If source and destination buffers are equal the calculation of
'rest = num % div' is a division by zero. Avoid that by checking
explicitly for that condition.
We no longer have a blocking polling loop in transport. Instead assume
there is more data after a packet was processed and let the transport
try again. If there is another packet ready, this repeats until only a
partly received (or no new data available) situation is reached.
To have more fine granied control add a new callback.
Now you have the following callback pairs:
* PreConnect <--> PostFinalDisconnect
* PostConnect <--> PostDisconnect
[MS-RDPEGDI] 3.1.9.1.3 Chroma Subsampling and Super-Sampling is a
compression technique that blurs fonts. Disable this to have a cleaner
image for /bpp:32 connections
If a pointer cache index is out of range for the corresponding size
announced by the capability but within range of the total cache size
only print a warning but do not abort.
Some RDP servers start sending graphics updates too early for us to
process. This triggered a bug that at that point the EndPaint callback
is not available, as the connection is not fully established.
When some channels are filtered, some misalignement of channel ids could happen.
This patch keeps track of the back and front channel ids to correctly identify a
channel and send packets with the correct channel id.
Without the patch, we parse more packets and the calling code doesn't have the
opportunity to invoke PostConnect callback (make the connection not work in the proxy)
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
RDP security is rarely used nowadays, but there have been reports about
situations where the encryption key is missing.
Add this check to properly terminate the connection in case of such an
unexpected event.
In nla_decode_ts_request the input stream position was not advanced.
This lead to issues when testing proper input data processing in the
client receive state callback
This PR fixes an issue where user credentials were lost when connecting
to a farm that redirects the client.
During a redirect the connection settings were overriden by the settings
stored in `rdp->originalSettings`. However these settings miss any
credentials the user provides during the connection phase, thus causing
another authentication prompt to appear.
With the latest client changes the internal event loop requires a handle
to wait on. Add a new function to (re)set the newly added transport event handle.
Autodetect packets can be transported either in TCP TPKT packets or be contained
in multi-transport subheaders (transported on UDP). These changes do the appropriate
modifications so that in further developments we can take the transport type in account
when treating / writing these packets.
list_provider_keys() returns a Boolean, true == success. But
smartcard_hw_enumerateCerts() expects the return value on success to
be ERROR_SUCCESS == 0, and so inverts success/failure.
Up to this commit the client and server state machine handling used
different return values for state machine changes.
This is fixed with this commit:
* Use common enum return values
* Use common helper functions
It seems MS RDG 2016+ does not send a http status code if
something with the request or configuration is not ok. It is worth
retrying with rpc in that case
When transitioning from CONNECTION_STATE_FINALIZATION_FONT_LIST to
CONNECTION_STATE_ACTIVE we must return a value > 0 so that the
state machine can properly initialize the new state.
The demand active state might be called when receiving data from the
client during initial connection phase or might be triggered server
side after sending a deactivate all pdu
* Adds a new callback and settings in gdiGfxSurface to allow updating
a window directly from surface bitmap data
* Adds new BOOL in gdiGfxSurface windowMapped and
handleInUpdateSurfaceArea to control where surface data update is
being handled
The old code was looping with blindly checking for transport events, and then
sleep for 100 ms. It was doing that until the connection is established or
the timeout expired.
The new version polls the transport's events, potentially not having many 100 ms
waits.
* Add new settings for OrderSupportFlags, OrderSupportFlagsEx,
TerminalDescriptor and TextANSICodePage
* Add proper read/write routines for the new settings
* Add proper default values for the new settings
* Add new settings for previously ignored capability options
* Store raw capability data in settings for later use
* Add function to extract settings from raw capability data
* Split capability read/write from client/server logic (e.g. enforce
limits, ...)
Gateway code was passing a char string as the package name to
`credssp_auth_init`. When using Unicode builds this fails since
`QuerySecurityPackageInfo` expects a wchar string.
Additionally with unicode builds, `credssp_auth_pkg_name` causes string
type mismatches in the gateway code where a char string is expected.
Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:
* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
This PR fixes following issues with server-side NLA authentication:
- The client nonce should only be sent by the client
- The final stage in the nego token exchange checked the negoToken
buffer for data. Instead the corresponding credssp API is now used
which checks the correct buffer (output_buffer).
- The negoToken buffer needs to be cleared before sending the public key
echo. In some cases the buffer was not empty and incorrectly was part
of the response to the client.
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.
It also add debug statement for the listing of smartcard keys / certs.
This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
* New defines for 10.8, 10.9, 10.10, 10.11 protocol versions
* New function returning a string representation of the protocol version
* Use 10.11 by default now
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
input buffer an takes ownership of that buffer
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.
This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
* Fixed format strings to match arguments
Reviewed and replaced all %d specifiers to match proper type
* Added proxy dynamic channel command type to log messages.
* update .gitignore and cleanup conditionnal callback call
* client: rework channel loading
Automate the loading of channels that only depend on a given enabled setting.
* fix remote assistance connection string1 parsing
Fails to parse when connection string only has one host:port because there is no ";" character. Also when multiple host:port;host:port it skip first host:port and parses remaining host:port as ";host:port...end" of connection string:
eg:
;192.168.93.138:49626;192.168.93.139:49627;192.168.93.140:49628
;192.168.93.139:49627;192.168.93.140:49628
;192.168.93.140:49628
* Update assistance.c
* Update assistance.c
* Update assistance.c
* unescape & in PassStub
windows sometimes creates .msrcincident file with escaped ampersand as `&` in PassStub. Need to unescape or server will deny connection and complain about incorrect password.
* Update assistance.c
* add support for 64-bit big-endian encoding
* kerberos: drop reliance on gssapi and add user 2 user support
* Fix local variable declared in the middle of the function body
* kerberos: add ccache server option
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
* winpr: add lock operation on HashTables
* drdynvc: change the listeners array for a hashtable and other micro cleanups
* logonInfo: drop warning that is shown at every connection
Let's avoid this log, we can't do anything if at Microsoft they don't respect
their own specs.
* rdpei: fix terminate of rdpei
* drdynvc: implement the channel list with a hashtable by channelId
Currently, all Calista Progressive encoded streams contain tile
artifacts, when the RFX_SUBBAND_DIFFING is used, but not the
RFX_DWT_REDUCE_EXTRAPOLATE flag.
The reason is the wrong usage of the context and tile flags.
The RFX_SUBBAND_DIFFING flag should have no actual impact on the
decoder itself.
Especially, it does not affect the band sizes within a 64x64 tile.
The RFX_DWT_REDUCE_EXTRAPOLATE flag, on the other hand, MUST have an
effect on the band sizes.
However, FreeRDP currently uses the RFX_SUBBAND_DIFFING flag when
decoding a component to determine whether the Reduce-Extrapolate method
is used, resulting in tile artifacts, when that method was actually not
used.
The current behaviour did not result in tile artifacts with the MS
Windows RDS, as that server always sets both flags.
So, fix this issue by using the correct flag, when decoding a tile.
According to the RFC the websocket key in the request header should be
base-64 encoded:
The request MUST include a header field with the name |Sec-WebSocket-Key|. The value of this header field MUST be a nonce consisting of a randomly selected 16-byte value that has been base64-encoded (see Section 4 of [RFC4648]). The nonce MUST be selected randomly for each connection.
If we just send a random key this might cause problems with
gateways/proxies that try to decode the key, resulting in an error (i.e.
HAProxy returns 400 Bad Request).
Microsoft Windows imposes strict filename restrictions on its platform.
As RDP is developed by Microsoft and the RDS in MS Windows is typically
used as remote desktop server for the RDP protocol, these filename
restrictions are also enforced in WinPR, when copy-pasting files over
the clipboard.
However, in some connections no peer on MS Windows is involved and in
these situations, these filename restrictions are just an annoyance.
With a recent API addition in WinPR, it is now possible to override the
callback, where the filename is checked, whether it is valid.
So, use this new API to relieve the filename restriction, when the
connected remote desktop server is not on MS Windows.
