Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
If credentials are read from the Windows credential manager, and the **username** contains the **domain** portion (`domain\username`), a connection couldn't be establish.
This PR parses the username and domain, sets the correct properties in the settings structure pretty much the same way the CLI args handling is doing.
C requires prototypes or compilers will complain about them missing. Our
library entry points do not have such, therefore add the macro
FREERDP_ENTRY_POINT which declares the function prototype automatically
before the function.
This is the contemporary way of including find modules and including the
find module this way avoids cmake errors in conjunction with
find_package_handle_standard_args().
Signed-off-by: Kimon Hoffmann <Kimon.Hoffmann@lawo.com>
FUSE2 has compared to FUSE3 a rather complicated structure with respect
to the FUSE loop, as it uses two handles for the loop and the mount.
Due to needing the possibility to invalidate inodes during the session
and to exit the FUSE session, the session and channel handles need to be
kept alive.
When the session stops, and with that the FUSE session too, the FUSE
thread must still be able to unmount the FUSE mount.
But due to FUSE2's annoying structure, the FUSE session must be
destroyed before doing this.
In this time period, where the FUSE2 loop stops running and between
stopping the FUSE2 session, it cannot answer any requests.
As a result, the "path test", where the mount path is poked cannot be
performed.
This "path test" is however necessary to ensure, that the FUSE loop
exits.
So, the main thread pokes at the FUSE mount to ensure the loop
definitely exits to then signal the FUSE thread, that it can destroy the
session and channel object.
But at the same time, the FUSE loop may already exited and wait for the
main thread to be signalled, that it can destroy the session and channel
object.
The waiting conditions here cannot be satisfied, leading to a deadlock.
Fix this situation, by already signalling the FUSE thread, that it can
destroy the FUSE objects, after calling fuse_session_exit.
To invalidate inodes, FUSE2 uses a FUSE channel handle, while FUSE3 uses
the FUSE session.
So, ensure the correct handle is passed to the respective API calls.
When invalidating inodes, it is obligatory, that the session was not
destroyed yet.
So, in case of the FUSE loop stops before the session stops wait with
the destroyal of the session, until it is clear, that it is not used
anymore.
Set inputType to system keyboard, otherwise keyboard can be opened with last used input type (eg. numeric)
Fix keyboard/modifiers panel opening, when keyboard stuck in other app
Hide zoom controls when keyboard is opened
* /list:smartcard now allows /list:smartcard:<optional> to use different
pkcs11 modules and settings
* /list:kbd-lang now allows /list:kbd-lang:LANG_* to filter languages
All clients can implement their own callbacks for
certificate/credential/smartcard/... but there is a common (default)
implementation for all clients.
with the new setting FreeRDP_UseCommonStdioCallbacks it is now possible
to force these over the client implementation provided ones
The AAD and AVD authentication mechanisms both need an OAuth2 token.
They only differ in the provided arguments, so unify the callbacks into
a single one with variable argument lists.
- Move responsibility for obtaining access tokens to clients
- Add function for getting access tokens for AVD
- Get correct server hostname during AVD setup
- Add utility function for doing http requests
The purpose of clipboard data locking is to make the other peer
retaining the current file list until a pending paste operation is done,
even though the clipboard selection changed.
As it may be difficult to determine, when a lock is needed, imitate the
same behaviour as mstsc:
When the server side supports clipboard data locking, always attempt to
lock the file list on the server regardless of what is advertised in a
FormatList PDU.
The Lock Clipboard Data PDU can even be already sent, before the
Format List Response PDU is sent.
This is also what mstsc, does: First, lock the new (potential) file
list, then unlock the file list, when the pending paste operation is
done.
So, rework the current clipboard implementation in that direction.
Since the implementation for timeouts for old file lists is a bit hard,
for now always force unlock pending locks, when the selection changes.
However, timeouts for old file lists can still be added in the future.
The reworked clipboard handling is done with the help of three hash
tables:
1. The inode table: This hash table manages all inodes for each file.
The keys in this table are the inodes themselves, while the values
the files and directories and their attributes (file size, last write
time, etc.).
2. The clipdata table: This table manages the locks for each file list.
The keys in this table represent the clip data id and the values the
clip data entries, which have a reference to the clip data dir, a
directory containing the whole selection, and some helper attributes,
like the clip data id itself.
3. The request table: Every file size or file range request is managed
here. When a FileContentsRequest is made, its stream id with the
respective details are added to this table. When a response is
received, these details can then be easily looked up here.
https://learn.microsoft.com/en-us/windows/win32/api/winuser/nf-winuser-setcursor
"If your application must set the cursor while it is in a window, make sure the class cursor for the specified window's class is set to NULL. If the class cursor is not NULL, the system restores the class cursor each time the mouse is moved."
This PR creates a new /gateway:type:arm transport.
It depends on CJSON
The arm transport is not a transport by itself but is responsible
for getting the websocket endpoint from a configuration url derived from
the configured gateway host in the rdpw file or cmdline
Reinitialize xinput input event masks to get events from newly plugged
devices after setup. We utilize XI_DeviceChanged and XI_HierarchyChanged
event types to handle device changes.
* factor out most websocket specific code parts into websocket.c
* create wst.c (Websocket Transport) as gateway transport implementation
* introduce GatewayUrl setting that holds the websocket url
* introduce GatewayHttpExtAuthBearer that holds the HTTP Bearer
* GatewayHttpExtAuthBearer can be used by both rdg and wst
Optionally build the SDL client with Qt WebEngine to create a popup
browser for authentication to AAD. Also change the URL output on the
command line to use the "nativeclient" redirect for easier copy/pasting
of the authorization code.
This new argument allows reading all command line options from a file or
from stdin. It is a standalone argument and can not be combined with any
other.
* Use new enum constants with WINPR_KEYBOARD_* prefix
* Fix mapping of keycodes and scancodes, the offset of 8 is no longer
required if the proper keyboard type is used.
if a reader is detected, print out the number of (valid) certificates
detected. This avoids #8953 empty output if there are no valid
certificates installed on a smartcard.
When receiving a file list, xfreerdp3 rebuilds the content of the FUSE
filesystem.
Since fetching uri-lists can happen during a paste action too, xfreerdp3
caches the content of the last fetched mime type.
However, uri-lists exists in different variations, e.g. nautilus uses a
different mime type, than gnome-terminal does.
Furthermore, FormatLists can also contain other formats in addition to
file lists.
Fetching those contents during a paste operation leads to IO errors in
the paste operation.
In order to fix those errors, cache every mimetype in two hash tables:
One for the raw (unconverted) data, and one for the converted data.
When a content request is received, xfreerdp3 can with the already
cached converted data, directly serve the data.
If the content is not available as cached data, but its source data was
already fetched, use that source data to create the converted data.
Then serve the converted data.
Only if no cached converted data or cached raw data is available, issue
a new FormatDataRequest.
On windows freerdp_interruptible_getc did not work at all. Fix this so
that reading characters works. This still does not hide input for
passwords or is actually interruptible, but at least it reads the data
correctly.
Options like /gateway:type:http,no-websockets,port:1234 were not
properly parsed. The `type:http,no-websockets` must be considered as
separate options with weak dependency.
Thanks to @akarl10 for pointing out this problem.
Format lists can contain multiple clipboard formats. When the data for
one is requested, xfreerdp caches it.
When the data for a different format in the same format lists is
requested, xfreerdp cannot use the already cached data, since that data
refers to a different format.
As a result, xfreerdp needs to ask for the data of the now requested
format.
However, this is currently not the case. xfreerdp will just provide the
data of the first request after receiving the last format list.
In order to fix this situation, also save the format id of the last
requested format.
If the format id of the cached data matches the one of the current
request, serve the data from the cached data.
Otherwise, issue a new FormatDataRequest.
Commit 6492a00959 introduced a way to
relieve the filename restriction, which ensured that file lists
containing files with names, that have characters, which are not allowed
on MS Windows.
This relief handling kicked in, when xfreerdp did not connect to MS
Windows RDS.
Commit d521c7fa74 got rid of any
wClipboardDelegate occurrence in xf_cliprdr.c, which also got rid of the
filename restriction relieve handling.
However, the relief handling was not added back, so do it now.
* fixed a return value bug in event handling
* fixed some android manifest issues with newer API
* fixed version parser in java to properly load libraries
This PR contains various changes to rdp file handling:
The old code had a strange mixture of handling settings. When loading a
file every line of the file was cached in `rdpFile::lines`. Sometimes
functions would operate on these cached lines, sometimes they would
operate on the actual values in the `rdpFile` instance.
On the other hand if an `rdpFile` instance was created from
`rdpSettings`, this line cache simply did not exist, causing functions
to behave differently, depending on whether the instance was created by
reading a file or by populating it from `rdpSettings`.
The new implementation has now a single way of accessing values (
`find_integer_entry`/`find_string_entry`) and the `rdpFile::lines` data
is used to handle unknown settings.
The PR also adds some argument checking and assertions.
to debug bug reports occuring only with certain setups wrap the function
call with a logging edition so we have the arguments available in the
log for debugging.
`freerdp_parse_username` always returns non-NULL domain information when
called. This currently results in `settings->domain` being overridden in
every case, even though we might have read domain information from the
file before.
This PR fixes this issue by checking if domain information was present
in the file and if not use the parsed domain informatin.
* use proper permissions (no read/write for group and others)
* handle streamID for multiple simultaneous copy/paste operations
* properly handle requests with a queue
Added helper functions to inform a user about current state of a client
in use:
* freerdp_client_warn_exeprimental warns about unstable clients
* freerdp_client_warn_deprecated warns about clients to be dropped