Commit Graph

5041 Commits

Author SHA1 Message Date
Martin Fleisz
eb7adaec46 core: Preserve user provided credentials when being redirected
This PR fixes an issue where user credentials were lost when connecting
to a farm that redirects the client.

During a redirect the connection settings were overriden by the settings
stored in `rdp->originalSettings`. However these settings miss any
credentials the user provides during the connection phase, thus causing
another authentication prompt to appear.
2022-11-18 14:01:13 +01:00
akarl10
b1583d56c0 [rdg] implementation of http_extauth_sspi_ntlm 2022-11-16 20:28:53 +01:00
Armin Novak
f42f8c32fd [core,test] Fix TestConnect use after free 2022-11-16 16:03:21 +01:00
Armin Novak
fd7a952e70 [core,transport] only return ioEvent if we use it
transport_get_event_handles only returns the ioEvent handle in its
list if transport_io_callback_set_event was called at least once.
2022-11-16 15:32:32 +01:00
akallabeth
d83f70bc32 [core,transport] event handle for transportIO
With the latest client changes the internal event loop requires a handle
to wait on. Add a new function to (re)set the newly added transport event handle.
2022-11-16 15:32:32 +01:00
akallabeth
4ccb38aa13 [core] Check return value of *_transition_to_state
The state transition might not be allowed, so abort if that fails.
2022-11-16 15:32:32 +01:00
David Fort
4461144031 autodetect: prepare for multi-transport
Autodetect packets can be transported either in TCP TPKT packets or be contained
in multi-transport subheaders (transported on UDP). These changes do the appropriate
modifications so that in further developments we can take the transport type in account
when treating / writing these packets.
2022-11-16 11:50:46 +01:00
Richard E. Silverman
2c39bb41a8 fix use of return code from list_provider_keys()
list_provider_keys() returns a Boolean, true == success. But
smartcard_hw_enumerateCerts() expects the return value on success to
be ERROR_SUCCESS == 0, and so inverts success/failure.
2022-11-16 11:50:15 +01:00
Armin Novak
4ddef3e141 [capabilities] properly set RemoteFxOnly
The check was inverted, setting the flag properly now
2022-11-16 11:02:10 +01:00
akallabeth
bc31bae2b5 [core] Unify RDP state machine
Up to this commit the client and server state machine handling used
different return values for state machine changes.
This is fixed with this commit:
* Use common enum return values
* Use common helper functions
2022-11-15 09:57:46 +01:00
akallabeth
8760cecbc7 [rdg] Unified rpcFallback resource cleanup
Since the cleanup routines are always the same unify these in
rdg_connect.
2022-11-14 09:47:13 +01:00
akarl10
355c7ec72a rdg: Fallback to rpc if http status is not sent
It seems MS RDG 2016+ does not send a http status code if
something with the request or configuration is not ok. It is worth
retrying with rpc in that case
2022-11-14 09:47:13 +01:00
akallabeth
5b90d0bc1d Added missing length checks in zgfx_decompress_segment 2022-11-14 09:28:22 +01:00
Martin Fleisz
0629bb9c20 codec: Fix broken logging in progressive codec 2022-11-14 09:27:41 +01:00
akallabeth
4ef72bbe14 Cleanup of client RDP state machine
* Use enum for most common return types
* Add success/failed check functions
* Add a function creating a string from the return value
2022-11-11 11:51:27 +01:00
akallabeth
872f52c014 [core] properly pass redirection return code
If a redirection packet is receivet pass the appropriate return
code through the call stack to let the client take action
2022-11-11 11:51:27 +01:00
Armin Novak
98cf410144 Fixed missing state machine rerun trigger
When changing the peer state return 1 to indicate a rerun is
required.
2022-11-11 11:51:27 +01:00
Armin Novak
12f0e996c0 [server] Fix state transition return value
When transitioning from CONNECTION_STATE_FINALIZATION_FONT_LIST to
CONNECTION_STATE_ACTIVE we must return a value > 0 so that the
state machine can properly initialize the new state.
2022-11-11 11:51:27 +01:00
Armin Novak
367ecf3c0b Properly handle demand active state
The demand active state might be called when receiving data from the
client during initial connection phase or might be triggered server
side after sending a deactivate all pdu
2022-11-11 11:51:27 +01:00
Armin Novak
8210ee77db Fixed return of rdp_client_transition_to_state
Use BOOL to just indicate success/failure and actually check return
of functions called.
2022-11-11 11:51:27 +01:00
Armin Novak
71c3f8e4bb Removed blocking loop in rdp_recv_deactivate_all
The new state machine expects just a state change and will handle
the following transitions from there.
2022-11-11 11:51:27 +01:00
Armin Novak
ec019c8910 Fixed (TS_FONT_MAP_PDU)::mapFlags check 2022-11-11 11:51:27 +01:00
akallabeth
de8da433ec Unified client and server synchronize PDU checks 2022-11-11 11:51:27 +01:00
akallabeth
33827cb920 Updated RDP state machine
* More detailed states
* Better transition checks
* No more recursive calling of state machine functions
2022-11-11 11:51:27 +01:00
akallabeth
06c2ab76e0 Remove AwaitCapabilities 2022-11-11 11:51:27 +01:00
akallabeth
58d7e1a2be Added license settings handling 2022-11-11 11:51:27 +01:00
Armin Novak
f92dc2a6dc [rail,gfx] Better logging for surface operations 2022-11-11 06:42:45 +01:00
akallabeth
c36d738a36 [rail] Enable HiDefRemoteApp support 2022-11-11 06:42:45 +01:00
Armin Novak
325c03501e [gfx] Added new UpdateWindowFromSurface callback
* Adds a new callback and settings in gdiGfxSurface to allow updating
  a window directly from surface bitmap data
* Adds new BOOL in gdiGfxSurface windowMapped and
  handleInUpdateSurfaceArea to control where surface data update is
  being handled
2022-11-11 06:42:45 +01:00
Martin Fleisz
ebc8cd1d4a core: Fix applying of pointer capabilities
Only apply the pointer cache size to the settings if we are in server
mode. This check got lost in a recent refactoring to caps parsing.
2022-11-07 13:02:39 +01:00
akarl
f40522e34f fix HTTP proxy CONNECT header
also replace ARRAYSIZE with strlen and use that instead of ugly things
like const char x[2] = "ok";
2022-11-05 09:01:17 +01:00
akallabeth
b8907711d9 Relaxed font map PDU parsing
Due to some old VBox sending invalid font map PDU do not abort
parsing if a short PDU is received. See #925 for details
2022-11-04 14:46:58 +01:00
akallabeth
dbbff452cd Added better logging for font map PDU
rdp_recv_font_map_pdu now logs some warnings if some expected values
are not found in the PDU
2022-11-04 14:46:58 +01:00
akallabeth
2ef506cff2 Better checks on activation received
Check for reactivation, remember resolution, ...
2022-11-04 14:46:58 +01:00
akallabeth
732a7979a3 Fix peer without valid socket, cleaned up initialization 2022-11-04 14:46:58 +01:00
akallabeth
9d2de14912 Added license settings handling 2022-11-04 14:46:58 +01:00
akallabeth
8d067b21e6 Improved protocol check for activation messages 2022-11-04 14:46:58 +01:00
akallabeth
21fd820edf Added handling of licensing packets 2022-11-04 14:46:58 +01:00
akallabeth
2dcffa62c5 Split freerdp_connect
* freerdp_connect_begin
2022-11-04 14:46:58 +01:00
akallabeth
3eccf75aff Skip empty rectangles in gfx cache to surface 2022-11-04 14:46:58 +01:00
akallabeth
498635a317 Added new functions to test validity of MCS
* freerdp_is_valid_mcs_create_request
* freerdp_is_valid_mcs_create_response
2022-11-04 14:46:58 +01:00
akallabeth
819cbcae16 Reset all codec context on gfx graphics reset 2022-11-04 14:46:58 +01:00
akallabeth
c0e3624a10 Code cleanups
prefer use of settings getter
2022-11-04 14:46:58 +01:00
akallabeth
01fba61670 Fixed rdp_apply_order_capability_set
Read value from correct settings struct
2022-11-04 14:46:58 +01:00
akallabeth
b9e701aa3d Added return value for rdp_write_header 2022-11-04 14:46:58 +01:00
akallabeth
6e682e204f Fixed return checks for tpdu_write_data 2022-11-04 14:46:58 +01:00
akallabeth
d15e80e266 Fixed return of tpkt_verify_header
Allow detection of an error (e.g. not enough data in stream)
2022-11-04 14:46:58 +01:00
akallabeth
92b40a1c1d Added fix for TestConnect
* copy test_icon.ppm to build directory
* Add client pre|post_connect and disconnect callbacks
2022-11-04 14:46:58 +01:00
akallabeth
2458a526b8 Fixed bug with SurfaceFrameMarker callback
if FreeRDP_DeactivateClientDecoding allow NULL callbacks
2022-11-04 14:46:58 +01:00
David Fort
ef1a3b0af6 client: improve connection time
The old code was looping with blindly checking for transport events, and then
sleep for 100 ms. It was doing that until the connection is established or
the timeout expired.
The new version polls the transport's events, potentially not having many 100 ms
waits.
2022-11-04 09:50:31 +01:00
Armin Novak
901753b527 [channel] Fixed broken length check
The length check for channel chunk data was wrong. Not only was it
checked twice, the second check expected the whole fragmented data
to be available.
2022-11-03 21:11:29 +01:00
akallabeth
7d67adbc54 Refactored licensing module
* Make the whole module opaque for easier testing
2022-11-03 17:02:47 +01:00
Armin Novak
d171f4a1d5 Added assertions in capability parser 2022-11-03 17:02:15 +01:00
akallabeth
3af13a0fb2 Add proper read/write for ordersupportflags et al
* Add new settings for OrderSupportFlags, OrderSupportFlagsEx,
  TerminalDescriptor and TextANSICodePage
* Add proper read/write routines for the new settings
* Add proper default values for the new settings
2022-11-03 17:02:15 +01:00
Armin Novak
7cef0cb8d6 Refactored capability parsing
* Add new settings for previously ignored capability options
* Store raw capability data in settings for later use
* Add function to extract settings from raw capability data
* Split capability read/write from client/server logic (e.g. enforce
  limits, ...)
2022-11-03 17:02:15 +01:00
Martin Fleisz
fbbcd9b8ef nla: Fix unicode issues with gateway code
Gateway code was passing a char string as the package name to
`credssp_auth_init`. When using Unicode builds this fails since
`QuerySecurityPackageInfo` expects a wchar string.

Additionally with unicode builds, `credssp_auth_pkg_name` causes string
type mismatches in the gateway code where a char string is expected.
2022-11-03 15:01:39 +01:00
Armin Novak
b04c0e7b1c Fix const warnings in ffmpeg h264 module 2022-11-03 11:58:17 +01:00
Armin Novak
71b568ac30 Relax transport checks, allow invalid socket
When no real RDP connection is in use, the SSL socket might be invalid.
Do not assert here but allow the parsing to continue
2022-11-03 11:58:17 +01:00
Armin Novak
b4dbdac68b Refactored multitransport
* Implemented server and client multitransport message parsing
2022-11-03 11:58:17 +01:00
Armin Novak
72f7382f2f Added input assertions 2022-11-03 11:58:17 +01:00
Armin Novak
78a1399eb9 Improve logging in autodetect 2022-11-03 11:56:12 +01:00
Armin Novak
85ce3388d7 Handle RDP_NETCHAR_SYNC_RESPONSE_TYPE 2022-11-03 11:56:12 +01:00
akallabeth
016d2fe689 Renamed rdp_recv_server_synchronize_pdu 2022-11-03 11:56:12 +01:00
akallabeth
108b8a47ba Refactored autodetect code
* Added assertions
* Eliminated warnings
* Eliminated unnecessary allocations
2022-11-03 11:56:12 +01:00
Armin Novak
48a6c0b815 Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
2022-11-03 11:56:12 +01:00
Armin Novak
f9faf3d3d5 Unified synthetic file cleanup 2022-10-28 08:22:43 +02:00
Armin Novak
a7a8e7ee8d Fixed read/write of filedescriptorw times 2022-10-28 08:22:43 +02:00
akallabeth
58599c91a3 Add setting name for invalid function access
Try to be helpful and resolve the settings index with a readable
name if possible to help diagnose wrong function use
2022-10-27 10:46:58 +02:00
Armin Novak
f1ae9be54d Fixed nla error code to string conversion 2022-10-27 10:37:23 +02:00
Armin Novak
cfffc5ef2c Do not terminate if error info is received. 2022-10-27 09:14:28 +02:00
akallabeth
a29343251c Fixed invalid pointer in freerdp_connect
After rdp_client_connect the settings pointer might have changed.
Reset it from the rdpContext.
2022-10-27 09:03:54 +02:00
akallabeth
1e67db7c08 Do blockwise write, use winpr_DeleteFile 2022-10-25 13:58:05 +02:00
akallabeth
1c0908bdfb Use winpr_DeleteFile and winpr_MoveFileEx 2022-10-25 13:58:05 +02:00
akallabeth
6e7b91c5ad Fixed smartcard logon file leak
The certificate and private key temporary files have not been
cleaned up under certain error conditions.
2022-10-25 13:58:05 +02:00
akallabeth
a8650d9a3d Fix certificate and private key checks for smartcard logon 2022-10-25 13:58:05 +02:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
2022-10-24 22:22:00 +02:00
Armin Novak
6ab2cb6d99 Fixed mutially exclusive CAIRO and SWSCALE includes
When both are defined there was a build error due to missing
includes.
2022-10-19 20:31:53 +02:00
Armin Novak
4b9c8e6393 Updated keyboard list API 2022-10-19 20:31:53 +02:00
Armin Novak
1f6476016d Update command line option /sec*
* Deprecate /sec-* flags
* Allow multiple arguments for /sec
2022-10-19 20:31:53 +02:00
fifthdegree
f13fd769f7 Use mutual auth for gateway
Windows seems to bug out when not using mutual auth; it accepts the
connection without sending the last auth message.
2022-10-19 18:55:38 +02:00
fifthdegree
eb04eb0008 Support using smartcard for gateway authentication 2022-10-19 18:55:38 +02:00
fifthdegree
e847f159a6 Try to use the smartcard key name Windows uses
Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
2022-10-19 18:55:38 +02:00
fifthdegree
9d0beaccae smartcardlogon: choose a single smartcard to use
Require a single smartcard certificate to be chosen and define a
callback to choose when more than one is available.
2022-10-19 18:55:38 +02:00
akallabeth
08d2d559c3 Increase yuv decoder worker count
The yuv decoder might run out of workers if the rectangles are
smaller than 64x64. Assume 16x16 tiles for the decoder
2022-10-19 08:16:53 +02:00
Marc-André Moreau
e3594c91dc Add UserSpecifiedServerName setting, /server-name command-line parameter 2022-10-14 17:59:57 -04:00
akallabeth
43c5289928 Replaced memset/ZeroMemory with initializer
* Addes WINPR_ASSERT on many occations
* Replaced memset with array initializer
* Replaced ZeroMemory with array initializer
2022-10-14 12:11:01 +02:00
David Fort
57d2a27980 fix smartcard listing
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:

* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
2022-10-14 12:05:16 +02:00
akallabeth
97e183d082 With #8292 ClusterInfoFlags became application settable
This pull adds the (previously lost) default value to keep compatible
with older code that does not care about that field.
2022-10-14 09:41:54 +02:00
Martin Fleisz
4bc74392c2 nla: Fix some issues with server-side NLA authentication
This PR fixes following issues with server-side NLA authentication:

- The client nonce should only be sent by the client
- The final stage in the nego token exchange checked the negoToken
  buffer for data. Instead the corresponding credssp API is now used
  which checks the correct buffer (output_buffer).
- The negoToken buffer needs to be cleared before sending the public key
  echo. In some cases the buffer was not empty and incorrectly was part
  of the response to the client.
2022-10-13 17:16:07 +02:00
Marc-André Moreau
47aaaf4693 Fix CredSSP extended credential attributes on Windows (SECPKG_CRED_ATTR_KDC_URL) 2022-10-13 16:49:01 +02:00
Armin Novak
d69bbaee28 Updated GCC
* Better logging
* Improved error checks
2022-10-13 13:57:11 +02:00
Armin Novak
a3ec857278 Improved MCS checks, added settings to MCS function 2022-10-13 13:57:11 +02:00
Armin Novak
b706676d1a [server] Store channel name for later use 2022-10-13 13:57:11 +02:00
Armin Novak
e249e355f8 Clone original settings before redirect
This eliminates all settings negotiated during initial connect and
allows to renegotiate the proper settings  with the final target
2022-10-13 13:57:11 +02:00
Armin Novak
3100eb8238 Add return values to TPDU functions 2022-10-13 13:57:11 +02:00
Armin Novak
19f44a5734 Decreased logging verbosity for smartcard emulation 2022-10-13 13:57:11 +02:00
David Fort
8d3069e879 fix leak of NegoToken 2022-10-13 12:03:58 +02:00
David Fort
f76c14c256 fix smartcard logon with smartcard emulation
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.

It also add debug statement for the listing of smartcard keys / certs.

This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
2022-10-13 12:03:58 +02:00
Marc-André Moreau
21740743f7 Fix CredSSP with Windows Kerberos SSPI module 2022-10-13 09:48:13 +02:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
Armin Novak
3cf0bb91d6 Updated supported RDP versions
* New defines for 10.8, 10.9, 10.10, 10.11 protocol versions
* New function returning a string representation of the protocol version
* Use 10.11 by default now
2022-10-12 21:42:12 +02:00
akallabeth
59eae5dbc3 Fixed tautological-unsigned-zero-compare 2022-10-11 13:28:30 +02:00
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
akallabeth
e4b1258564 Fixed missing include 2022-10-11 13:28:30 +02:00
David Fort
cd0a33dbf2 nla: context must be NULL on first call to AcceptSecurityContext or InitializeSecurityContext 2022-10-10 09:01:04 +02:00
David Fort
467816a7a5 nla: fix unicode and non unicode build 2022-10-10 09:01:04 +02:00
David Fort
f486fb1e92 fixes for NLA under win32 2022-10-10 09:01:04 +02:00
akallabeth
7dde39de9d Fixed ownership of negoToken
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
  input buffer an takes ownership of that buffer
2022-10-09 21:34:26 +02:00
akallabeth
54a1e4ea7e Fixed invalid return values 2022-10-07 11:04:04 +02:00
akallabeth
f56b93b243 Set fragment cache size to fixed 256 elements 2022-10-07 11:01:25 +02:00
akallabeth
a1dff38807 Add assertions in update module 2022-10-07 11:01:25 +02:00
akallabeth
60720e7706 Improved streamdump file format 2022-10-07 10:38:03 +02:00
fifthdegree
2a6950f366 Only pass in authData for server creds when needed
If not using one of the winpr server-specific options then pass NULL as
authData for AcquireCredentialsHandle to use default creds (in Windows)
2022-10-06 21:33:01 +02:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00
akallabeth
ed0f258423 Use GFX small cache by default
RAILS does have some problems if this is not enabled and there is
no real benefit for not setting it, so default it
2022-10-06 16:20:47 +02:00
David Fort
3947294ffb Adjust smartcard listing
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.

This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
2022-10-06 16:06:35 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
fddb0dac75 add missing OOM checks 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00
Marc-André Moreau
80a1fc6a98 add SetCredentialsAttributes SSPI function 2022-09-30 19:33:12 +02:00
Marc-André Moreau
23f66f3987 add KDC URL to internal SSPI Kerberos settings 2022-09-30 19:33:12 +02:00
Marc-André Moreau
b324e49131 rename KerberosKdc setting to KerberosKdcUrl 2022-09-30 19:33:12 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254)
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
Joan Torres
d63f2324d1 Add support to send a ServerRedirection PDU. 2022-09-28 13:54:00 +02:00
Armin Novak
21ccb75812 Replaced magic numbers with definitions 2022-09-20 15:52:14 +02:00
Armin Novak
a8d4c3397c Fixed passing enum to pointer type 2022-09-20 15:52:14 +02:00
Armin Novak
a72f101739 Fixed undefined shift behaviour
BOOL must be cast to UINT32 before shifting to avoid undefined
behaviour
2022-09-20 13:25:44 +02:00
Simon Nivault
82b58325a3 Add switch to declare printer as default or not 2022-09-20 13:25:05 +02:00
Néfix Estrada
66bef0c708 feat(emscripten): add support for emscripten compilation 2022-09-15 10:23:43 +02:00
David Fort
1905524442
Channel loading (#8204)
* update .gitignore and cleanup conditionnal callback call

* client: rework channel loading

Automate the loading of channels that only depend on a given enabled setting.
2022-09-14 13:53:27 +02:00
akallabeth
f8159cc18a
Fixed memory leak in nla_send (#8193) 2022-09-12 10:54:29 +02:00
David Fort
8d9a43de01
core: various cleanups for persistant cache (#8191) 2022-09-12 10:21:42 +02:00
Martin Fleisz
f50d3f3f94 gateway: Fix Sec-WebSocket-Key accept handling (#8166) 2022-09-12 08:38:28 +02:00
garbb
fff93f62ed
fix freerdp_assistance_parse_address_list parsing (#8147)
* fix remote assistance connection string1 parsing 

Fails to parse when connection string only has one host:port because there is no ";" character. Also when multiple host:port;host:port it skip first host:port and parses remaining host:port as ";host:port...end" of connection string:
eg:
;192.168.93.138:49626;192.168.93.139:49627;192.168.93.140:49628
;192.168.93.139:49627;192.168.93.140:49628
;192.168.93.140:49628

* Update assistance.c

* Update assistance.c

* Update assistance.c
2022-09-09 09:27:52 +02:00
garbb
6b62ce9200
unescape & in PassStub (#8183)
* unescape & in PassStub

windows sometimes creates .msrcincident file with escaped ampersand as `&` in PassStub. Need to unescape or server will deny connection and complain about incorrect password.

* Update assistance.c
2022-09-08 09:52:36 +02:00
garbb
078fc50102 Update assistance.c
Minimum valid IP address is x.x.x.x (length 7)?
2022-09-07 11:01:09 +02:00
David Fort
c7ef66f978
smartcard: also filter certificate by domain name (#8160)
Command line username is used to filter the smartcard certificates during enumeration,
this patch also add the domain as a filter.
2022-08-30 09:00:47 +02:00
Martin Fleisz
b2e6221241
locale: Fix polish keyboard layouts on MacOS (#8139) 2022-08-19 12:25:54 +02:00
DVeron-RC
de16558344
Fix memory leak in tls.c (#8135)
There was an issue in the reference count managment of the private
key and the X509 certificate.
2022-08-18 15:51:30 +02:00
Martin Fleisz
0c620815f3
locale: Use Polish Programmers as default keyboard layout (#8134) 2022-08-18 10:05:35 +02:00
Martin Fleisz
693985b733 crypto: Fix compilation with OpenSSL versions older than 1.1.1 2022-08-17 14:20:14 +02:00
fifthdegree
7901a26a16
Kerberos User 2 User support (#8070)
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
2022-08-17 12:25:26 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding (#8120)
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
2022-08-16 10:40:32 +02:00
akallabeth
bf56a39e6f
Fixed #8090: Duplicate definition of strndup (#8102)
* Fixed #8090: Duplicate definition of strndup

* Moved strndup detection to winpr

Co-authored-by: Armin Novak <anovak@thincast.com>
2022-08-02 09:15:38 +02:00
tianyuanzhonglu
0460215a24
Fix indentation issue (#8098)
Co-authored-by: wy <wy@local>
2022-07-29 12:07:25 +02:00
David Fort
1f08cb9a7d
Drdynvc needs love (#8059)
* winpr: add lock operation on HashTables

* drdynvc: change the listeners array for a hashtable and other micro cleanups

* logonInfo: drop warning that is shown at every connection

Let's avoid this log, we can't do anything if at Microsoft they don't respect
their own specs.

* rdpei: fix terminate of rdpei

* drdynvc: implement the channel list with a hashtable by channelId
2022-07-26 12:53:41 +02:00
fifthdegree
5f3bc5842a nla: use winpr asn1 library 2022-07-26 09:38:53 +02:00
fifthdegree
decc55c30d
smartcardlogon: make error retrieving atr non-fatal (#8087)
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
2022-07-22 09:42:18 +02:00
Martin Fleisz
e58d53188a core: Fix broken string handling for custom sspi module loading 2022-07-21 15:59:43 +02:00
Martin Fleisz
12f2c4e2a7 core: Use closesocket instead of close 2022-07-21 15:59:43 +02:00
Martin Fleisz
0be57500bd core: Fix char encoding mixup in ntlm_client_make_spn 2022-07-21 15:59:43 +02:00
Martin Fleisz
145caf829b core: Use _strdup instead of strdup 2022-07-21 15:59:43 +02:00
Martin Fleisz
55c71dd650 core: Fix return type for TargetNetPorts array 2022-07-21 15:59:43 +02:00
Martin Fleisz
f44dbecbfd codec: Remove unused variable 2022-07-21 15:59:43 +02:00
Pascal Nowack
c7d1a2cdb5
codec/progressive: Fix wrong usage of subband diffing flag (#8076)
Currently, all Calista Progressive encoded streams contain tile
artifacts, when the RFX_SUBBAND_DIFFING is used, but not the
RFX_DWT_REDUCE_EXTRAPOLATE flag.
The reason is the wrong usage of the context and tile flags.
The RFX_SUBBAND_DIFFING flag should have no actual impact on the
decoder itself.
Especially, it does not affect the band sizes within a 64x64 tile.
The RFX_DWT_REDUCE_EXTRAPOLATE flag, on the other hand, MUST have an
effect on the band sizes.
However, FreeRDP currently uses the RFX_SUBBAND_DIFFING flag when
decoding a component to determine whether the Reduce-Extrapolate method
is used, resulting in tile artifacts, when that method was actually not
used.
The current behaviour did not result in tile artifacts with the MS
Windows RDS, as that server always sets both flags.

So, fix this issue by using the correct flag, when decoding a tile.
2022-07-15 08:32:33 +02:00
Armin Novak
b2df9207e4 Fixed #8054: multimonitor settings 2022-07-07 14:24:07 +00:00
Martin Fleisz
82d0714198 gateway: Base-64 encode websocket key in request header
According to the RFC the websocket key in the request header should be
base-64 encoded:

The request MUST include a header field with the name |Sec-WebSocket-Key|. The value of this header field MUST be a nonce consisting of a randomly selected 16-byte value that has been base64-encoded (see Section 4 of [RFC4648]). The nonce MUST be selected randomly for each connection.

If we just send a random key this might cause problems with
gateways/proxies that try to decode the key, resulting in an error (i.e.
HAProxy returns 400 Bad Request).
2022-07-07 11:54:26 +02:00
Pascal Nowack
6492a00959 client/X11: Relieve CLIPRDR filename restriction when possible
Microsoft Windows imposes strict filename restrictions on its platform.
As RDP is developed by Microsoft and the RDS in MS Windows is typically
used as remote desktop server for the RDP protocol, these filename
restrictions are also enforced in WinPR, when copy-pasting files over
the clipboard.
However, in some connections no peer on MS Windows is involved and in
these situations, these filename restrictions are just an annoyance.

With a recent API addition in WinPR, it is now possible to override the
callback, where the filename is checked, whether it is valid.
So, use this new API to relieve the filename restriction, when the
connected remote desktop server is not on MS Windows.
2022-07-07 07:45:26 +00:00
Pascal Nowack
35d6f19d60 freerdp/peer: Add APIs to get OS major and minor type strings 2022-07-07 07:45:26 +00:00
David Véron
a3712521a8 TLS version control
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
2022-07-07 07:13:11 +00:00
Armin Novak
3bedc1f92e Fixed swscale and cairo checks 2022-07-06 13:09:46 +00:00
Armin Novak
727f2bc652 Fixed IMA PCM encoder 2022-07-06 12:01:23 +02:00
Armin Novak
2324e52be3 Fixed settings tests 2022-07-06 12:01:23 +02:00
Armin Novak
23dd484824 Revert "Added a check in DesktopResize for protocol violations"
This reverts commit 07a5a6ef6d.
2022-07-06 12:01:23 +02:00
Armin Novak
b7d4433f28 Fixed return for FreeRDP_DeviceArray offset 2022-07-06 12:01:23 +02:00
Armin Novak
b672bda85e Removed RdpKeyFile and RdpKeyContent settings
They are a duplicate of PrivateKeyFile and PrivateKeyContent
2022-07-06 12:01:23 +02:00
Armin Novak
d0ae1c8160 Moved pubSub to rdpRdp 2022-07-06 12:01:23 +02:00
akallabeth
7f0efb0e9f Fixed missing ffmpeg link to libfreerdp 2022-07-05 20:07:10 +02:00
akallabeth
c71cc672f9 Decouple ffmpeg video encoder/decoder support from WITH_FFMPEG
It may be diesirable to only use FFMPEG for audio. Allow disabling
video decoding by introducing a new variable responsible for that.
2022-07-05 18:17:28 +02:00
akallabeth
d0fece49dc Use stack variable instead of malloc in transport 2022-07-04 14:31:08 +02:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
fifthdegree
85f7cb8916 clear openssl error queue after nla_client_begin 2022-07-02 16:32:50 +02:00
akallabeth
3e35eb3805 Fixed broken format string in rdg.c 2022-07-01 11:27:22 +02:00
akallabeth
cb96e6143d Fixed -Wshadow warnings 2022-06-30 10:49:02 +02:00
akallabeth
e07233ccef Fixed float comparson 2022-06-29 18:10:33 +02:00
akallabeth
8ecf841e71 Added RAIL compartmentinfo server to client message 2022-06-29 14:42:05 +02:00
Armin Novak
40ae6731c9 Fixed issues with settings clone 2022-06-27 14:27:12 +02:00
Armin Novak
29af8a45b6 Fixed missing LoadChannels calls and settings on redirect 2022-06-27 14:27:12 +02:00
Adrian Perez de Castro
81e8e28062 Fix building with LibreSSL 2.7.0 or newer
With LibreSSL 2.7.0 (or newer versions) some more structs have made
opaque, which requires a few changes:

- BIO_meth_new() and related functions are now defined by LibreSSL, the
  versions from opensslcompat.{h,c} does not need to be used anymore.
- HMAC_CTX is now opaque, HMAC_CTX_new(), EVP_MD_CTX_new, and related
  functions should be used instead in winpr's hash.c.
2022-06-27 12:42:06 +02:00
akallabeth
780e42f126 Add warning for applications using input functions in wrong state 2022-06-27 11:21:24 +02:00
akallabeth
944f43c0bc Fixed transport handling of pool allocated streams 2022-06-27 11:21:24 +02:00
akallabeth
3d07eee3ac Abort input event send if the connection terminated 2022-06-27 11:21:24 +02:00
akallabeth
d745ba7c28 Assert function arguments in freerdp.c 2022-06-27 11:21:24 +02:00
akallabeth
43b1f51984 Unified setting of finalize_sc_pdus 2022-06-23 14:19:50 +02:00
akallabeth
a402f7c3c4 Fixed codec reset 2022-06-23 14:19:50 +02:00
akallabeth
379b42e3bd Simplified certificate resource cleanup 2022-06-23 14:19:50 +02:00
akallabeth
9613bd9bc6 Added function ReachedState to peer
This callback exposes the state the RDP peer has reached.
2022-06-23 14:19:50 +02:00
akallabeth
40723606e4 Exposed WTSVirtualChannelManagerOpen 2022-06-23 14:19:50 +02:00
akallabeth
f8a6c0db3f Do not assert in abort_connect 2022-06-23 14:19:50 +02:00
akallabeth
087e71f439 Use settings getter 2022-06-23 14:19:50 +02:00
akallabeth
07a5a6ef6d Added a check in DesktopResize for protocol violations 2022-06-23 14:19:50 +02:00
akallabeth
0563dae8b3 Cleanup tls_prepare 2022-06-23 09:18:37 +02:00
akallabeth
31304951de Regenerated settings helpers 2022-06-23 09:18:37 +02:00
Siva Gudivada
7ce4d8b196 add a new flag to enforce tls1.2 2022-06-23 09:18:37 +02:00
akallabeth
bc8b4ade1c reformatted 2022-06-23 08:48:39 +02:00
akallabeth
21cfb23e0b Improve codec error logging 2022-06-23 07:45:55 +02:00
akallabeth
968d4d8f8a Exposed freerdp_get_current_addin_provider 2022-06-23 07:45:55 +02:00
akallabeth
bbbe38c65d Fixed pointer cache 2022-06-23 07:45:55 +02:00
akallabeth
03e20cb541 Clean up pcap capture module 2022-06-23 07:45:55 +02:00
Armin Novak
66e73f8b08 Fixed missing static for functions, fixed declaration of FreeRDPAreColorFormatsEqualNoAlpha 2022-06-21 10:28:34 +02:00