mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,540 Commits 6 Branches 74 Tags 84 MiB
9c93c6cbf3
Commit Graph

1814 Commits

Author SHA1 Message Date
Armin Novak
e4766c656e Fixed missing initialization warnings. 2017-12-21 11:04:32 +01:00
Armin Novak
6a21bdae3d Fixed various scanbuild warnings. 2017-12-21 09:34:35 +01:00
akallabeth
e3e65734e8
Merge pull request #4303 from krisztian-kovacs-balabit/use-redirection-password 
Use redirection password
 2017-12-20 17:01:58 +01:00
Martin Fleisz
80a49f46dc
Merge pull request #4320 from ondrejholy/coverity-fixes 
Coverity Scan fixes
 2017-12-20 14:17:20 +01:00
Martin Fleisz
ec027bf46c
Merge pull request #4318 from hardening/display_improvement 
Dynamic resolution improvements
 2017-12-20 13:43:22 +01:00
Martin Fleisz
bfe8359b5b
Merge pull request #4239 from akallabeth/test_memleak_fixes 
Test memleak fixes
 2017-12-20 12:38:38 +01:00
David Fort
2a6c9e1b87 Add an activated event and a Timer event 
Added an event that is triggered when the activation sequence is finished.
We also define a timer event that is neat to have for regular operation.
 2017-12-19 15:21:15 +01:00
Ondrej Holy
4791970c09 core: Remove redundant stream position changes 
Stream_Seek() is used, but consequently Stream_SetPosition() is used
for position obtained by Stream_GetPosition() immediatelly before
Stream_Seek(). Let's remove this stream position changes due to its
redundancy.
 2017-12-19 13:02:55 +01:00
Ondrej Holy
0389cb129e core: Fix array overrunning during FIPS keys generation 
p is 20 and r is 1 in the last iteration of fips_expand_key_bits,
which means that buf[21] is read (of BYTE buf[21];). However,
the value is not needed, because it is consequently discarded by
"c & 0xfe" statement. Let's do not read buf[p + 1] when r is 1
to avoid this.
 2017-12-19 10:29:16 +01:00
Armin Novak
7305828122 Fix #4239: Various memory leaks 
* Fixed all tests, now can be run with -DWITH_ADDRESS_SANITIZER=ON compiled.
* Enabled address sanitizer for nightly builds.
 2017-12-12 11:40:48 +01:00
David Fort
41823080f9 Fix users of Stream_GetPosition() that returns size_t 2017-12-11 22:38:58 +01:00
David Fort
11ee81be60 Fix XRandr for old systems and MacOSX 
We need a recent enough version of XRandr to correctly detect monitor.
Also this patch adds some typo or style fixes.
 2017-12-08 10:59:38 +01:00
KOVACS Krisztian
7f5f40d392 core/nla: use RedirectionPassword if set in settings 
Previously, the code prompted for the password even if a RedirectionPassword
was provided.

With this change the prompt is only shown if both settins->Password and
settings->RedirectionPassword is absent.
 2017-12-06 16:32:56 +01:00
KOVACS Krisztian
6518e36c70 Revert "core/connection: use redirection password when reconnecting" 
This reverts commit 70c65e70d1.
 2017-12-06 14:58:34 +01:00
David Fort
cf33966f2e
Merge pull request #4282 from akallabeth/force_ipv6 
Fix #4281: Added option to prefer IPv6 over IPv4
 2017-11-28 10:48:53 +01:00
Armin Novak
3e4c274cc9 Fixed channel count exceed checks 
The check aborted on CHANNEL_MAX_COUNT - 1 instead
of correctly at CHANNEL_MAX_COUNT
 2017-11-28 09:40:04 +01:00
David Fort
2f4a2f8595
Merge pull request #4272 from akallabeth/static_channel_checks 
Fix #3378: 31 static channels are supported.
 2017-11-27 22:46:23 +01:00
Armin Novak
2cc64298f2 Fix #4281: Added option to prefer IPv6 over IPv4 2017-11-27 11:43:54 +01:00
Armin Novak
377bfeb227 Fix #3378: 31 static channels are supported. 2017-11-23 16:18:44 +01:00
Armin Novak
f68bc07a22 Fixed return value check for callbacks. 2017-11-23 15:10:42 +01:00
akallabeth
71e38a4ce7
Merge pull request #4267 from ondrejholy/autofips 
Enable FIPS mode automatically
 2017-11-23 10:49:15 +01:00
Ondrej Holy
74bbbdb5c3 Remove unused variable 
Unused variable was added together with FIPS mode support, let's remove it.
 2017-11-23 10:09:17 +01:00
Ondrej Holy
6973b14eed Enable FIPS mode automatically 
FreeRDP aborts if OpenSSL operates in FIPS mode and +fipsmode is not
manually specified. Let's prevent the abortion and enable the necessary
options in that case automatically.
 2017-11-23 10:09:17 +01:00
David Fort
a834ef8243
Merge pull request #4251 from akallabeth/openssl_warn_fixes 
Fix #4247: warnings introduced with #3904
 2017-11-23 09:22:02 +01:00
cedrozor
49f4b2a42e Fixed NLA for Negotiate and NTLM authentication (regression due to the recent addition of kerberos support) 2017-11-21 16:36:47 +01:00
Armin Novak
a376656b3c Disabled ceritficate signature check. 2017-11-21 11:37:42 +01:00
Armin Novak
4fe12b0ea3 Fix #4247: warnings introduced with #3904 2017-11-20 10:18:15 +01:00
akallabeth
b156b937fe
Merge pull request #3904 from bjcollins/master 
FIPS Mode support for xfreerdp
 2017-11-17 13:31:43 +01:00
Martin Fleisz
4ff1251488
Merge pull request #4236 from akallabeth/scan_fix_remastered 
Scanbuild warning fixes
 2017-11-17 13:02:46 +01:00
Brent Collins
9ca9df1ead Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override 
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
 2017-11-17 12:43:07 +01:00
Brent Collins
e47123f05a Do not initialize SSL in freerdp_context_new, it is too early to detect the fips enabled flag 
and is redundant since it is initialized later before actually using SSL.
 2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63 Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues. 2017-11-17 12:43:07 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode. 
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
 2017-11-17 12:43:06 +01:00
Armin Novak
bd7e4cd35a Fixed uninitialized variables. 2017-11-15 15:56:25 +01:00
Armin Novak
032c0164d1 Fixed missing error check. 2017-11-15 15:56:25 +01:00
Armin Novak
99f6c27488 Fixed uninitialized arguments. 2017-11-15 15:56:25 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
David Fort
7bbc3cb8b7 Fix logic in nla_read_ts_credentials 2017-11-13 16:20:57 +01:00
dodo040
e0a9999fb2 fix: GSS API init, enterprise name management, variable names and format code 2017-11-13 16:20:56 +01:00
dodo040
0a3c61d305 fix undefined symbol references at linking stage 2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00
akallabeth
fcc9419922
Merge pull request #4225 from krisztian-kovacs-balabit/use-redirection-pdu-password-on-reconnect 
core/connection: use redirection password when reconnecting
 2017-11-10 09:32:39 +01:00
KOVACS Krisztian
c13c9035eb libfreerdp/core/certificate: open key file for reading only 
There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
 2017-11-09 16:54:22 +01:00
KOVACS Krisztian
70c65e70d1 core/connection: use redirection password when reconnecting 
According to MS-RDPBCGR the server might send a password in the Redirection PDU
that then must be sent by the client to the server as password.

Since the field either contains a password string (unicode) or a binary cookie,
we try to convert the password from unicode and use it only if conversion
succeeds.
 2017-11-09 14:46:38 +01:00
Martin Fleisz
d5344c3396
Merge pull request #4219 from akallabeth/various_fixes 
Various fixes
 2017-11-09 09:37:18 +01:00
Martin Fleisz
ed1934cafe
Merge pull request #4211 from akallabeth/silence_duplicate_warnings 
Silence WLog_ERR messages if last error is set.
 2017-11-08 13:34:26 +01:00
Armin Novak
b86c0ba548 Fixed NLA default error to FREERDP_ERROR_AUTHENTICATION_FAILED 2017-11-08 11:32:34 +01:00
David Fort
b216e91cdd
Merge pull request #4210 from akallabeth/nla_errors_extended 
Added additional NLA error mappings.
 2017-11-06 14:23:50 +01:00
Armin Novak
ce00f4dd8f Silence WLog_ERR messages if last error is set. 2017-11-06 14:02:22 +01:00
akallabeth
e7b8833e9e
Merge pull request #4187 from hardening/multimon_fix 
Multimonitor fix
 2017-11-06 10:02:07 +01:00