Commit Graph

2776 Commits

Author SHA1 Message Date
Marc-André Moreau
23f66f3987 add KDC URL to internal SSPI Kerberos settings 2022-09-30 19:33:12 +02:00
Marc-André Moreau
b324e49131 rename KerberosKdc setting to KerberosKdcUrl 2022-09-30 19:33:12 +02:00
akallabeth
1849632c43
Fixed format strings to match arguments (#8254)
* Fixed format strings to match arguments

Reviewed and replaced all %d specifiers to match proper type

* Added proxy dynamic channel command type to log messages.
2022-09-29 14:55:27 +02:00
Joan Torres
d63f2324d1 Add support to send a ServerRedirection PDU. 2022-09-28 13:54:00 +02:00
Armin Novak
a8d4c3397c Fixed passing enum to pointer type 2022-09-20 15:52:14 +02:00
Armin Novak
a72f101739 Fixed undefined shift behaviour
BOOL must be cast to UINT32 before shifting to avoid undefined
behaviour
2022-09-20 13:25:44 +02:00
Néfix Estrada
66bef0c708 feat(emscripten): add support for emscripten compilation 2022-09-15 10:23:43 +02:00
akallabeth
f8159cc18a
Fixed memory leak in nla_send (#8193) 2022-09-12 10:54:29 +02:00
David Fort
8d9a43de01
core: various cleanups for persistant cache (#8191) 2022-09-12 10:21:42 +02:00
Martin Fleisz
f50d3f3f94 gateway: Fix Sec-WebSocket-Key accept handling (#8166) 2022-09-12 08:38:28 +02:00
David Fort
c7ef66f978
smartcard: also filter certificate by domain name (#8160)
Command line username is used to filter the smartcard certificates during enumeration,
this patch also add the domain as a filter.
2022-08-30 09:00:47 +02:00
fifthdegree
7901a26a16
Kerberos User 2 User support (#8070)
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
2022-08-17 12:25:26 +02:00
David Fort
942273e9cb
tls: add an option to dump tls secrets for wireshark decoding (#8120)
This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
2022-08-16 10:40:32 +02:00
akallabeth
bf56a39e6f
Fixed #8090: Duplicate definition of strndup (#8102)
* Fixed #8090: Duplicate definition of strndup

* Moved strndup detection to winpr

Co-authored-by: Armin Novak <anovak@thincast.com>
2022-08-02 09:15:38 +02:00
David Fort
1f08cb9a7d
Drdynvc needs love (#8059)
* winpr: add lock operation on HashTables

* drdynvc: change the listeners array for a hashtable and other micro cleanups

* logonInfo: drop warning that is shown at every connection

Let's avoid this log, we can't do anything if at Microsoft they don't respect
their own specs.

* rdpei: fix terminate of rdpei

* drdynvc: implement the channel list with a hashtable by channelId
2022-07-26 12:53:41 +02:00
fifthdegree
5f3bc5842a nla: use winpr asn1 library 2022-07-26 09:38:53 +02:00
fifthdegree
decc55c30d
smartcardlogon: make error retrieving atr non-fatal (#8087)
Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
2022-07-22 09:42:18 +02:00
Martin Fleisz
e58d53188a core: Fix broken string handling for custom sspi module loading 2022-07-21 15:59:43 +02:00
Martin Fleisz
12f2c4e2a7 core: Use closesocket instead of close 2022-07-21 15:59:43 +02:00
Martin Fleisz
0be57500bd core: Fix char encoding mixup in ntlm_client_make_spn 2022-07-21 15:59:43 +02:00
Martin Fleisz
145caf829b core: Use _strdup instead of strdup 2022-07-21 15:59:43 +02:00
Armin Novak
b2df9207e4 Fixed #8054: multimonitor settings 2022-07-07 14:24:07 +00:00
Martin Fleisz
82d0714198 gateway: Base-64 encode websocket key in request header
According to the RFC the websocket key in the request header should be
base-64 encoded:

The request MUST include a header field with the name |Sec-WebSocket-Key|. The value of this header field MUST be a nonce consisting of a randomly selected 16-byte value that has been base64-encoded (see Section 4 of [RFC4648]). The nonce MUST be selected randomly for each connection.

If we just send a random key this might cause problems with
gateways/proxies that try to decode the key, resulting in an error (i.e.
HAProxy returns 400 Bad Request).
2022-07-07 11:54:26 +02:00
Pascal Nowack
6492a00959 client/X11: Relieve CLIPRDR filename restriction when possible
Microsoft Windows imposes strict filename restrictions on its platform.
As RDP is developed by Microsoft and the RDS in MS Windows is typically
used as remote desktop server for the RDP protocol, these filename
restrictions are also enforced in WinPR, when copy-pasting files over
the clipboard.
However, in some connections no peer on MS Windows is involved and in
these situations, these filename restrictions are just an annoyance.

With a recent API addition in WinPR, it is now possible to override the
callback, where the filename is checked, whether it is valid.
So, use this new API to relieve the filename restriction, when the
connected remote desktop server is not on MS Windows.
2022-07-07 07:45:26 +00:00
Pascal Nowack
35d6f19d60 freerdp/peer: Add APIs to get OS major and minor type strings 2022-07-07 07:45:26 +00:00
David Véron
a3712521a8 TLS version control
* added settings for minimal and maximal TLS versions supported
* refactorisation of the force TLSv1.2 setting
2022-07-07 07:13:11 +00:00
Armin Novak
2324e52be3 Fixed settings tests 2022-07-06 12:01:23 +02:00
Armin Novak
23dd484824 Revert "Added a check in DesktopResize for protocol violations"
This reverts commit 07a5a6ef6d.
2022-07-06 12:01:23 +02:00
Armin Novak
b672bda85e Removed RdpKeyFile and RdpKeyContent settings
They are a duplicate of PrivateKeyFile and PrivateKeyContent
2022-07-06 12:01:23 +02:00
Armin Novak
d0ae1c8160 Moved pubSub to rdpRdp 2022-07-06 12:01:23 +02:00
akallabeth
d0fece49dc Use stack variable instead of malloc in transport 2022-07-04 14:31:08 +02:00
akallabeth
51f4c374c4 Clear OpenSSL error queue before BIO_read/BIO_write 2022-07-02 16:32:50 +02:00
fifthdegree
85f7cb8916 clear openssl error queue after nla_client_begin 2022-07-02 16:32:50 +02:00
akallabeth
3e35eb3805 Fixed broken format string in rdg.c 2022-07-01 11:27:22 +02:00
akallabeth
cb96e6143d Fixed -Wshadow warnings 2022-06-30 10:49:02 +02:00
akallabeth
e07233ccef Fixed float comparson 2022-06-29 18:10:33 +02:00
Armin Novak
40ae6731c9 Fixed issues with settings clone 2022-06-27 14:27:12 +02:00
Armin Novak
29af8a45b6 Fixed missing LoadChannels calls and settings on redirect 2022-06-27 14:27:12 +02:00
akallabeth
780e42f126 Add warning for applications using input functions in wrong state 2022-06-27 11:21:24 +02:00
akallabeth
944f43c0bc Fixed transport handling of pool allocated streams 2022-06-27 11:21:24 +02:00
akallabeth
3d07eee3ac Abort input event send if the connection terminated 2022-06-27 11:21:24 +02:00
akallabeth
d745ba7c28 Assert function arguments in freerdp.c 2022-06-27 11:21:24 +02:00
akallabeth
43b1f51984 Unified setting of finalize_sc_pdus 2022-06-23 14:19:50 +02:00
akallabeth
a402f7c3c4 Fixed codec reset 2022-06-23 14:19:50 +02:00
akallabeth
379b42e3bd Simplified certificate resource cleanup 2022-06-23 14:19:50 +02:00
akallabeth
9613bd9bc6 Added function ReachedState to peer
This callback exposes the state the RDP peer has reached.
2022-06-23 14:19:50 +02:00
akallabeth
40723606e4 Exposed WTSVirtualChannelManagerOpen 2022-06-23 14:19:50 +02:00
akallabeth
f8a6c0db3f Do not assert in abort_connect 2022-06-23 14:19:50 +02:00
akallabeth
07a5a6ef6d Added a check in DesktopResize for protocol violations 2022-06-23 14:19:50 +02:00
akallabeth
31304951de Regenerated settings helpers 2022-06-23 09:18:37 +02:00