Commit Graph

16250 Commits

Author SHA1 Message Date
Marc-André Moreau
21740743f7 Fix CredSSP with Windows Kerberos SSPI module 2022-10-13 09:48:13 +02:00
Armin Novak
5e5b2a35dc Fixed FindXi.cmake
XITouchClass is a define, XITouchClassInfo a struct, that is not
properly detected by CMake check_symbol_exists. Ignore this as all
recently enough versions support touch.
2022-10-12 22:30:07 +02:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
Armin Novak
f620a31d57 Android build script updatee
* Remove JPEG build support (deprecated)
* Add sha256 check to tar/git checkout
* Update default dependency versions
2022-10-12 21:48:44 +02:00
akallabeth
bd4b261a88 Fixed #8296: Assert floatbar->handle and not xfc->window 2022-10-12 21:44:27 +02:00
Armin Novak
3cf0bb91d6 Updated supported RDP versions
* New defines for 10.8, 10.9, 10.10, 10.11 protocol versions
* New function returning a string representation of the protocol version
* Use 10.11 by default now
2022-10-12 21:42:12 +02:00
akallabeth
2f84a4856c Fixed missing-field-initializers warnings 2022-10-11 13:28:30 +02:00
akallabeth
59eae5dbc3 Fixed tautological-unsigned-zero-compare 2022-10-11 13:28:30 +02:00
akallabeth
080e44fc96 Fixed extra-semi-stmt warnings 2022-10-11 13:28:30 +02:00
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
akallabeth
23082b090c Removed misleading comments 2022-10-11 13:28:30 +02:00
akallabeth
e4b1258564 Fixed missing include 2022-10-11 13:28:30 +02:00
Martin Fleisz
b45f580055 sspi: Do not call copy on empty strings
It might happen that the username/domain/password strings are set to an
empty string. This means that the null pointer check will pass but the
application will assert in the copy helper function.

This fix simple checks the length of the identity strings and only calls
copy in case the length is greater than 0.
2022-10-11 12:15:47 +02:00
Armin Novak
5476d48025 Use Stream_StaticInit for bitmap read 2022-10-10 15:29:45 +02:00
Armin Novak
d879d87610 Use static wStream for packet logger 2022-10-10 15:29:45 +02:00
Armin Novak
43ea3c0132 Fixed function prototype for proxy rdpdr 2022-10-10 15:29:45 +02:00
David Fort
58a3919435 winpr: add some checks in InitializeSecurityContext and AcceptSecurityContext
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
2022-10-10 09:01:04 +02:00
David Fort
cd0a33dbf2 nla: context must be NULL on first call to AcceptSecurityContext or InitializeSecurityContext 2022-10-10 09:01:04 +02:00
David Fort
467816a7a5 nla: fix unicode and non unicode build 2022-10-10 09:01:04 +02:00
David Fort
f486fb1e92 fixes for NLA under win32 2022-10-10 09:01:04 +02:00
akallabeth
7dde39de9d Fixed ownership of negoToken
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
  input buffer an takes ownership of that buffer
2022-10-09 21:34:26 +02:00
akallabeth
796ceb2783 Fixed #8269: Ignore mouse/input events during floatbar events 2022-10-07 11:26:56 +02:00
akallabeth
98f9a4da19 Clean up use of memset 2022-10-07 11:26:56 +02:00
akallabeth
8671339b12 Added assertions to floatbar 2022-10-07 11:26:56 +02:00
akallabeth
54a1e4ea7e Fixed invalid return values 2022-10-07 11:04:04 +02:00
akallabeth
f56b93b243 Set fragment cache size to fixed 256 elements 2022-10-07 11:01:25 +02:00
akallabeth
a1dff38807 Add assertions in update module 2022-10-07 11:01:25 +02:00
akallabeth
60720e7706 Improved streamdump file format 2022-10-07 10:38:03 +02:00
fifthdegree
2a6950f366 Only pass in authData for server creds when needed
If not using one of the winpr server-specific options then pass NULL as
authData for AcquireCredentialsHandle to use default creds (in Windows)
2022-10-06 21:33:01 +02:00
fifthdegree
d6c614b583 Fix bugs and add features in sspi packages
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
2022-10-06 21:33:01 +02:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00
akallabeth
ed0f258423 Use GFX small cache by default
RAILS does have some problems if this is not enabled and there is
no real benefit for not setting it, so default it
2022-10-06 16:20:47 +02:00
David Fort
3947294ffb Adjust smartcard listing
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.

This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
2022-10-06 16:06:35 +02:00
akallabeth
26ac2f0b27
Additional checks (#8279)
* Fix length checks in parallel driver

The length requested was not checked against the length read from
the port.

* Fixed missing length check in video channel

Data received in video redirection channel was not checked for
proper length.

* Fixed video presentation reference counter

Video channel presentation reference counter was not updated with
Video_Frame_new. A failing H264 decoding step could trigger a reference
decrement and the presentation was freed by accident.
Also clean up the increment and decrement of presentation

* Fixed tsmf ffmpeg context extra data size checks

tsmf_ffmpeg_init_stream did not abort if the video format ExtraDataSize
was not sufficiently large to satisfy expectations.

* Fixed missing input data length check

tsmf_ifman_exchange_capability_request did not check if the input
data stream actually contained the amount of bytes requested to
copy.

* Fixed TSMF tsmf_ffmpeg_set_format length checks

ExtraDataSize of format was not checked for expected minimum length

* Fixed TSMF tsmf_read_format_type length checks

ExtraDataSize of format was not checked for expected minimum
length

* Fixed TSMF tsmf_gstreamer_set_format length checks

ExtraDataSize of format was not checked for expected minimum
length
2022-10-06 15:30:54 +02:00
David Fort
229e047231
fix build under mingw (#8271) 2022-10-04 16:06:22 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
cd6fcaacb4 use kerberos command-line suboptions for KDC URL 2022-09-30 19:33:12 +02:00
Marc-André Moreau
fddb0dac75 add missing OOM checks 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00
Marc-André Moreau
80a1fc6a98 add SetCredentialsAttributes SSPI function 2022-09-30 19:33:12 +02:00
Marc-André Moreau
ee233eac39 add SetCredentialsAttributes(SECPKG_CRED_ATTR_KDC_URL) in Kerberos SSPI module 2022-09-30 19:33:12 +02:00
Marc-André Moreau
3224a43ee3 use SecurityFunctionTable version 3 with SetCredentialsAttributes function pointer 2022-09-30 19:33:12 +02:00
Marc-André Moreau
c7af6fabe0 add SetCredentialsAttribute to SecurityFunctionTable 2022-09-30 19:33:12 +02:00
Marc-André Moreau
61e5bdec6a add missing SSPI credential attribute IDs and structs 2022-09-30 19:33:12 +02:00
Marc-André Moreau
23f66f3987 add KDC URL to internal SSPI Kerberos settings 2022-09-30 19:33:12 +02:00
Marc-André Moreau
21d28ab62d add --kdc-url command-line parameter 2022-09-30 19:33:12 +02:00
Marc-André Moreau
b324e49131 rename KerberosKdc setting to KerberosKdcUrl 2022-09-30 19:33:12 +02:00
Martin Fleisz
a42a765cc3 proxy: Fix crash due to format specifier/type mismatch in debug logging
The cmd parameter (type int) has been logged using the %s format
specifier causing an access violation.

Fixed by using get_packet_type to convert cmd to a string.
2022-09-29 16:51:54 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254)
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
Martin Fleisz
e4f476fce4 proxy: Fix handling of in drdynvc DATA_FIRST_PDU in proxy
During tests I sometimes received DATA_FIRST_PDUs that were not part of
a fragmented message but contained a complete PDU.

The documentation is not quite clear about if this is a possible
scenario or a protocol violation. However in the description of the Data
field it says:

If the sum of the DVC header size and the value specified by the Length
field is less than 1600 bytes, then the actual data length equals the
value specified by the Length field.

This hints that DATA_FIRST_PDU might also contain complete Data and does
not necessarily mean to be the first part of a fragmented PDU.
2022-09-29 14:45:30 +02:00