akallabeth
983c820f16
[codecs] make h264 and planar opaque
2023-04-11 10:58:03 +02:00
Joan Torres
1f58b64f68
[core,redirection] Fix sending redirection certificate
...
TargetCertificate option is set in TARGET_CERTIFICATE_CONTAINER format.
Exposed ELEMENT_TYPE_CERTIFICATE and ENCODING_TYPE_ASN1_DER1 to allow
building it externally in the mentioned format.
2023-04-11 10:29:16 +02:00
akallabeth
1a951a7ebc
[core,credssp] simplified name cache
2023-04-06 16:15:45 +02:00
akallabeth
182f15e475
[core] add logger to rdpContext
...
Add a dynamic logger for rdpContext
2023-04-06 12:11:46 +02:00
Armin Novak
f66110c611
[codec,rfx] refactor API
...
* Hide implementation details
* Add missing getter/setter
2023-04-05 20:41:42 +02:00
Armin Novak
a86218c761
[codec,rfx] fix numTile update
...
ensure there are enough tiles allocated before setting
2023-04-05 20:41:42 +02:00
Armin Novak
2285d912eb
[codec,rfx] add more assertions
2023-04-05 20:41:42 +02:00
Armin Novak
fcf3d0517e
[codec,rfx] clean up free functions
...
* automatically set message->freeRects internally
2023-04-05 20:41:42 +02:00
Armin Novak
77f4d96fef
[codec,rfx] use dynamic logger
2023-04-05 20:41:42 +02:00
Armin Novak
2bc5ac3638
[codec,rfx] assert arguments
2023-04-05 20:41:42 +02:00
Armin Novak
e94661ef71
[codec,rfx] fix rfx encoding
2023-04-05 20:41:42 +02:00
Armin Novak
1e63d8c493
[utils,passphrase] use CredUI on windows
2023-04-05 11:42:06 +02:00
Armin Novak
dc84e93fe5
[utils] fix windows console read
...
On windows freerdp_interruptible_getc did not work at all. Fix this so
that reading characters works. This still does not hide input for
passwords or is actually interruptible, but at least it reads the data
correctly.
2023-04-05 11:42:06 +02:00
Armin Novak
f4462f69e1
[core,credssp] fix logging with unicode
...
convert argument to proper type before logging
2023-04-05 11:40:22 +02:00
Armin Novak
2d1c56888d
[core,gateway] log win32 error code of fault PDU
2023-04-05 10:02:27 +02:00
Armin Novak
14fd94a38c
[core,gateway] fix http_request_write
...
ensure the stream is big enough to hold the data
2023-04-05 08:56:33 +02:00
Armin Novak
50ce5b834d
[core,server] warn if cert not RDP security compatible
2023-03-28 17:19:03 +02:00
akallabeth
1c63284372
[primitives,tests] use winpr_alinged_calloc
2023-03-28 11:34:52 +02:00
akallabeth
c840d127e9
[codec,yuv] use aligned allocation
2023-03-28 11:34:52 +02:00
akallabeth
b96e1bf577
[codec,progressive] use aligned allocation
2023-03-28 11:34:52 +02:00
akallabeth
4795ee5eac
[codec,planar] use aligned allocation
2023-03-28 11:34:52 +02:00
akallabeth
0297a58638
[codec,nsc] use aligned allocation
2023-03-28 11:34:52 +02:00
akallabeth
544e488686
[codec,rfx] use aligned allocation
2023-03-28 11:34:52 +02:00
akallabeth
ac14d7614c
[codec,interleaved] use aligned allocation
2023-03-28 11:34:52 +02:00
akallabeth
915aed6668
[codec,clear] use aligned allocation
2023-03-28 11:34:52 +02:00
akallabeth
641fa990f9
[cache,persistent] use aligned allocation
2023-03-28 11:34:52 +02:00
akallabeth
a5d7325164
[codec,progressive] resize tile cache by constant
...
The previouse size increment was power of two, which might run out of
memory really fast. Use a constant size increment instead.
2023-03-24 11:14:17 +01:00
akallabeth
ec095bc6dd
[codec,progressive] simplify tile cache allocation
2023-03-24 11:14:17 +01:00
David Fort
2fed8fb62e
[codec] fix tile usage in progressive
...
This is a fix for #8816 . When PROGRESSIVE_SURFACE_CONTEXT.tiles were reallocated, we were
ending up with wrong tiles in PROGRESSIVE_BLOCK_REGION.tiles when the memory block was moved.
2023-03-23 15:28:55 +01:00
David Fort
b7b46b8123
[codecs] make progressive honor threading flags
...
Progressive codec was not honoring the threading flags in settings like does
remoteFX, so even when no multiple threads decoding was asked, progressive was
using multiple threads anyway. This patch fixes it.
2023-03-20 15:32:28 +01:00
Armin Novak
937c158174
[core,gateway] copy data for credssp
...
the authentication data needs to be copied for use in credssp
fixes #8811
2023-03-17 22:28:13 +01:00
akallabeth
00572768b9
[core,rdp] fixed wrong format string
2023-03-15 08:22:23 +01:00
akallabeth
a5b42f0f84
[includes] untangled circular includes
2023-03-15 08:22:23 +01:00
akallabeth
a360f1ca8c
[build] fix a few compiler warnings
2023-03-13 13:04:45 +01:00
Martin Fleisz
ecc29d00c0
core: Allow NULL identity for NLA authentication
...
During the recent changes the possiblity to perform NLA auth using the
current identity was removed.
In case we receive AUTH_NO_CREDENTIALS with NLA we should resume using a
NULL-identity and not abort the connection.
2023-03-13 10:59:57 +01:00
Armin Novak
0c8a08817c
[core,utils] do not abort on auth fail
...
Authenticate and GatewayAuthenticate return FALSE when there are no
credentials supplied. AuthenticateEx indicates connection termination
with that return value. Handle this accordingly
2023-03-13 09:36:07 +01:00
Armin Novak
461a307c42
[core,utils] prefer legacy over AuthenticateEx
...
the new AuthenticateEx callback has a default implementation. To not
break old clients only setting Authenticate or GatewayAuthenticate
callbacks prefer the old ones over the new one.
2023-03-13 09:36:07 +01:00
Armin Novak
39bf831d50
[core,nego] unify SelectedProtocol usage
2023-03-13 09:36:07 +01:00
Armin Novak
e9bc54e8b7
[core] improve logging in freerdp_set_last_error
2023-03-13 09:36:07 +01:00
Armin Novak
24dd697003
[core,rdstls] allow 0 size data to be written.
2023-03-13 08:46:51 +01:00
Joan Torres
41c0f22398
[core,rdstls] Fix getting password as pointer
2023-03-13 08:46:51 +01:00
Armin Novak
2ddd82338a
[core,security] fix security_establish_keys
...
the lenght of the keys was incorrect breaking RDP security
2023-03-12 22:30:31 +01:00
Marc-André Moreau
b34bad2b50
fix and improve cJSON detection
2023-03-11 08:20:10 +01:00
Armin Novak
f26dc59a9d
[core,aad] make AAD optional
...
* make cJSON an optional dependency
* disable AAD if cJSON was not compiled in
2023-03-10 16:38:07 +01:00
Armin Novak
17b6f1bb6f
[core,aad] add compatibility with cJSON < 1.7.13
2023-03-10 16:38:07 +01:00
Armin Novak
a9c52e1c79
[cmake] manual cJSON detection
...
older builds do not ship the cmake files required for
find_package in their libcjson-dev package.
2023-03-10 16:38:07 +01:00
Armin Novak
8d57fa0a7f
[core,aad] fix format strings, use strtok_s
2023-03-10 16:38:07 +01:00
Armin Novak
8219c30eef
[build] fixed cJSON dependency
...
need to find_package at top level so symbols are defined for add_library
and target_*
2023-03-10 16:38:07 +01:00
Armin Novak
47ad94e4f9
[core,aad] clean up some mistakes
2023-03-10 16:38:07 +01:00
Armin Novak
4d12c22f4e
[core,aad] fixed warnings and openssl compat
2023-03-10 16:38:07 +01:00
fifthdegree
304ce6d702
Test base64url en/decoding
...
Add tests for base64url and fix a bug discovered while doing that
2023-03-10 16:38:07 +01:00
akallabeth
429c361435
[core,aad] fix cJSON usage
2023-03-10 16:38:07 +01:00
fifthdegree
f4431cdc8c
fixup! Implement support for RDS AAD
2023-03-10 16:38:07 +01:00
akallabeth
af2a74cbbb
[core,aad] refactor aad parser
...
* split functions into smaller elements
* improve return code checks
* add log messages for error results
2023-03-10 16:38:07 +01:00
akallabeth
0af370c04b
[core,aad] use dynamic logger
2023-03-10 16:38:07 +01:00
akallabeth
157d71e802
[core,aad] migrate to cJSON parser library
2023-03-10 16:38:07 +01:00
akallabeth
c5406d79c5
[core,aad] typedef AAD_STATE
2023-03-10 16:38:07 +01:00
akallabeth
3d9eaf59dc
[core,aad] typedef AAD_STATE
2023-03-10 16:38:07 +01:00
akallabeth
2117cdcb0f
[core,transport] rewritten aad transport read
...
use a do {} while loop to make it easier to read.
2023-03-10 16:38:07 +01:00
akallabeth
f5423caace
[auth,aad] add freerdp* argument to callback
2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2
Implement support for RDS AAD
...
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
fifthdegree
5df4d4c934
Implement a basic JSON parser
2023-03-10 16:38:07 +01:00
fifthdegree
8d6c92c037
Implement base64url encoding/decoding
...
Tweak the base64 functions to allow for encoding and decoding base64url
as well
2023-03-10 16:38:07 +01:00
Martin Fleisz
384642f95f
core: Fix sending incorrect GUID in RDSTLS auth request
...
The spec states that the GUID must be sent as a Base64-encoded GUID in
Unicode format. However in the redirection code we read the (correctly
formatted) GUID and convert it to a binary BLOB.
This PR removes the unnecessary conversion which now results in a
correct RDSTLS auth request.
It also removes some dead code in `rdstls_write_data`.
2023-03-09 14:29:41 +01:00
Armin Novak
1580daecbc
[core,rdstls] fix uninitialized wStream
2023-03-09 11:17:37 +01:00
Armin Novak
ec60ebaf37
[core] parse whole wStream instead of current
2023-03-09 11:17:37 +01:00
Armin Novak
5c49fae477
[core,transport] split pdu parser function
...
split according to which PDU type is being parsed.
2023-03-09 11:17:37 +01:00
Joan Torres
5bcc5326d0
[core,rdstls] fix rdstls_parse_pdu
...
When this function returns <= 0 the caller was considering it a pduLength
creating a bug.
Also fixed length calculation on some rdstls pdu types.
2023-03-09 11:17:37 +01:00
Joan Torres
b469f53c43
[core,transport] check for rdstls == NULL on accept_rdstls too
2023-03-09 11:17:37 +01:00
akallabeth
d56487717f
[core,redirection] fix const warnings
2023-03-09 11:17:37 +01:00
akallabeth
34c056e163
[core,smartcard] fix WCHAR compare, use _wcscmp
2023-03-09 11:17:37 +01:00
akallabeth
4154bc500e
[core,transport] check for rdstls == NULL
2023-03-09 11:17:37 +01:00
akallabeth
9a51f3b77b
[core,rdstls] log state checks
...
when checking expected states print a proper log message when the
requirement is not met
2023-03-08 14:05:00 +01:00
akallabeth
bc1d291b44
[core,rdstls] add state transition checks and logs
2023-03-08 14:05:00 +01:00
akallabeth
adbecf71c6
[core,rdstls] use dynamic logger
2023-03-08 14:05:00 +01:00
akallabeth
0dc59f3a41
[core,rdstls] hide rdstls parsing
...
* move rdstls specific code from transport_parse_pdu to rdstls_parse_pdu
* hide rdstls implementation details
2023-03-08 14:05:00 +01:00
Joan Torres
c7f214435e
[core,transport] use modern stream funcs on transport_parse_pdu
2023-03-08 14:05:00 +01:00
Joan Torres
d3eab544bd
[core,rdstls] validate state transitions
2023-03-08 14:05:00 +01:00
akallabeth
15b5026260
[core,rdstls] rdstls_read_data no heap
...
do not allocate and copy the returned data, just return a pointer in the
stream and the length of the data.
2023-03-08 14:05:00 +01:00
akallabeth
f5a8da4f62
[core,rdstls] ensure stream length on empy return
2023-03-08 14:05:00 +01:00
Joan Torres
7c24da917e
Add RDSTLS security protocol
...
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.
The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Joan Torres
689bf6daab
[core,nla]: Fix using password from redirection
...
If a client reconnects on redirection process and uses NLA authentication,
the client was using the old password because it wasn't setting
usePassword to false.
With this commit the client will use the new password.
2023-03-08 08:36:42 +01:00
Joan Torres
5f8e64f89c
[core,connection]: Fix load balance setting on redirection
...
The routing token is already set for the nego on rdp_client_connect func.
2023-03-08 08:36:42 +01:00
Joan Torres
8c998e67f3
[core,redirection]: Debug redirection fields ordered
2023-03-08 08:36:42 +01:00
Armin Novak
f068d21a5e
[core,peer] set up channelErrorEvent
2023-03-06 21:46:51 +01:00
Armin Novak
8c88a477fd
[core,licensing] fix warnings
2023-03-06 15:39:14 +01:00
Armin Novak
16d1d3d9c5
[core,security] fix types to reduce warnings
...
* Make integer UINT32 to match use
* Fix missing length checks
2023-03-06 15:39:14 +01:00
Armin Novak
3a6566d35e
[crypto,key] fix missing rdpCertInfo clone
2023-03-06 11:31:19 +01:00
Armin Novak
92e071fa0c
[core,listener] print info if a client is from localhost
2023-03-06 11:31:19 +01:00
Armin Novak
1c8f762721
[core,peer] fix multitransport request checks
...
If the client does not announced support for UDPFECR then do not send a
multitransport request and just skip the state.
2023-03-06 11:17:51 +01:00
Armin Novak
37936f5cbb
[core,connect] check for valid hostname
2023-03-06 10:04:59 +01:00
Armin Novak
77943d4329
[warnings] Fixed missing-prototypes warnings
2023-03-06 10:04:59 +01:00
Armin Novak
2eeb5d718a
[warnings] Fixed shadow warnings
2023-03-06 10:04:59 +01:00
Armin Novak
3d8cb485f4
[warnings] Fixed strict-prototypes warnings
2023-03-06 10:04:59 +01:00
Armin Novak
e496771034
[warnings] fixed unused-variable warnings
2023-03-06 10:04:59 +01:00
Armin Novak
f5462bdf92
[core] fix rdp_client_establish_keys
2023-03-06 08:35:24 +01:00
Armin Novak
ca706e3099
[core,caps] fix invalid imeFileName
...
imeFileName might contain invalid characters, ignore these
2023-03-06 08:35:24 +01:00
Armin Novak
fb60145685
[utils,cliprdr] remove runtime assert
2023-03-05 17:55:28 +01:00
Armin Novak
60998a62b4
[utils] added FILEDESCRIPTORW read/write routines
2023-03-05 17:55:28 +01:00
Armin Novak
2450bf75e8
[core] improve assertions and logging
2023-03-05 17:03:18 +01:00
Armin Novak
d0ef43f49b
[core,redirect] check TsvUrl on redirect
...
according to spec the TsvUrl must match the LoadBalanceInfo the client
initially sent. Implement this check or else log an error.
2023-03-02 09:55:49 +01:00
Armin Novak
455f6546a7
[core,redirection] implement redirection PDU write
...
implemented writing redirection certificate to PDU
2023-02-28 15:49:58 +01:00
Armin Novak
ae8f0106bd
[core,redirect] extract and check redirection cert
...
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
redirection target certificate without further user checks
2023-02-28 15:49:58 +01:00
Armin Novak
5bf3a06a30
[utils] windows implementation for freerdp_interruptible_getc
2023-02-28 09:47:54 +01:00
Armin Novak
acc5e2d301
[client,common] use non blocking IO
...
when reading from stdin use non blocking IO so that we can check if the
session terminated in between.
2023-02-28 09:47:54 +01:00
Armin Novak
4398126dde
[utils,signal] remove terminal reset
2023-02-28 09:47:54 +01:00
David Fort
b8814e723a
fix some warning with the use of new crypto functions
2023-02-28 07:59:40 +01:00
akallabeth
adce7378c3
[core,cache] make protocol caches private
...
most protocol internal caches do not need to be exposed. this reduces
the public API and allows us to more easily improve/change this during a
release cycle
2023-02-27 17:31:52 +01:00
akallabeth
3293d0d06a
[core] add log for experimental settings
...
Too often experimental flags had been used without the user noticing
that. As bug reports are hard to analyze without proper information take
this approach and inform about experimental flags in use by logging
these.
2023-02-27 11:44:10 +01:00
akallabeth
aa2cb9aa5f
Fixed #8686 : Update h264 to use new FFMPEG API
2023-02-27 09:45:44 +01:00
Marc-André Moreau
3a8dce07ea
expose last NLA/CredSSP SSPI error code (freerdp_get_nla_sspi_error)
2023-02-24 13:19:19 -05:00
Armin Novak
f357312584
[utils] term signal cleanup handlers
...
add functions to register/unregister termination cleanup handlers
2023-02-23 20:28:15 +01:00
Martin Fleisz
2fa12ad794
gateway: Fix broken #ifdef/#else/#endif
2023-02-23 17:27:22 +01:00
Martin Fleisz
892e58d969
core: Update smartcard settings on all platforms
...
Currently smartcard settings were only updated in the WIN32 code path.
This must be done on all platforms to have the correct settings (i.e.
pkinitArgs) correctly applied.
2023-02-23 14:25:44 +01:00
Martin Fleisz
09b2096cf2
core: Add CAPI support for enumerating smart card key containers
...
Windows seems to favor using the legacy Crypto API (CAPI) for
enumerating RSA key containers and only relies on the newer CNG APIs for
ECC keys.
This PR adds support for CAPI key container enumeration on Windows.
The PR also fixes an issue where the CSP was always set to the MS Base
Smart Card Provider during NLA authentication.
2023-02-22 17:10:47 +01:00
akallabeth
392340d5fd
Fix #8702 : Disable sha3 and shake hashes for libressl
2023-02-22 11:47:37 +01:00
Martin Fleisz
6f639686cf
core: Allow change to smart card logon in Authentication callbacks
...
This PR adds a few changes so that a client is able to change the
authentication/logon type in the Authentication callback. I.e. if the
client was started without user/domain the authentication callback is
now able to activate smart card logon by setting the SmartcardLogon
setting along with csp/container/reader name.
2023-02-22 11:45:32 +01:00
Armin Novak
b4330cfccb
[core,settings] use conservative multitransport flags
2023-02-21 16:42:54 +01:00
Joan Torres
e5d9a41778
[core,gcc] Fix applying RedirectionVersionMask
...
The RedirectionVersionMask is 0x3c i.e. 00111100.
So the left shift operation to set RedirectionVersion is of 2 places.
2023-02-21 16:18:04 +01:00
akallabeth
ab5be61e89
[client,common] working REDIRECTION_VERSION6
...
* REDIRECTION_VERSION6 requires enabled multitransport, enable it
* Add a fallback if multitransport was disabled
2023-02-20 16:04:04 +01:00
akallabeth
66245e7a00
[crypto,cert] remove rsa check
...
the rsa keys to be checked are on the deprecation list for most SSL
libraries so the function might fail unexpectedly
2023-02-16 10:06:17 +01:00
akallabeth
8b95030f5e
[cryto,cert] clean up code
2023-02-16 10:06:17 +01:00
akallabeth
a2b23a83ab
[crypto,cert] only extract server certificate
2023-02-16 10:06:17 +01:00
akallabeth
8205bc5f6b
[core,peer] add RSA certificate check
2023-02-16 10:06:17 +01:00
akallabeth
895ae8b137
[core] use rdpPrivateKey and rdpCertificate
2023-02-16 10:06:17 +01:00
akallabeth
2d94ff3f9e
[settings] remove obsolete keys
...
* CertificateFile and CertificateContent are no longer used
* PrivateKeyFile and PrivateKeyContent are no longer used
2023-02-16 10:06:17 +01:00
akallabeth
a7dc9eb82c
[tests] explicitly deactivate client callbacks for test
2023-02-15 13:34:18 +01:00
Armin Novak
25023d3a3a
[client,scard] fix missing callback instance arg
...
every callback requires context, add freerdp* instance just as the
Authenticate et al callbacks already have
2023-02-15 13:34:18 +01:00
Martin Fleisz
5f9db5a89c
core: Fix pointer corruption with d2i_X509
...
The `d2i_X509` function manipulates the passed pointer on success. This
resulted in a corrupted `rdpCertBlob` struct, crashing later on free.
2023-02-14 09:44:10 +01:00
akallabeth
34bc5e15f5
[core,gateway] fixed missing/wrong return
2023-02-14 08:43:23 +01:00
Martin Fleisz
1f903f80a5
core: Add possibility to distinguish between auth cancelled and no creds
...
Currently if the authentication callback returns `FALSE` the utils
function handle this as scenario as no credentials provided (returns
`AUTH_NO_CREDENTIALS)`.
This PR introduces a new `auth_status` called `AUTH_CANCELLED` that is
returned if the authentication callback returns `FALSE`. If the callback
returns `TRUE` and username or password are empty the util function will
continue to return `AUTH_NO_CREDENTIALS`.
THe PR also fixes some incorrect returns in RPC over HTTP gateway code.
2023-02-14 08:43:23 +01:00
Armin Novak
a7dac52a42
[license] updated copyright headers
2023-02-12 20:17:11 +01:00
Armin Novak
13d96cca9f
[emu,scard] fix key sizes
2023-02-12 20:17:11 +01:00
Armin Novak
b77be1ad61
[emu,scard] use RSA struct instead of rdpCertInfo
...
rdpCertInfo has the RSA key in RDP specific format. Prefer direct
extraction from certificate or key
2023-02-12 20:17:11 +01:00
Armin Novak
91370e4437
[crypto,cert] use malloc for der certificate
2023-02-12 20:17:11 +01:00
Armin Novak
0cb3afd4bc
[emu,scard] check for valid RSA
2023-02-12 20:17:11 +01:00
akallabeth
c306ad4c51
[crypto,cert] add RSA key check
2023-02-12 20:17:11 +01:00
akallabeth
081e187db8
[crypto] add function to determine if RSA is in use
2023-02-12 20:17:11 +01:00
akallabeth
00baf58a71
[crypto,x509] simplify retrieval of default signature digest
2023-02-12 20:17:11 +01:00
akallabeth
e43b4bc091
[crypto,common] remove unused function
2023-02-12 20:17:11 +01:00
akallabeth
55b0af1993
[cryto,x509] cleaned up header
2023-02-12 20:17:11 +01:00
akallabeth
1aa8c97a67
[crypto,key] use EVP_PKEY_up_ref
...
The function is available since OpenSSL 1.1.0 instead of 3.0 for
EVP_PKEY_dup
2023-02-12 20:17:11 +01:00
akallabeth
1397f4c605
[crypto] added evp_pkey private getter
2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a
[crypto] rename rdpRsaKey to rdpPrivateKey
2023-02-12 20:17:11 +01:00
akallabeth
87b30958a6
[cyrpto] unify PEM read/write
...
use crypto_read_pem and crypto_write_pem in all places required
2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa
[crypto] added PEM file read/write helpers
2023-02-12 20:17:11 +01:00
akallabeth
ac037327d5
[core,redirection] fix Wshadow
2023-02-12 20:17:11 +01:00
akallabeth
d1ddf7a6c7
[crypto,test] update to new cert/crypto API
2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a
[crypot,tls] use new crypto/cert API
2023-02-12 20:17:11 +01:00
akallabeth
94b2f551b3
[core] update to new crypto/cert API
2023-02-12 20:17:11 +01:00
akallabeth
67bd1d08d3
[emu,scard] use rdpCertificate and rdpRsaKey
2023-02-12 20:17:11 +01:00
akallabeth
b5d1ea7138
[core,license] use rdpCertificate
2023-02-12 20:17:11 +01:00
akallabeth
4499a55f43
[core,smartcardlogon] use rdpCertificate
2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10
[core,crypto] refactor certificate management
...
* Properly split certificate_store, certificate_data, certificate and
private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
Martin Fleisz
35c24f208b
core: Fix invalid string length
2023-02-09 12:49:47 +01:00
Martin Fleisz
4b9fb8fff9
proxy: Fix NLA to TLS fallback connection
...
Currently the proxy's TLS fallback if an NLA connection attempt failed
is broken. There are two issues with the current code that this PR
fixes:
- freerdp_reconnect is used which requires an already established
connection to work correctly. This is not the case since the NLA
connectin attempt failed. This resulted in a seemingly working TLS
connection but i.e. channels where missing/not working.
- The fallback connection attempt just altered the NLA security setting
in the instance's settings. However these settings have been already
modified by the NLA connection attempt so we need to create a copy of
the original connection settings before doing the first connect.
The PR also introduces freerdp_reset_context which restores the initial
connection settings for the given instance.
2023-02-09 12:49:47 +01:00
Armin Novak
a7c0a8c5f1
[autodetect] expose AUTODETECT_STATE
2023-02-09 12:34:27 +01:00
akallabeth
db98f16e5b
[core,fastpath] fix too verbose log
...
for fastpath_recv_update_synchronize only skip the available bytes as
older servers tend to send short packets. This avoids (too) verbose
logging.
2023-02-07 13:36:03 +01:00
akallabeth
2eda0aa2ea
[core,settings] remove unused setting
2023-02-03 11:24:32 +01:00
akallabeth
d96860780f
Fixed compiler warnings
2023-02-03 11:09:59 +01:00
akallabeth
51e71b3c48
Fixed compiler warnings
2023-02-03 11:09:59 +01:00
akallabeth
00f2679eda
[core,security] refactor functions to check lengths
2023-02-03 11:09:59 +01:00
akallabeth
7c1007b1b6
[core,crypto] removed rsa functions from public API
...
should only be used internally
2023-02-03 11:09:59 +01:00
akallabeth
da5080e557
[core] refactor rdp encryption lock
2023-02-03 11:09:59 +01:00
akallabeth
a082f2b78a
[core] improve logging
2023-02-03 11:09:59 +01:00
akallabeth
5f8cc02cf3
[core,license] update length
...
In license_read_encrypted_premaster_secret_blob the length argument was
not set, fix that
2023-02-03 11:09:59 +01:00
akallabeth
936e239acb
[core,license] replaced HWID_LENGTH with sizeof
2023-02-03 11:09:59 +01:00
akallabeth
4b0fcb3dac
[core,licensing] replaced WINPR_MD5_DIGEST_LENGTH with sizeof()
2023-02-03 11:09:59 +01:00
akallabeth
3c242bbe6a
[core,license] replaced MAC_SALT_KEY_LENGTH with sizeof
2023-02-03 11:09:59 +01:00
akallabeth
0f3d72e724
[core,license] replaced SESSION_KEY_BLOB_LENGTH with sizeof
2023-02-03 11:09:59 +01:00
akallabeth
a738f0ec91
[core,license] replaced PREMASTER_SECRET_LENGTH with sizeof
2023-02-03 11:09:59 +01:00
akallabeth
0c5afb923f
[core,license] replaced MASTER_SECRET_LENGTH with sizeof
2023-02-03 11:09:59 +01:00
akallabeth
cf539f33db
[core,license] replaced SERVER_RANDOM_LENGTH with sizeof
2023-02-03 11:09:59 +01:00
akallabeth
31695c94a1
[client random] refactor use
...
* use sizeof() instead of define length
* use settings getter/setter
2023-02-03 11:09:59 +01:00
akallabeth
54e5ff1e75
[core,gcc] fix server random length
2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab
[core,crypto] refactor rsa functions
...
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
akallabeth
2af9758173
[core,license] use rdpCertInfo
...
Use the struct rdpCertInfo for certificate related data instead of
declaring separate variables
2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3
[core] refactor certificate handling
...
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
components
* Move all private key and certificate code to certificate.c,
remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
to write the certificate data
* Refactor security_establish_keys, use the random values stored in
settings directly
2023-02-03 11:09:59 +01:00
Armin Novak
cd48e17740
[gateway,settings] add GatewayAutoConsent option
...
with this option the client automatically accepts consent messages of
the gateway server.
2023-02-03 11:08:46 +01:00
Armin Novak
05c8a96fff
[core,tcp] fix transport_bio_buffered_write
...
If the return value is <= 0 do not increment the buffer data.
2023-02-02 08:12:39 +01:00
Armin Novak
0c496681f5
[core,settings] fix use of FreeRDP_TargetNetPorts
2023-02-01 09:51:54 +01:00
akallabeth
818267bc80
[core] fixed missing BYTE to WCHAR casts
2023-02-01 09:51:54 +01:00
akallabeth
da42a2141e
[core,settings] update getter/setter generation
...
fix issues with const and non const string pointer update
2023-02-01 09:51:54 +01:00
akallabeth
3f80e6a5ba
[core,info] consume unsued byte of stream
...
The TPKT header length does not match the [MS-RDPBCGR] 2.2.1.11.1.1
Info Packet (TS_INFO_PACKET) and 2.2.1.11.1.1.1 Extended Info Packet
(TS_EXTENDED_INFO_PACKET) length. print a warning and consume the rest
of the data.
2023-01-27 16:01:33 +01:00
akallabeth
76525c2658
[core,peer] removed duplicate checks and logs
2023-01-27 16:01:33 +01:00
akallabeth
644870934e
[core,server] do not rely on EarlyCapabilitiesFlags
...
Check settings that have been agreed upon by client and server and do
not directly use the flags.
2023-01-27 16:01:33 +01:00
akallabeth
56a01603bb
[core,info] do not rely on EarlyCapabilitiesFlags
...
now rdp_write_extended_info_packet only adds the
cbDynamicDSTTimeZoneKeyName, dynamicDSTTimeZoneKeyName and
dynamicDaylightTimeDisabled fields if both, client and server support
the dynamic timezone settings.
2023-01-27 16:01:33 +01:00
akallabeth
1a87ba8fc2
[core,server] add state STATE_RUN_QUIT_SESSION
...
If a session is terminated indicate this by STATE_RUN_QUIT_SESSION
instead of setting STATE_RUN_FAILED which would imply some failure
2023-01-27 11:05:12 +01:00
akallabeth
b03f9cc8b8
[core,mcs] added return checks
...
Fix missing checks in mcs_send_disconnect_provider_ultimatum
2023-01-27 11:05:12 +01:00
akallabeth
22f3bf6f78
[core,nla] initialize stack variables
2023-01-27 10:07:01 +01:00
akallabeth
f5d759c979
[core,nla] unify SecBuffer to ASN1 string
...
use a helper function to convert the buffer to a ASN1 string
2023-01-27 10:07:01 +01:00
akallabeth
c604801a67
[core,nla] simplify server side authentication
...
* Single point fo function return
* Clear all buffers after authentication
2023-01-27 10:07:01 +01:00
akallabeth
ca3cd8b7ec
[core,nla] fix a memory leak in server nla
...
Clear destination SecBuffer before calling credssp_auth_decrypt or
credssp_auth_encrypt
2023-01-27 10:07:01 +01:00
akallabeth
aeef6045b7
[core,credssp] initialize stack variables
2023-01-27 10:07:01 +01:00
akallabeth
f355c9addd
[core,capability] Fix reallocation of ReceivedCapabilityData
...
if the size is 0 do not abort but continue.
2023-01-27 10:07:01 +01:00
akallabeth
7afab06e4e
[fastpath] fix write PDU header functions
...
* Proper capacity checks with logging
* Fix return codes
* Remove unused fields from public structs
2023-01-27 10:07:01 +01:00
akallabeth
04ede67940
[core,fastpath] unify fastpath stream decryption
2023-01-27 10:07:01 +01:00
Armin Novak
ee6de6d293
[core] fix rdp encrypted autodetect messages
2023-01-27 10:07:01 +01:00
Armin Novak
bea41877ba
[core] add logging
...
* Log rdp_write_security_header flags
* Log rpd_read_security_header flags
2023-01-27 10:07:01 +01:00
akallabeth
f9f32a335e
[codec,progressive] fixed parsing of blocks
...
only provide a substream to the block parsing functions
2023-01-27 09:36:02 +01:00
akallabeth
ee07a13130
[cleanup] fix compiler warnings
2023-01-26 09:30:17 +01:00
Armin Novak
70f6c09ff4
[core] fix persistent bitmap cache setting
...
* Only activate if both, client and server support the capability
* Use settings getter to access setting
2023-01-26 09:30:17 +01:00
Armin Novak
1dc2225bd2
[winpr,wlog] include function name in log message
...
default to print the function the log message was called from
2023-01-25 16:26:39 +01:00
Armin Novak
641022b795
[logging] remove __FUNCTION__ from actual message
...
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Armin Novak
f4ee5226b0
[core,settings] fix freerdp_settings_set_string_from_utf16N
...
If the input string has a length, but the string length is 0 do not
return failure.
2023-01-25 16:26:39 +01:00
akallabeth
075506f6c8
[winpr,stream] use new Stream_CheckAndLogRequiredLength*
2023-01-25 14:27:32 +01:00
akallabeth
74530a7931
[format strings] ensure __LINE__ is of type size_t
...
__LINE__ is not particularily well defined (most fall back to int).
We want to ensure that all the uses in a format string match the format
specifier, so do an explicit cast
2023-01-25 14:27:32 +01:00
akallabeth
686c26794b
[gateway,rdg] improve websocket error log message
2023-01-25 14:27:32 +01:00
akallabeth
8ed37e68d2
[stream] use logging capacity checks
2023-01-25 14:27:32 +01:00
Armin Novak
d639702bed
[core] check return of rdp_write_header
2023-01-25 09:37:40 +01:00
Armin Novak
a111a19c58
[core] check return of rdp_write_security_header
2023-01-25 09:37:40 +01:00
Armin Novak
2fc24420d1
[core] fix server side skip channel join
...
move to state CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT instead of
CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE
2023-01-25 09:37:40 +01:00
akallabeth
d65b73ae9f
[core,license] fixed string conversion
2023-01-25 09:37:40 +01:00
akallabeth
e56cf03a79
[core,server] fixed peer multimonitor handling
...
if there is no RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU announced and we did
not handle the data received rerun in active state.
2023-01-25 09:37:40 +01:00
akallabeth
65a5a7a065
[core,certificate] initialize stack variables
2023-01-24 10:16:55 +01:00
akallabeth
b69c00c448
[core,certificate] const correct write function
2023-01-24 10:16:55 +01:00
akallabeth
033ffff428
[core] initialize stack variables, improve logging
2023-01-24 10:16:55 +01:00
akallabeth
f2b934866a
[core,connection] code cleanups
2023-01-24 10:16:55 +01:00
Armin Novak
9ab5bde349
[core,nego] use settings getter/setter
2023-01-24 10:16:55 +01:00
Armin Novak
e07fed8822
[core,settings] initialize variables
2023-01-24 10:16:55 +01:00
Armin Novak
e0a14edfbb
[core,crypto] log more parsing failures
2023-01-24 10:16:55 +01:00
Armin Novak
d4d2b4403c
[core] Improve redirection logging
2023-01-23 11:37:44 +01:00
Armin Novak
e66f2f8c75
[core] improve redirection logging
2023-01-23 11:37:44 +01:00
Armin Novak
2008024386
[utils] improve rdp_cluster_info_flags_to_string
2023-01-23 11:37:44 +01:00
Armin Novak
d8a6166e67
[core] improve rdp_security_flag_string
2023-01-23 11:37:44 +01:00
Armin Novak
073aefd766
[core] set TS_UD_CS_CLUSTER::Flags to REDIRECTION_VERSION5
...
REDIRECTION_VERSION6 breaks redirection for currently unknown reasons.
Revert to the last known good version until we receive an update on
documentation for the redirection handling
2023-01-23 09:17:01 +01:00
Armin Novak
5be9cf90df
[core] fix ClusterInfoFlags generation, added logging
2023-01-23 09:17:01 +01:00
Armin Novak
c01979fba1
[utils] added rdp_cluster_info_flags_to_string
2023-01-23 09:17:01 +01:00
akallabeth
23281121bf
[core] implement skip channel join
2023-01-20 11:19:18 +01:00
akallabeth
60424ef76f
[core] fixed client/server early capapbility flags
2023-01-20 10:57:30 +01:00
akallabeth
2fc5eaeb80
[core] implemented CS_CORE::EarlyCapabilityFlags filter
...
* Added missing definitions for RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN
and RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED flags
* Updated stringification functions for these flags
* Implemented client and server EarlyCapabilityFlags filter for
these flags as FreeRDP currently does not implement them.
2023-01-20 10:57:30 +01:00
Martin Fleisz
22da7c532c
common: Fix RAIL support flags logging
2023-01-20 10:37:56 +01:00
Martin Fleisz
9c6a0eeeb1
core: Fix handling of RAIL HandshakeEx flag
...
When using Enhanced RAIL the HandshakeEx flag must also be set. However
in the current code it was always overwritten by the server flags (which
might lack the flag).
2023-01-20 10:37:56 +01:00
Armin Novak
2088fb045b
[core,redirection] fix string read, cleanup logs
2023-01-18 09:55:06 +01:00
Armin Novak
7a4f5858ea
[settings] announce REDIRECTION_VERSION6
2023-01-18 09:55:06 +01:00
Armin Novak
fd4ddcb640
[core] const correct certificate_clone
2023-01-18 09:55:06 +01:00
Armin Novak
78b8df86bc
[core] unify settings copy set/reset
2023-01-18 09:55:06 +01:00
Armin Novak
9e331a6fcb
[settings] add string functions for encryption
2023-01-18 09:55:06 +01:00
Armin Novak
6ff458bb34
[core] Make remote rdpSettings* context wide
...
The settings struct containing the data sent by the remote is now
context wide. This way it is always possible to retrieve the data.
2023-01-18 09:55:06 +01:00
Joan Torres
e365ab443c
[core,redirection] fix length field of Server Redirection Packet
...
The length had more bytes than the RDP_SERVER_REDIRECTION_PACKET
structure because it was counting bytes before the struct.
Using a start variable from the beginnig of sending the structure fixes
it.
2023-01-17 18:48:43 +01:00
akallabeth
9b675bd400
[core,redirection] fix target netaddresses length
...
include the TargetNetAddressesCount field in length
2023-01-17 12:25:31 +01:00
akallabeth
ded101119f
[gateway] fix leak in rdg_send_channel_create
2023-01-17 12:25:31 +01:00
akallabeth
5104df2e22
[core,server] use redirection functions
...
* Modify callback to take a rdpRedirection* structure
* Use send function from redirection.c
2023-01-17 12:25:31 +01:00
akallabeth
a2c7aa8de1
[core] restructure redirection
...
* Expose redirection functions via public API
* Add getter/setter for public API
2023-01-17 12:25:31 +01:00
akallabeth
73105d972f
[core] fix client side redirection handling
...
* Read previously ignored fields RedirectionGuid and TargetCertificate
* Check password requirements according to LB_PASSWORD_IS_PK_ENCRYPTED
2023-01-17 12:25:31 +01:00
akallabeth
05dab47cbd
[core,settings] add missing redirection options
...
* RedirectionGuid
* TargetCertificate
2023-01-17 12:25:31 +01:00
Armin Novak
dd0d130f48
[crypto] make tls.h a private header
...
no need to uselessly export symbols that are not usable outside the
project
2023-01-14 08:50:26 +01:00
Rozhuk Ivan
a111b78530
[core] Rename TLS functions
...
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
2023-01-14 08:50:26 +01:00
akallabeth
275741cc75
[core,utils] add drdynvc stringification functions
2023-01-12 22:54:25 +01:00
Armin Novak
8b9b2db44b
[winpr] use winpr_fopen
2023-01-12 22:54:25 +01:00