A proxy URI was parsed both in the function `proxy_read_environment()` in
`libfreerdp/core/proxy.c` and in the function
`freerdp_client_settings_parse_command_line_arguments()` in
`client/common/cmdline.c`. But only the latter was taking into account
that the URI can contain a user and password, which made it impossible
to use a proxy with authentication by just using an environment
variable like `https_proxy`.
The function `proxy_parse_uri()` in `libfreerdp/core/proxy.c` was
clearly not parsing the optional username and password.
This commit moves the code from `client/common/cmdline.c` to
`libfreerdp/common/settings.c` into a function `proxy_parse_uri()` so
redundant code is avoided. This function is then called in both
instances where a proxy URI is parsed.
Some minor adjustment were made to the code, so the `WLog_INFO()`
statement at the end works in both cases, where credentials were either
provided or not. Also, some error messages were added or clarified.
If the parsing of the environment variable fails, we ignore it entirely
(with a warning) and proceed.
* Early return authenticate if TLS smartcard logon
* Removed obsolete SmartcardPin and unified AuthenticateEx calls
* Remove password-is-pin from command line
The setting is implied by smartcard-logon and only of interest in
server side code, so the setting is useless
* Rework AUTH_SMARTCARD_PIN
Just prompt for PIN and not user/domain if this is requested.
* Fixed a memory leak in nla.c
* Align credentail prompt
* Handle AUTH_NLA & smartcard, just ask for PIN
* Added assertions, removed duplicate password prompt check
* Move smartcard logon after credential prompt
If freerdp_abort_connect is called, set FREERDP_ERROR_CONNECT_CANCELLED
This way freerdp_reconnect can distinguish between network issues and
user interaction and abort a retry attempt.
There was a bug in smartcard listing that was leading to be unable to open a key
with slotId != 0. When any error or skipped item was happening during listing
the code was crashing.
* Fixed SSPI fallback to NTLM
* Fixed wide/ansi mixup
* WITH_GSS fixes
* Move to WinPR as this is not related to FreeRDP
* Add option WITH_GSS_NO_NTLM_FALLBACK to disable NTLM fallback
* Abort NLA if status is SEC_E_NO_CREDENTIALS
* Properly invalidate sspi::SubContext
This patch adds support for authentication when the connection is done
through a HTTP proxy.
It only supports HTTP Basic Authentication (like `curl --proxy`).
It is tested against Apache 2.4.
This PR introduces per channel context so that we can speed up operations like
retrieving the channel name from its id, or knowing what shall be done for a
packet (no config ACL recomputation at each packet).
removed no more actually used count property of BITMAP_UPDATE struct,
fixed allocating twice as memory for its rectangles - as of refactoring
at e5767f07 BITMAP_UPDATE struct is reused no more
The settings have double meaning:
* Setting the default in client preconnect callback can disable
announcement of a flag to the server regardless of support
* If set it is overridden with the value the server supports
It's possible that FreeRDP was built against FFmpeg, but it doesn't support
H.264. In that case, just continue without H.264 support instead of failing
hard before even trying to connect.
This is especially useful for Linux distributions which can't ship H.264
support in FFmpeg out of the box (patent issues), but allow enabling H.264
later by installing a version of FFmpeg which has it enabled.
When uploading large ICON (96x96), we end up growing the stream
mid-update. Stream_EnsureCapacity end up reallocating the stream
with a larger capacity to accomodate the large ICON size, but in
doing so, also updating the sealed length for the data currently in
the stream. This breaks the assumption between update_begin_paint
and update_end_paint where the sealed lenght is used to keep track
of the location where we need to update the orders counts after
we're done accumulating update. As a result of the growth and lost
of that location, the number of orders is written to the wrong
location and the resulting stream is invalid which result in a
protocol violation and a connection drop.
The current fix uses a new offsetOrder in the update object to
keep track of where update_end_paint needs to write the number
of orders contained. I think a better fix would be for
Stream_EnsureCapacity to preserve the sealead length of the
stream on growth, but this has a much more significant impact and
careful analysis needs to be done to ensure this doesn't violate
other assumption. Need to follow up with FreeRDP developer to get
their take on this one.
This commit add support for connection over HyperV socket (hvsock) which are
used in scenario like WSLg on Windows. hvsock requires accept and close
to monitor in addition to read. Also mark hvsock connection as local.
mstsc/msrdc includes an optional correlation info
(RDP_NEG_CORRELATION_INFO) during connection negotiation. This confuses
FreeRDP which interpret this as a cookie and eventually fails the
negotiation, preventing a successful connection to these RDP client.
This commit addresses 3 things.
1) When processing connection token or cookie, skip if the remaining
bytes are neither.
2) After processing the RDP_NEG_REQ info, skip the optional correlation
info (RDP_NEG_CORRELATION_INFO) if one is present.
3) Allow local connection without server certificate when the client
inherently trust the server.
* All channels inheriting from RDPDR_DRIVE base struct
* Add functions to create/free a new device of a type
* Fixed settings array resize code, prevent 0 sizes
* Properly initialize the stream buffer
* Add Stream_StaticConstInit accepting a const buffer
* Modify API to return a pointer to the stream initialized
* Added checks for bitmap width and heigth values
Data received from the server might have invalid values for bitmap
with or height. Abort parsing if such a value is found.
Reported by Sunglin from the Knownsec 404 team & 0103 sec team
* Added checks for glyph width & height
* Do length/capacity checks in every read/write/seek function
if WINPR_ASSERT is defined.
* Ensure s->pointer is valid, e.g. within s->buffer + s->capacity
(Stream_Rewind, Stream_Seek, ...)
* Add return values to Stream_Set* functions so inalid arguments
can be reported to the caller
* Deprecated problematic stream manipulation functions
(Stream_SetBuffer, Stream_SetPointer, Stream_SetCapacity)
* Ensure length/capacity functions never return a value larger
than the actual length/capacity
* Added transport_get_context to get rdpContext in IO callbacks.
* Added WINPR_ASSERT where possible.
* Fixed handle count mismatch in transport_get_event_handles
* Split out proxy headers and moved to public API to allow external
modules to be built.
* Split proxy into proxy library and proxy binary. The library
can be used by other applications and provides a simple API
* Improved channel passthrough, now all channels including dynamic
channels work.
* Extended module API to hook more events, improved module samples
* Cleaned up proxy code, removed global static variables used,
added WINPR_ASSERT
When using NLA with a NULL identity (in AcquireCredentialsHandle) on
Windows the client sends the first NLA package with cbBuffer set to 0.
In that case the client currently incorrectly kills the connection. With
this PR the check is removed and the client correctly connects to the server.
* Added transport_get_context to get rdpContext in IO callbacks.
* Added WINPR_ASSERT where possible.
* Fixed handle count mismatch in transport_get_event_handles
* Use freerdp_settings_* for shadow and sample server
* Added freerdp_peer_set_local_and_hostname
* Code cleanups and WINPR_ASSERT
* Code cleanups
* Use CHANNEL_NAME_LEN where appropriate
* Use temporary variables in loop instead of direct array access
