Commit Graph

3630 Commits

Author SHA1 Message Date
akallabeth
635626be12 [client,common] avd related keys to rdp file parser 2023-09-21 10:30:09 +02:00
akallabeth
7746c8f4ae [core,orders] fix #9402 polyline order processing 2023-09-21 10:00:19 +02:00
akallabeth
1d25242eac [core,transport] fix evaluation of nla errors
if there is no rdpNla fall back to default error password expired.
2023-09-21 10:00:19 +02:00
akallabeth
e5ad90627b [gateway,arm] fix abort condition for retries 2023-09-20 09:29:45 +02:00
akallabeth
c1db0029d9 [core,update] fix possible leak on gdi reset 2023-09-20 09:29:45 +02:00
Armin Novak
6399635abf [core] fix leaks reported in #9400 2023-09-19 09:35:52 +02:00
David Fort
190ecf640f [drdynvc] improvements of server-side DRDYNVC
This patch prepares the reading of the dynamic channel version so that next we
can take in account this to take advantage of advanced features in last versions
(compressions or priorities).
The patch also implement notifying the VCM event when the dynamic channel becomes ready
so that users of FreeRDP can just do calls to WTSVirtualChannelManagerGetDrdynvcState
when the channel event is set (no blind calls).
2023-09-18 13:05:44 +02:00
Armin Novak
4152ce5dee [gateway,arm] fix input string length check 2023-09-15 11:24:21 +02:00
akallabeth
be7f2979ee [gateway,http] const correct HttpResponse 2023-09-14 17:38:08 +02:00
akallabeth
bd595d363d [arm] add retry callback for transport
If the connection is blocked due to some VM requiring spinup time before
being ready to use call the newly created callback RetryDialog.
2023-09-14 12:02:26 +02:00
akallabeth
ab111b07bc [gateway,http] add a '\0' terminator to body read
ensure that every string read by the http functions is '\0' terminated.
2023-09-14 12:02:26 +02:00
akallabeth
13648c84af [gateway,arm] restructure AVD handling
* Split handling into smaller functions
* Move bad request retry out of request function to avoid memory growth
2023-09-14 12:02:26 +02:00
Eduard Mielieshkin
87529fe5ac changed the log messages 2023-09-14 12:02:26 +02:00
Eduard Mielieshkin
a785fd9c4a formatted using clang-format 2023-09-14 12:02:26 +02:00
Eduard Mielieshkin
4dcf35c0cb PoC: waiting until an AVD instance is up 2023-09-14 12:02:26 +02:00
David Fort
1afaaa82d3 [core,arm] Various fixes and adjustements for #9363
Treat the case where the publicIpAddress is there but empty.
Don't try RDSTLS if the password has not been been provided.
When RDSTLS is what we will do, disengage all the other security kinds.
2023-09-14 09:00:46 +02:00
Armin Novak
5f8f69512b [core,orders] fix reading order number field
the field for delta rectangles/points/... are only transmitted if they
changed from the previous order of the same type. So keep the original
value and update only if a new one is read.
2023-09-04 12:24:57 +02:00
Armin Novak
12e6bbe13b [core,orders] log order fields not in packet 2023-09-04 11:32:35 +02:00
Armin Novak
1a1f422d79 [core,orders] unify delta point buffer allocation 2023-09-04 11:32:35 +02:00
Armin Novak
36b58c0688 [core,orders] abort if required filed is not found 2023-09-04 11:32:35 +02:00
Armin Novak
618102b28f [core,orders] update log message 2023-09-04 11:32:35 +02:00
David Fort
8a39859612 [arm] various improvements
This patch moves the ARM configuration before starting the connection process, so
that we can do some provisioning of the FreeRDP settings with the items retrieved
from Azure.
Most notably that allows us to connect directly using RDSTLS security.
2023-09-04 10:24:56 +02:00
akallabeth
ce41d514ab [core,info] fix rdp_read_info_string
* Use proper freerdp_set_string* functions to set string
* In case of failure clean up existing string values
2023-09-02 07:56:21 +02:00
akallabeth
2102fa907a [core,connection] use dynamic logger rdp->log
for state transition logging use dynamic logger instead.
2023-09-02 07:56:21 +02:00
akallabeth
54021b50b0 [core,peer] fix initial state transitions
update initial state transitions according to [MS-RDPBCGR]
the diagram is misleading, some of the text below ambigious, but
1.3.1.1 Connection Sequence phase 10 description lists the dependencies
of server initiated messages.
2023-09-02 07:56:21 +02:00
akallabeth
4461219497 [core,rdp] make monitor layout PDU optional
the PDU might arrive or not, do not get stuck if not.
2023-09-02 07:56:21 +02:00
Armin Novak
1bbed81041 [core,orders] fix checks for multi opaque rect 2023-08-28 13:07:28 +02:00
akallabeth
60dd48e698 [api] fix integer overflow warnings 2023-08-25 14:36:05 +02:00
akallabeth
bb5345c60e [freerdp,api] add FREERDP_ENTRY_POINT
C requires prototypes or compilers will complain about them missing. Our
library entry points do not have such, therefore add the macro
FREERDP_ENTRY_POINT which declares the function prototype automatically
before the function.
2023-08-25 14:36:05 +02:00
akallabeth
4e824b243f [winpr] add WINPR_ATTR_FORMAT_ARG
this macro declares the function argument (pos,arg) to be a printf
style format string and enables compiler checks for that.
2023-08-25 12:56:36 +02:00
akallabeth
9cee9b3c08 [c standard] use WINPR_FALLTHROUGH
use the macro to silence intentional switch fallthrough locations
2023-08-25 12:56:36 +02:00
akallabeth
0a90e9214e [core,aad] fix type mismatch warning 2023-08-25 12:56:36 +02:00
akallabeth
feb5ab52cb [core,rdp] add log messages for unexpected data 2023-08-25 08:42:31 +02:00
akallabeth
d3ba8ebf00 [core,update] log BeginPaint/EndPaint failure 2023-08-23 14:27:51 +02:00
akallabeth
023c2dba6e [core,autodetect] log unknown message types 2023-08-23 14:27:51 +02:00
akallabeth
769ffbd8a0 [core,fastpat] add logging for failures 2023-08-23 14:27:51 +02:00
akallabeth
74b1d5da89 [core,redirection] add logging
add log messages for all possible failure causes
2023-08-23 14:27:51 +02:00
Marc-André Moreau
30c31d64e8 WinSCard dynamic API loading with /winscard-module cli argument 2023-08-23 12:26:27 +02:00
Armin Novak
65a05fc490 [core,server] set freed pointer NULL
Fixes #9271: after freeing the memory reset it to NULL to signal it was
already handled.
2023-08-21 13:35:36 +02:00
2fly2
bce9f1cbe6 [core,settings] default disable ThinClient setting
fixes show black window when connect transparent app in
windows server 2012r2
2023-08-21 13:03:56 +02:00
akallabeth
22fffdd5ea [freerdp,api] log NULL IFCALL/IFCALLRET calls 2023-08-04 12:59:11 +02:00
akallabeth
e51a5b33fb [core,orders] fix undefined variable, unify log strings 2023-08-03 13:54:03 +02:00
ehdgks0627
2496037f03 Standardize failure messages for order functions 2023-08-03 13:54:03 +02:00
ehdgks0627
105ce6c56b Update error message when update_read* function failed 2023-08-03 13:54:03 +02:00
Armin Novak
0cd36c1526 [build] fix Wmissing-prototypes 2023-08-01 08:37:58 +02:00
Joan Torres
a332db7cf5 [libfreerdp] fix endianness issues
There were some fields sent without considering endianness, making the
clients fail when parsing those fields.

Use Data_Write_XXX functions so the endiannes won't affect the byte order
and the clients will read properly the fields.
2023-08-01 07:56:16 +02:00
Richard Markiewicz
f59c98eebe [core,info] Fix rdp_info_read_string conversion check 2023-08-01 07:15:59 +02:00
Armin Novak
ef5c0e78ab [build] use define WINPR_FALLTHROUGH
with c17 compatible compilers annotate with [[fallthrough]]
2023-07-31 23:46:53 +02:00
Armin Novak
e7c2a75e1e [gateway,rpc] return FREERDP_ERROR_CONNECT_ACCESS_DENIED
unify http and rpc gateway return codes
2023-07-31 16:51:14 +02:00
Armin Novak
c656bb9d1d [core,gateway] ensure '\0' termination of http response 2023-07-31 16:51:14 +02:00
Armin Novak
de6aaded94 [core,gateway] improve http_response_print
print out all response data.
2023-07-31 08:46:57 +02:00
Armin Novak
8be9a3a5dd [core,gateway] unify http response logging 2023-07-31 08:32:43 +02:00
Armin Novak
03b78dd57b [aad] print http status response message 2023-07-28 16:42:23 +02:00
Armin Novak
cd7cb514a8 [core,gateway] unify http response logging 2023-07-28 16:42:23 +02:00
Armin Novak
0bdb62e9b5 [libfreerdp] fix integere narrow warnings 2023-07-28 15:48:32 +02:00
ehdgks0627
d04ba8d6ef Correct typos and formatting errors in format strings
In several files, fixed typos in format strings that were causing unexpected output and formatting issues.
2023-07-28 15:34:46 +02:00
Armin Novak
077aff0217 [core] fix cast warnings 2023-07-28 13:42:12 +02:00
Armin Novak
9d5e95c60b [core] fix unary minus warnings 2023-07-28 13:42:12 +02:00
Armin Novak
76169c26cd [core,caps] fix warnings 2023-07-27 20:02:43 +02:00
Armin Novak
6c01433f6a [core,smartcardlogon] fix warnings 2023-07-27 20:02:43 +02:00
Armin Novak
e61880d077 [standard] replace __FUNCTION__ with __func__ 2023-07-27 20:02:43 +02:00
Martin Fleisz
bb9c32ed72 gateway: Allow authentication using a NULL (current user) identity 2023-07-26 16:35:36 +02:00
fifthdegree
8330aa1ac4 Log aad authentication_result as hex and string 2023-07-26 09:44:17 +02:00
Armin Novak
a5ea634516 [core] fix cJSON compat
* only export used symbols, provide prototypes when required
* clean up some length checks
2023-07-24 09:54:49 +02:00
akallabeth
14d0ec9335 [core] move http status to string to utils
freerdp_http_status_string and freerdp_http_status_string_format are now
exposed as public API functions to work with http status codes
2023-07-21 14:53:19 +02:00
dev
80c7818f99 fix warning 2023-07-21 09:14:54 +02:00
Armin Novak
3d1bb4e1d9 [client,common] allow forcing default callbacks
All clients can implement their own callbacks for
certificate/credential/smartcard/... but there is a common (default)
implementation for all clients.
with the new setting FreeRDP_UseCommonStdioCallbacks it is now possible
to force these over the client implementation provided ones
2023-07-20 14:25:08 +02:00
akallabeth
a0d38914d6 [core,aad] refactor use of cJSON
* link cJSON public to FreeRDP
* export compatibility functions for older versions of cJSON
2023-07-20 14:20:28 +02:00
akallabeth
5d8e21927c [warnings] fix compiler warnings 2023-07-20 14:20:28 +02:00
akallabeth
734117351d [aad,avc] unify callbacks to GetAccessToken
The AAD and AVD authentication mechanisms both need an OAuth2 token.
They only differ in the provided arguments, so unify the callbacks into
a single one with variable argument lists.
2023-07-20 14:20:28 +02:00
fifthdegree
d309fcd6e8 Restructure Azure AD related stuff
- Move responsibility for obtaining access tokens to clients
- Add function for getting access tokens for AVD
- Get correct server hostname during AVD setup
- Add utility function for doing http requests
2023-07-20 14:20:28 +02:00
Pascal Nowack
4d7d136d1a core/server: Remove invalid cast
The context of wMessage is already a pointer, so the cast into UINT_PTR
is wrong here.
Additionally, casts from void pointers are superfluous.
2023-07-20 11:36:11 +02:00
Armin Novak
6d9d118593 [core,nego] remove AUTHZ_RESULT from nego header 2023-07-13 09:25:45 +02:00
Armin Novak
555fa2c98a [core,nla] print name of error code in log 2023-07-13 09:25:45 +02:00
Armin Novak
10e010329c [client,file] add WebAuthN rdp file parsing support 2023-07-10 10:45:28 +02:00
akallabeth
e18918356f [core,rdp] set logger context 2023-07-06 15:51:56 +02:00
Martin Fleisz
a5aad5159c core: Fix issues in settings copy code
This code fixes an issue where some settings were lost when copying
settings around. I.e. the device count was first set but then calling
`freerdp_settings_set_pointer_len` caused the device count to be reset
to 0 because we passed `NULL` for the data value.

This means the count got lost upon the first copy and further copies
also resulted in losing the array data (because the count was set to 0).

This PR fixes this issue by first resetting the array and afterwards
setting the correct count value.
2023-07-06 14:26:38 +02:00
akallabeth
4c862892b4 [core,gateway] clean up websocket transport 2023-07-05 13:18:54 +02:00
akarl10
76abdcdabf [core,gateway] cleanup http response 2023-07-05 10:43:27 +02:00
akallabeth
18185e9dbc [test] disable TestConnect on windows
build directories are different and the test logic can not find the
binaries necessary to launch
2023-07-05 08:46:00 +02:00
akallabeth
d9b03b45ed [test] add executable suffix for TestConnect 2023-07-05 08:46:00 +02:00
Michael Saxl
a5a60c888b [core,transport] free wst transport after use 2023-07-04 20:33:13 +02:00
Martin Fleisz
622a2a8df0 misc: More int to BOOL conversion fixes
This is a follow up to #9129.

This PR fixes some problematic `int` to `BOOL` conversions that might
cause overflows when checking for bit flags.
2023-07-04 09:45:20 +02:00
Martin Fleisz
37f9d5b494 core: Fix flag check to enable/disable RDSTLS security
On some platforms (i.e. Mac) the BOOL type might be narrower than the
`RedirectionFlags` type leading to an overflow when just assigning the
logical AND result to the setting. This fix makes sure that the value is
correctly set to either `TRUE` or `FALSE`.
2023-07-04 09:17:05 +02:00
akallabeth
a01f3ec5ab [client,common] allow adding a named keyboard pipe
This allows starting FreeRDP clients with a named pipe that will type in
text written to the named pipe as keyboard input
2023-07-03 13:21:43 +02:00
Michael Saxl
132ce797db [core,gateway,wst] fix use after free in wst_connect 2023-07-03 10:00:12 +02:00
akallabeth
e03b6596c6 [build] fix unused but set variable warnings 2023-06-29 18:34:51 +02:00
akallabeth
851f9cce2d [core,nla] fix unused variable warning 2023-06-29 18:34:51 +02:00
akallabeth
5dcd9fcb8a [core,gateway] eliminate intermediate buffer 2023-06-29 18:34:51 +02:00
Armin Novak
66cb8c68d4 [core,nego] change nego_set_routing_token argument
Use void* instead of BYTE* as the real type is unknown and warnings can
be avoided
2023-06-29 14:46:41 +02:00
akallabeth
37d9c891b4 [core,gateway] fix return value checks 2023-06-29 14:30:09 +02:00
akallabeth
b9ec4ef60d [core,info] fix stream read check
read into variable of wrong type, fixed that.
2023-06-29 14:30:09 +02:00
Armin Novak
de7fea7347 [core,gcc] gcc_read_client_data_blocks update checks
* Update checks for stream consumed
* Update log messages, use stringified version of block type
2023-06-29 08:09:53 +02:00
akarl10
8d707adcb2 [core,gateway] make http authentication work again for websocket transport 2023-06-28 11:40:22 +02:00
akarl10
7f19fab76e [core,gateway] only encode a cookie line if there is a cookie 2023-06-28 10:47:47 +02:00
akallabeth
3f78b3c379 [build] fix unused compiler warnings 2023-06-28 09:45:09 +02:00
Armin Novak
4d807a0bf0 [core,gateway] fix check for authentication 2023-06-27 21:15:08 +02:00
Armin Novak
ea66b23631 [core,gateway] fix various issues with arm transport
* fix possible leaks
* split big functions
* fix missing NULL checks
2023-06-27 21:15:08 +02:00
akallabeth
ca47058e8c [core,gateway] use custom copy for listdictionary 2023-06-27 21:15:08 +02:00
akallabeth
84fabc49e2 [core,gateway] fix locking in http_encode_cookie_line 2023-06-27 21:15:08 +02:00
akarl10
d62b088527 [gateway,wst] Update log about supported url types 2023-06-27 21:15:08 +02:00
akarl10
1108d88fc4 [gateway,wst] make WWW-Authenticate: NTLM (without data) work again
This happens in wst.c because the first try is always anonymous
2023-06-27 21:15:08 +02:00
Michael Saxl
d55e035260 [gateway,arm] Azure Virtual Desktop Gateway support
This PR creates a new /gateway:type:arm transport.
It depends on CJSON

The arm transport is not a transport by itself but is responsible
for getting the websocket endpoint from a configuration url derived from
the configured gateway host in the rdpw file or cmdline
2023-06-27 21:15:08 +02:00
akallabeth
40dd43cb01 [core,gcc] use static substream for client data 2023-06-26 19:17:55 +02:00
akallabeth
b69c259967 [core,gcc] dump unknown GCC types with trace log 2023-06-26 19:17:55 +02:00
Hugues LEFEBVRE
b67afecf0f CredSSP with early user auth (nla_ext) support 2023-06-26 11:53:46 +02:00
akallabeth
ff2b57c634 [core,peer] fixed invalid pointer to log function 2023-06-26 10:53:43 +02:00
akallabeth
4d350978dd [core] assert rdp->context 2023-06-26 10:53:43 +02:00
akarl10
63c80423a9 [multitransport] Ignore unknown data
If the reserved filed is not 0 the request PDU seems to contain
some extra data. Two bytes of 0 (probably a version field) followed by a
JSON payload (not null terminated, until the end of the packet. There
seems to be no dedicated length field)
2023-06-26 09:09:47 +02:00
Armin Novak
52ec17309a [core,caps] use settings getter/setter for unicode 2023-06-23 08:18:16 +02:00
Michael Saxl
44c1ec3276 [gateway,websocket] implement plain websocket transport
* factor out most websocket specific code parts into websocket.c
* create wst.c (Websocket Transport) as gateway transport implementation
* introduce GatewayUrl setting that holds the websocket url
* introduce GatewayHttpExtAuthBearer that holds the HTTP Bearer
* GatewayHttpExtAuthBearer can be used by both rdg and wst
2023-06-22 09:21:42 +02:00
Michael Saxl
6478edda5b rdg bearer support 2023-06-22 09:21:42 +02:00
akallabeth
1fc0d5b4b1 [winpr] remove casts for winpr_RAND calls 2023-06-21 09:57:52 +02:00
fifthdegree
80f357ddcb Add missing arg to aad token request format string 2023-06-19 08:42:33 +02:00
Armin Novak
df3c78a91d [server,core] add CheckPeerAcceptRestrictions
the new (optional) callback CheckPeerAcceptRestrictions is used to check
for server implementation specific connection requirements before
accepting a client.
2023-06-14 17:15:21 +02:00
Richard Markiewicz
946cfb1068 [core,license] Fix build on msvnc with WITH_DEBUG_LICENSE 2023-06-14 17:14:45 +02:00
Mikhail Kashin
aeb6ec6f97 [core] fix handling loadbalanceinfo tsv://MS Terminal Services Plugin 2023-06-14 09:06:50 +02:00
Marc-André Moreau
4d4dcd4511 Fix usage of explicit server name when different from connection host 2023-06-13 09:20:17 -04:00
fifthdegree
53023a0627 Fix AAD token request body 2023-06-13 07:39:49 +02:00
akallabeth
45a54b1883 [core] fix typo in debug string 2023-06-12 11:13:43 +02:00
Armin Novak
381183f421 [core,gateway] align RPC_FAULT_CODES
some architectures require alignment (apple looking at you)
2023-06-08 08:11:05 +02:00
Armin Novak
970f0c54e8 [stream] use const correct Stream_Pointer access 2023-06-08 08:09:33 +02:00
Armin Novak
81e95e51ca [winpr,ncrypt] log problems during cert enumeration 2023-06-07 23:05:54 +02:00
Armin Novak
a4c6b36a19 [build] fix memory sanitizer stack frame warnings 2023-06-07 09:14:45 +02:00
Armin Novak
b40e20ce85 [gateway,rdg] fix a leak and NULL access in RDG 2023-06-05 15:47:05 +02:00
Sergey Bronnikov
1c0c804981 [cmake] Introduce a target for building fuzzing tests
Part of #5063
2023-06-05 11:28:48 +02:00
Armin Novak
9a7aa8dbac [core,rdp] log rdp_read_share_control_header
in rdp_read_share_control_header read and log all available header data
before checking remaining length.
2023-06-05 11:07:30 +02:00
Armin Novak
d0bf018e95 [test] fix uninitialized variables in test case 2023-05-31 17:44:41 +02:00
akallabeth
d71c58a04b [core,licensing] allow all SEC_AUTODETECT_REQ messages
follow up to fdcc36dd8d
autodetect messages also seem to be sent over global channel id
instead of message channel id
2023-05-26 11:52:54 +02:00
akallabeth
393577750e [settings] add FreeRDP_ClipboardFeatureMask 2023-05-25 16:26:39 +02:00
akallabeth
4ee6cfe13a [warnings] fix -Wmissing-prototypes 2023-05-24 08:24:32 +02:00
fifthdegree
449b96adb2 Use popup browser for AAD auth in SDL client
Optionally build the SDL client with Qt WebEngine to create a popup
browser for authentication to AAD. Also change the URL output on the
command line to use the "nativeclient" redirect for easier copy/pasting
of the authorization code.
2023-05-23 06:04:55 +02:00
fifthdegree
ba7fdcb5f0 Move alloc_sprintf into the winpr string api 2023-05-23 06:04:55 +02:00
Armin Novak
7832ba2361 [core,transport] properly log failure reason retries exceeded 2023-05-23 05:04:55 +02:00
Armin Novak
da38ca3254 [core,server] decrease logging verbosity 2023-05-23 05:04:55 +02:00
Armin Novak
a433e1b761 [core,rdp] use a dynamic logger for rdpRdp 2023-05-23 05:04:55 +02:00
David Fort
a659290bd9 [smartcard] fix smartcard listing with /kerberos:pkcs11-module:<path>
When a PKCS11 module was provided, the CSP could not be set by command line
arguments, leading to an error when loading the ncrypt module, and an empty
smartcard list.
2023-05-17 10:50:45 +02:00
Sergey Bronnikov
c06be5dc35 core: fix api in a fuzzing test
API has been changed in d1ddf7a6c7
("[crypto,test] update to new cert/crypto API").
2023-05-16 22:33:49 +02:00
David Fort
b4355c0308 [codecs] fix freerdp_bitmap_planar_context_new call
freerdp_bitmap_planar_context_new() expects flags as first argument not a BOOL,
even if giving FALSE ends with the same result, it makes it more clear.
2023-05-16 10:57:18 +02:00
akallabeth
38946561bb [core,settigs] default to 32bpp session color depth 2023-05-11 13:24:09 +02:00
akallabeth
cf477c581c [core,aad] use rdpPrivateKey instead of direct SSL 2023-05-10 09:59:10 +02:00
akallabeth
9ddd21e909 [core,connection] print a warning
if we receive an unexpected channel message print a warning.
2023-05-03 13:46:39 +02:00
akallabeth
fdcc36dd8d [core,connection] relax state machine
contrary to '[MS-RDPBCGR] 1.3.9 Connect-Time and Continuous Network
Characteristics Detection' we have seen autodetection reqeusts mixed in
between licensing messages. This relaxes the state machine and allows
handling.
2023-05-03 13:46:39 +02:00
akallabeth
12a2e55588 [core,autodetect] improve logging
* use dynamically allocated logger of context
* improve stringification, print string representations with value for
  message and header types
2023-05-03 13:46:39 +02:00
Pascal Nowack
288f4d58f0 core: Make a couple of capability defines public
The settings for these defines are public, but these settings cannot be
properly used, when the respective defines are not public too.
2023-05-02 09:51:40 +02:00
Pascal Nowack
dec0f950d1 core/info: Assume compression level 0 when INFO_COMPRESSION not present
It's unlikely, that a client supports a higher compression level, when
it did not advertise that level.
2023-05-02 09:51:40 +02:00
Pascal Nowack
50c3559a43 core/capabilities: Fix handling of Virtual Channel Capability Set
The VirtualChannelChunkSize can only be larger than 1600 Bytes, when
both client and server write that value in their capability set
regardless of the value itself.
Also, Microsoft clients and servers only advertise the capabilities that
are relevant for the other peer, e.g. mstsc only tells the server that
it supports decompressing compressed data from the server, but it does
not advertise, that it is able to compress data for the server.

Additionally, correctly apply the read capabilities after reading them.
2023-05-02 09:51:40 +02:00
Pascal Nowack
264d19765c core/server: Use correct size for DVC data PDUs
The VirtualChannelChunkSize setting refers to the VCChunkSize for static
channels and not to the maximum size for DVC data PDUs.
DVC data PDUs are according to [MS-RDPEDYC] always limited to 1600
Bytes.
2023-05-02 09:51:40 +02:00
Martin Fleisz
4859a5dfd4 core: Fix possible memory leak in smartcard certificate enumeration
When enumerating smartcard certificates we check if we have duplicates
in our certificate list. In case we detect a duplicate we just return
`TRUE` (indicating that we consumed the certificate info) but do not
free the smartcard info instance.
2023-04-28 11:45:59 +02:00
Armin Novak
ca13987e84 [core,gateway] tighten checks for fault PDU 2023-04-28 10:16:49 +02:00
akallabeth
516668d02b [fclose] ensure no invalid pointers are passed.
fclose has undefined behaviour for NULL pointers, so check for these.
2023-04-28 07:39:35 +02:00
fifthdegree
b1c4cb493f Set KDC URL in a way compatible with Windows 2023-04-27 16:31:30 +02:00
David Fort
7b0b273ec1 mcs: drop a server-side warning on FreeRDP_ChannelDefArray::len
Server side we often see "FreeRDP_ChannelDefArray::len expected to be >= 31,
but have XXX", where XXX is lower than 31.

This patche fixes that, the old code was setting the size of ChannelDefArray to the
number of ChannelCount, which is usually not what we want. We want to keep it to 31
and have ChannelCount indicate how many of these channels are used.
2023-04-27 08:37:11 +02:00
Armin Novak
4d3d1bfe4d [core,autodetect] revert to [MS-RDPBCGR] states
remove 'convenience' states in main RDP state machine for autodetect
2023-04-24 14:18:20 +02:00
Armin Novak
f357f1d418 [core,license] allow empty cert info 2023-04-24 13:03:40 +02:00
Richard Markiewicz
13e52cfae2 [channels,settings] add a setting to ignore invalid devices 2023-04-24 11:29:05 +02:00
akallabeth
ecc32eaf2e [core,info] unify string read, log unexpected
* unify reading of domain and username strings with all the checks
* add handling of (undocumented) padding in [MS-RDPBCGR]
  2.2.10.1.1.2 Logon Info Version 2 (TS_LOGON_INFO_VERSION_2)
  occurring with windows 11
2023-04-24 10:59:17 +02:00
akallabeth
c0dc193a39 [winpr,input] use enum for keyboard types
* move type definition to WinPR as used there too.
* supported keyboard types are defined in
  [MS-RDPBCGR] 2.2.1.3.2 Client Core Data (TS_UD_CS_CORE)]
  use a enum instead of magic numbers to make code more readable.
2023-04-21 12:31:51 +02:00
Martin Fleisz
73911425d4 gateway: Do not encrypt message during RPC NTLM auth
Commit 2de7a4c249 introduced major changes
in the gateway authentication code. One of these changes was to decouple
NTLM specific authentication from the gateway code.

However with these changes, gateway authenciation with the old RPC code
stopped working and returned an authentication error. The problem is
that currently `credssp_auth_encrypt` encrypts the given message along
creating a signature.

The old code prevented encryption of the message by specifying
`SECBUFFER_READONLY` on the message buffer. The native Windows SSPI then
leaves this buffer as-is and gateway authentication works again.

This fix only applies to Windows platforms using the native SSPI API.
Interestingly this works on other platforms using the WinPR SSPI so
there seems to be a difference between the implementations (but that's a
topic for another PR).
2023-04-21 08:15:00 +02:00
Armin Novak
8994d4a213 [core,license] fix length checks
check the correct stream.
2023-04-19 10:51:33 +02:00
Joan Torres
3bcbdeb9fc [core,rdstls] Avoid Stream_SafeSeek on pdu parsing 2023-04-18 20:14:36 +02:00
Pascal Nowack
8362b3707e pointer: Rename position to hotspot position in Color Pointer Update
The attributes xPos and yPos for a Color Pointer Update are confusing,
as they may be confused with the xPos and yPos of the pointer bitmap on
the actual screen.
Rename these attributes to what they actually represent, and that is the
hotspot position.
xPos and yPos are still members of the hotspot. However, hotSpotX and
hotSpotY are much more clearer.
In addition to that, the Large Pointer Update uses the same names for
the hotspot coordinates.
2023-04-14 08:31:20 +02:00
Armin Novak
abe49dfd3d [core,settings] fix missing return path 2023-04-13 14:41:16 +02:00
Armin Novak
391f5e0ddb [settings] add freerdp_supported_color_depths_string 2023-04-13 14:35:51 +02:00
Armin Novak
fcdd3a1e75 [core,gcc] SupportedColorDepths and HighColorDepth
Split these, now independent from ColorDepth
2023-04-13 14:35:51 +02:00
Armin Novak
39767c5423 [settings] add supported color depths setting 2023-04-13 14:35:51 +02:00
Pascal Nowack
43f0fbdc12 core/autodetect: Allow overriding connect-time autodetection handling
Currently, FreeRDP-based server implementations can do connect-time
autodetection.
However, without having any control over it.

In order to be able to override the default connect-time autodetection
handling, introduce three new states for the state machine of the
connection sequence and two new callbacks for the autodetect handling.

These are:
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_BEGIN
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_IN_PROGRESS
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_END

- OnConnectTimeAutoDetectBegin()
- OnConnectTimeAutoDetectProgress()

The END state is pretty simple: When the autodetection is finished and
the autodetect state is FREERDP_AUTODETECT_STATE_COMPLETE, transition
into the next state of the connection sequence.

The BEGIN state is entered, when capability-wise network autodetection
is available.
In this state, the OnConnectTimeAutoDetectBegin callback is called, the
server implementation may initialize any related handling here.
If the server implementation determines, that no further handling is
required, it can end the autodetection phase by returning
FREERDP_AUTODETECT_STATE_COMPLETE.
If not, and an autodetection request is sent, it returns
FREERDP_AUTODETECT_STATE_REQUEST.
The state machine of the connection sequence will then switch into the
IN_PROGRESS state.

In the IN_PROGRESS state, any incoming PDU is handled first, then the
OnConnectTimeAutoDetectProgress callback is called.
Like in the BEGIN state, the return value will determine, whether the
state machine of the connection sequence goes into the END state or goes
into (or rather stays) in the IN_PROGRESS state.
2023-04-13 09:58:52 +02:00
Pascal Nowack
91ff145ae8 core/autodetect: Rework server side API to be closer to documentation
The current state of the autodetect API for the server side does not
include all allowed scenarios where the network autodetection can be
used.
This for example includes the connect-time autodetection, as the
related calls are hidden inside FreeRDP, and not exposed as public API.
In order to avoid duplicate send methods, check the state of the
connection sequence.
If the connection sequence is not yet done, use the connect-time request
types.
Otherwise, use the continuous request types.

The Bandwidth Measure Payload PDU is a little special case, as it is
only allowed to be sent during the connection sequence.
To ensure this, add an assertion in its sending method.

Also fix the handling for the Network Characteristics Sync PDU:
Previously, after parsing the PDU data, the read data was just sent
again to the client, which is wrong.
To fix this issue, introduce a callback for this client-to-server PDU,
so that the actual server implementation can hook up its own handling
for this PDU.
Depending on the situation, the server side may want to discard or use
the retrieved data here.

Moreover, decouple the send-handling for the Network Characteristics
Result PDU from the local autodetect variables.
Currently, these variables are shared between the send and receive
methods.
This leads to access problems, where the server side, wants to use a
different thread to send the autodetect PDU, as the receive handler may
receive an autodetect PDU and overwrite these values with possible
nonsense values.
This is especially the case with RTT response PDUs, as the written
netCharAverageRTT and netCharBaseRTT values are only correct, when only
one RTTRequest happens at a time and no stray RTTResponses are received.
2023-04-13 09:58:52 +02:00
Armin Novak
f8e8764ea8 [core,settings] unify identity from settings 2023-04-11 11:37:09 +02:00
Armin Novak
9b498efa79 [core,nla] unify identity creation 2023-04-11 11:37:09 +02:00
Armin Novak
e2f85fc329 [core,nla] ensure the identity is created with unicode 2023-04-11 11:37:09 +02:00
Armin Novak
13c025e04c [winpr,sspi] remove sspi_SetAuthIdentityWithUnicodePassword
the function is useless as we always use the SetAuthIdentityW API now
2023-04-11 11:37:09 +02:00
Armin Novak
aac0c0d01d [core,gateway] fix expected size for rts_read_auth_verifier_no_checks 2023-04-11 11:31:57 +02:00
Armin Novak
c638c51484 [core,gateway] fix expected length rts_read_auth_verifier_with_stub 2023-04-11 11:31:57 +02:00
Armin Novak
adc6b60bcf [core,gateway] silence rts_read_common_pdu_header
rts_read_common_pdu_header is used to determine if the packet was read
successfully. In that case it might fail but there should be no logging
done to not spam it with unnecessary warnings.
2023-04-11 11:31:57 +02:00
akallabeth
6a35f11faa [core,gateway] fix warnings with static stream 2023-04-11 11:30:41 +02:00
akallabeth
f3b7c1b84d [core,gateway] log http status codes 2023-04-11 11:21:27 +02:00
akallabeth
0f1b0cac76 [core,gateway] add http_status_string_format 2023-04-11 11:21:27 +02:00
akallabeth
8eec678710 [core,gateway] add http_status_string 2023-04-11 11:21:27 +02:00
Joan Torres
1f58b64f68 [core,redirection] Fix sending redirection certificate
TargetCertificate option is set in TARGET_CERTIFICATE_CONTAINER format.

Exposed ELEMENT_TYPE_CERTIFICATE and ENCODING_TYPE_ASN1_DER1 to allow
building it externally in the mentioned format.
2023-04-11 10:29:16 +02:00
akallabeth
1a951a7ebc [core,credssp] simplified name cache 2023-04-06 16:15:45 +02:00
akallabeth
182f15e475 [core] add logger to rdpContext
Add a dynamic logger for rdpContext
2023-04-06 12:11:46 +02:00
Armin Novak
f4462f69e1 [core,credssp] fix logging with unicode
convert argument to proper type before logging
2023-04-05 11:40:22 +02:00
Armin Novak
2d1c56888d [core,gateway] log win32 error code of fault PDU 2023-04-05 10:02:27 +02:00
Armin Novak
14fd94a38c [core,gateway] fix http_request_write
ensure the stream is big enough to hold the data
2023-04-05 08:56:33 +02:00
Armin Novak
50ce5b834d [core,server] warn if cert not RDP security compatible 2023-03-28 17:19:03 +02:00
David Fort
b7b46b8123 [codecs] make progressive honor threading flags
Progressive codec was not honoring the threading flags in settings like does
remoteFX, so even when no multiple threads decoding was asked, progressive was
using multiple threads anyway. This patch fixes it.
2023-03-20 15:32:28 +01:00
Armin Novak
937c158174 [core,gateway] copy data for credssp
the authentication data needs to be copied for use in credssp
fixes #8811
2023-03-17 22:28:13 +01:00
akallabeth
00572768b9 [core,rdp] fixed wrong format string 2023-03-15 08:22:23 +01:00
akallabeth
a5b42f0f84 [includes] untangled circular includes 2023-03-15 08:22:23 +01:00
akallabeth
a360f1ca8c [build] fix a few compiler warnings 2023-03-13 13:04:45 +01:00
Martin Fleisz
ecc29d00c0 core: Allow NULL identity for NLA authentication
During the recent changes the possiblity to perform NLA auth using the
current identity was removed.

In case we receive AUTH_NO_CREDENTIALS with NLA we should resume using a
NULL-identity and not abort the connection.
2023-03-13 10:59:57 +01:00
Armin Novak
0c8a08817c [core,utils] do not abort on auth fail
Authenticate and GatewayAuthenticate return FALSE when there are no
credentials supplied. AuthenticateEx indicates connection termination
with that return value. Handle this accordingly
2023-03-13 09:36:07 +01:00
Armin Novak
461a307c42 [core,utils] prefer legacy over AuthenticateEx
the new AuthenticateEx callback has a default implementation. To not
break old clients only setting Authenticate or GatewayAuthenticate
callbacks prefer the old ones over the new one.
2023-03-13 09:36:07 +01:00
Armin Novak
39bf831d50 [core,nego] unify SelectedProtocol usage 2023-03-13 09:36:07 +01:00
Armin Novak
e9bc54e8b7 [core] improve logging in freerdp_set_last_error 2023-03-13 09:36:07 +01:00
Armin Novak
24dd697003 [core,rdstls] allow 0 size data to be written. 2023-03-13 08:46:51 +01:00
Joan Torres
41c0f22398 [core,rdstls] Fix getting password as pointer 2023-03-13 08:46:51 +01:00
Armin Novak
2ddd82338a [core,security] fix security_establish_keys
the lenght of the keys was incorrect breaking RDP security
2023-03-12 22:30:31 +01:00
Marc-André Moreau
b34bad2b50 fix and improve cJSON detection 2023-03-11 08:20:10 +01:00
Armin Novak
f26dc59a9d [core,aad] make AAD optional
* make cJSON an optional dependency
* disable AAD if cJSON was not compiled in
2023-03-10 16:38:07 +01:00
Armin Novak
17b6f1bb6f [core,aad] add compatibility with cJSON < 1.7.13 2023-03-10 16:38:07 +01:00
Armin Novak
8d57fa0a7f [core,aad] fix format strings, use strtok_s 2023-03-10 16:38:07 +01:00
Armin Novak
8219c30eef [build] fixed cJSON dependency
need to find_package at top level so symbols are defined for add_library
and target_*
2023-03-10 16:38:07 +01:00
Armin Novak
47ad94e4f9 [core,aad] clean up some mistakes 2023-03-10 16:38:07 +01:00
Armin Novak
4d12c22f4e [core,aad] fixed warnings and openssl compat 2023-03-10 16:38:07 +01:00
akallabeth
429c361435 [core,aad] fix cJSON usage 2023-03-10 16:38:07 +01:00
fifthdegree
f4431cdc8c fixup! Implement support for RDS AAD 2023-03-10 16:38:07 +01:00
akallabeth
af2a74cbbb [core,aad] refactor aad parser
* split functions into smaller elements
* improve return code checks
* add log messages for error results
2023-03-10 16:38:07 +01:00
akallabeth
0af370c04b [core,aad] use dynamic logger 2023-03-10 16:38:07 +01:00
akallabeth
157d71e802 [core,aad] migrate to cJSON parser library 2023-03-10 16:38:07 +01:00
akallabeth
c5406d79c5 [core,aad] typedef AAD_STATE 2023-03-10 16:38:07 +01:00
akallabeth
3d9eaf59dc [core,aad] typedef AAD_STATE 2023-03-10 16:38:07 +01:00
akallabeth
2117cdcb0f [core,transport] rewritten aad transport read
use a do {} while loop to make it easier to read.
2023-03-10 16:38:07 +01:00
akallabeth
f5423caace [auth,aad] add freerdp* argument to callback 2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
Martin Fleisz
384642f95f core: Fix sending incorrect GUID in RDSTLS auth request
The spec states that the GUID must be sent as a Base64-encoded GUID in
Unicode format. However in the redirection code we read the (correctly
formatted) GUID and convert it to a binary BLOB.

This PR removes the unnecessary conversion which now results in a
correct RDSTLS auth request.

It also removes some dead code in `rdstls_write_data`.
2023-03-09 14:29:41 +01:00
Armin Novak
1580daecbc [core,rdstls] fix uninitialized wStream 2023-03-09 11:17:37 +01:00
Armin Novak
ec60ebaf37 [core] parse whole wStream instead of current 2023-03-09 11:17:37 +01:00
Armin Novak
5c49fae477 [core,transport] split pdu parser function
split according to which PDU type is being parsed.
2023-03-09 11:17:37 +01:00
Joan Torres
5bcc5326d0 [core,rdstls] fix rdstls_parse_pdu
When this function returns <= 0 the caller was considering it a pduLength
creating a bug.

Also fixed length calculation on some rdstls pdu types.
2023-03-09 11:17:37 +01:00
Joan Torres
b469f53c43 [core,transport] check for rdstls == NULL on accept_rdstls too 2023-03-09 11:17:37 +01:00
akallabeth
d56487717f [core,redirection] fix const warnings 2023-03-09 11:17:37 +01:00
akallabeth
34c056e163 [core,smartcard] fix WCHAR compare, use _wcscmp 2023-03-09 11:17:37 +01:00
akallabeth
4154bc500e [core,transport] check for rdstls == NULL 2023-03-09 11:17:37 +01:00
akallabeth
9a51f3b77b [core,rdstls] log state checks
when checking expected states print a proper log message when the
requirement is not met
2023-03-08 14:05:00 +01:00
akallabeth
bc1d291b44 [core,rdstls] add state transition checks and logs 2023-03-08 14:05:00 +01:00
akallabeth
adbecf71c6 [core,rdstls] use dynamic logger 2023-03-08 14:05:00 +01:00
akallabeth
0dc59f3a41 [core,rdstls] hide rdstls parsing
* move rdstls specific code from transport_parse_pdu to rdstls_parse_pdu
* hide rdstls implementation details
2023-03-08 14:05:00 +01:00
Joan Torres
c7f214435e [core,transport] use modern stream funcs on transport_parse_pdu 2023-03-08 14:05:00 +01:00
Joan Torres
d3eab544bd [core,rdstls] validate state transitions 2023-03-08 14:05:00 +01:00
akallabeth
15b5026260 [core,rdstls] rdstls_read_data no heap
do not allocate and copy the returned data, just return a pointer in the
stream and the length of the data.
2023-03-08 14:05:00 +01:00
akallabeth
f5a8da4f62 [core,rdstls] ensure stream length on empy return 2023-03-08 14:05:00 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Joan Torres
689bf6daab [core,nla]: Fix using password from redirection
If a client reconnects on redirection process and uses NLA authentication,
the client was using the old password because it wasn't setting
usePassword to false.

With this commit the client will use the new password.
2023-03-08 08:36:42 +01:00
Joan Torres
5f8e64f89c [core,connection]: Fix load balance setting on redirection
The routing token is already set for the nego on rdp_client_connect func.
2023-03-08 08:36:42 +01:00
Joan Torres
8c998e67f3 [core,redirection]: Debug redirection fields ordered 2023-03-08 08:36:42 +01:00
Armin Novak
f068d21a5e [core,peer] set up channelErrorEvent 2023-03-06 21:46:51 +01:00
Armin Novak
8c88a477fd [core,licensing] fix warnings 2023-03-06 15:39:14 +01:00
Armin Novak
16d1d3d9c5 [core,security] fix types to reduce warnings
* Make integer UINT32 to match use
* Fix missing length checks
2023-03-06 15:39:14 +01:00
Armin Novak
92e071fa0c [core,listener] print info if a client is from localhost 2023-03-06 11:31:19 +01:00
Armin Novak
1c8f762721 [core,peer] fix multitransport request checks
If the client does not announced support for UDPFECR then do not send a
multitransport request and just skip the state.
2023-03-06 11:17:51 +01:00
Armin Novak
37936f5cbb [core,connect] check for valid hostname 2023-03-06 10:04:59 +01:00
Armin Novak
2eeb5d718a [warnings] Fixed shadow warnings 2023-03-06 10:04:59 +01:00
Armin Novak
e496771034 [warnings] fixed unused-variable warnings 2023-03-06 10:04:59 +01:00
Armin Novak
f5462bdf92 [core] fix rdp_client_establish_keys 2023-03-06 08:35:24 +01:00
Armin Novak
ca706e3099 [core,caps] fix invalid imeFileName
imeFileName might contain invalid characters, ignore these
2023-03-06 08:35:24 +01:00
Armin Novak
2450bf75e8 [core] improve assertions and logging 2023-03-05 17:03:18 +01:00
Armin Novak
d0ef43f49b [core,redirect] check TsvUrl on redirect
according to spec the TsvUrl must match the LoadBalanceInfo the client
initially sent. Implement this check or else log an error.
2023-03-02 09:55:49 +01:00
Armin Novak
455f6546a7 [core,redirection] implement redirection PDU write
implemented writing redirection certificate to PDU
2023-02-28 15:49:58 +01:00
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
2023-02-28 15:49:58 +01:00
akallabeth
adce7378c3 [core,cache] make protocol caches private
most protocol internal caches do not need to be exposed. this reduces
the public API and allows us to more easily improve/change this during a
release cycle
2023-02-27 17:31:52 +01:00
akallabeth
3293d0d06a [core] add log for experimental settings
Too often experimental flags had been used without the user noticing
that. As bug reports are hard to analyze without proper information take
this approach and inform about experimental flags in use by logging
these.
2023-02-27 11:44:10 +01:00
Marc-André Moreau
3a8dce07ea expose last NLA/CredSSP SSPI error code (freerdp_get_nla_sspi_error) 2023-02-24 13:19:19 -05:00
Armin Novak
f357312584 [utils] term signal cleanup handlers
add functions to register/unregister termination cleanup handlers
2023-02-23 20:28:15 +01:00
Martin Fleisz
2fa12ad794 gateway: Fix broken #ifdef/#else/#endif 2023-02-23 17:27:22 +01:00
Martin Fleisz
892e58d969 core: Update smartcard settings on all platforms
Currently smartcard settings were only updated in the WIN32 code path.
This must be done on all platforms to have the correct settings (i.e.
pkinitArgs) correctly applied.
2023-02-23 14:25:44 +01:00
Martin Fleisz
09b2096cf2 core: Add CAPI support for enumerating smart card key containers
Windows seems to favor using the legacy Crypto API (CAPI) for
enumerating RSA key containers and only relies on the newer CNG APIs for
ECC keys.

This PR adds support for CAPI key container enumeration on Windows.

The PR also fixes an issue where the CSP was always set to the MS Base
Smart Card Provider during NLA authentication.
2023-02-22 17:10:47 +01:00
Martin Fleisz
6f639686cf core: Allow change to smart card logon in Authentication callbacks
This PR adds a few changes so that a client is able to change the
authentication/logon type in the Authentication callback. I.e. if the
client was started without user/domain the authentication callback is
now able to activate smart card logon by setting the SmartcardLogon
setting along with csp/container/reader name.
2023-02-22 11:45:32 +01:00
Armin Novak
b4330cfccb [core,settings] use conservative multitransport flags 2023-02-21 16:42:54 +01:00
Joan Torres
e5d9a41778 [core,gcc] Fix applying RedirectionVersionMask
The RedirectionVersionMask is 0x3c i.e. 00111100.
So the left shift operation to set RedirectionVersion is of 2 places.
2023-02-21 16:18:04 +01:00
akallabeth
ab5be61e89 [client,common] working REDIRECTION_VERSION6
* REDIRECTION_VERSION6 requires enabled multitransport, enable it
* Add a fallback if multitransport was disabled
2023-02-20 16:04:04 +01:00
akallabeth
8205bc5f6b [core,peer] add RSA certificate check 2023-02-16 10:06:17 +01:00
akallabeth
895ae8b137 [core] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
akallabeth
2d94ff3f9e [settings] remove obsolete keys
* CertificateFile and CertificateContent are no longer used
* PrivateKeyFile and PrivateKeyContent are no longer used
2023-02-16 10:06:17 +01:00
akallabeth
a7dc9eb82c [tests] explicitly deactivate client callbacks for test 2023-02-15 13:34:18 +01:00
Armin Novak
25023d3a3a [client,scard] fix missing callback instance arg
every callback requires context, add freerdp* instance just as the
Authenticate et al callbacks already have
2023-02-15 13:34:18 +01:00
akallabeth
34bc5e15f5 [core,gateway] fixed missing/wrong return 2023-02-14 08:43:23 +01:00
Martin Fleisz
1f903f80a5 core: Add possibility to distinguish between auth cancelled and no creds
Currently if the authentication callback returns `FALSE` the utils
function handle this as scenario as no credentials provided (returns
`AUTH_NO_CREDENTIALS)`.

This PR introduces a new `auth_status` called `AUTH_CANCELLED` that is
returned if the authentication callback returns `FALSE`. If the callback
returns `TRUE` and username or password are empty the util function will
continue to return `AUTH_NO_CREDENTIALS`.

THe PR also fixes some incorrect returns in RPC over HTTP gateway code.
2023-02-14 08:43:23 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
87b30958a6 [cyrpto] unify PEM read/write
use crypto_read_pem and crypto_write_pem in all places required
2023-02-12 20:17:11 +01:00
akallabeth
ac037327d5 [core,redirection] fix Wshadow 2023-02-12 20:17:11 +01:00
akallabeth
94b2f551b3 [core] update to new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
b5d1ea7138 [core,license] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
4499a55f43 [core,smartcardlogon] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
Martin Fleisz
35c24f208b core: Fix invalid string length 2023-02-09 12:49:47 +01:00
Martin Fleisz
4b9fb8fff9 proxy: Fix NLA to TLS fallback connection
Currently the proxy's TLS fallback if an NLA connection attempt failed
is broken. There are two issues with the current code that this PR
fixes:

- freerdp_reconnect is used which requires an already established
  connection to work correctly. This is not the case since the NLA
  connectin attempt failed. This resulted in a seemingly working TLS
  connection but i.e. channels where missing/not working.
- The fallback connection attempt just altered the NLA security setting
  in the instance's settings. However these settings have been already
  modified by the NLA connection attempt so we need to create a copy of
  the original connection settings before doing the first connect.

The PR also introduces freerdp_reset_context which restores the initial
connection settings for the given instance.
2023-02-09 12:49:47 +01:00
Armin Novak
a7c0a8c5f1 [autodetect] expose AUTODETECT_STATE 2023-02-09 12:34:27 +01:00
akallabeth
db98f16e5b [core,fastpath] fix too verbose log
for fastpath_recv_update_synchronize only skip the available bytes as
older servers tend to send short packets. This avoids (too) verbose
logging.
2023-02-07 13:36:03 +01:00
akallabeth
2eda0aa2ea [core,settings] remove unused setting 2023-02-03 11:24:32 +01:00
akallabeth
d96860780f Fixed compiler warnings 2023-02-03 11:09:59 +01:00
akallabeth
51e71b3c48 Fixed compiler warnings 2023-02-03 11:09:59 +01:00
akallabeth
00f2679eda [core,security] refactor functions to check lengths 2023-02-03 11:09:59 +01:00
akallabeth
7c1007b1b6 [core,crypto] removed rsa functions from public API
should only be used internally
2023-02-03 11:09:59 +01:00
akallabeth
da5080e557 [core] refactor rdp encryption lock 2023-02-03 11:09:59 +01:00
akallabeth
a082f2b78a [core] improve logging 2023-02-03 11:09:59 +01:00
akallabeth
5f8cc02cf3 [core,license] update length
In license_read_encrypted_premaster_secret_blob the length argument was
not set, fix that
2023-02-03 11:09:59 +01:00
akallabeth
936e239acb [core,license] replaced HWID_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
4b0fcb3dac [core,licensing] replaced WINPR_MD5_DIGEST_LENGTH with sizeof() 2023-02-03 11:09:59 +01:00
akallabeth
3c242bbe6a [core,license] replaced MAC_SALT_KEY_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
0f3d72e724 [core,license] replaced SESSION_KEY_BLOB_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
a738f0ec91 [core,license] replaced PREMASTER_SECRET_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
0c5afb923f [core,license] replaced MASTER_SECRET_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
cf539f33db [core,license] replaced SERVER_RANDOM_LENGTH with sizeof 2023-02-03 11:09:59 +01:00
akallabeth
31695c94a1 [client random] refactor use
* use sizeof() instead of define length
* use settings getter/setter
2023-02-03 11:09:59 +01:00
akallabeth
54e5ff1e75 [core,gcc] fix server random length 2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
akallabeth
2af9758173 [core,license] use rdpCertInfo
Use the struct rdpCertInfo for certificate related data instead of
declaring separate variables
2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3 [core] refactor certificate handling
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
  components
* Move all private key and certificate code to certificate.c,
  remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
  to write the certificate data
* Refactor security_establish_keys, use the random values stored in
  settings directly
2023-02-03 11:09:59 +01:00
Armin Novak
cd48e17740 [gateway,settings] add GatewayAutoConsent option
with this option the client automatically accepts consent messages of
the gateway server.
2023-02-03 11:08:46 +01:00
Armin Novak
05c8a96fff [core,tcp] fix transport_bio_buffered_write
If the return value is <= 0 do not increment the buffer data.
2023-02-02 08:12:39 +01:00
Armin Novak
0c496681f5 [core,settings] fix use of FreeRDP_TargetNetPorts 2023-02-01 09:51:54 +01:00
akallabeth
818267bc80 [core] fixed missing BYTE to WCHAR casts 2023-02-01 09:51:54 +01:00
akallabeth
da42a2141e [core,settings] update getter/setter generation
fix issues with const and non const string pointer update
2023-02-01 09:51:54 +01:00
akallabeth
3f80e6a5ba [core,info] consume unsued byte of stream
The TPKT header length does not match the [MS-RDPBCGR] 2.2.1.11.1.1
Info Packet (TS_INFO_PACKET) and 2.2.1.11.1.1.1 Extended Info Packet
(TS_EXTENDED_INFO_PACKET) length. print a warning and consume the rest
of the data.
2023-01-27 16:01:33 +01:00
akallabeth
76525c2658 [core,peer] removed duplicate checks and logs 2023-01-27 16:01:33 +01:00
akallabeth
644870934e [core,server] do not rely on EarlyCapabilitiesFlags
Check settings that have been agreed upon by client and server and do
not directly use the flags.
2023-01-27 16:01:33 +01:00
akallabeth
56a01603bb [core,info] do not rely on EarlyCapabilitiesFlags
now rdp_write_extended_info_packet only adds the
cbDynamicDSTTimeZoneKeyName, dynamicDSTTimeZoneKeyName and
dynamicDaylightTimeDisabled fields if both, client and server support
the dynamic timezone settings.
2023-01-27 16:01:33 +01:00
akallabeth
1a87ba8fc2 [core,server] add state STATE_RUN_QUIT_SESSION
If a session is terminated indicate this by STATE_RUN_QUIT_SESSION
instead of setting STATE_RUN_FAILED which would imply some failure
2023-01-27 11:05:12 +01:00
akallabeth
b03f9cc8b8 [core,mcs] added return checks
Fix missing checks in mcs_send_disconnect_provider_ultimatum
2023-01-27 11:05:12 +01:00
akallabeth
22f3bf6f78 [core,nla] initialize stack variables 2023-01-27 10:07:01 +01:00
akallabeth
f5d759c979 [core,nla] unify SecBuffer to ASN1 string
use a helper function to convert the buffer to a ASN1 string
2023-01-27 10:07:01 +01:00
akallabeth
c604801a67 [core,nla] simplify server side authentication
* Single point fo function return
* Clear all buffers after authentication
2023-01-27 10:07:01 +01:00
akallabeth
ca3cd8b7ec [core,nla] fix a memory leak in server nla
Clear destination SecBuffer before calling credssp_auth_decrypt or
credssp_auth_encrypt
2023-01-27 10:07:01 +01:00
akallabeth
aeef6045b7 [core,credssp] initialize stack variables 2023-01-27 10:07:01 +01:00
akallabeth
f355c9addd [core,capability] Fix reallocation of ReceivedCapabilityData
if the size is 0 do not abort but continue.
2023-01-27 10:07:01 +01:00
akallabeth
7afab06e4e [fastpath] fix write PDU header functions
* Proper capacity checks with logging
* Fix return codes
* Remove unused fields from public structs
2023-01-27 10:07:01 +01:00
akallabeth
04ede67940 [core,fastpath] unify fastpath stream decryption 2023-01-27 10:07:01 +01:00
Armin Novak
ee6de6d293 [core] fix rdp encrypted autodetect messages 2023-01-27 10:07:01 +01:00
Armin Novak
bea41877ba [core] add logging
* Log rdp_write_security_header flags
* Log rpd_read_security_header flags
2023-01-27 10:07:01 +01:00
akallabeth
ee07a13130 [cleanup] fix compiler warnings 2023-01-26 09:30:17 +01:00
Armin Novak
70f6c09ff4 [core] fix persistent bitmap cache setting
* Only activate if both, client and server support the capability
* Use settings getter to access setting
2023-01-26 09:30:17 +01:00
Armin Novak
1dc2225bd2 [winpr,wlog] include function name in log message
default to print the function the log message was called from
2023-01-25 16:26:39 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message
prefer the log formatter to provide that information.
2023-01-25 16:26:39 +01:00
akallabeth
075506f6c8 [winpr,stream] use new Stream_CheckAndLogRequiredLength* 2023-01-25 14:27:32 +01:00
akallabeth
74530a7931 [format strings] ensure __LINE__ is of type size_t
__LINE__ is not particularily well defined (most fall back to int).
We want to ensure that all the uses in a format string match the format
specifier, so do an explicit cast
2023-01-25 14:27:32 +01:00
akallabeth
686c26794b [gateway,rdg] improve websocket error log message 2023-01-25 14:27:32 +01:00
akallabeth
8ed37e68d2 [stream] use logging capacity checks 2023-01-25 14:27:32 +01:00
Armin Novak
d639702bed [core] check return of rdp_write_header 2023-01-25 09:37:40 +01:00
Armin Novak
a111a19c58 [core] check return of rdp_write_security_header 2023-01-25 09:37:40 +01:00
Armin Novak
2fc24420d1 [core] fix server side skip channel join
move to state CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT instead of
CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE
2023-01-25 09:37:40 +01:00
akallabeth
d65b73ae9f [core,license] fixed string conversion 2023-01-25 09:37:40 +01:00
akallabeth
e56cf03a79 [core,server] fixed peer multimonitor handling
if there is no RNS_UD_CS_SUPPORT_MONITOR_LAYOUT_PDU announced and we did
not handle the data received rerun in active state.
2023-01-25 09:37:40 +01:00
akallabeth
65a5a7a065 [core,certificate] initialize stack variables 2023-01-24 10:16:55 +01:00
akallabeth
b69c00c448 [core,certificate] const correct write function 2023-01-24 10:16:55 +01:00
akallabeth
033ffff428 [core] initialize stack variables, improve logging 2023-01-24 10:16:55 +01:00
akallabeth
f2b934866a [core,connection] code cleanups 2023-01-24 10:16:55 +01:00
Armin Novak
9ab5bde349 [core,nego] use settings getter/setter 2023-01-24 10:16:55 +01:00
Armin Novak
e0a14edfbb [core,crypto] log more parsing failures 2023-01-24 10:16:55 +01:00
Armin Novak
d4d2b4403c [core] Improve redirection logging 2023-01-23 11:37:44 +01:00
Armin Novak
e66f2f8c75 [core] improve redirection logging 2023-01-23 11:37:44 +01:00
Armin Novak
d8a6166e67 [core] improve rdp_security_flag_string 2023-01-23 11:37:44 +01:00
Armin Novak
073aefd766 [core] set TS_UD_CS_CLUSTER::Flags to REDIRECTION_VERSION5
REDIRECTION_VERSION6 breaks redirection for currently unknown reasons.
Revert to the last known good version until we receive an update on
documentation for the redirection handling
2023-01-23 09:17:01 +01:00
Armin Novak
5be9cf90df [core] fix ClusterInfoFlags generation, added logging 2023-01-23 09:17:01 +01:00
akallabeth
23281121bf [core] implement skip channel join 2023-01-20 11:19:18 +01:00
akallabeth
60424ef76f [core] fixed client/server early capapbility flags 2023-01-20 10:57:30 +01:00
akallabeth
2fc5eaeb80 [core] implemented CS_CORE::EarlyCapabilityFlags filter
* Added missing definitions for RNS_UD_CS_SUPPORT_SKIP_CHANNELJOIN
  and RNS_UD_SC_SKIP_CHANNELJOIN_SUPPORTED flags
* Updated stringification functions for these flags
* Implemented client and server EarlyCapabilityFlags filter for
  these flags as FreeRDP currently does not implement them.
2023-01-20 10:57:30 +01:00
Martin Fleisz
9c6a0eeeb1 core: Fix handling of RAIL HandshakeEx flag
When using Enhanced RAIL the HandshakeEx flag must also be set. However
in the current code it was always overwritten by the server flags (which
might lack the flag).
2023-01-20 10:37:56 +01:00