Commit Graph

86 Commits

Author SHA1 Message Date
Armin Novak
40a7f2c995 Added missing include breaking windows build. 2015-07-03 12:46:28 +02:00
Armin Novak
82da97e606 Updated sample server.
* Added new command line argument --port to allow starting the
  sample server on a port different than default 3389.
* Using GetKnownSubPath now to determine location of temporary
  directory for server socket.
* Using distinct server socket files for each port.
2015-07-03 10:04:24 +02:00
Armin Novak
89eac97d0e Fixed uninitialized value. 2015-06-23 12:09:42 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Norbert Federa
25fc866a58 Fix unchecked CreateThread calls and misc fixes 2015-05-05 13:55:48 +02:00
Norbert Federa
ef1fd12b15 Fix unchecked CreateEvent calls and misc fixes
1)
Added missing checks for CreateEvent which also required the
following related changes:

- changed freerdp_context_new API to BOOL
- changed freerdp_peer_context_new API to BOOL
- changed pRdpClientNew callback to BOOL
- changed pContextNew callback to BOOL
- changed psPeerAccepted callback to BOOL
- changed psPeerContextNew callback to BOOL

2)
Fixed lots of missing alloc and error checks in the
changed code's neighbourhood.

3)
Check freerdp_client_codecs_prepare result to avoid segfaults
caused by using non-initialized codecs.

4)
Fixed deadlocks in x11 caused by missing xf_unlock_x11() calls
in some error handlers

5)
Some fixes in thread pool:
- DEFAULT_POOL assignment did not match TP_POOL definition
- don't free the pool pointer if it points to the static DEFAULT_POOL
- added error handling and cleanup in InitializeThreadpool
2015-04-29 18:18:39 +02:00
Norbert Federa
84577b1ca7 codec/rfx: error checking and various fixes
- removed some unneeded null checks for free()
- fixed a memory leak in shadow_client
- removed rfx_compose_message_header from API

Changed the following functions to BOOL, check the result
where they are called and handle failures:
- rfx_compose_message
- rfx_compose_message_header
- rfx_write_tile
- rfx_write_message_tileset
- rfx_write_message_frame_begin
- rfx_write_message_region
- rfx_write_message_frame_end
- rfx_write_message

rfx_process_message:
- check memory allocation failures
- verify protocol-conform order of data messages to prevents memory
  leaks caused by repeated allocations
- verify that header messages were parsed/received before the
  data messages
- treat unknown rlgr mode as error
- fixed/added error handling
- fixed all callers to check/handle result

rfx_encode_message:
- fixed incorrect usage of realloc
- missing malloc check
- missing check of CreateThreadpoolWork
- correct cleanup on failure (threadpool, memory)
- check rfx_encode_message result

rfx_encode_messages:
- check rfx_split_message result
- correct cleanup on failure
- prevent memory leak on failure

rfx_write_message_context:
- fixed invalid channelId value (must be 0xFF for WBT_CONTEXT)

rfx_process_message_codec_versions:
- fixed invalid read size of codec_version (it is 16bit)

rfx_process_message_channels:
- verify protocol conform channelId value

rfx_process_message_region:
- replaced invalid reallocs with malloc
- read and verify regionType and numTileSets from stream

rfx_process_message_tileset:
- check allocation results
- fixed incorrect usages of realloc

setupWorkers:
- fixed incorrect usages of realloc

rfx_split_message:
- removed dead code
- missing malloc check

rfx_compose_message:
- fixed a memory leak
- check/handle rfx_encode_message result
2015-04-23 15:42:21 +02:00
Hardening
6cd7713e12 Merge pull request #2544 from bmiklautz/boolenization
change return types of callbacks to BOOL
2015-04-22 11:01:27 +02:00
Armin Novak
65a4c6e1fc Changed listener callback arguments and return. 2015-04-21 15:57:25 +02:00
Bernhard Miklautz
1e6943bf31 Fix formating 2015-04-21 14:20:24 +02:00
Bernhard Miklautz
515502ffa5 change return types of callbacks to BOOL
* change all client/server callbacks to BOOL
* update all clients accordingly
* add multiple return value checks
* small fixes
2015-04-21 14:18:07 +02:00
Armin Novak
6e213bc61b Modified GetEventHandles of listener
Now using nCount as in and out argument.
When called, set nCount to the number of available handles.
This value is checked and an error returned, if not enough
handles are available.
2015-04-21 12:09:44 +02:00
Armin Novak
7b0d7b3552 Using new API for socket listener. 2015-04-19 10:39:08 +02:00
Armin Novak
4ed891b599 Moved client handler to new API. 2015-04-19 10:39:08 +02:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
ddedc574f3 freerdp: remove tcp, uds utils 2014-11-12 14:06:34 -05:00
Armin Novak
89bb28adb2 Fixed setting of RV_VERSION_PATCH, now BUILD_NUMBER is used for every library.
Executable names are now correctly set, using CMAKE_EXECUTABLE_SUFFIX now.
Fixed version defines for winpr executables.
2014-10-09 16:18:35 +02:00
Armin Novak
5364a834c4 Added windows version information to build. 2014-10-03 15:17:40 +02:00
Armin Novak
5b5791c8d7 Using wlog for server now. 2014-09-15 08:55:00 +02:00
Bernhard Miklautz
0313ca3622 libfreerdp: always build "MONOLITHIC"
"libfreerdp" consisted of multiple (small) single libraries. If the cmake
option MONOLITHIC was used only one library was build combining all of
the libfreerdp-* libraries.
The only exceptions to this are libfreerdp-server and libfreerdp-client these
are build as separate libraries.

This commit obsoltes non-monolithic builds and makes monolithic builds
the default. The cmake option MONOLITHIC is also removed.
2014-09-12 00:19:53 +02:00
Armin Novak
784696c1cd Fixed missing includes and invalid replacement. 2014-08-11 09:38:08 +02:00
Armin Novak
8d8719e101 Replaced fprintf with DEBUG_WARN 2014-08-11 09:19:47 +02:00
Bernhard Miklautz
6a49bcfe40 winpr: always build "monolitic"
winpr is now always build as single library.
The build option MONOLITHIC_BUILD doesn't influence this behavior anymore.

The only exception is winpr-makecert-tool which is still build as extra
library.

This obsoletes complex_libraries for winpr.
2014-07-10 11:10:58 +02:00
Hardening
4b6edb913c Make server sound thread optionnal
This patch makes the server-side sound channel thread optionnal, and
exposes functions to handle channel traffic from the outside.
2014-07-02 10:31:45 +02:00
Marc-André Moreau
f1a866340e server/Sample: stub server-side encomsp channel 2014-06-25 15:21:02 -04:00
Hardening
c076ffb020 Don't use NULL for pWrittenBytes when calling WTSVirtualChannelWrite()
Nothing in the MSDN API says that setting NULL is safe. And if the
implementation uses WriteFile directly, it crashes.
2014-05-28 17:04:24 +02:00
Marc-André Moreau
67743b6832 libfreerdp-core: enable RDP6.1 XCrush compression/decompression by default 2014-05-23 14:11:53 -04:00
Marc-André Moreau
ab7958ffb2 libfreerdp-codec: fix NCrush compressor 2014-04-20 23:19:09 -04:00
Marc-André Moreau
d08b6fe4bd libfreerdp-codec: fix handling of PACKET_AT_FRONT, PACKET_FLUSHED in MPPC compression 2014-04-20 21:28:09 -04:00
Bernhard Miklautz
8168477886 sample server: fix printf format compiler warning 2014-04-17 10:04:17 +02:00
Bernhard Miklautz
cd4cfaae6a sfreerdp: updated to use latest WTSAPI 2014-03-03 18:10:06 +01:00
Marc-André Moreau
8510ad3171 freerdp: remove rdpChannel definition in favor of CHANNEL_DEF 2014-02-28 12:07:22 -05:00
Marc-André Moreau
6e1cdf1b67 libfreerdp-core: expose opaque HANDLE instead of WTSVirtualChannelManager* 2014-02-27 13:30:04 -05:00
Marc-André Moreau
f3011492d8 freerdp-server: remove usage of deprecated custom server-side channel API 2014-02-16 23:09:21 -05:00
Marc-André Moreau
518995a05e freerdp: merge with master 2013-09-16 17:10:27 -04:00
Marc-André Moreau
f790831e7d Merge branch 'master' of github.com:awakecoding/FreeRDP into xrdp-ng 2013-09-05 15:23:19 -04:00
Armin Novak
e5c138a5b9 Fixed various memory leaks, allocation size issues and API misuse
warnings shown by clang as well as some compiler warnings.
2013-09-05 12:14:34 +02:00
Marc-André Moreau
b480ce1830 freerdp: remove vendor-specific options from build system, add automatic ways of including external clients/servers 2013-09-03 20:37:04 -04:00
Marc-André Moreau
68ec10a9d9 libwinpr-nt: implement NtCurrentTeb() 2013-08-22 10:18:38 -04:00
Marc-André Moreau
c878200e00 channels/server: refactor to match WTSApi + avoid conflicts 2013-08-20 19:26:36 -04:00
Marc-André Moreau
23a8354656 channels: rdpsnd refactoring, drdynvc initial server-side code 2013-08-18 21:52:55 -04:00
Marc-André Moreau
0fd705c6c7 channels/cliprdr: start server-side implementation 2013-08-16 16:46:47 -04:00
Marc-André Moreau
863b51f938 freerdp: merge with master 2013-06-28 12:50:24 -04:00
Norbert Federa
729814fabd sample server: support build on win32 2013-06-24 18:02:21 +02:00
Norbert Federa
018ed7e09b server/sample: fix for issue #1312 (mstsc protocol error) 2013-06-21 16:46:46 +02:00
Marc-André Moreau
208c9f844a freerdp: fix core API bugs 2013-06-13 21:34:46 -04:00
Marc-André Moreau
367ebf32a3 freerdp: make use of stream macros to access members 2013-05-15 12:14:26 -04:00
Marc-André Moreau
fdf3ddcf9e freerdp: purge deprecated stream utils 2013-05-08 17:48:30 -04:00
Marc-André Moreau
fd230443c5 freerdp: purge old stream utils 2013-05-08 16:27:21 -04:00
Marc-André Moreau
b4cac74136 xfreerdp-server: fix RemoteFX encoding 2013-05-01 18:15:55 -04:00