Commit Graph

8091 Commits

Author SHA1 Message Date
Marc-André Moreau
544c2f3e45 Merge pull request #2266 from Vinche59/smartcard
SmartCard
2014-12-14 11:56:01 -05:00
Vincent Sourin
719e5c9cdb Determine OSX Version ... only on OSX 2014-12-14 15:15:33 +01:00
Vincent Sourin
8a028f78e2 * Determine OS X Version at runtime 2014-12-13 05:30:44 -08:00
Bernhard Miklautz
43beef36ff rdtk/shadow: install libraries versioned 2014-12-12 19:26:23 +01:00
Bernhard Miklautz
1b663ceffe build: cmake 3.1 compatibility
* fix problem with REMOVE_DUPLICATES on undefined lists
* since 3.1 file(GLOB FILEPATHS RELATIVE .. returns single / instead of // as
  previously - necessary adoptions for regex and matches done. Should
	work with all cmake versions.

Tested with 3.1.0-rc3
2014-12-12 19:26:22 +01:00
Bernhard Miklautz
10ee2f72d9 Mac: set policy to silent cmake >= 3.0 warnings
Set the following policies to "OLD" if cmake version is greater than
2.8.12:

CMP0026 - Disallow use of the LOCATION target property
CMP0045 - Error on non-existent target in get_target_property
2014-12-12 19:25:43 +01:00
Bernhard Miklautz
ec0de7f6f6 rdtk: build samples only if WITH_SAMPLE is enabled 2014-12-12 17:53:33 +01:00
Bernhard Miklautz
b35dc849ee build: improve X11 detection on OS X
/usr/X11R6 doesn't exist on OS X per default (anymore). Therefore add
PATHS to all X11 detection modules pointing to the Xquarz installation
directory in /opt/X11.
For FindX11 it was also necessary to ensure that the frameworks are
searched as last (after PATHS) otherwise it could happen that X11 headers
of a framework (e.g. Tk.framework) were used.
2014-12-12 17:43:14 +01:00
Marc-André Moreau
74bef0edca Merge pull request #2275 from awakecoding/master
TS Gateway Fixes
2014-12-12 09:33:52 -05:00
Marc-André Moreau
aa23c4eaaa libfreerdp-core: fix random TS Gateway disconnects with async modes 2014-12-12 09:08:39 -05:00
Marc-André Moreau
5ee4fb5fe6 Merge pull request #2273 from nfedera/fix-2014-12-12-01
Standard RDP Security Layer Levels/Method Overhaul
2014-12-11 22:18:54 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
cc2321d359 libfreerdp-core: fix leak and use after free in tsg ListDictionary usage 2014-12-11 17:08:22 -05:00
Marc-André Moreau
d8e10ac04a freerdp: patch leaks reported by valgrind when using TS Gateway 2014-12-11 11:25:34 -05:00
Marc-André Moreau
b579ad3cec Merge pull request #2261 from akallabeth/more_memleak_fixes
More warning and memleak fixes
2014-12-11 08:28:48 -05:00
Marc-André Moreau
77982c6271 Merge pull request #2262 from bmiklautz/misc_fixes
Misc fixes
2014-12-11 08:27:30 -05:00
Marc-André Moreau
da5a9d2579 Merge pull request #2265 from TaGUNil/master
Fix segmentation fault in URBDRC
2014-12-11 08:26:44 -05:00
Bernhard Miklautz
4b5f052c54 Merge pull request #2272 from akallabeth/ipv6_parser_fix
Fixed conversion of IPv6 to ServerHostname
2014-12-11 13:21:35 +01:00
Armin Novak
edfee8213e Initializing ServerHostname string now with 0 2014-12-11 11:26:42 +01:00
MartinHaimberger
1226c51886 Merge pull request #2268 from hardening/rdpei_cleanup_fix
Fix cleanup of RDPEI server-side channel
2014-12-11 07:50:54 +01:00
Hardening
7b6c14bdcf Fix cleanup of RDPEI server-side channel 2014-12-10 16:47:15 +01:00
Vincent Sourin
956cece54b * Correct detection of Mac OS X Yosemite Version 2014-12-09 22:14:06 +01:00
Vincent Sourin
64ff9ee1b6 SmartCard
* Check for NULL parameters in PCSC_ConvertReaderNameToWinSCard (Issue #2184)
* Remove masking of dwEventState as it is not needed under Linux and MacOSX and it helps in ThinLinc environment
* Workaround for Mac OS X Yosemite (10.10) SCardStatus Bug (Issue #2184)
* Since Mac OS Tiger (10.5.6), Apple introduced new function for SCardControl calls named SCardControl132(), the old SCardControl doesn't work (cf. https://opensource.apple.com/source/SmartCardServices/SmartCardServices-55111/src/PCSC/winscard_clnt.c)
2014-12-09 20:14:57 +01:00
TaGUNil
da39686a31 channels/urbdrc: fix segfault
Fix segmentation fault in urbdrc_main.c caused by missing memset.
2014-12-09 19:28:13 +03:00
Bernhard Miklautz
7b413fb951 nego: print message when bypassing gateway
When "detect" is used as gateway usage method (which is the default)
it is tried to by-pass gateway connection for local hosts.
The detection might take some time therefore print a message that people
are aware that a detection is tried.

Fixes #2171
2014-12-08 19:00:05 +01:00
Bernhard Miklautz
67b6cc7518 xfreerdp: clean up AuthenticationOnly
* removed dead code path: user name is always set now
* update message if no password was set
2014-12-08 18:13:54 +01:00
Bernhard Miklautz
2dca3f3356 xfreerdp: use login name if no user name was set
If no user name is set with /u:.. use the login name of the current user will be
used as user name.
2014-12-08 18:07:05 +01:00
Marc-André Moreau
53686e414a Merge pull request #2259 from erbth/master
fixed shutdown of input thread in xfreerdp
2014-12-08 10:01:27 -05:00
Armin Novak
4d8c91b0fe Fixed missing declarations. 2014-12-07 01:15:49 +01:00
Armin Novak
8a6c4396b2 Fixed memory leak. 2014-12-07 01:04:30 +01:00
Armin Novak
528c5841d5 Fixed memory leak. 2014-12-07 00:50:20 +01:00
Armin Novak
6b2790774e Fixed missing NULL pointer check. 2014-12-07 00:33:37 +01:00
Armin Novak
23d64bd6ca Fixed uninitialized value. 2014-12-07 00:29:28 +01:00
Armin Novak
b23b0c656e Fixed uninitialized values in case of error return. 2014-12-07 00:27:06 +01:00
Armin Novak
547054a48b Fixed uninitialized value. 2014-12-07 00:23:46 +01:00
Armin Novak
f676c48a2f Fixed broken NULL pointer check. 2014-12-07 00:21:28 +01:00
erbth
9f068ca0f7 fixed shutdown of input thread in xfreerdp 2014-12-05 21:48:24 +01:00
Marc-André Moreau
84bccaf3fc Merge pull request #2258 from nfedera/fix-2014-12-05-02
gdi: don't pollute invalid region with empty rects
2014-12-05 14:50:25 -05:00
Marc-André Moreau
eae5b5628d Merge pull request #2257 from nfedera/fix-2014-12-05-01
cache: fixes for GlyphIndex, FastIndex & FastGlyph
2014-12-05 14:50:02 -05:00
Norbert Federa
443ee42db5 gdi: don't pollute invalid region with empty rects 2014-12-05 19:47:29 +01:00
Norbert Federa
a7c90e16a3 cache: fixes for GlyphIndex, FastIndex & FastGlyph
* update_process_glyph_fragments() ignored the text background rectangle

* moved the OpRight value fix-up to update_process_glyph_fragments() since
  it is required for all glyph primary drawing orders
2014-12-05 18:28:43 +01:00
Norbert Federa
3baaa9a523 Merge pull request #2256 from llyzs/llyzs
libfreerdp-core: enable ipv6 listener.
2014-12-05 16:06:23 +01:00
Vic Lee
bcee2ec3cd libfreerdp-core: enable ipv6 listener. 2014-12-05 10:06:35 +08:00
Marc-André Moreau
ced1ab979f Merge pull request #2255 from awakecoding/master
Memory Leak/Corruption Fixes, PulseAudio Detection Fixes
2014-12-04 14:13:15 -05:00
Marc-André Moreau
ae4a8bdc70 cmake: fix PulseAudio.cmake version detection 2014-12-04 14:06:29 -05:00
Marc-André Moreau
d5414c33a5 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-12-04 13:32:59 -05:00
Marc-André Moreau
f2267a2277 libwinpr-clipboard: fix memory corruption and leaks 2014-12-04 13:19:10 -05:00
Bernhard Miklautz
c83c6338a0 Merge pull request #2253 from nfedera/fix-2014-12-04-02
xfreerdp: smart sizing fix
2014-12-04 18:04:25 +01:00
Norbert Federa
415a0a158e xfreerdp: smart sizing fix
Standard format PictStandardRGB24 is not always available.
Use XRenderFindVisualFormat instead of XRenderFindStandardFormat
2014-12-04 17:52:54 +01:00
Marc-André Moreau
182dd76037 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-12-04 10:49:01 -05:00