Commit Graph

5313 Commits

Author SHA1 Message Date
Martin Fleisz
4859a5dfd4 core: Fix possible memory leak in smartcard certificate enumeration
When enumerating smartcard certificates we check if we have duplicates
in our certificate list. In case we detect a duplicate we just return
`TRUE` (indicating that we consumed the certificate info) but do not
free the smartcard info instance.
2023-04-28 11:45:59 +02:00
Armin Novak
ca13987e84 [core,gateway] tighten checks for fault PDU 2023-04-28 10:16:49 +02:00
akallabeth
60f36ed2d6 [emu,scard] use EVP_PKEY_decrypt to determine length 2023-04-28 08:33:06 +02:00
Armin Novak
8b6d05f90f [crypto] fix key decrypt inconsistencies 2023-04-28 08:33:06 +02:00
akallabeth
402cffdeb2 [emu,scard] openssl 3 support 2023-04-28 08:33:06 +02:00
akallabeth
6c38e20e4e [crypto,cert] add openssl3 support 2023-04-28 08:33:06 +02:00
akallabeth
9ebbeeb2f6 [crypto,pkey] add openssl3 support 2023-04-28 08:33:06 +02:00
akallabeth
c950ca375c [client,common] fix value present flag check
need to check for COMMAND_LINE_VALUE_PRESENT instad of COMMAND_LINE_ARGUMENT_PRESENT
2023-04-28 07:39:35 +02:00
akallabeth
516668d02b [fclose] ensure no invalid pointers are passed.
fclose has undefined behaviour for NULL pointers, so check for these.
2023-04-28 07:39:35 +02:00
fifthdegree
b1c4cb493f Set KDC URL in a way compatible with Windows 2023-04-27 16:31:30 +02:00
David Fort
7b0b273ec1 mcs: drop a server-side warning on FreeRDP_ChannelDefArray::len
Server side we often see "FreeRDP_ChannelDefArray::len expected to be >= 31,
but have XXX", where XXX is lower than 31.

This patche fixes that, the old code was setting the size of ChannelDefArray to the
number of ChannelCount, which is usually not what we want. We want to keep it to 31
and have ChannelCount indicate how many of these channels are used.
2023-04-27 08:37:11 +02:00
Armin Novak
e0aec72d71 [pkg-config] unify exec_prefix 2023-04-24 22:01:15 +02:00
Armin Novak
4d3d1bfe4d [core,autodetect] revert to [MS-RDPBCGR] states
remove 'convenience' states in main RDP state machine for autodetect
2023-04-24 14:18:20 +02:00
Armin Novak
f357f1d418 [core,license] allow empty cert info 2023-04-24 13:03:40 +02:00
Richard Markiewicz
13e52cfae2 [channels,settings] add a setting to ignore invalid devices 2023-04-24 11:29:05 +02:00
Bernhard Miklautz
d1069b3bc1 new: use prefix in pkg-config files for libdir 2023-04-24 11:19:01 +02:00
Bernhard Miklautz
ddc9e5835f new: export plugin paths in pkg-config and cmake package
To simplify building external channels and other plugins related
paths are now exported in the pkg-config file and the cmake package.
The paths can be used to install channels/plugins/extensions in
the configured search paths.

For pkg-config the following variables are now available:
* datadir
* plugindir
* proxy_plugindir
* extensiondir

They can be queried like: `pkg-config freerdp3 --variable plugindir`

The cmake package has three new variables that can be used:
* FreeRDP_PLUGIN_DIR
* FreeRDP_PROXY_PLUGIN_DIR
* FreeRDP_EXTENSION_DIR

Note: Depending on the build the directories are not necessarily created.
2023-04-24 11:19:01 +02:00
akallabeth
ecc32eaf2e [core,info] unify string read, log unexpected
* unify reading of domain and username strings with all the checks
* add handling of (undocumented) padding in [MS-RDPBCGR]
  2.2.10.1.1.2 Logon Info Version 2 (TS_LOGON_INFO_VERSION_2)
  occurring with windows 11
2023-04-24 10:59:17 +02:00
Armin Novak
afc29ce777 [crypto,cert] fix cert_write_server_certificate_v2 2023-04-24 10:58:01 +02:00
Armin Novak
91b0f6d444 [crypto,cert] remove too strict assert 2023-04-24 10:58:01 +02:00
akallabeth
c0dc193a39 [winpr,input] use enum for keyboard types
* move type definition to WinPR as used there too.
* supported keyboard types are defined in
  [MS-RDPBCGR] 2.2.1.3.2 Client Core Data (TS_UD_CS_CORE)]
  use a enum instead of magic numbers to make code more readable.
2023-04-21 12:31:51 +02:00
Pascal Nowack
bb967d1533 winpr/input: Add actual evdev keyboard handling
WinPR provides APIs to convert between keycodes between virtual
keycodes.
These keycodes can currently be evdev keycodes or Apple keycodes.
The evdev handling, however, handles XKB keycodes and not evdev ones.
The main difference between these is that XKB keycodes are shifted by
the value 8, compared to evdev keycodes.

In order to fix this situation, rename the evdev keycodes to XKB ones,
and introduce additionally a new keycode evdev, including its handling
for this keycode type.
2023-04-21 12:31:51 +02:00
Martin Fleisz
73911425d4 gateway: Do not encrypt message during RPC NTLM auth
Commit 2de7a4c249 introduced major changes
in the gateway authentication code. One of these changes was to decouple
NTLM specific authentication from the gateway code.

However with these changes, gateway authenciation with the old RPC code
stopped working and returned an authentication error. The problem is
that currently `credssp_auth_encrypt` encrypts the given message along
creating a signature.

The old code prevented encryption of the message by specifying
`SECBUFFER_READONLY` on the message buffer. The native Windows SSPI then
leaves this buffer as-is and gateway authentication works again.

This fix only applies to Windows platforms using the native SSPI API.
Interestingly this works on other platforms using the WinPR SSPI so
there seems to be a difference between the implementations (but that's a
topic for another PR).
2023-04-21 08:15:00 +02:00
Armin Novak
8994d4a213 [core,license] fix length checks
check the correct stream.
2023-04-19 10:51:33 +02:00
Joan Torres
3bcbdeb9fc [core,rdstls] Avoid Stream_SafeSeek on pdu parsing 2023-04-18 20:14:36 +02:00
Pascal Nowack
8362b3707e pointer: Rename position to hotspot position in Color Pointer Update
The attributes xPos and yPos for a Color Pointer Update are confusing,
as they may be confused with the xPos and yPos of the pointer bitmap on
the actual screen.
Rename these attributes to what they actually represent, and that is the
hotspot position.
xPos and yPos are still members of the hotspot. However, hotSpotX and
hotSpotY are much more clearer.
In addition to that, the Large Pointer Update uses the same names for
the hotspot coordinates.
2023-04-14 08:31:20 +02:00
Armin Novak
abe49dfd3d [core,settings] fix missing return path 2023-04-13 14:41:16 +02:00
Armin Novak
391f5e0ddb [settings] add freerdp_supported_color_depths_string 2023-04-13 14:35:51 +02:00
Armin Novak
fcdd3a1e75 [core,gcc] SupportedColorDepths and HighColorDepth
Split these, now independent from ColorDepth
2023-04-13 14:35:51 +02:00
Armin Novak
39767c5423 [settings] add supported color depths setting 2023-04-13 14:35:51 +02:00
Pascal Nowack
43f0fbdc12 core/autodetect: Allow overriding connect-time autodetection handling
Currently, FreeRDP-based server implementations can do connect-time
autodetection.
However, without having any control over it.

In order to be able to override the default connect-time autodetection
handling, introduce three new states for the state machine of the
connection sequence and two new callbacks for the autodetect handling.

These are:
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_BEGIN
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_IN_PROGRESS
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_END

- OnConnectTimeAutoDetectBegin()
- OnConnectTimeAutoDetectProgress()

The END state is pretty simple: When the autodetection is finished and
the autodetect state is FREERDP_AUTODETECT_STATE_COMPLETE, transition
into the next state of the connection sequence.

The BEGIN state is entered, when capability-wise network autodetection
is available.
In this state, the OnConnectTimeAutoDetectBegin callback is called, the
server implementation may initialize any related handling here.
If the server implementation determines, that no further handling is
required, it can end the autodetection phase by returning
FREERDP_AUTODETECT_STATE_COMPLETE.
If not, and an autodetection request is sent, it returns
FREERDP_AUTODETECT_STATE_REQUEST.
The state machine of the connection sequence will then switch into the
IN_PROGRESS state.

In the IN_PROGRESS state, any incoming PDU is handled first, then the
OnConnectTimeAutoDetectProgress callback is called.
Like in the BEGIN state, the return value will determine, whether the
state machine of the connection sequence goes into the END state or goes
into (or rather stays) in the IN_PROGRESS state.
2023-04-13 09:58:52 +02:00
Pascal Nowack
91ff145ae8 core/autodetect: Rework server side API to be closer to documentation
The current state of the autodetect API for the server side does not
include all allowed scenarios where the network autodetection can be
used.
This for example includes the connect-time autodetection, as the
related calls are hidden inside FreeRDP, and not exposed as public API.
In order to avoid duplicate send methods, check the state of the
connection sequence.
If the connection sequence is not yet done, use the connect-time request
types.
Otherwise, use the continuous request types.

The Bandwidth Measure Payload PDU is a little special case, as it is
only allowed to be sent during the connection sequence.
To ensure this, add an assertion in its sending method.

Also fix the handling for the Network Characteristics Sync PDU:
Previously, after parsing the PDU data, the read data was just sent
again to the client, which is wrong.
To fix this issue, introduce a callback for this client-to-server PDU,
so that the actual server implementation can hook up its own handling
for this PDU.
Depending on the situation, the server side may want to discard or use
the retrieved data here.

Moreover, decouple the send-handling for the Network Characteristics
Result PDU from the local autodetect variables.
Currently, these variables are shared between the send and receive
methods.
This leads to access problems, where the server side, wants to use a
different thread to send the autodetect PDU, as the receive handler may
receive an autodetect PDU and overwrite these values with possible
nonsense values.
This is especially the case with RTT response PDUs, as the written
netCharAverageRTT and netCharBaseRTT values are only correct, when only
one RTTRequest happens at a time and no stray RTTResponses are received.
2023-04-13 09:58:52 +02:00
Armin Novak
f8e8764ea8 [core,settings] unify identity from settings 2023-04-11 11:37:09 +02:00
Armin Novak
9b498efa79 [core,nla] unify identity creation 2023-04-11 11:37:09 +02:00
Armin Novak
e2f85fc329 [core,nla] ensure the identity is created with unicode 2023-04-11 11:37:09 +02:00
Armin Novak
13c025e04c [winpr,sspi] remove sspi_SetAuthIdentityWithUnicodePassword
the function is useless as we always use the SetAuthIdentityW API now
2023-04-11 11:37:09 +02:00
Armin Novak
aac0c0d01d [core,gateway] fix expected size for rts_read_auth_verifier_no_checks 2023-04-11 11:31:57 +02:00
Armin Novak
c638c51484 [core,gateway] fix expected length rts_read_auth_verifier_with_stub 2023-04-11 11:31:57 +02:00
Armin Novak
adc6b60bcf [core,gateway] silence rts_read_common_pdu_header
rts_read_common_pdu_header is used to determine if the packet was read
successfully. In that case it might fail but there should be no logging
done to not spam it with unnecessary warnings.
2023-04-11 11:31:57 +02:00
akallabeth
6a35f11faa [core,gateway] fix warnings with static stream 2023-04-11 11:30:41 +02:00
akallabeth
f3b7c1b84d [core,gateway] log http status codes 2023-04-11 11:21:27 +02:00
akallabeth
0f1b0cac76 [core,gateway] add http_status_string_format 2023-04-11 11:21:27 +02:00
akallabeth
8eec678710 [core,gateway] add http_status_string 2023-04-11 11:21:27 +02:00
akallabeth
7739815a90 [codec,h264] add getter/setter for h264 options 2023-04-11 10:58:03 +02:00
akallabeth
983c820f16 [codecs] make h264 and planar opaque 2023-04-11 10:58:03 +02:00
Joan Torres
1f58b64f68 [core,redirection] Fix sending redirection certificate
TargetCertificate option is set in TARGET_CERTIFICATE_CONTAINER format.

Exposed ELEMENT_TYPE_CERTIFICATE and ENCODING_TYPE_ASN1_DER1 to allow
building it externally in the mentioned format.
2023-04-11 10:29:16 +02:00
akallabeth
1a951a7ebc [core,credssp] simplified name cache 2023-04-06 16:15:45 +02:00
akallabeth
182f15e475 [core] add logger to rdpContext
Add a dynamic logger for rdpContext
2023-04-06 12:11:46 +02:00
Armin Novak
f66110c611 [codec,rfx] refactor API
* Hide implementation details
* Add missing getter/setter
2023-04-05 20:41:42 +02:00
Armin Novak
a86218c761 [codec,rfx] fix numTile update
ensure there are enough tiles allocated before setting
2023-04-05 20:41:42 +02:00