Commit Graph

1471 Commits

Author SHA1 Message Date
Norbert Federa
bb9536b867 libfreerdp/gdi: fixed gdi return value madness
Mostly booleanization to comply with the MS API
2015-06-26 14:32:38 +02:00
David FORT
a8fefae3a1 Harden the sound channel
This patch adds checks for the sound channel and plugins:

* checks for protocol bytes;
* checks for malloc/calloc;
* be more strict when interacting with sound plugin
2015-06-24 17:06:45 +02:00
Martin Fleisz
ccf5ba3194 Merge pull request #2717 from realjiangms/shadow_encoder_fps
server/shadow: shadow encoder related enhancement/fix.
2015-06-24 09:22:55 +02:00
zihao.jiang
e00655c3c2 server/shadow: shadow encoder related enhancement/fix.
1. Export fps related API so that subsystem implementation no longer need to know about details in encoder structure.
2. Discard frameList dictionary.
The 'value' in this dictionary is never used and not properly free'ed when client is disconnected.
The dictionary was used to calculate 'inflight' frame count. Once an ACK is received from client, an item in the dictionary is removed.
We then calculate 'inflight' frame by the count of the items in the dictionary.
However, some rdp clients (win7 mstsc) skips frame ACK if it is inactive, ACK of some frame would actually never arrive.
We actually don't need the dictionary. We only need to record the latest acknowledged frame id, and the difference between last sent frame id is the inflight frame count.
3. Minor fix in default fps calculation. encoder->frameAck is wrongly used as integer while it's actually bool flag.
2015-06-23 14:36:53 +08:00
Bernhard Miklautz
1b8dd139a9 cmd line: add missing checks
* strdup
* some allocs
2015-06-22 19:23:57 +02:00
Bernhard Miklautz
1f414ec9e7 codec/planar: regression - fix conflicting types
Update planar.h to fix the conflicting types of
freerdp_bitmap_planar_delta_encode_planes.
2015-06-22 19:21:47 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Marc-André Moreau
750e752d45 Merge pull request #2697 from realjiangms/shadow_audio
Shadow server: fix channel disposal and add audio support. fix message mechanism in client
2015-06-22 09:52:53 -04:00
Marc-André Moreau
82179c7d8b Merge pull request #2698 from realjiangms/shadow_stand_alone
server/shadow: Decouple shadow_subsystem and subsystem implementation detail.
2015-06-22 09:39:17 -04:00
Marc-André Moreau
d10203c2a2 Merge pull request #2699 from realjiangms/shadow_connect_disconnect
server/shadow: add connect/disconnect anchor in subsystem callback
2015-06-22 09:38:46 -04:00
Marc-André Moreau
20f78405c8 Merge pull request #2684 from Skool/master
Add bépo layout
2015-06-22 09:31:15 -04:00
Martin Haimberger
0c3a62be7a hardend remdesk channel 2015-06-22 00:12:25 -07:00
Martin Haimberger
6e4e1c2773 Merge remote-tracking branch 'upstream/master' into mh-stream-fix
Conflicts:
	client/Windows/wf_cliprdr.c
2015-06-18 03:06:40 -07:00
Martin Haimberger
dc68bdfce5 channel rdpgfx hardend 2015-06-18 03:04:32 -07:00
Martin Haimberger
6348e41479 channel rdpei hardend 2015-06-18 03:04:32 -07:00
Martin Haimberger
d7636d0e28 channel rail hardend 2015-06-18 03:04:32 -07:00
Martin Haimberger
b9853f87eb channel encomsp hardend 2015-06-18 03:04:32 -07:00
Martin Haimberger
0cfbc6648b channel echo hardend 2015-06-18 03:04:32 -07:00
Martin Haimberger
0bf222ec50 hardend rdpdr channel 2015-06-18 03:04:32 -07:00
Martin Haimberger
dca53c132c hardend display channel 2015-06-18 03:04:32 -07:00
Martin Haimberger
e5d5cd3c94 hardend cliprdr
hardend cliprdr server and client
also updated all callbacks in the server and client
implementations
2015-06-18 03:04:31 -07:00
Martin Haimberger
156f86e487 hardend channel audin 2015-06-18 03:04:31 -07:00
Martin Haimberger
d06da4f1bd hardend drdynvc channel 2015-06-18 03:04:28 -07:00
zihao.jiang
2335a307cb server/shadow: integrate comment from @hardening
Return directly at subsystem->ClientConnect
Also change to argument to accept shadow_client instead of freerdp_peer
2015-06-16 00:43:17 +08:00
zihao.jiang
131f030e0e server/shadow: Decouple shadow_subsystem and subsystem implementation detail.
Make shadow_subsystem standalone so that others can implement customized shadow server with shadow library.
2015-06-14 22:20:47 +08:00
zihao.jiang
b169dfd930 server/shadow: add connect/disconnect anchor in subsystem callback
Other implementation of subsystem may want to track connect/disconnect of each client
2015-06-14 22:15:47 +08:00
zihao.jiang
8485d866d4 This is originally to add audio support. Several fixes included:
1. Introduce message queue in shadow client. No longer use subsytem->MsgPipe->out to deliver message to clients.
We used to use subsytem->MsgPipe->out for messages which need to be sent to client. But it's not correct. Only one client would get the message if multiple client exists
This problem make the fix in PR #2643 incomplete.
Introduced reference count based solution to release resource taken by the message.
Also added APIs for client message delivery.
Also fixed msg pipe in subsystem to clean resource when destroyed.
2. Discard unused StopEvent in client. We actually use quit message instead.
3. Enhance disposal of channels.
Free context for remdesk and encomsp channels. The original fix only stop the threads, but doesn't release resource.
Dispose channels earlier. The channels are built on client->vcm. Disposing channels after client->vcm is closed cause unknown behavior.
Original fix is #2644
4. Start to add audio support.
2015-06-14 21:45:52 +08:00
Armin Novak
7fc1c65165 Added subject and issuer to saved data.
When a certificate has changed, display not only the
fingerprint but also subject and issuer of old certificate.
2015-06-11 11:21:23 +02:00
Armin Novak
acc96388a5 Added certificate_get_fingerprint function to read out old one. 2015-06-11 09:14:15 +02:00
Armin Novak
2204df97f8 Added port to certificate warnings. 2015-06-10 10:59:40 +02:00
Armin Novak
f4843e8ab3 Opening file on use now. 2015-06-10 10:34:02 +02:00
Armin Novak
6192230737 Added legacy known_hosts support.
If no entry for the <host> <port> combination
was found in the v2 file and there is a legacy file
check if a matching <host> entry can be found.
In case there is a matching entry and the <fingerprint>
also matches, create a new entry in the v2 file using the
current port.
2015-06-09 16:12:41 +02:00
Armin Novak
6da4a5aaf0 Using '<host> <port> <fp>' format for known hosts. 2015-06-09 15:33:13 +02:00
tdb
c9e750214a Add Bépo Layout 2015-06-05 10:52:40 +02:00
Vic Lee
1d31f25992 h264: add encoder constant QP rate control. 2015-06-02 15:32:45 +08:00
Martin Haimberger
11716c02e0 introduced WIN32ERROR and changed dvc interface 2015-05-29 04:48:26 -07:00
Marc-André Moreau
5526348079 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2015-05-21 13:29:59 -04:00
Norbert Federa
cd0a8e0506 Merge pull request #2630 from hardening/new_2616
Add checks for some XXX_New and XXX_Add functions
2015-05-21 16:04:26 +02:00
Marc-André Moreau
ebf863f2eb Merge pull request #2557 from realjiangms/shadow_fix_hang2395
shadow fix multi-client hang
2015-05-20 16:26:31 -04:00
Marc-André Moreau
7e1dbd505b Merge branch 'awakecoding' of https://github.com/vworkspace/FreeRDP
Conflicts:
	channels/rdpdr/server/rdpdr_main.c
2015-05-20 11:40:48 -04:00
Armin Novak
e239c10fb9 Added client bandwidth measurement result callback. 2015-05-20 16:18:55 +02:00
Marc-André Moreau
29d14773c8 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	client/Windows/wf_client.c
	libfreerdp/common/assistance.c
2015-05-20 10:12:24 -04:00
Hardening
f8120919af Add checks for some XXX_New and XXX_Add functions
Based on PR #2616
2015-05-18 11:28:00 +02:00
zihao.jiang
85dd90d817 shadow fix multi-client hang
Merge from commit d4df3a952b
Conflicts:

	server/shadow/shadow_subsystem.c
2015-05-11 00:04:07 +08:00
Norbert Federa
71a4349928 fixed multiple missing gdi return value checks
mainly gdi_Create* functions
2015-05-08 21:39:23 +02:00
David FORT
fca4374919 Add the ability to have listener from an existing socket 2015-05-08 10:00:38 +02:00
Marc-André Moreau
30dd40e10a wfreerdp: fix and improve remote assistance 2015-05-07 14:20:49 -04:00
Marc-André Moreau
6b1fefea40 freerdp: fix remote assistance mode, add multi-address connection 2015-05-06 16:32:45 -04:00
Norbert Federa
ef1fd12b15 Fix unchecked CreateEvent calls and misc fixes
1)
Added missing checks for CreateEvent which also required the
following related changes:

- changed freerdp_context_new API to BOOL
- changed freerdp_peer_context_new API to BOOL
- changed pRdpClientNew callback to BOOL
- changed pContextNew callback to BOOL
- changed psPeerAccepted callback to BOOL
- changed psPeerContextNew callback to BOOL

2)
Fixed lots of missing alloc and error checks in the
changed code's neighbourhood.

3)
Check freerdp_client_codecs_prepare result to avoid segfaults
caused by using non-initialized codecs.

4)
Fixed deadlocks in x11 caused by missing xf_unlock_x11() calls
in some error handlers

5)
Some fixes in thread pool:
- DEFAULT_POOL assignment did not match TP_POOL definition
- don't free the pool pointer if it points to the static DEFAULT_POOL
- added error handling and cleanup in InitializeThreadpool
2015-04-29 18:18:39 +02:00
Bernhard Miklautz
ff11057d49 gdi: fix problem with gdi_SelectObject check(s)
When a hdc is created no initial or default objects are created
therefore can the first call of gdi_SelectObject return NULL.
Because of this checking the return value of  gdi_SelectObject failed
for newly create hdc causing errors (disconnects).

Since all types of HGDIOBJECT are handled and the return value of
gdi_SelectObject isn't used the recently added checks were removed
again.
2015-04-26 22:28:49 +02:00
Norbert Federa
5926bbcf48 codec/rfx: simplification, segfault/malloc fixes
rfx_process_message_sync:
- simplified the check if the header messages got processed

rfx_process_message_tileset:
- ObjectPool_Take result was not checked
- fail if TS_RFX_TILE block type is not CBT_TILE
- CreateThreadpoolWork result was not checked
- post decoding loop code segfaulted in error case

rfx_decoder_tile_new:
- missing malloc check

rfx_message_free:
- segfault protection

rfx_write_message_tileset:
- segfault protection
2015-04-24 17:54:49 +02:00
Norbert Federa
84577b1ca7 codec/rfx: error checking and various fixes
- removed some unneeded null checks for free()
- fixed a memory leak in shadow_client
- removed rfx_compose_message_header from API

Changed the following functions to BOOL, check the result
where they are called and handle failures:
- rfx_compose_message
- rfx_compose_message_header
- rfx_write_tile
- rfx_write_message_tileset
- rfx_write_message_frame_begin
- rfx_write_message_region
- rfx_write_message_frame_end
- rfx_write_message

rfx_process_message:
- check memory allocation failures
- verify protocol-conform order of data messages to prevents memory
  leaks caused by repeated allocations
- verify that header messages were parsed/received before the
  data messages
- treat unknown rlgr mode as error
- fixed/added error handling
- fixed all callers to check/handle result

rfx_encode_message:
- fixed incorrect usage of realloc
- missing malloc check
- missing check of CreateThreadpoolWork
- correct cleanup on failure (threadpool, memory)
- check rfx_encode_message result

rfx_encode_messages:
- check rfx_split_message result
- correct cleanup on failure
- prevent memory leak on failure

rfx_write_message_context:
- fixed invalid channelId value (must be 0xFF for WBT_CONTEXT)

rfx_process_message_codec_versions:
- fixed invalid read size of codec_version (it is 16bit)

rfx_process_message_channels:
- verify protocol conform channelId value

rfx_process_message_region:
- replaced invalid reallocs with malloc
- read and verify regionType and numTileSets from stream

rfx_process_message_tileset:
- check allocation results
- fixed incorrect usages of realloc

setupWorkers:
- fixed incorrect usages of realloc

rfx_split_message:
- removed dead code
- missing malloc check

rfx_compose_message:
- fixed a memory leak
- check/handle rfx_encode_message result
2015-04-23 15:42:21 +02:00
Hardening
6cd7713e12 Merge pull request #2544 from bmiklautz/boolenization
change return types of callbacks to BOOL
2015-04-22 11:01:27 +02:00
Armin Novak
65a4c6e1fc Changed listener callback arguments and return. 2015-04-21 15:57:25 +02:00
Bernhard Miklautz
2c072d33d3 Fix GDI return values and other fixes
* top level GDI functions return 0 on error and != 0 otherwise but the
  low level functions (16bpp.c, 8bpp.c 32bpp.c) which are called did it
	exactly the other way around. Those were adapted.
* change gdi_InvalidateRegion to BOOL and check calls where appropriate
* integrate comments from pull request
2015-04-21 14:18:07 +02:00
Bernhard Miklautz
515502ffa5 change return types of callbacks to BOOL
* change all client/server callbacks to BOOL
* update all clients accordingly
* add multiple return value checks
* small fixes
2015-04-21 14:18:07 +02:00
Armin Novak
d3336340ba Add *get_event_handles handle count, return check. 2015-04-21 12:24:50 +02:00
Vic Lee
93d59ac3de h264: change encoder api and add multi-thread support. 2015-04-21 14:02:57 +08:00
Martin Haimberger
9c0d275548 transport: added function to get bytes written
added function to get written bytes on transport.
This is needed to get a more accurate bandwidth
management.
2015-04-14 03:49:01 -07:00
David FORT
0eb399a717 Treat return values for security.c
This patch make functions in security.c return values when they should instead of
beeing void. And it also fix the callers of these functions.
2015-04-01 11:11:37 +02:00
Marc-André Moreau
ad6723835b Merge pull request #2505 from bmiklautz/tls_shutdown
rename and update tls_disconnect
2015-03-31 09:26:30 -04:00
Armin Novak
0adab13719 Now returning const char* 2015-03-30 18:09:02 +02:00
Armin Novak
8f228163a8 Added version and build info functions
Added functions to get
 * Version String
 * Build Time String
 * Git Revision String
and appropriate tests.
2015-03-30 17:51:29 +02:00
Bernhard Miklautz
90968e07e1 rename and update tls_disconnect
tls_disconnect shut down the ssl stream but didn't inform
the BIO(s) about this therefore could happen that a second shut down
was initiated (e.g. in bio_rdp_tls_free) causing rather long delays.

After removing the shut down from tls_disconnect the only thing the
function does is to prepare/send an alert therefore it was renamed to
tls_send_alert.
2015-03-30 11:56:09 +02:00
Bernhard Miklautz
aa2181dcf2 Merge pull request #2483 from akallabeth/feat/freerdp_set_last_error_name
Feat/freerdp last error name
2015-03-26 16:42:54 +01:00
Marc-André Moreau
6202f48c12 libfreerdp-core: add configurable TSG/RGB fallback, fix edge cases 2015-03-19 11:44:47 -04:00
Armin Novak
56dc61cc06 Added error name and string functions.
Added new functions allowing to get a string representation of an error code
and a description of the error for connect and base error classes.
2015-03-19 11:05:16 +01:00
Armin Novak
c380fb3520 Added flag to ignore unknown keywords
freerdp_client_settings_parse_command_line now allows ignoring
unknown keywords.
2015-03-16 10:15:37 +01:00
Jason Plum
6ce5991e74 libfreerdp: crypto: add certificate chain validation! 2015-03-13 13:50:54 -04:00
Marc-André Moreau
dfc1238523 Merge pull request #2447 from ivan-83/master
Fix poor sound quality with ALSA, add OSS sound system support, FreeBSD patches
2015-03-12 10:09:02 -04:00
Marc-André Moreau
719a0fd3e9 Merge pull request #2426 from bjcollins/master
xfreerdp fullscreen enhancements
2015-03-12 07:27:29 -04:00
ivan-83
8d5825ee00 Fix poor sound quality with ALSA
and decrease "ALSA lib pcm.c:7339:(snd_pcm_recover) underrun occurred"
+ little code cleanup
2015-03-09 09:11:46 +03:00
Martin Fleisz
c9c8f8cc89 Merge pull request #2435 from llyzs/llyzs
Add openh264 encoder support.
2015-03-06 11:33:30 +01:00
Bernhard Miklautz
a371723c4f build: fix compiler warnings
warning: redundant redeclaration
Tested with: 4.7.2 and 3.5.0-1~exp1
2015-03-03 19:36:54 +01:00
Vic Lee
3c3c7068a0 Add openh264 encoder support. 2015-03-02 18:11:28 +08:00
bjcollins
d4a9a2d3a8 Remove override redirect flag for fullscreen with keyboard grab enabled. Window manager should always know about the main window.
Small cleanup of passing around decorations flag.
Limit PercentScreen to single monitor vs. entire desktop. IMO - this is better behavior in a multimonitor environment.

Handle fullscreen windows better:
1. Ensure that size hints are set to allow resizing before setting a window to fullscreen as some window managers do not behave properly.
2. Handle fullscreen toggles without destroying and recreating window.
3. Use NET_WM_STATE_FULLSCREEN Extended Window Manager Hint for fullscreen functionality
4. Use the NET_WM_FULLSCREEN_MONITORS Extended Window Manager Hint when appropriate
5. When a single monitor fullscreen is requested - use the current monitor(as determined from mouse location)
6. Handle cases where there is no local monitor at coordinate 0,0. The Windows server expect there to be a monitor at this location, so we maintain offset if necessary between our local primary monitor and the server side primary monitor located at 0,0.
2015-02-23 11:22:28 -06:00
Marc-André Moreau
44d06888bb libfreerdp-core: fix BIO leaks 2015-02-18 15:36:57 -05:00
Marc-André Moreau
991f7b347d libfreerdp-core: further abstract multiple connections used internally by tsg from rdpTransport 2015-02-15 10:06:17 -05:00
Marc-André Moreau
22ac46957a xfreerdp: fix egfx multimonitor support 2015-02-10 16:32:07 -05:00
Marc-André Moreau
fa06c4d401 libfreerdp-core: improve reconnection 2015-02-06 14:21:26 -05:00
Marc-André Moreau
4e1483a694 Merge pull request #2349 from RolKau/2349_dvp
Forward layout ID of Programmer Dvorak to server
2015-02-04 11:30:35 -05:00
Bernhard Miklautz
d625edbe97 gfx/pointer: add support to set pointer
Extend rdp_pointer with function SetPosition. Can then be used by
clients support setting pointer by server which might be used in
shadowing scenarios.
2015-02-02 10:57:31 +01:00
Roland Kaufmann
d930431169 Forward layout ID of Programmer Dvorak to server
The Programmer Dvorak keyboard layout is supported by Xkb but support
in Windows is only available through an open-source add-on driver. It
is plausible that those that use this layout in X11 also installs this
driver on Windows instead of using the standard Dvorak variant there.

This changeset recognizes Programmer Dvorak as its own variant, and
assigns this a layout ID which matches the one used in the Windows
driver so that it will be selected when you logon. If this layout is
not available, it will now revert to the regular United States layout.

Tested with Ubuntu Precise 12.04 connecting to Windows 7 SP1.
2015-01-30 21:22:59 +01:00
Marc-André Moreau
3a906caa4a freerdp: add event handle usage instead of file descriptors 2015-01-29 22:57:58 -05:00
Armin Novak
3c7b611041 Added destination buffer width to h264_decompress. 2015-01-22 13:23:59 +01:00
Mike McDonald
b184a7531f Merge branch 'master' of https://github.com/awakecoding/FreeRDP into awakecoding-staging 2015-01-20 08:09:00 -05:00
Armin Novak
3139a412fa Fixed argument for freerdp_channels_client_load, using proper type now. 2015-01-20 11:32:04 +01:00
Armin Novak
a1a2cf2257 Added freerdp_channels_disconnect 2015-01-20 11:10:39 +01:00
Norbert Federa
344362a8a3 clients: fix "focus in event" issues
The input->FocusInEvent callback implementations (normal and fast-path) have
always sent the mouse position even if the pointer was outside of the freerdp
client area. In addition xfreerdp used the wrong pointer coordinates which
were relative to the root window instead of its own.
On focus-in the pointer position must only be sent if the pointer is
currently within the program's client area. However, the clients had no way
to pass that information to input->FocusInEvent which required an API change.

- removed mouse pointer x, y parameters from input interface's FocusInEvent
- clients are responsible to call input->MouseEvent on focus-in if necessary
- fixed xfreerdp and wfreerdp accordingly
2015-01-16 18:40:57 +01:00
Martin Haimberger
bba342a6be added set_error_info function
if an error_info is set, a TS_SET_ERROR_INFO_PDU
will be sent to the client on disconnect with
the error_info
2015-01-13 08:09:36 -08:00
Mike McDonald
b21331cf1a First cut at server side implementation of RDPDR drive redirection. 2014-12-27 21:17:34 -05:00
Marc-André Moreau
265e8b9e9d cliprdr/server: make channel thread optional 2014-12-18 11:11:36 -05:00
Marc-André Moreau
afce8061b3 cliprdr/server: split add Open/Close callbacks 2014-12-18 10:46:23 -05:00
Marc-André Moreau
a69eaddecd channels/cliprdr: add missing messages in cliprdr server 2014-12-15 17:05:32 -05:00
Marc-André Moreau
736bcf2bd6 libfreerdp-core: fix async input mode for FocusInEvent, KeyboardPauseEvent 2014-12-15 11:35:35 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
fdd2dc7601 freerdp: patch valgrind leaks, cleanup 2014-12-03 14:17:27 -05:00
Marc-André Moreau
6ccce86140 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	winpr/libwinpr/thread/thread.c
2014-12-03 10:10:50 -05:00
Marc-André Moreau
c17a831367 Merge pull request #2240 from nfedera/fix-2014-12-01-01
xfreerdp: pinch/pan fixes and smart-sizing
2014-12-02 14:04:49 -05:00
Armin Novak
e6fa0911a3 Fixed missing extern C 2014-12-01 13:12:51 +01:00