Commit Graph

1270 Commits

Author SHA1 Message Date
Armin Novak
0cd823e991 [server,sample] handle peer when key file missing
When a certificate or private key file can not be opened handle the peer
disconnect properly.
2022-12-09 12:30:14 +01:00
Armin Novak
b25234da66 [channels] Abort event wain on abortEvent 2022-12-09 12:30:14 +01:00
David Fort
7041517ed6 proxy: prepare intercept mode for dynamic channels
This patch introduce the basic architecture to intercept content of dynamic
channel. When a dynamic channel is in intercept mode, we accumulate and reassemble
the current packet so that it can be passed for inspection.
2022-12-02 22:08:10 +01:00
David Fort
d59c0a49c3 proxy: fix channel shift between front and back
When some channels are filtered, some misalignement of channel ids could happen.
This patch keeps track of the back and front channel ids to correctly identify a
channel and send packets with the correct channel id.
2022-11-30 11:38:08 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
2022-11-28 10:42:36 +01:00
Armin Novak
f775e16302 [server,proxy] added --buildconfig option
Add command line option to print out build configuration
2022-11-23 16:19:42 +01:00
akallabeth
c2bd2c8617 [server,proxy] fix const correctness
pf_context_create_client_context only creates a copy of the rdpSettings,
so just make the pointer const.
2022-11-22 15:30:31 +01:00
Martin Fleisz
1da0d63c78 proxy: Allow NLA when using proxy smartcard authentication
Previously smartcard authentication was only supported with TLS
connections so the proxy forced that security mode.

Since we now have a working NLA smartcard auth implementation we can
remove that code and leave the correct configuration to the proxy user.
2022-11-09 15:27:11 +01:00
Armin Novak
6a0df205b0 [proxy] add mouse ex and unicode event filters 2022-11-06 19:12:27 +01:00
akallabeth
92b40a1c1d Added fix for TestConnect
* copy test_icon.ppm to build directory
* Add client pre|post_connect and disconnect callbacks
2022-11-04 14:46:58 +01:00
akallabeth
43c5289928 Replaced memset/ZeroMemory with initializer
* Addes WINPR_ASSERT on many occations
* Replaced memset with array initializer
* Replaced ZeroMemory with array initializer
2022-10-14 12:11:01 +02:00
akallabeth
59eae5dbc3 Fixed tautological-unsigned-zero-compare 2022-10-11 13:28:30 +02:00
Armin Novak
43ea3c0132 Fixed function prototype for proxy rdpdr 2022-10-10 15:29:45 +02:00
akallabeth
60720e7706 Improved streamdump file format 2022-10-07 10:38:03 +02:00
Martin Fleisz
a42a765cc3 proxy: Fix crash due to format specifier/type mismatch in debug logging
The cmd parameter (type int) has been logged using the %s format
specifier causing an access violation.

Fixed by using get_packet_type to convert cmd to a string.
2022-09-29 16:51:54 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254)
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
Martin Fleisz
e4f476fce4 proxy: Fix handling of in drdynvc DATA_FIRST_PDU in proxy
During tests I sometimes received DATA_FIRST_PDUs that were not part of
a fragmented message but contained a complete PDU.

The documentation is not quite clear about if this is a possible
scenario or a protocol violation. However in the description of the Data
field it says:

If the sum of the DVC header size and the value specified by the Length
field is less than 1600 bytes, then the actual data length equals the
value specified by the Length field.

This hints that DATA_FIRST_PDU might also contain complete Data and does
not necessarily mean to be the first part of a fragmented PDU.
2022-09-29 14:45:30 +02:00
Kang Lin
7e8bb42005 CMAKE: Fix install export FreeRDP-ShadowTargets 2022-09-27 11:06:39 +02:00
Martin Fleisz
fd96ed0acd proxy: Fix unicode flag parsing in proxy rdpdr client name request
Only the least significant bit is valid in the unicode flag UINT32. Some
clients send garbage data in the other bits which caused the proxy to
drop the connection which is wrong.
2022-09-08 17:39:02 +02:00
Martin Fleisz
f647296122 proxy: Fix smartcard emulation with clients with active rdpdr channel 2022-08-30 14:11:56 +02:00
David Fort
4fc7a9417d
Various fixes / improvements (#8146)
* xfreerdp: fix typo in logs

* winpr: file appender, small code cleanup

* shadow-server: add an option for TLS secrets

This allows to dissect connections to the shadow server.
2022-08-22 09:42:15 +02:00
David Fort
fff746f1f8
shadow-server: fix state machine (#8133)
The shadow server was setting up the dynamic channel too quickly, leading
to unexpected packets during the negotiation (unexpected licence packet error
message on the client side). So let's starts dynamic channel once the activation is
done.
2022-08-18 09:20:51 +02:00
fifthdegree
7901a26a16
Kerberos User 2 User support (#8070)
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
2022-08-17 12:25:26 +02:00
Martin Fleisz
1ec228a177 proxy: Use closesocket instead of close 2022-07-21 15:59:43 +02:00
Martin Fleisz
33f76d6012 proxy: Add missing build dependency 2022-07-21 15:59:43 +02:00
Armin Novak
360c4f8188 Fixed pf_client_load_channels 2022-07-06 12:01:23 +02:00
Armin Novak
b672bda85e Removed RdpKeyFile and RdpKeyContent settings
They are a duplicate of PrivateKeyFile and PrivateKeyContent
2022-07-06 12:01:23 +02:00
Armin Novak
72fcbc59d8 Use settings setter 2022-07-06 12:01:23 +02:00
akallabeth
3a6ee1155d Shadow XDamage define guards 2022-07-05 09:37:22 +02:00
akallabeth
cb96e6143d Fixed -Wshadow warnings 2022-06-30 10:49:02 +02:00
akallabeth
bc8b4ade1c reformatted 2022-06-23 08:48:39 +02:00
akallabeth
b542598834 Fixed function pointer type mismatch 2022-06-23 07:45:55 +02:00
akallabeth
90ce22283d Replaced direct settings access with getter/setter 2022-06-23 07:45:55 +02:00
akallabeth
650a275ceb Added new client callback LoadChannels and freerdp_client_load_channels
Split channel loading from PreConnect as it might be necessary to
reinitialize channels on redirect
2022-06-23 07:45:55 +02:00
akallabeth
03e20cb541 Clean up pcap capture module 2022-06-23 07:45:55 +02:00
fifthdegree
8f7be42540 return check 2022-06-21 10:27:17 +02:00
fifthdegree
eeece1a027 server-side kerberos (and some fixes) 2022-06-21 10:27:17 +02:00
akallabeth
f44554e16d
Added proxy module callbacks for session init and started (#7976) 2022-06-20 13:02:25 +02:00
David Fort
aff8fdac26 proxy: correctly handle dynamic channel fragmentation
This big patch fixes fragmentation handling in the dynamic channel. We used to
have a single state to handle fragmentation at the main dynamic channel level, but
in fact packets can be fragmented per sub channel. So we have to maintain a fragmentation
state per sub channel, this involve treating dynamic and static channels differentely
(so the size of the patch that has to implement state tracking per dynamic channels).
2022-06-17 08:38:57 +02:00
David Fort
cfe80694da proxy: add fixed user/domain/passwd
This adds a User, Domain and Password parameter in the Target section of the configuration
to specify and use a fixed backend user, domain or password (overriding the one
passed by the front user).
2022-06-15 14:05:45 +02:00
akallabeth
1cc06dc3a5 Fixed mac compilation warnings 2022-06-03 08:51:40 +02:00
akallabeth
1aacf504a1 Increase C standard to C11 2022-06-03 08:51:40 +02:00
akallabeth
a0ca2b4a6e Add LTO settings 2022-06-03 08:51:40 +02:00
akallabeth
46ccf6d0d7
Fixed RDPGFX_CAPVERSION_106 according to errata (#7924)
The [MS-RDPEGFX] spec is not really sure which value to use, so we
just announce both, the one from the spec and the one from errata.
2022-05-25 13:11:29 +02:00
akallabeth
2677ca0aaf
Always call HOOK_TYPE_CLIENT_UNINIT_CONNECT in pf_client_thread_proc (#7920) 2022-05-25 09:45:31 +02:00
Armin Novak
40f5578206 Add GFX 10.7 capsets 2022-05-24 10:08:53 +02:00
Martin Fleisz
8a06ed9299 proxy: Reset stream position before length check 2022-05-19 09:23:32 +02:00
Martin Fleisz
ed53038daa proxy: Add handling of server caps when in rdpdr client running state 2022-05-19 09:23:32 +02:00
David Fort
77413f49b2 winpr: rework alignment functions
_align_XXX functions aren't widely available depending on the C runtime. That causes
problems with mingw where we can easily have some runtime mixes (which lead to mysterious
segfaults most of the time). This patch introduce winpr_aligned_XXX functions that will
either use the function available, or use an emulation layer.
2022-05-12 11:36:01 +02:00
Alex Wilson
9591dd1f0d shadow: convert incoming key scancode to DWORD before |= KBDEXT
KBDEXT is 0x100, so if we |= it onto a UINT8 it actually does
nothing, making us interpret all scancodes as if they're
non-extended.
2022-05-05 08:41:09 +02:00