Commit Graph

124 Commits

Author SHA1 Message Date
Gluzskiy Alexandr
bee2e1526d allow to use in single threaded mode
(some client side channels and all server side channels still need to be
ported to new api)

server: build fix, do not disable threads for rfx encoder

cliprdr client channel: implemented support for DisableThreads option
looks like thread does not make sense at all for this channel

do not initialize disabled image codecs (respect settings)

channels: client: rail: added support for DisableThreads setting

changed "BOOL DisableThreads" to "UINT32 ThreadingFlags"
dropped unnecessary apu changes

draft implementation of threading settings aware message handling api
for addins/channels

rail: use new messaging api

fixed memory leak

msgs handlers external api changes (as requested)

msgs_handlers: init fix

fixed memory leak

logic fix

resolved problems appeared after rebase to master, dropped unnecessary
changes

git clang-format origin/master

fixed TestFreeRDPCodecRemoteFX.c

"formatting, run `clang-format` please"

properly use new "rfx_context_new(BOOL, UINT32)" everywhere

passed Threading Flags to "rfx_context_new" where available

in older C standarts veriables declaration must be done before any code

requested changes

clang-format as requested

use broken signatures of standert C functions for m$ s**tos

clang-format

requested changes

requested changes

moved ThreadingFlags to stable api zone

define type for channel msg handler

typo fix

clang-format

build fix

us ThreadingFlags from server settings

git clang-format origin/master

clang-format
2021-02-25 14:05:40 +01:00
Armin Novak
58be47bc63 Added expert settings /tune and /tune-list 2020-04-21 17:30:24 +02:00
Armin Novak
7db4f69cb6 Added TcpKeepalive setting, use settings getter const arguments. 2019-11-07 12:39:22 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
Armin Novak
93bf375686 Refactored settings getter/setter to stay compatible. 2019-05-08 14:35:25 +02:00
Armin Novak
6ac91924d5 Fixed use of settings getter/setter 2019-05-08 14:17:23 +02:00
Armin Novak
abc93f924c Added python generator for freerdp_[g|s]et_param*
The settings getters and setters are now automatically generated.
Added a test case to check if all available options can be retrieved.
2019-05-08 14:17:23 +02:00
Armin Novak
082eef05e1 Fixed broken implicit fallthrough 2019-04-05 09:14:35 +02:00
Armin Novak
b60045af27 New option to disable user certificate dialog
The new option +cert-deny aborts a connection automatically if
the certificate can not be validated by OpenSSL or via known hosts.
2018-12-14 10:17:52 +01:00
Bernhard Miklautz
1222e7060b new [crypto/tls]: add support to set tls security level
The newly introduced option /tls-seclevel can be used to set the tls
security level on systems with openssl >= 1.1.0 or libressl.
As default level 1 is used as higher levels might prohibit connections
to older systems.
2018-11-08 11:13:15 +01:00
Armin Novak
0de43c8b85 Added /smartcard-logon option to set flag. (Stripped version of #4837 by @informatimago) 2018-09-04 15:50:03 +02:00
Armin Novak
c3a26b0d6a Removed +async-transport options
The async transport option is broken by design.
If used the main loop is called from the transport thread and the
main thread of the application.
Unless the transport layer is refactored to just work on queues
(input and output) this option will never work, therefore remove it.
2018-08-22 13:56:37 +02:00
Jacco Braat
b592684734 Added to rdp file parsing: gatewayaccesstoken:s:<token>
Added to commandline parsing: /gat:<token>
Added GatewayAccessToken to sings
2018-02-15 10:56:57 +01:00
Bernhard Miklautz
bc8bdc3e54 fix channel/smartcard: compiler warnings
* remove unused variables
* remove unused jump label
2017-12-13 17:04:06 +01:00
Bernhard Miklautz
1e6fea7fa7 fix channel/smartcard: simplify channel variables
Path was not really used and name was duplicated. Use the device->Name
directly.
2017-12-13 17:04:06 +01:00
Brent Collins
d98b88642b Add new command-line option to force xfreerdp into a fips compliant mode.
This option will ensure that NLA is disabled(since NTLM uses weak crypto algorithms), FIPS
encryption is enabled, and ensure fips mode is enabled for openssl.

Selectively override specific uses of MD5/RC4 with new API calls specifically tailored to override FIPS.

Add comments on why overriding the use of these algorithms under FIPS is acceptable for the locations where overrides happen.

Remove check of server proprietary certificate which was already being ignore to avoid use of MD5.

Initialize winpr openssl earlier to ensure fips mode is set before starting using any crypto algorithms.
2017-11-17 12:43:06 +01:00
Bernhard Miklautz
4592deee72 extend /size to allow width or height percentages (#4146)
If the size parameter is used with a percentages like /size:50% now
an additional 'w' or 'h' can be appended (like /size:50%w) to specify
where the percentage should be applied. If both or none are set the
behavior is like it was before and the percentage is applied to width
and height.
2017-09-25 09:35:49 +02:00
Armin Novak
0490aeb018 Fixed clang malloc integer overflow warnings. 2017-07-20 09:29:48 +02:00
Armin Novak
f414522b7a Added setting for QoeAck. 2017-05-18 14:07:09 +02:00
akallabeth
3762401d43 Merge pull request #1750 from ccpp/master
Support for HTTP-Proxy
2017-01-11 11:02:00 +01:00
Norbert Federa
f71b6b46e8 fix string format specifiers
- fixed invalid, missing or additional arguments
- removed all type casts from arguments
- added missing (void*) typecasts for %p arguments
- use inttypes defines where appropriate
2016-12-16 13:48:43 +01:00
Christian Plattner
58ef7cc42d More abstracted proxy handling 2016-12-10 23:13:35 +01:00
Christian Plattner
a72c184108 Bugfix setting HTTP proxy name (fixes environment variable detection) 2016-12-10 19:00:32 +01:00
Christian Plattner
5d10b3bf5b Merge branch 'gateway-http-bugfix'
Conflicts:
	client/common/cmdline.c
	include/freerdp/settings.h
	libfreerdp/common/settings.c
	libfreerdp/core/settings.c
	libfreerdp/core/tcp.c
	libfreerdp/core/transport.c
2016-12-09 20:43:02 +01:00
Marc-André Moreau
801dc0f826 freerdp: add configurable NTLM SAM file option for server-side NLA 2016-07-21 18:58:24 -04:00
Marc-André Moreau
e4714f3422 freerdp: fix Hyper-V connectivity, fix issues #2421 and #3325 2016-05-11 15:52:36 -04:00
Armin Novak
53445768ed Added command line option /cert-tofu 2016-03-31 12:16:55 +02:00
Armin Novak
50873be062 Added advanced gfx command line options. 2016-03-24 16:36:43 +01:00
Armin Novak
dccf40c2bc Fixed duplicate loading of smartcard and printers. 2016-02-26 15:21:11 +01:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-21 11:27:06 +01:00
Armin Novak
6698e24228 Fixed leaks, NULL dereferences and broken init. 2015-06-23 21:29:21 +02:00
Bernhard Miklautz
06502e6a91 misc: integrate pull request feedback 2015-06-22 19:24:30 +02:00
Bernhard Miklautz
1b8dd139a9 cmd line: add missing checks
* strdup
* some allocs
2015-06-22 19:23:57 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Marc-André Moreau
6b1fefea40 freerdp: fix remote assistance mode, add multi-address connection 2015-05-06 16:32:45 -04:00
Marc-André Moreau
6202f48c12 libfreerdp-core: add configurable TSG/RGB fallback, fix edge cases 2015-03-19 11:44:47 -04:00
Armin Novak
2b7a8d324c Fixed mixed declaration of code and variables. 2015-03-13 12:17:22 +01:00
Marc-André Moreau
5ab34dfa3e Merge pull request #2456 from zhangzl2013/fix-realloc
Fix incorrect usage of realloc
2015-03-12 07:33:27 -04:00
Zhang Zhaolong
a52e7f012d settings: fix incorrect usage of realloc.
Signed-off-by: Zhang Zhaolong <zhangzl2013@126.com>
2015-03-11 13:52:24 +08:00
Bernhard Miklautz
e9985c2093 settings: handle collection_add in detection case
Command line detection is run with dummy settings where not everything
is allocated. Collections (device, dynamic channel and static
channel) didn't handle this case properly.
2015-03-10 13:10:39 +01:00
Marc-André Moreau
3258c887a4 libfreerdp-core: add channel reconnect 2015-02-06 17:35:14 -05:00
Christian Plattner
33320a2e02 Merge remote-tracking branch 'upstream/master' into httpproxy
Conflicts:
	libfreerdp/core/settings.c
	libfreerdp/core/tcp.c
	libfreerdp/core/transport.c
2015-01-22 14:33:17 +01:00
Christian Plattner
3b7b3a0dac Merge commit '709df9^' into httpproxy
Conflicts:
	client/common/cmdline.c
2015-01-20 01:33:46 +01:00
Christian Plattner
c20b487815 Merge commit 'dd6d82955087e1b53c8d9f1a7a5b252c8a545210^' into httpproxy 2015-01-19 21:23:37 +01:00
Christian Plattner
5152a8a483 Merge commit '4c920506ed9985fdec0eb52fd2c40626458fd050' into httpproxy
Conflicts:
	include/freerdp/settings.h
	libfreerdp/common/settings.c
	libfreerdp/core/settings.c
	libfreerdp/core/transport.c
2015-01-19 21:13:24 +01:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Norbert Federa
25f66d2e6d xfreerdp: added smart sizing, mt gesture fixes
- removed setting ScalingFactor
- added settings SmartSizingWidth and SmartSizingHeight
- changed option /smart-sizing to optionally support <width>x<height>
- consolidated transformation of input event coordinates
- rdp8 gfx ignored scaling and panning offsets: fixed
- never resize window on panning/pinching
- simplified keyboard multitouch gesture debugging emulation
- disabled keyboard multitouch gesture emulation debug code via define
2014-12-01 11:56:44 +01:00
Marc-André Moreau
c4ad706c34 libfreerdp-core: improve bitmap codec negotiation 2014-09-21 15:40:27 -04:00