When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.
It also add debug statement for the listing of smartcard keys / certs.
This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.
This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
* Fixed format strings to match arguments
Reviewed and replaced all %d specifiers to match proper type
* Added proxy dynamic channel command type to log messages.
The RDP2Tcp channel has no associated bool in settings for configuring the loading
of the channel (only settings->RDP2TCPArgs for the args), so let's load it outside
of the big loading loop (prevent a warning for unknown bool setting 1519).
if auto-request-control setting is enabled then only request control once upon connect, otherwise it will auto request control again every time server turns off control which is a bit annoying.
* update .gitignore and cleanup conditionnal callback call
* client: rework channel loading
Automate the loading of channels that only depend on a given enabled setting.
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
* Fixed remdesk settings pointer
* Fixed sign warnings in display_write_monitor_layout_pdu
* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context
* Added and updates settings
* info assert/dynamic timezone
* mcs assert/log/flags
* Fixed and added assertions for wStream
* Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
* Cleaned up PER, added parser logging
* Cleaned up BER, added parser logging
* log messages
* Modified Stream_CheckAndLogRequiredLengthEx
* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list
* Improved Stream_CheckAndLogRequiredLength
* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected
* Fixed public API input checks
A proxy URI was parsed both in the function `proxy_read_environment()` in
`libfreerdp/core/proxy.c` and in the function
`freerdp_client_settings_parse_command_line_arguments()` in
`client/common/cmdline.c`. But only the latter was taking into account
that the URI can contain a user and password, which made it impossible
to use a proxy with authentication by just using an environment
variable like `https_proxy`.
The function `proxy_parse_uri()` in `libfreerdp/core/proxy.c` was
clearly not parsing the optional username and password.
This commit moves the code from `client/common/cmdline.c` to
`libfreerdp/common/settings.c` into a function `proxy_parse_uri()` so
redundant code is avoided. This function is then called in both
instances where a proxy URI is parsed.
Some minor adjustment were made to the code, so the `WLog_INFO()`
statement at the end works in both cases, where credentials were either
provided or not. Also, some error messages were added or clarified.
If the parsing of the environment variable fails, we ignore it entirely
(with a warning) and proceed.
* Early return authenticate if TLS smartcard logon
* Removed obsolete SmartcardPin and unified AuthenticateEx calls
* Remove password-is-pin from command line
The setting is implied by smartcard-logon and only of interest in
server side code, so the setting is useless
* Rework AUTH_SMARTCARD_PIN
Just prompt for PIN and not user/domain if this is requested.
* Fixed a memory leak in nla.c
* Align credentail prompt
* Handle AUTH_NLA & smartcard, just ask for PIN
* Added assertions, removed duplicate password prompt check
* Move smartcard logon after credential prompt
Always reinitialize NetworkAutoDetect, otherwise it might end set to
previous value and not the desired one. This happens when the client
sets /network:lan , in which case NetworkAutoDetect remains set to
TRUE because freerdp_set_connection_type() was previously called in
prepare_default_settings() and NetworkAutoDetect is never updated by
freerdp_set_connection_type() afterward.
Signed-off-by: Marek Vasut <marex@denx.de>
* All channels inheriting from RDPDR_DRIVE base struct
* Add functions to create/free a new device of a type
* Fixed settings array resize code, prevent 0 sizes
* Fix temporary settings allocation for command line
Detection of legacy command line requires a temporary settings
struct. This was previously manyally allocated instead of using
freerdp_settings_new and freerdp_settings_free.
* Fixed CommandLineParseCommaSeparatedValuesEx
The name argument was not copied into the returned array.
If no arguments are supplied, default to the behaviour of
/network:auto. This ensures the default experience is using the
best available graphics options.
As soon as any /network, /bpp, /rfx, /gfx, ... argument is used
only use these.
RDPSND channel is special, as it has many names.
(e.g. static channel, dynamic channel and UDP one.
Use RDPSND_CHANNEL_NAME to identify the module name instad of
RDPSND_DVC_CHANNEL_NAME
Since the last change untouched string settings were written to the rdp
file because their default value was set to NULL instead of ~0. This
resulted in settings being written to the rdp file with a value of
"(null)" instead of just being skipped.
* client: Fix exit codes for /help and similar option
Currently, non-zero exit code is returned for /version, /buildconfig, /help,
/monitor-list, /kbd-list and /kbd-lang-list command-line options for several
clients. This is against conventions because 0 is usually returned in
such cases. Also, there is potentially another problem that the returned
codes overflow on UNIX systems (where the exit code is a number between 0
and 255). Let's fix the clients to return 0 in the mentioned cases to honor
conventions and 1 for the command-line parsing errors (or -1 for clients
who already use that value).
Fixes: https://github.com/FreeRDP/FreeRDP/issues/6686
* Refactored freerdp_client_settings_command_line_status_print_ex
Now returns 0 if help or version information was requested.
* Do not eliminate original error status.
Co-authored-by: akallabeth <akallabeth@posteo.net>
I personally find it more convenient to have pasted data written to
the X11 PRIMARY selection, so that I can paste it with a fast middle-
button click, than to write to CLIPBOARD which typically needs a key
sequence or menu action.
This commit adds a command-line option to let me express that
preference: now I can say "/clipboard:use-selection:PRIMARY" on the
command line, which not only enables clipboard transfer but also says
which X selection I want it to talk to. The previous options
"+clipboard" and "-clipboard" are also still supported.
mstsc will only load our gateway settings if gatewayprofileusagemethod
is set to 1. Otherwise it will always set the option "Auto-detect RD
Gateway server settings" and ignore the other gateway settings in the
rdp file.
This PR fixes various issues in the rdp file parser:
- NetworkAutoDetect was written inverted
- GatewayHostname was missing the port info (if not default)
- Several settings were left out when populating the file struct
The functions mappedGeometryRef and mappedGeometryUnref are API
functions ([1]) but were implemented in the geometry channel.
In case FreeRDP was built with BUILTIN_CHANNELS=OFF those functions
weren't available globally but used by the video channel.
Now the functions are fixed part of the freerdp-client library and
therefore available for all channels.
[1] exported in freerdp/client/geometry.h
Fixes#6236
It is now possible to add usb devices both via vid+pid and via bus+addr
at the same time. To do this, the ids are directly
given to the corresponding command line options:
/usb🆔<vid+pids>,addr:<bus+addrs>
The dev option still works like before: /usb:id,dev:<vid+pids> or
/usb:addr,dev:<bus+addrs>
On high latency links the default of 9 second timeout might be too
strict. Adjusting this for all users will result in a long time
for connections to fail, so let these with high latency links
adjust the value manually.
* The mess with /cert-tofu, /cert-ignore et al is now unified in
a single option.
* Added the option to add fingerprint:<hash>:<hex string> multiple
times to /cert to build a list of accepted certificate
fingerprints
* Added a deprecation warning to older /cert-* options
* Now both, dynamic and static channel entries can be defined by
a single channel.
* Added better logging to distinguish between static and dynamic
channel messages.
The help output advertise an option and an example for usb redirection
regardless of the fact whether the urbdrc channel was built or not.
This is confusing for people. Let's do not show /usb in help if it is
not built.
This PR contains the following changes:
- Get rid of unused SettingsModified array (kept in the settings struct for ABI
compatibility)
- Fix and extend freerdp_client_populate_rdp_file_form_settings (wrote <null> strings to the rdp file, missed a lot of settings)
- Set KeyboardHook default value to 2 (hook in fullscreen) just as mstsc
does
Adding this option to use the DesktopHeight and DesktopWidth as
parameters for the SmartSizingWidth and SmartSizingHeight, as there
are no options for that in standard RDP files.
Equivalent of doing /smart-sizing:WxH