This patch introduce the basic architecture to intercept content of dynamic
channel. When a dynamic channel is in intercept mode, we accumulate and reassemble
the current packet so that it can be passed for inspection.
When some channels are filtered, some misalignement of channel ids could happen.
This patch keeps track of the back and front channel ids to correctly identify a
channel and send packets with the correct channel id.
Previously smartcard authentication was only supported with TLS
connections so the proxy forced that security mode.
Since we now have a working NLA smartcard auth implementation we can
remove that code and leave the correct configuration to the proxy user.
The cmd parameter (type int) has been logged using the %s format
specifier causing an access violation.
Fixed by using get_packet_type to convert cmd to a string.
* Fixed format strings to match arguments
Reviewed and replaced all %d specifiers to match proper type
* Added proxy dynamic channel command type to log messages.
During tests I sometimes received DATA_FIRST_PDUs that were not part of
a fragmented message but contained a complete PDU.
The documentation is not quite clear about if this is a possible
scenario or a protocol violation. However in the description of the Data
field it says:
If the sum of the DVC header size and the value specified by the Length
field is less than 1600 bytes, then the actual data length equals the
value specified by the Length field.
This hints that DATA_FIRST_PDU might also contain complete Data and does
not necessarily mean to be the first part of a fragmented PDU.
Only the least significant bit is valid in the unicode flag UINT32. Some
clients send garbage data in the other bits which caused the proxy to
drop the connection which is wrong.
This big patch fixes fragmentation handling in the dynamic channel. We used to
have a single state to handle fragmentation at the main dynamic channel level, but
in fact packets can be fragmented per sub channel. So we have to maintain a fragmentation
state per sub channel, this involve treating dynamic and static channels differentely
(so the size of the patch that has to implement state tracking per dynamic channels).
This adds a User, Domain and Password parameter in the Target section of the configuration
to specify and use a fixed backend user, domain or password (overriding the one
passed by the front user).
* Fixed remdesk settings pointer
* Fixed sign warnings in display_write_monitor_layout_pdu
* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context
* Added and updates settings
* info assert/dynamic timezone
* mcs assert/log/flags
* Fixed and added assertions for wStream
* Unified stream length checks
* Added new function to check for lenght and log
* Replace all usages with this new function
* Cleaned up PER, added parser logging
* Cleaned up BER, added parser logging
* log messages
* Modified Stream_CheckAndLogRequiredLengthEx
* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list
* Improved Stream_CheckAndLogRequiredLength
* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected
* Fixed public API input checks
The rework introduce a stateful dynamic channel treatment, so that we can take early decisions
for data packet (dropping all the current packet or pass it), but also reassemble important
packets like channel creation.
* Fixed GetFileInformationByHandle initializers
* Fix#7793: Do not expose internal input API
Slow-Path input uses UINT16 for scancodes on wire, but only the
lower byte is actually used. (the extended fields are sent in
keyboardFlags field)
Hide this implementation detail and adjust the API to use UINT8
for the code instead just like the corresponding Fast-Path PDU
* Added a warning for problematic slow path keyCodes
The flag was forcing the remoteApp usage when set, while all the other equivalent
flags just enable the feature. This patch fixes that, so now setting RemoteApp = TRUE
just enables the front client to do remoteApps.
Building client channels out of tree does not work reliable as the
dependencies can not be easily split. (exceptions may be simple ones
as echo channel)
It does complicate the build system and code though, so remove this
for maintainability reasons.
This PR introduces per channel context so that we can speed up operations like
retrieving the channel name from its id, or knowing what shall be done for a
packet (no config ACL recomputation at each packet).
