Commit Graph

1060 Commits

Author SHA1 Message Date
Marc-André Moreau
94f828a873 libfreerdp-core: fix detection of TS Gateway transport disconnection 2015-01-14 15:39:35 -05:00
Marc-André Moreau
580de466fc Merge branch 'master' of github.com:FreeRDP/FreeRDP 2015-01-14 11:24:13 -05:00
Marc-André Moreau
620694c10a Merge pull request #2301 from akallabeth/disconnect_fix
Disconnect / Reconnect fix
2015-01-14 08:56:54 -05:00
Armin Novak
b3eafca85b Fixed return type for nego_transport_connect and nego_transport_disconnect. 2015-01-14 11:35:19 +01:00
Marc-André Moreau
f79deaff7b libfreerdp-core: partial OUT channel recycling support 2015-01-13 16:35:34 -05:00
Marc-André Moreau
43fe94d939 libfreerdp-core: fix identification of OUT R1/A2 RTS PDU 2015-01-13 15:01:07 -05:00
Marc-André Moreau
fc38dcc775 libfreerdp-core: gateway cleanup 2015-01-13 13:50:46 -05:00
Martin Haimberger
bba342a6be added set_error_info function
if an error_info is set, a TS_SET_ERROR_INFO_PDU
will be sent to the client on disconnect with
the error_info
2015-01-13 08:09:36 -08:00
Armin Novak
b5281b7877 Fixed broken state reset, now gateway works again. 2015-01-13 16:35:06 +01:00
Armin Novak
5f2105b930 Added prototype for freerdp_client_disconnect. 2015-01-13 12:44:16 +01:00
Armin Novak
524e4635fd Fixed typos.
gdi_free now done on disconnect.
2015-01-13 12:00:51 +01:00
Armin Novak
600074373c Fixed rdp_reset. 2015-01-12 13:47:04 +01:00
Armin Novak
e3df1d3d5b Fixed freerdp_disconnect and freerdp_reconnect. 2015-01-12 13:44:34 +01:00
Armin Novak
e0139fc4d8 Added nego_disconnect. 2015-01-12 13:44:04 +01:00
Armin Novak
8a1f9c321c Added nego_disconnect function. 2015-01-12 13:43:29 +01:00
Armin Novak
9274de4921 Fixed rdp_client_disconnect and rdp_reset. 2015-01-12 13:36:38 +01:00
Armin Novak
5d3091bd1c Fixed transport cleanup on disconnect. 2015-01-12 13:32:59 +01:00
Norbert Federa
765b25933e license: fix for corrupted licensing packets
Since commit a228952 FreeRDP generates corrupt licensing packets if the rdp
security layer is used and the peer did not indicate that it is capable of
processing encrypted licensing packets:
That commit changed rdp->sec_flags after the rdp stream was already initialized
with encryption enabled which placed the PDU payload at an incorrect offset.

Instead of directly modifying the rdp->sec_flags this patch temporarily
disables rdp->do_crypt during rdp stream initialization if the client has not
advertised support for encrypted licensing packets.
2015-01-12 11:31:18 +01:00
Marc-André Moreau
51554ff16c channels: patch rdpdr/smartcard valgrind leaks, fix hang on disconnect 2014-12-28 14:56:13 -05:00
Marc-André Moreau
b552aa9363 libfreerdp-core: add support for multiple redirection target addresses 2014-12-27 18:53:27 -05:00
Marc-André Moreau
772a0aaf0c libfreerdp-core: fix TCP connection timeout (non-Windows) 2014-12-27 16:48:32 -05:00
Marc-André Moreau
27a8e50e60 channels: fix drdynvc, patch memory leaks 2014-12-27 15:20:29 -05:00
Marc-André Moreau
6c2ebb2b58 channels: redirection valgrind fixes 2014-12-27 13:50:50 -05:00
Marc-André Moreau
9dd77ae14a libfreerdp-core: add usage of TargetNetAddresses in ip-based redirection when hostname resolution fails 2014-12-26 13:49:25 -05:00
Marc-André Moreau
d5edfa4721 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-12-21 14:22:09 -05:00
Vic Lee
7449abefb1 libfreerdp-core: server synchronized access to dvc channel seq. 2014-12-19 12:31:36 +08:00
Bernhard Miklautz
78d68598ed core: fix problem with data for unknown channel
Some buggy server(s) send data for channels that weren't announced or
negotiated. When processing this data FreeRDP had a problem and always
used the last channel in the channels list even if it wasn't responsible
for the data. Depending on how the channel handled the data this could
lead to different kind of problems and also segmentation faults.

Now data for unknown channels is ignored and not processed further.
2014-12-16 16:27:55 +01:00
Marc-André Moreau
736bcf2bd6 libfreerdp-core: fix async input mode for FocusInEvent, KeyboardPauseEvent 2014-12-15 11:35:35 -05:00
Marc-André Moreau
9b28562cc1 libfreerdp-core: fix faulty rdpTransport server-side initialization 2014-12-15 10:23:06 -05:00
Marc-André Moreau
e2f377ae11 libfreerdp-core: fix TSG thread shutdown and input freeze problem 2014-12-15 09:42:04 -05:00
Marc-André Moreau
74bef0edca Merge pull request #2275 from awakecoding/master
TS Gateway Fixes
2014-12-12 09:33:52 -05:00
Marc-André Moreau
aa23c4eaaa libfreerdp-core: fix random TS Gateway disconnects with async modes 2014-12-12 09:08:39 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
cc2321d359 libfreerdp-core: fix leak and use after free in tsg ListDictionary usage 2014-12-11 17:08:22 -05:00
Marc-André Moreau
d8e10ac04a freerdp: patch leaks reported by valgrind when using TS Gateway 2014-12-11 11:25:34 -05:00
Bernhard Miklautz
7b413fb951 nego: print message when bypassing gateway
When "detect" is used as gateway usage method (which is the default)
it is tried to by-pass gateway connection for local hosts.
The detection might take some time therefore print a message that people
are aware that a detection is tried.

Fixes #2171
2014-12-08 19:00:05 +01:00
Norbert Federa
3baaa9a523 Merge pull request #2256 from llyzs/llyzs
libfreerdp-core: enable ipv6 listener.
2014-12-05 16:06:23 +01:00
Vic Lee
bcee2ec3cd libfreerdp-core: enable ipv6 listener. 2014-12-05 10:06:35 +08:00
Marc-André Moreau
fdd2dc7601 freerdp: patch valgrind leaks, cleanup 2014-12-03 14:17:27 -05:00
Marc-André Moreau
01ac15a879 libfreerdp-core: fix crash on failed redirect 2014-12-03 11:48:27 -05:00
Marc-André Moreau
6ccce86140 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	winpr/libwinpr/thread/thread.c
2014-12-03 10:10:50 -05:00
Marc-André Moreau
c17a831367 Merge pull request #2240 from nfedera/fix-2014-12-01-01
xfreerdp: pinch/pan fixes and smart-sizing
2014-12-02 14:04:49 -05:00
Norbert Federa
25f66d2e6d xfreerdp: added smart sizing, mt gesture fixes
- removed setting ScalingFactor
- added settings SmartSizingWidth and SmartSizingHeight
- changed option /smart-sizing to optionally support <width>x<height>
- consolidated transformation of input event coordinates
- rdp8 gfx ignored scaling and panning offsets: fixed
- never resize window on panning/pinching
- simplified keyboard multitouch gesture debugging emulation
- disabled keyboard multitouch gesture emulation debug code via define
2014-12-01 11:56:44 +01:00
Bernhard Miklautz
e139bd0fb8 core client side: set flag to crypt license
Client side code always tells the server that it is capable of processing
encrypted licensing packages (SEC_LICENSE_ENCRYPT_SC) but didn't set
the recently added flag to indicate that.

Fixes #2196
2014-12-01 11:12:34 +01:00
Mario Lombardo
3c634f91db Rename tcp-functions as they are conflicting with qemu functions 2014-11-29 21:14:39 +01:00
Marc-André Moreau
a323a0823d Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-11-28 11:23:53 -05:00
Bernhard Miklautz
daa3e7c7f8 tsg: fix possible free of initialized memory 2014-11-27 15:08:07 +01:00
Bernhard Miklautz
5066a5e455 tsg: rpc_send_enqueue_pdu always free buffer
rpc_send_enqueue_pdu returns -1 on error but the type of error isn't
distinguishable. Therefore make sure that the buffer gets always freed.
The only exception to this is when the pdu was already queued. Then the
dequeuing function should take care of freeing the buffer when
processing the pdu.
2014-11-27 14:39:47 +01:00
Bernhard Miklautz
96ae2df5a4 tsg: unwind recursion in tsg_read 2014-11-26 19:46:32 +01:00
Bernhard Miklautz
c0525574c8 transport: handle all return values of tsg_read
tsg_read can also return 0 which means that no data (complete PDU) is
currently available. This case wasn't handled properly.

Fixes #2056
2014-11-26 19:46:32 +01:00