Commit Graph

16257 Commits

Author SHA1 Message Date
akallabeth
a29343251c Fixed invalid pointer in freerdp_connect
After rdp_client_connect the settings pointer might have changed.
Reset it from the rdpContext.
2022-10-27 09:03:54 +02:00
akallabeth
1e67db7c08 Do blockwise write, use winpr_DeleteFile 2022-10-25 13:58:05 +02:00
akallabeth
1c0908bdfb Use winpr_DeleteFile and winpr_MoveFileEx 2022-10-25 13:58:05 +02:00
akallabeth
22dce52d15 Add function winpr_MoveFileEx 2022-10-25 13:58:05 +02:00
akallabeth
6e7b91c5ad Fixed smartcard logon file leak
The certificate and private key temporary files have not been
cleaned up under certain error conditions.
2022-10-25 13:58:05 +02:00
akallabeth
a8650d9a3d Fix certificate and private key checks for smartcard logon 2022-10-25 13:58:05 +02:00
fifthdegree
cbd310df52 Check smartcard certificates for correct EKU
To be used for login, smartcard certificates must have the Microsoft
Smart Card Logon EKU
2022-10-24 22:22:00 +02:00
fifthdegree
78ba60f50f Check for NULL pointer in winpr_Digest_Free 2022-10-24 08:33:57 +02:00
akallabeth
68ad8d5a1c Added missing return in winpr_Digest_New 2022-10-20 19:24:41 +02:00
akallabeth
181debc3d1 Remove /tls:enforce:ssl3 option
SSL3 is deactivated during connect anyway, so do not expose the
option
2022-10-20 10:51:50 +02:00
akallabeth
ef6842d249 Fixed TLS1_3_VERSION check and parse_tls_seclevel
* Only add TLS1_3_VERSION to array if the SSL library build against
  has support for TLS 1.3
* Fix wrong parse function call for 'seclevel'
2022-10-20 10:51:50 +02:00
Armin Novak
2a181c19c5 Added missing include 2022-10-19 20:33:17 +02:00
Armin Novak
a66d9d1706 Improve OpenSSL provider loading
* Added log messages for failure to load a provider
* Add code to clean up loaded providers on shutdown
2022-10-19 20:33:17 +02:00
Armin Novak
6ab2cb6d99 Fixed mutially exclusive CAIRO and SWSCALE includes
When both are defined there was a build error due to missing
includes.
2022-10-19 20:31:53 +02:00
Armin Novak
187b553b97 Allow overriding TLS version
Now use a generic option to allow setting all possible SSL/TLS versions.
Use /tls:enforce:[ssl3|1.0|1.1|1.2|1.3] to set accordingly
2022-10-19 20:31:53 +02:00
Armin Novak
119b8d4474 Unified command line options to list something
There are various options to list smartcards, monitors, keyboard
settings. Unify them all under a single /list:<something> option
2022-10-19 20:31:53 +02:00
Armin Novak
7e82c9f19f Cleaned up functions printing information 2022-10-19 20:31:53 +02:00
Armin Novak
4b9c8e6393 Updated keyboard list API 2022-10-19 20:31:53 +02:00
Armin Novak
1f6476016d Update command line option /sec*
* Deprecate /sec-* flags
* Allow multiple arguments for /sec
2022-10-19 20:31:53 +02:00
Armin Novak
ed3bc5c51a Only enable deprecated commandline with WITH_FREERDP_DEPRECATED 2022-10-19 20:31:53 +02:00
Armin Novak
1c8bcbeb6a Added deprecation warnings to /cert-* options 2022-10-19 20:31:53 +02:00
Armin Novak
d357fa3237 Added a unified /tls: option
There are too many tls settings scattered over multiple different
switches. Add a unified option and deprecate the old ones
2022-10-19 20:31:53 +02:00
fifthdegree
f13fd769f7 Use mutual auth for gateway
Windows seems to bug out when not using mutual auth; it accepts the
connection without sending the last auth message.
2022-10-19 18:55:38 +02:00
fifthdegree
ffe8e45aff Pass bindings through Negotiate on first call 2022-10-19 18:55:38 +02:00
fifthdegree
eb04eb0008 Support using smartcard for gateway authentication 2022-10-19 18:55:38 +02:00
fifthdegree
e847f159a6 Try to use the smartcard key name Windows uses
Windows expects the containerName field in TSSmartCardCreds to be what
it would use for a smartcard key's name. Try to accomodate that (at
least for PIV and GIDS cards).
2022-10-19 18:55:38 +02:00
fifthdegree
9d0beaccae smartcardlogon: choose a single smartcard to use
Require a single smartcard certificate to be chosen and define a
callback to choose when more than one is available.
2022-10-19 18:55:38 +02:00
Benoît Gschwind
1cf69f04e6 uwac: fix wl_buffer_destroy of wl_cursor buffer
Following the wayland-cursor documentation [1] the buffer created by
wl_cursor_image_get_buffer should not be destroyed. The new code avoid to
destroy it by avoiding to connect the release callback to this buffer.

[1] https://gitlab.freedesktop.org/wayland/wayland/-/blob/main/cursor/wayland-cursor.c#L147-L154
2022-10-19 17:18:07 +02:00
akallabeth
eb77fd7b0d Added replacement HMAC-MD5 implementation 2022-10-19 08:17:11 +02:00
akallabeth
3a5fb5e3a3 Added replacement MD5 implementation 2022-10-19 08:17:11 +02:00
akallabeth
309a6bea77 Added replacement MD4 implementation 2022-10-19 08:17:11 +02:00
akallabeth
1e1b3b6c3c Updated TestCryptoHash
Do multiple updates to hashes to better test implementation
2022-10-19 08:17:11 +02:00
akallabeth
08d2d559c3 Increase yuv decoder worker count
The yuv decoder might run out of workers if the rectangles are
smaller than 64x64. Assume 16x16 tiles for the decoder
2022-10-19 08:16:53 +02:00
xiaopengzhou@hotmail.com
34afe6b23e Fix Format List PDU is not sent when the Clipboard Redirection Virtual Channel is initialized for the second time. (X11 client) 2022-10-18 09:14:21 +02:00
Marc-André Moreau
e3594c91dc Add UserSpecifiedServerName setting, /server-name command-line parameter 2022-10-14 17:59:57 -04:00
akallabeth
43c5289928 Replaced memset/ZeroMemory with initializer
* Addes WINPR_ASSERT on many occations
* Replaced memset with array initializer
* Replaced ZeroMemory with array initializer
2022-10-14 12:11:01 +02:00
David Fort
57d2a27980 fix smartcard listing
This commit fixes various bugs that I've noticed on some windows systems with
smartcards that contains multiple certificates:

* With some drivers if you retrieve the ATR while enumerating the NCrypt keys, it seems to
confuse the NCrypt key context (and you're unable to retrieve certificate property). As
we don't use the ATR, let's remove the ATR retrieval.
* if don't give any user or domain on the command line, in settings you get User=Domain=NULL,
but if you pass /u:user, you get User="user" and Domain = ""(empty string not NULL). The
smartcard filtering by user/domain was not ready for that.
2022-10-14 12:05:16 +02:00
akallabeth
b70db86e51 Fixed uninitialized variable warnings 2022-10-14 11:16:23 +02:00
akallabeth
97e183d082 With #8292 ClusterInfoFlags became application settable
This pull adds the (previously lost) default value to keep compatible
with older code that does not care about that field.
2022-10-14 09:41:54 +02:00
Martin Fleisz
4bc74392c2 nla: Fix some issues with server-side NLA authentication
This PR fixes following issues with server-side NLA authentication:

- The client nonce should only be sent by the client
- The final stage in the nego token exchange checked the negoToken
  buffer for data. Instead the corresponding credssp API is now used
  which checks the correct buffer (output_buffer).
- The negoToken buffer needs to be cleared before sending the public key
  echo. In some cases the buffer was not empty and incorrectly was part
  of the response to the client.
2022-10-13 17:16:07 +02:00
Marc-André Moreau
47aaaf4693 Fix CredSSP extended credential attributes on Windows (SECPKG_CRED_ATTR_KDC_URL) 2022-10-13 16:49:01 +02:00
Armin Novak
be9cc98c08 Refactored cmdline common
* Add settings setter where possible
* Load dynamic sound channel alongside static one
* Load clipboard channel if requested
2022-10-13 14:48:40 +02:00
akallabeth
6a2626498b Disable channel builds if -DWITH_CHANNEL=OFF 2022-10-13 14:38:06 +02:00
akallabeth
b58dd122b2 Disable functions that require WITH_CHANNEL if not defined 2022-10-13 14:38:06 +02:00
akallabeth
dfb6e9200c Fixed build without RDPEI channel 2022-10-13 14:38:06 +02:00
akallabeth
bba18b7af5 Fixed -Waddress warnings 2022-10-13 14:38:06 +02:00
Armin Novak
d69bbaee28 Updated GCC
* Better logging
* Improved error checks
2022-10-13 13:57:11 +02:00
Armin Novak
a3ec857278 Improved MCS checks, added settings to MCS function 2022-10-13 13:57:11 +02:00
Armin Novak
b706676d1a [server] Store channel name for later use 2022-10-13 13:57:11 +02:00
Armin Novak
e249e355f8 Clone original settings before redirect
This eliminates all settings negotiated during initial connect and
allows to renegotiate the proper settings  with the final target
2022-10-13 13:57:11 +02:00