akallabeth
586f40631f
[warnings] fix shorten-64-to-32
2024-09-17 16:13:48 +02:00
akallabeth
1d33095500
[warnings] fix cert-err33-c
...
Fix unused return values, cast to void if on purpose
2024-08-29 10:19:27 +02:00
David Fort
bbb6adc9c4
[core] also recognize mth:// routing token
...
With Azure you also have some routing token of the form mth://xxxxxxx, so accept
these as token.
2024-07-09 11:07:06 +02:00
akallabeth
95ed12530f
[core,nego] unify protocol to string
...
use a generic function to stringify SelectedProtocol and
RequestedProtocols variables.
2024-06-18 20:49:50 +02:00
akallabeth
d7ebec5a65
[tidy] move loop variable declaration to loop
2024-02-22 12:31:50 +01:00
akallabeth
0ba995655d
[clang-tidy] cppcoreguidelines-init-variables
2024-02-15 11:49:16 +01:00
akallabeth
207def5c56
[clang-tidy] readability-isolate-declaration
2024-02-15 11:49:16 +01:00
David Fort
079731068c
[core] fix freezing connection to childSession
...
When connecting to child session(or a VM), we have CredSSP/Nego/ActivationSequence
instead of Nego/CredSSP/ActivationSequence. Before the patch, we were not applying
flags read in the NegoResponse to the settings and that was leading to FreeRDP
thinking that the remote server was not supporting EXTENDED_CLIENT_DATA_SUPPORTED.
That was later preventing some GCC blocks to be sent, and make the server unhappy
and freeze the connection.
2023-11-28 13:28:08 +01:00
David Fort
061148f856
[nla] initial server-side remote credential guard support
...
Adds support for server-side remote credential guard in NLA. When enabled that allows
the remote user to connect without shipping credentials in TSCred packets. Instead
it will send his TGT encoded with a TGS from the remote server. This way the server
is able to populate that TGT in a local credential cache without knowing the user's
password.
The patch only treats the NLA part and does not contain the associated RDPEAR channel
that allows to have the complete interaction to retrieve new access tokens.
2023-11-20 16:17:00 +01:00
Armin Novak
53b65ff7bd
[documentation] fix Wdocumentation warnings
2023-10-16 15:10:13 +02:00
David Fort
3c18a9980f
[client,win32] implement connection to child session
...
Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
2023-09-27 11:57:49 +02:00
ehdgks0627
d04ba8d6ef
Correct typos and formatting errors in format strings
...
In several files, fixed typos in format strings that were causing unexpected output and formatting issues.
2023-07-28 15:34:46 +02:00
Armin Novak
66cb8c68d4
[core,nego] change nego_set_routing_token argument
...
Use void* instead of BYTE* as the real type is unknown and warnings can
be avoided
2023-06-29 14:46:41 +02:00
Hugues LEFEBVRE
b67afecf0f
CredSSP with early user auth (nla_ext) support
2023-06-26 11:53:46 +02:00
Mikhail Kashin
aeb6ec6f97
[core] fix handling loadbalanceinfo tsv://MS Terminal Services Plugin
2023-06-14 09:06:50 +02:00
Armin Novak
970f0c54e8
[stream] use const correct Stream_Pointer access
2023-06-08 08:09:33 +02:00
Armin Novak
39bf831d50
[core,nego] unify SelectedProtocol usage
2023-03-13 09:36:07 +01:00
Armin Novak
f26dc59a9d
[core,aad] make AAD optional
...
* make cJSON an optional dependency
* disable AAD if cJSON was not compiled in
2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2
Implement support for RDS AAD
...
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
Joan Torres
7c24da917e
Add RDSTLS security protocol
...
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.
The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
akallabeth
895ae8b137
[core] use rdpPrivateKey and rdpCertificate
2023-02-16 10:06:17 +01:00
Armin Novak
9ab5bde349
[core,nego] use settings getter/setter
2023-01-24 10:16:55 +01:00
akallabeth
37ab25e19d
Fixed all Wdocumentation warnings
2022-12-12 14:24:55 +01:00
akallabeth
5799fb2018
Replace ConvertFromUnicode and ConvertToUnicode
...
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
2022-11-28 10:42:36 +01:00
Armin Novak
eb2782b3af
[core,nego] Fixed a broken format string
2022-11-21 10:51:19 +01:00
akallabeth
d15e80e266
Fixed return of tpkt_verify_header
...
Allow detection of an error (e.g. not enough data in stream)
2022-11-04 14:46:58 +01:00
Armin Novak
b672bda85e
Removed RdpKeyFile and RdpKeyContent settings
...
They are a duplicate of PrivateKeyFile and PrivateKeyContent
2022-07-06 12:01:23 +02:00
akallabeth
f25261e271
Unifiy string append functions
2022-06-17 08:41:46 +02:00
akallabeth
962c5c3ef0
Fixed dead store warnings
2022-04-28 12:37:19 +02:00
akallabeth
6fd71fe737
Eliminate Dead nested assignment warnings
2022-04-28 12:37:19 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes ( #7796 )
...
* Fixed remdesk settings pointer
* Fixed sign warnings in display_write_monitor_layout_pdu
* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context
* Added and updates settings
* info assert/dynamic timezone
* mcs assert/log/flags
* Fixed and added assertions for wStream
* Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
* Cleaned up PER, added parser logging
* Cleaned up BER, added parser logging
* log messages
* Modified Stream_CheckAndLogRequiredLengthEx
* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list
* Improved Stream_CheckAndLogRequiredLength
* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected
* Fixed public API input checks
2022-04-19 14:29:17 +02:00
akallabeth
3d38d2636c
Decreased logging verbosity for INFO level
2022-03-04 09:34:02 +01:00
Armin Novak
4d03d7c0bf
Freerdp remove #ifdef HAVE_CONFIG_H
2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809
Reorganized FreeRDP headers
2022-03-03 11:26:48 +01:00
Armin Novak
874f47f01e
Added more error checks to nego
2021-12-14 13:46:34 +01:00
Steve Pronovost
592f8d95be
Fix connection negotiation with mstsc/msrdc
...
mstsc/msrdc includes an optional correlation info
(RDP_NEG_CORRELATION_INFO) during connection negotiation. This confuses
FreeRDP which interpret this as a cookie and eventually fails the
negotiation, preventing a successful connection to these RDP client.
This commit addresses 3 things.
1) When processing connection token or cookie, skip if the remaining
bytes are neither.
2) After processing the RDP_NEG_REQ info, skip the optional correlation
info (RDP_NEG_CORRELATION_INFO) if one is present.
3) Allow local connection without server certificate when the client
inherently trust the server.
2021-10-21 13:11:21 +02:00
Armin Novak
17f530a866
Transport opaque
2021-09-09 08:36:01 +02:00
akallabeth
f1bde376b1
Raw channel send ( #7255 )
...
* Added raw channel data write function
* Use nego_set_state
* Added ArrayList_ForEachAP
* Provide va_copy for older VS compilers
2021-08-26 16:17:51 +02:00
Armin Novak
2a91afb0cf
Added adjustable tcp connect timeout
2021-06-08 08:21:47 +02:00
akallabeth
e2fd9db0b5
Added const to function arguments
2021-02-17 11:29:56 +01:00
akallabeth
5409f4f043
Implemented 2.2.1.17.1 Persistent Key List PDU Data, added checks
...
* Implemented missing server side version of PDU (just skip data)
* Refactored read/write functions to properly check stream
length/capacity and handle return values.
2020-11-20 09:39:25 +01:00
akallabeth
6b485b146a
Fixed oob read in irp_write and similar
2020-05-06 13:31:57 +02:00
Armin Novak
318cb3dd47
Added tpkt header length plausibility checks.
2020-03-02 11:40:35 +01:00
Armin Novak
72ca88f49c
Reformatted to new style
2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6
Fixed strnlen issues.
2019-11-05 14:55:33 +01:00
Armin Novak
f01e042211
Code cleanups (strlen, casts, size_t, ...)
2019-10-29 11:58:43 +01:00
asapelkin
82eadad4a4
Fix some static analizer warnings
2019-10-22 15:39:54 +02:00
Armin Novak
306c557512
Getter for state to string
2019-09-04 15:46:47 +02:00
Mati Shabtay
b907324009
First version of an RDP proxy ( #5372 )
...
* server: Add proxy dir with barebones server
* sever/proxy: Remove licensing
* server/proxy: Add client files
* server/proxy: rm binary
* server/proxy: Formatting
* server/proxy: Fixed includes and added basic client creation functionality
* server/proxy: Remove licensing and fix ifndef
* proxy/server: Fix cmake indentation
* server/proxy: Fix licensing
* server/proxy: Forward connection on peer_post_connect
* server/proxy: Fix function signature
* server/proxy: Changed function signature of proxy_client_start
* server/proxy: Now peer_post_connect calls proxy_client_start in a new thread
* pfreerdp.c: Clean up useless comments and logs
* server/proxy: Fix license
* server/proxy: Remove all non-connection related data from proxy_context
* server/proxy: Move Log Tag definition to pf_log.h
* server/proxy: Move context definition to pf_context
* server/proxy: Delete pfreerdp.h
* pfreerdp.c: Move context callbacks to pf_context.c
* server/proxy: Update CMakeLists.txt
* pf_channels: Use new proxy context API
* pf_client: Move context to pf_context
* pf_client.c: Remove unnessecary event handling
* server/proxy: Formatting
* proxy/server: Move server logic to pf_server.c
* server/proxy: Handle client disconnection
* Merge stash
* pf_server.c: Open GFX Connection to client
* server: CMakeLists: build proxy along with other servers
* server: proxy: get target server from rdpNego->RoutingToken
Iv'e omitted a check from which im not sure is right. Should check in docs
* server/proxy: Handle remote server -> client disconnection
* server/proxy: Move common function to pf_common.c
* server/proxy: Move common function to pf_common.c
* rdpgfx.h: Add reference to freerdp.h for rdpContext
* pf_channels: Pipe GFX on channel connection
* server/proxy: Add pf_rdpgfx for proxy gfx callbacks
* pf_client: Declare dynvc and gfx capabilities on connection
* server/proxy: Add graphics callbacks
* server/proxy: Add graphics callbacks
* pf_server: Listen to channel events
* Pass user settings to server
* pf_server: Proxy mouse events
* fixup! server/proxy: Add graphics callbacks
* pf_client: Fix setting initialization
* Merge feat/proxy-gfx to feat/proxy
* pf_server: Fix double freed credentials
* server/proxy: Remove unnecessary call to freerdp_client_settings_parse_command_line
* server/proxy: Refactor re-activation code
* server/proxy: Run format scripts
* server/proxy: Fix segfault when post_disconnect return FALSE
* server/proxy: Refactor proxy_settings_mirror
* server/proxy: Redirect credentials
* server/proxy: move proxy_settings_mirror to pf_common.c
* server/proxy: Redirect desktop_resize event
* pf_client: Remove interactive CLI auth methods
* fixup! server/proxy: Redirect credentials
* server/proxy: Rename proxy_mirror_settings to pf_common_copy_settings
* pf_server.c: Fixed non-freed context
When the disconnection is forced by the target server, the function
`pf_server_handle_client_disconnection` isn't called. Therefore, the
context of the connection between the proxy to tagrget isn't freed.
* fixup! pf_server.c: Fixed non-freed context
* pf_client: Prefix all client methods with pf_client
* pf_context: Add init client to proxy context method
* pf_server: Confirm all GFX caps regardless of settings
* pf_server: Prefix all methods with pf_server
* pf_server: Move variable decleration to start of method
* pf_server: Fix client setting
* pf_server: Fix GFX init method
* pf_server: Move variable decleration to start of methods
* server/proxy: Formatting
* Merge feat/proxy
* pf_server: Proxy synchronize event
* pf_server: Proxy refresh rect update events
* pf_server: Proxy suppress output messages
* server/proxy: Fix licensing
* server/proxy: Move client input callbacks to pf_input
* server/proxy: Move client update callbacks to pf_update
* server/proxy: Fix non-terminated target host string
* Feat/proxy config (#2 )
* server/proxy: Add config loading support
* server/proxy: Add config file
* server/proxy: Format code
* server/proxy: Code refactor, rename update_register_callbacks and input_register_callbacks
* server/proxy: Update config file
* server/proxy: Remove config.ini from root directory
* Remove comment from config file
* server/proxy: Fix leak in pf_server_load_config
* server/proxy: Add rdpServerProxy struct and embed it in proxyContext
* server/proxy: Load configuration and pass it inside every proxyContext instance
* server/proxy: Move rdpProxyServer to proxy.h
* server/proxy: Use configuration while proxying input events
* server/proxy: Update CMakeLists
* server/proxy: Refactor pf_input.c
* server/proxy: Add AllowedChannels, DeniedChannels in configuration
* server/proxy: Remove unnecessary variable from parse_channels_from_str
* server/proxy: Update config file
* server/proxy: config: Rename to
* server/proxy: config: Add mode - blacklist/whitelist
* server/proxy: Refactor, fix NULL deref
* server/proxy: Add license to proxy.h
* server/proxy: Fix newline in pf_config.c
* server/proxy: config: Rename Mode to WhitelistMode
* Add target in config. Add checks for configuration validity (#3 )
* Add target in config. Add checks for configuration validity
* Update config file
* libfreerdp: nego: revert commented out check of routingToken length
* pf_server: Fix target host info from RoutingToken
* pf_server: Remove hardcoded lenght of routing token prefix
* Feat/refactor context (#8 )
* Refactor main structs
* Update CMakeLists.txt
* pf_server.c: Free pdata at the end of the connection
* Run format scripts
* Rename tf to pc
* Fix licenses
* pf_server: Refactor names of structs and functions
* proxy: gfx: sync caps (#4 )
* proxy: gfx: sync caps
* proxy: gfx: sync caps, hook gfx client's OnClose() call and close server resources
* fixup! Feat/refactor context (#8 )
* fixup! fixup! Feat/refactor context (#8 )
* rdpgfx/client: Fix rdpgfx_recv_caps_confirm_pdu caps set length parsing
* Run format scripts
* proxy config.ini: Change default port to 3389
* pf_rdpgfx: Limit caps version to freerdp's supported versions
* Gfx OnOpen() wait for dynvc ready (#10 )
* proxy/gfx: Wait for dynvc ready state before open
* pf_channels: Initialize pc->gfx
* pf_rdpgfx: Add log and fix comments
* rdpgfx: Fix GFX v10.6 PDUs parsing and naming according to the spec
* pf_rdpgfx: Proxy rdpgfx v10.6 PDUs
* gfx client: Publish FrameAck sending and add auto ack flag
* proxy/gfx: Forward frame ack messages
* pf_context: Forward domain on connection
* pf_rdpgfx: Change max supported caps to 10.6
* proxy: Update config
* server/proxy: Use configuration in pf_server_handle_client
* rdpgfx/client: Fix size of surface_to_scaled_window, surface_to_window
* pf_rdpgfx: Fix formatting
* pf_server.c: Fix comments
* Move pf_server_rdpgfx_init to pf_rdpgfx
* server/proxy/CMakeLists.txt: Fix formatting
* pf_client.c: Add comment in proxy_server_reactivate
* Fixed const correctness of gfx function pointer
Signed-off-by: Mati Shabtay <matishabtay@gmail.com>
* server: proxy: update copyright
* server: proxy: wrap rdpNego and add a getter for routing token
* Refactor routing token getter (#14 )
* Refactor routing token getter
* pf_server_parse_target_from_routing_token change routing_token_length to be DWORD
* libfreerdp/core/nego.c: Run format script
* pf_server: Run format script
* server/proxy: Fix os msbuild tests
* pf_channels.c: Remove unused channels
* pf_client: Remove unused callbacks
* proxy: Remove encomsp callbacks from proxy's client
* client/rdpgfx_main.c: Fix msbuild test
* pf_config.c: Use StrSep instead of strsep for Windows builds
* Removed nego struct from direct access.
Signed-off-by: Mati Shabtay <matishabtay@gmail.com>
* proxy: Rename binary to freerdp-proxy
* rdpgfx_main.c: Revert unwanted double change to send_supported_caps
* Cleaned up proxy server code.
* All internal functions static
* Added simple command line argument to supply a config file
* Silence compiler warnings
Signed-off-by: kubistika <kmizrachi18@gmail.com>
2019-05-17 14:32:54 +02:00
Armin Novak
8110c391bf
Fixed requested protocol define names according to spec.
2018-12-05 10:55:06 +01:00