mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,945 Commits 6 Branches 74 Tags 84 MiB
8073a7850e
Commit Graph

1897 Commits

Author SHA1 Message Date
Martin Fleisz
8df96364f2 cssp: Add support for protocol version 6 2018-03-20 10:37:38 +01:00
Bernhard Miklautz
e7ae3f6bab fix nla: don't use server version 
FreeRDP currently only supports CredSSP protocol version 3. However the
current implementation always sent back the version received by the
server indicating that this version was supported.
With recent windows updates applied the protocol changed and this approach
doesn't work anymore (see
https://msdn.microsoft.com/en-us/library/mt752485.aspx for protocol changes).

With this fix FreeRDP always sends version 3 as supported version.

Credit goes to @mfleisz.

Fixes #4449
 2018-03-14 14:04:56 +01:00
Armin Novak
2517755d25 Fixed thread function return and parameters. 2018-03-07 14:36:55 +01:00
akallabeth
dd538ccd4b
Merge pull request #4470 from mfleisz/misc_fixes 
Various fixes after running VS 2017 code analysis
 2018-03-07 14:05:22 +01:00
Martin Fleisz
811406382d core: Fix possible out-of-bounds read 2018-03-06 15:52:34 +01:00
Martin Fleisz
07f05c5cb3 nla: Add NULL pointer check 2018-03-06 15:39:03 +01:00
Armin Novak
a419677e8f Fix invalid handle offset. 2018-03-06 13:58:40 +01:00
Armin Novak
1f7d33a2f2 Fixed read/write of surface bits command. 
The optional field exBitmapDataHeader of TS_ BITMAP_DATA_EX was ignored.
Read and expose the data (currently unused)
 2018-03-01 11:38:59 +01:00
Jacco Braat
2af67baea3 Modified RDG connection setup using PAA Cookie. 
Skip NTLM auth on the IN/OUT channels. Add PAACookie to TUNNEL_CREATE.
 2018-02-15 10:56:58 +01:00
Jacco Braat
b592684734 Added to rdp file parsing: gatewayaccesstoken:s:<token> 
Added to commandline parsing: /gat:<token>
Added GatewayAccessToken to sings
 2018-02-15 10:56:57 +01:00
Armin Novak
92c62b1dbf Fixed #4436: double free of http response. 
Fixed #4436: reset of token split.
 2018-02-14 14:29:08 +01:00
Armin Novak
990b8c23a9 Fixed PubSub function pointer casts. 2018-02-14 11:00:52 +01:00
David Fort
6e5d86f332 http: fix compilation with valgrind memcheck helpers 2018-02-14 10:16:38 +01:00
Bernhard Miklautz
8566021a1c
Merge pull request #4425 from akallabeth/windows_nego_fix 
Fixed windows unicode authentication.
 2018-02-13 15:26:44 +01:00
Martin Fleisz
b8599b08f2
Merge pull request #4364 from akallabeth/gateway_refactor 
Gateway refactor
 2018-02-13 13:48:45 +01:00
Armin Novak
53d2150e00 Fixed windows unicode authentication. 2018-02-13 11:29:56 +01:00
Armin Novak
2cf10cc359 bitmap free now always deallocating all resources. 2018-02-13 10:18:43 +01:00
Armin Novak
8c7fe93cc6 Added client channel queue object free function. 2018-02-09 11:04:31 +01:00
Armin Novak
78de329f1f Fixed IPv4/IPv6 to string 2018-02-08 17:26:31 +01:00
Norbert Federa
46f03d5e78 disabled expensive debug call in channel send 2018-01-31 12:44:45 +01:00
Armin Novak
e1c00b878d Fixes argument size type, function static where appropriate. 2018-01-19 09:15:26 +01:00
Armin Novak
29f2d2d9bb Fixed missing packageName setup in server NLA 2018-01-17 09:09:58 +01:00
Armin Novak
0e1a073384 Simplified package name comparisons. 2018-01-17 08:18:45 +01:00
Armin Novak
dc3d536398 Changed length arguments and return to size_t 2018-01-17 08:14:06 +01:00
Armin Novak
20b4b286f0 Fixed strtoull not supported on windows. 2018-01-16 08:15:34 +01:00
Armin Novak
a49a2299b1 Refactored http parser 
* Using single buffer for all data
* Added response size limit of 64MiB
* Fixed various memory leaks
 2018-01-15 16:51:33 +01:00
Armin Novak
c3f008c36c Functions static where appropriate. 2018-01-15 13:22:01 +01:00
Armin Novak
59e8b67287 Fixed broken #ifdef 2018-01-15 10:18:03 +01:00
Armin Novak
97cc55deec Fixed bitmap capability debug. 2018-01-12 09:22:08 +01:00
David Fort
e1cc601963
Merge pull request #4323 from akallabeth/scanbuild_fixes 
Scanbuild and other warnings fixed
 2018-01-08 11:16:21 +01:00
akallabeth
4077d55a6c
Merge pull request #4332 from hardening/xrandr_and_fixes 
Xrandr and fixes
 2018-01-08 09:20:56 +01:00
David Fort
191b8f950f Fix for #4330 
Since ec027bf dynamic resolution is broken when used with egfx. Before that commit
we were tracking a server sent resize by setting a DesktopResize callback. This callback
is called when the desktop is resized by the server. Anyway the problem was that when this
callback is called, the activation sequence is not always completed, which were leading to
some freeze with 2012r2 servers (sending packets before the sequence is finished).
So with the faulty commit, we are tracking server resizes by subscribing to the Actived
event, that is called at the end of a reactivation sequence, so we're sure to not send packets
when not fully activated.
Anyway the issue that shows on (#4330) is that when you use egfx, no reactivation sequence happens,
the server only sends a ResetGraphics message with the new size, and so we miss the resized event.
This fix introduces a new GraphicsReset event, makes the display channel subscribe to that event,
and react accordingly.
 2017-12-23 13:50:54 +01:00
Armin Novak
c60c355a9d Added ROP to primary order debug message. 2017-12-22 10:37:04 +01:00
Armin Novak
e4766c656e Fixed missing initialization warnings. 2017-12-21 11:04:32 +01:00
Armin Novak
6a21bdae3d Fixed various scanbuild warnings. 2017-12-21 09:34:35 +01:00
akallabeth
e3e65734e8
Merge pull request #4303 from krisztian-kovacs-balabit/use-redirection-password 
Use redirection password
 2017-12-20 17:01:58 +01:00
Martin Fleisz
80a49f46dc
Merge pull request #4320 from ondrejholy/coverity-fixes 
Coverity Scan fixes
 2017-12-20 14:17:20 +01:00
Martin Fleisz
ec027bf46c
Merge pull request #4318 from hardening/display_improvement 
Dynamic resolution improvements
 2017-12-20 13:43:22 +01:00
Martin Fleisz
bfe8359b5b
Merge pull request #4239 from akallabeth/test_memleak_fixes 
Test memleak fixes
 2017-12-20 12:38:38 +01:00
David Fort
2a6c9e1b87 Add an activated event and a Timer event 
Added an event that is triggered when the activation sequence is finished.
We also define a timer event that is neat to have for regular operation.
 2017-12-19 15:21:15 +01:00
Ondrej Holy
4791970c09 core: Remove redundant stream position changes 
Stream_Seek() is used, but consequently Stream_SetPosition() is used
for position obtained by Stream_GetPosition() immediatelly before
Stream_Seek(). Let's remove this stream position changes due to its
redundancy.
 2017-12-19 13:02:55 +01:00
Ondrej Holy
0389cb129e core: Fix array overrunning during FIPS keys generation 
p is 20 and r is 1 in the last iteration of fips_expand_key_bits,
which means that buf[21] is read (of BYTE buf[21];). However,
the value is not needed, because it is consequently discarded by
"c & 0xfe" statement. Let's do not read buf[p + 1] when r is 1
to avoid this.
 2017-12-19 10:29:16 +01:00
Armin Novak
7305828122 Fix #4239: Various memory leaks 
* Fixed all tests, now can be run with -DWITH_ADDRESS_SANITIZER=ON compiled.
* Enabled address sanitizer for nightly builds.
 2017-12-12 11:40:48 +01:00
David Fort
41823080f9 Fix users of Stream_GetPosition() that returns size_t 2017-12-11 22:38:58 +01:00
David Fort
11ee81be60 Fix XRandr for old systems and MacOSX 
We need a recent enough version of XRandr to correctly detect monitor.
Also this patch adds some typo or style fixes.
 2017-12-08 10:59:38 +01:00
KOVACS Krisztian
7f5f40d392 core/nla: use RedirectionPassword if set in settings 
Previously, the code prompted for the password even if a RedirectionPassword
was provided.

With this change the prompt is only shown if both settins->Password and
settings->RedirectionPassword is absent.
 2017-12-06 16:32:56 +01:00
KOVACS Krisztian
6518e36c70 Revert "core/connection: use redirection password when reconnecting" 
This reverts commit 70c65e70d1.
 2017-12-06 14:58:34 +01:00
David Fort
cf33966f2e
Merge pull request #4282 from akallabeth/force_ipv6 
Fix #4281: Added option to prefer IPv6 over IPv4
 2017-11-28 10:48:53 +01:00
Armin Novak
3e4c274cc9 Fixed channel count exceed checks 
The check aborted on CHANNEL_MAX_COUNT - 1 instead
of correctly at CHANNEL_MAX_COUNT
 2017-11-28 09:40:04 +01:00
David Fort
2f4a2f8595
Merge pull request #4272 from akallabeth/static_channel_checks 
Fix #3378: 31 static channels are supported.
 2017-11-27 22:46:23 +01:00
Armin Novak
2cc64298f2 Fix #4281: Added option to prefer IPv6 over IPv4 2017-11-27 11:43:54 +01:00
Armin Novak
377bfeb227 Fix #3378: 31 static channels are supported. 2017-11-23 16:18:44 +01:00
Armin Novak
f68bc07a22 Fixed return value check for callbacks. 2017-11-23 15:10:42 +01:00
akallabeth
71e38a4ce7
Merge pull request #4267 from ondrejholy/autofips 
Enable FIPS mode automatically
 2017-11-23 10:49:15 +01:00
Ondrej Holy
74bbbdb5c3 Remove unused variable 
Unused variable was added together with FIPS mode support, let's remove it.
 2017-11-23 10:09:17 +01:00
Ondrej Holy
6973b14eed Enable FIPS mode automatically 
FreeRDP aborts if OpenSSL operates in FIPS mode and +fipsmode is not
manually specified. Let's prevent the abortion and enable the necessary
options in that case automatically.
 2017-11-23 10:09:17 +01:00
David Fort
a834ef8243
Merge pull request #4251 from akallabeth/openssl_warn_fixes 
Fix #4247: warnings introduced with #3904
 2017-11-23 09:22:02 +01:00
cedrozor
49f4b2a42e Fixed NLA for Negotiate and NTLM authentication (regression due to the recent addition of kerberos support) 2017-11-21 16:36:47 +01:00
Armin Novak
a376656b3c Disabled ceritficate signature check. 2017-11-21 11:37:42 +01:00
Armin Novak
4fe12b0ea3 Fix #4247: warnings introduced with #3904 2017-11-20 10:18:15 +01:00
akallabeth
b156b937fe
Merge pull request #3904 from bjcollins/master 
FIPS Mode support for xfreerdp
 2017-11-17 13:31:43 +01:00
Martin Fleisz
4ff1251488
Merge pull request #4236 from akallabeth/scan_fix_remastered 
Scanbuild warning fixes
 2017-11-17 13:02:46 +01:00
Brent Collins
9ca9df1ead Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override 
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
 2017-11-17 12:43:07 +01:00
Brent Collins
e47123f05a Do not initialize SSL in freerdp_context_new, it is too early to detect the fips enabled flag 
and is redundant since it is initialized later before actually using SSL.
 2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63 Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues. 2017-11-17 12:43:07 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode. 
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
 2017-11-17 12:43:06 +01:00
Armin Novak
bd7e4cd35a Fixed uninitialized variables. 2017-11-15 15:56:25 +01:00
Armin Novak
032c0164d1 Fixed missing error check. 2017-11-15 15:56:25 +01:00
Armin Novak
99f6c27488 Fixed uninitialized arguments. 2017-11-15 15:56:25 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
David Fort
7bbc3cb8b7 Fix logic in nla_read_ts_credentials 2017-11-13 16:20:57 +01:00
dodo040
e0a9999fb2 fix: GSS API init, enterprise name management, variable names and format code 2017-11-13 16:20:56 +01:00
dodo040
0a3c61d305 fix undefined symbol references at linking stage 2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00
akallabeth
fcc9419922
Merge pull request #4225 from krisztian-kovacs-balabit/use-redirection-pdu-password-on-reconnect 
core/connection: use redirection password when reconnecting
 2017-11-10 09:32:39 +01:00
KOVACS Krisztian
c13c9035eb libfreerdp/core/certificate: open key file for reading only 
There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
 2017-11-09 16:54:22 +01:00
KOVACS Krisztian
70c65e70d1 core/connection: use redirection password when reconnecting 
According to MS-RDPBCGR the server might send a password in the Redirection PDU
that then must be sent by the client to the server as password.

Since the field either contains a password string (unicode) or a binary cookie,
we try to convert the password from unicode and use it only if conversion
succeeds.
 2017-11-09 14:46:38 +01:00
Martin Fleisz
d5344c3396
Merge pull request #4219 from akallabeth/various_fixes 
Various fixes
 2017-11-09 09:37:18 +01:00
Martin Fleisz
ed1934cafe
Merge pull request #4211 from akallabeth/silence_duplicate_warnings 
Silence WLog_ERR messages if last error is set.
 2017-11-08 13:34:26 +01:00
Armin Novak
b86c0ba548 Fixed NLA default error to FREERDP_ERROR_AUTHENTICATION_FAILED 2017-11-08 11:32:34 +01:00
David Fort
b216e91cdd
Merge pull request #4210 from akallabeth/nla_errors_extended 
Added additional NLA error mappings.
 2017-11-06 14:23:50 +01:00
Armin Novak
ce00f4dd8f Silence WLog_ERR messages if last error is set. 2017-11-06 14:02:22 +01:00
akallabeth
e7b8833e9e
Merge pull request #4187 from hardening/multimon_fix 
Multimonitor fix
 2017-11-06 10:02:07 +01:00
Armin Novak
7a73a0eb1b Added additional NLA error mappings. 2017-11-06 09:49:03 +01:00
Youness Alaoui
02e4f1f256 Do not delete the listener socket right after creating it. 
The listener server socket file needs to be deleted before we bind it
otherwise it's an "address already in use" error. But it was getting
deleted after the bind, causing the file to disappear, and preventing
anyone from connecting to the listener socket since the socket stops
existing.

This is caused by commit 884e87fde4
 2017-10-27 15:01:29 -04:00
Armin Novak
367bddd7ad Added better error mapping for NEGO results. 2017-10-25 09:58:13 +02:00
David Fort
f90fe19fc7 multimon: correctly set the primary monitor 
According to the spec the primary monitor is supposed to be in (0,0) and other monitors
to be given relative to this one.
 2017-10-17 14:07:23 +02:00
David Fort
a132922376 Add checks for DR channel 2017-10-04 10:30:47 +02:00
akallabeth
e6d66d9d81 Merge pull request #4154 from hardening/misc_fixes 
Fix raw surfaces displaying + misc other changes
 2017-09-27 14:56:21 +02:00
Bernhard Miklautz
15c7cb8cb2 Enable clipboard channel per default 2017-09-27 09:45:07 +02:00
David Fort
ddca8f3a3b Check return value of malloc 2017-09-26 13:56:08 +02:00
Armin Novak
9f26f73709 Added delay for connect abort 
The connection abort must be called after freerdp_connect.
Ensure that this function is already running by waiting
a second.
 2017-09-26 12:05:24 +02:00
Armin Novak
ef9444bd35 TestConnect: Extend timeout, only listen locally 2017-09-26 10:59:34 +02:00
Armin Novak
ac454628ae Fixed TestConnect with dynamic channels. 2017-09-25 13:34:00 +02:00
Armin Novak
884e87fde4 Unlink file after binding to it. 
When unlinking the file before binding, a new entry is created
in the file system after binding. This is not desireable, so
unlink it after binding to remove the temporary file after the process
closes.
 2017-09-25 10:35:24 +02:00
Jukka-Pekka Virtanen
ad1425e145 Using PasswordIsSmartcardPin option when sending TS_INFO_PACKET 2017-09-23 14:28:17 +02:00
David Fort
b587daa416 Merge pull request #4136 from tditsch/master 
Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION
 2017-09-22 09:52:27 +02:00
Armin Novak
bdae339268 Check and invalidate handles on free. 2017-09-19 12:36:13 +02:00
tditsch
a16d9a2ade refactored Bugfix 2017-09-19 10:18:41 +02:00
tditsch
feca6d9750 Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION 2017-09-18 17:29:16 +02:00