Commit Graph

127 Commits

Author SHA1 Message Date
Armin Novak
188fe4ed2b Removed rdp disconnect, using unified abortEvent instead. 2015-09-05 14:57:30 +02:00
Marc-André Moreau
161359f6ec libfreerdp-core: fix receiving of logon error info during capability exchange 2015-06-29 12:43:18 -04:00
Marc-André Moreau
ddf2519f1e Merge pull request #2719 from bmiklautz/pull/2481
OSS, tsmf, usb and BSD fixes and improvements
2015-06-26 08:27:22 -04:00
Bernhard Miklautz
ff8d172a12 core: use error instead of debug
When the function would return with an error print an error message
instead of a debug message
2015-06-23 11:15:13 +02:00
Norbert Federa
91a9b23b91 core: message channel pdu broken with rdp security
rdp_recv_message_channel_pdu always read the rdp security header
even if it was already previously read (which is the case if rdp
security is active)

This caused malfunctions and disconnects when heartbeat or bandwidth
autodetect packets were sent/received in rdp security mode.

Credit goes to @MartinHaimberger for identifying the broken code
part.
2015-06-19 14:49:17 +02:00
ivan-83
307d22ca11 * debug and error messages now print function name and line number
* add debug messages to trace fake network dissconects
2015-05-27 23:48:07 +03:00
ivan-83
3912172fc8 + tsmf: OSS initial suppot (not work yet)
* tsmf: fix video playback on FreeBSD (proper shared object name)
* tsmf: renamed args: audio->sys, audio-dev->dev
* audin: OSS fix, now it work
* cmdline: add syntax help for /audin, /rdpsnd, /tsmf
* add debug messages
2015-05-27 23:22:36 +03:00
ivan-83
0fda0eb0de Code style changed. 2015-05-27 22:59:57 +03:00
ivan-83
1009268158 * debug and error messages now print function name and line number
* add debug messages to trace fake network dissconects
2015-05-27 22:57:10 +03:00
ivan-83
94a7abd2af + tsmf: OSS initial suppot (not work yet)
* tsmf: fix video playback on FreeBSD (proper shared object name)
* tsmf: renamed args: audio->sys, audio-dev->dev
* audin: OSS fix, now it work
* cmdline: add syntax help for /audin, /rdpsnd, /tsmf
* add debug messages
2015-05-27 22:54:13 +03:00
Konrad Witaszczyk
8797eef9b9 Assign peer to settings when a new RDP module is being initialized. 2015-05-21 16:54:19 +02:00
Clive Stevens
2e41c5425b Fix whitespace 2015-05-06 15:54:23 +01:00
Clive Stevens
b06e50479e Fix two cases of potentially leaked streams 2015-05-06 15:23:37 +01:00
Bernhard Miklautz
515502ffa5 change return types of callbacks to BOOL
* change all client/server callbacks to BOOL
* update all clients accordingly
* add multiple return value checks
* small fixes
2015-04-21 14:18:07 +02:00
Armin Novak
ea0e255058 Fixed broken pad setting. 2015-04-13 09:28:29 +02:00
David FORT
c03bf75896 Take in account @nfedera's comments 2015-04-07 21:06:53 +02:00
David FORT
0eb399a717 Treat return values for security.c
This patch make functions in security.c return values when they should instead of
beeing void. And it also fix the callers of these functions.
2015-04-01 11:11:37 +02:00
Bernhard Miklautz
74c8400789 coding style fixes
Add missing space after if
2015-03-30 17:15:45 +02:00
Bernhard Miklautz
f469e069dc stream: Stream_Ensure*Capacity: change return type
Change the return type of Stream_Ensure*Capacity from void to BOOL to be
able to detect realloc problems easily. Otherwise the only way to detect
this was to check if the capacity after the call was >= the required
size.
In case Stream_Ensure*Capacity fails the old memory is still available
and need to freed outside.

This commit also adds checks to most calls of Stream_Ensure*Capacity to
check if the call was successful.
2015-03-30 16:33:48 +02:00
Bernhard Miklautz
3c7662517c hardening
Start to add missing checks for:
* *alloc
* *_New
2015-03-25 17:38:21 +01:00
Marc-André Moreau
9c7b7ab561 libfreerdp-core: make NLA event-driven 2015-02-15 16:04:59 -05:00
Marc-André Moreau
eddfee56a3 libfreerdp-core: prepare client-side NLA for event-driven structure 2015-02-15 14:54:10 -05:00
Marc-André Moreau
991f7b347d libfreerdp-core: further abstract multiple connections used internally by tsg from rdpTransport 2015-02-15 10:06:17 -05:00
Marc-André Moreau
70fab69347 libfreerdp-core: gateway connection refactoring 2015-02-11 14:27:29 -05:00
Marc-André Moreau
fa06c4d401 libfreerdp-core: improve reconnection 2015-02-06 14:21:26 -05:00
Marc-André Moreau
e4f99834d0 libfreerdp-core: make tsg threadless 2015-02-02 11:50:56 -05:00
Marc-André Moreau
620694c10a Merge pull request #2301 from akallabeth/disconnect_fix
Disconnect / Reconnect fix
2015-01-14 08:56:54 -05:00
Martin Haimberger
bba342a6be added set_error_info function
if an error_info is set, a TS_SET_ERROR_INFO_PDU
will be sent to the client on disconnect with
the error_info
2015-01-13 08:09:36 -08:00
Armin Novak
600074373c Fixed rdp_reset. 2015-01-12 13:47:04 +01:00
Marc-André Moreau
9b28562cc1 libfreerdp-core: fix faulty rdpTransport server-side initialization 2014-12-15 10:23:06 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Armin Novak
bde7b156a8 Fixed uninitialized data warning. 2014-11-17 00:05:12 +01:00
Martin Fleisz
53f38d3e89 Merge pull request #2189 from llyzs/llyzs
Support Continuous Auto-Detection.
2014-11-11 08:42:48 +01:00
Mehul Dhorda
e8b8ae1900 Added comment to clarify flow control PDU fields. 2014-11-07 14:58:58 -08:00
Vic Lee
8eaeeebecc libfreerdp-core: support continuous auto-detection. 2014-11-07 16:18:49 +08:00
Mehul Dhorda
f64d620a3b Ignore T.128 FlowPDU in Share Control header
According to the Microsoft RDP specification, T.128 flow control PDUs
should be ignored when reading Share Control headers.
(http://msdn.microsoft.com/en-us/library/cc240576.aspx). This patch
checks if we got a flow control PDU (length = 0x8000) and advances the
stream to ignore the PDU.
2014-11-05 11:32:46 -08:00
Vic Lee
0e7797ffca libfreerdp-core: server-side mcs message channel. 2014-10-29 00:49:27 +08:00
Bernhard Miklautz
f40053577f core: add support for set keyboard indicators PDU
Server Set Keyboard Indicators PDU MS-RDPBCGR 2.2.8.2.1

* add server side code
* add support for client callback
2014-10-03 12:10:44 +02:00
Marc-André Moreau
9daa8bd36f libfreerdp-gdi: handle egfx desktop resize 2014-09-25 22:08:10 -04:00
Marc-André Moreau
6cb4b59426 libfreerdp-core: fix server-side receiving of X224 disconnect TPDU 2014-09-20 20:19:59 -04:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Vic Lee
af57056228 transport: exit transport loop when the session is activated. 2014-09-11 14:04:32 -07:00
Daniel Bungert
27fc3ee64d Fix multiple cases of use of uninitialized vars
* Zeroing xevent helped address some erratic behavior.
* valgrind complained about using xfBitmap uninitialized
  during shutdown, traced it back to the initialization.
  Bitmap_Prototype->size > sizeof(rdpBitmap).
* Early exit from recv_tpkt_pdu is necessary to address
  a shutdown crash - the channelId value was being used
  without being set in the disconnect case.
2014-08-20 03:54:05 -06:00
Armin Novak
f4c133eaf8 Replaced custom logging mechanism with WLog wrapper. 2014-08-07 16:51:24 +02:00
Marc-André Moreau
c2a59c23a7 libfreerdp-core: fix potential crash on session redirection failure 2014-04-28 16:44:52 -04:00
Marc-André Moreau
09a540b40b libfreerdp-core: remove old, unused extension framework 2014-04-14 14:49:03 -04:00
Hardening
2edd8bee12 Misc fixes to check OOM 2014-04-10 21:10:19 +02:00
Norbert Federa
18cb418c81 core: FIPS for fastpath and RDP security fixes
- fixed invalid stream position if extEncryptionMethods is not used
- enabled 56bit rdp security method
- fixed entropy reduction of the keys for 40 bit and 56 bit
- added rdp security incl. FIPS for fastpath output
- added FIPS encryption to fast path input
- fixed FIPS key generation in server mode
- fixed stream length correction in FIPS mode
- added rdp encryption for licensing packets (apparently some clients,
  specifically cetsc, require the license packets received from the
  server to be encrypted under certain RDP encryption levels)
- replace errnous virtual extended mouse event in focus in event
2014-04-02 14:17:39 +02:00
Benoit LeBlanc
21b5f0e418 Fix windows build 2014-03-21 15:25:00 -04:00
Benoît LeBlanc
3e1dfc6311 updated context error messages. utility macros for getting error code CLASS/TYPE 2014-03-21 13:45:43 -04:00