Some RDP servers start sending graphics updates too early for us to
process. This triggered a bug that at that point the EndPaint callback
is not available, as the connection is not fully established.
When some channels are filtered, some misalignement of channel ids could happen.
This patch keeps track of the back and front channel ids to correctly identify a
channel and send packets with the correct channel id.
Without the patch, we parse more packets and the calling code doesn't have the
opportunity to invoke PostConnect callback (make the connection not work in the proxy)
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
RDP security is rarely used nowadays, but there have been reports about
situations where the encryption key is missing.
Add this check to properly terminate the connection in case of such an
unexpected event.
In nla_decode_ts_request the input stream position was not advanced.
This lead to issues when testing proper input data processing in the
client receive state callback
This PR fixes an issue where user credentials were lost when connecting
to a farm that redirects the client.
During a redirect the connection settings were overriden by the settings
stored in `rdp->originalSettings`. However these settings miss any
credentials the user provides during the connection phase, thus causing
another authentication prompt to appear.
With the latest client changes the internal event loop requires a handle
to wait on. Add a new function to (re)set the newly added transport event handle.
Autodetect packets can be transported either in TCP TPKT packets or be contained
in multi-transport subheaders (transported on UDP). These changes do the appropriate
modifications so that in further developments we can take the transport type in account
when treating / writing these packets.
list_provider_keys() returns a Boolean, true == success. But
smartcard_hw_enumerateCerts() expects the return value on success to
be ERROR_SUCCESS == 0, and so inverts success/failure.
Up to this commit the client and server state machine handling used
different return values for state machine changes.
This is fixed with this commit:
* Use common enum return values
* Use common helper functions
It seems MS RDG 2016+ does not send a http status code if
something with the request or configuration is not ok. It is worth
retrying with rpc in that case
When transitioning from CONNECTION_STATE_FINALIZATION_FONT_LIST to
CONNECTION_STATE_ACTIVE we must return a value > 0 so that the
state machine can properly initialize the new state.
The demand active state might be called when receiving data from the
client during initial connection phase or might be triggered server
side after sending a deactivate all pdu
* Adds a new callback and settings in gdiGfxSurface to allow updating
a window directly from surface bitmap data
* Adds new BOOL in gdiGfxSurface windowMapped and
handleInUpdateSurfaceArea to control where surface data update is
being handled
The old code was looping with blindly checking for transport events, and then
sleep for 100 ms. It was doing that until the connection is established or
the timeout expired.
The new version polls the transport's events, potentially not having many 100 ms
waits.
* Add new settings for OrderSupportFlags, OrderSupportFlagsEx,
TerminalDescriptor and TextANSICodePage
* Add proper read/write routines for the new settings
* Add proper default values for the new settings
* Add new settings for previously ignored capability options
* Store raw capability data in settings for later use
* Add function to extract settings from raw capability data
* Split capability read/write from client/server logic (e.g. enforce
limits, ...)
Gateway code was passing a char string as the package name to
`credssp_auth_init`. When using Unicode builds this fails since
`QuerySecurityPackageInfo` expects a wchar string.
Additionally with unicode builds, `credssp_auth_pkg_name` causes string
type mismatches in the gateway code where a char string is expected.
Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:
* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
This PR fixes following issues with server-side NLA authentication:
- The client nonce should only be sent by the client
- The final stage in the nego token exchange checked the negoToken
buffer for data. Instead the corresponding credssp API is now used
which checks the correct buffer (output_buffer).
- The negoToken buffer needs to be cleared before sending the public key
echo. In some cases the buffer was not empty and incorrectly was part
of the response to the client.
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.
It also add debug statement for the listing of smartcard keys / certs.
This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
* New defines for 10.8, 10.9, 10.10, 10.11 protocol versions
* New function returning a string representation of the protocol version
* Use 10.11 by default now
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
input buffer an takes ownership of that buffer
