Commit Graph

111 Commits

Author SHA1 Message Date
Brent Collins
e21f9e359b Initialize SSL directly in the sample server, instead of relying on the SSL initialize logic
in the tls code as it was removed in a previous patch due to its redundancy.
2017-11-17 12:43:07 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Armin Novak
8b9e3fa51e Fixed use of reserved keywords for include guards. 2017-07-20 09:35:41 +02:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
Norbert Federa
99a58ab20d Fixed sample server's wrong rfx pixel format 2017-07-10 11:31:42 +02:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Norbert Federa
c6e6b44143 countless WLog/printf format specifier fixes 2016-11-25 17:06:25 +01:00
zihao.jiang
ddc326d6d3 Fix server side code to be aware of rereadEvent 2016-10-27 23:43:09 +08:00
David Fort
f92860de87 Applied astyle formatting 2016-10-14 15:12:48 +02:00
David Fort
5b080359a9 sample-server: add a "local only" option to just listen on an UNIX socket
This makes things nicer for tests that don't need internet access.
2016-10-14 15:12:48 +02:00
Armin Novak
9a1c60885c Unified RFX server color format. 2016-10-06 13:43:15 +02:00
Armin Novak
df35c135d1 Fixed color conversion, unified GFX and updated API. 2016-10-06 13:42:58 +02:00
Armin Novak
ce8f3f2539 Fixed context reset of sample server. 2016-03-02 14:46:33 +01:00
Armin Novak
2e110c7f35 Fixed codec reset, now resetting resolution too.
H264 and others require the surface resolution to work properly.
This initializes the codecs and the resolution on reset.
2016-03-02 14:46:33 +01:00
Armin Novak
b69047064a Replaced stream manipulation with EnsureCapacity. 2016-02-29 12:54:31 +01:00
Armin Novak
e79eee2bb1 Fixed Stream API misuse. 2016-02-25 20:01:12 +01:00
Armin Novak
96bf6fc89e Fixed inverted check. 2016-02-03 12:46:02 +01:00
Armin Novak
c2d2ead7d1 Fixed error check. 2016-02-03 11:43:01 +01:00
Armin Novak
6ed43cd6ec Updated pdb file locations.
Now supporting generators NMake and Visual Studio.
2015-12-15 12:08:35 +01:00
Armin Novak
cb958ba9c6 Added pdb files to package target.
Fixed name collision with freerdp-shadow targets.
2015-12-15 12:07:21 +01:00
Martin Haimberger
52405a3e79 Remove WIN32ERROR type
All return values are UINT now.
2015-08-27 05:38:20 -07:00
Martin Haimberger
6ab0187d84 Merge remote-tracking branch 'upstream/master' into mh-channel
Conflicts:
	channels/audin/client/oss/audin_oss.c
	channels/drive/client/drive_main.c
	channels/printer/client/printer_cups.c
	channels/printer/client/printer_main.c
	channels/rail/client/rail_main.c
	channels/rdpgfx/client/rdpgfx_main.c
	channels/rdpsnd/client/oss/rdpsnd_oss.c
	channels/remdesk/client/remdesk_main.c
	channels/remdesk/server/remdesk_main.c
	channels/tsmf/client/tsmf_media.c
2015-07-15 01:57:07 -07:00
Martin Haimberger
b8c110d19b introduced channel error reporting system
The rdpContext gets an event which will
get set if an error occoured in a channel.

If a thread or a void callback has to report an
error it will get signaled by this system.
2015-07-15 00:50:35 -07:00
Armin Novak
cf9f975341 Replaced snprintf with sprintf_s 2015-07-03 13:26:15 +02:00
Armin Novak
40a7f2c995 Added missing include breaking windows build. 2015-07-03 12:46:28 +02:00
Armin Novak
82da97e606 Updated sample server.
* Added new command line argument --port to allow starting the
  sample server on a port different than default 3389.
* Using GetKnownSubPath now to determine location of temporary
  directory for server socket.
* Using distinct server socket files for each port.
2015-07-03 10:04:24 +02:00
Armin Novak
89eac97d0e Fixed uninitialized value. 2015-06-23 12:09:42 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Martin Haimberger
156f86e487 hardend channel audin 2015-06-18 03:04:31 -07:00
Norbert Federa
25fc866a58 Fix unchecked CreateThread calls and misc fixes 2015-05-05 13:55:48 +02:00
Norbert Federa
ef1fd12b15 Fix unchecked CreateEvent calls and misc fixes
1)
Added missing checks for CreateEvent which also required the
following related changes:

- changed freerdp_context_new API to BOOL
- changed freerdp_peer_context_new API to BOOL
- changed pRdpClientNew callback to BOOL
- changed pContextNew callback to BOOL
- changed psPeerAccepted callback to BOOL
- changed psPeerContextNew callback to BOOL

2)
Fixed lots of missing alloc and error checks in the
changed code's neighbourhood.

3)
Check freerdp_client_codecs_prepare result to avoid segfaults
caused by using non-initialized codecs.

4)
Fixed deadlocks in x11 caused by missing xf_unlock_x11() calls
in some error handlers

5)
Some fixes in thread pool:
- DEFAULT_POOL assignment did not match TP_POOL definition
- don't free the pool pointer if it points to the static DEFAULT_POOL
- added error handling and cleanup in InitializeThreadpool
2015-04-29 18:18:39 +02:00
Norbert Federa
84577b1ca7 codec/rfx: error checking and various fixes
- removed some unneeded null checks for free()
- fixed a memory leak in shadow_client
- removed rfx_compose_message_header from API

Changed the following functions to BOOL, check the result
where they are called and handle failures:
- rfx_compose_message
- rfx_compose_message_header
- rfx_write_tile
- rfx_write_message_tileset
- rfx_write_message_frame_begin
- rfx_write_message_region
- rfx_write_message_frame_end
- rfx_write_message

rfx_process_message:
- check memory allocation failures
- verify protocol-conform order of data messages to prevents memory
  leaks caused by repeated allocations
- verify that header messages were parsed/received before the
  data messages
- treat unknown rlgr mode as error
- fixed/added error handling
- fixed all callers to check/handle result

rfx_encode_message:
- fixed incorrect usage of realloc
- missing malloc check
- missing check of CreateThreadpoolWork
- correct cleanup on failure (threadpool, memory)
- check rfx_encode_message result

rfx_encode_messages:
- check rfx_split_message result
- correct cleanup on failure
- prevent memory leak on failure

rfx_write_message_context:
- fixed invalid channelId value (must be 0xFF for WBT_CONTEXT)

rfx_process_message_codec_versions:
- fixed invalid read size of codec_version (it is 16bit)

rfx_process_message_channels:
- verify protocol conform channelId value

rfx_process_message_region:
- replaced invalid reallocs with malloc
- read and verify regionType and numTileSets from stream

rfx_process_message_tileset:
- check allocation results
- fixed incorrect usages of realloc

setupWorkers:
- fixed incorrect usages of realloc

rfx_split_message:
- removed dead code
- missing malloc check

rfx_compose_message:
- fixed a memory leak
- check/handle rfx_encode_message result
2015-04-23 15:42:21 +02:00
Hardening
6cd7713e12 Merge pull request #2544 from bmiklautz/boolenization
change return types of callbacks to BOOL
2015-04-22 11:01:27 +02:00
Armin Novak
65a4c6e1fc Changed listener callback arguments and return. 2015-04-21 15:57:25 +02:00
Bernhard Miklautz
1e6943bf31 Fix formating 2015-04-21 14:20:24 +02:00
Bernhard Miklautz
515502ffa5 change return types of callbacks to BOOL
* change all client/server callbacks to BOOL
* update all clients accordingly
* add multiple return value checks
* small fixes
2015-04-21 14:18:07 +02:00
Armin Novak
6e213bc61b Modified GetEventHandles of listener
Now using nCount as in and out argument.
When called, set nCount to the number of available handles.
This value is checked and an error returned, if not enough
handles are available.
2015-04-21 12:09:44 +02:00
Armin Novak
7b0d7b3552 Using new API for socket listener. 2015-04-19 10:39:08 +02:00
Armin Novak
4ed891b599 Moved client handler to new API. 2015-04-19 10:39:08 +02:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
ddedc574f3 freerdp: remove tcp, uds utils 2014-11-12 14:06:34 -05:00
Armin Novak
89bb28adb2 Fixed setting of RV_VERSION_PATCH, now BUILD_NUMBER is used for every library.
Executable names are now correctly set, using CMAKE_EXECUTABLE_SUFFIX now.
Fixed version defines for winpr executables.
2014-10-09 16:18:35 +02:00
Armin Novak
5364a834c4 Added windows version information to build. 2014-10-03 15:17:40 +02:00
Armin Novak
5b5791c8d7 Using wlog for server now. 2014-09-15 08:55:00 +02:00
Bernhard Miklautz
0313ca3622 libfreerdp: always build "MONOLITHIC"
"libfreerdp" consisted of multiple (small) single libraries. If the cmake
option MONOLITHIC was used only one library was build combining all of
the libfreerdp-* libraries.
The only exceptions to this are libfreerdp-server and libfreerdp-client these
are build as separate libraries.

This commit obsoltes non-monolithic builds and makes monolithic builds
the default. The cmake option MONOLITHIC is also removed.
2014-09-12 00:19:53 +02:00
Armin Novak
784696c1cd Fixed missing includes and invalid replacement. 2014-08-11 09:38:08 +02:00
Armin Novak
8d8719e101 Replaced fprintf with DEBUG_WARN 2014-08-11 09:19:47 +02:00
Bernhard Miklautz
6a49bcfe40 winpr: always build "monolitic"
winpr is now always build as single library.
The build option MONOLITHIC_BUILD doesn't influence this behavior anymore.

The only exception is winpr-makecert-tool which is still build as extra
library.

This obsoletes complex_libraries for winpr.
2014-07-10 11:10:58 +02:00
Hardening
4b6edb913c Make server sound thread optionnal
This patch makes the server-side sound channel thread optionnal, and
exposes functions to handle channel traffic from the outside.
2014-07-02 10:31:45 +02:00
Marc-André Moreau
f1a866340e server/Sample: stub server-side encomsp channel 2014-06-25 15:21:02 -04:00