Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.
It also add debug statement for the listing of smartcard keys / certs.
This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.
This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
* Fixed format strings to match arguments
Reviewed and replaced all %d specifiers to match proper type
* Added proxy dynamic channel command type to log messages.
* added wf_defaults.c (also in CMakeLists.txt) which provides the capability to read credential manager entries and set username and password in the rdpSettings accordingly
* the same will be done if a gateway host is specified without credentials
* the behavior will be similar to mstsc.exe on windows
* Fix build with mingw
4a71cab2e7 broke wf_events.c.
The drive channel was not building because of missing definitions.
* winpr: make functions return False when not implemented
* Fixed TestUri unit test
* Make proper unit test out of the test function
* Add proper test cases
* Replace FindFirstFileA with FindFirstFileW for addins
This allows addin paths to contain unicode symbols.
* Fixed parse_uri_to_local_file definition
* Move to common clipboard.c file
* Move to header file so it can be included in test case
* Added WINPR_LOCAL for test builds
This macro exports internal functions in case of a unit test build
This way unit tests can access these without other workarounds.
* Fixed typo in function name is_dos_driver
* Cleaned up FindFirstFileW call
Use a wrapper function to convert to unicode and call the function
* Cleaned up BUILD_TESTING and EXPORT_ALL_SYMBOLS
* EXPORT_ALL_SYMBOLS now does as the name implies and exports all
non static functions/variables from the library.
* BUILD_TESTING now only sets the defines for test code and
activates EXPORT_ALL_SYMBOLS to allow tests to access internal
code
* Fixed windows client warnings
* disable CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS
The RDP2Tcp channel has no associated bool in settings for configuring the loading
of the channel (only settings->RDP2TCPArgs for the args), so let's load it outside
of the big loading loop (prevent a warning for unknown bool setting 1519).
If user presses mouse button down within window and then moves it
outside of window before releasing, host will still see mouse
button as "stuck down" because mouse up event is not sent. So use
`SetCapture()`/`ReleaseCapture()` to capture mouse events until
button is released.
Also, since coordinates from WM_* events are signed values,
need to prevent negative values from being sent.
if auto-request-control setting is enabled then only request control once upon connect, otherwise it will auto request control again every time server turns off control which is a bit annoying.
* update .gitignore and cleanup conditionnal callback call
* client: rework channel loading
Automate the loading of channels that only depend on a given enabled setting.
If smart-sizing option is enabled in windows client and the server's desktop resolution changes, do not change the size of the client window.
This is because I would assume that if the user has enabled smart-sizing, they would intend for the window to be set to a particular size and not change.
Also, when connecting to windows 10 client, `wf_desktop_resize()` is called once just after connect and so if wfreerdp is run with `/smart-sizing:WxH` then the window will start at the size `WxH` but then immediately change to the desktop resolution of the server which makes the `/smart-sizing:WxH` parameter effectively do nothing.
* xfreerdp: fix typo in logs
* winpr: file appender, small code cleanup
* shadow-server: add an option for TLS secrets
This allows to dissect connections to the shadow server.
* fix moving a window shrinks it 14x7 when connect to server 2019
Signed-off-by: 2fly2 <wjatchd@163.com>
* use clang-format to apply correct formatting
Signed-off-by: 2fly2 <wjatchd@163.com>
Signed-off-by: 2fly2 <wjatchd@163.com>
* xf_floatbar use XmbDrawString instead of XDrawString
* xf_floatbar fall back to XDrawString when fontSet is NULL
Co-authored-by: Jianfeng Liu <jfliu@zshield.net>
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
Microsoft Windows imposes strict filename restrictions on its platform.
As RDP is developed by Microsoft and the RDS in MS Windows is typically
used as remote desktop server for the RDP protocol, these filename
restrictions are also enforced in WinPR, when copy-pasting files over
the clipboard.
However, in some connections no peer on MS Windows is involved and in
these situations, these filename restrictions are just an annoyance.
With a recent API addition in WinPR, it is now possible to override the
callback, where the filename is checked, whether it is valid.
So, use this new API to relieve the filename restriction, when the
connected remote desktop server is not on MS Windows.
_align_XXX functions aren't widely available depending on the C runtime. That causes
problems with mingw where we can easily have some runtime mixes (which lead to mysterious
segfaults most of the time). This patch introduce winpr_aligned_XXX functions that will
either use the function available, or use an emulation layer.
* Fixed remdesk settings pointer
* Fixed sign warnings in display_write_monitor_layout_pdu
* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context
* Added and updates settings
* info assert/dynamic timezone
* mcs assert/log/flags
* Fixed and added assertions for wStream
* Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
* Cleaned up PER, added parser logging
* Cleaned up BER, added parser logging
* log messages
* Modified Stream_CheckAndLogRequiredLengthEx
* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list
* Improved Stream_CheckAndLogRequiredLength
* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected
* Fixed public API input checks
* Fixed GetFileInformationByHandle initializers
* Fix#7793: Do not expose internal input API
Slow-Path input uses UINT16 for scancodes on wire, but only the
lower byte is actually used. (the extended fields are sent in
keyboardFlags field)
Hide this implementation detail and adjust the API to use UINT8
for the code instead just like the corresponding Fast-Path PDU
* Added a warning for problematic slow path keyCodes
A proxy URI was parsed both in the function `proxy_read_environment()` in
`libfreerdp/core/proxy.c` and in the function
`freerdp_client_settings_parse_command_line_arguments()` in
`client/common/cmdline.c`. But only the latter was taking into account
that the URI can contain a user and password, which made it impossible
to use a proxy with authentication by just using an environment
variable like `https_proxy`.
The function `proxy_parse_uri()` in `libfreerdp/core/proxy.c` was
clearly not parsing the optional username and password.
This commit moves the code from `client/common/cmdline.c` to
`libfreerdp/common/settings.c` into a function `proxy_parse_uri()` so
redundant code is avoided. This function is then called in both
instances where a proxy URI is parsed.
Some minor adjustment were made to the code, so the `WLog_INFO()`
statement at the end works in both cases, where credentials were either
provided or not. Also, some error messages were added or clarified.
If the parsing of the environment variable fails, we ignore it entirely
(with a warning) and proceed.
When a FormatDataRequest by xfreerdp is answered with the
CB_RESPONSE_FAIL flag, then the request was answered, but xfreerdp does
not mark it as answered, by leaving the request as pending.
This results in non-functional copy-paste actions, when copying
something from the server side, after the failed request.
A similar situation can happen, when a new FormatList is received,
while there is a pending FormatDataRequest.
Fix these situations by clearing the pending request, when a form of an
answer, either via CB_RESPONSE_FAIL flag or via new FormatList, is
received.
Fixes: https://github.com/FreeRDP/FreeRDP/issues/7757
* Early return authenticate if TLS smartcard logon
* Removed obsolete SmartcardPin and unified AuthenticateEx calls
* Remove password-is-pin from command line
The setting is implied by smartcard-logon and only of interest in
server side code, so the setting is useless
* Rework AUTH_SMARTCARD_PIN
Just prompt for PIN and not user/domain if this is requested.
* Fixed a memory leak in nla.c
* Align credentail prompt
* Handle AUTH_NLA & smartcard, just ask for PIN
* Added assertions, removed duplicate password prompt check
* Move smartcard logon after credential prompt
* Prefer xinput events over x11 events for mouse input
* Prefer xinput raw events over xinput events:
* Only use when the mouse is grabbed (events are not bound to a
specific window but are global)
* Only use for relative mouse input
