URI is specified by RFC 8089: https://datatracker.ietf.org/doc/html/rfc8089
Local files:
o A traditional file URI for a local file with an empty authority.
For example:
* "file:///path/to/file"
o The minimal representation of a local file with no authority field
and an absolute path that begins with a slash "/". For example:
* "file:/path/to/file"
o The minimal representation of a local file in a DOS- or Windows-
based environment with no authority field and an absolute path
that begins with a drive letter. For example:
* "file:c:/path/to/file"
o Regular DOS or Windows file URIs with vertical line characters in
the drive letter construct. For example:
* "file:///c|/path/to/file"
* "file:/c|/path/to/file"
* "file:c|/path/to/file"
* xfreerdp: fix typo in logs
* winpr: file appender, small code cleanup
* shadow-server: add an option for TLS secrets
This allows to dissect connections to the shadow server.
* add support for 64-bit big-endian encoding
* kerberos: drop reliance on gssapi and add user 2 user support
* Fix local variable declared in the middle of the function body
* kerberos: add ccache server option
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
* winpr: add lock operation on HashTables
* drdynvc: change the listeners array for a hashtable and other micro cleanups
* logonInfo: drop warning that is shown at every connection
Let's avoid this log, we can't do anything if at Microsoft they don't respect
their own specs.
* rdpei: fix terminate of rdpei
* drdynvc: implement the channel list with a hashtable by channelId
When using the wClipboard API, the connected peer might not be on the
Windows platform, where further filename restriction exists.
As a result, it is currently not possible to use the wClipboard API,
when intending to allow filenames, containing characters like ':'.
So, add a callback to the wClipboardDelegate, which is set to the
ValidFileNameComponent call by default.
This callback can be overridden by the API user, when it is known, that
there is no need to impose very strict filename restrictions.
This patches adds support for octet string containers that are used by SPNego
(a subfield is contained in an octet string record).
It also adds a performance test to test reallocations in asn1 encoder.
It fixes reallocation problems for both chunks and containers.
With LibreSSL 2.7.0 (or newer versions) some more structs have made
opaque, which requires a few changes:
- BIO_meth_new() and related functions are now defined by LibreSSL, the
versions from opensslcompat.{h,c} does not need to be used anymore.
- HMAC_CTX is now opaque, HMAC_CTX_new(), EVP_MD_CTX_new, and related
functions should be used instead in winpr's hash.c.
_align_XXX functions aren't widely available depending on the C runtime. That causes
problems with mingw where we can easily have some runtime mixes (which lead to mysterious
segfaults most of the time). This patch introduce winpr_aligned_XXX functions that will
either use the function available, or use an emulation layer.
* Added tests for freerdp_[static|dynamic]_collection_* functions
* Added settings unit test for clone functions
* Fix argument for winpr_RAND and winpr_RAND_pseudo
Using void* eliminates all assumptions of which type the buffer is.
This eliminates unnecessary warnings.
* Add better return value checks
* Combine logic blocks in structs
* Add (easier to read) static functions for blocks
* Use condition variables only in combination with BOOL
* Fixed remdesk settings pointer
* Fixed sign warnings in display_write_monitor_layout_pdu
* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context
* Added and updates settings
* info assert/dynamic timezone
* mcs assert/log/flags
* Fixed and added assertions for wStream
* Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
* Cleaned up PER, added parser logging
* Cleaned up BER, added parser logging
* log messages
* Modified Stream_CheckAndLogRequiredLengthEx
* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list
* Improved Stream_CheckAndLogRequiredLength
* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected
* Fixed public API input checks
* Fixed GetFileInformationByHandle initializers
* Fix#7793: Do not expose internal input API
Slow-Path input uses UINT16 for scancodes on wire, but only the
lower byte is actually used. (the extended fields are sent in
keyboardFlags field)
Hide this implementation detail and adjust the API to use UINT8
for the code instead just like the corresponding Fast-Path PDU
* Added a warning for problematic slow path keyCodes
* NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED and NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED
* Problem with clients not supporting NTLMSSP_NEGOTIATE_LM_KEY
* Improve logging
There was a bug in smartcard listing that was leading to be unable to open a key
with slotId != 0. When any error or skipped item was happening during listing
the code was crashing.
* Fixed SSPI fallback to NTLM
* Fixed wide/ansi mixup
* WITH_GSS fixes
* Move to WinPR as this is not related to FreeRDP
* Add option WITH_GSS_NO_NTLM_FALLBACK to disable NTLM fallback
* Abort NLA if status is SEC_E_NO_CREDENTIALS
* Properly invalidate sspi::SubContext
* Cache Emulate_IsConfigured result
The check is used very often, so this caching reduces necessary
allocations.
* Fix winpr_HexLogDump
Abort function early if the log message is to be discarded due to
the log level being inactive.
* Use common logger for rdpdr message
Co-authored-by: Martin Fleisz <martin.fleisz@thincast.com>
Some WCHAR string constant were wrong (missing \x00 at the end).
The commit also implements the NCRYPT_READER_PROPERTY property in the pkcs11 provider.
Although the official documentation claims that pszScope parameter shall be set to
NULL. In practice setting it to \\.\<reader name>\ allows to filter on the corresponding
reader.
This patch adds the NCryptEnumStorageProviders function.
It also fixes strings bugs with the compiler taking the WCHAR "Micro" string
M\x00i\x00c\x00r\x00o\x00 as
M\x00i\x0c\x00r\x00o\x00, and so generating unexpected behaviours. The solution is
to split string constants when you hit a character that is a valid hex number, so
that the compiler doesn't interpret i\x00c\x00 (ic in WCHARs) as i\x0c\x00 (weird
string).
This implements the emulation for the ncrypt API and more specifically the smartcard
provider so that we can list available keys and certificates using pkcs11-helper.
This partially reverts commit 67f3fff2. The legacy provider is now loaded
from the `winpr_InitializeSSL` function, so it is not needed to load it from
the `winpr_RC4_New` function again.
The `winpr_enable_fips` function is called twice from the `winpr_InitializeSSL`
function after commit 49936a7b. I believe this is a bug, which might lead to
some undesired behavior. Let's call that only once.
With OpenSSL 3.O, FreeRDP log contains errors like:
```
4036740A4C7F0000:error:0308010C:digital envelope routines:
inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346:
Global default library context, Algorithm (MD4 : 85), Properties ()
```
This leads to connection failures in some cases. This is because algorithms
like MD4 are now part of the legacy provider, which is not loaded by
default. Let's explicitly load that provider. With this change, also the
other provides has to be explicitely loaded.
By default use const for the object enqueued.
If a `fnObjectNew` function is set, it is copied anyway.
For the case without cast away the const internally.
* Properly initialize the stream buffer
* Add Stream_StaticConstInit accepting a const buffer
* Modify API to return a pointer to the stream initialized
* Fix temporary settings allocation for command line
Detection of legacy command line requires a temporary settings
struct. This was previously manyally allocated instead of using
freerdp_settings_new and freerdp_settings_free.
* Fixed CommandLineParseCommaSeparatedValuesEx
The name argument was not copied into the returned array.
This function terminates a process if a stream was used incorrectly.
It will work similar to an assert, but it is not possible to compile
without this.
Purpose is to prevent problems with missing length/capacity checks
* Do length/capacity checks in every read/write/seek function
if WINPR_ASSERT is defined.
* Ensure s->pointer is valid, e.g. within s->buffer + s->capacity
(Stream_Rewind, Stream_Seek, ...)
* Add return values to Stream_Set* functions so inalid arguments
can be reported to the caller
* Deprecated problematic stream manipulation functions
(Stream_SetBuffer, Stream_SetPointer, Stream_SetCapacity)
* Ensure length/capacity functions never return a value larger
than the actual length/capacity
* ExitThread no longer NORETURN, this eases handling of threads.
* Fixed a (rare) race condition when starting a thread
* Made global thread_list optional (you lose the exit code from
ExitThread)
Every uri in the x-special/gnome-copied-files mime type is separated by
a '\n' char.
However, not every line ends with '\n'. The last line MUST not include
the new line character.
* winpr/crypto: Exit cleanly when EVP_EncryptInit_ex fails
The `EVP_EncryptInit_ex` function may fail in certain configurations.
Consequently, FreeRDP segfaults in `EVP_CIPHER_CTX_set_key_length`.
Let's handle the `EVP_EncryptInit_ex` failures and exit cleanly in
such case.
* winpr/crypto: Load legacy provider to fix rc4 with OpenSSL 3.0
Currently, the `EVP_EncryptInit_ex` function fails for rc4 with OpenSSL 3.0.
This is becuase rc4 is provided by the legacy provider which is not loaded
by default. Let's explicitly load the legacy provider to make FreeRDP work
with OpenSSL 3.0.
Relates: https://github.com/openssl/openssl/issues/14392
Fixes: https://github.com/FreeRDP/FreeRDP/issues/6604
This useful functions allows to browse all value pairs of a hashtable without
having to allocate some memory for keys and then retrieving each element.
It may also make sense with synchronized hashtables because before you were forced to
HashTable_GetKeys() and then HashTable_GetItemValue() which is locking again for each
element of the table.
FreeRDP fails to build with OpenSSL 3.0 because of usage of the `FIPS_mode`
and `FIPS_mode_set` functions, which were removed there. Just a note that
the FIPS mode is not supported by OpenSSL 1.1.* although the mentioned
functions are still there (see https://wiki.openssl.org/index.php/FIPS_modules).
Let's make FreeRDP build with OpenSSL 3.0 and fix the FIPS mode support.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1952937
Although the `lodepng_zlib_compress` function expects the `*out` parameter
to be `NULL`, it uses `uvector_init_buffer` internally, which takes the
`*out` value. This confuses covscan, which consequently reports the following
defects:
```
double_free: Calling "ucvector_cleanup" frees pointer "zlibdata.data" which has already been freed.
double_free: Calling "ucvector_cleanup" frees pointer "compressed.data" which has already been freed.
double_free: Calling "ucvector_cleanup" frees pointer "compressed_data.data" which has already been freed.
```
Let's use the `uvector_init` function instead as in other cases to make
covscan happy and to make the code more bulletproof. Consequently, also
remove the outdated comments.
(some client side channels and all server side channels still need to be
ported to new api)
server: build fix, do not disable threads for rfx encoder
cliprdr client channel: implemented support for DisableThreads option
looks like thread does not make sense at all for this channel
do not initialize disabled image codecs (respect settings)
channels: client: rail: added support for DisableThreads setting
changed "BOOL DisableThreads" to "UINT32 ThreadingFlags"
dropped unnecessary apu changes
draft implementation of threading settings aware message handling api
for addins/channels
rail: use new messaging api
fixed memory leak
msgs handlers external api changes (as requested)
msgs_handlers: init fix
fixed memory leak
logic fix
resolved problems appeared after rebase to master, dropped unnecessary
changes
git clang-format origin/master
fixed TestFreeRDPCodecRemoteFX.c
"formatting, run `clang-format` please"
properly use new "rfx_context_new(BOOL, UINT32)" everywhere
passed Threading Flags to "rfx_context_new" where available
in older C standarts veriables declaration must be done before any code
requested changes
clang-format as requested
use broken signatures of standert C functions for m$ s**tos
clang-format
requested changes
requested changes
moved ThreadingFlags to stable api zone
define type for channel msg handler
typo fix
clang-format
build fix
us ThreadingFlags from server settings
git clang-format origin/master
clang-format
Currently, when a local uri-list is converted into a FILEDESCRIPTORW
list, WinPR doesn't submit the last write time for each file.
The result of this is that the last write time of each file on the
other peer will have the current time and not the actual last write
time that is present on the peer, where the files were copied from.
Fix this by also writing the last write time in addition to the
FD_WRITESTIME flag.