Commit Graph

225 Commits

Author SHA1 Message Date
Marc-André Moreau
801dc0f826 freerdp: add configurable NTLM SAM file option for server-side NLA 2016-07-21 18:58:24 -04:00
Marc-André Moreau
e4714f3422 freerdp: fix Hyper-V connectivity, fix issues #2421 and #3325 2016-05-11 15:52:36 -04:00
Armin Novak
53445768ed Added command line option /cert-tofu 2016-03-31 12:16:55 +02:00
Armin Novak
50873be062 Added advanced gfx command line options. 2016-03-24 16:36:43 +01:00
Armin Novak
dccf40c2bc Fixed duplicate loading of smartcard and printers. 2016-02-26 15:21:11 +01:00
Armin Novak
447ac23aee Refactored timezone functions. 2016-02-24 09:28:30 +01:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-21 11:27:06 +01:00
Roland Kaufmann
6f6f0b0c53 Move UnmapButtons settings to stable ABI section
The Miscellaneous section is chosen because choosing not to map the
buttons is not a property of the input system, but rather an ad-hoc
setting to be applied to this session.
2015-12-16 23:21:43 +01:00
Roland Kaufmann
600d3c5ccb Add option to disable pointer button mapping
In case the old behaviour of not reverse-mapping the mouse buttons is
desirable, a command-line option is added to disable the mapping. This
option is made experimental for the time being.

The default is to do the reverse mapping, as this is the intuitive
behaviour (the mouse then works as it would on the console).
2015-12-15 17:42:57 +01:00
Armin Novak
a5db7117c8 Implemented horizontal wheel support.
Horizontal mouse wheel input capabilities are now checked
and if available mouse buttons 6 and 7 are mapped to the
horizontal wheel for the X11 client.
2015-12-14 18:29:23 +01:00
Vic Lee
6f639c1e34 gcc: read and write desktop scale settings in core data. 2015-08-27 16:19:40 +08:00
Vic Lee
8394d8c677 gcc: read and write monitor extended data. 2015-08-27 15:26:37 +08:00
Bernhard Miklautz
1b8dd139a9 cmd line: add missing checks
* strdup
* some allocs
2015-06-22 19:23:57 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Marc-André Moreau
6b1fefea40 freerdp: fix remote assistance mode, add multi-address connection 2015-05-06 16:32:45 -04:00
Marc-André Moreau
6202f48c12 libfreerdp-core: add configurable TSG/RGB fallback, fix edge cases 2015-03-19 11:44:47 -04:00
bjcollins
d4a9a2d3a8 Remove override redirect flag for fullscreen with keyboard grab enabled. Window manager should always know about the main window.
Small cleanup of passing around decorations flag.
Limit PercentScreen to single monitor vs. entire desktop. IMO - this is better behavior in a multimonitor environment.

Handle fullscreen windows better:
1. Ensure that size hints are set to allow resizing before setting a window to fullscreen as some window managers do not behave properly.
2. Handle fullscreen toggles without destroying and recreating window.
3. Use NET_WM_STATE_FULLSCREEN Extended Window Manager Hint for fullscreen functionality
4. Use the NET_WM_FULLSCREEN_MONITORS Extended Window Manager Hint when appropriate
5. When a single monitor fullscreen is requested - use the current monitor(as determined from mouse location)
6. Handle cases where there is no local monitor at coordinate 0,0. The Windows server expect there to be a monitor at this location, so we maintain offset if necessary between our local primary monitor and the server side primary monitor located at 0,0.
2015-02-23 11:22:28 -06:00
Marc-André Moreau
fa06c4d401 libfreerdp-core: improve reconnection 2015-02-06 14:21:26 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
6ccce86140 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	winpr/libwinpr/thread/thread.c
2014-12-03 10:10:50 -05:00
Norbert Federa
25f66d2e6d xfreerdp: added smart sizing, mt gesture fixes
- removed setting ScalingFactor
- added settings SmartSizingWidth and SmartSizingHeight
- changed option /smart-sizing to optionally support <width>x<height>
- consolidated transformation of input event coordinates
- rdp8 gfx ignored scaling and panning offsets: fixed
- never resize window on panning/pinching
- simplified keyboard multitouch gesture debugging emulation
- disabled keyboard multitouch gesture emulation debug code via define
2014-12-01 11:56:44 +01:00
Marc-André Moreau
7881ec762e server/shadow: avoid sending pointer updates when not active, fix remdesk leak 2014-11-21 15:10:39 -05:00
Marc-André Moreau
ca1cec64d8 libfreerdp-core: update RDP8 virtual channels 2014-09-25 17:31:05 -04:00
Marc-André Moreau
c762a4d5a2 Merge branch 'master' of github.com:awakecoding/FreeRDP into shadow 2014-09-25 10:35:14 -04:00
Marc-André Moreau
c4ad706c34 libfreerdp-core: improve bitmap codec negotiation 2014-09-21 15:40:27 -04:00
Emmanuel Ledoux
e9749c6b3f serial: ability to turn on the permissive mode from the command line 2014-09-16 12:08:33 +02:00
Marc-André Moreau
9adaadb93a shadow: add more virtual channels to RDP backend like WDS API 2014-08-14 19:23:48 -04:00
Marc-André Moreau
7171a0b5c1 libfreerdp-core: fix reconnection using client random 2014-08-11 11:23:23 -04:00
Marc-André Moreau
ef04373628 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-07-26 14:43:10 -04:00
Benoit LeBlanc
653d52bff3 Merge branch 'master' of git://github.com/awakecoding/FreeRDP 2014-07-18 12:02:52 -04:00
Daniel Bungert
625f7c3c22 Add arguments for managing tls ciphers & netmon
This adds 2 arguments:
    /tls-ciphers                List of permitted openssl ciphers - see ciphers(1)
    /tls-ciphers-netmon         Use tls ciphers that netmon can parse

With KB2919355, client/server negotiate the use of
TLS cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
which works fine except that netmon can't parse it.
By adding commandline /tls-ciphers-netmon, we restrict
the available ciphers to a list that netmon can
deal with.  Also adds /tls-ciphers, which
accepts a string arg, for further customization.
2014-07-17 06:59:06 -06:00
Benoît LeBlanc
18eaddc7fe Merge branch 'master' of git://github.com/awakecoding/FreeRDP
# By Marc-André Moreau (20) and others
# Via Mike McDonald (6) and others
* 'master' of git://github.com/awakecoding/FreeRDP: (26 commits)
  libfreerdp-codec: fix C++ headers
  libfreerdp-codec: fix ClearCodec short vbar cache hit
  libfreerdp-codec: improve ClearCodec error checking
  libfreerdp-codec: fix ClearCodec RLEX decoding
  libfreerdp-codec: ClearCodec fix error codes and wrapping around of cursors
  libfreerdp-codec: fix some ClearCodec flag checking
  Fixed issue with last merge.
  Added #ifdef WITH_OPENH264 ... #endif to appropriate places in the code.
  libfreerdp-codec: handle long vbar length mismatch
  channels/rdpgfx: add egfx command line options and settings
  libfreerdp-codec: reduce number of variables
  libfreerdp-codec: improve ClearCodec robustness
  libfreerdp-codec: simplify ClearCodec code
  Initial implementation of H.264 decoder for MS-RDPEGFX
  libfreerdp-codec: improve ClearCodec subcodec xStart, yStart handling
  libfreerdp-codec: improve ClearCodec subcodec support
  libfreerdp-codec: improve ClearCodec error checking
  libfreerdp-codec: more ClearCodec vBar caching
  channels/rdpgfx: harden parsing code
  libfreerdp-codec: add ClearCodec glyph cache
  ...
2014-07-08 16:45:59 -04:00
Benoît LeBlanc
84d0089401 Added KeyboardHook to settings 2014-07-08 16:32:28 -04:00
Marc-André Moreau
c16000e67b Merge branch 'master' of github.com:FreeRDP/FreeRDP into egfx 2014-07-08 12:29:30 -04:00
Marc-André Moreau
5c5386fe04 channels/rdpgfx: add egfx command line options and settings 2014-07-03 14:35:03 -04:00
Emmanuel Ledoux
e4840d3596 Merge remote-tracking branch 'upstream/master' 2014-07-03 11:56:00 +02:00
Marc-André Moreau
b60eff8e42 channels/remdesk: start sending authentication data 2014-06-30 12:51:27 -04:00
Emmanuel Ledoux
9fc225ac5d Merge branch 'ports'
Conflicts:
	channels/serial/client/serial_tty.c
2014-06-30 17:22:15 +02:00
Marc-André Moreau
af1be38775 client/common: parse and use remote assistance file 2014-06-28 18:33:46 -04:00
Emmanuel Ledoux
e6c82f99d5 serial: ability to setup the server serial driver thanks to a third parameter on the command line 2014-06-18 18:20:21 +02:00
Marc-André Moreau
709df9aecc libfreerdp-core: add connection timeout, fix gateway bypass local 2014-05-30 14:03:20 -04:00
Marc-André Moreau
af4a413287 Merge branch 'non_blocking_writes' of github.com:hardening/FreeRDP into non_blocking_writes 2014-05-22 14:01:44 -04:00
Hardening
dd6d829550 Allow transport_write calls to be non-blocking
This big patch allows to have non-blocking writes. To achieve
this, it slightly changes the way transport is handled. The misc transport
layers are handled with OpenSSL BIOs. In the chain we insert a
bufferedBIO that will bufferize write calls that couldn't be honored.

For an access with Tls security the BIO chain would look like this:
  FreeRdp Code ===> SSL bio ===> buffered BIO ===> socket BIO

The buffered BIO will store bytes that couldn't be send because of
blocking write calls.

This patch also rework TSG so that it would look like this in the
case of SSL security with TSG:
                                         (TSG in)
                              > SSL BIO => buffered BIO ==> socket BIO
                             /
FreeRdp => SSL BIO => TSG BIO
                             \
                              > SSL BIO => buffered BIO ==> socket BIO
                                        (TSG out)

So from the FreeRDP point of view sending something is only BIO_writing
on the frontBio (last BIO on the left).
2014-05-21 17:42:31 +02:00
Marc-André Moreau
5e97757939 freerdp: fix improper .rdp file parsing 2014-05-10 17:28:34 -04:00
itsmikeeng
b65e8ac195 Fixed padding 2014-05-07 10:50:14 -07:00
Marc-André Moreau
3ee6494d36 libfreerdp-core: cleanup GatewayUsageMethod setting 2014-04-24 17:05:10 -04:00
Marc-André Moreau
4c920506ed libfreerdp-core: add 'Bypass RD Gateway server for local addresses' feature 2014-03-24 14:44:18 -04:00
Marc-André Moreau
4310089102 libfreerdp-core: add options for specifying compression level 2014-03-10 11:16:36 -04:00
Marc-André Moreau
8510ad3171 freerdp: remove rdpChannel definition in favor of CHANNEL_DEF 2014-02-28 12:07:22 -05:00
Marc-André Moreau
87be2e0f80 freerdp: add option to disable credentials delegation 2014-02-14 00:43:31 -05:00