Commit Graph

374 Commits

Author SHA1 Message Date
akallabeth
cd4d77af86 [settings] add deprecation warnings
direct struct access to rdpSettings now produces warnings if not
explicitly deactiaved by defining FREERDP_SETTINGS_INTERNAL_USE
2023-11-24 14:54:56 +01:00
akallabeth
1163cc4d5c [core] add internal settings.h include 2023-11-24 14:54:56 +01:00
David Fort
3c18a9980f [client,win32] implement connection to child session
Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
2023-09-27 11:57:49 +02:00
akallabeth
1d25242eac [core,transport] fix evaluation of nla errors
if there is no rdpNla fall back to default error password expired.
2023-09-21 10:00:19 +02:00
David Fort
8a39859612 [arm] various improvements
This patch moves the ARM configuration before starting the connection process, so
that we can do some provisioning of the FreeRDP settings with the items retrieved
from Azure.
Most notably that allows us to connect directly using RDSTLS security.
2023-09-04 10:24:56 +02:00
Armin Novak
e61880d077 [standard] replace __FUNCTION__ with __func__ 2023-07-27 20:02:43 +02:00
Michael Saxl
a5a60c888b [core,transport] free wst transport after use 2023-07-04 20:33:13 +02:00
Armin Novak
ea66b23631 [core,gateway] fix various issues with arm transport
* fix possible leaks
* split big functions
* fix missing NULL checks
2023-06-27 21:15:08 +02:00
Michael Saxl
d55e035260 [gateway,arm] Azure Virtual Desktop Gateway support
This PR creates a new /gateway:type:arm transport.
It depends on CJSON

The arm transport is not a transport by itself but is responsible
for getting the websocket endpoint from a configuration url derived from
the configured gateway host in the rdpw file or cmdline
2023-06-27 21:15:08 +02:00
Hugues LEFEBVRE
b67afecf0f CredSSP with early user auth (nla_ext) support 2023-06-26 11:53:46 +02:00
Michael Saxl
44c1ec3276 [gateway,websocket] implement plain websocket transport
* factor out most websocket specific code parts into websocket.c
* create wst.c (Websocket Transport) as gateway transport implementation
* introduce GatewayUrl setting that holds the websocket url
* introduce GatewayHttpExtAuthBearer that holds the HTTP Bearer
* GatewayHttpExtAuthBearer can be used by both rdg and wst
2023-06-22 09:21:42 +02:00
Marc-André Moreau
4d4dcd4511 Fix usage of explicit server name when different from connection host 2023-06-13 09:20:17 -04:00
Armin Novak
970f0c54e8 [stream] use const correct Stream_Pointer access 2023-06-08 08:09:33 +02:00
Armin Novak
a4c6b36a19 [build] fix memory sanitizer stack frame warnings 2023-06-07 09:14:45 +02:00
Armin Novak
7832ba2361 [core,transport] properly log failure reason retries exceeded 2023-05-23 05:04:55 +02:00
Armin Novak
f26dc59a9d [core,aad] make AAD optional
* make cJSON an optional dependency
* disable AAD if cJSON was not compiled in
2023-03-10 16:38:07 +01:00
akallabeth
c5406d79c5 [core,aad] typedef AAD_STATE 2023-03-10 16:38:07 +01:00
akallabeth
2117cdcb0f [core,transport] rewritten aad transport read
use a do {} while loop to make it easier to read.
2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
Armin Novak
ec60ebaf37 [core] parse whole wStream instead of current 2023-03-09 11:17:37 +01:00
Armin Novak
5c49fae477 [core,transport] split pdu parser function
split according to which PDU type is being parsed.
2023-03-09 11:17:37 +01:00
Joan Torres
5bcc5326d0 [core,rdstls] fix rdstls_parse_pdu
When this function returns <= 0 the caller was considering it a pduLength
creating a bug.

Also fixed length calculation on some rdstls pdu types.
2023-03-09 11:17:37 +01:00
Joan Torres
b469f53c43 [core,transport] check for rdstls == NULL on accept_rdstls too 2023-03-09 11:17:37 +01:00
akallabeth
4154bc500e [core,transport] check for rdstls == NULL 2023-03-09 11:17:37 +01:00
akallabeth
0dc59f3a41 [core,rdstls] hide rdstls parsing
* move rdstls specific code from transport_parse_pdu to rdstls_parse_pdu
* hide rdstls implementation details
2023-03-08 14:05:00 +01:00
Joan Torres
c7f214435e [core,transport] use modern stream funcs on transport_parse_pdu 2023-03-08 14:05:00 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Martin Fleisz
1f903f80a5 core: Add possibility to distinguish between auth cancelled and no creds
Currently if the authentication callback returns `FALSE` the utils
function handle this as scenario as no credentials provided (returns
`AUTH_NO_CREDENTIALS)`.

This PR introduces a new `auth_status` called `AUTH_CANCELLED` that is
returned if the authentication callback returns `FALSE`. If the callback
returns `TRUE` and username or password are empty the util function will
continue to return `AUTH_NO_CREDENTIALS`.

THe PR also fixes some incorrect returns in RPC over HTTP gateway code.
2023-02-14 08:43:23 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Rozhuk Ivan
a111b78530 [core] Rename TLS functions
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
2023-01-14 08:50:26 +01:00
akallabeth
82ba9ede9c [freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers 2023-01-10 17:38:00 +01:00
Armin Novak
5f81005ecb [transport] remove polling loop
We no longer have a blocking polling loop in transport. Instead assume
there is more data after a packet was processed and let the transport
try again. If there is another packet ready, this repeats until only a
partly received (or no new data available) situation is reached.
2022-12-12 12:59:32 +01:00
Armin Novak
fd7a952e70 [core,transport] only return ioEvent if we use it
transport_get_event_handles only returns the ioEvent handle in its
list if transport_io_callback_set_event was called at least once.
2022-11-16 15:32:32 +01:00
akallabeth
d83f70bc32 [core,transport] event handle for transportIO
With the latest client changes the internal event loop requires a handle
to wait on. Add a new function to (re)set the newly added transport event handle.
2022-11-16 15:32:32 +01:00
akallabeth
4ccb38aa13 [core] Check return value of *_transition_to_state
The state transition might not be allowed, so abort if that fails.
2022-11-16 15:32:32 +01:00
akallabeth
bc31bae2b5 [core] Unify RDP state machine
Up to this commit the client and server state machine handling used
different return values for state machine changes.
This is fixed with this commit:
* Use common enum return values
* Use common helper functions
2022-11-15 09:57:46 +01:00
Armin Novak
71b568ac30 Relax transport checks, allow invalid socket
When no real RDP connection is in use, the SSL socket might be invalid.
Do not assert here but allow the parsing to continue
2022-11-03 11:58:17 +01:00
Marc-André Moreau
e3594c91dc Add UserSpecifiedServerName setting, /server-name command-line parameter 2022-10-14 17:59:57 -04:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00
Martin Fleisz
12f2c4e2a7 core: Use closesocket instead of close 2022-07-21 15:59:43 +02:00
akallabeth
d0fece49dc Use stack variable instead of malloc in transport 2022-07-04 14:31:08 +02:00
fifthdegree
85f7cb8916 clear openssl error queue after nla_client_begin 2022-07-02 16:32:50 +02:00
akallabeth
944f43c0bc Fixed transport handling of pool allocated streams 2022-06-27 11:21:24 +02:00
Marek Vasut
c5bca8bbbb transport: Set server socket as keepalive in transport_default_attach()
Set the same keepalive properties to accepted server socket as are set
to client sockets. This prevents the server from keeping sockets open
for tens of minutes in case the client disappears.

Signed-off-by: Marek Vasut <marex@denx.de>
2022-05-06 12:31:35 +02:00
akallabeth
4a782055a2 Do not assert transport->frontBio
transport_attach might be called more than once so it might already
be initialized with an old value
2022-04-29 11:58:10 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796)
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
2022-04-19 14:29:17 +02:00
akallabeth
c2e882c509
Nla server cleanup && server auth fix (#7743)
* Reduce negotiate logging verbosity

* Remove duplicate pointers from rdpNla

* Fixed server nla auth

* Encapsulated nla_server_recv_credentials
2022-03-25 10:47:05 +01:00
akallabeth
14568872a9
Instance cleanup (#7738)
* Cleaned up freerdp::autodetect

* Deprecate freerdp::input

* Deprecated freerdp::update

* Deprecated freerdp::settings

* Deprecated freerdp::autodetect

* Removed rdpTransport::settings

* Deprecated freerdp_per::update|settings|autodetect

* Fixed mac client and server compilation

* Fixed windows compilation

* Added deprecation warnings

* Fixed initialization of structs.

* Fixed android build

* Fixed freerdp_client_context_new const correctness

* Fixed checks for android implementation

Replaced checks with assertions where appropriate

* Fixed checks for windows client

Replaced checks with assertions where appropriate

* Fixed proxy client pointer dereference
2022-03-23 13:18:35 +01:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00