Commit Graph

2692 Commits

Author SHA1 Message Date
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
akallabeth
23082b090c Removed misleading comments 2022-10-11 13:28:30 +02:00
Martin Fleisz
b45f580055 sspi: Do not call copy on empty strings
It might happen that the username/domain/password strings are set to an
empty string. This means that the null pointer check will pass but the
application will assert in the copy helper function.

This fix simple checks the length of the identity strings and only calls
copy in case the length is greater than 0.
2022-10-11 12:15:47 +02:00
Armin Novak
5476d48025 Use Stream_StaticInit for bitmap read 2022-10-10 15:29:45 +02:00
Armin Novak
d879d87610 Use static wStream for packet logger 2022-10-10 15:29:45 +02:00
David Fort
58a3919435 winpr: add some checks in InitializeSecurityContext and AcceptSecurityContext
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
2022-10-10 09:01:04 +02:00
fifthdegree
d6c614b583 Fix bugs and add features in sspi packages
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
2022-10-06 21:33:01 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
fddb0dac75 add missing OOM checks 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00
Marc-André Moreau
80a1fc6a98 add SetCredentialsAttributes SSPI function 2022-09-30 19:33:12 +02:00
Marc-André Moreau
ee233eac39 add SetCredentialsAttributes(SECPKG_CRED_ATTR_KDC_URL) in Kerberos SSPI module 2022-09-30 19:33:12 +02:00
Marc-André Moreau
3224a43ee3 use SecurityFunctionTable version 3 with SetCredentialsAttributes function pointer 2022-09-30 19:33:12 +02:00
Marc-André Moreau
c7af6fabe0 add SetCredentialsAttribute to SecurityFunctionTable 2022-09-30 19:33:12 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254)
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
David Fort
c5c2e37f6d
More winpr fixes (#8255)
* Fix build with mingw

4a71cab2e7 broke wf_events.c.
The drive channel was not building because of missing definitions.

* winpr: make functions return False when not implemented
2022-09-28 16:07:04 +02:00
Kang Lin
71b48f61c1 WinPR::Clipboard::SyntheticFile: FIX match *.* directory bug. The FilePatternMatchA don't support *.* pattern 2022-09-27 09:27:27 +02:00
Armin Novak
ba2e5477d1 Added additional checks and fixed WCHAR usage. 2022-09-26 14:01:20 +02:00
Kang Lin
195b98a9a9 WinPR::Clipboard: Refactor synthetic file
rename posix.c to synthetic_file.c
2022-09-26 14:01:20 +02:00
David Fort
e944d8d243 winpr: improve WaitForSingleObject and WaitForMultipleObject with processes
This patch improves waiting on process handles:
* under linux we take advantage of pidfd if available, when it can be used it
allows to have one or more process in the objects that are WaitForMultipleObject-ed.
* the patch also make the code honor the timeout parameter during a WaitForSingleObject and
possibly run completion when WaitForSingleObjectEx is executed with alertable set to true
2022-09-26 12:08:00 +02:00
akallabeth
d2ab631c40
Test uri fix (#8232)
* Fixed TestUri unit test

* Make proper unit test out of the test function
* Add proper test cases

* Replace FindFirstFileA with FindFirstFileW for addins

This allows addin paths to contain unicode symbols.

* Fixed parse_uri_to_local_file definition

* Move to common clipboard.c file
* Move to header file so it can be included in test case

* Added WINPR_LOCAL for test builds

This macro exports internal functions in case of a unit test build
This way unit tests can access these without other workarounds.

* Fixed typo in function name is_dos_driver

* Cleaned up FindFirstFileW call

Use a wrapper function to convert to unicode and call the function

* Cleaned up BUILD_TESTING and EXPORT_ALL_SYMBOLS

* EXPORT_ALL_SYMBOLS now does as the name implies and exports all
  non static functions/variables from the library.
* BUILD_TESTING now only sets the defines for test code and
  activates EXPORT_ALL_SYMBOLS to allow tests to access internal
  code

* Fixed windows client warnings

* disable CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS
2022-09-26 11:22:02 +02:00
David Fort
ccffa8dfa2 winpr: add a function to export timer file descriptor
The equivalent exist for Events, and it happens that sometime you also need to access
the internal file descriptor associated with a timer.
2022-09-23 09:04:45 +02:00
David Fort
56204164fe core: check the kind of object for events and threads functions
This patch adds some checks for the type of object in Event and Thread functions,
this may help to find bugs where a handle with the wrong type is used as argument
of these functions.
2022-09-21 16:04:02 +02:00
Zopolis4
2145cef543 Restrict overmatching MACH ifdef to only trigger on OSX and Mach 2022-09-21 09:09:16 +02:00
Armin Novak
e7973d15ff Fix out of bounds reads in parse_uri_to_local_file 2022-09-19 11:06:40 +02:00
Kang Lin
6a6e3340c7 WinPR::Clipboard: Add to convert uri to local file
URI is specified by RFC 8089: https://datatracker.ietf.org/doc/html/rfc8089

Local files:

   o  A traditional file URI for a local file with an empty authority.
      For example:

      *  "file:///path/to/file"

   o  The minimal representation of a local file with no authority field
      and an absolute path that begins with a slash "/".  For example:

      *  "file:/path/to/file"

   o  The minimal representation of a local file in a DOS- or Windows-
      based environment with no authority field and an absolute path
      that begins with a drive letter.  For example:

      *  "file:c:/path/to/file"

   o  Regular DOS or Windows file URIs with vertical line characters in
      the drive letter construct.  For example:

      *  "file:///c|/path/to/file"

      *  "file:/c|/path/to/file"

      *  "file:c|/path/to/file"
2022-09-16 11:41:43 +02:00
Néfix Estrada
66bef0c708 feat(emscripten): add support for emscripten compilation 2022-09-15 10:23:43 +02:00
akallabeth
43dc14f94b
Fix possible out of bound write in winpr_read_unix_timezone_identifier_from_file (#8207)
If the timezone can not be read from the file (read 0 bytes) then memory
at a random position (buffer[-1] = '\0') will be set to zero.
2022-09-14 16:26:24 +02:00
Armin Novak
8561b08592 Fixed gnome and mate clipboard format synthesizers 2022-09-13 14:42:33 +02:00
Armin Novak
b3f70b047d Fix OId compare 2022-09-13 09:16:55 +02:00
Kang Lin
0faa2c91fe WinPR::Clipboard: FIX text/uri-list format bug(#7904)
See:
  GTK: https://docs.gtk.org/glib/struct.Uri.html
  uri syntax: https://www.rfc-editor.org/rfc/rfc3986#section-3
  uri-lists format: https://www.rfc-editor.org/rfc/rfc2483#section-5
2022-09-12 08:58:34 +02:00
David Fort
4fc7a9417d
Various fixes / improvements (#8146)
* xfreerdp: fix typo in logs

* winpr: file appender, small code cleanup

* shadow-server: add an option for TLS secrets

This allows to dissect connections to the shadow server.
2022-08-22 09:42:15 +02:00
fifthdegree
7901a26a16
Kerberos User 2 User support (#8070)
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
2022-08-17 12:25:26 +02:00
David Fort
c9eea58ef2
winpr: set non-blocking on both fd with pipe() based events (#8106) 2022-08-03 08:30:51 +02:00
David Fort
da10710cf9
winpr: complement thread tests and fix some asserts (#8105) 2022-08-02 11:40:55 +02:00
akallabeth
bf56a39e6f
Fixed #8090: Duplicate definition of strndup (#8102)
* Fixed #8090: Duplicate definition of strndup

* Moved strndup detection to winpr

Co-authored-by: Armin Novak <anovak@thincast.com>
2022-08-02 09:15:38 +02:00
David Fort
1f08cb9a7d
Drdynvc needs love (#8059)
* winpr: add lock operation on HashTables

* drdynvc: change the listeners array for a hashtable and other micro cleanups

* logonInfo: drop warning that is shown at every connection

Let's avoid this log, we can't do anything if at Microsoft they don't respect
their own specs.

* rdpei: fix terminate of rdpei

* drdynvc: implement the channel list with a hashtable by channelId
2022-07-26 12:53:41 +02:00
David Fort
48abc64a6d winpr: update WinPrAsn1DecReadContextualOctetString to use common code 2022-07-26 09:38:53 +02:00
fifthdegree
5f3bc5842a nla: use winpr asn1 library 2022-07-26 09:38:53 +02:00
fifthdegree
8fb49e1f31 ncrypt_pkcs11: enumerate keys by public keys 2022-07-21 18:38:36 +02:00
David Fort
90aaea0a55
winpr asn1: fix error reporting of ReadContextualXXX functions (#8085) 2022-07-21 16:00:57 +02:00
Martin Fleisz
b93f742896 winpr: Add missing include for windows build 2022-07-21 15:59:43 +02:00
fifthdegree
54bbe33123
spnego: add missing check (#8069)
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
2022-07-15 08:33:28 +02:00
fifthdegree
dfa231c0a5
spnego: correctly set output buffer size (#8060)
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
2022-07-12 10:08:44 +02:00
Armin Novak
586675942a Fixed missing return 2022-07-07 17:31:49 +02:00
Armin Novak
36c7c0320b Fixed review comments 2022-07-07 17:31:49 +02:00
fifthdegree
362ae93a64 spnego: some cleanups and fixes 2022-07-07 17:31:49 +02:00
David Fort
8b5df3fa92 spnego: cleanup the guess of the input token 2022-07-07 17:31:49 +02:00
David Fort
b128ec4fba spnego: add various check and fixes 2022-07-07 17:31:49 +02:00
David Fort
6c834eaa15 winpr: adjust negotiate_GetMechByOID function 2022-07-07 17:31:49 +02:00
fifthdegree
2a3c92b4cc spnego: use winpr asn.1 library 2022-07-07 17:31:49 +02:00
Pascal Nowack
43b609cd6c winpr/clipboard: Allow overriding ValidFileNameComponent call
When using the wClipboard API, the connected peer might not be on the
Windows platform, where further filename restriction exists.
As a result, it is currently not possible to use the wClipboard API,
when intending to allow filenames, containing characters like ':'.

So, add a callback to the wClipboardDelegate, which is set to the
ValidFileNameComponent call by default.
This callback can be overridden by the API user, when it is known, that
there is no need to impose very strict filename restrictions.
2022-07-07 07:45:26 +00:00
David Fort
168117e85b winpr: fix encoding of octetString containers and add required functions for SPNego 2022-07-05 15:04:01 +02:00
akallabeth
05b339b0b1 Added strndup replacement 2022-07-04 14:31:08 +02:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
David Fort
bddb71230e winpr asn1: fixes and more features
This patches adds support for octet string containers that are used by SPNego
(a subfield is contained in an octet string record).
It also adds a performance test to test reallocations in asn1 encoder.
It fixes reallocation problems for both chunks and containers.
2022-07-01 09:43:01 +02:00
David Fort
cbda255dcd winpr: add some ASN1 parsing functions
This patch implements ASN1 parsing in WinPR, as we need it in SSPI packages.
2022-07-01 07:51:31 +02:00
akallabeth
5d1d3d6582 Fixed #8022: leaks in kerberos code 2022-06-30 23:00:48 +02:00
akallabeth
39bd78d2fb Fixed missing includes 2022-06-29 18:10:33 +02:00
akallabeth
7c85949f1d Fixed unused variable warnings 2022-06-29 18:10:33 +02:00
akallabeth
99cda9249f Fixed uninitialized warnings 2022-06-29 18:10:33 +02:00
akallabeth
684ada9c0e Fixed uninitialized warnings 2022-06-29 18:10:33 +02:00
Adrian Perez de Castro
81e8e28062 Fix building with LibreSSL 2.7.0 or newer
With LibreSSL 2.7.0 (or newer versions) some more structs have made
opaque, which requires a few changes:

- BIO_meth_new() and related functions are now defined by LibreSSL, the
  versions from opensslcompat.{h,c} does not need to be used anymore.
- HMAC_CTX is now opaque, HMAC_CTX_new(), EVP_MD_CTX_new, and related
  functions should be used instead in winpr's hash.c.
2022-06-27 12:42:06 +02:00
akallabeth
9fee695ed0 Assert stream pool if duplicate entry is found 2022-06-27 11:21:24 +02:00
akallabeth
488a0d1edd Fixed streampool release 2022-06-27 11:21:24 +02:00
akallabeth
25c120d25d Fixed type mismatches and memory leaks 2022-06-27 11:21:24 +02:00
akallabeth
bc8b4ade1c reformatted 2022-06-23 08:48:39 +02:00
akallabeth
ec8550e87f Fix unwind backtrace warnings 2022-06-23 07:45:55 +02:00
fifthdegree
56d10c2d27 kerberos: don't get a tgt ticket for inbound creds 2022-06-21 10:27:17 +02:00
fifthdegree
8ac977e671 make sure existing ccache credentials are not expired 2022-06-21 10:27:17 +02:00
David Fort
a31574d359 kerberos: correctly detect missing credentials even with an empty cache 2022-06-21 10:27:17 +02:00
David Fort
90a2b9a10c Various fixes in negotiate.c 2022-06-21 10:27:17 +02:00
fifthdegree
b5ba6d135c retry on all errors from acquire_creds 2022-06-21 10:27:17 +02:00
fifthdegree
c51348a33b fixes 2022-06-21 10:27:17 +02:00
fifthdegree
e66b99f8dc deprecate old hash callback field 2022-06-21 10:27:17 +02:00
fifthdegree
6d3aa52496 set SAM file and hash callback on credential rather than context 2022-06-21 10:27:17 +02:00
fifthdegree
eeece1a027 server-side kerberos (and some fixes) 2022-06-21 10:27:17 +02:00
fifthdegree
8d9f990124 some more tweaks 2022-06-21 10:27:17 +02:00
fifthdegree
441fa01acb adjust ntlm unit test 2022-06-21 10:27:17 +02:00
fifthdegree
a359124339 some small fixes and changes 2022-06-21 10:27:17 +02:00
fifthdegree
1c012b09b8 implement proper SPNEGO negotiation 2022-06-21 10:27:17 +02:00
akallabeth
f25261e271 Unifiy string append functions 2022-06-17 08:41:46 +02:00
akallabeth
31708d8b20 Disable LTO on apple devices 2022-06-03 08:51:40 +02:00
akallabeth
3d65e5a138 Fix return of getlogin() 2022-06-02 13:57:09 +02:00
Marc-André Moreau
227aa6a55f Fix WinPR SSPI unit tests to always use SSPI function table 2022-06-01 15:16:12 +02:00
Marc-André Moreau
1d5c0be5ec Add settings to load a custom SSPI shared library module 2022-06-01 15:16:12 +02:00
David Fort
0a404d5728 fix a warning seen on the MacOS CI 2022-05-30 14:05:41 +02:00
akallabeth
65938708c0 Fixed WITH_PKCS11 option 2022-05-12 11:36:01 +02:00
David Fort
77413f49b2 winpr: rework alignment functions
_align_XXX functions aren't widely available depending on the C runtime. That causes
problems with mingw where we can easily have some runtime mixes (which lead to mysterious
segfaults most of the time). This patch introduce winpr_aligned_XXX functions that will
either use the function available, or use an emulation layer.
2022-05-12 11:36:01 +02:00
David Fort
82092f6752 smartcard: add verbose output during listing 2022-05-12 11:36:01 +02:00
akallabeth
ca9247ddd9 Do not compile ncrypt_pkcs11 if CMake option is not set 2022-05-06 13:39:26 +02:00
David Fort
4ffd3e84b9 smartcard: take in account pkcs11-module in smartcard listing and print pkcs11 errors 2022-05-06 13:39:26 +02:00
David Fort
a612ca4ba2 winpr: fix unitary test when CreateProcess is CreateProcessW
As the second argument of CreateProcessW is modified to split with spaces and so
this can not be a const arg.
2022-05-05 13:11:18 +02:00
Armin Novak
03ed367fb9 Fixed broken USE_UNWIND check 2022-05-05 13:05:33 +02:00
Armin Novak
400fe6f796 Fixed argument mismatch 2022-05-03 11:48:20 +02:00
akallabeth
6ce3499e13
Settings getter tests (#7869)
* Added tests for freerdp_[static|dynamic]_collection_* functions

* Added settings unit test for clone functions

* Fix argument for winpr_RAND and winpr_RAND_pseudo

Using void* eliminates all assumptions of which type the buffer is.
This eliminates unnecessary warnings.
2022-05-02 11:39:38 +02:00
akallabeth
a62fe8a3e9 Enable unwind.h and dladdr as default backtrace implementation
* config option USE_UNWIND to enable/disable
2022-04-29 15:15:53 +02:00
akallabeth
f10da4552b default android to unwind 2022-04-29 14:27:44 +02:00
akallabeth
9330559d24 Defined and use _write 2022-04-29 14:27:44 +02:00
akallabeth
00b00ea521 Added unwind.h support 2022-04-29 14:27:44 +02:00