mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
11,381 Commits 6 Branches 74 Tags 84 MiB
9ca9df1ead
Commit Graph

1782 Commits

Author SHA1 Message Date
Brent Collins
9ca9df1ead Make the new winpr_Digest*MD5_Allow_FIPS functions more generic to no longer be MD5 specific in design. This way the FIPS override 
could easily be extended to more digests in the future. For now, an attempt to use these functions with anything other than MD5 will
not work.
 2017-11-17 12:43:07 +01:00
Brent Collins
e47123f05a Do not initialize SSL in freerdp_context_new, it is too early to detect the fips enabled flag 
and is redundant since it is initialized later before actually using SSL.
 2017-11-17 12:43:07 +01:00
Brent Collins
68ab485e63 Fix logic error in reworked MD5 call for establishing keys, and fix some minor whitespace issues. 2017-11-17 12:43:07 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode. 
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
 2017-11-17 12:43:06 +01:00
Armin Novak
4eb5b8e349 Replaced atoi 2017-11-15 15:52:16 +01:00
David Fort
7bbc3cb8b7 Fix logic in nla_read_ts_credentials 2017-11-13 16:20:57 +01:00
dodo040
e0a9999fb2 fix: GSS API init, enterprise name management, variable names and format code 2017-11-13 16:20:56 +01:00
dodo040
0a3c61d305 fix undefined symbol references at linking stage 2017-11-13 16:20:56 +01:00
dodo040
b81f168f0e initial commit for kerberos support 2017-11-13 16:20:55 +01:00
akallabeth
fcc9419922
Merge pull request #4225 from krisztian-kovacs-balabit/use-redirection-pdu-password-on-reconnect 
core/connection: use redirection password when reconnecting
 2017-11-10 09:32:39 +01:00
KOVACS Krisztian
c13c9035eb libfreerdp/core/certificate: open key file for reading only 
There's no point in writing the key file for read-write, and it makes it
impossible to run the shadow server with the key file being read only.
 2017-11-09 16:54:22 +01:00
KOVACS Krisztian
70c65e70d1 core/connection: use redirection password when reconnecting 
According to MS-RDPBCGR the server might send a password in the Redirection PDU
that then must be sent by the client to the server as password.

Since the field either contains a password string (unicode) or a binary cookie,
we try to convert the password from unicode and use it only if conversion
succeeds.
 2017-11-09 14:46:38 +01:00
Martin Fleisz
d5344c3396
Merge pull request #4219 from akallabeth/various_fixes 
Various fixes
 2017-11-09 09:37:18 +01:00
Martin Fleisz
ed1934cafe
Merge pull request #4211 from akallabeth/silence_duplicate_warnings 
Silence WLog_ERR messages if last error is set.
 2017-11-08 13:34:26 +01:00
Armin Novak
b86c0ba548 Fixed NLA default error to FREERDP_ERROR_AUTHENTICATION_FAILED 2017-11-08 11:32:34 +01:00
David Fort
b216e91cdd
Merge pull request #4210 from akallabeth/nla_errors_extended 
Added additional NLA error mappings.
 2017-11-06 14:23:50 +01:00
Armin Novak
ce00f4dd8f Silence WLog_ERR messages if last error is set. 2017-11-06 14:02:22 +01:00
akallabeth
e7b8833e9e
Merge pull request #4187 from hardening/multimon_fix 
Multimonitor fix
 2017-11-06 10:02:07 +01:00
Armin Novak
7a73a0eb1b Added additional NLA error mappings. 2017-11-06 09:49:03 +01:00
Youness Alaoui
02e4f1f256 Do not delete the listener socket right after creating it. 
The listener server socket file needs to be deleted before we bind it
otherwise it's an "address already in use" error. But it was getting
deleted after the bind, causing the file to disappear, and preventing
anyone from connecting to the listener socket since the socket stops
existing.

This is caused by commit 884e87fde4
 2017-10-27 15:01:29 -04:00
Armin Novak
367bddd7ad Added better error mapping for NEGO results. 2017-10-25 09:58:13 +02:00
David Fort
f90fe19fc7 multimon: correctly set the primary monitor 
According to the spec the primary monitor is supposed to be in (0,0) and other monitors
to be given relative to this one.
 2017-10-17 14:07:23 +02:00
David Fort
a132922376 Add checks for DR channel 2017-10-04 10:30:47 +02:00
akallabeth
e6d66d9d81 Merge pull request #4154 from hardening/misc_fixes 
Fix raw surfaces displaying + misc other changes
 2017-09-27 14:56:21 +02:00
Bernhard Miklautz
15c7cb8cb2 Enable clipboard channel per default 2017-09-27 09:45:07 +02:00
David Fort
ddca8f3a3b Check return value of malloc 2017-09-26 13:56:08 +02:00
Armin Novak
9f26f73709 Added delay for connect abort 
The connection abort must be called after freerdp_connect.
Ensure that this function is already running by waiting
a second.
 2017-09-26 12:05:24 +02:00
Armin Novak
ef9444bd35 TestConnect: Extend timeout, only listen locally 2017-09-26 10:59:34 +02:00
Armin Novak
ac454628ae Fixed TestConnect with dynamic channels. 2017-09-25 13:34:00 +02:00
Armin Novak
884e87fde4 Unlink file after binding to it. 
When unlinking the file before binding, a new entry is created
in the file system after binding. This is not desireable, so
unlink it after binding to remove the temporary file after the process
closes.
 2017-09-25 10:35:24 +02:00
Jukka-Pekka Virtanen
ad1425e145 Using PasswordIsSmartcardPin option when sending TS_INFO_PACKET 2017-09-23 14:28:17 +02:00
David Fort
b587daa416 Merge pull request #4136 from tditsch/master 
Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION
 2017-09-22 09:52:27 +02:00
Armin Novak
bdae339268 Check and invalidate handles on free. 2017-09-19 12:36:13 +02:00
tditsch
a16d9a2ade refactored Bugfix 2017-09-19 10:18:41 +02:00
tditsch
feca6d9750 Fixed endless loop when RDP Server sends SERVER_DENIED_CONNECTION 2017-09-18 17:29:16 +02:00
Ondrej Holy
9cccd4888d orders: Fix OFFSCREEN_DELETE_LIST allocation size 
The size of OFFSCREEN_DELETE_LIST list allocation was incorrectly changed
by commit 99b1481 and consequently fixed incorrectly by commit 8a0fe086.
Let's count the allocation size based on new size and not based on current
size in order to prevent some memory issues.

https://github.com/FreeRDP/FreeRDP/issues/4117
 2017-09-07 09:38:44 +02:00
Ondrej Holy
048e7f264b orders: Fix ORDER_TYPE_GDIPLUS_END check 
Commit 6fd03ab introduced security checks for orders, but
ORDER_TYPE_GDIPLUS_END check fails in case of success and vice versa.
Let's add the missing question mark.

https://github.com/FreeRDP/FreeRDP/issues/4117
 2017-09-07 09:38:44 +02:00
David Fort
5115ecd948 Merge pull request #4063 from akallabeth/auth_fixes 
Fixed leaks, certificate comparison and channel context cleanup
 2017-08-30 10:19:12 +02:00
Bernhard Miklautz
52fbfb7b12 fix clang warnings, directly include wtypes.h (#4097) 
* build: clang use -Wno-unused-command-line-argument

With clang 5.0 builds are quite noisy otherwise.

* Directly include wtypes.h

Directly include winpr/wtypes.h where _fseeki64 or _ftelli64 is used.

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: parentheses-equality

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning: tautological-compare

* fix build warnings with clang 5

clang version: 5.0.0-svn310678-1~exp1 (branches/release_50)
Warning:
incompatible pointer types passing 'size_t *' (aka 'unsigned
long *') to parameter of type 'UINT32 *' (aka 'unsigned int *')
[-Wincompatible-pointer-types]
 2017-08-29 09:09:38 +02:00
Armin Novak
c3d4b7d262 fseeko and ftello for 64bit file support. 2017-08-14 08:42:49 +02:00
David Fort
b29658a859 Merge pull request #4066 from akallabeth/input_event_fixes 
Fixed capability checks for mouse and unicode input.
 2017-08-02 11:25:08 +02:00
David Fort
c84065f40c Merge pull request #4069 from yurashek/master 
Build on Solaris
 2017-08-02 09:53:38 +02:00
Armin Novak
d2d621106d Fixed capability checks for mouse and unicode input. 2017-07-31 12:30:35 +02:00
Armin Novak
523a881663 Channels with a context must free it themselves. 2017-07-28 08:39:51 +02:00
Armin Novak
11fa9f6753 Free credentials on exit. 2017-07-28 08:39:49 +02:00
Armin Novak
b0411d4faa Unexported internal NLA functions. 2017-07-28 08:38:07 +02:00
Armin Novak
c301f2d56a Fixed certificate check return. 2017-07-28 08:35:41 +02:00
Armin Novak
ceda244165 Fixed uninitialized values and leaks. 2017-07-28 08:35:31 +02:00
Armin Novak
dd4b5ea126 Disable JPEG codec support if not compiled in. 2017-07-24 15:23:36 +02:00
Armin Novak
b51a103b70 Fixed uninitialized values. 2017-07-20 09:35:41 +02:00