messages.
* Fix build with mingw
4a71cab2e7 broke wf_events.c.
The drive channel was not building because of missing definitions.
* winpr: make functions return False when not implemented
This patch improves waiting on process handles:
* under linux we take advantage of pidfd if available, when it can be used it
allows to have one or more process in the objects that are WaitForMultipleObject-ed.
* the patch also make the code honor the timeout parameter during a WaitForSingleObject and
possibly run completion when WaitForSingleObjectEx is executed with alertable set to true
* Fixed TestUri unit test
* Make proper unit test out of the test function
* Add proper test cases
* Replace FindFirstFileA with FindFirstFileW for addins
This allows addin paths to contain unicode symbols.
* Fixed parse_uri_to_local_file definition
* Move to common clipboard.c file
* Move to header file so it can be included in test case
* Added WINPR_LOCAL for test builds
This macro exports internal functions in case of a unit test build
This way unit tests can access these without other workarounds.
* Fixed typo in function name is_dos_driver
* Cleaned up FindFirstFileW call
Use a wrapper function to convert to unicode and call the function
* Cleaned up BUILD_TESTING and EXPORT_ALL_SYMBOLS
* EXPORT_ALL_SYMBOLS now does as the name implies and exports all
non static functions/variables from the library.
* BUILD_TESTING now only sets the defines for test code and
activates EXPORT_ALL_SYMBOLS to allow tests to access internal
code
* Fixed windows client warnings
* disable CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS
This patch adds some checks for the type of object in Event and Thread functions,
this may help to find bugs where a handle with the wrong type is used as argument
of these functions.
URI is specified by RFC 8089: https://datatracker.ietf.org/doc/html/rfc8089
Local files:
o A traditional file URI for a local file with an empty authority.
For example:
* "file:///path/to/file"
o The minimal representation of a local file with no authority field
and an absolute path that begins with a slash "/". For example:
* "file:/path/to/file"
o The minimal representation of a local file in a DOS- or Windows-
based environment with no authority field and an absolute path
that begins with a drive letter. For example:
* "file:c:/path/to/file"
o Regular DOS or Windows file URIs with vertical line characters in
the drive letter construct. For example:
* "file:///c|/path/to/file"
* "file:/c|/path/to/file"
* "file:c|/path/to/file"
* xfreerdp: fix typo in logs
* winpr: file appender, small code cleanup
* shadow-server: add an option for TLS secrets
This allows to dissect connections to the shadow server.
* add support for 64-bit big-endian encoding
* kerberos: drop reliance on gssapi and add user 2 user support
* Fix local variable declared in the middle of the function body
* kerberos: add ccache server option
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
* winpr: add lock operation on HashTables
* drdynvc: change the listeners array for a hashtable and other micro cleanups
* logonInfo: drop warning that is shown at every connection
Let's avoid this log, we can't do anything if at Microsoft they don't respect
their own specs.
* rdpei: fix terminate of rdpei
* drdynvc: implement the channel list with a hashtable by channelId
When using the wClipboard API, the connected peer might not be on the
Windows platform, where further filename restriction exists.
As a result, it is currently not possible to use the wClipboard API,
when intending to allow filenames, containing characters like ':'.
So, add a callback to the wClipboardDelegate, which is set to the
ValidFileNameComponent call by default.
This callback can be overridden by the API user, when it is known, that
there is no need to impose very strict filename restrictions.
This patches adds support for octet string containers that are used by SPNego
(a subfield is contained in an octet string record).
It also adds a performance test to test reallocations in asn1 encoder.
It fixes reallocation problems for both chunks and containers.
With LibreSSL 2.7.0 (or newer versions) some more structs have made
opaque, which requires a few changes:
- BIO_meth_new() and related functions are now defined by LibreSSL, the
versions from opensslcompat.{h,c} does not need to be used anymore.
- HMAC_CTX is now opaque, HMAC_CTX_new(), EVP_MD_CTX_new, and related
functions should be used instead in winpr's hash.c.
_align_XXX functions aren't widely available depending on the C runtime. That causes
problems with mingw where we can easily have some runtime mixes (which lead to mysterious
segfaults most of the time). This patch introduce winpr_aligned_XXX functions that will
either use the function available, or use an emulation layer.
* Added tests for freerdp_[static|dynamic]_collection_* functions
* Added settings unit test for clone functions
* Fix argument for winpr_RAND and winpr_RAND_pseudo
Using void* eliminates all assumptions of which type the buffer is.
This eliminates unnecessary warnings.
* Add better return value checks
* Combine logic blocks in structs
* Add (easier to read) static functions for blocks
* Use condition variables only in combination with BOOL
* Fixed remdesk settings pointer
* Fixed sign warnings in display_write_monitor_layout_pdu
* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context
* Added and updates settings
* info assert/dynamic timezone
* mcs assert/log/flags
* Fixed and added assertions for wStream
* Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
* Cleaned up PER, added parser logging
* Cleaned up BER, added parser logging
* log messages
* Modified Stream_CheckAndLogRequiredLengthEx
* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list
* Improved Stream_CheckAndLogRequiredLength
* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected
* Fixed public API input checks
* Fixed GetFileInformationByHandle initializers
* Fix#7793: Do not expose internal input API
Slow-Path input uses UINT16 for scancodes on wire, but only the
lower byte is actually used. (the extended fields are sent in
keyboardFlags field)
Hide this implementation detail and adjust the API to use UINT8
for the code instead just like the corresponding Fast-Path PDU
* Added a warning for problematic slow path keyCodes
* NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED and NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
* Problem with clients not supporting NTLMSSP_NEGOTIATE_LM_KEY
* Improve logging
There was a bug in smartcard listing that was leading to be unable to open a key
with slotId != 0. When any error or skipped item was happening during listing
the code was crashing.