Armin Novak
c9cebf6ed6
Remember accepted PEM cert to avoid unnecessary user input.
2018-07-10 11:27:58 +02:00
Armin Novak
0d1895e4e7
Fixed async input return value check.
2018-07-09 17:45:50 +02:00
Armin Novak
398da7340b
Added no or missing credentail error.
2018-07-05 16:12:52 +02:00
Armin Novak
8f7dbe5051
Fix #4725 : Need to copy data.
2018-07-05 08:44:42 +02:00
Martin Fleisz
a0fddd1747
Merge pull request #4530 from akallabeth/order_refactor
...
[leak fixes] Refactored order updates
2018-07-04 14:21:36 +02:00
Armin Novak
35cd438eca
Added enum for client connection state.
2018-06-25 09:25:27 +02:00
Armin Novak
e44d10a3e0
Merge remote-tracking branch 'origin/pr/4701' into reconnect_fixes
2018-06-19 12:46:58 +02:00
Armin Novak
273655a850
Follow up fix for #4631
...
Remember the callback state to avoid calling reerdp_channels_post_connect
before the corresponding client callback has benn called.
This might happen during redirection and reconnection.
2018-06-18 10:44:35 +02:00
Pascal J. Bourguignon
15f2bafeab
Cleaned up const char** -> char** for argv, since we definitely do modify the argv!
...
(we overwrite the password and pin arguments).
This implies changes in the argument parsing tests that now must pass a mutable argv
(copied from the statically declared test argvs).
Some other const inconsistency have been dealt with too.
2018-06-06 16:43:09 +02:00
Armin Novak
e1ea441275
Fixed #4629 : Only call freerdp_channels_post_connect when it was connected.
...
In rdp_client_redirect or rdp_client_reconnect freerdp_channels_post_connect must
be called if the channels were connected previously.
This might not be the case, skip that call then.
2018-05-11 10:49:29 +02:00
Martin Fleisz
9c02f1bd17
Merge pull request #4627 from akallabeth/clang_warning_fixes
...
Clang warning fixes
2018-05-04 13:07:01 +02:00
Armin Novak
28ac0ee146
Fixed NULL dereferences.
2018-05-04 12:42:44 +02:00
Armin Novak
46a62aa1a4
Fixed missing NULL pointer checks.
2018-05-04 12:35:51 +02:00
Martin Fleisz
65e329782e
Merge pull request #4624 from akallabeth/pth_fix
...
Fixed /pth: Consistently treat the hash offset to password length.
2018-05-04 11:59:21 +02:00
Armin Novak
069c58a72b
Fixed memory leak.
2018-05-04 11:47:05 +02:00
Armin Novak
458e51eae8
Do not set password to identity if pth is used.
2018-05-04 10:40:55 +02:00
Martin Fleisz
99346d19c6
Merge pull request #4611 from akallabeth/argument_warnings
...
Argument warnings
2018-05-04 10:06:42 +02:00
Armin Novak
b59b0a4425
Added error log messages.
2018-05-04 09:11:41 +02:00
Ashley Davis
ae54f5bded
First person "they" pronouns in logoff message
2018-05-03 12:11:13 -04:00
Armin Novak
5b961e9c75
Fixed /pth: Consistently treat the hash offset to password length.
2018-05-03 17:51:11 +02:00
Armin Novak
d4c98e4e71
Fixed formatting.
2018-05-03 12:30:40 +02:00
Armin Novak
5765e9a422
Fixed #4476 : broken casts/variable sizes for custom BIO calls.
2018-05-03 12:30:40 +02:00
Martin Fleisz
296b19e172
Merge pull request #4596 from p-pautov/rdg_ssl_fixes
...
RDG related fixes for better compatibility with mstsc
2018-05-03 10:23:12 +02:00
akallabeth
2215071b23
Merge pull request #4576 from ccpp/bugfix-rdg-poll
...
Fix polling in RDG
2018-05-02 17:59:10 +02:00
Armin Novak
f631958a08
Fixed argument warning.
2018-05-02 13:08:17 +02:00
Martin Fleisz
31c804c349
Merge pull request #4603 from hardening/socksplus
...
SOCKS5 proxy support
2018-05-02 11:26:13 +02:00
David Fort
0f968b782c
proxy: cleanup SOCKS support and add user/password support
2018-05-02 10:51:16 +02:00
Armin Novak
e0af47d26d
Fixed rebase introduced error.
2018-05-02 09:56:49 +02:00
Jiri Sasek
1ba31551a6
socks proxy reply fix
2018-05-02 09:43:03 +02:00
Armin Novak
f19a17d3ed
Fixed surface bits command cleanup.
2018-05-02 08:54:21 +02:00
Armin Novak
4e66972616
Fixed remaining global order buffers.
2018-05-02 08:54:21 +02:00
Armin Novak
e5767f07ac
Refactored order updates
...
Unified order creation/copy/delete to avoid memory leaks.
2018-05-02 08:54:21 +02:00
David Fort
8cba201999
Merge pull request #4548 from akallabeth/autoreconnect_fix
...
Autoreconnect fix
2018-04-27 09:39:30 +02:00
David Fort
782039c6aa
Merge pull request #4589 from oshogbo/token
...
Recognize only the cookie format anything else treat as token.
2018-04-26 11:59:15 +02:00
p-pautov
fda76349b9
Fix Windows build.
2018-04-26 02:11:04 -07:00
Pavel Pautov
a0019ec79c
Fallback to RDG RPC transport only if server does not support RDG HTTP and
...
error out in other cases - invalid RDG SSL cert, bad credentials, PAA failue, etc.
2018-04-25 18:36:43 -07:00
Christian Plattner
4a19f49878
Fail on unimplemented BIO_ctrl for /gt:rpc
2018-04-24 20:45:52 +02:00
Christian Plattner
4739189cfc
Implement BIO_ctrl more correctly for RDG
...
See #3602
This change is discussed in https://github.com/FreeRDP/FreeRDP/pull/4576#pullrequestreview-113381733
2018-04-24 16:47:33 +02:00
Mariusz Zaborski
6515453886
Recognize only the cookie format anything else treat as token.
...
If in the RDP file we will set loadbalanceinfo.
Instead of getting the cookie value we will get load balance info.
For example:
0000 03 00 00 2a 25 e0 00 00 00 00 00 74 73 76 3a 2f ...*%......tsv:/
0010 2f 56 4d 52 65 73 6f 75 72 63 65 2e 31 2e 41 48 /VMResource.1.AH
0020 0d 0a 01 00 08 00 0b 00 00 00 ..........
The MSFT-SDLBTS document don't describe this behavior.
For this reason lets treat the token as anything ended with seqance
CR and CL. To be honest we already did that because in the core/connection.c
file where we are seting the routing_token to the LoadBalanceInfo.
2018-04-24 15:00:00 +02:00
Mariusz Zaborski
b9ddf2046c
Fix comments where is cookie and where is token.
2018-04-24 14:34:45 +02:00
Jiri Sasek
b1c1549ad1
SOCKS proxy support
2018-04-23 21:01:01 +02:00
Christian Plattner
a15644365e
Fix BIO_get_fd for RDG, again.
2018-04-18 21:50:47 +02:00
Christian Plattner
f9d036a874
Fix #3602 by implementing BIO_get_fd correctly for RDG
2018-04-18 10:47:06 +02:00
Pavel Pautov
c866923897
Avoid buffer to struct cast.
2018-04-16 19:06:16 -07:00
Pavel Pautov
8fc0ea7199
Send correct packet size in case of PAA. Some cleanup.
2018-04-16 19:06:16 -07:00
Pavel Pautov
bbee19ced2
Content-Length and Transfer-Encoding are mutually exclusive.
2018-04-16 19:06:16 -07:00
Pavel Pautov
ec42228b2a
Consolidate IN/OUT data connections establishment into common function and clean up related code.
2018-04-16 19:06:16 -07:00
Pavel Pautov
00256bba1d
Move NTLM auth related code into dedicated functions.
2018-04-16 19:06:16 -07:00
Pavel Pautov
269dec6377
Consolidate rdg_tls_out_connect/rdg_tls_in_connect into single function. This also fixes connections to RDG server via proxy.
2018-04-16 19:06:13 -07:00
Pavel Pautov
e639e2caf3
Removed unused "readEvent" - no one checks if it was set.
...
Removed needless rdg_check_event_handles declaration.
2018-04-16 16:05:40 -07:00
Pavel Pautov
1530bcf916
Consolidate rdg_send_in_channel_request/rdg_send_out_channel_request into single function.
2018-04-16 16:05:40 -07:00
Pavel Pautov
0fbf8f8957
Explicitly skip "seed" payload on RDG OUT connection, to avoid issues when it's split over several SSL records.
2018-04-16 16:05:40 -07:00
Pavel Pautov
44cb710496
Moved some repeated "read all" code into function.
2018-04-16 16:05:40 -07:00
Armin Novak
1feca7768e
Fixed redirection with session brokers.
...
* Only reconnect channels on redirect, if they have already been connected.
* Prefer TargetNetAddress over FQDN to connect.
2018-04-16 16:46:48 +02:00
Martin Fleisz
855af9e941
Merge pull request #4557 from akallabeth/connect_error_fix
...
Set connection error if TCP connect fails.
2018-04-12 12:10:56 +02:00
David Fort
14cce798e8
Merge pull request #4544 from oshogbo/nSize
...
Don't restrict the hostname size.
2018-04-12 11:11:57 +02:00
Armin Novak
685f5a8d20
Do not clear last error if not reconnecting.
2018-04-11 10:06:11 +02:00
Armin Novak
2fc31fcb37
Set connection error if TCP connect fails.
2018-04-11 09:09:23 +02:00
Andre Esteve
d240069b5e
Gateway (RDG) use same IP for both channels
2018-04-10 20:59:33 -07:00
akallabeth
09c766cdeb
Merge pull request #4551 from oshogbo/nego_0
...
Fix setting of negotiated security protocol.
2018-04-09 19:00:48 +02:00
Mariusz Zaborski
480abdde91
Fix setting of negotiated security protocol.
...
PROTOCOL_RDP is equals 0 so if we and it with anything is still 0.
Correct way of doing it is to compare two values.
2018-04-09 17:14:37 +02:00
Bernhard Miklautz
e818dd5679
Merge pull request #4549 from oshogbo/krb
...
Fix checking of krb in encrypt public key echo.
2018-04-09 16:26:18 +02:00
Mariusz Zaborski
dc2c826edd
Fix checking of krb in encrypt public key echo.
...
In commit 0e1a073384
there was a mistake -
originally code said different then kerberos. Because of that NLA authentication
of server side didn't work for me.
2018-04-09 15:09:38 +02:00
Armin Novak
7af9ba9171
Refactored reconnect and redirect API
...
Reconnect and redirect share the same code on disconnect.
Move that to a single function and export it as it may be required
to terminate the session properly before reconnect is called.
2018-04-09 14:04:30 +02:00
Armin Novak
0a7691de58
Fixed channel (dis)connect on redirect or reconnect.
2018-04-09 11:26:12 +02:00
Armin Novak
1698a54b04
Removed unnecessarty string duplications.
2018-04-09 11:26:05 +02:00
Mariusz Zaborski
00374382d9
There is no reason to restrict nSize to 2 the hostname can be empty on
...
UNIX-like machines.
2018-04-06 21:07:51 +02:00
Armin Novak
3762e06714
Fixed RDP debug message invalid function.
2018-04-06 11:34:24 +02:00
Armin Novak
26d9957608
Fix pointer type mismatch struct sockaddr_storage* and struct sockaddr*
2018-04-05 10:47:50 +02:00
MartinHaimberger
a9ecd6a6cc
Merge pull request #4535 from akallabeth/warning_fixes
...
Warning fixes
2018-04-05 10:20:43 +02:00
MartinHaimberger
0af63d4c6f
Merge pull request #4481 from akallabeth/fastpath_fix
...
Fastpath uncompressed length issue
2018-04-05 10:17:51 +02:00
Martin Fleisz
ff8b2c1b0e
core: Fix IPv6 handling on Windows
...
On Windows the sockaddr struct is smaller than sockaddr_in6.
This causes getsockname to fail because the buffer is too small.
The new code uses sockaddr_storage which should be large enough to
hold any supported protocol address structure.
See: http://pubs.opengroup.org/onlinepubs/009696699/basedefs/sys/socket.h.html
2018-04-04 17:19:18 +02:00
Armin Novak
e47d7eb968
Simplified fastpath buffer handling.
2018-04-04 13:24:43 +02:00
Armin Novak
f840150a54
Fixed missing return value checks.
2018-04-04 13:24:32 +02:00
Armin Novak
3f1ef0efc6
Removed unnecessary range check.
2018-04-04 10:45:32 +02:00
Martin Fleisz
edce38613a
Merge pull request #4529 from akallabeth/wlog_cleanup_fix
...
Fix #4524 : Initialize with cleanup handler
2018-04-04 09:32:46 +02:00
Armin Novak
e0d112d548
Removed all calls to WLog_Init and WLog_Uninit
...
Since the calls are no longer required remove their usage.
2018-04-03 13:06:41 +02:00
Martin Fleisz
5c59b5f2b8
cssp: Fix handling of nonce
2018-03-29 21:42:14 +02:00
Martin Fleisz
eb1f693fc4
cssp: Separate client/server version handling ( #4502 )
2018-03-23 12:12:08 +01:00
Martin Fleisz
e9ba4b58ec
cssp: Fix warnings ( #4503 )
2018-03-21 12:57:58 +01:00
Martin Fleisz
8df96364f2
cssp: Add support for protocol version 6
2018-03-20 10:37:38 +01:00
Bernhard Miklautz
e7ae3f6bab
fix nla: don't use server version
...
FreeRDP currently only supports CredSSP protocol version 3. However the
current implementation always sent back the version received by the
server indicating that this version was supported.
With recent windows updates applied the protocol changed and this approach
doesn't work anymore (see
https://msdn.microsoft.com/en-us/library/mt752485.aspx for protocol changes).
With this fix FreeRDP always sends version 3 as supported version.
Credit goes to @mfleisz.
Fixes #4449
2018-03-14 14:04:56 +01:00
Armin Novak
2517755d25
Fixed thread function return and parameters.
2018-03-07 14:36:55 +01:00
akallabeth
dd538ccd4b
Merge pull request #4470 from mfleisz/misc_fixes
...
Various fixes after running VS 2017 code analysis
2018-03-07 14:05:22 +01:00
Martin Fleisz
811406382d
core: Fix possible out-of-bounds read
2018-03-06 15:52:34 +01:00
Martin Fleisz
07f05c5cb3
nla: Add NULL pointer check
2018-03-06 15:39:03 +01:00
Armin Novak
a419677e8f
Fix invalid handle offset.
2018-03-06 13:58:40 +01:00
Armin Novak
1f7d33a2f2
Fixed read/write of surface bits command.
...
The optional field exBitmapDataHeader of TS_ BITMAP_DATA_EX was ignored.
Read and expose the data (currently unused)
2018-03-01 11:38:59 +01:00
Jacco Braat
2af67baea3
Modified RDG connection setup using PAA Cookie.
...
Skip NTLM auth on the IN/OUT channels. Add PAACookie to TUNNEL_CREATE.
2018-02-15 10:56:58 +01:00
Jacco Braat
b592684734
Added to rdp file parsing: gatewayaccesstoken:s:<token>
...
Added to commandline parsing: /gat:<token>
Added GatewayAccessToken to sings
2018-02-15 10:56:57 +01:00
Armin Novak
92c62b1dbf
Fixed #4436 : double free of http response.
...
Fixed #4436 : reset of token split.
2018-02-14 14:29:08 +01:00
Armin Novak
990b8c23a9
Fixed PubSub function pointer casts.
2018-02-14 11:00:52 +01:00
David Fort
6e5d86f332
http: fix compilation with valgrind memcheck helpers
2018-02-14 10:16:38 +01:00
Bernhard Miklautz
8566021a1c
Merge pull request #4425 from akallabeth/windows_nego_fix
...
Fixed windows unicode authentication.
2018-02-13 15:26:44 +01:00
Martin Fleisz
b8599b08f2
Merge pull request #4364 from akallabeth/gateway_refactor
...
Gateway refactor
2018-02-13 13:48:45 +01:00
Armin Novak
53d2150e00
Fixed windows unicode authentication.
2018-02-13 11:29:56 +01:00
Armin Novak
2cf10cc359
bitmap free now always deallocating all resources.
2018-02-13 10:18:43 +01:00
Armin Novak
8c7fe93cc6
Added client channel queue object free function.
2018-02-09 11:04:31 +01:00
Armin Novak
78de329f1f
Fixed IPv4/IPv6 to string
2018-02-08 17:26:31 +01:00
Norbert Federa
46f03d5e78
disabled expensive debug call in channel send
2018-01-31 12:44:45 +01:00
Armin Novak
e1c00b878d
Fixes argument size type, function static where appropriate.
2018-01-19 09:15:26 +01:00
Armin Novak
29f2d2d9bb
Fixed missing packageName setup in server NLA
2018-01-17 09:09:58 +01:00
Armin Novak
0e1a073384
Simplified package name comparisons.
2018-01-17 08:18:45 +01:00
Armin Novak
dc3d536398
Changed length arguments and return to size_t
2018-01-17 08:14:06 +01:00
Armin Novak
20b4b286f0
Fixed strtoull not supported on windows.
2018-01-16 08:15:34 +01:00
Armin Novak
a49a2299b1
Refactored http parser
...
* Using single buffer for all data
* Added response size limit of 64MiB
* Fixed various memory leaks
2018-01-15 16:51:33 +01:00
Armin Novak
c3f008c36c
Functions static where appropriate.
2018-01-15 13:22:01 +01:00
Armin Novak
59e8b67287
Fixed broken #ifdef
2018-01-15 10:18:03 +01:00
Armin Novak
97cc55deec
Fixed bitmap capability debug.
2018-01-12 09:22:08 +01:00
David Fort
e1cc601963
Merge pull request #4323 from akallabeth/scanbuild_fixes
...
Scanbuild and other warnings fixed
2018-01-08 11:16:21 +01:00
akallabeth
4077d55a6c
Merge pull request #4332 from hardening/xrandr_and_fixes
...
Xrandr and fixes
2018-01-08 09:20:56 +01:00
David Fort
191b8f950f
Fix for #4330
...
Since ec027bf
dynamic resolution is broken when used with egfx. Before that commit
we were tracking a server sent resize by setting a DesktopResize callback. This callback
is called when the desktop is resized by the server. Anyway the problem was that when this
callback is called, the activation sequence is not always completed, which were leading to
some freeze with 2012r2 servers (sending packets before the sequence is finished).
So with the faulty commit, we are tracking server resizes by subscribing to the Actived
event, that is called at the end of a reactivation sequence, so we're sure to not send packets
when not fully activated.
Anyway the issue that shows on (#4330 ) is that when you use egfx, no reactivation sequence happens,
the server only sends a ResetGraphics message with the new size, and so we miss the resized event.
This fix introduces a new GraphicsReset event, makes the display channel subscribe to that event,
and react accordingly.
2017-12-23 13:50:54 +01:00
Armin Novak
c60c355a9d
Added ROP to primary order debug message.
2017-12-22 10:37:04 +01:00
Armin Novak
e4766c656e
Fixed missing initialization warnings.
2017-12-21 11:04:32 +01:00
Armin Novak
6a21bdae3d
Fixed various scanbuild warnings.
2017-12-21 09:34:35 +01:00
akallabeth
e3e65734e8
Merge pull request #4303 from krisztian-kovacs-balabit/use-redirection-password
...
Use redirection password
2017-12-20 17:01:58 +01:00
Martin Fleisz
80a49f46dc
Merge pull request #4320 from ondrejholy/coverity-fixes
...
Coverity Scan fixes
2017-12-20 14:17:20 +01:00
Martin Fleisz
ec027bf46c
Merge pull request #4318 from hardening/display_improvement
...
Dynamic resolution improvements
2017-12-20 13:43:22 +01:00
Martin Fleisz
bfe8359b5b
Merge pull request #4239 from akallabeth/test_memleak_fixes
...
Test memleak fixes
2017-12-20 12:38:38 +01:00
David Fort
2a6c9e1b87
Add an activated event and a Timer event
...
Added an event that is triggered when the activation sequence is finished.
We also define a timer event that is neat to have for regular operation.
2017-12-19 15:21:15 +01:00
Ondrej Holy
4791970c09
core: Remove redundant stream position changes
...
Stream_Seek() is used, but consequently Stream_SetPosition() is used
for position obtained by Stream_GetPosition() immediatelly before
Stream_Seek(). Let's remove this stream position changes due to its
redundancy.
2017-12-19 13:02:55 +01:00
Ondrej Holy
0389cb129e
core: Fix array overrunning during FIPS keys generation
...
p is 20 and r is 1 in the last iteration of fips_expand_key_bits,
which means that buf[21] is read (of BYTE buf[21];). However,
the value is not needed, because it is consequently discarded by
"c & 0xfe" statement. Let's do not read buf[p + 1] when r is 1
to avoid this.
2017-12-19 10:29:16 +01:00
Armin Novak
7305828122
Fix #4239 : Various memory leaks
...
* Fixed all tests, now can be run with -DWITH_ADDRESS_SANITIZER=ON compiled.
* Enabled address sanitizer for nightly builds.
2017-12-12 11:40:48 +01:00
David Fort
41823080f9
Fix users of Stream_GetPosition() that returns size_t
2017-12-11 22:38:58 +01:00
David Fort
11ee81be60
Fix XRandr for old systems and MacOSX
...
We need a recent enough version of XRandr to correctly detect monitor.
Also this patch adds some typo or style fixes.
2017-12-08 10:59:38 +01:00
KOVACS Krisztian
7f5f40d392
core/nla: use RedirectionPassword if set in settings
...
Previously, the code prompted for the password even if a RedirectionPassword
was provided.
With this change the prompt is only shown if both settins->Password and
settings->RedirectionPassword is absent.
2017-12-06 16:32:56 +01:00
KOVACS Krisztian
6518e36c70
Revert "core/connection: use redirection password when reconnecting"
...
This reverts commit 70c65e70d1
.
2017-12-06 14:58:34 +01:00
David Fort
cf33966f2e
Merge pull request #4282 from akallabeth/force_ipv6
...
Fix #4281 : Added option to prefer IPv6 over IPv4
2017-11-28 10:48:53 +01:00
Armin Novak
3e4c274cc9
Fixed channel count exceed checks
...
The check aborted on CHANNEL_MAX_COUNT - 1 instead
of correctly at CHANNEL_MAX_COUNT
2017-11-28 09:40:04 +01:00
David Fort
2f4a2f8595
Merge pull request #4272 from akallabeth/static_channel_checks
...
Fix #3378 : 31 static channels are supported.
2017-11-27 22:46:23 +01:00
Armin Novak
2cc64298f2
Fix #4281 : Added option to prefer IPv6 over IPv4
2017-11-27 11:43:54 +01:00
Armin Novak
377bfeb227
Fix #3378 : 31 static channels are supported.
2017-11-23 16:18:44 +01:00
Armin Novak
f68bc07a22
Fixed return value check for callbacks.
2017-11-23 15:10:42 +01:00
akallabeth
71e38a4ce7
Merge pull request #4267 from ondrejholy/autofips
...
Enable FIPS mode automatically
2017-11-23 10:49:15 +01:00
Ondrej Holy
74bbbdb5c3
Remove unused variable
...
Unused variable was added together with FIPS mode support, let's remove it.
2017-11-23 10:09:17 +01:00
Ondrej Holy
6973b14eed
Enable FIPS mode automatically
...
FreeRDP aborts if OpenSSL operates in FIPS mode and +fipsmode is not
manually specified. Let's prevent the abortion and enable the necessary
options in that case automatically.
2017-11-23 10:09:17 +01:00
David Fort
a834ef8243
Merge pull request #4251 from akallabeth/openssl_warn_fixes
...
Fix #4247 : warnings introduced with #3904
2017-11-23 09:22:02 +01:00
cedrozor
49f4b2a42e
Fixed NLA for Negotiate and NTLM authentication (regression due to the recent addition of kerberos support)
2017-11-21 16:36:47 +01:00
Armin Novak
a376656b3c
Disabled ceritficate signature check.
2017-11-21 11:37:42 +01:00
Armin Novak
4fe12b0ea3
Fix #4247 : warnings introduced with #3904
2017-11-20 10:18:15 +01:00
akallabeth
b156b937fe
Merge pull request #3904 from bjcollins/master
...
FIPS Mode support for xfreerdp
2017-11-17 13:31:43 +01:00
Martin Fleisz
4ff1251488
Merge pull request #4236 from akallabeth/scan_fix_remastered
...
Scanbuild warning fixes
2017-11-17 13:02:46 +01:00
Brent Collins
9ca9df1ead
Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override
...
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
2017-11-17 12:43:07 +01:00
Brent Collins
e47123f05a
Do not initialize SSL in freerdp_context_new, it is too early to detect the fips enabled flag
...
and is redundant since it is initialized later before actually using SSL.
2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63
Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues.
2017-11-17 12:43:07 +01:00
Brent Collins
d98b88642b
Add new command-line option to force xfreerdp into a fips compliant mode.
...
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.
Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.
Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.
Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.
Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Armin Novak
bd7e4cd35a
Fixed uninitialized variables.
2017-11-15 15:56:25 +01:00
Armin Novak
032c0164d1
Fixed missing error check.
2017-11-15 15:56:25 +01:00
Armin Novak
99f6c27488
Fixed uninitialized arguments.
2017-11-15 15:56:25 +01:00
Armin Novak
4eb5b8e349
Replaced atoi
2017-11-15 15:52:16 +01:00
David Fort
7bbc3cb8b7
Fix logic in nla_read_ts_credentials
2017-11-13 16:20:57 +01:00
dodo040
e0a9999fb2
fix: GSS API init, enterprise name management, variable names and format code
2017-11-13 16:20:56 +01:00
dodo040
0a3c61d305
fix undefined symbol references at linking stage
2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e
initial commit for kerberos support
2017-11-13 16:20:55 +01:00
akallabeth
fcc9419922
Merge pull request #4225 from krisztian-kovacs-balabit/use-redirection-pdu-password-on-reconnect
...
core/connection: use redirection password when reconnecting
2017-11-10 09:32:39 +01:00
KOVACS Krisztian
c13c9035eb
libfreerdp/core/certificate: open key file for reading only
...
There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
2017-11-09 16:54:22 +01:00
KOVACS Krisztian
70c65e70d1
core/connection: use redirection password when reconnecting
...
According to MS-RDPBCGR the server might send a password in the Redirection PDU
that then must be sent by the client to the server as password.
Since the field either contains a password string (unicode) or a binary cookie,
we try to convert the password from unicode and use it only if conversion
succeeds.
2017-11-09 14:46:38 +01:00
Martin Fleisz
d5344c3396
Merge pull request #4219 from akallabeth/various_fixes
...
Various fixes
2017-11-09 09:37:18 +01:00
Martin Fleisz
ed1934cafe
Merge pull request #4211 from akallabeth/silence_duplicate_warnings
...
Silence WLog_ERR messages if last error is set.
2017-11-08 13:34:26 +01:00
Armin Novak
b86c0ba548
Fixed NLA default error to FREERDP_ERROR_AUTHENTICATION_FAILED
2017-11-08 11:32:34 +01:00
David Fort
b216e91cdd
Merge pull request #4210 from akallabeth/nla_errors_extended
...
Added additional NLA error mappings.
2017-11-06 14:23:50 +01:00
Armin Novak
ce00f4dd8f
Silence WLog_ERR messages if last error is set.
2017-11-06 14:02:22 +01:00
akallabeth
e7b8833e9e
Merge pull request #4187 from hardening/multimon_fix
...
Multimonitor fix
2017-11-06 10:02:07 +01:00
Armin Novak
7a73a0eb1b
Added additional NLA error mappings.
2017-11-06 09:49:03 +01:00
Youness Alaoui
02e4f1f256
Do not delete the listener socket right after creating it.
...
The listener server socket file needs to be deleted before we bind it
otherwise it's an "address already in use" error. But it was getting
deleted after the bind, causing the file to disappear, and preventing
anyone from connecting to the listener socket since the socket stops
existing.
This is caused by commit 884e87fde4
2017-10-27 15:01:29 -04:00
Armin Novak
367bddd7ad
Added better error mapping for NEGO results.
2017-10-25 09:58:13 +02:00
David Fort
f90fe19fc7
multimon: correctly set the primary monitor
...
According to the spec the primary monitor is supposed to be in (0,0) and other monitors
to be given relative to this one.
2017-10-17 14:07:23 +02:00
David Fort
a132922376
Add checks for DR channel
2017-10-04 10:30:47 +02:00
akallabeth
e6d66d9d81
Merge pull request #4154 from hardening/misc_fixes
...
Fix raw surfaces displaying + misc other changes
2017-09-27 14:56:21 +02:00
Bernhard Miklautz
15c7cb8cb2
Enable clipboard channel per default
2017-09-27 09:45:07 +02:00
David Fort
ddca8f3a3b
Check return value of malloc
2017-09-26 13:56:08 +02:00
Armin Novak
9f26f73709
Added delay for connect abort
...
The connection abort must be called after freerdp_connect.
Ensure that this function is already running by waiting
a second.
2017-09-26 12:05:24 +02:00
Armin Novak
ef9444bd35
TestConnect: Extend timeout, only listen locally
2017-09-26 10:59:34 +02:00
Armin Novak
ac454628ae
Fixed TestConnect with dynamic channels.
2017-09-25 13:34:00 +02:00
Armin Novak
884e87fde4
Unlink file after binding to it.
...
When unlinking the file before binding, a new entry is created
in the file system after binding. This is not desireable, so
unlink it after binding to remove the temporary file after the process
closes.
2017-09-25 10:35:24 +02:00
Jukka-Pekka Virtanen
ad1425e145
Using PasswordIsSmartcardPin option when sending TS_INFO_PACKET
2017-09-23 14:28:17 +02:00
David Fort
b587daa416
Merge pull request #4136 from tditsch/master
...
Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION
2017-09-22 09:52:27 +02:00
Armin Novak
bdae339268
Check and invalidate handles on free.
2017-09-19 12:36:13 +02:00
tditsch
a16d9a2ade
refactored Bugfix
2017-09-19 10:18:41 +02:00
tditsch
feca6d9750
Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION
2017-09-18 17:29:16 +02:00
Ondrej Holy
9cccd4888d
orders: Fix OFFSCREEN_DELETE_LIST allocation size
...
The size of OFFSCREEN_DELETE_LIST list allocation was incorrectly changed
by commit 99b1481
and consequently fixed incorrectly by commit 8a0fe086
.
Let's count the allocation size based on new size and not based on current
size in order to prevent some memory issues.
https://github.com/FreeRDP/FreeRDP/issues/4117
2017-09-07 09:38:44 +02:00
Ondrej Holy
048e7f264b
orders: Fix ORDER_TYPE_GDIPLUS_END check
...
Commit 6fd03ab
introduced security checks for orders, but
ORDER_TYPE_GDIPLUS_END check fails in case of success and vice versa.
Let's add the missing question mark.
https://github.com/FreeRDP/FreeRDP/issues/4117
2017-09-07 09:38:44 +02:00
David Fort
5115ecd948
Merge pull request #4063 from akallabeth/auth_fixes
...
Fixed leaks, certificate comparison and channel context cleanup
2017-08-30 10:19:12 +02:00
Bernhard Miklautz
52fbfb7b12
fix clang warnings, directly include wtypes.h ( #4097 )
...
* build: clang use -Wno-unused-command-line-argument
With clang 5.0 builds are quite noisy otherwise.
* Directly include wtypes.h
Directly include winpr/wtypes.h where _fseeki64 or _ftelli64 is used.
* fix build warnings with clang 5
clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: parentheses-equality
* fix build warnings with clang 5
clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: tautological-compare
* fix build warnings with clang 5
clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning:
incompatible pointer types passing 'size_t *' (aka 'unsigned
long *') to parameter of type 'UINT32 *' (aka 'unsigned int *')
[-Wincompatible-pointer-types]
2017-08-29 09:09:38 +02:00
Armin Novak
c3d4b7d262
fseeko and ftello for 64bit file support.
2017-08-14 08:42:49 +02:00
David Fort
b29658a859
Merge pull request #4066 from akallabeth/input_event_fixes
...
Fixed capability checks for mouse and unicode input.
2017-08-02 11:25:08 +02:00
David Fort
c84065f40c
Merge pull request #4069 from yurashek/master
...
Build on Solaris
2017-08-02 09:53:38 +02:00
Armin Novak
d2d621106d
Fixed capability checks for mouse and unicode input.
2017-07-31 12:30:35 +02:00
Armin Novak
523a881663
Channels with a context must free it themselves.
2017-07-28 08:39:51 +02:00
Armin Novak
11fa9f6753
Free credentials on exit.
2017-07-28 08:39:49 +02:00
Armin Novak
b0411d4faa
Unexported internal NLA functions.
2017-07-28 08:38:07 +02:00
Armin Novak
c301f2d56a
Fixed certificate check return.
2017-07-28 08:35:41 +02:00
Armin Novak
ceda244165
Fixed uninitialized values and leaks.
2017-07-28 08:35:31 +02:00
Armin Novak
dd4b5ea126
Disable JPEG codec support if not compiled in.
2017-07-24 15:23:36 +02:00
Armin Novak
b51a103b70
Fixed uninitialized values.
2017-07-20 09:35:41 +02:00
Armin Novak
8b9e3fa51e
Fixed use of reserved keywords for include guards.
2017-07-20 09:35:41 +02:00
Armin Novak
0490aeb018
Fixed clang malloc integer overflow warnings.
2017-07-20 09:29:48 +02:00
Armin Novak
8292b4558f
Fix TALOS issues
...
Fix the following issues identified by the CISCO TALOS project:
* TALOS-2017-0336 CVE-2017-2834
* TALOS-2017-0337 CVE-2017-2834
* TALOS-2017-0338 CVE-2017-2836
* TALOS-2017-0339 CVE-2017-2837
* TALOS-2017-0340 CVE-2017-2838
* TALOS-2017-0341 CVE-2017-2839
2017-07-20 09:28:47 +02:00
Armin Novak
96d53933d2
Deactivated all H264 related code paths.
2017-07-17 10:39:08 +02:00
Norbert Federa
36b8f54c5e
Fixed a few compiler warnings
2017-07-10 17:52:05 +02:00