Commit Graph

2408 Commits

Author SHA1 Message Date
Armin Novak
50ce5b834d [core,server] warn if cert not RDP security compatible 2023-03-28 17:19:03 +02:00
David Fort
b7b46b8123 [codecs] make progressive honor threading flags
Progressive codec was not honoring the threading flags in settings like does
remoteFX, so even when no multiple threads decoding was asked, progressive was
using multiple threads anyway. This patch fixes it.
2023-03-20 15:32:28 +01:00
akallabeth
a5b42f0f84 [includes] untangled circular includes 2023-03-15 08:22:23 +01:00
akallabeth
61779694ee [includes] improved c++ guards 2023-03-15 08:22:23 +01:00
akallabeth
7e44d447f0 [documentation] document Authenticate and AuthenticateEx 2023-03-13 09:36:07 +01:00
Armin Novak
e9bc54e8b7 [core] improve logging in freerdp_set_last_error 2023-03-13 09:36:07 +01:00
Marc-André Moreau
b34bad2b50 fix and improve cJSON detection 2023-03-11 08:20:10 +01:00
fifthdegree
7f54770fd0 fixup! Implement support for RDS AAD 2023-03-10 16:38:07 +01:00
akallabeth
157d71e802 [core,aad] migrate to cJSON parser library 2023-03-10 16:38:07 +01:00
akallabeth
f5423caace [auth,aad] add freerdp* argument to callback 2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
fifthdegree
5df4d4c934 Implement a basic JSON parser 2023-03-10 16:38:07 +01:00
fifthdegree
8d6c92c037 Implement base64url encoding/decoding
Tweak the base64 functions to allow for encoding and decoding base64url
as well
2023-03-10 16:38:07 +01:00
Martin Fleisz
093bf79837 common:: Fix const issues with current rdp file API 2023-03-08 14:08:34 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Armin Novak
1bf0bb1a26 [server] fixed build without CHANNEL_AUDIN_SERVER 2023-03-06 21:46:51 +01:00
Armin Novak
7722961fcc [client,common] simplify file clipboard API 2023-03-05 17:55:28 +01:00
Armin Novak
bfea14a5b1 [cliprdr] deactivate local file paste if not supported
if the file clipboard was compiled without FUSE do not announce the
availability.
2023-03-05 17:55:28 +01:00
Armin Novak
39c06a4683 [client,common] fix file copy client to server 2023-03-05 17:55:28 +01:00
Armin Novak
60998a62b4 [utils] added FILEDESCRIPTORW read/write routines 2023-03-05 17:55:28 +01:00
Armin Novak
ba128f4661 [client] move file clipboard to client common 2023-03-05 17:55:28 +01:00
Armin Novak
73158a040a [client,common] add warning functions
Added helper functions to inform a user about current state of a client
in use:
* freerdp_client_warn_exeprimental warns about unstable clients
* freerdp_client_warn_deprecated warns about clients to be dropped
2023-03-01 13:45:13 +01:00
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
2023-02-28 15:49:58 +01:00
Armin Novak
acc5e2d301 [client,common] use non blocking IO
when reading from stdin use non blocking IO so that we can check if the
session terminated in between.
2023-02-28 09:47:54 +01:00
Armin Novak
4398126dde [utils,signal] remove terminal reset 2023-02-28 09:47:54 +01:00
akallabeth
b342194d4b [includes] add missing c++ guards 2023-02-27 17:31:52 +01:00
akallabeth
adce7378c3 [core,cache] make protocol caches private
most protocol internal caches do not need to be exposed. this reduces
the public API and allows us to more easily improve/change this during a
release cycle
2023-02-27 17:31:52 +01:00
Marc-André Moreau
3a8dce07ea expose last NLA/CredSSP SSPI error code (freerdp_get_nla_sspi_error) 2023-02-24 13:19:19 -05:00
Armin Novak
3c160ff8b1 [build] remove unused option WITH_DEBUG_X11_CLIPRDR 2023-02-23 20:28:15 +01:00
Armin Novak
f357312584 [utils] term signal cleanup handlers
add functions to register/unregister termination cleanup handlers
2023-02-23 20:28:15 +01:00
Armin Novak
d8d4d044ff [clipboard] cleanup definitions
* remove definitions for clipboard formats that are dynamically registered
* fix length of converted clipboard string
2023-02-23 20:28:15 +01:00
Armin Novak
b8a709ccda [client,x11] fixed file clipboard cache
if files are pasted in different file-browser (or e.g. xclip is used)
the data was retrieved in wrong format.
2023-02-21 16:42:54 +01:00
Armin Novak
68d3bcb99a [clipboard] remove linux specifics from channels/cliprdr.h 2023-02-21 16:42:54 +01:00
akallabeth
2d94ff3f9e [settings] remove obsolete keys
* CertificateFile and CertificateContent are no longer used
* PrivateKeyFile and PrivateKeyContent are no longer used
2023-02-16 10:06:17 +01:00
Armin Novak
25023d3a3a [client,scard] fix missing callback instance arg
every callback requires context, add freerdp* instance just as the
Authenticate et al callbacks already have
2023-02-15 13:34:18 +01:00
Armin Novak
5d97a03bf4 [client] auto intialize callbacks
initialize all message/user query callbacks with client_cli_*
2023-02-15 13:34:18 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
081e187db8 [crypto] add function to determine if RSA is in use 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
b869927407 [proxy,config] extract PEM from config file
* Read a PEM file if provided via config
* Base64 decode if the certificate/private key are provided in the
  config file
2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa [crypto] added PEM file read/write helpers 2023-02-12 20:17:11 +01:00
akallabeth
4499a55f43 [core,smartcardlogon] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
Martin Fleisz
4b9fb8fff9 proxy: Fix NLA to TLS fallback connection
Currently the proxy's TLS fallback if an NLA connection attempt failed
is broken. There are two issues with the current code that this PR
fixes:

- freerdp_reconnect is used which requires an already established
  connection to work correctly. This is not the case since the NLA
  connectin attempt failed. This resulted in a seemingly working TLS
  connection but i.e. channels where missing/not working.
- The fallback connection attempt just altered the NLA security setting
  in the instance's settings. However these settings have been already
  modified by the NLA connection attempt so we need to create a copy of
  the original connection settings before doing the first connect.

The PR also introduces freerdp_reset_context which restores the initial
connection settings for the given instance.
2023-02-09 12:49:47 +01:00
Armin Novak
a7c0a8c5f1 [autodetect] expose AUTODETECT_STATE 2023-02-09 12:34:27 +01:00
Armin Novak
7b140a12c7 [autodetect] add pointer for custom user data 2023-02-09 12:34:27 +01:00
akallabeth
2eda0aa2ea [core,settings] remove unused setting 2023-02-03 11:24:32 +01:00
akallabeth
7c1007b1b6 [core,crypto] removed rsa functions from public API
should only be used internally
2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3 [core] refactor certificate handling
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
  components
* Move all private key and certificate code to certificate.c,
  remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
  to write the certificate data
* Refactor security_establish_keys, use the random values stored in
  settings directly
2023-02-03 11:09:59 +01:00