Commit Graph

196 Commits

Author SHA1 Message Date
Armin Novak
49936a7ba6 Fixed #5276: Enable SSL before parsing assistance file.
The assistance file requires primitives from the ssl wrapper.
Enable these before parsing the file.
Additionally split the FIPS mode enablement from the one time
initializer to avoid ignoring that flag.
2019-02-25 10:37:30 +01:00
Armin Novak
dfb4a411d4 Silenced unused-const-variables for test cases. 2019-02-21 14:02:13 +01:00
Martin Fleisz
6415cfec48
Merge pull request #5131 from akallabeth/cmd_line_error_logging
Added extended error logging for assistance, rdp file and command line parser
2019-02-08 09:11:35 +01:00
Armin Novak
9d680904cc Fixed compiler warnings #5210 2019-01-29 16:14:55 +01:00
David Fort
05d9d89796
Merge pull request #5149 from akallabeth/cert_deny
New option to disable user certificate dialog
2019-01-25 16:59:33 +01:00
Armin Novak
08cc3cdee4 Fixed use after free. 2019-01-16 15:00:13 +01:00
Armin Novak
89f3f7d837 Added extended error logging for assistance, rdp file and command line parser. 2019-01-16 14:32:19 +01:00
Joachim Meyer
c8358fdda6 Reject assistance input if not a RA invitation or connection string 2. 2019-01-07 13:00:48 +01:00
Joachim Meyer
7efbae282c Set the username setting again, if it exists. 2019-01-07 10:38:55 +01:00
Joachim Meyer
8d50c4ce2d Add support for standard Remote Assistance Connection String 2 without the extensions of the invitation file format. 2019-01-03 20:58:40 +01:00
Armin Novak
b60045af27 New option to disable user certificate dialog
The new option +cert-deny aborts a connection automatically if
the certificate can not be validated by OpenSSL or via known hosts.
2018-12-14 10:17:52 +01:00
Armin Novak
7ba34962e6 Removed duplcate NULL checks. 2018-11-22 11:21:57 +01:00
Armin Novak
f904d84638 Fixed freerdp_assistance_parse_address_list
* Return a proper error in case parsing fails.
* Don't duplicate string as we already operate on a duplicate.
2018-11-22 11:17:13 +01:00
Armin Novak
3f655db3c5 Fixed test_msrsc_incident_file_type1 return checks. 2018-11-22 11:16:43 +01:00
Armin Novak
59e9abc737 Fixed memory leak in reallocate. 2018-11-22 11:11:31 +01:00
Armin Novak
c8908c8be6 Updated windows shadow server assistance usage. 2018-11-22 11:11:31 +01:00
Armin Novak
484ceaed34 Fixed assistance unit test. 2018-11-22 11:11:31 +01:00
Armin Novak
e1555662d1 Set username from assistance file. 2018-11-22 11:11:31 +01:00
Armin Novak
35c1eac6ec Unified address parsing for assistance files. 2018-11-22 11:11:31 +01:00
Armin Novak
6de2129a90 assistance v2 support 2018-11-22 11:11:31 +01:00
Bernhard Miklautz
1222e7060b new [crypto/tls]: add support to set tls security level
The newly introduced option /tls-seclevel can be used to set the tls
security level on systems with openssl >= 1.1.0 or libressl.
As default level 1 is used as higher levels might prohibit connections
to older systems.
2018-11-08 11:13:15 +01:00
Armin Novak
0de43c8b85 Added /smartcard-logon option to set flag. (Stripped version of #4837 by @informatimago) 2018-09-04 15:50:03 +02:00
Armin Novak
114abad767 Removed use of strcpy. 2018-08-27 14:34:09 +02:00
Armin Novak
59819818f3 Fixed freerdp_load_dynamic_addin path 2018-08-24 13:40:36 +02:00
Armin Novak
c3a26b0d6a Removed +async-transport options
The async transport option is broken by design.
If used the main loop is called from the transport thread and the
main thread of the application.
Unless the transport layer is refactored to just work on queues
(input and output) this option will never work, therefore remove it.
2018-08-22 13:56:37 +02:00
Martin Fleisz
8e5d5fa8ea
Merge pull request #4450 from akallabeth/assist_fix
Assistance and RDP file parser fix
2018-02-21 16:56:55 +01:00
Armin Novak
212a448a38 Added assistance file name NULL check. 2018-02-19 10:00:23 +01:00
Jacco Braat
b592684734 Added to rdp file parsing: gatewayaccesstoken:s:<token>
Added to commandline parsing: /gat:<token>
Added GatewayAccessToken to sings
2018-02-15 10:56:57 +01:00
Armin Novak
1d01582a87 Fixed dead store warnings. 2017-12-21 11:47:16 +01:00
Bernhard Miklautz
bc8bdc3e54 fix channel/smartcard: compiler warnings
* remove unused variables
* remove unused jump label
2017-12-13 17:04:06 +01:00
Bernhard Miklautz
1e6fea7fa7 fix channel/smartcard: simplify channel variables
Path was not really used and name was duplicated. Use the device->Name
directly.
2017-12-13 17:04:06 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
Bernhard Miklautz
4592deee72 extend /size to allow width or height percentages (#4146)
If the size parameter is used with a percentages like /size:50% now
an additional 'w' or 'h' can be appended (like /size:50%w) to specify
where the percentage should be applied. If both or none are set the
behavior is like it was before and the percentage is applied to width
and height.
2017-09-25 09:35:49 +02:00
Bernhard Miklautz
52fbfb7b12 fix clang warnings, directly include wtypes.h (#4097)
* build: clang use -Wno-unused-command-line-argument

With clang 5.0 builds are quite noisy otherwise.

* Directly include wtypes.h

Directly include winpr/wtypes.h where _fseeki64 or _ftelli64 is used.

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: parentheses-equality

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: tautological-compare

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning:
incompatible pointer types passing 'size_t *' (aka 'unsigned
long *') to parameter of type 'UINT32 *' (aka 'unsigned int *')
[-Wincompatible-pointer-types]
2017-08-29 09:09:38 +02:00
Armin Novak
c3d4b7d262 fseeko and ftello for 64bit file support. 2017-08-14 08:42:49 +02:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
David Fort
48163a27db Merge pull request #3906 from akallabeth/addin_cast_fix
Addin cast fix
2017-05-22 11:12:05 +02:00
Armin Novak
f414522b7a Added setting for QoeAck. 2017-05-18 14:07:09 +02:00
Armin Novak
9713b63c26 Fixed addin tables and casts. 2017-04-10 10:38:57 +02:00
Armin Novak
09d43a66f4 Fixed tests and dead store warnings. 2017-03-28 16:49:56 +02:00
Norbert Federa
71ce3378da Merge pull request #3665 from realjiangms/fix_ssl_add_all_digests
Winpr/openssl: Fix digests initialization in multi-thread
2017-01-13 09:46:14 +01:00
akallabeth
3762401d43 Merge pull request #1750 from ccpp/master
Support for HTTP-Proxy
2017-01-11 11:02:00 +01:00
Armin Novak
6d075ad719 Add "Ex" interface support for external channels
Support the VirtualChannelEntryEx interface also for channels that are
not static (as in compiled in).
2016-12-28 11:21:14 +01:00
zihao.jiang
a505a6cd27 Winpr/openssl: Fix digests initialization in multi-thread
SSL functions like OpenSSL_add_all_digests should be invoked at very beginning as they are not MT safe.
If not we might meet double free exception as following:

 #0  0x00007f23ddd71c37 in raise () from /lib/x86_64-linux-gnu/libc.so.6
 #1  0x00007f23ddd75028 in abort () from /lib/x86_64-linux-gnu/libc.so.6
 #2  0x00007f23dddae2a4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
 #3  0x00007f23dddba55e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
 #4  0x00007f23dc6ecfcd in CRYPTO_free () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #5  0x00007f23dc6ef8d1 in OBJ_NAME_add () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #6  0x00007f23dc77dcd8 in EVP_add_digest () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #7  0x00007f23dc782321 in OpenSSL_add_all_digests () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
 #8  0x00007f23c781da28 in winpr_openssl_get_evp_md (md=4) at /home/zihao/workspace/zihao_FreeRDP/winpr/libwinpr/crypto/hash.c:52
 #9  0x00007f23c781dccb in winpr_Digest_Init (ctx=0x7f22d064d470, md=<optimized out>) at /home/zihao/workspace/zihao_FreeRDP/winpr/libwinpr/crypto/hash.c:344
 #10 0x00007f23d486139b in security_salted_mac_signature (rdp=0x7f23859f5a20, data=0x7f238542d4fb "\004\204\022\004", length=4743, encryption=<optimized out>, output=0x7
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/security.c:378
 #11 0x00007f23d488d73f in fastpath_send_update_pdu (fastpath=<optimized out>, updateCode=4 '\004', s=0x7f23859f5f40, skipCompression=true)
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/fastpath.c:1076
 #12 0x00007f23d4891c4f in update_send_surface_frame_bits (context=0x7f23859f5540, cmd=0x7f22b2ffcc80, first=true, last=true, frameId=6)
     at /home/zihao/workspace/zihao_FreeRDP/libfreerdp/core/update.c:1041

Related reports: https://rt.openssl.org/Ticket/Display.html?id=2216&user=guest&pass=guest
2016-12-28 03:48:40 +08:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Christian Plattner
58ef7cc42d More abstracted proxy handling 2016-12-10 23:13:35 +01:00
Christian Plattner
a72c184108 Bugfix setting HTTP proxy name (fixes environment variable detection) 2016-12-10 19:00:32 +01:00
Christian Plattner
5d10b3bf5b Merge branch 'gateway-http-bugfix'
Conflicts:
	client/common/cmdline.c
	include/freerdp/settings.h
	libfreerdp/common/settings.c
	libfreerdp/core/settings.c
	libfreerdp/core/tcp.c
	libfreerdp/core/transport.c
2016-12-09 20:43:02 +01:00
Armin Novak
c33754ae1d Fixed unused and uninitialized warnings. 2016-12-01 15:36:49 +01:00