* Fix some missing argument checks for function pointer implementations
* Fix broken return value check for client->SendChannelData
* Updated const correctness for function pointer implementations
TPKT header length and consumption of data was not consistently
checked. This adds checks after each packet processed and fixes
any inconsistencies found.
If the provided arguments are not properly set up write
an error message explaining what is wrong.
Signed-off-by: Armin Novak <armin.novak@thincast.com>
This new function allows better logging of call locations
for errors. Additionally added freerdp_set_error_log macro
to record function, file and line the error was set.
Signed-off-by: Armin Novak <armin.novak@thincast.com>
* Move update notification related functions to new display.c: Not
related to `rdp.c`.
* Rename `rdp_write_monitor_layout_pdu` to `display_write_monitor_layout_pdu`.
* Add internal `display_convert_rdp_monitor_to_monitor_def` instead of
doing the conversion inside `display_write_monitor_layout_pdu`.
Stream_Seek() is used, but consequently Stream_SetPosition() is used
for position obtained by Stream_GetPosition() immediatelly before
Stream_Seek(). Let's remove this stream position changes due to its
redundancy.
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
This patch adds some callbacks so that the client can have access to the informations
stored in this packet. Server-side implementation is also there, so that a server
can send these informations to the client.
rdp_recv_message_channel_pdu always read the rdp security header
even if it was already previously read (which is the case if rdp
security is active)
This caused malfunctions and disconnects when heartbeat or bandwidth
autodetect packets were sent/received in rdp security mode.
Credit goes to @MartinHaimberger for identifying the broken code
part.
Change the return type of Stream_Ensure*Capacity from void to BOOL to be
able to detect realloc problems easily. Otherwise the only way to detect
this was to check if the capacity after the call was >= the required
size.
In case Stream_Ensure*Capacity fails the old memory is still available
and need to freed outside.
This commit also adds checks to most calls of Stream_Ensure*Capacity to
check if the call was successful.
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.
Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.
The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.
Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods
Changes in this commit:
Removed unnecessary/confusing changes of EncryptionLevel/Methods settings
Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)
Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method
Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2
Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level
Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)
Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
According to the Microsoft RDP specification, T.128 flow control PDUs
should be ignored when reading Share Control headers.
(http://msdn.microsoft.com/en-us/library/cc240576.aspx). This patch
checks if we got a flow control PDU (length = 0x8000) and advances the
stream to ignore the PDU.
* Zeroing xevent helped address some erratic behavior.
* valgrind complained about using xfBitmap uninitialized
during shutdown, traced it back to the initialization.
Bitmap_Prototype->size > sizeof(rdpBitmap).
* Early exit from recv_tpkt_pdu is necessary to address
a shutdown crash - the channelId value was being used
without being set in the disconnect case.
- fixed invalid stream position if extEncryptionMethods is not used
- enabled 56bit rdp security method
- fixed entropy reduction of the keys for 40 bit and 56 bit
- added rdp security incl. FIPS for fastpath output
- added FIPS encryption to fast path input
- fixed FIPS key generation in server mode
- fixed stream length correction in FIPS mode
- added rdp encryption for licensing packets (apparently some clients,
specifically cetsc, require the license packets received from the
server to be encrypted under certain RDP encryption levels)
- replace errnous virtual extended mouse event in focus in event
# By Marc-André Moreau (27) and others
# Via Marc-André Moreau
* 'master' of git://github.com/awakecoding/FreeRDP: (48 commits)
afreerdp: fix build on Android
libwinpr-wtsapi: include wtsapi32.h on Windows
wfreerdp: fix target exporting
wfreerdp: fix building against OpenSSL with MONOLITHIC_BUILD and shared libraries
wfreerdp: fix test build issues
libwinpr-crypto: implement CryptProtectMemory/CryptUnprotectMemory
libwinpr-memory: add missing definitions
libwinpr-memory: start stubbing
Increased size of stream on GCC conference create request from 512 to 1024. For large numbers of static virtual channels, the stream was being overflowed and was causing crashes.
Fixes to process new command line options (autodetect, heartbeat, multitransport), join the MCS message channel and process auto-detect PDUs during the connection sequence.
wfreerdp: fix build against static openssl library
winpr-hash: fix building against openssl in static mode
libfreerdp-gdi: fix invalidation of region with line drawing
mfreerdp: fix hungarian keyboard '0' and 'i' key inversion
Fixes build issue on Windows
libwinpr-synch: add active/inactive linked list for timer queue
libwinpr-synch: improve timer queue implementation
libwinpr-synch: make use of head's expiration time in timer queue
libwinpr-synch: make use of timespec for timer queue
libwinpr-synch: improve timer queue implementation
...
Conflicts:
client/common/CMakeLists.txt
