Commit Graph

383 Commits

Author SHA1 Message Date
akallabeth
4b2d877bf3 [core,transport] document and fix transport_attach
* [transport_default_attach] Only attach provided socket once the
  function can no longer fail
* [transport_attach] document behaviour
2024-02-23 11:02:06 +01:00
akallabeth
d7ebec5a65 [tidy] move loop variable declaration to loop 2024-02-22 12:31:50 +01:00
akallabeth
f69e1fe697 [clang-tidy] readability-duplicate-include 2024-02-15 11:49:16 +01:00
akallabeth
0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
akallabeth
207def5c56 [clang-tidy] readability-isolate-declaration 2024-02-15 11:49:16 +01:00
akallabeth
2fffcd64b9 [winpr] use winpr_strerror instead of strerror
use the wrapper from WinPR to use the best implementation available.
2024-02-06 15:45:47 +01:00
akallabeth
ba8cf8cf21 [build] fix Wmismatched-deallocator warnings
With custom malloc function attributes the fail path in the _New
functions produces warnings due to allocator mismatches. Silence them.
2024-02-05 08:16:55 +01:00
Vic Lee
f2794daf38 [core,transport] make blocking mode available to transport IO interface. 2024-01-22 12:57:01 +01:00
Vic Lee
33447dc16e [nla,transport] move public key retrieval to transport IO. 2024-01-03 08:40:39 +01:00
akallabeth
cd4d77af86 [settings] add deprecation warnings
direct struct access to rdpSettings now produces warnings if not
explicitly deactiaved by defining FREERDP_SETTINGS_INTERNAL_USE
2023-11-24 14:54:56 +01:00
akallabeth
1163cc4d5c [core] add internal settings.h include 2023-11-24 14:54:56 +01:00
David Fort
3c18a9980f [client,win32] implement connection to child session
Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
2023-09-27 11:57:49 +02:00
akallabeth
1d25242eac [core,transport] fix evaluation of nla errors
if there is no rdpNla fall back to default error password expired.
2023-09-21 10:00:19 +02:00
David Fort
8a39859612 [arm] various improvements
This patch moves the ARM configuration before starting the connection process, so
that we can do some provisioning of the FreeRDP settings with the items retrieved
from Azure.
Most notably that allows us to connect directly using RDSTLS security.
2023-09-04 10:24:56 +02:00
Armin Novak
e61880d077 [standard] replace __FUNCTION__ with __func__ 2023-07-27 20:02:43 +02:00
Michael Saxl
a5a60c888b [core,transport] free wst transport after use 2023-07-04 20:33:13 +02:00
Armin Novak
ea66b23631 [core,gateway] fix various issues with arm transport
* fix possible leaks
* split big functions
* fix missing NULL checks
2023-06-27 21:15:08 +02:00
Michael Saxl
d55e035260 [gateway,arm] Azure Virtual Desktop Gateway support
This PR creates a new /gateway:type:arm transport.
It depends on CJSON

The arm transport is not a transport by itself but is responsible
for getting the websocket endpoint from a configuration url derived from
the configured gateway host in the rdpw file or cmdline
2023-06-27 21:15:08 +02:00
Hugues LEFEBVRE
b67afecf0f CredSSP with early user auth (nla_ext) support 2023-06-26 11:53:46 +02:00
Michael Saxl
44c1ec3276 [gateway,websocket] implement plain websocket transport
* factor out most websocket specific code parts into websocket.c
* create wst.c (Websocket Transport) as gateway transport implementation
* introduce GatewayUrl setting that holds the websocket url
* introduce GatewayHttpExtAuthBearer that holds the HTTP Bearer
* GatewayHttpExtAuthBearer can be used by both rdg and wst
2023-06-22 09:21:42 +02:00
Marc-André Moreau
4d4dcd4511 Fix usage of explicit server name when different from connection host 2023-06-13 09:20:17 -04:00
Armin Novak
970f0c54e8 [stream] use const correct Stream_Pointer access 2023-06-08 08:09:33 +02:00
Armin Novak
a4c6b36a19 [build] fix memory sanitizer stack frame warnings 2023-06-07 09:14:45 +02:00
Armin Novak
7832ba2361 [core,transport] properly log failure reason retries exceeded 2023-05-23 05:04:55 +02:00
Armin Novak
f26dc59a9d [core,aad] make AAD optional
* make cJSON an optional dependency
* disable AAD if cJSON was not compiled in
2023-03-10 16:38:07 +01:00
akallabeth
c5406d79c5 [core,aad] typedef AAD_STATE 2023-03-10 16:38:07 +01:00
akallabeth
2117cdcb0f [core,transport] rewritten aad transport read
use a do {} while loop to make it easier to read.
2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
Armin Novak
ec60ebaf37 [core] parse whole wStream instead of current 2023-03-09 11:17:37 +01:00
Armin Novak
5c49fae477 [core,transport] split pdu parser function
split according to which PDU type is being parsed.
2023-03-09 11:17:37 +01:00
Joan Torres
5bcc5326d0 [core,rdstls] fix rdstls_parse_pdu
When this function returns <= 0 the caller was considering it a pduLength
creating a bug.

Also fixed length calculation on some rdstls pdu types.
2023-03-09 11:17:37 +01:00
Joan Torres
b469f53c43 [core,transport] check for rdstls == NULL on accept_rdstls too 2023-03-09 11:17:37 +01:00
akallabeth
4154bc500e [core,transport] check for rdstls == NULL 2023-03-09 11:17:37 +01:00
akallabeth
0dc59f3a41 [core,rdstls] hide rdstls parsing
* move rdstls specific code from transport_parse_pdu to rdstls_parse_pdu
* hide rdstls implementation details
2023-03-08 14:05:00 +01:00
Joan Torres
c7f214435e [core,transport] use modern stream funcs on transport_parse_pdu 2023-03-08 14:05:00 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Martin Fleisz
1f903f80a5 core: Add possibility to distinguish between auth cancelled and no creds
Currently if the authentication callback returns `FALSE` the utils
function handle this as scenario as no credentials provided (returns
`AUTH_NO_CREDENTIALS)`.

This PR introduces a new `auth_status` called `AUTH_CANCELLED` that is
returned if the authentication callback returns `FALSE`. If the callback
returns `TRUE` and username or password are empty the util function will
continue to return `AUTH_NO_CREDENTIALS`.

THe PR also fixes some incorrect returns in RPC over HTTP gateway code.
2023-02-14 08:43:23 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
Rozhuk Ivan
a111b78530 [core] Rename TLS functions
Rename tls_ to freerdp_tls_ to avoid namespace conflicts with libtls
and probaly other tls crypto libs.
2023-01-14 08:50:26 +01:00
akallabeth
82ba9ede9c [freerdp] use FREERDP_/UWAC_/RDTK_ prefix for conditional headers 2023-01-10 17:38:00 +01:00
Armin Novak
5f81005ecb [transport] remove polling loop
We no longer have a blocking polling loop in transport. Instead assume
there is more data after a packet was processed and let the transport
try again. If there is another packet ready, this repeats until only a
partly received (or no new data available) situation is reached.
2022-12-12 12:59:32 +01:00
Armin Novak
fd7a952e70 [core,transport] only return ioEvent if we use it
transport_get_event_handles only returns the ioEvent handle in its
list if transport_io_callback_set_event was called at least once.
2022-11-16 15:32:32 +01:00
akallabeth
d83f70bc32 [core,transport] event handle for transportIO
With the latest client changes the internal event loop requires a handle
to wait on. Add a new function to (re)set the newly added transport event handle.
2022-11-16 15:32:32 +01:00
akallabeth
4ccb38aa13 [core] Check return value of *_transition_to_state
The state transition might not be allowed, so abort if that fails.
2022-11-16 15:32:32 +01:00
akallabeth
bc31bae2b5 [core] Unify RDP state machine
Up to this commit the client and server state machine handling used
different return values for state machine changes.
This is fixed with this commit:
* Use common enum return values
* Use common helper functions
2022-11-15 09:57:46 +01:00
Armin Novak
71b568ac30 Relax transport checks, allow invalid socket
When no real RDP connection is in use, the SSL socket might be invalid.
Do not assert here but allow the parsing to continue
2022-11-03 11:58:17 +01:00
Marc-André Moreau
e3594c91dc Add UserSpecifiedServerName setting, /server-name command-line parameter 2022-10-14 17:59:57 -04:00
fifthdegree
2de7a4c249 Support spnego authentication for gateway
* Consolidate authentication support functions into auth.c
* Change authentication flow in gateway to be non-ntlm specific
2022-10-06 21:33:01 +02:00
Martin Fleisz
12f2c4e2a7 core: Use closesocket instead of close 2022-07-21 15:59:43 +02:00
akallabeth
d0fece49dc Use stack variable instead of malloc in transport 2022-07-04 14:31:08 +02:00