Commit Graph

3130 Commits

Author SHA1 Message Date
David Fort
57d2a27980 fix smartcard listing
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:

* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
2022-10-14 12:05:16 +02:00
akallabeth
b70db86e51 Fixed uninitialized variable warnings 2022-10-14 11:16:23 +02:00
akallabeth
bba18b7af5 Fixed -Waddress warnings 2022-10-13 14:38:06 +02:00
Armin Novak
1d71ace487 Fixed PubSub, return error on NULL 2022-10-13 13:57:11 +02:00
David Fort
f76c14c256 fix smartcard logon with smartcard emulation
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.

It also add debug statement for the listing of smartcard keys / certs.

This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
2022-10-13 12:03:58 +02:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
akallabeth
2f84a4856c Fixed missing-field-initializers warnings 2022-10-11 13:28:30 +02:00
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
akallabeth
23082b090c Removed misleading comments 2022-10-11 13:28:30 +02:00
Martin Fleisz
b45f580055 sspi: Do not call copy on empty strings
It might happen that the username/domain/password strings are set to an
empty string. This means that the null pointer check will pass but the
application will assert in the copy helper function.

This fix simple checks the length of the identity strings and only calls
copy in case the length is greater than 0.
2022-10-11 12:15:47 +02:00
Armin Novak
5476d48025 Use Stream_StaticInit for bitmap read 2022-10-10 15:29:45 +02:00
Armin Novak
d879d87610 Use static wStream for packet logger 2022-10-10 15:29:45 +02:00
David Fort
58a3919435 winpr: add some checks in InitializeSecurityContext and AcceptSecurityContext
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
2022-10-10 09:01:04 +02:00
fifthdegree
d6c614b583 Fix bugs and add features in sspi packages
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
2022-10-06 21:33:01 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
fddb0dac75 add missing OOM checks 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00
Marc-André Moreau
80a1fc6a98 add SetCredentialsAttributes SSPI function 2022-09-30 19:33:12 +02:00
Marc-André Moreau
ee233eac39 add SetCredentialsAttributes(SECPKG_CRED_ATTR_KDC_URL) in Kerberos SSPI module 2022-09-30 19:33:12 +02:00
Marc-André Moreau
3224a43ee3 use SecurityFunctionTable version 3 with SetCredentialsAttributes function pointer 2022-09-30 19:33:12 +02:00
Marc-André Moreau
c7af6fabe0 add SetCredentialsAttribute to SecurityFunctionTable 2022-09-30 19:33:12 +02:00
Marc-André Moreau
61e5bdec6a add missing SSPI credential attribute IDs and structs 2022-09-30 19:33:12 +02:00
Marc-André Moreau
23f66f3987 add KDC URL to internal SSPI Kerberos settings 2022-09-30 19:33:12 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254)
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
David Fort
c5c2e37f6d
More winpr fixes (#8255)
* Fix build with mingw

4a71cab2e7 broke wf_events.c.
The drive channel was not building because of missing definitions.

* winpr: make functions return False when not implemented
2022-09-28 16:07:04 +02:00
Kang Lin
71b48f61c1 WinPR::Clipboard::SyntheticFile: FIX match *.* directory bug. The FilePatternMatchA don't support *.* pattern 2022-09-27 09:27:27 +02:00
Armin Novak
ba2e5477d1 Added additional checks and fixed WCHAR usage. 2022-09-26 14:01:20 +02:00
Kang Lin
195b98a9a9 WinPR::Clipboard: Refactor synthetic file
rename posix.c to synthetic_file.c
2022-09-26 14:01:20 +02:00
David Fort
e944d8d243 winpr: improve WaitForSingleObject and WaitForMultipleObject with processes
This patch improves waiting on process handles:
* under linux we take advantage of pidfd if available, when it can be used it
allows to have one or more process in the objects that are WaitForMultipleObject-ed.
* the patch also make the code honor the timeout parameter during a WaitForSingleObject and
possibly run completion when WaitForSingleObjectEx is executed with alertable set to true
2022-09-26 12:08:00 +02:00
akallabeth
d2ab631c40
Test uri fix (#8232)
* Fixed TestUri unit test

* Make proper unit test out of the test function
* Add proper test cases

* Replace FindFirstFileA with FindFirstFileW for addins

This allows addin paths to contain unicode symbols.

* Fixed parse_uri_to_local_file definition

* Move to common clipboard.c file
* Move to header file so it can be included in test case

* Added WINPR_LOCAL for test builds

This macro exports internal functions in case of a unit test build
This way unit tests can access these without other workarounds.

* Fixed typo in function name is_dos_driver

* Cleaned up FindFirstFileW call

Use a wrapper function to convert to unicode and call the function

* Cleaned up BUILD_TESTING and EXPORT_ALL_SYMBOLS

* EXPORT_ALL_SYMBOLS now does as the name implies and exports all
  non static functions/variables from the library.
* BUILD_TESTING now only sets the defines for test code and
  activates EXPORT_ALL_SYMBOLS to allow tests to access internal
  code

* Fixed windows client warnings

* disable CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS
2022-09-26 11:22:02 +02:00
David Fort
ccffa8dfa2 winpr: add a function to export timer file descriptor
The equivalent exist for Events, and it happens that sometime you also need to access
the internal file descriptor associated with a timer.
2022-09-23 09:04:45 +02:00
David Fort
56204164fe core: check the kind of object for events and threads functions
This patch adds some checks for the type of object in Event and Thread functions,
this may help to find bugs where a handle with the wrong type is used as argument
of these functions.
2022-09-21 16:04:02 +02:00
Zopolis4
2145cef543 Restrict overmatching MACH ifdef to only trigger on OSX and Mach 2022-09-21 09:09:16 +02:00
David Fort
ee9c9e7c48 Remove duplicated definitions for file constants 2022-09-21 09:03:45 +02:00
David Fort
3dcc4f4024 fix build for mingw-clang 2022-09-21 09:03:45 +02:00
Armin Novak
ee6317081b Improve string version extraction regex
Allow (git) tags of format 'some-important-text_v1.2.3-something_else'
Any character is now allowed, as long as there is a version of format
1.2.3 somewhere in the tag name.
2022-09-20 13:25:44 +02:00
Armin Novak
e7973d15ff Fix out of bounds reads in parse_uri_to_local_file 2022-09-19 11:06:40 +02:00
Kang Lin
6a6e3340c7 WinPR::Clipboard: Add to convert uri to local file
URI is specified by RFC 8089: https://datatracker.ietf.org/doc/html/rfc8089

Local files:

   o  A traditional file URI for a local file with an empty authority.
      For example:

      *  "file:///path/to/file"

   o  The minimal representation of a local file with no authority field
      and an absolute path that begins with a slash "/".  For example:

      *  "file:/path/to/file"

   o  The minimal representation of a local file in a DOS- or Windows-
      based environment with no authority field and an absolute path
      that begins with a drive letter.  For example:

      *  "file:c:/path/to/file"

   o  Regular DOS or Windows file URIs with vertical line characters in
      the drive letter construct.  For example:

      *  "file:///c|/path/to/file"

      *  "file:/c|/path/to/file"

      *  "file:c|/path/to/file"
2022-09-16 11:41:43 +02:00
Armin Novak
09275bf4c7 Disable execinfo support if only header detected
Some implementations (e.g. Android with API < 33) provide the
execinfo.h header file, but do not define the backtrace functions
expected. Disable the support for execinfo backtrace in such a case
2022-09-16 08:43:19 +02:00
Néfix Estrada
66bef0c708 feat(emscripten): add support for emscripten compilation 2022-09-15 10:23:43 +02:00
akallabeth
43dc14f94b
Fix possible out of bound write in winpr_read_unix_timezone_identifier_from_file (#8207)
If the timezone can not be read from the file (read 0 bytes) then memory
at a random position (buffer[-1] = '\0') will be set to zero.
2022-09-14 16:26:24 +02:00
Armin Novak
8561b08592 Fixed gnome and mate clipboard format synthesizers 2022-09-13 14:42:33 +02:00
Armin Novak
b3f70b047d Fix OId compare 2022-09-13 09:16:55 +02:00
Kang Lin
0faa2c91fe WinPR::Clipboard: FIX text/uri-list format bug(#7904)
See:
  GTK: https://docs.gtk.org/glib/struct.Uri.html
  uri syntax: https://www.rfc-editor.org/rfc/rfc3986#section-3
  uri-lists format: https://www.rfc-editor.org/rfc/rfc2483#section-5
2022-09-12 08:58:34 +02:00
David Fort
4fc7a9417d
Various fixes / improvements (#8146)
* xfreerdp: fix typo in logs

* winpr: file appender, small code cleanup

* shadow-server: add an option for TLS secrets

This allows to dissect connections to the shadow server.
2022-08-22 09:42:15 +02:00
fifthdegree
7901a26a16
Kerberos User 2 User support (#8070)
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
2022-08-17 12:25:26 +02:00
David Fort
c9eea58ef2
winpr: set non-blocking on both fd with pipe() based events (#8106) 2022-08-03 08:30:51 +02:00
David Fort
da10710cf9
winpr: complement thread tests and fix some asserts (#8105) 2022-08-02 11:40:55 +02:00
akallabeth
bf56a39e6f
Fixed #8090: Duplicate definition of strndup (#8102)
* Fixed #8090: Duplicate definition of strndup

* Moved strndup detection to winpr

Co-authored-by: Armin Novak <anovak@thincast.com>
2022-08-02 09:15:38 +02:00
David Fort
1f08cb9a7d
Drdynvc needs love (#8059)
* winpr: add lock operation on HashTables

* drdynvc: change the listeners array for a hashtable and other micro cleanups

* logonInfo: drop warning that is shown at every connection

Let's avoid this log, we can't do anything if at Microsoft they don't respect
their own specs.

* rdpei: fix terminate of rdpei

* drdynvc: implement the channel list with a hashtable by channelId
2022-07-26 12:53:41 +02:00