There was a bug in smartcard listing that was leading to be unable to open a key
with slotId != 0. When any error or skipped item was happening during listing
the code was crashing.
* Fixed SSPI fallback to NTLM
* Fixed wide/ansi mixup
* WITH_GSS fixes
* Move to WinPR as this is not related to FreeRDP
* Add option WITH_GSS_NO_NTLM_FALLBACK to disable NTLM fallback
* Abort NLA if status is SEC_E_NO_CREDENTIALS
* Properly invalidate sspi::SubContext
* Cache Emulate_IsConfigured result
The check is used very often, so this caching reduces necessary
allocations.
* Fix winpr_HexLogDump
Abort function early if the log message is to be discarded due to
the log level being inactive.
* Use common logger for rdpdr message
Co-authored-by: Martin Fleisz <martin.fleisz@thincast.com>
Some WCHAR string constant were wrong (missing \x00 at the end).
The commit also implements the NCRYPT_READER_PROPERTY property in the pkcs11 provider.
Although the official documentation claims that pszScope parameter shall be set to
NULL. In practice setting it to \\.\<reader name>\ allows to filter on the corresponding
reader.
This patch adds the NCryptEnumStorageProviders function.
It also fixes strings bugs with the compiler taking the WCHAR "Micro" string
M\x00i\x00c\x00r\x00o\x00 as
M\x00i\x0c\x00r\x00o\x00, and so generating unexpected behaviours. The solution is
to split string constants when you hit a character that is a valid hex number, so
that the compiler doesn't interpret i\x00c\x00 (ic in WCHARs) as i\x0c\x00 (weird
string).
This implements the emulation for the ncrypt API and more specifically the smartcard
provider so that we can list available keys and certificates using pkcs11-helper.
This partially reverts commit 67f3fff2. The legacy provider is now loaded
from the `winpr_InitializeSSL` function, so it is not needed to load it from
the `winpr_RC4_New` function again.
The `winpr_enable_fips` function is called twice from the `winpr_InitializeSSL`
function after commit 49936a7b. I believe this is a bug, which might lead to
some undesired behavior. Let's call that only once.
With OpenSSL 3.O, FreeRDP log contains errors like:
```
4036740A4C7F0000:error:0308010C:digital envelope routines:
inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:346:
Global default library context, Algorithm (MD4 : 85), Properties ()
```
This leads to connection failures in some cases. This is because algorithms
like MD4 are now part of the legacy provider, which is not loaded by
default. Let's explicitly load that provider. With this change, also the
other provides has to be explicitely loaded.
By default use const for the object enqueued.
If a `fnObjectNew` function is set, it is copied anyway.
For the case without cast away the const internally.
* Properly initialize the stream buffer
* Add Stream_StaticConstInit accepting a const buffer
* Modify API to return a pointer to the stream initialized
* Fix temporary settings allocation for command line
Detection of legacy command line requires a temporary settings
struct. This was previously manyally allocated instead of using
freerdp_settings_new and freerdp_settings_free.
* Fixed CommandLineParseCommaSeparatedValuesEx
The name argument was not copied into the returned array.
This function terminates a process if a stream was used incorrectly.
It will work similar to an assert, but it is not possible to compile
without this.
Purpose is to prevent problems with missing length/capacity checks
* Do length/capacity checks in every read/write/seek function
if WINPR_ASSERT is defined.
* Ensure s->pointer is valid, e.g. within s->buffer + s->capacity
(Stream_Rewind, Stream_Seek, ...)
* Add return values to Stream_Set* functions so inalid arguments
can be reported to the caller
* Deprecated problematic stream manipulation functions
(Stream_SetBuffer, Stream_SetPointer, Stream_SetCapacity)
* Ensure length/capacity functions never return a value larger
than the actual length/capacity
* ExitThread no longer NORETURN, this eases handling of threads.
* Fixed a (rare) race condition when starting a thread
* Made global thread_list optional (you lose the exit code from
ExitThread)
Every uri in the x-special/gnome-copied-files mime type is separated by
a '\n' char.
However, not every line ends with '\n'. The last line MUST not include
the new line character.
* winpr/crypto: Exit cleanly when EVP_EncryptInit_ex fails
The `EVP_EncryptInit_ex` function may fail in certain configurations.
Consequently, FreeRDP segfaults in `EVP_CIPHER_CTX_set_key_length`.
Let's handle the `EVP_EncryptInit_ex` failures and exit cleanly in
such case.
* winpr/crypto: Load legacy provider to fix rc4 with OpenSSL 3.0
Currently, the `EVP_EncryptInit_ex` function fails for rc4 with OpenSSL 3.0.
This is becuase rc4 is provided by the legacy provider which is not loaded
by default. Let's explicitly load the legacy provider to make FreeRDP work
with OpenSSL 3.0.
Relates: https://github.com/openssl/openssl/issues/14392
Fixes: https://github.com/FreeRDP/FreeRDP/issues/6604
Include stdio.h to fix the following build failure with uclibc raised
since version 2.4.0 and
eb6777ea69:
In file included from /tmp/instance-0/output-1/build/freerdp-2.4.0/winpr/libwinpr/utils/lodepng/lodepng.c:30:
/tmp/instance-0/output-1/build/freerdp-2.4.0/winpr/include/winpr/file.h:524:11: error: unknown type name 'FILE'
WINPR_API FILE* winpr_fopen(const char* path, const char* mode);
^~~~
Fixes:
- http://autobuild.buildroot.org/results/31e770a330158035e24b7b952bec0030138482b7
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Added a WinPR macro that can be used for WinPR and FreeRDP to
replace standard C assert.
It is more verbose and logs issues to WLog which makes it easier
for us to trace problems in the field.
This useful functions allows to browse all value pairs of a hashtable without
having to allocate some memory for keys and then retrieving each element.
It may also make sense with synchronized hashtables because before you were forced to
HashTable_GetKeys() and then HashTable_GetItemValue() which is locking again for each
element of the table.
FreeRDP fails to build with OpenSSL 3.0 because of usage of the `FIPS_mode`
and `FIPS_mode_set` functions, which were removed there. Just a note that
the FIPS mode is not supported by OpenSSL 1.1.* although the mentioned
functions are still there (see https://wiki.openssl.org/index.php/FIPS_modules).
Let's make FreeRDP build with OpenSSL 3.0 and fix the FIPS mode support.
See: https://bugzilla.redhat.com/show_bug.cgi?id=1952937
Covscan report contains various memory leak defects which were marked
as important. I have spent some time analyzing them and although they
were marked as important, most of them are in error cases, so probably
nothing serious. Let's fix most of them anyway. The rest are false
positives, or too complicated to fix, or already fixed in master, or
simply I am unsure about them.
Relates: https://github.com/FreeRDP/FreeRDP/issues/6981
Although the `lodepng_zlib_compress` function expects the `*out` parameter
to be `NULL`, it uses `uvector_init_buffer` internally, which takes the
`*out` value. This confuses covscan, which consequently reports the following
defects:
```
double_free: Calling "ucvector_cleanup" frees pointer "zlibdata.data" which has already been freed.
double_free: Calling "ucvector_cleanup" frees pointer "compressed.data" which has already been freed.
double_free: Calling "ucvector_cleanup" frees pointer "compressed_data.data" which has already been freed.
```
Let's use the `uvector_init` function instead as in other cases to make
covscan happy and to make the code more bulletproof. Consequently, also
remove the outdated comments.
(some client side channels and all server side channels still need to be
ported to new api)
server: build fix, do not disable threads for rfx encoder
cliprdr client channel: implemented support for DisableThreads option
looks like thread does not make sense at all for this channel
do not initialize disabled image codecs (respect settings)
channels: client: rail: added support for DisableThreads setting
changed "BOOL DisableThreads" to "UINT32 ThreadingFlags"
dropped unnecessary apu changes
draft implementation of threading settings aware message handling api
for addins/channels
rail: use new messaging api
fixed memory leak
msgs handlers external api changes (as requested)
msgs_handlers: init fix
fixed memory leak
logic fix
resolved problems appeared after rebase to master, dropped unnecessary
changes
git clang-format origin/master
fixed TestFreeRDPCodecRemoteFX.c
"formatting, run `clang-format` please"
properly use new "rfx_context_new(BOOL, UINT32)" everywhere
passed Threading Flags to "rfx_context_new" where available
in older C standarts veriables declaration must be done before any code
requested changes
clang-format as requested
use broken signatures of standert C functions for m$ s**tos
clang-format
requested changes
requested changes
moved ThreadingFlags to stable api zone
define type for channel msg handler
typo fix
clang-format
build fix
us ThreadingFlags from server settings
git clang-format origin/master
clang-format
* client: Fix exit codes for /help and similar option
Currently, non-zero exit code is returned for /version, /buildconfig, /help,
/monitor-list, /kbd-list and /kbd-lang-list command-line options for several
clients. This is against conventions because 0 is usually returned in
such cases. Also, there is potentially another problem that the returned
codes overflow on UNIX systems (where the exit code is a number between 0
and 255). Let's fix the clients to return 0 in the mentioned cases to honor
conventions and 1 for the command-line parsing errors (or -1 for clients
who already use that value).
Fixes: https://github.com/FreeRDP/FreeRDP/issues/6686
* Refactored freerdp_client_settings_command_line_status_print_ex
Now returns 0 if help or version information was requested.
* Do not eliminate original error status.
Co-authored-by: akallabeth <akallabeth@posteo.net>
Currently, when a local uri-list is converted into a FILEDESCRIPTORW
list, WinPR doesn't submit the last write time for each file.
The result of this is that the last write time of each file on the
other peer will have the current time and not the actual last write
time that is present on the peer, where the files were copied from.
Fix this by also writing the last write time in addition to the
FD_WRITESTIME flag.
Now you can give an option the combination of flags
COMMAND_LINE_VALUE_OPTIONAL and COMMAND_LINE_VALUE_BOOL. If you do,
then all three of the syntaxes +foo, -foo and /foo:value are allowed
at once, and the receiving code can tell the difference because the
Value field is set to BoolValueTrue, BoolValueFalse or a valid char
pointer.