Commit Graph

280 Commits

Author SHA1 Message Date
akallabeth
d7ebec5a65 [tidy] move loop variable declaration to loop 2024-02-22 12:31:50 +01:00
akallabeth
0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
akallabeth
207def5c56 [clang-tidy] readability-isolate-declaration 2024-02-15 11:49:16 +01:00
Armin Novak
db73c562a2 [core,gcc] split update of RDP encryption from gcc
* Update EncryptionLevel and EncryptionMethods before writing GCC data
* Use const rdpSettings* in all GCC write functions
2024-01-19 06:51:30 +01:00
akallabeth
2e42d8ac2b [core,connection] add more logging
log peer->ClientCapabilities execution failures
2024-01-10 08:27:14 +01:00
akallabeth
cd4d77af86 [settings] add deprecation warnings
direct struct access to rdpSettings now produces warnings if not
explicitly deactiaved by defining FREERDP_SETTINGS_INTERNAL_USE
2023-11-24 14:54:56 +01:00
akallabeth
1163cc4d5c [core] add internal settings.h include 2023-11-24 14:54:56 +01:00
akallabeth
3ca26384ee [core] only move state on demand active
rdp_client_connect_demand_active returns STATE_RUN_ACTIVE if we received
it, some other return otherwise
2023-11-21 13:54:29 +01:00
akallabeth
0ee61dcb62 [core,connection] improve parsing of demand active
Split up parsing, so we don´t have to reread the data.
2023-11-21 13:54:29 +01:00
David Fort
3c18a9980f [client,win32] implement connection to child session
Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
2023-09-27 11:57:49 +02:00
David Fort
8a39859612 [arm] various improvements
This patch moves the ARM configuration before starting the connection process, so
that we can do some provisioning of the FreeRDP settings with the items retrieved
from Azure.
Most notably that allows us to connect directly using RDSTLS security.
2023-09-04 10:24:56 +02:00
akallabeth
2102fa907a [core,connection] use dynamic logger rdp->log
for state transition logging use dynamic logger instead.
2023-09-02 07:56:21 +02:00
akallabeth
54021b50b0 [core,peer] fix initial state transitions
update initial state transitions according to [MS-RDPBCGR]
the diagram is misleading, some of the text below ambigious, but
1.3.1.1 Connection Sequence phase 10 description lists the dependencies
of server initiated messages.
2023-09-02 07:56:21 +02:00
ehdgks0627
d04ba8d6ef Correct typos and formatting errors in format strings
In several files, fixed typos in format strings that were causing unexpected output and formatting issues.
2023-07-28 15:34:46 +02:00
Martin Fleisz
37f9d5b494 core: Fix flag check to enable/disable RDSTLS security
On some platforms (i.e. Mac) the BOOL type might be narrower than the
`RedirectionFlags` type leading to an overflow when just assigning the
logical AND result to the setting. This fix makes sure that the value is
correctly set to either `TRUE` or `FALSE`.
2023-07-04 09:17:05 +02:00
akallabeth
4d350978dd [core] assert rdp->context 2023-06-26 10:53:43 +02:00
Marc-André Moreau
4d4dcd4511 Fix usage of explicit server name when different from connection host 2023-06-13 09:20:17 -04:00
Armin Novak
970f0c54e8 [stream] use const correct Stream_Pointer access 2023-06-08 08:09:33 +02:00
akallabeth
d71c58a04b [core,licensing] allow all SEC_AUTODETECT_REQ messages
follow up to fdcc36dd8d
autodetect messages also seem to be sent over global channel id
instead of message channel id
2023-05-26 11:52:54 +02:00
Armin Novak
da38ca3254 [core,server] decrease logging verbosity 2023-05-23 05:04:55 +02:00
Armin Novak
a433e1b761 [core,rdp] use a dynamic logger for rdpRdp 2023-05-23 05:04:55 +02:00
akallabeth
9ddd21e909 [core,connection] print a warning
if we receive an unexpected channel message print a warning.
2023-05-03 13:46:39 +02:00
akallabeth
fdcc36dd8d [core,connection] relax state machine
contrary to '[MS-RDPBCGR] 1.3.9 Connect-Time and Continuous Network
Characteristics Detection' we have seen autodetection reqeusts mixed in
between licensing messages. This relaxes the state machine and allows
handling.
2023-05-03 13:46:39 +02:00
David Fort
7b0b273ec1 mcs: drop a server-side warning on FreeRDP_ChannelDefArray::len
Server side we often see "FreeRDP_ChannelDefArray::len expected to be >= 31,
but have XXX", where XXX is lower than 31.

This patche fixes that, the old code was setting the size of ChannelDefArray to the
number of ChannelCount, which is usually not what we want. We want to keep it to 31
and have ChannelCount indicate how many of these channels are used.
2023-04-27 08:37:11 +02:00
Armin Novak
4d3d1bfe4d [core,autodetect] revert to [MS-RDPBCGR] states
remove 'convenience' states in main RDP state machine for autodetect
2023-04-24 14:18:20 +02:00
Pascal Nowack
43f0fbdc12 core/autodetect: Allow overriding connect-time autodetection handling
Currently, FreeRDP-based server implementations can do connect-time
autodetection.
However, without having any control over it.

In order to be able to override the default connect-time autodetection
handling, introduce three new states for the state machine of the
connection sequence and two new callbacks for the autodetect handling.

These are:
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_BEGIN
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_IN_PROGRESS
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_END

- OnConnectTimeAutoDetectBegin()
- OnConnectTimeAutoDetectProgress()

The END state is pretty simple: When the autodetection is finished and
the autodetect state is FREERDP_AUTODETECT_STATE_COMPLETE, transition
into the next state of the connection sequence.

The BEGIN state is entered, when capability-wise network autodetection
is available.
In this state, the OnConnectTimeAutoDetectBegin callback is called, the
server implementation may initialize any related handling here.
If the server implementation determines, that no further handling is
required, it can end the autodetection phase by returning
FREERDP_AUTODETECT_STATE_COMPLETE.
If not, and an autodetection request is sent, it returns
FREERDP_AUTODETECT_STATE_REQUEST.
The state machine of the connection sequence will then switch into the
IN_PROGRESS state.

In the IN_PROGRESS state, any incoming PDU is handled first, then the
OnConnectTimeAutoDetectProgress callback is called.
Like in the BEGIN state, the return value will determine, whether the
state machine of the connection sequence goes into the END state or goes
into (or rather stays) in the IN_PROGRESS state.
2023-04-13 09:58:52 +02:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Joan Torres
5f8e64f89c [core,connection]: Fix load balance setting on redirection
The routing token is already set for the nego on rdp_client_connect func.
2023-03-08 08:36:42 +01:00
Armin Novak
37936f5cbb [core,connect] check for valid hostname 2023-03-06 10:04:59 +01:00
Armin Novak
f5462bdf92 [core] fix rdp_client_establish_keys 2023-03-06 08:35:24 +01:00
Armin Novak
2450bf75e8 [core] improve assertions and logging 2023-03-05 17:03:18 +01:00
akallabeth
adce7378c3 [core,cache] make protocol caches private
most protocol internal caches do not need to be exposed. this reduces
the public API and allows us to more easily improve/change this during a
release cycle
2023-02-27 17:31:52 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
94b2f551b3 [core] update to new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
51e71b3c48 Fixed compiler warnings 2023-02-03 11:09:59 +01:00
akallabeth
a082f2b78a [core] improve logging 2023-02-03 11:09:59 +01:00
akallabeth
31695c94a1 [client random] refactor use
* use sizeof() instead of define length
* use settings getter/setter
2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3 [core] refactor certificate handling
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
  components
* Move all private key and certificate code to certificate.c,
  remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
  to write the certificate data
* Refactor security_establish_keys, use the random values stored in
  settings directly
2023-02-03 11:09:59 +01:00
Armin Novak
70f6c09ff4 [core] fix persistent bitmap cache setting
* Only activate if both, client and server support the capability
* Use settings getter to access setting
2023-01-26 09:30:17 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Armin Novak
a111a19c58 [core] check return of rdp_write_security_header 2023-01-25 09:37:40 +01:00
Armin Novak
2fc24420d1 [core] fix server side skip channel join
move to state CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT instead of
CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE
2023-01-25 09:37:40 +01:00
akallabeth
f2b934866a [core,connection] code cleanups 2023-01-24 10:16:55 +01:00
akallabeth
23281121bf [core] implement skip channel join 2023-01-20 11:19:18 +01:00
David Fort
bee2873b52 core: in connection.c use constant instead of raw value 2022-12-23 08:42:45 +01:00
Armin Novak
0e25f99602 Revert "[server,shadow] rdp_server_reactivate do not wait"
This reverts commit 34f44ce4a1.
2022-12-22 15:09:03 +01:00
Armin Novak
34f44ce4a1 [server,shadow] rdp_server_reactivate do not wait
in rdp_server_reactivate do not wait for the server to change state, let
the peer state machine handle that.
2022-12-19 10:38:18 +01:00