__LINE__ is not particularily well defined (most fall back to int).
We want to ensure that all the uses in a format string match the format
specifier, so do an explicit cast
The shadow server tries to resize the client to use a compatible
resolution. If that fails, e.g. if there is another resize request after
the disconnect/reconnect sequence, abort the connection.
This patch introduce the basic architecture to intercept content of dynamic
channel. When a dynamic channel is in intercept mode, we accumulate and reassemble
the current packet so that it can be passed for inspection.
When some channels are filtered, some misalignement of channel ids could happen.
This patch keeps track of the back and front channel ids to correctly identify a
channel and send packets with the correct channel id.
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
Previously smartcard authentication was only supported with TLS
connections so the proxy forced that security mode.
Since we now have a working NLA smartcard auth implementation we can
remove that code and leave the correct configuration to the proxy user.
The cmd parameter (type int) has been logged using the %s format
specifier causing an access violation.
Fixed by using get_packet_type to convert cmd to a string.
* Fixed format strings to match arguments
Reviewed and replaced all %d specifiers to match proper type
* Added proxy dynamic channel command type to log messages.
During tests I sometimes received DATA_FIRST_PDUs that were not part of
a fragmented message but contained a complete PDU.
The documentation is not quite clear about if this is a possible
scenario or a protocol violation. However in the description of the Data
field it says:
If the sum of the DVC header size and the value specified by the Length
field is less than 1600 bytes, then the actual data length equals the
value specified by the Length field.
This hints that DATA_FIRST_PDU might also contain complete Data and does
not necessarily mean to be the first part of a fragmented PDU.
Only the least significant bit is valid in the unicode flag UINT32. Some
clients send garbage data in the other bits which caused the proxy to
drop the connection which is wrong.
* xfreerdp: fix typo in logs
* winpr: file appender, small code cleanup
* shadow-server: add an option for TLS secrets
This allows to dissect connections to the shadow server.
The shadow server was setting up the dynamic channel too quickly, leading
to unexpected packets during the negotiation (unexpected licence packet error
message on the client side). So let's starts dynamic channel once the activation is
done.
* add support for 64-bit big-endian encoding
* kerberos: drop reliance on gssapi and add user 2 user support
* Fix local variable declared in the middle of the function body
* kerberos: add ccache server option
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
This big patch fixes fragmentation handling in the dynamic channel. We used to
have a single state to handle fragmentation at the main dynamic channel level, but
in fact packets can be fragmented per sub channel. So we have to maintain a fragmentation
state per sub channel, this involve treating dynamic and static channels differentely
(so the size of the patch that has to implement state tracking per dynamic channels).
This adds a User, Domain and Password parameter in the Target section of the configuration
to specify and use a fixed backend user, domain or password (overriding the one
passed by the front user).
_align_XXX functions aren't widely available depending on the C runtime. That causes
problems with mingw where we can easily have some runtime mixes (which lead to mysterious
segfaults most of the time). This patch introduce winpr_aligned_XXX functions that will
either use the function available, or use an emulation layer.
* Fixed remdesk settings pointer
* Fixed sign warnings in display_write_monitor_layout_pdu
* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context
* Added and updates settings
* info assert/dynamic timezone
* mcs assert/log/flags
* Fixed and added assertions for wStream
* Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
* Cleaned up PER, added parser logging
* Cleaned up BER, added parser logging
* log messages
* Modified Stream_CheckAndLogRequiredLengthEx
* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list
* Improved Stream_CheckAndLogRequiredLength
* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected
* Fixed public API input checks
The rework introduce a stateful dynamic channel treatment, so that we can take early decisions
for data packet (dropping all the current packet or pass it), but also reassemble important
packets like channel creation.
* Fixed GetFileInformationByHandle initializers
* Fix#7793: Do not expose internal input API
Slow-Path input uses UINT16 for scancodes on wire, but only the
lower byte is actually used. (the extended fields are sent in
keyboardFlags field)
Hide this implementation detail and adjust the API to use UINT8
for the code instead just like the corresponding Fast-Path PDU
* Added a warning for problematic slow path keyCodes
The flag was forcing the remoteApp usage when set, while all the other equivalent
flags just enable the feature. This patch fixes that, so now setting RemoteApp = TRUE
just enables the front client to do remoteApps.
Building client channels out of tree does not work reliable as the
dependencies can not be easily split. (exceptions may be simple ones
as echo channel)
It does complicate the build system and code though, so remove this
for maintainability reasons.
This PR introduces per channel context so that we can speed up operations like
retrieving the channel name from its id, or knowing what shall be done for a
packet (no config ACL recomputation at each packet).
* Do length/capacity checks in every read/write/seek function
if WINPR_ASSERT is defined.
* Ensure s->pointer is valid, e.g. within s->buffer + s->capacity
(Stream_Rewind, Stream_Seek, ...)
* Add return values to Stream_Set* functions so inalid arguments
can be reported to the caller
* Deprecated problematic stream manipulation functions
(Stream_SetBuffer, Stream_SetPointer, Stream_SetCapacity)
* Ensure length/capacity functions never return a value larger
than the actual length/capacity
* Fix pf_server_new: pass own copy of proxyConfig
The lifecycle of proxyConfig passed to pf_server_new is unknown,
so pass proxyServer->config copy to modules.
* Early free parsed proxyConfig
The proxy server component might receive input related events
before the proxy client has established the connection to the
target machine.
With this change, the current keyboard state is cached and sent
to the target when it is ready. All input events received before
the target is ready are discarded.
* Split out proxy headers and moved to public API to allow external
modules to be built.
* Split proxy into proxy library and proxy binary. The library
can be used by other applications and provides a simple API
* Improved channel passthrough, now all channels including dynamic
channels work.
* Extended module API to hook more events, improved module samples
* Cleaned up proxy code, removed global static variables used,
added WINPR_ASSERT
RDPSND channel is special, as it has many names.
(e.g. static channel, dynamic channel and UDP one.
Use RDPSND_CHANNEL_NAME to identify the module name instad of
RDPSND_DVC_CHANNEL_NAME
* Use freerdp_settings_* for shadow and sample server
* Added freerdp_peer_set_local_and_hostname
* Code cleanups and WINPR_ASSERT
* Code cleanups
* Use CHANNEL_NAME_LEN where appropriate
* Use temporary variables in loop instead of direct array access
* Monitor coordinates are exclusive
* Remove force override of shadow resolution.
The client might ignore the server requested values, in that case
retry
(some client side channels and all server side channels still need to be
ported to new api)
server: build fix, do not disable threads for rfx encoder
cliprdr client channel: implemented support for DisableThreads option
looks like thread does not make sense at all for this channel
do not initialize disabled image codecs (respect settings)
channels: client: rail: added support for DisableThreads setting
changed "BOOL DisableThreads" to "UINT32 ThreadingFlags"
dropped unnecessary apu changes
draft implementation of threading settings aware message handling api
for addins/channels
rail: use new messaging api
fixed memory leak
msgs handlers external api changes (as requested)
msgs_handlers: init fix
fixed memory leak
logic fix
resolved problems appeared after rebase to master, dropped unnecessary
changes
git clang-format origin/master
fixed TestFreeRDPCodecRemoteFX.c
"formatting, run `clang-format` please"
properly use new "rfx_context_new(BOOL, UINT32)" everywhere
passed Threading Flags to "rfx_context_new" where available
in older C standarts veriables declaration must be done before any code
requested changes
clang-format as requested
use broken signatures of standert C functions for m$ s**tos
clang-format
requested changes
requested changes
moved ThreadingFlags to stable api zone
define type for channel msg handler
typo fix
clang-format
build fix
us ThreadingFlags from server settings
git clang-format origin/master
clang-format
Proxy server might receive input updates while client side being
redirected (and reset), then a heap-after-free might occur. To solve
this, we register server input/update callbacks only after client is
fully activated.
* shadow_server: allow specifying IP addresses to listen on
This allows using IPv6 as well as listening only on specific
interfaces. Additionally, it enables listening on local and TCP
sockets simultaneously.
* listener: log address with square brackets
This disambiguates IPv6 addresses.
* shadow_server: check error on each socket binding
* Refactored shadow /bind-address for 2.0 compiatibility.
* Made /ipc-socket and /bind-address incompatible arguments.
* Fixed shadow /bind-address handling and description
* Allow multiple bind addresses for shadow server.
Co-authored-by: akallabeth <akallabeth@posteo.net>
* Pass on proper command type to application
* On send let the server implementation decide to send
2.2.9.2.1 Set Surface Bits Command (TS_SURFCMD_SET_SURF_BITS) or
2.2.9.2.2 Stream Surface Bits Command (TS_SURFCMD_STREAM_SURF_BITS)
Thanks to @viniciusjarina for tracing the issue down.
* Fix some missing argument checks for function pointer implementations
* Fix broken return value check for client->SendChannelData
* Updated const correctness for function pointer implementations
* Add support for C++ plugins.
* Seperate between a "module" and a "plugin": a module is a shared
library that exposes a function called "proxy_module_entry_point". This
function gets a parameter to `proxyPluginsManager*`, which can be used to
register plugins.
* Refine the API of the modules infrastructure:
* use proxyData* instead of rdpContext* when firing a hook or calling a filter.
* use clearer names.
* Instead of having to specify a path for each module to be loaded in
the configuration, the proxy now loads modules from specificed
directory, using the CMAKE variable PROXY_PLUGINDIR.
* Add an option to specify required plugins: plugins that the proxy
wouldn't start without having them fully loaded.