When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.
It also add debug statement for the listing of smartcard keys / certs.
This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
XITouchClass is a define, XITouchClassInfo a struct, that is not
properly detected by CMake check_symbol_exists. Ignore this as all
recently enough versions support touch.
* New defines for 10.8, 10.9, 10.10, 10.11 protocol versions
* New function returning a string representation of the protocol version
* Use 10.11 by default now
It might happen that the username/domain/password strings are set to an
empty string. This means that the null pointer check will pass but the
application will assert in the copy helper function.
This fix simple checks the length of the identity strings and only calls
copy in case the length is greater than 0.
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
input buffer an takes ownership of that buffer
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.
This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
* Fix length checks in parallel driver
The length requested was not checked against the length read from
the port.
* Fixed missing length check in video channel
Data received in video redirection channel was not checked for
proper length.
* Fixed video presentation reference counter
Video channel presentation reference counter was not updated with
Video_Frame_new. A failing H264 decoding step could trigger a reference
decrement and the presentation was freed by accident.
Also clean up the increment and decrement of presentation
* Fixed tsmf ffmpeg context extra data size checks
tsmf_ffmpeg_init_stream did not abort if the video format ExtraDataSize
was not sufficiently large to satisfy expectations.
* Fixed missing input data length check
tsmf_ifman_exchange_capability_request did not check if the input
data stream actually contained the amount of bytes requested to
copy.
* Fixed TSMF tsmf_ffmpeg_set_format length checks
ExtraDataSize of format was not checked for expected minimum length
* Fixed TSMF tsmf_read_format_type length checks
ExtraDataSize of format was not checked for expected minimum
length
* Fixed TSMF tsmf_gstreamer_set_format length checks
ExtraDataSize of format was not checked for expected minimum
length
