Since Windows doesn't use id-pkinit-san in its certificates, it is
necessary to manually configure which hosts are valid KDCs. In the case
where a kdcUrl (or hostname) is provided to us, we can do that
configuration ourselves.
* move type definition to WinPR as used there too.
* supported keyboard types are defined in
[MS-RDPBCGR] 2.2.1.3.2 Client Core Data (TS_UD_CS_CORE)]
use a enum instead of magic numbers to make code more readable.
WinPR provides APIs to convert between keycodes between virtual
keycodes.
These keycodes can currently be evdev keycodes or Apple keycodes.
The evdev handling, however, handles XKB keycodes and not evdev ones.
The main difference between these is that XKB keycodes are shifted by
the value 8, compared to evdev keycodes.
In order to fix this situation, rename the evdev keycodes to XKB ones,
and introduce additionally a new keycode evdev, including its handling
for this keycode type.
The "MEMORY" ccache is shared in a process.
If a client uses it to make parallel connections,
the same ccache may be used for several clients with distinct
credentials.
To prevent such sharing we create a unique, dedicated ccache when
necessary with krb5_cc_new_unique.
We should destroy the ccaches we created, to avoid leaks.
The struct KRB_CREDENTIALS is extended to express the ccache ownership.
When WaitForMultipleObjectsEx is called with the alertable flag set from a non
WinPR thread, we shall not try to treat APC, as for sure there is no APC scheduled,
as previous call that would have scheduled such APC would have failed.
* Split length argument to nmemb and size for all Stream_CheckAndLogRequiredLength* functions
* Add new macros to allow setting nmemb and size arguments
__LINE__ is not particularily well defined (most fall back to int).
We want to ensure that all the uses in a format string match the format
specifier, so do an explicit cast
Add functions (and macros) to provide a method to check the remaining
capacity of a stream and log failures
* Stream_CheckAndLogRequiredCapacityWLog
* Stream_CheckAndLogRequiredCapacityWLogEx
* Stream_CheckAndLogRequiredCapacityWLogExVa
sspi_GetAuthIdentityVersion and sspi_GetAuthIdentityFlags do not
modify, make arguments const
Same is true for sspi_GetAuthIdentityUserDomainW,
sspi_GetAuthIdentityUserDomainA, sspi_GetAuthIdentityPasswordA and
sspi_GetAuthIdentityPasswordW
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
* Stream_Write_UTF16_String_From_UTF8 writes a UTF-8 string to a
stream in UTF-16 encoding
* Stream_Read_UTF16_String_To_UTF8 reads a UTF-16 encoded string
from the stream and returns it in UTF-8 encoding
* Added functions converting WCHAR to/from UTF-8 with given buffers
and proper size_t arguments to have a centralized check for
integer overflows on RDP deserialization
* Added allocating functions converting WCHAR to/from UTF-8 as
convenience
* Split JNI_OnLoad and JNI_OnUnload to own module to be usable from more
than only timezone
* Explicitly call System.loadLibrary('winpr') (and other FreeRDP
libraries) in android client as JNI_OnLoad is only triggered by that
and not implicit loading
These routines:
NCryptOpenStorageProvider()
winpr_NCryptOpenStorageProviderEx
would segfault with PKCS11 support enabled, if the user did not supply
a service provider name ("CSP"); they assumed the parameter
pszProviderName would always be non-NULL, but it's NULL in that case.
Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:
* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.
It also add debug statement for the listing of smartcard keys / certs.
This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
It might happen that the username/domain/password strings are set to an
empty string. This means that the null pointer check will pass but the
application will assert in the copy helper function.
This fix simple checks the length of the identity strings and only calls
copy in case the length is greater than 0.
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
* Fixed format strings to match arguments
Reviewed and replaced all %d specifiers to match proper type
* Added proxy dynamic channel command type to log messages.
* Fix build with mingw
4a71cab2e7 broke wf_events.c.
The drive channel was not building because of missing definitions.
* winpr: make functions return False when not implemented
This patch improves waiting on process handles:
* under linux we take advantage of pidfd if available, when it can be used it
allows to have one or more process in the objects that are WaitForMultipleObject-ed.
* the patch also make the code honor the timeout parameter during a WaitForSingleObject and
possibly run completion when WaitForSingleObjectEx is executed with alertable set to true
* Fixed TestUri unit test
* Make proper unit test out of the test function
* Add proper test cases
* Replace FindFirstFileA with FindFirstFileW for addins
This allows addin paths to contain unicode symbols.
* Fixed parse_uri_to_local_file definition
* Move to common clipboard.c file
* Move to header file so it can be included in test case
* Added WINPR_LOCAL for test builds
This macro exports internal functions in case of a unit test build
This way unit tests can access these without other workarounds.
* Fixed typo in function name is_dos_driver
* Cleaned up FindFirstFileW call
Use a wrapper function to convert to unicode and call the function
* Cleaned up BUILD_TESTING and EXPORT_ALL_SYMBOLS
* EXPORT_ALL_SYMBOLS now does as the name implies and exports all
non static functions/variables from the library.
* BUILD_TESTING now only sets the defines for test code and
activates EXPORT_ALL_SYMBOLS to allow tests to access internal
code
* Fixed windows client warnings
* disable CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS
This patch adds some checks for the type of object in Event and Thread functions,
this may help to find bugs where a handle with the wrong type is used as argument
of these functions.
Allow (git) tags of format 'some-important-text_v1.2.3-something_else'
Any character is now allowed, as long as there is a version of format
1.2.3 somewhere in the tag name.
URI is specified by RFC 8089: https://datatracker.ietf.org/doc/html/rfc8089
Local files:
o A traditional file URI for a local file with an empty authority.
For example:
* "file:///path/to/file"
o The minimal representation of a local file with no authority field
and an absolute path that begins with a slash "/". For example:
* "file:/path/to/file"
o The minimal representation of a local file in a DOS- or Windows-
based environment with no authority field and an absolute path
that begins with a drive letter. For example:
* "file:c:/path/to/file"
o Regular DOS or Windows file URIs with vertical line characters in
the drive letter construct. For example:
* "file:///c|/path/to/file"
* "file:/c|/path/to/file"
* "file:c|/path/to/file"
Some implementations (e.g. Android with API < 33) provide the
execinfo.h header file, but do not define the backtrace functions
expected. Disable the support for execinfo backtrace in such a case
