Commit Graph

72 Commits

Author SHA1 Message Date
akallabeth
1f7bc15bb1 [settings] add HasQoeEvent 2023-10-13 16:05:27 +02:00
akallabeth
910e3b9fb4 [settings] added new setting for HasRelativeMouseEvent 2023-10-13 16:05:27 +02:00
David Fort
3c18a9980f [client,win32] implement connection to child session
Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
2023-09-27 11:57:49 +02:00
akallabeth
635626be12 [client,common] avd related keys to rdp file parser 2023-09-21 10:30:09 +02:00
Marc-André Moreau
30c31d64e8 WinSCard dynamic API loading with /winscard-module cli argument 2023-08-23 12:26:27 +02:00
Armin Novak
3d1bb4e1d9 [client,common] allow forcing default callbacks
All clients can implement their own callbacks for
certificate/credential/smartcard/... but there is a common (default)
implementation for all clients.
with the new setting FreeRDP_UseCommonStdioCallbacks it is now possible
to force these over the client implementation provided ones
2023-07-20 14:25:08 +02:00
Armin Novak
10e010329c [client,file] add WebAuthN rdp file parsing support 2023-07-10 10:45:28 +02:00
akallabeth
a01f3ec5ab [client,common] allow adding a named keyboard pipe
This allows starting FreeRDP clients with a named pipe that will type in
text written to the named pipe as keyboard input
2023-07-03 13:21:43 +02:00
Michael Saxl
d55e035260 [gateway,arm] Azure Virtual Desktop Gateway support
This PR creates a new /gateway:type:arm transport.
It depends on CJSON

The arm transport is not a transport by itself but is responsible
for getting the websocket endpoint from a configuration url derived from
the configured gateway host in the rdpw file or cmdline
2023-06-27 21:15:08 +02:00
Michael Saxl
44c1ec3276 [gateway,websocket] implement plain websocket transport
* factor out most websocket specific code parts into websocket.c
* create wst.c (Websocket Transport) as gateway transport implementation
* introduce GatewayUrl setting that holds the websocket url
* introduce GatewayHttpExtAuthBearer that holds the HTTP Bearer
* GatewayHttpExtAuthBearer can be used by both rdg and wst
2023-06-22 09:21:42 +02:00
Michael Saxl
6478edda5b rdg bearer support 2023-06-22 09:21:42 +02:00
akallabeth
393577750e [settings] add FreeRDP_ClipboardFeatureMask 2023-05-25 16:26:39 +02:00
Richard Markiewicz
13e52cfae2 [channels,settings] add a setting to ignore invalid devices 2023-04-24 11:29:05 +02:00
Armin Novak
39767c5423 [settings] add supported color depths setting 2023-04-13 14:35:51 +02:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
2023-02-28 15:49:58 +01:00
akallabeth
2d94ff3f9e [settings] remove obsolete keys
* CertificateFile and CertificateContent are no longer used
* PrivateKeyFile and PrivateKeyContent are no longer used
2023-02-16 10:06:17 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
akallabeth
2eda0aa2ea [core,settings] remove unused setting 2023-02-03 11:24:32 +01:00
Armin Novak
cd48e17740 [gateway,settings] add GatewayAutoConsent option
with this option the client automatically accepts consent messages of
the gateway server.
2023-02-03 11:08:46 +01:00
akallabeth
da42a2141e [core,settings] update getter/setter generation
fix issues with const and non const string pointer update
2023-02-01 09:51:54 +01:00
akallabeth
60424ef76f [core] fixed client/server early capapbility flags 2023-01-20 10:57:30 +01:00
akallabeth
05dab47cbd [core,settings] add missing redirection options
* RedirectionGuid
* TargetCertificate
2023-01-17 12:25:31 +01:00
Armin Novak
5f81005ecb [transport] remove polling loop
We no longer have a blocking polling loop in transport. Instead assume
there is more data after a packet was processed and let the transport
try again. If there is another packet ready, this repeats until only a
partly received (or no new data available) situation is reached.
2022-12-12 12:59:32 +01:00
Armin Novak
3e3ed445b4 [client,file] add rdgiskdcproxy to settings
Adds a new option FreeRDP_KerberosRdgIsKdc to manually set the KDC url
to the gateway server url
2022-12-06 14:07:53 +01:00
akallabeth
ca5684c968 [settings,caps] Removed ColorPointerFlag
* The setting is obsolete and can be replaced by a constant
* Only check the receive function for proper value and print a warning
2022-12-06 09:08:12 +01:00
akallabeth
97fd183d39 [core,settings] Added ColorPointerCacheSize 2022-12-06 09:08:12 +01:00
akallabeth
d898f04e41 [core,settings] Added settings function docs
* Document settings functions
* Make rdpSettings* checks more uniform
2022-12-02 15:25:08 +01:00
akallabeth
c1a9c19308 [settings] Fixed UTF16 helpers
Do not copy the already allocated buffer
2022-12-02 15:08:09 +01:00
akallabeth
7d67adbc54 Refactored licensing module
* Make the whole module opaque for easier testing
2022-11-03 17:02:47 +01:00
akallabeth
3af13a0fb2 Add proper read/write for ordersupportflags et al
* Add new settings for OrderSupportFlags, OrderSupportFlagsEx,
  TerminalDescriptor and TextANSICodePage
* Add proper read/write routines for the new settings
* Add proper default values for the new settings
2022-11-03 17:02:15 +01:00
Armin Novak
7cef0cb8d6 Refactored capability parsing
* Add new settings for previously ignored capability options
* Store raw capability data in settings for later use
* Add function to extract settings from raw capability data
* Split capability read/write from client/server logic (e.g. enforce
  limits, ...)
2022-11-03 17:02:15 +01:00
akallabeth
58599c91a3 Add setting name for invalid function access
Try to be helpful and resolve the settings index with a readable
name if possible to help diagnose wrong function use
2022-10-27 10:46:58 +02:00
Marc-André Moreau
e3594c91dc Add UserSpecifiedServerName setting, /server-name command-line parameter 2022-10-14 17:59:57 -04:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
Marc-André Moreau
b324e49131 rename KerberosKdc setting to KerberosKdcUrl 2022-09-30 19:33:12 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding (#8120)
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
2022-08-16 10:40:32 +02:00
David Véron
a3712521a8 TLS version control
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
2022-07-07 07:13:11 +00:00
Armin Novak
b672bda85e Removed RdpKeyFile and RdpKeyContent settings
They are a duplicate of PrivateKeyFile and PrivateKeyContent
2022-07-06 12:01:23 +02:00
akallabeth
31304951de Regenerated settings helpers 2022-06-23 09:18:37 +02:00
fifthdegree
eeece1a027 server-side kerberos (and some fixes) 2022-06-21 10:27:17 +02:00
Marc-André Moreau
161617c4a4 Implement RDP persistent bitmap cache 2022-06-08 23:37:06 +02:00
Marc-André Moreau
1d5c0be5ec Add settings to load a custom SSPI shared library module 2022-06-01 15:16:12 +02:00
akallabeth
6ce3499e13
Settings getter tests (#7869)
* Added tests for freerdp_[static|dynamic]_collection_* functions

* Added settings unit test for clone functions

* Fix argument for winpr_RAND and winpr_RAND_pseudo

Using void* eliminates all assumptions of which type the buffer is.
This eliminates unnecessary warnings.
2022-05-02 11:39:38 +02:00
Armin Novak
1f9916eba2 Added settings comparison function 2022-04-22 10:20:09 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796)
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
2022-04-19 14:29:17 +02:00
akallabeth
704289ffee
Smartcard tls logon fix (#7709)
* Early return authenticate if TLS smartcard logon

* Removed obsolete SmartcardPin and unified AuthenticateEx calls

* Remove password-is-pin from command line

The setting is implied by smartcard-logon and only of interest in
server side code, so the setting is useless

* Rework AUTH_SMARTCARD_PIN

Just prompt for PIN and not user/domain if this is requested.

* Fixed a memory leak in nla.c

* Align credentail prompt

* Handle AUTH_NLA & smartcard, just ask for PIN

* Added assertions, removed duplicate password prompt check

* Move smartcard logon after credential prompt
2022-03-09 09:09:53 +01:00
Armin Novak
71aac852d6 Remove async-input from clients 2022-03-08 15:37:19 +01:00
David Fort
0435b5a65d Implement smartcard logon 2022-02-24 08:52:25 +01:00