Commit Graph

172 Commits

Author SHA1 Message Date
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
496ce10637 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-11-15 12:37:29 -05:00
Bernhard Miklautz
841b4c1a3a android: use target SDK version for appcompat
Also Use ANDROID_APP_TARGET_SDK for application compatibility project.
It is now automatically set/updated during build.

Note: The ANDROID_APP_TARGET_SDK version need to be larger or equal to the
version required by the used Android support library (appcompat).
2014-11-15 01:04:57 +01:00
Marc-André Moreau
769eb38217 afreerdp: migrate to cliprdr callback interface 2014-11-12 12:25:12 -05:00
Marc-André Moreau
19c3b0d457 afreerdp: cleanup cliprdr code 2014-11-12 11:14:10 -05:00
Marc-André Moreau
a1e660d92e freerdp: unify clipboard standard format id definitions 2014-10-16 22:20:12 -04:00
Armin Novak
7913a57bc5 Using wlog for logging in clients now. 2014-09-15 08:55:00 +02:00
Bernhard Miklautz
0313ca3622 libfreerdp: always build "MONOLITHIC"
"libfreerdp" consisted of multiple (small) single libraries. If the cmake
option MONOLITHIC was used only one library was build combining all of
the libfreerdp-* libraries.
The only exceptions to this are libfreerdp-server and libfreerdp-client these
are build as separate libraries.

This commit obsoltes non-monolithic builds and makes monolithic builds
the default. The cmake option MONOLITHIC is also removed.
2014-09-12 00:19:53 +02:00
Marc-André Moreau
82a53057a1 Merge pull request #2023 from ptsekov/software-gdi-improvements
Software GDI improvements
2014-08-18 16:22:23 -04:00
Marc-André Moreau
f30d7cf66a Merge pull request #2024 from repzilon/master
uclibc build fixes and recompressed images
2014-08-18 13:08:52 -04:00
Hardening
767d54ce18 Merge pull request #2017 from ptsekov/Issue_2016
Honour user performance preferences.
2014-08-15 09:21:12 +02:00
Norbert Federa
3c8700f62d Merge pull request #1963 from akallabeth/async-update-to-lib
Moved update thread from client to library.
2014-08-14 17:46:43 +02:00
Rene Rheaume
15ad357e1a Recompressed images with FileOptimizer 6.8 (an open-source mass file recompression tool for Windows) 2014-08-08 20:12:25 -04:00
Rene Rheaume
151e5de3d4 Recompressed PNG images again 2014-08-06 23:10:23 -04:00
Rene Rheaume
281ab78481 Recompressed losslessy PNG and JPEG images 2014-08-06 22:37:14 -04:00
Pavel Tsekov
98cf129a11 Do not invert fb contents when in 32bpp mode
* client/Android/FreeRDPCore/jni/android_freerdp.c:
(android_post_connect): Pass the proper flags to gdi_init().
(copy_pixel_buffer): Do not invert the framebuffer data when using 32bpp
framebuffer.
2014-08-07 01:12:39 +03:00
U-PAVEL\Pavel Tsekov
8a4f134fab Revert to 15d2b35574 2014-08-05 14:35:31 +03:00
Pavel Tsekov
9a470632f6 Honour user performance preferences.
* client/Android/FreeRDPCore/jni/android_freerdp.c:
(jni_freerdp_set_performance_flags): Always pass the user specified performance
settings to FreeRDP.
2014-08-05 00:49:13 +03:00
Pavel Tsekov
e13f93aa1b Allow the user to enable/disable performance features regardless of
their default values.
2014-08-04 18:14:08 +03:00
Mike Gilbert
ae1fdf6153 Remove execute bit from many files 2014-07-20 00:52:35 -04:00
Bernhard Miklautz
caeea1cbcd Merge pull request #1961 from g-reno/master
android toolchain and CMakeLists.txt update
2014-07-16 11:26:00 +02:00
Armin Novak
689902c995 Moved update thread from client to library. 2014-07-14 19:27:50 +02:00
Gerry Reno
3bd1f4898d android CMakeLists.txt: added else clause to test for v7 appcompat 2014-07-14 08:53:20 -04:00
Gerry Reno
d06ed2fa2f android CMakeLists.txt: added support for both 'support' and 'compatibility' in support library path for v7 appcompat
supports path styles:
$ANDROID_SDK/extras/android/support/v7/appcompat
$ANDROID_SDK/extras/android/compatibility/v7/appcompat
2014-07-13 14:54:48 -04:00
Armin Novak
ba296e5f92 Removed unused code. 2014-07-11 18:49:40 +02:00
Armin Novak
f00a3d95d9 Fixed wrong visibility setting of bookmark list view 2014-07-11 18:49:20 +02:00
Bernhard Miklautz
6a49bcfe40 winpr: always build "monolitic"
winpr is now always build as single library.
The build option MONOLITHIC_BUILD doesn't influence this behavior anymore.

The only exception is winpr-makecert-tool which is still build as extra
library.

This obsoletes complex_libraries for winpr.
2014-07-10 11:10:58 +02:00
Martin Fleisz
190cd55e45 Merge pull request #1933 from akallabeth/android-localized-assets
Android localized assets
2014-07-07 09:46:00 +02:00
Armin Novak
abda0b1830 Removed unused welcome screen. 2014-07-04 14:43:32 +02:00
Armin Novak
cdef682fe2 Moved common resources to top asset folder, adjusted html references.
Removed unused asset folder.
2014-07-04 14:32:59 +02:00
Bernhard Miklautz
9e1793c8ff Merge pull request #1927 from akallabeth/android-de-translation
German translation for aFreeRDP
2014-06-27 12:35:26 +02:00
Armin Novak
ebecb326bb Added german translated assets. 2014-06-26 15:05:49 +02:00
Armin Novak
9a274db12f Modified asset loading, now checking if translated version exists before loading default. 2014-06-26 15:05:17 +02:00
Armin Novak
a0ec9d29be Modified translation, better wording in context. 2014-06-25 11:29:08 +02:00
Armin Novak
a80199cecb Added german translation. 2014-06-24 19:40:31 +02:00
Bernhard Miklautz
3983c648b4 Merge pull request #1925 from mfleisz/andr_theme_fix
Changed android default theme to AppCompat.Light.DarkActionBar.
2014-06-24 12:55:55 +02:00
Martin Fleisz
f8148e712b Changed android default theme to AppCompat.Light.DarkActionBar.
Removed inverted text color from exit dialog.
2014-06-24 03:03:28 -07:00
Marc-André Moreau
c156006195 Merge branch 'master' of github.com:awakecoding/FreeRDP into egfx 2014-06-23 11:55:27 -04:00
Armin Novak
8fce7e4cea Capitalized disconnect string. 2014-06-23 16:24:39 +02:00
Armin Novak
e26c3f6bfc Removed menu option quit. 2014-06-23 16:20:28 +02:00
Armin Novak
1f92758f2b Removed disconnect menu option. 2014-06-23 16:18:03 +02:00
Armin Novak
0688d5fa16 Removed custom color settings for search bar to match theme. 2014-06-23 16:06:45 +02:00
Armin Novak
32b1caaf81 Added detection of hardware menu button to hide actionbar. 2014-06-23 15:20:01 +02:00
Armin Novak
56a7162a6d Using ANDROID_COMMAND variable now. 2014-06-23 13:50:21 +02:00
Armin Novak
cf1763d119 Added target to copy appcompat. 2014-06-23 13:29:38 +02:00
Armin Novak
c5f3171584 Now checking for android command in SDK subdirectory. 2014-06-23 13:27:39 +02:00
Armin Novak
71992acd56 Copying appcompat library to project now and configuring for build. 2014-06-23 12:58:59 +02:00
Armin Novak
65127a8c3e Added new files for project. 2014-06-23 12:58:24 +02:00
Armin Novak
041a9f2edb Fixed appcompat library setting. 2014-06-23 12:57:45 +02:00
Armin Novak
8289e973d0 Fixed compatibility theme. 2014-06-23 12:57:35 +02:00