Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
This is the contemporary way of including find modules and including the
find module this way avoids cmake errors in conjunction with
find_package_handle_standard_args().
Signed-off-by: Kimon Hoffmann <Kimon.Hoffmann@lawo.com>
FUSE2 has compared to FUSE3 a rather complicated structure with respect
to the FUSE loop, as it uses two handles for the loop and the mount.
Due to needing the possibility to invalidate inodes during the session
and to exit the FUSE session, the session and channel handles need to be
kept alive.
When the session stops, and with that the FUSE session too, the FUSE
thread must still be able to unmount the FUSE mount.
But due to FUSE2's annoying structure, the FUSE session must be
destroyed before doing this.
In this time period, where the FUSE2 loop stops running and between
stopping the FUSE2 session, it cannot answer any requests.
As a result, the "path test", where the mount path is poked cannot be
performed.
This "path test" is however necessary to ensure, that the FUSE loop
exits.
So, the main thread pokes at the FUSE mount to ensure the loop
definitely exits to then signal the FUSE thread, that it can destroy the
session and channel object.
But at the same time, the FUSE loop may already exited and wait for the
main thread to be signalled, that it can destroy the session and channel
object.
The waiting conditions here cannot be satisfied, leading to a deadlock.
Fix this situation, by already signalling the FUSE thread, that it can
destroy the FUSE objects, after calling fuse_session_exit.
To invalidate inodes, FUSE2 uses a FUSE channel handle, while FUSE3 uses
the FUSE session.
So, ensure the correct handle is passed to the respective API calls.
When invalidating inodes, it is obligatory, that the session was not
destroyed yet.
So, in case of the FUSE loop stops before the session stops wait with
the destroyal of the session, until it is clear, that it is not used
anymore.
* /list:smartcard now allows /list:smartcard:<optional> to use different
pkcs11 modules and settings
* /list:kbd-lang now allows /list:kbd-lang:LANG_* to filter languages
All clients can implement their own callbacks for
certificate/credential/smartcard/... but there is a common (default)
implementation for all clients.
with the new setting FreeRDP_UseCommonStdioCallbacks it is now possible
to force these over the client implementation provided ones
The AAD and AVD authentication mechanisms both need an OAuth2 token.
They only differ in the provided arguments, so unify the callbacks into
a single one with variable argument lists.
- Move responsibility for obtaining access tokens to clients
- Add function for getting access tokens for AVD
- Get correct server hostname during AVD setup
- Add utility function for doing http requests
The purpose of clipboard data locking is to make the other peer
retaining the current file list until a pending paste operation is done,
even though the clipboard selection changed.
As it may be difficult to determine, when a lock is needed, imitate the
same behaviour as mstsc:
When the server side supports clipboard data locking, always attempt to
lock the file list on the server regardless of what is advertised in a
FormatList PDU.
The Lock Clipboard Data PDU can even be already sent, before the
Format List Response PDU is sent.
This is also what mstsc, does: First, lock the new (potential) file
list, then unlock the file list, when the pending paste operation is
done.
So, rework the current clipboard implementation in that direction.
Since the implementation for timeouts for old file lists is a bit hard,
for now always force unlock pending locks, when the selection changes.
However, timeouts for old file lists can still be added in the future.
The reworked clipboard handling is done with the help of three hash
tables:
1. The inode table: This hash table manages all inodes for each file.
The keys in this table are the inodes themselves, while the values
the files and directories and their attributes (file size, last write
time, etc.).
2. The clipdata table: This table manages the locks for each file list.
The keys in this table represent the clip data id and the values the
clip data entries, which have a reference to the clip data dir, a
directory containing the whole selection, and some helper attributes,
like the clip data id itself.
3. The request table: Every file size or file range request is managed
here. When a FileContentsRequest is made, its stream id with the
respective details are added to this table. When a response is
received, these details can then be easily looked up here.
This PR creates a new /gateway:type:arm transport.
It depends on CJSON
The arm transport is not a transport by itself but is responsible
for getting the websocket endpoint from a configuration url derived from
the configured gateway host in the rdpw file or cmdline
* factor out most websocket specific code parts into websocket.c
* create wst.c (Websocket Transport) as gateway transport implementation
* introduce GatewayUrl setting that holds the websocket url
* introduce GatewayHttpExtAuthBearer that holds the HTTP Bearer
* GatewayHttpExtAuthBearer can be used by both rdg and wst
Optionally build the SDL client with Qt WebEngine to create a popup
browser for authentication to AAD. Also change the URL output on the
command line to use the "nativeclient" redirect for easier copy/pasting
of the authorization code.
This new argument allows reading all command line options from a file or
from stdin. It is a standalone argument and can not be combined with any
other.
if a reader is detected, print out the number of (valid) certificates
detected. This avoids #8953 empty output if there are no valid
certificates installed on a smartcard.
Options like /gateway:type:http,no-websockets,port:1234 were not
properly parsed. The `type:http,no-websockets` must be considered as
separate options with weak dependency.
Thanks to @akarl10 for pointing out this problem.
This PR contains various changes to rdp file handling:
The old code had a strange mixture of handling settings. When loading a
file every line of the file was cached in `rdpFile::lines`. Sometimes
functions would operate on these cached lines, sometimes they would
operate on the actual values in the `rdpFile` instance.
On the other hand if an `rdpFile` instance was created from
`rdpSettings`, this line cache simply did not exist, causing functions
to behave differently, depending on whether the instance was created by
reading a file or by populating it from `rdpSettings`.
The new implementation has now a single way of accessing values (
`find_integer_entry`/`find_string_entry`) and the `rdpFile::lines` data
is used to handle unknown settings.
The PR also adds some argument checking and assertions.
`freerdp_parse_username` always returns non-NULL domain information when
called. This currently results in `settings->domain` being overridden in
every case, even though we might have read domain information from the
file before.
This PR fixes this issue by checking if domain information was present
in the file and if not use the parsed domain informatin.
