mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,379 Commits 6 Branches 74 Tags 84 MiB
922a0fa495
Commit Graph

11379 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Brent Collins
922a0fa495 Fix checks for openssl version numbers around fips changes, they were using an incorrect version matching 1.1.0 and not 1.0.1 
Simplify the logic to enable openssl fips mode
 2017-11-17 12:43:07 +01:00
Brent Collins
e47123f05a Do not initialize SSL in freerdp_context_new, it is too early to detect the fips enabled flag 
and is redundant since it is initialized later before actually using SSL.
 2017-11-17 12:43:07 +01:00
Brent Collins
a0526317ea Fix the return values of the winpr_Digest_Init functions which were accidentally removed 
during rework in previous checkin.
 2017-11-17 12:43:07 +01:00
Brent Collins
1129634617 Move the disabling nla and setting the fips encryption mode based on fips 
mode to happen after argument parsing to ensure it always enforced.
 2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63 Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues. 2017-11-17 12:43:07 +01:00
Brent Collins
7aa9e7a97f Fix variable definition placement to adhere to older C standard. 2017-11-17 12:43:06 +01:00
Brent Collins
5284100bb0 FIPS_mode() and FIPS_mode_set() does not exist in OpenSSL versions before 1.0.1 2017-11-17 12:43:06 +01:00
Brent Collins
2dddae738f Change initialization of EVP_CIPHER_CTX to use API function instead of trying to calloc(). 
Fix some warnings noted from build output.
 2017-11-17 12:43:06 +01:00
Brent Collins
497ba442be Workaround for missing EVP_CIPH_FLAG_FIPS_NON_ALLOW flag in openssl 1.0.0. 2017-11-17 12:43:06 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode. 
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
 2017-11-17 12:43:06 +01:00
David Fort
80cb1dd23c
Merge pull request #4242 from ccpp/afreerdp_versioncode_11 
Increase APK versionCode for aFreeRDP 2.0-rc1
 2017-11-17 09:36:50 +01:00
Christian Plattner
a5f67d1203 Increase versionCode for aFreeRDP 2.0-rc1 2017-11-17 08:58:07 +01:00
David Fort
6666564493
Merge pull request #4186 from RangeeGmbH/multimonitor_primary_fix 
FreeRDP multimonitor: Use first command line element, then primary, …
 2017-11-16 15:26:03 +01:00
David Fort
0d92c725c6
Merge pull request #4000 from akallabeth/ign_keyword_fix 
Command line ignore empty if flag set
 2017-11-16 13:26:01 +01:00
akallabeth
668e347814
Merge pull request #4034 from blino/wayland-keymap 
Reuse evdev/X11 keymap for wayland
 2017-11-16 12:07:07 +01:00
Martin Fleisz
af0ac6daf1
Merge pull request #4237 from akallabeth/remove_atoi 
Replaced atoi
 2017-11-16 09:39:04 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
David Fort
7fe8648ab1
Merge pull request #3940 from akallabeth/custom_help_arguments 
Added a new function to allow printing help with additional arguments.
 2017-11-15 15:47:35 +01:00
David Fort
88ce5aa5fe
Merge pull request #4235 from akallabeth/avcodec_encode_video_fix 
Added encoder path for libavcodec versions <1.0
 2017-11-15 15:37:27 +01:00
Armin Novak
8c2bd951ae Allow printing of custom arguments in help. 2017-11-15 15:25:34 +01:00
Armin Novak
e4873fe2c4 Added encoder path for libavcodec versions <1.0 2017-11-14 09:15:43 +01:00
David Fort
f4f23454c9
Merge pull request #4233 from akallabeth/kerberos_rebased 
Kerberos rebased
 2017-11-13 17:39:27 +01:00
David Fort
6f2b849f20
Merge pull request #4232 from akallabeth/ffmpeg_compat 
Added compat define for missing format.
 2017-11-13 17:09:48 +01:00
David Fort
7bbc3cb8b7 Fix logic in nla_read_ts_credentials 2017-11-13 16:20:57 +01:00
Armin Novak
65f4c560d3 Fixed uninitialized values and leaks. 2017-11-13 16:20:57 +01:00
dodo040
60406794ce fix Kerberos flavour's detection (MIT/Heimdal) and double free for MIT<1.13 2017-11-13 16:20:56 +01:00
dodo040
2ed4acb0ac fix typo 2017-11-13 16:20:56 +01:00
dodo040
1d97286a76 fix undeclared identifier on Windows 2017-11-13 16:20:56 +01:00
dodo040
335de159b0 use SSIZE_T instead of ssize_t 2017-11-13 16:20:56 +01:00
dodo040
9adb971181 handle missing ssize_t on Windows 2017-11-13 16:20:56 +01:00
dodo040
3e897a63cb remove useless includes 2017-11-13 16:20:56 +01:00
dodo040
e0a9999fb2 fix: GSS API init, enterprise name management, variable names and format code 2017-11-13 16:20:56 +01:00
dodo040
0a3c61d305 fix undefined symbol references at linking stage 2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00
Armin Novak
5cd89a3bc5 Added compat define for missing format. 2017-11-13 11:28:43 +01:00
akallabeth
ff59cf028c
Merge pull request #4122 from ben-cohen/sshagent 
Forward ssh-agent data between ssh-agent and RDP
 2017-11-13 10:01:01 +01:00
David Fort
b85287fb62
Merge pull request #4212 from SriRamanujam/ffmpeg_encoder_fixes 
Fix libavcodec encoding errors and set tunables.
 2017-11-13 09:30:28 +01:00
Sri Ramanujam
fef3865ff2 Fallback #ifdefs for older versions of libavcodec 2017-11-12 17:31:22 -05:00
Ben Cohen
8d54945b96 Remove underscores from define in sshagent_main.h 2017-11-10 20:16:00 +00:00
Ben Cohen
6093ec62e0 Fix comments at the start of these files and adjust copyrights 2017-11-10 20:16:00 +00:00
Ben Cohen
badb70174a Add server side plugin [UNTESTED] 
This is based on xrdpapi/xrdp-ssh-agent.c from xrdp PR #867.
 2017-11-10 20:16:00 +00:00
Ben Cohen
c27541e9ac Add rdpcontext so read thread can report channel error 
Also fix copyright dates...
 2017-11-10 20:16:00 +00:00
Ben Cohen
639930869a Remove EAGAIN/EWOULDBLOCK from blocking read/write 2017-11-10 20:16:00 +00:00
Ben Cohen
7e262213ca Fix socket fd leak and other changes 
1. In connect_to_sshagent() if connect() fails, the socket agent_fd is
   leaked.  It needs to be closed before returning.

2. Fix copyright messages.

3. Make if statement with call to CreateThread() clearer to read.
 2017-11-10 20:16:00 +00:00
Ben Cohen
0e90841a18 Forward ssh-agent data between ssh-agent and RDP 
Add the sshagent plugin to forward the ssh-agent protocol over an RDP
dynamic virtual channel, just as the normal ssh-agent forwards it over
an SSH channel.  Add the "/ssh-agent" command line option to enable it.
Usage:

Run FreeRDP with the ssh-agent plugin enabled:

   xfreerdp /ssh-agent ...

In the remote desktop session run xrdp-ssh-agent and evaluate the output
in the shell as for ssh-agent to set the required environment variables
(specifically $SSH_AUTH_SOCK):

   eval "$(xrdp-ssh-agent -s)"

This is the same as for the normal ssh-agent.  You would typically do
this in your Xsession or /etc/xrdp/startwm.sh.

Limitations:

1. Error checking and handling could be improved.

2. This is only tested on Linux and will only work on systems where
clients talk to the ssh-agent via Unix domain sockets.  It won't
currently work on Windows but it could be ported.
 2017-11-10 20:16:00 +00:00
akallabeth
fcc9419922
Merge pull request #4225 from krisztian-kovacs-balabit/use-redirection-pdu-password-on-reconnect 
core/connection: use redirection password when reconnecting
 2017-11-10 09:32:39 +01:00
David Fort
dcafd4dacd
Merge pull request #4226 from krisztian-kovacs-balabit/open-x509-keyfile-readonly 
libfreerdp/core/certificate: open key file for reading only
 2017-11-09 18:11:12 +01:00
Sri Ramanujam
66c925c9e4 Fix libavcodec encoding errors and set tunables. 2017-11-09 11:39:54 -05:00
KOVACS Krisztian
c13c9035eb libfreerdp/core/certificate: open key file for reading only 
There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
 2017-11-09 16:54:22 +01:00
Martin Fleisz
7717a42f6c
Merge pull request #4224 from krisztian-kovacs-balabit/nsc-memory-corruption-fix 
codec/nsc: fix memory corruption in case of chroma subsampling
 2017-11-09 16:24:46 +01:00