Commit Graph

266 Commits

Author SHA1 Message Date
Martin Fleisz
37f9d5b494 core: Fix flag check to enable/disable RDSTLS security
On some platforms (i.e. Mac) the BOOL type might be narrower than the
`RedirectionFlags` type leading to an overflow when just assigning the
logical AND result to the setting. This fix makes sure that the value is
correctly set to either `TRUE` or `FALSE`.
2023-07-04 09:17:05 +02:00
akallabeth
4d350978dd [core] assert rdp->context 2023-06-26 10:53:43 +02:00
Marc-André Moreau
4d4dcd4511 Fix usage of explicit server name when different from connection host 2023-06-13 09:20:17 -04:00
Armin Novak
970f0c54e8 [stream] use const correct Stream_Pointer access 2023-06-08 08:09:33 +02:00
akallabeth
d71c58a04b [core,licensing] allow all SEC_AUTODETECT_REQ messages
follow up to fdcc36dd8d
autodetect messages also seem to be sent over global channel id
instead of message channel id
2023-05-26 11:52:54 +02:00
Armin Novak
da38ca3254 [core,server] decrease logging verbosity 2023-05-23 05:04:55 +02:00
Armin Novak
a433e1b761 [core,rdp] use a dynamic logger for rdpRdp 2023-05-23 05:04:55 +02:00
akallabeth
9ddd21e909 [core,connection] print a warning
if we receive an unexpected channel message print a warning.
2023-05-03 13:46:39 +02:00
akallabeth
fdcc36dd8d [core,connection] relax state machine
contrary to '[MS-RDPBCGR] 1.3.9 Connect-Time and Continuous Network
Characteristics Detection' we have seen autodetection reqeusts mixed in
between licensing messages. This relaxes the state machine and allows
handling.
2023-05-03 13:46:39 +02:00
David Fort
7b0b273ec1 mcs: drop a server-side warning on FreeRDP_ChannelDefArray::len
Server side we often see "FreeRDP_ChannelDefArray::len expected to be >= 31,
but have XXX", where XXX is lower than 31.

This patche fixes that, the old code was setting the size of ChannelDefArray to the
number of ChannelCount, which is usually not what we want. We want to keep it to 31
and have ChannelCount indicate how many of these channels are used.
2023-04-27 08:37:11 +02:00
Armin Novak
4d3d1bfe4d [core,autodetect] revert to [MS-RDPBCGR] states
remove 'convenience' states in main RDP state machine for autodetect
2023-04-24 14:18:20 +02:00
Pascal Nowack
43f0fbdc12 core/autodetect: Allow overriding connect-time autodetection handling
Currently, FreeRDP-based server implementations can do connect-time
autodetection.
However, without having any control over it.

In order to be able to override the default connect-time autodetection
handling, introduce three new states for the state machine of the
connection sequence and two new callbacks for the autodetect handling.

These are:
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_BEGIN
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_IN_PROGRESS
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_END

- OnConnectTimeAutoDetectBegin()
- OnConnectTimeAutoDetectProgress()

The END state is pretty simple: When the autodetection is finished and
the autodetect state is FREERDP_AUTODETECT_STATE_COMPLETE, transition
into the next state of the connection sequence.

The BEGIN state is entered, when capability-wise network autodetection
is available.
In this state, the OnConnectTimeAutoDetectBegin callback is called, the
server implementation may initialize any related handling here.
If the server implementation determines, that no further handling is
required, it can end the autodetection phase by returning
FREERDP_AUTODETECT_STATE_COMPLETE.
If not, and an autodetection request is sent, it returns
FREERDP_AUTODETECT_STATE_REQUEST.
The state machine of the connection sequence will then switch into the
IN_PROGRESS state.

In the IN_PROGRESS state, any incoming PDU is handled first, then the
OnConnectTimeAutoDetectProgress callback is called.
Like in the BEGIN state, the return value will determine, whether the
state machine of the connection sequence goes into the END state or goes
into (or rather stays) in the IN_PROGRESS state.
2023-04-13 09:58:52 +02:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Joan Torres
5f8e64f89c [core,connection]: Fix load balance setting on redirection
The routing token is already set for the nego on rdp_client_connect func.
2023-03-08 08:36:42 +01:00
Armin Novak
37936f5cbb [core,connect] check for valid hostname 2023-03-06 10:04:59 +01:00
Armin Novak
f5462bdf92 [core] fix rdp_client_establish_keys 2023-03-06 08:35:24 +01:00
Armin Novak
2450bf75e8 [core] improve assertions and logging 2023-03-05 17:03:18 +01:00
akallabeth
adce7378c3 [core,cache] make protocol caches private
most protocol internal caches do not need to be exposed. this reduces
the public API and allows us to more easily improve/change this during a
release cycle
2023-02-27 17:31:52 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
94b2f551b3 [core] update to new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
51e71b3c48 Fixed compiler warnings 2023-02-03 11:09:59 +01:00
akallabeth
a082f2b78a [core] improve logging 2023-02-03 11:09:59 +01:00
akallabeth
31695c94a1 [client random] refactor use
* use sizeof() instead of define length
* use settings getter/setter
2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3 [core] refactor certificate handling
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
  components
* Move all private key and certificate code to certificate.c,
  remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
  to write the certificate data
* Refactor security_establish_keys, use the random values stored in
  settings directly
2023-02-03 11:09:59 +01:00
Armin Novak
70f6c09ff4 [core] fix persistent bitmap cache setting
* Only activate if both, client and server support the capability
* Use settings getter to access setting
2023-01-26 09:30:17 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Armin Novak
a111a19c58 [core] check return of rdp_write_security_header 2023-01-25 09:37:40 +01:00
Armin Novak
2fc24420d1 [core] fix server side skip channel join
move to state CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT instead of
CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE
2023-01-25 09:37:40 +01:00
akallabeth
f2b934866a [core,connection] code cleanups 2023-01-24 10:16:55 +01:00
akallabeth
23281121bf [core] implement skip channel join 2023-01-20 11:19:18 +01:00
David Fort
bee2873b52 core: in connection.c use constant instead of raw value 2022-12-23 08:42:45 +01:00
Armin Novak
0e25f99602 Revert "[server,shadow] rdp_server_reactivate do not wait"
This reverts commit 34f44ce4a1.
2022-12-22 15:09:03 +01:00
Armin Novak
34f44ce4a1 [server,shadow] rdp_server_reactivate do not wait
in rdp_server_reactivate do not wait for the server to change state, let
the peer state machine handle that.
2022-12-19 10:38:18 +01:00
Armin Novak
b41ef0cda7 [core,client] fixed connection timeout abort
the abort condidion was not properly triggered.
2022-12-12 18:08:42 +01:00
akallabeth
37ab25e19d Fixed all Wdocumentation warnings 2022-12-12 14:24:55 +01:00
Armin Novak
917e392f1e [client] fix connection active checks
* use freerdp_is_active_state for session active checks
* fix state transitions
2022-12-12 12:59:32 +01:00
Armin Novak
a14c75a3a2 [core,client] handle optional monitor layout PDU
The monitor layout PDU is optional. If that was not received assume it
will not be sent and continue in next state.
2022-12-12 12:59:32 +01:00
akallabeth
d3e9210985 [core] added freerdp_is_active_state
Since client and server use different states to indicate the connection
is activated, add this convenience function to determine that
2022-12-12 12:59:32 +01:00
Armin Novak
c22d3736a3 [client] refactor client activation timeout
Move the code to a function to make it more readable
2022-12-12 12:59:32 +01:00
akallabeth
2809e14064 [core,connection] fix missing logger argument 2022-12-09 20:30:23 +01:00
Armin Novak
358ac53b66 [core,license] print a warning on invalid packet
* add stringify function for securityFlags
* print a error message on unexpected packet
2022-12-03 00:13:27 +01:00
akallabeth
1304af4748 [core,rdp] Refactor rdp security encryption
Unify rc4 encryption key handling, use common free and reset functions
2022-11-25 12:35:14 +01:00
akallabeth
68bd3b63ae [server] Fix rdp_peer_handle_state_demand_active
* Return type is state_run_t
* Fix use, check for success
2022-11-22 15:30:31 +01:00
Armin Novak
a40ade5abc Fixed -Wincompatible-pointer-types 2022-11-21 10:12:31 +01:00
Armin Novak
b56b09840a Fixed -Wshadow 2022-11-21 10:12:31 +01:00
akallabeth
d83f70bc32 [core,transport] event handle for transportIO
With the latest client changes the internal event loop requires a handle
to wait on. Add a new function to (re)set the newly added transport event handle.
2022-11-16 15:32:32 +01:00
akallabeth
4ccb38aa13 [core] Check return value of *_transition_to_state
The state transition might not be allowed, so abort if that fails.
2022-11-16 15:32:32 +01:00