mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,423 Commits 6 Branches 74 Tags 84 MiB
2aefa9418d
Commit Graph

129 Commits

Author SHA1 Message Date
Armin Novak
eb2782b3af [core,nego] Fixed a broken format string 2022-11-21 10:51:19 +01:00
akallabeth
d15e80e266 Fixed return of tpkt_verify_header 
Allow detection of an error (e.g. not enough data in stream)
 2022-11-04 14:46:58 +01:00
Armin Novak
b672bda85e Removed RdpKeyFile and RdpKeyContent settings 
They are a duplicate of PrivateKeyFile and PrivateKeyContent
 2022-07-06 12:01:23 +02:00
akallabeth
f25261e271 Unifiy string append functions 2022-06-17 08:41:46 +02:00
akallabeth
962c5c3ef0 Fixed dead store warnings 2022-04-28 12:37:19 +02:00
akallabeth
6fd71fe737 Eliminate Dead nested assignment warnings 2022-04-28 12:37:19 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796) 
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
 2022-04-19 14:29:17 +02:00
akallabeth
3d38d2636c Decreased logging verbosity for INFO level 2022-03-04 09:34:02 +01:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
Armin Novak
874f47f01e Added more error checks to nego 2021-12-14 13:46:34 +01:00
Steve Pronovost
592f8d95be Fix connection negotiation with mstsc/msrdc 
mstsc/msrdc includes an optional correlation info
(RDP_NEG_CORRELATION_INFO) during connection negotiation. This confuses
FreeRDP which interpret this as a cookie and eventually fails the
negotiation, preventing a successful connection to these RDP client.

This commit addresses 3 things.

1) When processing connection token or cookie, skip if the remaining
bytes are neither.
2) After processing the RDP_NEG_REQ info, skip the optional correlation
info (RDP_NEG_CORRELATION_INFO) if one is present.
3) Allow local connection without server certificate when the client
inherently trust the server.
 2021-10-21 13:11:21 +02:00
Armin Novak
17f530a866 Transport opaque 2021-09-09 08:36:01 +02:00
akallabeth
f1bde376b1
Raw channel send (#7255) 
* Added raw channel data write function

* Use nego_set_state

* Added ArrayList_ForEachAP

* Provide va_copy for older VS compilers
 2021-08-26 16:17:51 +02:00
Armin Novak
2a91afb0cf Added adjustable tcp connect timeout 2021-06-08 08:21:47 +02:00
akallabeth
e2fd9db0b5 Added const to function arguments 2021-02-17 11:29:56 +01:00
akallabeth
5409f4f043 Implemented 2.2.1.17.1 Persistent Key List PDU Data, added checks 
* Implemented missing server side version of PDU (just skip data)
* Refactored read/write functions to properly check stream
  length/capacity and handle return values.
 2020-11-20 09:39:25 +01:00
akallabeth
6b485b146a Fixed oob read in irp_write and similar 2020-05-06 13:31:57 +02:00
Armin Novak
318cb3dd47 Added tpkt header length plausibility checks. 2020-03-02 11:40:35 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6 Fixed strnlen issues. 2019-11-05 14:55:33 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
asapelkin
82eadad4a4 Fix some static analizer warnings 2019-10-22 15:39:54 +02:00
Armin Novak
306c557512 Getter for state to string 2019-09-04 15:46:47 +02:00
Mati Shabtay
b907324009 First version of an RDP proxy (#5372) 
* server: Add proxy dir with barebones server

* sever/proxy: Remove licensing

* server/proxy: Add client files

* server/proxy: rm binary

* server/proxy: Formatting

* server/proxy: Fixed includes and added basic client creation functionality

* server/proxy: Remove licensing and fix ifndef

* proxy/server: Fix cmake indentation

* server/proxy: Fix licensing

* server/proxy: Forward connection on peer_post_connect

* server/proxy: Fix function signature

* server/proxy: Changed function signature of proxy_client_start

* server/proxy: Now peer_post_connect calls proxy_client_start in a new thread

* pfreerdp.c: Clean up useless comments and logs

* server/proxy: Fix license

* server/proxy: Remove all non-connection related data from proxy_context

* server/proxy: Move Log Tag definition to pf_log.h

* server/proxy: Move context definition to pf_context

* server/proxy: Delete pfreerdp.h

* pfreerdp.c: Move context callbacks to pf_context.c

* server/proxy: Update CMakeLists.txt

* pf_channels: Use new proxy context API

* pf_client: Move context to pf_context

* pf_client.c: Remove unnessecary event handling

* server/proxy: Formatting

* proxy/server: Move server logic to pf_server.c

* server/proxy: Handle client disconnection

* Merge stash

* pf_server.c: Open GFX Connection to client

* server: CMakeLists: build proxy along with other servers

* server: proxy: get target server from rdpNego->RoutingToken

Iv'e omitted a check from  which im not sure is right. Should check in docs

* server/proxy: Handle remote server -> client disconnection

* server/proxy: Move common function  to pf_common.c

* server/proxy: Move common function  to pf_common.c

* rdpgfx.h: Add reference to freerdp.h for rdpContext

* pf_channels: Pipe GFX on channel connection

* server/proxy: Add pf_rdpgfx for proxy gfx callbacks

* pf_client: Declare dynvc and gfx capabilities on connection

* server/proxy: Add graphics callbacks

* server/proxy: Add graphics callbacks

* pf_server: Listen to channel events

* Pass user settings to server

* pf_server: Proxy mouse events

* fixup! server/proxy: Add graphics callbacks

* pf_client: Fix setting initialization

* Merge feat/proxy-gfx to feat/proxy

* pf_server: Fix double freed credentials

* server/proxy: Remove unnecessary call to freerdp_client_settings_parse_command_line

* server/proxy: Refactor re-activation code

* server/proxy: Run format scripts

* server/proxy: Fix segfault when post_disconnect return FALSE

* server/proxy: Refactor proxy_settings_mirror

* server/proxy: Redirect credentials

* server/proxy: move proxy_settings_mirror to pf_common.c

* server/proxy: Redirect desktop_resize event

* pf_client: Remove interactive CLI auth methods

* fixup! server/proxy: Redirect credentials

* server/proxy: Rename proxy_mirror_settings to pf_common_copy_settings

* pf_server.c: Fixed non-freed context

When the disconnection is forced by the target server, the function
`pf_server_handle_client_disconnection` isn't called. Therefore, the
context of the connection between the proxy to tagrget isn't freed.

* fixup! pf_server.c: Fixed non-freed context

* pf_client: Prefix all client methods with pf_client

* pf_context: Add init client to proxy context method

* pf_server: Confirm all GFX caps regardless of settings

* pf_server: Prefix all methods with pf_server

* pf_server: Move variable decleration to start of method

* pf_server: Fix client setting

* pf_server: Fix GFX init method

* pf_server: Move variable decleration to start of methods

* server/proxy: Formatting

* Merge feat/proxy

* pf_server: Proxy synchronize event

* pf_server: Proxy refresh rect update events

* pf_server: Proxy suppress output messages

* server/proxy: Fix licensing

* server/proxy: Move client input callbacks to pf_input

* server/proxy: Move client update callbacks to pf_update

* server/proxy: Fix non-terminated target host string

* Feat/proxy config (#2)

* server/proxy: Add config loading support

* server/proxy: Add config file

* server/proxy: Format code

* server/proxy: Code refactor, rename update_register_callbacks and input_register_callbacks

* server/proxy: Update config file

* server/proxy: Remove config.ini from root directory

* Remove comment from config file

* server/proxy: Fix leak in pf_server_load_config

* server/proxy: Add rdpServerProxy struct and embed it in proxyContext

* server/proxy: Load configuration and pass it inside every proxyContext instance

* server/proxy: Move rdpProxyServer to proxy.h

* server/proxy: Use configuration while proxying input events

* server/proxy: Update CMakeLists

* server/proxy: Refactor pf_input.c

* server/proxy: Add AllowedChannels, DeniedChannels in configuration

* server/proxy: Remove unnecessary variable from parse_channels_from_str

* server/proxy: Update config file

* server/proxy: config: Rename  to

* server/proxy: config: Add mode - blacklist/whitelist

* server/proxy: Refactor, fix NULL deref

* server/proxy: Add license to proxy.h

* server/proxy: Fix newline in pf_config.c

* server/proxy: config: Rename Mode to WhitelistMode

* Add target in config. Add checks for configuration validity (#3)

* Add target in config. Add checks for configuration validity

* Update config file

* libfreerdp: nego: revert commented out check of routingToken length

* pf_server: Fix target host info from RoutingToken

* pf_server: Remove hardcoded lenght of routing token prefix

* Feat/refactor context (#8)

* Refactor main structs

* Update CMakeLists.txt

* pf_server.c: Free pdata at the end of the connection

* Run format scripts

* Rename tf to pc

* Fix licenses

* pf_server: Refactor names of structs and functions

* proxy: gfx: sync caps (#4)

* proxy: gfx: sync caps

* proxy: gfx: sync caps, hook gfx client's OnClose() call and close server resources

* fixup! Feat/refactor context (#8)

* fixup! fixup! Feat/refactor context (#8)

* rdpgfx/client: Fix rdpgfx_recv_caps_confirm_pdu caps set length parsing

* Run format scripts

* proxy config.ini: Change default port to 3389

* pf_rdpgfx: Limit caps version to freerdp's supported versions

* Gfx OnOpen() wait for dynvc ready (#10)

* proxy/gfx: Wait for dynvc ready state before open

* pf_channels: Initialize pc->gfx

* pf_rdpgfx: Add log and fix comments

* rdpgfx: Fix GFX v10.6 PDUs parsing and naming according to the spec

* pf_rdpgfx: Proxy rdpgfx v10.6 PDUs

* gfx client: Publish FrameAck sending and add auto ack flag

* proxy/gfx: Forward frame ack messages

* pf_context: Forward domain on connection

* pf_rdpgfx: Change max supported caps to 10.6

* proxy: Update config

* server/proxy: Use configuration in pf_server_handle_client

* rdpgfx/client: Fix size of surface_to_scaled_window, surface_to_window

* pf_rdpgfx: Fix formatting

* pf_server.c: Fix comments

* Move pf_server_rdpgfx_init to pf_rdpgfx

* server/proxy/CMakeLists.txt: Fix formatting

* pf_client.c: Add comment in proxy_server_reactivate

* Fixed const correctness of gfx function pointer

Signed-off-by: Mati Shabtay <matishabtay@gmail.com>

* server: proxy: update copyright

* server: proxy: wrap rdpNego and add a getter for routing token

* Refactor routing token getter (#14)

* Refactor routing token getter

* pf_server_parse_target_from_routing_token change routing_token_length to be DWORD

* libfreerdp/core/nego.c: Run format script

* pf_server: Run format script

* server/proxy: Fix os msbuild tests

* pf_channels.c: Remove unused channels

* pf_client: Remove unused callbacks

* proxy: Remove encomsp callbacks from proxy's client

* client/rdpgfx_main.c: Fix msbuild test

* pf_config.c: Use StrSep instead of strsep for Windows builds

* Removed nego struct from direct access.

Signed-off-by: Mati Shabtay <matishabtay@gmail.com>

* proxy: Rename binary to freerdp-proxy

* rdpgfx_main.c: Revert unwanted double change to send_supported_caps

* Cleaned up proxy server code.

* All internal functions static
* Added simple command line argument to supply a config file
* Silence compiler warnings

Signed-off-by: kubistika <kmizrachi18@gmail.com>
 2019-05-17 14:32:54 +02:00
Armin Novak
8110c391bf Fixed requested protocol define names according to spec. 2018-12-05 10:55:06 +01:00
Armin Novak
b1d2a4767b Fixed warnings in nego. 2018-12-05 10:55:06 +01:00
Armin Novak
82863a8518 Refactored NLA to be self contained. 2018-12-05 10:55:06 +01:00
Armin Novak
5ca8eca18e Made nego self contained. 2018-12-05 10:55:06 +01:00
Armin Novak
7ec9e942fb Fixed zero sized allocation. 2018-11-29 12:11:33 +01:00
Ondrej Holy
6e0f05cbdb core/nego: Fix leak found by covscan 
leaked_storage: Variable "wszPCB" going out of scope leaks the storage it points to.
 2018-08-22 14:34:02 +02:00
Armin Novak
77eb93b4b7 Made internal functions static to help compiler optimize. 2018-07-10 12:21:38 +02:00
Armin Novak
7a39dcd7e2 Updated reconnect to handle cases where PostConnect was not called 
freerdp_reconnect might be called after a freerdp_connect failed due
to a TCP timeout waiting for user input.
In such cases we need to know if PostConect was already called and
do that if not.
 2018-07-10 12:04:27 +02:00
David Fort
782039c6aa
Merge pull request #4589 from oshogbo/token 
Recognize only the cookie format anything else treat as token.
 2018-04-26 11:59:15 +02:00
Mariusz Zaborski
6515453886 Recognize only the cookie format anything else treat as token. 
If in the RDP file we will set loadbalanceinfo.
Instead of getting the cookie value we will get load balance info.

For example:
0000 03 00 00 2a 25 e0 00 00 00 00 00 74 73 76 3a 2f ...*%......tsv:/
0010 2f 56 4d 52 65 73 6f 75 72 63 65 2e 31 2e 41 48 /VMResource.1.AH
0020 0d 0a 01 00 08 00 0b 00 00 00                   ..........

The MSFT-SDLBTS document don't describe this behavior.

For this reason lets treat the token as anything ended with seqance
CR and CL. To be honest we already did that because in the core/connection.c
file where we are seting the routing_token to the LoadBalanceInfo.
 2018-04-24 15:00:00 +02:00
Mariusz Zaborski
b9ddf2046c Fix comments where is cookie and where is token. 2018-04-24 14:34:45 +02:00
Armin Novak
2fc31fcb37 Set connection error if TCP connect fails. 2018-04-11 09:09:23 +02:00
David Fort
41823080f9 Fix users of Stream_GetPosition() that returns size_t 2017-12-11 22:38:58 +01:00
Armin Novak
8292b4558f Fix TALOS issues 
Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839
 2017-07-20 09:28:47 +02:00
Norbert Federa
f71b6b46e8 fix string format specifiers 
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
 2016-12-16 13:48:43 +01:00
Marc-André Moreau
e4714f3422 freerdp: fix Hyper-V connectivity, fix issues #2421 and #3325 2016-05-11 15:52:36 -04:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials 
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
 2016-01-21 11:27:06 +01:00
clangm
ac089f8a3f Removed if statement that was causing network characteristics autodetect to not work 2015-09-11 15:01:31 -06:00
Martin Haimberger
951a2d2210 stream: check stream_new in winpr and libfreerdp 
also fixed a few things
 2015-05-29 04:46:50 -07:00
Hardening
f8120919af Add checks for some XXX_New and XXX_Add functions 
Based on PR #2616
 2015-05-18 11:28:00 +02:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
Norbert Federa
abeb79f2bb nego: fixed X.224 Connection Request PDU parsing 
The X.224 Connection Request PDU might contain an optional cookie or
routing token before the optional RDP Negotiation Request (rdpNegReq).
If present, both of these fields must be terminated by a 0x0D0A
two-byte sequence. It seems that until now FreeRDP has incorrectly
assumed that a token or cookie must always be present.
If that was not the case, FreeRDP was searching for 0x0D0A until it
arrived at the end of the stream which prevented the remaining data
(RDP Negotiation Request, RDP Correlation Info) from being parsed.
 2015-03-30 13:07:03 +02:00
Marc-André Moreau
44d06888bb libfreerdp-core: fix BIO leaks 2015-02-18 15:36:57 -05:00
Marc-André Moreau
eddfee56a3 libfreerdp-core: prepare client-side NLA for event-driven structure 2015-02-15 14:54:10 -05:00
David FORT
6a8d21cab9 Fix server-side protocol negociation 
Before this patch, RDP security was (wrongly) the fallback when negociating a
security protocol between the client and the server. For example when a client
was claiming TLS-only when connecting to a FreeRDP based-server with RDP security only,
the result of the negociation was that the server started to do RDP security.
The expected behaviour is to send a nego failure packet with error code
SSL_NOT_ALLOWED_BY_SERVER. This patch fixes this.

We also try to handle all cases of failed negociation and return the corresponding
error code.
 2015-02-11 21:38:32 +01:00