Commit Graph

137 Commits

Author SHA1 Message Date
David Fort
71fd5cc148 Limit the time passed in transport check loop
This patch make it possible to limit the time that is passed when we call
XXX_check_fds functions. This should smooth the treatment between handling inputs
and handling incoming bitmap updates.
The default maximum time is set to 100 ms.
2016-10-14 15:12:48 +02:00
Armin Novak
8f75516650 Deactivated glyph cache. 2016-10-10 09:07:28 +02:00
Armin Novak
afc4408a6c Reformatted file. 2016-10-10 09:06:05 +02:00
Marc-André Moreau
801dc0f826 freerdp: add configurable NTLM SAM file option for server-side NLA 2016-07-21 18:58:24 -04:00
Giovanni Panozzo
01a8db2c17 Fix some memory leaks in freerdp_settings_free() 2016-06-02 10:23:28 +02:00
Bernhard Miklautz
a61a642c9a core: don't advertise multi layout PDUs
If support for multi layout PDUs is advertised there are known issues
with Windows 7 and Windows 2008R2. Until those are resolved generally
disable multi layout PDUs.

See #3114 for details.
2016-05-04 09:47:23 +02:00
Armin Novak
50873be062 Added advanced gfx command line options. 2016-03-24 16:36:43 +01:00
David FORT
b3c0478305 Don't require HOME env var to be set for server-side code 2016-03-09 14:10:31 +01:00
Armin Novak
447ac23aee Refactored timezone functions. 2016-02-24 09:28:30 +01:00
Bernhard Miklautz
8ec39039e5 Merge pull request #3076 from akallabeth/remove_fixed_size_heap_strings
Removed fixed size strings.
2016-02-01 13:02:38 +01:00
Hardening
d458bc2e06 Merge pull request #3073 from davewheel/cert_key_in_memory
Allow to specify the raw content of crypto materials
2016-01-27 10:50:38 +01:00
Armin Novak
73ec3d6aca Removed fixed size strings. 2016-01-21 15:45:21 +01:00
davewheel
d5b8585a39 Allow to specify the raw content of crypto materials
Sometime it's possible that your server application doesn't have access to files
(when running in a very restricted environment for example). This patch allows
to ship the private key and certificate as a string.

Sponsored by: Wheel Systems (http://www.wheelsystems.com)
2016-01-21 11:27:06 +01:00
davewheel
121a234866 Add better handling of monitors
This patch makes FreeRDP announce the support for monitor layout PDU. It also
adds support for servers to announce the monitors layout.
2016-01-20 16:56:04 +01:00
Roland Kaufmann
600d3c5ccb Add option to disable pointer button mapping
In case the old behaviour of not reverse-mapping the mouse buttons is
desirable, a command-line option is added to disable the mapping. This
option is made experimental for the time being.

The default is to do the reverse mapping, as this is the intuitive
behaviour (the mouse then works as it would on the console).
2015-12-15 17:42:57 +01:00
Armin Novak
a5db7117c8 Implemented horizontal wheel support.
Horizontal mouse wheel input capabilities are now checked
and if available mouse buttons 6 and 7 are mapped to the
horizontal wheel for the X11 client.
2015-12-14 18:29:23 +01:00
Bernhard Miklautz
d73c4898c1 Add build-config.h
build-config.h should contain configure/compile time settings that are
relevant for projects that use FreeRDP.

For example the compiled in plugin search paths.
2015-11-09 15:54:22 +01:00
Bernhard Miklautz
1f13781fe1 Merge pull request #2855 from akallabeth/memleak_fixes
Memleak fixes
2015-08-31 09:50:21 +02:00
Bernhard Miklautz
05c02da742 settings: update settings/help to match
* wallpaper was off but help said "default: on"
* compression is on but help said "default: off"

Fixes #2853
2015-08-28 11:09:38 +02:00
Armin Novak
07bba9b623 Fixed NONNULL argument warnings. 2015-08-28 10:58:20 +02:00
Bernhard Miklautz
a22dc21c15 remdesk,encomps: misc fixes
* only free stream when an error occurs
* ignore unhanded messages instead of throwing an error
* fix memory leak in settings
2015-07-29 17:32:09 +02:00
Norbert Federa
ac95b7274e Merge pull request #2727 from akallabeth/leak_fixes_reformat
Fixed leaks, NULL dereferences and broken init.
2015-06-26 15:01:08 +02:00
Hardening
b411c11f6e Merge pull request #2729 from akallabeth/win_reg_key_by_vendor_product_define
Replaced hard coded registry keys with cmake defines.
2015-06-26 11:15:09 +02:00
Bernhard Miklautz
28e63786cd Integrate pull request feedback
Use while instead of for with additional variable where appropriate.
2015-06-25 10:33:54 +02:00
Armin Novak
e8bfa29bd2 Replaced registry keys with cmake defines. 2015-06-24 14:02:48 +02:00
Bernhard Miklautz
9f6fa7ef4c Fix possible endless loops on cleanup.
Some cleanup code possibly create endless loops because an unsigned
type was used as run variable but the check was >= 0 in the for loop.
2015-06-24 12:26:13 +02:00
Armin Novak
6698e24228 Fixed leaks, NULL dereferences and broken init. 2015-06-23 21:29:21 +02:00
Bernhard Miklautz
06502e6a91 misc: integrate pull request feedback 2015-06-22 19:24:30 +02:00
David FORT
7c3f8f33ab Fixes for malloc / calloc + other fixes
This patch contains:

* checks for malloc return value + treat callers;
* modified malloc() + ZeroMemory() to calloc();
* misc fixes of micro errors seen during the code audit:
** some invalid checks in gcc.c, also there were some possible
integer overflow. This is interesting because at the end the data are parsed
and freed directly, so it's a vulnerability in some kind of dead code (at least
useless);
** fixed usage of GetComputerNameExA with just one call, when 2 were used
in misc places. According to MSDN GetComputerNameA() is supposed to return
an error when called with NULL;
** there were a bug in the command line parsing of shadow;
** in freerdp_dynamic_channel_collection_add() the size of array was multiplied
by 4 instead of 2 on resize
2015-06-22 19:21:47 +02:00
Bernhard Miklautz
77927c213e android: fix misc compiler warnings
with gcc version arm-linux-androideabi-gcc (GCC) 4.8
2015-06-22 19:09:59 +02:00
Bernhard Miklautz
bf73f4e4f1 Fix unchecked strdups
* add missing checks
* adapt function return values where necessary
* add initial test for settings
2015-06-22 19:09:59 +02:00
Vic Lee
2e11eac79a Merge pull request #2675 from akallabeth/path_make_path
Added PathMakePath function.
2015-06-18 02:43:47 +00:00
Armin Novak
acc96388a5 Added certificate_get_fingerprint function to read out old one. 2015-06-11 09:14:15 +02:00
Armin Novak
5b7a44cd4a Removed CreateDirectoryA, handled by PathMakePath 2015-06-09 13:17:15 +02:00
Armin Novak
6b4cc2ff25 Fixed size of string buffer. 2015-06-02 12:45:35 +02:00
Armin Novak
ea1dae219d Added config compatibility for default builds. 2015-06-02 12:00:52 +02:00
Armin Novak
d3a88014da Fixed directory creation checks. 2015-06-02 10:01:10 +02:00
Armin Novak
dd1a03191d Fixed settings path creation. 2015-06-02 09:51:05 +02:00
Armin Novak
8f68b9c261 Using vendor/product scheme for settings now. 2015-06-02 09:50:53 +02:00
Marc-André Moreau
35e26020aa freerdp: patch multiple leaks and OOM errors 2015-05-22 14:14:57 -04:00
Marc-André Moreau
6b1fefea40 freerdp: fix remote assistance mode, add multi-address connection 2015-05-06 16:32:45 -04:00
Bernhard Miklautz
3c7662517c hardening
Start to add missing checks for:
* *alloc
* *_New
2015-03-25 17:38:21 +01:00
Marc-André Moreau
6202f48c12 libfreerdp-core: add configurable TSG/RGB fallback, fix edge cases 2015-03-19 11:44:47 -04:00
bjcollins
d4a9a2d3a8 Remove override redirect flag for fullscreen with keyboard grab enabled. Window manager should always know about the main window.
Small cleanup of passing around decorations flag.
Limit PercentScreen to single monitor vs. entire desktop. IMO - this is better behavior in a multimonitor environment.

Handle fullscreen windows better:
1. Ensure that size hints are set to allow resizing before setting a window to fullscreen as some window managers do not behave properly.
2. Handle fullscreen toggles without destroying and recreating window.
3. Use NET_WM_STATE_FULLSCREEN Extended Window Manager Hint for fullscreen functionality
4. Use the NET_WM_FULLSCREEN_MONITORS Extended Window Manager Hint when appropriate
5. When a single monitor fullscreen is requested - use the current monitor(as determined from mouse location)
6. Handle cases where there is no local monitor at coordinate 0,0. The Windows server expect there to be a monitor at this location, so we maintain offset if necessary between our local primary monitor and the server side primary monitor located at 0,0.
2015-02-23 11:22:28 -06:00
Marc-André Moreau
9b9fbd2ab1 xfreerdp: fix fullscreen mode 2015-02-10 15:15:30 -05:00
Marc-André Moreau
fa06c4d401 libfreerdp-core: improve reconnection 2015-02-06 14:21:26 -05:00
Marc-André Moreau
977cd21919 libfreerdp-core: don't enable GatewayBypassLocal by default 2015-01-28 15:16:31 -05:00
Marc-André Moreau
74bef0edca Merge pull request #2275 from awakecoding/master
TS Gateway Fixes
2014-12-12 09:33:52 -05:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Marc-André Moreau
d8e10ac04a freerdp: patch leaks reported by valgrind when using TS Gateway 2014-12-11 11:25:34 -05:00