Commit Graph

16191 Commits

Author SHA1 Message Date
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
akallabeth
23082b090c Removed misleading comments 2022-10-11 13:28:30 +02:00
akallabeth
e4b1258564 Fixed missing include 2022-10-11 13:28:30 +02:00
Martin Fleisz
b45f580055 sspi: Do not call copy on empty strings
It might happen that the username/domain/password strings are set to an
empty string. This means that the null pointer check will pass but the
application will assert in the copy helper function.

This fix simple checks the length of the identity strings and only calls
copy in case the length is greater than 0.
2022-10-11 12:15:47 +02:00
Armin Novak
5476d48025 Use Stream_StaticInit for bitmap read 2022-10-10 15:29:45 +02:00
Armin Novak
d879d87610 Use static wStream for packet logger 2022-10-10 15:29:45 +02:00
Armin Novak
43ea3c0132 Fixed function prototype for proxy rdpdr 2022-10-10 15:29:45 +02:00
David Fort
58a3919435 winpr: add some checks in InitializeSecurityContext and AcceptSecurityContext
In native windows SSPI, AcceptSecurityContext and InitializeSecurityContext return
SEC_E_INVALID_HANDLE if the provided context is an empty context. Add the checks so
that our SSPI implementation behave the same way.
2022-10-10 09:01:04 +02:00
David Fort
cd0a33dbf2 nla: context must be NULL on first call to AcceptSecurityContext or InitializeSecurityContext 2022-10-10 09:01:04 +02:00
David Fort
467816a7a5 nla: fix unicode and non unicode build 2022-10-10 09:01:04 +02:00
David Fort
f486fb1e92 fixes for NLA under win32 2022-10-10 09:01:04 +02:00
akallabeth
7dde39de9d Fixed ownership of negoToken
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
  input buffer an takes ownership of that buffer
2022-10-09 21:34:26 +02:00
akallabeth
796ceb2783 Fixed #8269: Ignore mouse/input events during floatbar events 2022-10-07 11:26:56 +02:00
akallabeth
98f9a4da19 Clean up use of memset 2022-10-07 11:26:56 +02:00
akallabeth
8671339b12 Added assertions to floatbar 2022-10-07 11:26:56 +02:00
akallabeth
54a1e4ea7e Fixed invalid return values 2022-10-07 11:04:04 +02:00
akallabeth
f56b93b243 Set fragment cache size to fixed 256 elements 2022-10-07 11:01:25 +02:00
akallabeth
a1dff38807 Add assertions in update module 2022-10-07 11:01:25 +02:00
akallabeth
60720e7706 Improved streamdump file format 2022-10-07 10:38:03 +02:00
fifthdegree
2a6950f366 Only pass in authData for server creds when needed
If not using one of the winpr server-specific options then pass NULL as
authData for AcquireCredentialsHandle to use default creds (in Windows)
2022-10-06 21:33:01 +02:00
fifthdegree
d6c614b583 Fix bugs and add features in sspi packages
* Kerberos: correctly set principal when no service part is provided
* Kerberos: don't expect a krb_ap_rep when mutual auth was not requested
* Kerberos: include gss header in max signature length
* Negotiate: tolerate optimistic token being the final one
* Kerberos: support channel bindings
* Negotiate: pass channel bindings to sub-mechanism
* NTLM: tolerate receiving an input buffer desc on first call
2022-10-06 21:33:01 +02:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00
akallabeth
ed0f258423 Use GFX small cache by default
RAILS does have some problems if this is not enabled and there is
no real benefit for not setting it, so default it
2022-10-06 16:20:47 +02:00
David Fort
3947294ffb Adjust smartcard listing
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.

This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
2022-10-06 16:06:35 +02:00
akallabeth
26ac2f0b27
Additional checks (#8279)
* Fix length checks in parallel driver

The length requested was not checked against the length read from
the port.

* Fixed missing length check in video channel

Data received in video redirection channel was not checked for
proper length.

* Fixed video presentation reference counter

Video channel presentation reference counter was not updated with
Video_Frame_new. A failing H264 decoding step could trigger a reference
decrement and the presentation was freed by accident.
Also clean up the increment and decrement of presentation

* Fixed tsmf ffmpeg context extra data size checks

tsmf_ffmpeg_init_stream did not abort if the video format ExtraDataSize
was not sufficiently large to satisfy expectations.

* Fixed missing input data length check

tsmf_ifman_exchange_capability_request did not check if the input
data stream actually contained the amount of bytes requested to
copy.

* Fixed TSMF tsmf_ffmpeg_set_format length checks

ExtraDataSize of format was not checked for expected minimum length

* Fixed TSMF tsmf_read_format_type length checks

ExtraDataSize of format was not checked for expected minimum
length

* Fixed TSMF tsmf_gstreamer_set_format length checks

ExtraDataSize of format was not checked for expected minimum
length
2022-10-06 15:30:54 +02:00
David Fort
229e047231
fix build under mingw (#8271) 2022-10-04 16:06:22 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
cd6fcaacb4 use kerberos command-line suboptions for KDC URL 2022-09-30 19:33:12 +02:00
Marc-André Moreau
fddb0dac75 add missing OOM checks 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00
Marc-André Moreau
80a1fc6a98 add SetCredentialsAttributes SSPI function 2022-09-30 19:33:12 +02:00
Marc-André Moreau
ee233eac39 add SetCredentialsAttributes(SECPKG_CRED_ATTR_KDC_URL) in Kerberos SSPI module 2022-09-30 19:33:12 +02:00
Marc-André Moreau
3224a43ee3 use SecurityFunctionTable version 3 with SetCredentialsAttributes function pointer 2022-09-30 19:33:12 +02:00
Marc-André Moreau
c7af6fabe0 add SetCredentialsAttribute to SecurityFunctionTable 2022-09-30 19:33:12 +02:00
Marc-André Moreau
61e5bdec6a add missing SSPI credential attribute IDs and structs 2022-09-30 19:33:12 +02:00
Marc-André Moreau
23f66f3987 add KDC URL to internal SSPI Kerberos settings 2022-09-30 19:33:12 +02:00
Marc-André Moreau
21d28ab62d add --kdc-url command-line parameter 2022-09-30 19:33:12 +02:00
Marc-André Moreau
b324e49131 rename KerberosKdc setting to KerberosKdcUrl 2022-09-30 19:33:12 +02:00
Martin Fleisz
a42a765cc3 proxy: Fix crash due to format specifier/type mismatch in debug logging
The cmd parameter (type int) has been logged using the %s format
specifier causing an access violation.

Fixed by using get_packet_type to convert cmd to a string.
2022-09-29 16:51:54 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254)
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
Martin Fleisz
e4f476fce4 proxy: Fix handling of in drdynvc DATA_FIRST_PDU in proxy
During tests I sometimes received DATA_FIRST_PDUs that were not part of
a fragmented message but contained a complete PDU.

The documentation is not quite clear about if this is a possible
scenario or a protocol violation. However in the description of the Data
field it says:

If the sum of the DVC header size and the value specified by the Length
field is less than 1600 bytes, then the actual data length equals the
value specified by the Length field.

This hints that DATA_FIRST_PDU might also contain complete Data and does
not necessarily mean to be the first part of a fragmented PDU.
2022-09-29 14:45:30 +02:00
akallabeth
b44810418b reformatted changes 2022-09-29 09:06:28 +02:00
Stefan Koell
eb90985bf5 cleanup resources 2022-09-29 09:06:28 +02:00
Stefan Koell
a77e742e99 switch to CredReadW, more code cleanup 2022-09-29 09:06:28 +02:00
Stefan Koell
ec9542d0e1 added header file and more code cleanup 2022-09-29 09:06:28 +02:00
Stefan Koell
45578d3c63 various coding style changes according to feedback 2022-09-29 09:06:28 +02:00
Stefan Koell
f8b6154a20 Support for windows credential manager when username and password is not available
* added wf_defaults.c (also in CMakeLists.txt) which provides the capability to read credential manager entries and set username and password in the rdpSettings accordingly
* the same will be done if a gateway host is specified without credentials
* the behavior will be similar to mstsc.exe on windows
2022-09-29 09:06:28 +02:00
David Fort
c5c2e37f6d
More winpr fixes (#8255)
* Fix build with mingw

4a71cab2e7 broke wf_events.c.
The drive channel was not building because of missing definitions.

* winpr: make functions return False when not implemented
2022-09-28 16:07:04 +02:00
Joan Torres
d63f2324d1 Add support to send a ServerRedirection PDU. 2022-09-28 13:54:00 +02:00
Kang Lin
7e8bb42005 CMAKE: Fix install export FreeRDP-ShadowTargets 2022-09-27 11:06:39 +02:00