Commit Graph

3327 Commits

Author SHA1 Message Date
Marc-André Moreau
3a8dce07ea expose last NLA/CredSSP SSPI error code (freerdp_get_nla_sspi_error) 2023-02-24 13:19:19 -05:00
Armin Novak
f357312584 [utils] term signal cleanup handlers
add functions to register/unregister termination cleanup handlers
2023-02-23 20:28:15 +01:00
Martin Fleisz
2fa12ad794 gateway: Fix broken #ifdef/#else/#endif 2023-02-23 17:27:22 +01:00
Martin Fleisz
892e58d969 core: Update smartcard settings on all platforms
Currently smartcard settings were only updated in the WIN32 code path.
This must be done on all platforms to have the correct settings (i.e.
pkinitArgs) correctly applied.
2023-02-23 14:25:44 +01:00
Martin Fleisz
09b2096cf2 core: Add CAPI support for enumerating smart card key containers
Windows seems to favor using the legacy Crypto API (CAPI) for
enumerating RSA key containers and only relies on the newer CNG APIs for
ECC keys.

This PR adds support for CAPI key container enumeration on Windows.

The PR also fixes an issue where the CSP was always set to the MS Base
Smart Card Provider during NLA authentication.
2023-02-22 17:10:47 +01:00
Martin Fleisz
6f639686cf core: Allow change to smart card logon in Authentication callbacks
This PR adds a few changes so that a client is able to change the
authentication/logon type in the Authentication callback. I.e. if the
client was started without user/domain the authentication callback is
now able to activate smart card logon by setting the SmartcardLogon
setting along with csp/container/reader name.
2023-02-22 11:45:32 +01:00
Armin Novak
b4330cfccb [core,settings] use conservative multitransport flags 2023-02-21 16:42:54 +01:00
Joan Torres
e5d9a41778 [core,gcc] Fix applying RedirectionVersionMask
The RedirectionVersionMask is 0x3c i.e. 00111100.
So the left shift operation to set RedirectionVersion is of 2 places.
2023-02-21 16:18:04 +01:00
akallabeth
ab5be61e89 [client,common] working REDIRECTION_VERSION6
* REDIRECTION_VERSION6 requires enabled multitransport, enable it
* Add a fallback if multitransport was disabled
2023-02-20 16:04:04 +01:00
akallabeth
8205bc5f6b [core,peer] add RSA certificate check 2023-02-16 10:06:17 +01:00
akallabeth
895ae8b137 [core] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
akallabeth
2d94ff3f9e [settings] remove obsolete keys
* CertificateFile and CertificateContent are no longer used
* PrivateKeyFile and PrivateKeyContent are no longer used
2023-02-16 10:06:17 +01:00
akallabeth
a7dc9eb82c [tests] explicitly deactivate client callbacks for test 2023-02-15 13:34:18 +01:00
Armin Novak
25023d3a3a [client,scard] fix missing callback instance arg
every callback requires context, add freerdp* instance just as the
Authenticate et al callbacks already have
2023-02-15 13:34:18 +01:00
akallabeth
34bc5e15f5 [core,gateway] fixed missing/wrong return 2023-02-14 08:43:23 +01:00
Martin Fleisz
1f903f80a5 core: Add possibility to distinguish between auth cancelled and no creds
Currently if the authentication callback returns `FALSE` the utils
function handle this as scenario as no credentials provided (returns
`AUTH_NO_CREDENTIALS)`.

This PR introduces a new `auth_status` called `AUTH_CANCELLED` that is
returned if the authentication callback returns `FALSE`. If the callback
returns `TRUE` and username or password are empty the util function will
continue to return `AUTH_NO_CREDENTIALS`.

THe PR also fixes some incorrect returns in RPC over HTTP gateway code.
2023-02-14 08:43:23 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
87b30958a6 [cyrpto] unify PEM read/write
use crypto_read_pem and crypto_write_pem in all places required
2023-02-12 20:17:11 +01:00
akallabeth
ac037327d5 [core,redirection] fix Wshadow 2023-02-12 20:17:11 +01:00
akallabeth
94b2f551b3 [core] update to new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
b5d1ea7138 [core,license] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
4499a55f43 [core,smartcardlogon] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
Martin Fleisz
35c24f208b core: Fix invalid string length 2023-02-09 12:49:47 +01:00
Martin Fleisz
4b9fb8fff9 proxy: Fix NLA to TLS fallback connection
Currently the proxy's TLS fallback if an NLA connection attempt failed
is broken. There are two issues with the current code that this PR
fixes:

- freerdp_reconnect is used which requires an already established
  connection to work correctly. This is not the case since the NLA
  connectin attempt failed. This resulted in a seemingly working TLS
  connection but i.e. channels where missing/not working.
- The fallback connection attempt just altered the NLA security setting
  in the instance's settings. However these settings have been already
  modified by the NLA connection attempt so we need to create a copy of
  the original connection settings before doing the first connect.

The PR also introduces freerdp_reset_context which restores the initial
connection settings for the given instance.
2023-02-09 12:49:47 +01:00
Armin Novak
a7c0a8c5f1 [autodetect] expose AUTODETECT_STATE 2023-02-09 12:34:27 +01:00
akallabeth
db98f16e5b [core,fastpath] fix too verbose log
for fastpath_recv_update_synchronize only skip the available bytes as
older servers tend to send short packets. This avoids (too) verbose
logging.
2023-02-07 13:36:03 +01:00
akallabeth
2eda0aa2ea [core,settings] remove unused setting 2023-02-03 11:24:32 +01:00
akallabeth
d96860780f Fixed compiler warnings 2023-02-03 11:09:59 +01:00
akallabeth
51e71b3c48 Fixed compiler warnings 2023-02-03 11:09:59 +01:00
akallabeth
00f2679eda [core,security] refactor functions to check lengths 2023-02-03 11:09:59 +01:00
akallabeth
7c1007b1b6 [core,crypto] removed rsa functions from public API
should only be used internally
2023-02-03 11:09:59 +01:00
akallabeth
da5080e557 [core] refactor rdp encryption lock 2023-02-03 11:09:59 +01:00
akallabeth
a082f2b78a [core] improve logging 2023-02-03 11:09:59 +01:00
akallabeth
5f8cc02cf3 [core,license] update length
In license_read_encrypted_premaster_secret_blob the length argument was
not set, fix that
2023-02-03 11:09:59 +01:00
akallabeth
936e239acb [core,license] replaced HWID_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
4b0fcb3dac [core,licensing] replaced WINPR_MD5_DIGEST_LENGTH with sizeof() 2023-02-03 11:09:59 +01:00
akallabeth
3c242bbe6a [core,license] replaced MAC_SALT_KEY_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
0f3d72e724 [core,license] replaced SESSION_KEY_BLOB_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
a738f0ec91 [core,license] replaced PREMASTER_SECRET_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
0c5afb923f [core,license] replaced MASTER_SECRET_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
cf539f33db [core,license] replaced SERVER_RANDOM_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
31695c94a1 [client random] refactor use
* use sizeof() instead of define length
* use settings getter/setter
2023-02-03 11:09:59 +01:00
akallabeth
54e5ff1e75 [core,gcc] fix server random length 2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
akallabeth
2af9758173 [core,license] use rdpCertInfo
Use the struct rdpCertInfo for certificate related data instead of
declaring separate variables
2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3 [core] refactor certificate handling
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
  components
* Move all private key and certificate code to certificate.c,
  remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
  to write the certificate data
* Refactor security_establish_keys, use the random values stored in
  settings directly
2023-02-03 11:09:59 +01:00
Armin Novak
cd48e17740 [gateway,settings] add GatewayAutoConsent option
with this option the client automatically accepts consent messages of
the gateway server.
2023-02-03 11:08:46 +01:00
Armin Novak
05c8a96fff [core,tcp] fix transport_bio_buffered_write
If the return value is <= 0 do not increment the buffer data.
2023-02-02 08:12:39 +01:00
Armin Novak
0c496681f5 [core,settings] fix use of FreeRDP_TargetNetPorts 2023-02-01 09:51:54 +01:00
akallabeth
818267bc80 [core] fixed missing BYTE to WCHAR casts 2023-02-01 09:51:54 +01:00
akallabeth
da42a2141e [core,settings] update getter/setter generation
fix issues with const and non const string pointer update
2023-02-01 09:51:54 +01:00
akallabeth
3f80e6a5ba [core,info] consume unsued byte of stream
The TPKT header length does not match the [MS-RDPBCGR] 2.2.1.11.1.1
Info Packet (TS_INFO_PACKET) and 2.2.1.11.1.1.1 Extended Info Packet
(TS_EXTENDED_INFO_PACKET) length. print a warning and consume the rest
of the data.
2023-01-27 16:01:33 +01:00
akallabeth
76525c2658 [core,peer] removed duplicate checks and logs 2023-01-27 16:01:33 +01:00
akallabeth
644870934e [core,server] do not rely on EarlyCapabilitiesFlags
Check settings that have been agreed upon by client and server and do
not directly use the flags.
2023-01-27 16:01:33 +01:00
akallabeth
56a01603bb [core,info] do not rely on EarlyCapabilitiesFlags
now rdp_write_extended_info_packet only adds the
cbDynamicDSTTimeZoneKeyName, dynamicDSTTimeZoneKeyName and
dynamicDaylightTimeDisabled fields if both, client and server support
the dynamic timezone settings.
2023-01-27 16:01:33 +01:00
akallabeth
1a87ba8fc2 [core,server] add state STATE_RUN_QUIT_SESSION
If a session is terminated indicate this by STATE_RUN_QUIT_SESSION
instead of setting STATE_RUN_FAILED which would imply some failure
2023-01-27 11:05:12 +01:00
akallabeth
b03f9cc8b8 [core,mcs] added return checks
Fix missing checks in mcs_send_disconnect_provider_ultimatum
2023-01-27 11:05:12 +01:00
akallabeth
22f3bf6f78 [core,nla] initialize stack variables 2023-01-27 10:07:01 +01:00
akallabeth
f5d759c979 [core,nla] unify SecBuffer to ASN1 string
use a helper function to convert the buffer to a ASN1 string
2023-01-27 10:07:01 +01:00
akallabeth
c604801a67 [core,nla] simplify server side authentication
* Single point fo function return
* Clear all buffers after authentication
2023-01-27 10:07:01 +01:00
akallabeth
ca3cd8b7ec [core,nla] fix a memory leak in server nla
Clear destination SecBuffer before calling credssp_auth_decrypt or
credssp_auth_encrypt
2023-01-27 10:07:01 +01:00
akallabeth
aeef6045b7 [core,credssp] initialize stack variables 2023-01-27 10:07:01 +01:00
akallabeth
f355c9addd [core,capability] Fix reallocation of ReceivedCapabilityData
if the size is 0 do not abort but continue.
2023-01-27 10:07:01 +01:00
akallabeth
7afab06e4e [fastpath] fix write PDU header functions
* Proper capacity checks with logging
* Fix return codes
* Remove unused fields from public structs
2023-01-27 10:07:01 +01:00
akallabeth
04ede67940 [core,fastpath] unify fastpath stream decryption 2023-01-27 10:07:01 +01:00
Armin Novak
ee6de6d293 [core] fix rdp encrypted autodetect messages 2023-01-27 10:07:01 +01:00
Armin Novak
bea41877ba [core] add logging
* Log rdp_write_security_header flags
* Log rpd_read_security_header flags
2023-01-27 10:07:01 +01:00
akallabeth
ee07a13130 [cleanup] fix compiler warnings 2023-01-26 09:30:17 +01:00
Armin Novak
70f6c09ff4 [core] fix persistent bitmap cache setting
* Only activate if both, client and server support the capability
* Use settings getter to access setting
2023-01-26 09:30:17 +01:00
Armin Novak
1dc2225bd2 [winpr,wlog] include function name in log message
default to print the function the log message was called from
2023-01-25 16:26:39 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
akallabeth
075506f6c8 [winpr,stream] use new Stream_CheckAndLogRequiredLength* 2023-01-25 14:27:32 +01:00
akallabeth
74530a7931 [format strings] ensure __LINE__ is of type size_t
__LINE__ is not particularily well defined (most fall back to int).
We want to ensure that all the uses in a format string match the format
specifier, so do an explicit cast
2023-01-25 14:27:32 +01:00
akallabeth
686c26794b [gateway,rdg] improve websocket error log message 2023-01-25 14:27:32 +01:00
akallabeth
8ed37e68d2 [stream] use logging capacity checks 2023-01-25 14:27:32 +01:00
Armin Novak
d639702bed [core] check return of rdp_write_header 2023-01-25 09:37:40 +01:00
Armin Novak
a111a19c58 [core] check return of rdp_write_security_header 2023-01-25 09:37:40 +01:00
Armin Novak
2fc24420d1 [core] fix server side skip channel join
move to state CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT instead of
CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE
2023-01-25 09:37:40 +01:00
akallabeth
d65b73ae9f [core,license] fixed string conversion 2023-01-25 09:37:40 +01:00
akallabeth
e56cf03a79 [core,server] fixed peer multimonitor handling
if there is no RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU announced and we did
not handle the data received rerun in active state.
2023-01-25 09:37:40 +01:00
akallabeth
65a5a7a065 [core,certificate] initialize stack variables 2023-01-24 10:16:55 +01:00
akallabeth
b69c00c448 [core,certificate] const correct write function 2023-01-24 10:16:55 +01:00
akallabeth
033ffff428 [core] initialize stack variables, improve logging 2023-01-24 10:16:55 +01:00
akallabeth
f2b934866a [core,connection] code cleanups 2023-01-24 10:16:55 +01:00
Armin Novak
9ab5bde349 [core,nego] use settings getter/setter 2023-01-24 10:16:55 +01:00
Armin Novak
e0a14edfbb [core,crypto] log more parsing failures 2023-01-24 10:16:55 +01:00
Armin Novak
d4d2b4403c [core] Improve redirection logging 2023-01-23 11:37:44 +01:00
Armin Novak
e66f2f8c75 [core] improve redirection logging 2023-01-23 11:37:44 +01:00
Armin Novak
d8a6166e67 [core] improve rdp_security_flag_string 2023-01-23 11:37:44 +01:00
Armin Novak
073aefd766 [core] set TS_UD_CS_CLUSTER::Flags to REDIRECTION_VERSION5
REDIRECTION_VERSION6 breaks redirection for currently unknown reasons.
Revert to the last known good version until we receive an update on
documentation for the redirection handling
2023-01-23 09:17:01 +01:00
Armin Novak
5be9cf90df [core] fix ClusterInfoFlags generation, added logging 2023-01-23 09:17:01 +01:00
akallabeth
23281121bf [core] implement skip channel join 2023-01-20 11:19:18 +01:00
akallabeth
60424ef76f [core] fixed client/server early capapbility flags 2023-01-20 10:57:30 +01:00
akallabeth
2fc5eaeb80 [core] implemented CS_CORE::EarlyCapabilityFlags filter
* Added missing definitions for RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN
  and RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED flags
* Updated stringification functions for these flags
* Implemented client and server EarlyCapabilityFlags filter for
  these flags as FreeRDP currently does not implement them.
2023-01-20 10:57:30 +01:00
Martin Fleisz
9c6a0eeeb1 core: Fix handling of RAIL HandshakeEx flag
When using Enhanced RAIL the HandshakeEx flag must also be set. However
in the current code it was always overwritten by the server flags (which
might lack the flag).
2023-01-20 10:37:56 +01:00
Armin Novak
2088fb045b [core,redirection] fix string read, cleanup logs 2023-01-18 09:55:06 +01:00
Armin Novak
7a4f5858ea [settings] announce REDIRECTION_VERSION6 2023-01-18 09:55:06 +01:00
Armin Novak
fd4ddcb640 [core] const correct certificate_clone 2023-01-18 09:55:06 +01:00
Armin Novak
78b8df86bc [core] unify settings copy set/reset 2023-01-18 09:55:06 +01:00
Armin Novak
6ff458bb34 [core] Make remote rdpSettings* context wide
The settings struct containing the data sent by the remote is now
context wide. This way it is always possible to retrieve the data.
2023-01-18 09:55:06 +01:00
Joan Torres
e365ab443c [core,redirection] fix length field of Server Redirection Packet
The length had more bytes than the RDP_SERVER_REDIRECTION_PACKET
structure because it was counting bytes before the struct.

Using a start variable from the beginnig of sending the structure fixes
it.
2023-01-17 18:48:43 +01:00
akallabeth
9b675bd400 [core,redirection] fix target netaddresses length
include the TargetNetAddressesCount field in length
2023-01-17 12:25:31 +01:00
akallabeth
ded101119f [gateway] fix leak in rdg_send_channel_create 2023-01-17 12:25:31 +01:00
akallabeth
5104df2e22 [core,server] use redirection functions
* Modify callback to take a rdpRedirection* structure
* Use send function from redirection.c
2023-01-17 12:25:31 +01:00
akallabeth
a2c7aa8de1 [core] restructure redirection
* Expose redirection functions via public API
* Add getter/setter for public API
2023-01-17 12:25:31 +01:00
akallabeth
73105d972f [core] fix client side redirection handling
* Read previously ignored fields RedirectionGuid and TargetCertificate
* Check password requirements according to LB_PASSWORD_IS_PK_ENCRYPTED
2023-01-17 12:25:31 +01:00
akallabeth
05dab47cbd [core,settings] add missing redirection options
* RedirectionGuid
* TargetCertificate
2023-01-17 12:25:31 +01:00
Armin Novak
dd0d130f48 [crypto] make tls.h a private header
no need to uselessly export symbols that are not usable outside the
project
2023-01-14 08:50:26 +01:00
Rozhuk Ivan
a111b78530 [core] Rename TLS functions
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
2023-01-14 08:50:26 +01:00
akallabeth
275741cc75 [core,utils] add drdynvc stringification functions 2023-01-12 22:54:25 +01:00
akallabeth
82ba9ede9c [freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers 2023-01-10 17:38:00 +01:00
Armin Novak
b0c924a98e [core,cache] fixed default pointer and bitmap new
do not overwrite pointer or bitmap data in New callback
2023-01-10 17:38:00 +01:00
Pascal Nowack
8d02a07974 core/server: Ignore data PDUs for DVCs that were not opened successfully
When a FreeRDP-based server tried to open a DVC, but the client answered
the DVC create request with a negative CreationStatus in the DVC create
response PDU, the server can then assume that no actual PDUs can be
received for that channel.
However, as long as the channel handle exists, FreeRDP happily forwards
any potential PDU for that handle disregarding the CreationStatus.
This is problematic, since the channel handling usually runs in its own
thread and as a result, the channel may not be destructed yet, when
receiving such stray PDU.
The PDU may be processed, even though it is not expected to be.

A situation, where this becomes problematic is the AUDIO_PLAYBACK_DVC
channel.
It may be the case, that the client answered the DVC create request
with a negative result, the server may try to close the handle and open
the static channel (RDPSND) instead, but before the server can close the
channel handle, the client actually sends PDUs regarding the format
negotiation.
In this case, the server may unintentionally already set things up,
which was not desired (the DVC is about to be closed anyway).

While this specific situation is hypothetical, since it would depend on
a malicious client, it is still possible to happen, especially since the
server implementation does not invoke the format negotiation, but
FreeRDP does it automatically, as soon as the DVC create request is
sent.

Fix this issue by discarding any data PDUs (DYNVC_DATA_FIRST and
DYNVC_DATA) of channels, that were not opened successfully.
2022-12-31 10:14:17 +01:00
David Fort
9e3bc8e3af wtsapi: add new kind of query to retrieve the open status 2022-12-27 11:02:29 +01:00
David Fort
73495a1576 core: unify function behaviour of WTSVirtualChannelQuery
With all calls when WTSVirtualChannelQuery returns FALSE that means that
no ppBuffer was allocated, that was not the case with class=WTSVirtualChannelReady.
Most callers were not aware of that, leading to leaks for example when the channel is
not available client-side, the patch changes that so that you have to call call WTSFreeMemory
only if WTSVirtualChannelQuery returned TRUE.
2022-12-27 11:02:29 +01:00
David Fort
bee2873b52 core: in connection.c use constant instead of raw value 2022-12-23 08:42:45 +01:00
Armin Novak
c11f47db89 [server,shadow] do treat deactivate/reactivate
if a resolution change is required, run postconnect just as if it was
successful.
2022-12-22 15:09:03 +01:00
Armin Novak
0e25f99602 Revert "[server,shadow] rdp_server_reactivate do not wait"
This reverts commit 34f44ce4a1.
2022-12-22 15:09:03 +01:00
Armin Novak
34f44ce4a1 [server,shadow] rdp_server_reactivate do not wait
in rdp_server_reactivate do not wait for the server to change state, let
the peer state machine handle that.
2022-12-19 10:38:18 +01:00
akallabeth
59e644ea2e [core] add state_run_continue function
this function is a helper to evaluate a state_run_t for repeated state
transition
2022-12-18 15:14:30 +01:00
Armin Novak
a8d3693b27 [core,credssp] fix conversion from unicode
there was a mixup in the conversion and WCHAR was treated as utf8.
2022-12-15 14:57:29 +01:00
Martin Fleisz
103c0a983c core: Fix handling of alternate shell if set to an empty string
In case alternate shell was set to an empty string ("") the old code
would try to convert it to a WChar string. This resulted in a NULL
pointer being returned by `ConvertUtf8ToWCharAlloc` that was interpreted
as an error and the connection failed.
2022-12-15 11:56:05 +01:00
Armin Novak
74f273e593 [core,info] improve rdp_read_info_null_string
* Removed comments with invalid assumptions
* Added arguments to rdp_read_info_null_string to indicate if the string
  is expected to be '\0' terminated and what is actually read for error
  logs
2022-12-14 11:52:00 +01:00
Armin Novak
0a7d19ee7a [core,info] 0 check cbClientAddress and cbClientDir
if one of the above values is 0 do not add the size for the '\0'
2022-12-14 11:52:00 +01:00
Armin Novak
87ae9dec0d [core,info] ensure stream length
ensure the stream is large enough for all info packets
2022-12-14 11:52:00 +01:00
Armin Novak
8af5f15769 [core,info] enforce cbClientDir limits
the cbClientDir field limits defined in [MS-RDPBCGR] 2.2.1.11.1.1.1
Extended Info Packet (TS_EXTENDED_INFO_PACKET) are now properly enforced.
2022-12-14 10:30:36 +01:00
Armin Novak
0da0f5ca54 [core,info] enforce extended info limits
the cbClientAddress field limits defined in [MS-RDPBCGR]
2.2.1.11.1.1.1 Extended Info Packet (TS_EXTENDED_INFO_PACKET) are now
properly enforced.
2022-12-14 10:30:36 +01:00
David Fort
a1febe11f0 multi-transport: refactor multi-transport handling
Prepare the parts of the code that handle multi-transport to really establish
UDP connections and manage alternative transports.
2022-12-13 15:54:33 +01:00
David Fort
67e1c2dccd gcc: fix handling of multi-transport flags
Multi-transport flags must be merged between local and remote so that on both sides
we know the shared parameters. Also this patch sends multi-transport GCC block when
multi-transport is enabled.
2022-12-13 15:54:33 +01:00
Armin Novak
f5724c0c13 [core,input] Fixed API for KBD_FLAGS_DOWN use
KBD_FLAGS_DOWN indicates a key repeat, so it must be absent on first
keypress.
2022-12-13 14:37:05 +01:00
Armin Novak
b41ef0cda7 [core,client] fixed connection timeout abort
the abort condidion was not properly triggered.
2022-12-12 18:08:42 +01:00
akallabeth
37ab25e19d Fixed all Wdocumentation warnings 2022-12-12 14:24:55 +01:00
Armin Novak
8200536285 [core,gcc] use mcs_get_settings, make const correct
Use a common helper function to get (const correct) settings from rdpMcs
2022-12-12 13:33:47 +01:00
Armin Novak
917e392f1e [client] fix connection active checks
* use freerdp_is_active_state for session active checks
* fix state transitions
2022-12-12 12:59:32 +01:00
Armin Novak
a14c75a3a2 [core,client] handle optional monitor layout PDU
The monitor layout PDU is optional. If that was not received assume it
will not be sent and continue in next state.
2022-12-12 12:59:32 +01:00
akallabeth
d3e9210985 [core] added freerdp_is_active_state
Since client and server use different states to indicate the connection
is activated, add this convenience function to determine that
2022-12-12 12:59:32 +01:00
Armin Novak
c22d3736a3 [client] refactor client activation timeout
Move the code to a function to make it more readable
2022-12-12 12:59:32 +01:00
Armin Novak
5f81005ecb [transport] remove polling loop
We no longer have a blocking polling loop in transport. Instead assume
there is more data after a packet was processed and let the transport
try again. If there is another packet ready, this repeats until only a
partly received (or no new data available) situation is reached.
2022-12-12 12:59:32 +01:00
akallabeth
2809e14064 [core,connection] fix missing logger argument 2022-12-09 20:30:23 +01:00
akallabeth
7ab917dca8 Fixed Wsign-compare warnings 2022-12-09 15:58:26 +01:00
Armin Novak
bd7e2263ad fixed const and type cast warnings 2022-12-09 15:58:26 +01:00
akallabeth
0186a9b303 Fixed some warnings 2022-12-09 15:58:26 +01:00
akallabeth
7e1065a9b9 Fixed Wshadow warnings 2022-12-09 15:58:26 +01:00
akallabeth
3ddf99ad64 Fixed Wformat warnings 2022-12-09 15:58:26 +01:00
akallabeth
aaae70ff05 Fixed missing const casts 2022-12-09 15:58:26 +01:00
Armin Novak
53cb33be47 [core] Removed unused krb5 include 2022-12-09 12:36:12 +01:00
fifthdegree
ad87144ce5 Rename WITH_GSSAPI to WITH_KRB5
Change cmake variables to not be gssapi specific
2022-12-09 12:36:12 +01:00
akallabeth
cb5c98aab0 [core,client] Add PostFinalDisconnect callback
To have more fine granied control add a new callback.
Now you have the following callback pairs:
* PreConnect <--> PostFinalDisconnect
* PostConnect <--> PostDisconnect
2022-12-09 12:30:14 +01:00
akallabeth
895c22992c [core,client] fix channel error check
Do not only check for a channel error but also abort if one is detected.
2022-12-09 11:11:40 +01:00
Armin Novak
074f28073a [winpr,sspi] enable negotiate by default 2022-12-08 11:07:00 +01:00
akallabeth
860d002794 Fixed #8451: Disable chroma subsampling
[MS-RDPEGDI] 3.1.9.1.3 Chroma Subsampling and Super-Sampling is a
compression technique that blurs fonts. Disable this to have a cleaner
image for /bpp:32 connections
2022-12-07 14:48:54 +01:00
Armin Novak
a94ae65018 [core,info] fix rdp_write_extended_info_packet
DynamicDSTTimeZoneKeyName setting might be NULL, strnlen does not allow
NULL arguments.
2022-12-07 14:43:16 +01:00
Armin Novak
3e3ed445b4 [client,file] add rdgiskdcproxy to settings
Adds a new option FreeRDP_KerberosRdgIsKdc to manually set the KDC url
to the gateway server url
2022-12-06 14:07:53 +01:00
akallabeth
8d9faa761a [settings,caps] fix cursor chache and request size
* Set a reasonably large supported cursor cache size for clients
* Ensure the MaxRequestSize is large enough to hold a large pointer
  update
2022-12-06 09:08:12 +01:00
akallabeth
ca5684c968 [settings,caps] Removed ColorPointerFlag
* The setting is obsolete and can be replaced by a constant
* Only check the receive function for proper value and print a warning
2022-12-06 09:08:12 +01:00
akallabeth
6aa8253b6c [core,capabilities] Fix pointer cache size logic 2022-12-06 09:08:12 +01:00
akallabeth
f2545a2ad7 [core,capabilities] Always send PointerCacheSize
While the field is optional it can always be sent with a value of 0 to
have the same meaning as leaving it out.
2022-12-06 09:08:12 +01:00
akallabeth
6e82adea17 [cache,pointer] Fixed cache size checks
PointerCache and ColorPointerCache can be of different size
2022-12-06 09:08:12 +01:00
akallabeth
97fd183d39 [core,settings] Added ColorPointerCacheSize 2022-12-06 09:08:12 +01:00
Armin Novak
358ac53b66 [core,license] print a warning on invalid packet
* add stringify function for securityFlags
* print a error message on unexpected packet
2022-12-03 00:13:27 +01:00
Armin Novak
6f2250ff4a [core] improve finalize flag log messages 2022-12-02 15:08:34 +01:00
akallabeth
4033698266 [core,credssp] Add additional checks
* Better state checks
* Improved log messages
* Assertions for debug builds
2022-12-02 15:08:09 +01:00
akallabeth
c1a9c19308 [settings] Fixed UTF16 helpers
Do not copy the already allocated buffer
2022-12-02 15:08:09 +01:00
akarl10
0623101b6a [rdg] fix FAILED detection and PAA string length 2022-12-01 16:36:38 +01:00
Armin Novak
97322c32ad [gateway] include '\0' in paa cookie string 2022-12-01 14:42:59 +01:00
Sergey Bronnikov
2ad1469612 Add fuzzer for certificate_data_set_pem()
Part of #6682
2022-11-30 20:06:21 +01:00
Armin Novak
41066ff36a [core,cert] improve argument checks
* Add input argument checks for exposed functions
* Assert internal function arguments
2022-11-30 13:06:07 +01:00
Armin Novak
31827485a8 [core,update] do not require EndPaint callback
Some RDP servers start sending graphics updates too early for us to
process. This triggered a bug that at that point the EndPaint callback
is not available, as the connection is not fully established.
2022-11-30 11:44:15 +01:00
David Fort
d59c0a49c3 proxy: fix channel shift between front and back
When some channels are filtered, some misalignement of channel ids could happen.
This patch keeps track of the back and front channel ids to correctly identify a
channel and send packets with the correct channel id.
2022-11-30 11:38:08 +01:00
David Fort
9db032f326 rdp: notify the Activate state as soon as it happens
Without the patch, we parse more packets and the calling code doesn't have the
opportunity to invoke PostConnect callback (make the connection not work in the proxy)
2022-11-30 08:41:22 +01:00
Armin Novak
ff2509bbc4 [core,client] relax sc flags state checks 2022-11-29 22:29:29 +01:00
Armin Novak
43571a3e34 [core,client] Added logging for finalize flags
Log an error if expected finalize flags did not match what we got.
2022-11-29 22:29:29 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
2022-11-28 10:42:36 +01:00
akallabeth
1304af4748 [core,rdp] Refactor rdp security encryption
Unify rc4 encryption key handling, use common free and reset functions
2022-11-25 12:35:14 +01:00
akallabeth
c8956513d6 [core,rdp] Add a check for broken RDP security
RDP security is rarely used nowadays, but there have been reports about
situations where the encryption key is missing.
Add this check to properly terminate the connection in case of such an
unexpected event.
2022-11-25 12:35:14 +01:00
Armin Novak
c5e425242a [settings] Typo in GatewayHttpExtAuthSspiNtlm 2022-11-23 11:19:21 +01:00
Armin Novak
7b95014157 [winpr,crypto] Split crypto header renamed
* Renamed custom winpr crypto function header
* Added compatiblity header
2022-11-23 09:39:56 +01:00
akarl10
108e52192e [rdg] fix PAA Rdg-Auth-Scheme header 2022-11-22 15:58:33 +01:00
akallabeth
68bd3b63ae [server] Fix rdp_peer_handle_state_demand_active
* Return type is state_run_t
* Fix use, check for success
2022-11-22 15:30:31 +01:00
akallabeth
7faf13a811 [core,capabilities] fix pointer cache size read 2022-11-22 15:30:31 +01:00
akallabeth
94072dc64a [core,client] Fix transitions, improve logging 2022-11-22 15:30:31 +01:00
akallabeth
9a000632be Revert "Added license settings handling"
This reverts commit 58d7e1a2be.
2022-11-22 15:30:31 +01:00
akallabeth
4284d67088 [core,state] fix state transitions, added logging 2022-11-22 15:30:31 +01:00
akallabeth
9dcf2c7e39 [nla] Advance input stream position
In nla_decode_ts_request the input stream position was not advanced.
This lead to issues when testing proper input data processing in the
client receive state callback
2022-11-22 15:30:31 +01:00
Armin Novak
f5e4ca6f6a [core] Log data not processed in event loop 2022-11-22 15:30:31 +01:00
Armin Novak
ab5858376a [core] fixed CONNECTION_STATE_MCS_CREATE_REQUEST parsing 2022-11-22 15:30:31 +01:00
Armin Novak
d03f230426 [winpr,crypto] Split headers
Split windows API emulation from custom functions
Including both might yield issues with OpenSSL headers
2022-11-21 13:27:08 +01:00
Armin Novak
eb2782b3af [core,nego] Fixed a broken format string 2022-11-21 10:51:19 +01:00
Armin Novak
f81b3b05d2 Fixed -Wtautological-value-range-compare 2022-11-21 10:12:31 +01:00
Armin Novak
7c5652c15a Fixed -Wmissing-prototypes 2022-11-21 10:12:31 +01:00
Armin Novak
a40ade5abc Fixed -Wincompatible-pointer-types 2022-11-21 10:12:31 +01:00
Armin Novak
0a8eaf753e Fixed -Wunused-but-set-variable 2022-11-21 10:12:31 +01:00
Armin Novak
b56b09840a Fixed -Wshadow 2022-11-21 10:12:31 +01:00
Armin Novak
31c1700c0c Fixed -Wunused-variable 2022-11-21 10:12:31 +01:00
Armin Novak
dacebc62a3 Use Stream_CheckAndLogRequiredLength, fix WLog TAG
* Log stream length requirement violations
* Use proper defines for WLog tags
2022-11-21 09:57:27 +01:00
Martin Fleisz
eb7adaec46 core: Preserve user provided credentials when being redirected
This PR fixes an issue where user credentials were lost when connecting
to a farm that redirects the client.

During a redirect the connection settings were overriden by the settings
stored in `rdp->originalSettings`. However these settings miss any
credentials the user provides during the connection phase, thus causing
another authentication prompt to appear.
2022-11-18 14:01:13 +01:00
akarl10
b1583d56c0 [rdg] implementation of http_extauth_sspi_ntlm 2022-11-16 20:28:53 +01:00
Armin Novak
f42f8c32fd [core,test] Fix TestConnect use after free 2022-11-16 16:03:21 +01:00
Armin Novak
fd7a952e70 [core,transport] only return ioEvent if we use it
transport_get_event_handles only returns the ioEvent handle in its
list if transport_io_callback_set_event was called at least once.
2022-11-16 15:32:32 +01:00
akallabeth
d83f70bc32 [core,transport] event handle for transportIO
With the latest client changes the internal event loop requires a handle
to wait on. Add a new function to (re)set the newly added transport event handle.
2022-11-16 15:32:32 +01:00
akallabeth
4ccb38aa13 [core] Check return value of *_transition_to_state
The state transition might not be allowed, so abort if that fails.
2022-11-16 15:32:32 +01:00
David Fort
4461144031 autodetect: prepare for multi-transport
Autodetect packets can be transported either in TCP TPKT packets or be contained
in multi-transport subheaders (transported on UDP). These changes do the appropriate
modifications so that in further developments we can take the transport type in account
when treating / writing these packets.
2022-11-16 11:50:46 +01:00
Richard E. Silverman
2c39bb41a8 fix use of return code from list_provider_keys()
list_provider_keys() returns a Boolean, true == success. But
smartcard_hw_enumerateCerts() expects the return value on success to
be ERROR_SUCCESS == 0, and so inverts success/failure.
2022-11-16 11:50:15 +01:00
Armin Novak
4ddef3e141 [capabilities] properly set RemoteFxOnly
The check was inverted, setting the flag properly now
2022-11-16 11:02:10 +01:00
akallabeth
bc31bae2b5 [core] Unify RDP state machine
Up to this commit the client and server state machine handling used
different return values for state machine changes.
This is fixed with this commit:
* Use common enum return values
* Use common helper functions
2022-11-15 09:57:46 +01:00
akallabeth
8760cecbc7 [rdg] Unified rpcFallback resource cleanup
Since the cleanup routines are always the same unify these in
rdg_connect.
2022-11-14 09:47:13 +01:00
akarl10
355c7ec72a rdg: Fallback to rpc if http status is not sent
It seems MS RDG 2016+ does not send a http status code if
something with the request or configuration is not ok. It is worth
retrying with rpc in that case
2022-11-14 09:47:13 +01:00
akallabeth
4ef72bbe14 Cleanup of client RDP state machine
* Use enum for most common return types
* Add success/failed check functions
* Add a function creating a string from the return value
2022-11-11 11:51:27 +01:00
akallabeth
872f52c014 [core] properly pass redirection return code
If a redirection packet is receivet pass the appropriate return
code through the call stack to let the client take action
2022-11-11 11:51:27 +01:00
Armin Novak
98cf410144 Fixed missing state machine rerun trigger
When changing the peer state return 1 to indicate a rerun is
required.
2022-11-11 11:51:27 +01:00
Armin Novak
12f0e996c0 [server] Fix state transition return value
When transitioning from CONNECTION_STATE_FINALIZATION_FONT_LIST to
CONNECTION_STATE_ACTIVE we must return a value > 0 so that the
state machine can properly initialize the new state.
2022-11-11 11:51:27 +01:00
Armin Novak
367ecf3c0b Properly handle demand active state
The demand active state might be called when receiving data from the
client during initial connection phase or might be triggered server
side after sending a deactivate all pdu
2022-11-11 11:51:27 +01:00
Armin Novak
8210ee77db Fixed return of rdp_client_transition_to_state
Use BOOL to just indicate success/failure and actually check return
of functions called.
2022-11-11 11:51:27 +01:00
Armin Novak
71c3f8e4bb Removed blocking loop in rdp_recv_deactivate_all
The new state machine expects just a state change and will handle
the following transitions from there.
2022-11-11 11:51:27 +01:00
Armin Novak
ec019c8910 Fixed (TS_FONT_MAP_PDU)::mapFlags check 2022-11-11 11:51:27 +01:00
akallabeth
de8da433ec Unified client and server synchronize PDU checks 2022-11-11 11:51:27 +01:00
akallabeth
33827cb920 Updated RDP state machine
* More detailed states
* Better transition checks
* No more recursive calling of state machine functions
2022-11-11 11:51:27 +01:00
akallabeth
06c2ab76e0 Remove AwaitCapabilities 2022-11-11 11:51:27 +01:00
akallabeth
58d7e1a2be Added license settings handling 2022-11-11 11:51:27 +01:00
akallabeth
c36d738a36 [rail] Enable HiDefRemoteApp support 2022-11-11 06:42:45 +01:00
Martin Fleisz
ebc8cd1d4a core: Fix applying of pointer capabilities
Only apply the pointer cache size to the settings if we are in server
mode. This check got lost in a recent refactoring to caps parsing.
2022-11-07 13:02:39 +01:00
akarl
f40522e34f fix HTTP proxy CONNECT header
also replace ARRAYSIZE with strlen and use that instead of ugly things
like const char x[2] = "ok";
2022-11-05 09:01:17 +01:00
akallabeth
b8907711d9 Relaxed font map PDU parsing
Due to some old VBox sending invalid font map PDU do not abort
parsing if a short PDU is received. See #925 for details
2022-11-04 14:46:58 +01:00
akallabeth
dbbff452cd Added better logging for font map PDU
rdp_recv_font_map_pdu now logs some warnings if some expected values
are not found in the PDU
2022-11-04 14:46:58 +01:00
akallabeth
2ef506cff2 Better checks on activation received
Check for reactivation, remember resolution, ...
2022-11-04 14:46:58 +01:00
akallabeth
732a7979a3 Fix peer without valid socket, cleaned up initialization 2022-11-04 14:46:58 +01:00
akallabeth
9d2de14912 Added license settings handling 2022-11-04 14:46:58 +01:00
akallabeth
8d067b21e6 Improved protocol check for activation messages 2022-11-04 14:46:58 +01:00
akallabeth
21fd820edf Added handling of licensing packets 2022-11-04 14:46:58 +01:00
akallabeth
2dcffa62c5 Split freerdp_connect
* freerdp_connect_begin
2022-11-04 14:46:58 +01:00
akallabeth
498635a317 Added new functions to test validity of MCS
* freerdp_is_valid_mcs_create_request
* freerdp_is_valid_mcs_create_response
2022-11-04 14:46:58 +01:00
akallabeth
c0e3624a10 Code cleanups
prefer use of settings getter
2022-11-04 14:46:58 +01:00
akallabeth
01fba61670 Fixed rdp_apply_order_capability_set
Read value from correct settings struct
2022-11-04 14:46:58 +01:00
akallabeth
b9e701aa3d Added return value for rdp_write_header 2022-11-04 14:46:58 +01:00
akallabeth
6e682e204f Fixed return checks for tpdu_write_data 2022-11-04 14:46:58 +01:00
akallabeth
d15e80e266 Fixed return of tpkt_verify_header
Allow detection of an error (e.g. not enough data in stream)
2022-11-04 14:46:58 +01:00
akallabeth
92b40a1c1d Added fix for TestConnect
* copy test_icon.ppm to build directory
* Add client pre|post_connect and disconnect callbacks
2022-11-04 14:46:58 +01:00
akallabeth
2458a526b8 Fixed bug with SurfaceFrameMarker callback
if FreeRDP_DeactivateClientDecoding allow NULL callbacks
2022-11-04 14:46:58 +01:00
David Fort
ef1a3b0af6 client: improve connection time
The old code was looping with blindly checking for transport events, and then
sleep for 100 ms. It was doing that until the connection is established or
the timeout expired.
The new version polls the transport's events, potentially not having many 100 ms
waits.
2022-11-04 09:50:31 +01:00
Armin Novak
901753b527 [channel] Fixed broken length check
The length check for channel chunk data was wrong. Not only was it
checked twice, the second check expected the whole fragmented data
to be available.
2022-11-03 21:11:29 +01:00
akallabeth
7d67adbc54 Refactored licensing module
* Make the whole module opaque for easier testing
2022-11-03 17:02:47 +01:00
Armin Novak
d171f4a1d5 Added assertions in capability parser 2022-11-03 17:02:15 +01:00
akallabeth
3af13a0fb2 Add proper read/write for ordersupportflags et al
* Add new settings for OrderSupportFlags, OrderSupportFlagsEx,
  TerminalDescriptor and TextANSICodePage
* Add proper read/write routines for the new settings
* Add proper default values for the new settings
2022-11-03 17:02:15 +01:00
Armin Novak
7cef0cb8d6 Refactored capability parsing
* Add new settings for previously ignored capability options
* Store raw capability data in settings for later use
* Add function to extract settings from raw capability data
* Split capability read/write from client/server logic (e.g. enforce
  limits, ...)
2022-11-03 17:02:15 +01:00
Martin Fleisz
fbbcd9b8ef nla: Fix unicode issues with gateway code
Gateway code was passing a char string as the package name to
`credssp_auth_init`. When using Unicode builds this fails since
`QuerySecurityPackageInfo` expects a wchar string.

Additionally with unicode builds, `credssp_auth_pkg_name` causes string
type mismatches in the gateway code where a char string is expected.
2022-11-03 15:01:39 +01:00
Armin Novak
71b568ac30 Relax transport checks, allow invalid socket
When no real RDP connection is in use, the SSL socket might be invalid.
Do not assert here but allow the parsing to continue
2022-11-03 11:58:17 +01:00
Armin Novak
b4dbdac68b Refactored multitransport
* Implemented server and client multitransport message parsing
2022-11-03 11:58:17 +01:00
Armin Novak
72f7382f2f Added input assertions 2022-11-03 11:58:17 +01:00
Armin Novak
78a1399eb9 Improve logging in autodetect 2022-11-03 11:56:12 +01:00
Armin Novak
85ce3388d7 Handle RDP_NETCHAR_SYNC_RESPONSE_TYPE 2022-11-03 11:56:12 +01:00
akallabeth
016d2fe689 Renamed rdp_recv_server_synchronize_pdu 2022-11-03 11:56:12 +01:00
akallabeth
108b8a47ba Refactored autodetect code
* Added assertions
* Eliminated warnings
* Eliminated unnecessary allocations
2022-11-03 11:56:12 +01:00
Armin Novak
48a6c0b815 Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
2022-11-03 11:56:12 +01:00
Armin Novak
f1ae9be54d Fixed nla error code to string conversion 2022-10-27 10:37:23 +02:00
Armin Novak
cfffc5ef2c Do not terminate if error info is received. 2022-10-27 09:14:28 +02:00
akallabeth
a29343251c Fixed invalid pointer in freerdp_connect
After rdp_client_connect the settings pointer might have changed.
Reset it from the rdpContext.
2022-10-27 09:03:54 +02:00
akallabeth
1e67db7c08 Do blockwise write, use winpr_DeleteFile 2022-10-25 13:58:05 +02:00
akallabeth
1c0908bdfb Use winpr_DeleteFile and winpr_MoveFileEx 2022-10-25 13:58:05 +02:00
akallabeth
6e7b91c5ad Fixed smartcard logon file leak
The certificate and private key temporary files have not been
cleaned up under certain error conditions.
2022-10-25 13:58:05 +02:00
akallabeth
a8650d9a3d Fix certificate and private key checks for smartcard logon 2022-10-25 13:58:05 +02:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
2022-10-24 22:22:00 +02:00
Armin Novak
1f6476016d Update command line option /sec*
* Deprecate /sec-* flags
* Allow multiple arguments for /sec
2022-10-19 20:31:53 +02:00
fifthdegree
f13fd769f7 Use mutual auth for gateway
Windows seems to bug out when not using mutual auth; it accepts the
connection without sending the last auth message.
2022-10-19 18:55:38 +02:00
fifthdegree
eb04eb0008 Support using smartcard for gateway authentication 2022-10-19 18:55:38 +02:00
fifthdegree
e847f159a6 Try to use the smartcard key name Windows uses
Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
2022-10-19 18:55:38 +02:00
fifthdegree
9d0beaccae smartcardlogon: choose a single smartcard to use
Require a single smartcard certificate to be chosen and define a
callback to choose when more than one is available.
2022-10-19 18:55:38 +02:00
Marc-André Moreau
e3594c91dc Add UserSpecifiedServerName setting, /server-name command-line parameter 2022-10-14 17:59:57 -04:00
akallabeth
43c5289928 Replaced memset/ZeroMemory with initializer
* Addes WINPR_ASSERT on many occations
* Replaced memset with array initializer
* Replaced ZeroMemory with array initializer
2022-10-14 12:11:01 +02:00
David Fort
57d2a27980 fix smartcard listing
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:

* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
2022-10-14 12:05:16 +02:00
akallabeth
97e183d082 With #8292 ClusterInfoFlags became application settable
This pull adds the (previously lost) default value to keep compatible
with older code that does not care about that field.
2022-10-14 09:41:54 +02:00
Martin Fleisz
4bc74392c2 nla: Fix some issues with server-side NLA authentication
This PR fixes following issues with server-side NLA authentication:

- The client nonce should only be sent by the client
- The final stage in the nego token exchange checked the negoToken
  buffer for data. Instead the corresponding credssp API is now used
  which checks the correct buffer (output_buffer).
- The negoToken buffer needs to be cleared before sending the public key
  echo. In some cases the buffer was not empty and incorrectly was part
  of the response to the client.
2022-10-13 17:16:07 +02:00
Marc-André Moreau
47aaaf4693 Fix CredSSP extended credential attributes on Windows (SECPKG_CRED_ATTR_KDC_URL) 2022-10-13 16:49:01 +02:00
Armin Novak
d69bbaee28 Updated GCC
* Better logging
* Improved error checks
2022-10-13 13:57:11 +02:00
Armin Novak
a3ec857278 Improved MCS checks, added settings to MCS function 2022-10-13 13:57:11 +02:00
Armin Novak
b706676d1a [server] Store channel name for later use 2022-10-13 13:57:11 +02:00
Armin Novak
e249e355f8 Clone original settings before redirect
This eliminates all settings negotiated during initial connect and
allows to renegotiate the proper settings  with the final target
2022-10-13 13:57:11 +02:00
Armin Novak
3100eb8238 Add return values to TPDU functions 2022-10-13 13:57:11 +02:00
David Fort
8d3069e879 fix leak of NegoToken 2022-10-13 12:03:58 +02:00
David Fort
f76c14c256 fix smartcard logon with smartcard emulation
When smartcard emulation was enabled we were dumping the key and cert to
temporary files for PKINIT call, but they were deleted before we have
actually done the PKINIT. This patch fixes it.

It also add debug statement for the listing of smartcard keys / certs.

This also fixes the listing of smartcard on certain windows configurations
were we have to force NCRYPT_SILENT when doing a NCryptOpenKey.
2022-10-13 12:03:58 +02:00
Marc-André Moreau
21740743f7 Fix CredSSP with Windows Kerberos SSPI module 2022-10-13 09:48:13 +02:00
Marc-André Moreau
27a865af74 Add Negotiate SSPI authentication module filtering 2022-10-12 22:07:45 +02:00
Armin Novak
3cf0bb91d6 Updated supported RDP versions
* New defines for 10.8, 10.9, 10.10, 10.11 protocol versions
* New function returning a string representation of the protocol version
* Use 10.11 by default now
2022-10-12 21:42:12 +02:00
akallabeth
59eae5dbc3 Fixed tautological-unsigned-zero-compare 2022-10-11 13:28:30 +02:00
akallabeth
9d197b263c Fixed conditional-uninitialized warnings 2022-10-11 13:28:30 +02:00
David Fort
cd0a33dbf2 nla: context must be NULL on first call to AcceptSecurityContext or InitializeSecurityContext 2022-10-10 09:01:04 +02:00
David Fort
467816a7a5 nla: fix unicode and non unicode build 2022-10-10 09:01:04 +02:00
David Fort
f486fb1e92 fixes for NLA under win32 2022-10-10 09:01:04 +02:00
akallabeth
7dde39de9d Fixed ownership of negoToken
* Ensure negoToken is cleaned up in nla_free
* Renamed function credssp_auth_take_input_buffer now invalidates
  input buffer an takes ownership of that buffer
2022-10-09 21:34:26 +02:00
akallabeth
54a1e4ea7e Fixed invalid return values 2022-10-07 11:04:04 +02:00
akallabeth
a1dff38807 Add assertions in update module 2022-10-07 11:01:25 +02:00
akallabeth
60720e7706 Improved streamdump file format 2022-10-07 10:38:03 +02:00
fifthdegree
2a6950f366 Only pass in authData for server creds when needed
If not using one of the winpr server-specific options then pass NULL as
authData for AcquireCredentialsHandle to use default creds (in Windows)
2022-10-06 21:33:01 +02:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00
akallabeth
ed0f258423 Use GFX small cache by default
RAILS does have some problems if this is not enabled and there is
no real benefit for not setting it, so default it
2022-10-06 16:20:47 +02:00
David Fort
3947294ffb Adjust smartcard listing
When no CSP is provided, we were listing smartcard materials by querying the
MS_SCARD_PROV_A CSP, unfortunately on some windows hosts, the smartcards aren't
listed in that CSP. So this patch does the key listing by browsing all CSPs
instead of just a default one. You can still force a CSP and you'll get keys only
from this one.

This patch also address cases where the certificate on the smartcard doesn't
have a UPN attribute, if that happen we try to get a UPN from the email address.
2022-10-06 16:06:35 +02:00
Marc-André Moreau
479e891545 check return values for SetCredentialsAttributes, throw warnings for unsupported attributes 2022-09-30 19:33:12 +02:00
Marc-André Moreau
fddb0dac75 add missing OOM checks 2022-09-30 19:33:12 +02:00
Marc-André Moreau
eadbb15741 run clang-format 2022-09-30 19:33:12 +02:00