mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,382 Commits 6 Branches 74 Tags 84 MiB
1bb4f121b4
Commit Graph

3118 Commits

Author SHA1 Message Date
Brent Collins
9ca9df1ead Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override 
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
 2017-11-17 12:43:07 +01:00
Brent Collins
e47123f05a Do not initialize SSL in freerdp_context_new, it is too early to detect the fips enabled flag 
and is redundant since it is initialized later before actually using SSL.
 2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63 Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues. 2017-11-17 12:43:07 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode. 
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
 2017-11-17 12:43:06 +01:00
akallabeth
668e347814
Merge pull request #4034 from blino/wayland-keymap 
Reuse evdev/X11 keymap for wayland
 2017-11-16 12:07:07 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Armin Novak
e4873fe2c4 Added encoder path for libavcodec versions <1.0 2017-11-14 09:15:43 +01:00
David Fort
f4f23454c9
Merge pull request #4233 from akallabeth/kerberos_rebased 
Kerberos rebased
 2017-11-13 17:39:27 +01:00
David Fort
7bbc3cb8b7 Fix logic in nla_read_ts_credentials 2017-11-13 16:20:57 +01:00
dodo040
e0a9999fb2 fix: GSS API init, enterprise name management, variable names and format code 2017-11-13 16:20:56 +01:00
dodo040
0a3c61d305 fix undefined symbol references at linking stage 2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00
Armin Novak
5cd89a3bc5 Added compat define for missing format. 2017-11-13 11:28:43 +01:00
David Fort
b85287fb62
Merge pull request #4212 from SriRamanujam/ffmpeg_encoder_fixes 
Fix libavcodec encoding errors and set tunables.
 2017-11-13 09:30:28 +01:00
Sri Ramanujam
fef3865ff2 Fallback #ifdefs for older versions of libavcodec 2017-11-12 17:31:22 -05:00
akallabeth
fcc9419922
Merge pull request #4225 from krisztian-kovacs-balabit/use-redirection-pdu-password-on-reconnect 
core/connection: use redirection password when reconnecting
 2017-11-10 09:32:39 +01:00
David Fort
dcafd4dacd
Merge pull request #4226 from krisztian-kovacs-balabit/open-x509-keyfile-readonly 
libfreerdp/core/certificate: open key file for reading only
 2017-11-09 18:11:12 +01:00
Sri Ramanujam
66c925c9e4 Fix libavcodec encoding errors and set tunables. 2017-11-09 11:39:54 -05:00
KOVACS Krisztian
c13c9035eb libfreerdp/core/certificate: open key file for reading only 
There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
 2017-11-09 16:54:22 +01:00
KOVACS Krisztian
70c65e70d1 core/connection: use redirection password when reconnecting 
According to MS-RDPBCGR the server might send a password in the Redirection PDU
that then must be sent by the client to the server as password.

Since the field either contains a password string (unicode) or a binary cookie,
we try to convert the password from unicode and use it only if conversion
succeeds.
 2017-11-09 14:46:38 +01:00
KOVACS Krisztian
d396258866 codec/nsc: fix memory corruption in case of chroma subsampling 
For odd number of rows, the memory copy operation was broken: after exiting
the loop, yplane points to the end of the last row data, and thus (yplane +
rw) points *after* the end of the last row.
 2017-11-09 14:38:46 +01:00
Martin Fleisz
d5344c3396
Merge pull request #4219 from akallabeth/various_fixes 
Various fixes
 2017-11-09 09:37:18 +01:00
Martin Fleisz
ed1934cafe
Merge pull request #4211 from akallabeth/silence_duplicate_warnings 
Silence WLog_ERR messages if last error is set.
 2017-11-08 13:34:26 +01:00
Armin Novak
5dc8763b2c Fixed compilation errors with old FFMPEG versions. 2017-11-08 12:55:11 +01:00
Armin Novak
b86c0ba548 Fixed NLA default error to FREERDP_ERROR_AUTHENTICATION_FAILED 2017-11-08 11:32:34 +01:00
David Fort
b216e91cdd
Merge pull request #4210 from akallabeth/nla_errors_extended 
Added additional NLA error mappings.
 2017-11-06 14:23:50 +01:00
Armin Novak
ce00f4dd8f Silence WLog_ERR messages if last error is set. 2017-11-06 14:02:22 +01:00
David Fort
504b771686
Merge pull request #4053 from akallabeth/ffmpeg_encoder 
Implemented FFMPEG based encoder.
 2017-11-06 11:25:48 +01:00
akallabeth
e7b8833e9e
Merge pull request #4187 from hardening/multimon_fix 
Multimonitor fix
 2017-11-06 10:02:07 +01:00
Armin Novak
7a73a0eb1b Added additional NLA error mappings. 2017-11-06 09:49:03 +01:00
Youness Alaoui
02e4f1f256 Do not delete the listener socket right after creating it. 
The listener server socket file needs to be deleted before we bind it
otherwise it's an "address already in use" error. But it was getting
deleted after the bind, causing the file to disappear, and preventing
anyone from connecting to the listener socket since the socket stops
existing.

This is caused by commit 884e87fde4
 2017-10-27 15:01:29 -04:00
Armin Novak
367bddd7ad Added better error mapping for NEGO results. 2017-10-25 09:58:13 +02:00
Norbert Federa
eea2f306d3 primitives/yuv: fix endianess issue 2017-10-19 11:55:13 +02:00
Armin Novak
5d96fc9b14 Removed unused function pointer 
The function was breaking windows 7 compatibility.
 2017-10-18 09:52:41 +02:00
Norbert Federa
456ce96618 codec/h264: fix potential segfault and mf_init 2017-10-17 19:28:54 +02:00
David Fort
f90fe19fc7 multimon: correctly set the primary monitor 
According to the spec the primary monitor is supposed to be in (0,0) and other monitors
to be given relative to this one.
 2017-10-17 14:07:23 +02:00
David Fort
5d5376faa7 egfx: fix disconnection caused by invalid cache entries due to wrong announced cache size 
Added some checks so that when setting a cache entry fails, we close connection (or
we fail later when trying to use that empty entry).
The small cache egfx capability has also been fixed.
 2017-10-10 17:12:16 +02:00
David Fort
a132922376 Add checks for DR channel 2017-10-04 10:30:47 +02:00
akallabeth
e6d66d9d81 Merge pull request #4154 from hardening/misc_fixes 
Fix raw surfaces displaying + misc other changes
 2017-09-27 14:56:21 +02:00
Bernhard Miklautz
15c7cb8cb2 Enable clipboard channel per default 2017-09-27 09:45:07 +02:00
David Fort
ddca8f3a3b Check return value of malloc 2017-09-26 13:56:08 +02:00
Armin Novak
9f26f73709 Added delay for connect abort 
The connection abort must be called after freerdp_connect.
Ensure that this function is already running by waiting
a second.
 2017-09-26 12:05:24 +02:00
Armin Novak
ef9444bd35 TestConnect: Extend timeout, only listen locally 2017-09-26 10:59:34 +02:00
Armin Novak
ac454628ae Fixed TestConnect with dynamic channels. 2017-09-25 13:34:00 +02:00
Armin Novak
884e87fde4 Unlink file after binding to it. 
When unlinking the file before binding, a new entry is created
in the file system after binding. This is not desireable, so
unlink it after binding to remove the temporary file after the process
closes.
 2017-09-25 10:35:24 +02:00
Bernhard Miklautz
4592deee72 extend /size to allow width or height percentages (#4146) 
If the size parameter is used with a percentages like /size:50% now
an additional 'w' or 'h' can be appended (like /size:50%w) to specify
where the percentage should be applied. If both or none are set the
behavior is like it was before and the percentage is applied to width
and height.
 2017-09-25 09:35:49 +02:00
Jukka-Pekka Virtanen
ad1425e145 Using PasswordIsSmartcardPin option when sending TS_INFO_PACKET 2017-09-23 14:28:17 +02:00
David Fort
b587daa416 Merge pull request #4136 from tditsch/master 
Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION
 2017-09-22 09:52:27 +02:00
Armin Novak
bdae339268 Check and invalidate handles on free. 2017-09-19 12:36:13 +02:00
tditsch
a16d9a2ade refactored Bugfix 2017-09-19 10:18:41 +02:00