Commit Graph

128 Commits

Author SHA1 Message Date
Armin Novak
2208a84cd4 Moved assistance to winpr crypto. 2016-03-07 11:51:13 +01:00
Armin Novak
dccf40c2bc Fixed duplicate loading of smartcard and printers. 2016-02-26 15:21:11 +01:00
Armin Novak
fe8f5dee82 Fixed indentation. 2016-02-26 09:32:17 +01:00
Armin Novak
f997421098 Unified hmac functions. 2016-02-24 21:50:08 +01:00
Armin Novak
4ca6b9bf10 Unified random functions and remaining MD5. 2016-02-24 20:41:01 +01:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-21 11:27:06 +01:00
Armin Novak
74c15a6309 Fixed freerdp_assistance_file_new argument declaration 2015-12-14 14:18:50 +01:00
Bernhard Miklautz
d73c4898c1 Add build-config.h
build-config.h should contain configure/compile time settings that are
relevant for projects that use FreeRDP.

For example the compiled in plugin search paths.
2015-11-09 15:54:22 +01:00
Armin Novak
a8cd9e0138 Fixed resource leak. 2015-08-28 10:53:43 +02:00
Armin Novak
80ba4643dc Fixed cleanup of resources, only in error case now. 2015-06-24 14:59:59 +02:00
Armin Novak
c78b6f38ab Fixed cleanup of MachineAddresses and MachinePorts. 2015-06-24 12:14:06 +02:00
Armin Novak
4c9ee07eb6 Fixed sizeof misuse. 2015-06-24 10:02:30 +02:00
Armin Novak
6698e24228 Fixed leaks, NULL dereferences and broken init. 2015-06-23 21:29:21 +02:00
Bernhard Miklautz
06502e6a91 misc: integrate pull request feedback 2015-06-22 19:24:30 +02:00
Bernhard Miklautz
1b8dd139a9 cmd line: add missing checks
* strdup
* some allocs
2015-06-22 19:23:57 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
David FORT
a9709a62cc Check some return values 2015-05-29 14:24:14 +02:00
Marc-André Moreau
35e26020aa freerdp: patch multiple leaks and OOM errors 2015-05-22 14:14:57 -04:00
Marc-André Moreau
29d14773c8 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	client/Windows/wf_client.c
	libfreerdp/common/assistance.c
2015-05-20 10:12:24 -04:00
Norbert Federa
1eff1a345e free can handle NULL perfectly fine 2015-05-11 09:07:39 +02:00
Marc-André Moreau
87bb3aa6e0 wfreerdp: fix build 2015-05-07 13:35:39 -04:00
Marc-André Moreau
6b1fefea40 freerdp: fix remote assistance mode, add multi-address connection 2015-05-06 16:32:45 -04:00
Marc-André Moreau
6202f48c12 libfreerdp-core: add configurable TSG/RGB fallback, fix edge cases 2015-03-19 11:44:47 -04:00
Armin Novak
2b7a8d324c Fixed mixed declaration of code and variables. 2015-03-13 12:17:22 +01:00
Marc-André Moreau
5ab34dfa3e Merge pull request #2456 from zhangzl2013/fix-realloc
Fix incorrect usage of realloc
2015-03-12 07:33:27 -04:00
Zhang Zhaolong
a52e7f012d settings: fix incorrect usage of realloc.
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
2015-03-11 13:52:24 +08:00
Bernhard Miklautz
e9985c2093 settings: handle collection_add in detection case
Command line detection is run with dummy settings where not everything
is allocated. Collections (device, dynamic channel and static
channel) didn't handle this case properly.
2015-03-10 13:10:39 +01:00
Marc-André Moreau
3258c887a4 libfreerdp-core: add channel reconnect 2015-02-06 17:35:14 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Norbert Federa
25f66d2e6d xfreerdp: added smart sizing, mt gesture fixes
- removed setting ScalingFactor
- added settings SmartSizingWidth and SmartSizingHeight
- changed option /smart-sizing to optionally support <width>x<height>
- consolidated transformation of input event coordinates
- rdp8 gfx ignored scaling and panning offsets: fixed
- never resize window on panning/pinching
- simplified keyboard multitouch gesture debugging emulation
- disabled keyboard multitouch gesture emulation debug code via define
2014-12-01 11:56:44 +01:00
Armin Novak
deef61dfd0 Fixed memory leak. 2014-11-17 01:16:56 +01:00
Armin Novak
28a8a6fa7e Fixed memory leak. 2014-11-17 01:04:29 +01:00
Armin Novak
e52fdc805a Fixed API nonnull warning. 2014-11-16 23:56:51 +01:00
Armin Novak
e8c7d97c9d Fixed memory leaks. 2014-11-16 22:58:36 +01:00
Martin Fleisz
0be28ba0f6 Merge pull request #1965 from akallabeth/dynamic-addin-naming
Dynamic channel library naming
2014-10-31 13:42:16 +01:00
Marc-André Moreau
c4ad706c34 libfreerdp-core: improve bitmap codec negotiation 2014-09-21 15:40:27 -04:00
Armin Novak
f31eb52e46 Adding prefix in libfreerdp addin.c too. 2014-09-17 11:44:15 +02:00
Armin Novak
2f519d7f16 Replaced logging in libfreerdp with wlog defines. 2014-09-15 08:48:46 +02:00
Bernhard Miklautz
0313ca3622 libfreerdp: always build "MONOLITHIC"
"libfreerdp" consisted of multiple (small) single libraries. If the cmake
option MONOLITHIC was used only one library was build combining all of
the libfreerdp-* libraries.
The only exceptions to this are libfreerdp-server and libfreerdp-client these
are build as separate libraries.

This commit obsoltes non-monolithic builds and makes monolithic builds
the default. The cmake option MONOLITHIC is also removed.
2014-09-12 00:19:53 +02:00
Marc-André Moreau
158f9856ba shadow: start RDP client backend for WDS 2014-08-14 18:41:22 -04:00
Marc-André Moreau
86a68f0c0f shadow: start Windows Desktop Sharing API support 2014-08-13 17:48:57 -04:00
Marc-André Moreau
e4a4aa4d3a Merge branch 'master' of github.com:awakecoding/FreeRDP into shadow
Conflicts:
	channels/encomsp/client/encomsp_main.c
	libfreerdp/core/tcp.c
	libfreerdp/crypto/certificate.c
	server/Windows/CMakeLists.txt
	server/X11/xf_cursor.c
	server/X11/xf_input.c
	server/X11/xf_interface.c
	server/X11/xf_monitors.c
	server/X11/xf_peer.c
2014-08-11 19:22:33 -04:00
Marc-André Moreau
7171a0b5c1 libfreerdp-core: fix reconnection using client random 2014-08-11 11:23:23 -04:00
Marc-André Moreau
cff9c16c1e Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	channels/disp/client/disp_main.c
2014-08-11 10:36:07 -04:00
Armin Novak
f4c133eaf8 Replaced custom logging mechanism with WLog wrapper. 2014-08-07 16:51:24 +02:00
Marc-André Moreau
3895c930a3 Merge branch 'master' of github.com:awakecoding/FreeRDP into shadow 2014-08-05 09:56:12 -04:00
Marc-André Moreau
85b1d6c167 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	libfreerdp/codec/h264.c
2014-08-05 09:55:54 -04:00
Bernhard Miklautz
b8415af0d8 Fix compiler warnings.
This commit is based on pull request #1493
2014-07-29 05:22:29 +02:00
Benoit LeBlanc
653d52bff3 Merge branch 'master' of git://github.com/awakecoding/FreeRDP 2014-07-18 12:02:52 -04:00