mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18,068 Commits 6 Branches 74 Tags 84 MiB
678b392e89
Commit Graph

45 Commits

Author SHA1 Message Date
David Fort
079731068c [core] fix freezing connection to childSession 
When connecting to child session(or a VM), we have CredSSP/Nego/ActivationSequence
instead of Nego/CredSSP/ActivationSequence. Before the patch, we were not applying
flags read in the NegoResponse to the settings and that was leading to FreeRDP
thinking that the remote server was not supporting EXTENDED_CLIENT_DATA_SUPPORTED.
That was later preventing some GCC blocks to be sent, and make the server unhappy
and freeze the connection.
 2023-11-28 13:28:08 +01:00
David Fort
061148f856 [nla] initial server-side remote credential guard support 
Adds support for server-side remote credential guard in NLA. When enabled that allows
the remote user to connect without shipping credentials in TSCred packets. Instead
it will send his TGT encoded with a TGS from the remote server. This way the server
is able to populate that TGT in a local credential cache without knowing the user's
password.

The patch only treats the NLA part and does not contain the associated RDPEAR channel
that allows to have the complete interaction to retrieve new access tokens.
 2023-11-20 16:17:00 +01:00
David Fort
3c18a9980f [client,win32] implement connection to child session 
Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
 2023-09-27 11:57:49 +02:00
Armin Novak
6d9d118593 [core,nego] remove AUTHZ_RESULT from nego header 2023-07-13 09:25:45 +02:00
Armin Novak
66cb8c68d4 [core,nego] change nego_set_routing_token argument 
Use void* instead of BYTE* as the real type is unknown and warnings can
be avoided
 2023-06-29 14:46:41 +02:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD 
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
 2023-03-10 16:38:07 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol 
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
 2023-03-08 14:05:00 +01:00
akallabeth
8cc6582044
Unify struct definitions (#7633) 
* Unified enum/struct definitions, fixed include issues

* Fixed mac compilation issues

* Added missing include

* Fixed windows server build warnings

* Fixed VS2010 build issue

* Removed unnecessary library linking

* Fixed ThreadPool WinXP compatibility

* Fixed pr review remarks
 2022-02-14 14:59:22 +01:00
Armin Novak
874f47f01e Added more error checks to nego 2021-12-14 13:46:34 +01:00
akallabeth
e2fd9db0b5 Added const to function arguments 2021-02-17 11:29:56 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Mati Shabtay
b907324009 First version of an RDP proxy (#5372) 
* server: Add proxy dir with barebones server

* sever/proxy: Remove licensing

* server/proxy: Add client files

* server/proxy: rm binary

* server/proxy: Formatting

* server/proxy: Fixed includes and added basic client creation functionality

* server/proxy: Remove licensing and fix ifndef

* proxy/server: Fix cmake indentation

* server/proxy: Fix licensing

* server/proxy: Forward connection on peer_post_connect

* server/proxy: Fix function signature

* server/proxy: Changed function signature of proxy_client_start

* server/proxy: Now peer_post_connect calls proxy_client_start in a new thread

* pfreerdp.c: Clean up useless comments and logs

* server/proxy: Fix license

* server/proxy: Remove all non-connection related data from proxy_context

* server/proxy: Move Log Tag definition to pf_log.h

* server/proxy: Move context definition to pf_context

* server/proxy: Delete pfreerdp.h

* pfreerdp.c: Move context callbacks to pf_context.c

* server/proxy: Update CMakeLists.txt

* pf_channels: Use new proxy context API

* pf_client: Move context to pf_context

* pf_client.c: Remove unnessecary event handling

* server/proxy: Formatting

* proxy/server: Move server logic to pf_server.c

* server/proxy: Handle client disconnection

* Merge stash

* pf_server.c: Open GFX Connection to client

* server: CMakeLists: build proxy along with other servers

* server: proxy: get target server from rdpNego->RoutingToken

Iv'e omitted a check from  which im not sure is right. Should check in docs

* server/proxy: Handle remote server -> client disconnection

* server/proxy: Move common function  to pf_common.c

* server/proxy: Move common function  to pf_common.c

* rdpgfx.h: Add reference to freerdp.h for rdpContext

* pf_channels: Pipe GFX on channel connection

* server/proxy: Add pf_rdpgfx for proxy gfx callbacks

* pf_client: Declare dynvc and gfx capabilities on connection

* server/proxy: Add graphics callbacks

* server/proxy: Add graphics callbacks

* pf_server: Listen to channel events

* Pass user settings to server

* pf_server: Proxy mouse events

* fixup! server/proxy: Add graphics callbacks

* pf_client: Fix setting initialization

* Merge feat/proxy-gfx to feat/proxy

* pf_server: Fix double freed credentials

* server/proxy: Remove unnecessary call to freerdp_client_settings_parse_command_line

* server/proxy: Refactor re-activation code

* server/proxy: Run format scripts

* server/proxy: Fix segfault when post_disconnect return FALSE

* server/proxy: Refactor proxy_settings_mirror

* server/proxy: Redirect credentials

* server/proxy: move proxy_settings_mirror to pf_common.c

* server/proxy: Redirect desktop_resize event

* pf_client: Remove interactive CLI auth methods

* fixup! server/proxy: Redirect credentials

* server/proxy: Rename proxy_mirror_settings to pf_common_copy_settings

* pf_server.c: Fixed non-freed context

When the disconnection is forced by the target server, the function
`pf_server_handle_client_disconnection` isn't called. Therefore, the
context of the connection between the proxy to tagrget isn't freed.

* fixup! pf_server.c: Fixed non-freed context

* pf_client: Prefix all client methods with pf_client

* pf_context: Add init client to proxy context method

* pf_server: Confirm all GFX caps regardless of settings

* pf_server: Prefix all methods with pf_server

* pf_server: Move variable decleration to start of method

* pf_server: Fix client setting

* pf_server: Fix GFX init method

* pf_server: Move variable decleration to start of methods

* server/proxy: Formatting

* Merge feat/proxy

* pf_server: Proxy synchronize event

* pf_server: Proxy refresh rect update events

* pf_server: Proxy suppress output messages

* server/proxy: Fix licensing

* server/proxy: Move client input callbacks to pf_input

* server/proxy: Move client update callbacks to pf_update

* server/proxy: Fix non-terminated target host string

* Feat/proxy config (#2)

* server/proxy: Add config loading support

* server/proxy: Add config file

* server/proxy: Format code

* server/proxy: Code refactor, rename update_register_callbacks and input_register_callbacks

* server/proxy: Update config file

* server/proxy: Remove config.ini from root directory

* Remove comment from config file

* server/proxy: Fix leak in pf_server_load_config

* server/proxy: Add rdpServerProxy struct and embed it in proxyContext

* server/proxy: Load configuration and pass it inside every proxyContext instance

* server/proxy: Move rdpProxyServer to proxy.h

* server/proxy: Use configuration while proxying input events

* server/proxy: Update CMakeLists

* server/proxy: Refactor pf_input.c

* server/proxy: Add AllowedChannels, DeniedChannels in configuration

* server/proxy: Remove unnecessary variable from parse_channels_from_str

* server/proxy: Update config file

* server/proxy: config: Rename  to

* server/proxy: config: Add mode - blacklist/whitelist

* server/proxy: Refactor, fix NULL deref

* server/proxy: Add license to proxy.h

* server/proxy: Fix newline in pf_config.c

* server/proxy: config: Rename Mode to WhitelistMode

* Add target in config. Add checks for configuration validity (#3)

* Add target in config. Add checks for configuration validity

* Update config file

* libfreerdp: nego: revert commented out check of routingToken length

* pf_server: Fix target host info from RoutingToken

* pf_server: Remove hardcoded lenght of routing token prefix

* Feat/refactor context (#8)

* Refactor main structs

* Update CMakeLists.txt

* pf_server.c: Free pdata at the end of the connection

* Run format scripts

* Rename tf to pc

* Fix licenses

* pf_server: Refactor names of structs and functions

* proxy: gfx: sync caps (#4)

* proxy: gfx: sync caps

* proxy: gfx: sync caps, hook gfx client's OnClose() call and close server resources

* fixup! Feat/refactor context (#8)

* fixup! fixup! Feat/refactor context (#8)

* rdpgfx/client: Fix rdpgfx_recv_caps_confirm_pdu caps set length parsing

* Run format scripts

* proxy config.ini: Change default port to 3389

* pf_rdpgfx: Limit caps version to freerdp's supported versions

* Gfx OnOpen() wait for dynvc ready (#10)

* proxy/gfx: Wait for dynvc ready state before open

* pf_channels: Initialize pc->gfx

* pf_rdpgfx: Add log and fix comments

* rdpgfx: Fix GFX v10.6 PDUs parsing and naming according to the spec

* pf_rdpgfx: Proxy rdpgfx v10.6 PDUs

* gfx client: Publish FrameAck sending and add auto ack flag

* proxy/gfx: Forward frame ack messages

* pf_context: Forward domain on connection

* pf_rdpgfx: Change max supported caps to 10.6

* proxy: Update config

* server/proxy: Use configuration in pf_server_handle_client

* rdpgfx/client: Fix size of surface_to_scaled_window, surface_to_window

* pf_rdpgfx: Fix formatting

* pf_server.c: Fix comments

* Move pf_server_rdpgfx_init to pf_rdpgfx

* server/proxy/CMakeLists.txt: Fix formatting

* pf_client.c: Add comment in proxy_server_reactivate

* Fixed const correctness of gfx function pointer

Signed-off-by: Mati Shabtay <matishabtay@gmail.com>

* server: proxy: update copyright

* server: proxy: wrap rdpNego and add a getter for routing token

* Refactor routing token getter (#14)

* Refactor routing token getter

* pf_server_parse_target_from_routing_token change routing_token_length to be DWORD

* libfreerdp/core/nego.c: Run format script

* pf_server: Run format script

* server/proxy: Fix os msbuild tests

* pf_channels.c: Remove unused channels

* pf_client: Remove unused callbacks

* proxy: Remove encomsp callbacks from proxy's client

* client/rdpgfx_main.c: Fix msbuild test

* pf_config.c: Use StrSep instead of strsep for Windows builds

* Removed nego struct from direct access.

Signed-off-by: Mati Shabtay <matishabtay@gmail.com>

* proxy: Rename binary to freerdp-proxy

* rdpgfx_main.c: Revert unwanted double change to send_supported_caps

* Cleaned up proxy server code.

* All internal functions static
* Added simple command line argument to supply a config file
* Silence compiler warnings

Signed-off-by: kubistika <kmizrachi18@gmail.com>
 2019-05-17 14:32:54 +02:00
Armin Novak
8110c391bf Fixed requested protocol define names according to spec. 2018-12-05 10:55:06 +01:00
Armin Novak
b1d2a4767b Fixed warnings in nego. 2018-12-05 10:55:06 +01:00
Armin Novak
5ca8eca18e Made nego self contained. 2018-12-05 10:55:06 +01:00
David Fort
548025bcc3 nego: add new flags 
Reading the new spec there's some new flags
 2018-10-31 10:43:59 +01:00
Armin Novak
77eb93b4b7 Made internal functions static to help compiler optimize. 2018-07-10 12:21:38 +02:00
Armin Novak
8b9e3fa51e Fixed use of reserved keywords for include guards. 2017-07-20 09:35:41 +02:00
Armin Novak
b2c29158be Scanbuild warning, argument checks and leak fixes. 
* Added Stream_GetRemainingCapacity to check remaining stream size
  before writes.
* Fixed shadow server memory leak.
* Fixed lots of scanbuild warnings
* Added missing argument checks in many functions
* Added missing static function declarations
 2017-03-02 18:13:43 +01:00
Armin Novak
7709542d05 Using C99 compatible variadic macros. 2016-10-07 14:14:56 +02:00
Armin Novak
c7448c03fb Added FREERDP_LOCAL 
CMake 2.8 does not support default visibility on windows.
To allow building tests add the FREERDP_LOCAL define for each
function that is internal to FreeRDP.
When build with testing these functions are exported and available
for use by tests.
 2016-10-06 13:43:09 +02:00
David FORT
6a8d21cab9 Fix server-side protocol negociation 
Before this patch, RDP security was (wrongly) the fallback when negociating a
security protocol between the client and the server. For example when a client
was claiming TLS-only when connecting to a FreeRDP based-server with RDP security only,
the result of the negociation was that the server started to do RDP security.
The expected behaviour is to send a nego failure packet with error code
SSL_NOT_ALLOWED_BY_SERVER. This patch fixes this.

We also try to handle all cases of failed negociation and return the corresponding
error code.
 2015-02-11 21:38:32 +01:00
Marc-André Moreau
e0b0c77ecb libfreerdp-core: improve http parsing 2015-02-02 17:16:32 -05:00
Marc-André Moreau
e4f99834d0 libfreerdp-core: make tsg threadless 2015-02-02 11:50:56 -05:00
Armin Novak
e0139fc4d8 Added nego_disconnect. 2015-01-12 13:44:04 +01:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Hardening
2edd8bee12 Misc fixes to check OOM 2014-04-10 21:10:19 +02:00
Marc-André Moreau
4c920506ed libfreerdp-core: add 'Bypass RD Gateway server for local addresses' feature 2014-03-24 14:44:18 -04:00
Marc-André Moreau
a3d0e271b5 freerdp: add restricted admin option 2013-11-06 01:51:55 -05:00
Marc-André Moreau
3951a6e1c3 channels/rdpgfx: implement basic negotiation 2013-10-21 23:33:25 -04:00
Marc-André Moreau
073c6fb983 libfreerdp-core: fix handling of SSL_CERT_NOT_ON_SERVER 2013-04-12 18:03:56 -04:00
Marc-André Moreau
8c8a82c31f libfreerdp-utils: purge old STREAM utils 2013-03-21 16:45:25 -04:00
Marc-André Moreau
a8201b0d1b libwinpr-utils: combine old and new stream utils 2013-03-21 15:19:33 -04:00
Marc-André Moreau
0fbf846671 libwinpr-sspi: NTLM extended protection cleanup 2013-01-10 11:19:57 -05:00
Marc-André Moreau
811ff44720 libfreerdp-core: change ReceiveCallback return values 2013-01-06 17:24:08 -05:00
Marc-André Moreau
3e7824f393 libfreerdp-core: adding more monitor options 2012-12-13 14:38:02 -05:00
Marc-André Moreau
1a2839a165 libfreerdp-core: rdpSettings refactoring (part 1) 2012-11-07 11:02:46 -05:00
Marc-André Moreau
bd6861cd00 libfreerdp-core: added protocol security negotiation for PROTOCOL_HYBRID_EX, added registry keys to configure cookie length 2012-10-31 20:38:48 -04:00
Marc-André Moreau
37b6f9dd8e libfreerdp-core: improve options for connection cookie 2012-10-25 18:38:51 -04:00
Marc-André Moreau
9d064171a7 freerdp: get rid of old types 2012-10-09 03:26:39 -04:00
Marc-André Moreau
1bf8a45519 freerdp: change uint8, sint8, uint16, sint16 to BYTE, INT8, UINT16, INT16 2012-10-09 03:01:37 -04:00
Marc-André Moreau
1ed644786c freerdp: change boolean type to BOOL type 2012-10-09 02:38:39 -04:00
Marc-André Moreau
e60a092d81 freerdp: fix headers 2012-10-08 23:02:04 -04:00
Marc-André Moreau
6dcc8e73ee libfreerdp-utils: get rid of rdpBlob 2012-09-24 04:40:32 -04:00
Marc-André Moreau
19028a27b0 libfreerdp: move all libraries to libfreerdp directory, one step closer to monolithic build option 2012-08-13 23:19:51 -04:00