Commit Graph

1827 Commits

Author SHA1 Message Date
Marc-André Moreau
9dd77ae14a libfreerdp-core: add usage of TargetNetAddresses in ip-based redirection when hostname resolution fails 2014-12-26 13:49:25 -05:00
Marc-André Moreau
d5edfa4721 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-12-21 14:22:09 -05:00
Vic Lee
7449abefb1 libfreerdp-core: server synchronized access to dvc channel seq. 2014-12-19 12:31:36 +08:00
Bernhard Miklautz
78d68598ed core: fix problem with data for unknown channel
Some buggy server(s) send data for channels that weren't announced or
negotiated. When processing this data FreeRDP had a problem and always
used the last channel in the channels list even if it wasn't responsible
for the data. Depending on how the channel handled the data this could
lead to different kind of problems and also segmentation faults.

Now data for unknown channels is ignored and not processed further.
2014-12-16 16:27:55 +01:00
Marc-André Moreau
736bcf2bd6 libfreerdp-core: fix async input mode for FocusInEvent, KeyboardPauseEvent 2014-12-15 11:35:35 -05:00
Marc-André Moreau
9b28562cc1 libfreerdp-core: fix faulty rdpTransport server-side initialization 2014-12-15 10:23:06 -05:00
Marc-André Moreau
e2f377ae11 libfreerdp-core: fix TSG thread shutdown and input freeze problem 2014-12-15 09:42:04 -05:00
Marc-André Moreau
74bef0edca Merge pull request #2275 from awakecoding/master
TS Gateway Fixes
2014-12-12 09:33:52 -05:00
Marc-André Moreau
aa23c4eaaa libfreerdp-core: fix random TS Gateway disconnects with async modes 2014-12-12 09:08:39 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
cc2321d359 libfreerdp-core: fix leak and use after free in tsg ListDictionary usage 2014-12-11 17:08:22 -05:00
Marc-André Moreau
d8e10ac04a freerdp: patch leaks reported by valgrind when using TS Gateway 2014-12-11 11:25:34 -05:00
Marc-André Moreau
b579ad3cec Merge pull request #2261 from akallabeth/more_memleak_fixes
More warning and memleak fixes
2014-12-11 08:28:48 -05:00
Bernhard Miklautz
7b413fb951 nego: print message when bypassing gateway
When "detect" is used as gateway usage method (which is the default)
it is tried to by-pass gateway connection for local hosts.
The detection might take some time therefore print a message that people
are aware that a detection is tried.

Fixes #2171
2014-12-08 19:00:05 +01:00
Armin Novak
528c5841d5 Fixed memory leak. 2014-12-07 00:50:20 +01:00
Marc-André Moreau
84bccaf3fc Merge pull request #2258 from nfedera/fix-2014-12-05-02
gdi: don't pollute invalid region with empty rects
2014-12-05 14:50:25 -05:00
Norbert Federa
443ee42db5 gdi: don't pollute invalid region with empty rects 2014-12-05 19:47:29 +01:00
Norbert Federa
a7c90e16a3 cache: fixes for GlyphIndex, FastIndex & FastGlyph
* update_process_glyph_fragments() ignored the text background rectangle

* moved the OpRight value fix-up to update_process_glyph_fragments() since
  it is required for all glyph primary drawing orders
2014-12-05 18:28:43 +01:00
Norbert Federa
3baaa9a523 Merge pull request #2256 from llyzs/llyzs
libfreerdp-core: enable ipv6 listener.
2014-12-05 16:06:23 +01:00
Vic Lee
bcee2ec3cd libfreerdp-core: enable ipv6 listener. 2014-12-05 10:06:35 +08:00
Marc-André Moreau
fdd2dc7601 freerdp: patch valgrind leaks, cleanup 2014-12-03 14:17:27 -05:00
Marc-André Moreau
01ac15a879 libfreerdp-core: fix crash on failed redirect 2014-12-03 11:48:27 -05:00
Marc-André Moreau
6ccce86140 Merge branch 'master' of github.com:FreeRDP/FreeRDP
Conflicts:
	winpr/libwinpr/thread/thread.c
2014-12-03 10:10:50 -05:00
Marc-André Moreau
c17a831367 Merge pull request #2240 from nfedera/fix-2014-12-01-01
xfreerdp: pinch/pan fixes and smart-sizing
2014-12-02 14:04:49 -05:00
Norbert Federa
25f66d2e6d xfreerdp: added smart sizing, mt gesture fixes
- removed setting ScalingFactor
- added settings SmartSizingWidth and SmartSizingHeight
- changed option /smart-sizing to optionally support <width>x<height>
- consolidated transformation of input event coordinates
- rdp8 gfx ignored scaling and panning offsets: fixed
- never resize window on panning/pinching
- simplified keyboard multitouch gesture debugging emulation
- disabled keyboard multitouch gesture emulation debug code via define
2014-12-01 11:56:44 +01:00
Bernhard Miklautz
e139bd0fb8 core client side: set flag to crypt license
Client side code always tells the server that it is capable of processing
encrypted licensing packages (SEC_LICENSE_ENCRYPT_SC) but didn't set
the recently added flag to indicate that.

Fixes #2196
2014-12-01 11:12:34 +01:00
Mario Lombardo
3c634f91db Rename tcp-functions as they are conflicting with qemu functions 2014-11-29 21:14:39 +01:00
Marc-André Moreau
a323a0823d Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-11-28 11:23:53 -05:00
Marc-André Moreau
88dd5eb8c5 Merge pull request #2225 from akallabeth/openh264_fix
Openh264 v1.2 API
2014-11-28 11:23:11 -05:00
Bernhard Miklautz
daa3e7c7f8 tsg: fix possible free of initialized memory 2014-11-27 15:08:07 +01:00
Bernhard Miklautz
5066a5e455 tsg: rpc_send_enqueue_pdu always free buffer
rpc_send_enqueue_pdu returns -1 on error but the type of error isn't
distinguishable. Therefore make sure that the buffer gets always freed.
The only exception to this is when the pdu was already queued. Then the
dequeuing function should take care of freeing the buffer when
processing the pdu.
2014-11-27 14:39:47 +01:00
Bernhard Miklautz
96ae2df5a4 tsg: unwind recursion in tsg_read 2014-11-26 19:46:32 +01:00
Bernhard Miklautz
c0525574c8 transport: handle all return values of tsg_read
tsg_read can also return 0 which means that no data (complete PDU) is
currently available. This case wasn't handled properly.

Fixes #2056
2014-11-26 19:46:32 +01:00
Bernhard Miklautz
f338e1f6c3 crypto: revert pull request #2130
The fix in #2130 eliminates the problem when connecting over a gateway
but introduces other problems server side and client side (client/server
can't detect anymore when a TCP connection was closed).
2014-11-26 19:46:32 +01:00
Bernhard Miklautz
81a6c43938 tsg: fix segfault
Revert false positive from commit 585d9101b7
buffer shouldn't be freed since it is set and used in a stream.
2014-11-26 19:46:32 +01:00
Marc-André Moreau
d95af00117 Merge branch 'awakecoding' of github.com:vworkspace/FreeRDP 2014-11-25 11:20:07 -05:00
Marc-André Moreau
1c88822ccb libfreerdp-core: treat GCC data block 0xC009 as CS_MULTITRANSPORT 2014-11-19 21:00:28 -05:00
Marc-André Moreau
3f5aa863cb libfreerdp-core: fix server-side activated state 2014-11-19 14:21:23 -05:00
Marc-André Moreau
d6e6db05e9 libfreerdp-core: sanitize NSCodec capabilities 2014-11-19 09:39:47 -05:00
Marc-André Moreau
8a7a71a7b6 Merge pull request #2213 from akallabeth/wlog_callback_appender
Wlog callback appender
2014-11-17 09:41:58 -05:00
Armin Novak
e61acfe6b4 Fixed null pointer dereference. 2014-11-17 01:26:31 +01:00
Armin Novak
deef61dfd0 Fixed memory leak. 2014-11-17 01:16:56 +01:00
Armin Novak
bc963c43d8 Fixed double free. 2014-11-17 01:13:47 +01:00
Armin Novak
83477e5344 Fixed memory leak. 2014-11-17 01:10:45 +01:00
Armin Novak
727a7a9aed Fixed memory leaks. 2014-11-17 01:08:38 +01:00
Armin Novak
9ea898a3c2 Fixed memory leaks. 2014-11-17 01:07:07 +01:00
Armin Novak
28a8a6fa7e Fixed memory leak. 2014-11-17 01:04:29 +01:00
Armin Novak
2958a2c0c5 Fixed memory leaks. 2014-11-17 01:00:55 +01:00
Armin Novak
037c612c33 Fixed memory leak. 2014-11-17 00:58:43 +01:00
Armin Novak
e4b33efdb2 Fixed memory leak. 2014-11-17 00:56:56 +01:00