mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,967 Commits 6 Branches 73 Tags 86 MiB
Commit Graph

5196 Commits

Author SHA1 Message Date
akallabeth bc1d291b44 [core,rdstls] add state transition checks and logs 2023-03-08 14:05:00 +01:00
akallabeth adbecf71c6 [core,rdstls] use dynamic logger 2023-03-08 14:05:00 +01:00
akallabeth 0dc59f3a41 [core,rdstls] hide rdstls parsing 
* move rdstls specific code from transport_parse_pdu to rdstls_parse_pdu
* hide rdstls implementation details
 2023-03-08 14:05:00 +01:00
Joan Torres c7f214435e [core,transport] use modern stream funcs on transport_parse_pdu 2023-03-08 14:05:00 +01:00
Joan Torres d3eab544bd [core,rdstls] validate state transitions 2023-03-08 14:05:00 +01:00
akallabeth 15b5026260 [core,rdstls] rdstls_read_data no heap 
do not allocate and copy the returned data, just return a pointer in the
stream and the length of the data.
 2023-03-08 14:05:00 +01:00
akallabeth f5a8da4f62 [core,rdstls] ensure stream length on empy return 2023-03-08 14:05:00 +01:00
Joan Torres 7c24da917e Add RDSTLS security protocol 
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
 2023-03-08 14:05:00 +01:00
Joan Torres 689bf6daab [core,nla]: Fix using password from redirection 
If a client reconnects on redirection process and uses NLA authentication,
the client was using the old password because it wasn't setting
usePassword to false.

With this commit the client will use the new password.
 2023-03-08 08:36:42 +01:00
Joan Torres 5f8e64f89c [core,connection]: Fix load balance setting on redirection 
The routing token is already set for the nego on rdp_client_connect func.
 2023-03-08 08:36:42 +01:00
Joan Torres 8c998e67f3 [core,redirection]: Debug redirection fields ordered 2023-03-08 08:36:42 +01:00
Armin Novak f068d21a5e [core,peer] set up channelErrorEvent 2023-03-06 21:46:51 +01:00
Armin Novak 8c88a477fd [core,licensing] fix warnings 2023-03-06 15:39:14 +01:00
Armin Novak 16d1d3d9c5 [core,security] fix types to reduce warnings 
* Make integer UINT32 to match use
* Fix missing length checks
 2023-03-06 15:39:14 +01:00
Armin Novak 3a6566d35e [crypto,key] fix missing rdpCertInfo clone 2023-03-06 11:31:19 +01:00
Armin Novak 92e071fa0c [core,listener] print info if a client is from localhost 2023-03-06 11:31:19 +01:00
Armin Novak 1c8f762721 [core,peer] fix multitransport request checks 
If the client does not announced support for UDPFECR then do not send a
multitransport request and just skip the state.
 2023-03-06 11:17:51 +01:00
Armin Novak 37936f5cbb [core,connect] check for valid hostname 2023-03-06 10:04:59 +01:00
Armin Novak 77943d4329 [warnings] Fixed missing-prototypes warnings 2023-03-06 10:04:59 +01:00
Armin Novak 2eeb5d718a [warnings] Fixed shadow warnings 2023-03-06 10:04:59 +01:00
Armin Novak 3d8cb485f4 [warnings] Fixed strict-prototypes warnings 2023-03-06 10:04:59 +01:00
Armin Novak e496771034 [warnings] fixed unused-variable warnings 2023-03-06 10:04:59 +01:00
Armin Novak f5462bdf92 [core] fix rdp_client_establish_keys 2023-03-06 08:35:24 +01:00
Armin Novak ca706e3099 [core,caps] fix invalid imeFileName 
imeFileName might contain invalid characters, ignore these
 2023-03-06 08:35:24 +01:00
Armin Novak fb60145685 [utils,cliprdr] remove runtime assert 2023-03-05 17:55:28 +01:00
Armin Novak 60998a62b4 [utils] added FILEDESCRIPTORW read/write routines 2023-03-05 17:55:28 +01:00
Armin Novak 2450bf75e8 [core] improve assertions and logging 2023-03-05 17:03:18 +01:00
Armin Novak d0ef43f49b [core,redirect] check TsvUrl on redirect 
according to spec the TsvUrl must match the LoadBalanceInfo the client
initially sent. Implement this check or else log an error.
 2023-03-02 09:55:49 +01:00
Armin Novak 455f6546a7 [core,redirection] implement redirection PDU write 
implemented writing redirection certificate to PDU
 2023-02-28 15:49:58 +01:00
Armin Novak ae8f0106bd [core,redirect] extract and check redirection cert 
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
 2023-02-28 15:49:58 +01:00
Armin Novak 5bf3a06a30 [utils] windows implementation for freerdp_interruptible_getc 2023-02-28 09:47:54 +01:00
Armin Novak acc5e2d301 [client,common] use non blocking IO 
when reading from stdin use non blocking IO so that we can check if the
session terminated in between.
 2023-02-28 09:47:54 +01:00
Armin Novak 4398126dde [utils,signal] remove terminal reset 2023-02-28 09:47:54 +01:00
David Fort b8814e723a fix some warning with the use of new crypto functions 2023-02-28 07:59:40 +01:00
akallabeth adce7378c3 [core,cache] make protocol caches private 
most protocol internal caches do not need to be exposed. this reduces
the public API and allows us to more easily improve/change this during a
release cycle
 2023-02-27 17:31:52 +01:00
akallabeth 3293d0d06a [core] add log for experimental settings 
Too often experimental flags had been used without the user noticing
that. As bug reports are hard to analyze without proper information take
this approach and inform about experimental flags in use by logging
these.
 2023-02-27 11:44:10 +01:00
akallabeth aa2cb9aa5f Fixed #8686: Update h264 to use new FFMPEG API 2023-02-27 09:45:44 +01:00
Marc-André Moreau 3a8dce07ea expose last NLA/CredSSP SSPI error code (freerdp_get_nla_sspi_error) 2023-02-24 13:19:19 -05:00
Armin Novak f357312584 [utils] term signal cleanup handlers 
add functions to register/unregister termination cleanup handlers
 2023-02-23 20:28:15 +01:00
Martin Fleisz 2fa12ad794 gateway: Fix broken #ifdef/#else/#endif 2023-02-23 17:27:22 +01:00
Martin Fleisz 892e58d969 core: Update smartcard settings on all platforms 
Currently smartcard settings were only updated in the WIN32 code path.
This must be done on all platforms to have the correct settings (i.e.
pkinitArgs) correctly applied.
 2023-02-23 14:25:44 +01:00
Martin Fleisz 09b2096cf2 core: Add CAPI support for enumerating smart card key containers 
Windows seems to favor using the legacy Crypto API (CAPI) for
enumerating RSA key containers and only relies on the newer CNG APIs for
ECC keys.

This PR adds support for CAPI key container enumeration on Windows.

The PR also fixes an issue where the CSP was always set to the MS Base
Smart Card Provider during NLA authentication.
 2023-02-22 17:10:47 +01:00
akallabeth 392340d5fd Fix #8702: Disable sha3 and shake hashes for libressl 2023-02-22 11:47:37 +01:00
Martin Fleisz 6f639686cf core: Allow change to smart card logon in Authentication callbacks 
This PR adds a few changes so that a client is able to change the
authentication/logon type in the Authentication callback. I.e. if the
client was started without user/domain the authentication callback is
now able to activate smart card logon by setting the SmartcardLogon
setting along with csp/container/reader name.
 2023-02-22 11:45:32 +01:00
Armin Novak b4330cfccb [core,settings] use conservative multitransport flags 2023-02-21 16:42:54 +01:00
Joan Torres e5d9a41778 [core,gcc] Fix applying RedirectionVersionMask 
The RedirectionVersionMask is 0x3c i.e. 00111100.
So the left shift operation to set RedirectionVersion is of 2 places.
 2023-02-21 16:18:04 +01:00
akallabeth ab5be61e89 [client,common] working REDIRECTION_VERSION6 
* REDIRECTION_VERSION6 requires enabled multitransport, enable it
* Add a fallback if multitransport was disabled
 2023-02-20 16:04:04 +01:00
akallabeth 66245e7a00 [crypto,cert] remove rsa check 
the rsa keys to be checked are on the deprecation list for most SSL
libraries so the function might fail unexpectedly
 2023-02-16 10:06:17 +01:00
akallabeth 8b95030f5e [cryto,cert] clean up code 2023-02-16 10:06:17 +01:00
akallabeth a2b23a83ab [crypto,cert] only extract server certificate 2023-02-16 10:06:17 +01:00