This new option /tls-secret-file:<file> allows to dump TLS secrets in a file with
the SSLKEYLOGFILE format. So this way you can setup the TLS dissector of wireshark
(Pre-Master-Secret log filename) and see the traffic in clear in wireshark.
It also add some more PFS ciphers to remove for netmon captures.
A proxy URI was parsed both in the function `proxy_read_environment()` in
`libfreerdp/core/proxy.c` and in the function
`freerdp_client_settings_parse_command_line_arguments()` in
`client/common/cmdline.c`. But only the latter was taking into account
that the URI can contain a user and password, which made it impossible
to use a proxy with authentication by just using an environment
variable like `https_proxy`.
The function `proxy_parse_uri()` in `libfreerdp/core/proxy.c` was
clearly not parsing the optional username and password.
This commit moves the code from `client/common/cmdline.c` to
`libfreerdp/common/settings.c` into a function `proxy_parse_uri()` so
redundant code is avoided. This function is then called in both
instances where a proxy URI is parsed.
Some minor adjustment were made to the code, so the `WLog_INFO()`
statement at the end works in both cases, where credentials were either
provided or not. Also, some error messages were added or clarified.
If the parsing of the environment variable fails, we ignore it entirely
(with a warning) and proceed.
* Early return authenticate if TLS smartcard logon
* Removed obsolete SmartcardPin and unified AuthenticateEx calls
* Remove password-is-pin from command line
The setting is implied by smartcard-logon and only of interest in
server side code, so the setting is useless
* Rework AUTH_SMARTCARD_PIN
Just prompt for PIN and not user/domain if this is requested.
* Fixed a memory leak in nla.c
* Align credentail prompt
* Handle AUTH_NLA & smartcard, just ask for PIN
* Added assertions, removed duplicate password prompt check
* Move smartcard logon after credential prompt
Always reinitialize NetworkAutoDetect, otherwise it might end set to
previous value and not the desired one. This happens when the client
sets /network:lan , in which case NetworkAutoDetect remains set to
TRUE because freerdp_set_connection_type() was previously called in
prepare_default_settings() and NetworkAutoDetect is never updated by
freerdp_set_connection_type() afterward.
Signed-off-by: Marek Vasut <marex@denx.de>
* All channels inheriting from RDPDR_DRIVE base struct
* Add functions to create/free a new device of a type
* Fixed settings array resize code, prevent 0 sizes
If no arguments are supplied, default to the behaviour of
/network:auto. This ensures the default experience is using the
best available graphics options.
As soon as any /network, /bpp, /rfx, /gfx, ... argument is used
only use these.
RDPSND channel is special, as it has many names.
(e.g. static channel, dynamic channel and UDP one.
Use RDPSND_CHANNEL_NAME to identify the module name instad of
RDPSND_DVC_CHANNEL_NAME
* client: Fix exit codes for /help and similar option
Currently, non-zero exit code is returned for /version, /buildconfig, /help,
/monitor-list, /kbd-list and /kbd-lang-list command-line options for several
clients. This is against conventions because 0 is usually returned in
such cases. Also, there is potentially another problem that the returned
codes overflow on UNIX systems (where the exit code is a number between 0
and 255). Let's fix the clients to return 0 in the mentioned cases to honor
conventions and 1 for the command-line parsing errors (or -1 for clients
who already use that value).
Fixes: https://github.com/FreeRDP/FreeRDP/issues/6686
* Refactored freerdp_client_settings_command_line_status_print_ex
Now returns 0 if help or version information was requested.
* Do not eliminate original error status.
Co-authored-by: akallabeth <akallabeth@posteo.net>
I personally find it more convenient to have pasted data written to
the X11 PRIMARY selection, so that I can paste it with a fast middle-
button click, than to write to CLIPBOARD which typically needs a key
sequence or menu action.
This commit adds a command-line option to let me express that
preference: now I can say "/clipboard:use-selection:PRIMARY" on the
command line, which not only enables clipboard transfer but also says
which X selection I want it to talk to. The previous options
"+clipboard" and "-clipboard" are also still supported.
It is now possible to add usb devices both via vid+pid and via bus+addr
at the same time. To do this, the ids are directly
given to the corresponding command line options:
/usb🆔<vid+pids>,addr:<bus+addrs>
The dev option still works like before: /usb:id,dev:<vid+pids> or
/usb:addr,dev:<bus+addrs>
On high latency links the default of 9 second timeout might be too
strict. Adjusting this for all users will result in a long time
for connections to fail, so let these with high latency links
adjust the value manually.
* The mess with /cert-tofu, /cert-ignore et al is now unified in
a single option.
* Added the option to add fingerprint:<hash>:<hex string> multiple
times to /cert to build a list of accepted certificate
fingerprints
* Added a deprecation warning to older /cert-* options
* Now both, dynamic and static channel entries can be defined by
a single channel.
* Added better logging to distinguish between static and dynamic
channel messages.
The help output advertise an option and an example for usb redirection
regardless of the fact whether the urbdrc channel was built or not.
This is confusing for people. Let's do not show /usb in help if it is
not built.
