Commit Graph

513 Commits

Author SHA1 Message Date
Bernhard Miklautz
1e6fea7fa7 fix channel/smartcard: simplify channel variables
Path was not really used and name was duplicated. Use the device->Name
directly.
2017-12-13 17:04:06 +01:00
David Fort
a6cfd3c49a geometry: a skeleton for the MS-RDPEGT channel
The base for implementing the MS-RDPEGT client channel that allows to track window
geometry.
2017-12-08 11:26:29 +01:00
Martin Fleisz
876a7697be
Merge pull request #4297 from akallabeth/cmd_parser_hardening
Fix #4296: Hardened command line post filter.
2017-12-05 14:40:03 +01:00
Armin Novak
78a0c4c618 Fix #4296: Hardened command line post filter. 2017-12-01 13:13:21 +01:00
akallabeth
0cb5907664
Merge pull request #4275 from ondrejholy/big-endian-fixes
Big endian fixes
2017-12-01 11:24:50 +01:00
David Fort
cf33966f2e
Merge pull request #4282 from akallabeth/force_ipv6
Fix #4281: Added option to prefer IPv6 over IPv4
2017-11-28 10:48:53 +01:00
Bernhard Miklautz
baf52f529f
Merge pull request #4261 from akallabeth/doc_ssl_store
Fix #3890: Point to OpenSSL doc for private CA
2017-11-27 11:46:54 +01:00
Armin Novak
2cc64298f2 Fix #4281: Added option to prefer IPv6 over IPv4 2017-11-27 11:43:54 +01:00
David Fort
8f8ce70f3d
Merge pull request #4229 from akallabeth/from_stdin_args
Option to force password prompt before connection
2017-11-24 15:51:46 +01:00
Ondrej Holy
90000fd36e client/common: Fix two memory leaks in RDP file processing
FALSE is returned immediately in case of parsing error and thus buffer
copy is leaked. Let's release the memory properly.
2017-11-24 10:24:47 +01:00
Ondrej Holy
5dcd1ebb06 client/common: Fix RDP file processing on big endian
TestClientRdpFile fails on big endian machines due to some bug in
unicode processing. Let's drop all the unicode functions and convert
unicode input into ascii as soon as possible. This significantly
simplify RDP file processing and also fixes TestClientRdpFile on
big endian machines.

https://github.com/FreeRDP/FreeRDP/issues/4231
2017-11-23 20:00:09 +01:00
akallabeth
71e38a4ce7
Merge pull request #4267 from ondrejholy/autofips
Enable FIPS mode automatically
2017-11-23 10:49:15 +01:00
Ondrej Holy
6973b14eed Enable FIPS mode automatically
FreeRDP aborts if OpenSSL operates in FIPS mode and +fipsmode is not
manually specified. Let's prevent the abortion and enable the necessary
options in that case automatically.
2017-11-23 10:09:17 +01:00
Martin Fleisz
2f281c06ba
Merge pull request #4244 from akallabeth/drivestoredirect
Fix parsing of drivestoredirect (#3267)
2017-11-22 12:23:04 +01:00
Armin Novak
7183189328 Fix #4257: Proper error checks for /kbd argument 2017-11-22 11:03:43 +01:00
akallabeth
77a921240b Testing argument to end with file extension. 2017-11-21 19:10:28 +01:00
Armin Novak
65482ee9bf Fixed #4249: Corruption due to recursive parser 2017-11-21 13:47:28 +01:00
Armin Novak
12a9b9a0b4 Fix #3890: Point to OpenSSL doc for private CA 2017-11-21 11:47:33 +01:00
Armin Novak
6504b81b9e Fix parsing of drivestoredirect (#3267) 2017-11-21 10:46:50 +01:00
Armin Novak
a3fb3270dc Fix #3509: Added Ctrl+Alt+Enter description 2017-11-20 13:22:53 +01:00
Armin Novak
d593b3ef58 Better description for drive redirection (Fix #3513) 2017-11-17 13:44:56 +01:00
Armin Novak
1bb4f121b4 Fixed formatting. 2017-11-17 12:45:28 +01:00
Brent Collins
1129634617 Move the disabling nla and setting the fips encryption mode based on fips
mode to happen after argument parsing to ensure it always enforced.
2017-11-17 12:43:07 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Armin Novak
ac0a912a20 Option to force password prompt before connection
The idea is based on #3257.
If a non NLA connection is requested the password callbacks are not executed
and there is currently no way to read from stdin.
This extension of /from-stdin allows reading the passwords
before the connection is established.
2017-11-16 09:55:45 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Armin Novak
8c2bd951ae Allow printing of custom arguments in help. 2017-11-15 15:25:34 +01:00
Ben Cohen
0e90841a18 Forward ssh-agent data between ssh-agent and RDP
Add the sshagent plugin to forward the ssh-agent protocol over an RDP
dynamic virtual channel, just as the normal ssh-agent forwards it over
an SSH channel.  Add the "/ssh-agent" command line option to enable it.
Usage:

Run FreeRDP with the ssh-agent plugin enabled:

   xfreerdp /ssh-agent ...

In the remote desktop session run xrdp-ssh-agent and evaluate the output
in the shell as for ssh-agent to set the required environment variables
(specifically $SSH_AUTH_SOCK):

   eval "$(xrdp-ssh-agent -s)"

This is the same as for the normal ssh-agent.  You would typically do
this in your Xsession or /etc/xrdp/startwm.sh.

Limitations:

1. Error checking and handling could be improved.

2. This is only tested on Linux and will only work on systems where
clients talk to the ssh-agent via Unix domain sockets.  It won't
currently work on Windows but it could be ported.
2017-11-10 20:16:00 +00:00
David Fort
960b992f76
Merge pull request #4151 from ondrejholy/manpages-update-master
Manpage and /help update
2017-11-09 15:24:27 +01:00
David Fort
5d5376faa7 egfx: fix disconnection caused by invalid cache entries due to wrong announced cache size
Added some checks so that when setting a cache entry fails, we close connection (or
we fail later when trying to use that empty entry).
The small cache egfx capability has also been fixed.
2017-10-10 17:12:16 +02:00
Bernhard Miklautz
1aec784f75 feat: add support for .source_version
When building packages, especially when source packages are used, git is
not necessarily available or the source isn't provided in git. In those
cases it wasn't possible to set the GIT_REVISION and --version shows
"n/a" for the git revision.

If the file .source_version is available now the content of it is used
as GIT_REVISION. Packagers might want to add a .source_version file
when they don't build the packages from git.

Possible breaking change:

The variable PRODUCT_VERSION isn't available anymore. Use GIT_REVISION
instead.
2017-10-06 15:02:23 +02:00
Ondrej Holy
c5ae72972b cmdline: Sort arguments list
Arguments are not sorted and it is hard to find something in manpages,
or /help output. Let's sort the list.
2017-09-27 11:23:36 +02:00
Ondrej Holy
d0dfa9353f cmdline: Improve /help output
This patch contains several improvements in order to make the help
output more readable (reduce length of first column):
- move default value into description
- use ... instead of too long format strings
- use [] for optional arguments
2017-09-27 11:20:25 +02:00
Ondrej Holy
cf1fbf55d5 cmdline: Improve arguments list
This patch contains several improvements for arguments list:
- use capitals consistently
- remove full stop sign at the end
- use "experimental" constiently for unstable and hacky features
- use <> for variables consistenly
- use [] for optional parts consistently.
- shorten some format strings to make /help more readable
- replace whitespace in variables for better readability (especialy man page)
- fix wrong argument tyes
- add missing formats
2017-09-27 11:20:25 +02:00
Bernhard Miklautz
15c7cb8cb2 Enable clipboard channel per default 2017-09-27 09:45:07 +02:00
Armin Novak
2e83abb90c Fixed client context setup with default initializer. 2017-09-25 13:33:05 +02:00
Bernhard Miklautz
4592deee72 extend /size to allow width or height percentages (#4146)
If the size parameter is used with a percentages like /size:50% now
an additional 'w' or 'h' can be appended (like /size:50%w) to specify
where the percentage should be applied. If both or none are set the
behavior is like it was before and the percentage is applied to width
and height.
2017-09-25 09:35:49 +02:00
Jukka-Pekka Virtanen
509059f8ea Expose PasswordIsSmartcardPin settings from cmdline via password-is-pin arg 2017-09-23 14:28:26 +02:00
Bernhard Miklautz
52fbfb7b12 fix clang warnings, directly include wtypes.h (#4097)
* build: clang use -Wno-unused-command-line-argument

With clang 5.0 builds are quite noisy otherwise.

* Directly include wtypes.h

Directly include winpr/wtypes.h where _fseeki64 or _ftelli64 is used.

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: parentheses-equality

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: tautological-compare

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning:
incompatible pointer types passing 'size_t *' (aka 'unsigned
long *') to parameter of type 'UINT32 *' (aka 'unsigned int *')
[-Wincompatible-pointer-types]
2017-08-29 09:09:38 +02:00
Armin Novak
c3d4b7d262 fseeko and ftello for 64bit file support. 2017-08-14 08:42:49 +02:00
Armin Novak
dd4b5ea126 Disable JPEG codec support if not compiled in. 2017-07-24 15:23:36 +02:00
Armin Novak
8b9e3fa51e Fixed use of reserved keywords for include guards. 2017-07-20 09:35:41 +02:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
dodo040
4e055453ab fix smartcard argument parsing 2017-07-19 13:16:08 +02:00
dodo040
722e927c64 redirect specific smartcard readers 2017-07-19 13:16:08 +02:00
Armin Novak
5764d5a78a Disable GFX H264 if no backend compiled in. 2017-07-17 09:25:21 +02:00
Norbert Federa
36b8f54c5e Fixed a few compiler warnings 2017-07-10 17:52:05 +02:00
Armin Novak
09d43a66f4 Fixed tests and dead store warnings. 2017-03-28 16:49:56 +02:00
Armin Novak
b2c29158be Scanbuild warning, argument checks and leak fixes.
* Added Stream_GetRemainingCapacity to check remaining stream size
  before writes.
* Fixed shadow server memory leak.
* Fixed lots of scanbuild warnings
* Added missing argument checks in many functions
* Added missing static function declarations
2017-03-02 18:13:43 +01:00
Martin Fleisz
a391a3decc client: Check if channel has already been added 2017-02-24 13:03:03 +01:00