There was a bug in smartcard listing that was leading to be unable to open a key
with slotId != 0. When any error or skipped item was happening during listing
the code was crashing.
* Fixed SSPI fallback to NTLM
* Fixed wide/ansi mixup
* WITH_GSS fixes
* Move to WinPR as this is not related to FreeRDP
* Add option WITH_GSS_NO_NTLM_FALLBACK to disable NTLM fallback
* Abort NLA if status is SEC_E_NO_CREDENTIALS
* Properly invalidate sspi::SubContext
This patch adds support for authentication when the connection is done
through a HTTP proxy.
It only supports HTTP Basic Authentication (like `curl --proxy`).
It is tested against Apache 2.4.
This PR introduces per channel context so that we can speed up operations like
retrieving the channel name from its id, or knowing what shall be done for a
packet (no config ACL recomputation at each packet).
removed no more actually used count property of BITMAP_UPDATE struct,
fixed allocating twice as memory for its rectangles - as of refactoring
at e5767f07 BITMAP_UPDATE struct is reused no more
The settings have double meaning:
* Setting the default in client preconnect callback can disable
announcement of a flag to the server regardless of support
* If set it is overridden with the value the server supports
It's possible that FreeRDP was built against FFmpeg, but it doesn't support
H.264. In that case, just continue without H.264 support instead of failing
hard before even trying to connect.
This is especially useful for Linux distributions which can't ship H.264
support in FFmpeg out of the box (patent issues), but allow enabling H.264
later by installing a version of FFmpeg which has it enabled.
When uploading large ICON (96x96), we end up growing the stream
mid-update. Stream_EnsureCapacity end up reallocating the stream
with a larger capacity to accomodate the large ICON size, but in
doing so, also updating the sealed length for the data currently in
the stream. This breaks the assumption between update_begin_paint
and update_end_paint where the sealed lenght is used to keep track
of the location where we need to update the orders counts after
we're done accumulating update. As a result of the growth and lost
of that location, the number of orders is written to the wrong
location and the resulting stream is invalid which result in a
protocol violation and a connection drop.
The current fix uses a new offsetOrder in the update object to
keep track of where update_end_paint needs to write the number
of orders contained. I think a better fix would be for
Stream_EnsureCapacity to preserve the sealead length of the
stream on growth, but this has a much more significant impact and
careful analysis needs to be done to ensure this doesn't violate
other assumption. Need to follow up with FreeRDP developer to get
their take on this one.
This commit add support for connection over HyperV socket (hvsock) which are
used in scenario like WSLg on Windows. hvsock requires accept and close
to monitor in addition to read. Also mark hvsock connection as local.
mstsc/msrdc includes an optional correlation info
(RDP_NEG_CORRELATION_INFO) during connection negotiation. This confuses
FreeRDP which interpret this as a cookie and eventually fails the
negotiation, preventing a successful connection to these RDP client.
This commit addresses 3 things.
1) When processing connection token or cookie, skip if the remaining
bytes are neither.
2) After processing the RDP_NEG_REQ info, skip the optional correlation
info (RDP_NEG_CORRELATION_INFO) if one is present.
3) Allow local connection without server certificate when the client
inherently trust the server.
* All channels inheriting from RDPDR_DRIVE base struct
* Add functions to create/free a new device of a type
* Fixed settings array resize code, prevent 0 sizes
* Properly initialize the stream buffer
* Add Stream_StaticConstInit accepting a const buffer
* Modify API to return a pointer to the stream initialized
* Added checks for bitmap width and heigth values
Data received from the server might have invalid values for bitmap
with or height. Abort parsing if such a value is found.
Reported by Sunglin from the Knownsec 404 team & 0103 sec team
* Added checks for glyph width & height
* Do length/capacity checks in every read/write/seek function
if WINPR_ASSERT is defined.
* Ensure s->pointer is valid, e.g. within s->buffer + s->capacity
(Stream_Rewind, Stream_Seek, ...)
* Add return values to Stream_Set* functions so inalid arguments
can be reported to the caller
* Deprecated problematic stream manipulation functions
(Stream_SetBuffer, Stream_SetPointer, Stream_SetCapacity)
* Ensure length/capacity functions never return a value larger
than the actual length/capacity
