Commit Graph

17205 Commits

Author SHA1 Message Date
Armin Novak
69aa1ff9db [build] add cJSON to android build scripts 2023-03-10 16:38:07 +01:00
Armin Novak
9f1fc5adaf [client,common] add /sec:aad to command line help 2023-03-10 16:38:07 +01:00
Armin Novak
233ac929ea [client,common] use interruptible getline 2023-03-10 16:38:07 +01:00
Armin Novak
dc38b94263 [ci] add cJSON dependency 2023-03-10 16:38:07 +01:00
Armin Novak
4d12c22f4e [core,aad] fixed warnings and openssl compat 2023-03-10 16:38:07 +01:00
fifthdegree
304ce6d702 Test base64url en/decoding
Add tests for base64url and fix a bug discovered while doing that
2023-03-10 16:38:07 +01:00
akallabeth
429c361435 [core,aad] fix cJSON usage 2023-03-10 16:38:07 +01:00
fifthdegree
f4431cdc8c fixup! Implement support for RDS AAD 2023-03-10 16:38:07 +01:00
fifthdegree
7f54770fd0 fixup! Implement support for RDS AAD 2023-03-10 16:38:07 +01:00
akallabeth
af2a74cbbb [core,aad] refactor aad parser
* split functions into smaller elements
* improve return code checks
* add log messages for error results
2023-03-10 16:38:07 +01:00
akallabeth
0af370c04b [core,aad] use dynamic logger 2023-03-10 16:38:07 +01:00
akallabeth
157d71e802 [core,aad] migrate to cJSON parser library 2023-03-10 16:38:07 +01:00
akallabeth
c5406d79c5 [core,aad] typedef AAD_STATE 2023-03-10 16:38:07 +01:00
akallabeth
3d9eaf59dc [core,aad] typedef AAD_STATE 2023-03-10 16:38:07 +01:00
akallabeth
2117cdcb0f [core,transport] rewritten aad transport read
use a do {} while loop to make it easier to read.
2023-03-10 16:38:07 +01:00
akallabeth
f5423caace [auth,aad] add freerdp* argument to callback 2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
fifthdegree
5df4d4c934 Implement a basic JSON parser 2023-03-10 16:38:07 +01:00
fifthdegree
8d6c92c037 Implement base64url encoding/decoding
Tweak the base64 functions to allow for encoding and decoding base64url
as well
2023-03-10 16:38:07 +01:00
Armin Novak
85cff3a7dc [server,proxy] fix private/public library linking 2023-03-10 11:40:08 +01:00
Armin Novak
c23dc3ba9d [CMake] Fix use of BUILD_SHARED_LIBS
the option is named BUILD_SHARED_LIBS and not CMAKE_BUILD_SHARED_LIBS
2023-03-10 11:40:08 +01:00
Armin Novak
6e5307c037 [client,common] fix on off option parsing
* Return an enum to allow evaluation of what option was provided
* fix /sec:nla and /sec:nla:on behaviour.
2023-03-10 11:40:08 +01:00
Martin Fleisz
384642f95f core: Fix sending incorrect GUID in RDSTLS auth request
The spec states that the GUID must be sent as a Base64-encoded GUID in
Unicode format. However in the redirection code we read the (correctly
formatted) GUID and convert it to a binary BLOB.

This PR removes the unnecessary conversion which now results in a
correct RDSTLS auth request.

It also removes some dead code in `rdstls_write_data`.
2023-03-09 14:29:41 +01:00
Armin Novak
1580daecbc [core,rdstls] fix uninitialized wStream 2023-03-09 11:17:37 +01:00
Armin Novak
ec60ebaf37 [core] parse whole wStream instead of current 2023-03-09 11:17:37 +01:00
Armin Novak
5c49fae477 [core,transport] split pdu parser function
split according to which PDU type is being parsed.
2023-03-09 11:17:37 +01:00
Joan Torres
5bcc5326d0 [core,rdstls] fix rdstls_parse_pdu
When this function returns <= 0 the caller was considering it a pduLength
creating a bug.

Also fixed length calculation on some rdstls pdu types.
2023-03-09 11:17:37 +01:00
Joan Torres
b469f53c43 [core,transport] check for rdstls == NULL on accept_rdstls too 2023-03-09 11:17:37 +01:00
akallabeth
151baa9ae5 [client,sdl] fix va_arg casts to match void* size 2023-03-09 11:17:37 +01:00
akallabeth
22f5bd48c4 [client,wayland] fix function arguments to match
the function pointer expected different arguments from the one provided.
2023-03-09 11:17:37 +01:00
akallabeth
387dcd4001 [client,sdl] fix missing type cast 2023-03-09 11:17:37 +01:00
akallabeth
d56487717f [core,redirection] fix const warnings 2023-03-09 11:17:37 +01:00
akallabeth
6646ff9eb0 [client,common] fix wrong arguments for file clipboard 2023-03-09 11:17:37 +01:00
akallabeth
41cb69b135 [winpr,stream] fix Stream_Read_UTF16_String
Fix wrong arguments for stream length check
2023-03-09 11:17:37 +01:00
akallabeth
34c056e163 [core,smartcard] fix WCHAR compare, use _wcscmp 2023-03-09 11:17:37 +01:00
akallabeth
4154bc500e [core,transport] check for rdstls == NULL 2023-03-09 11:17:37 +01:00
Martin Fleisz
093bf79837 common:: Fix const issues with current rdp file API 2023-03-08 14:08:34 +01:00
akallabeth
9a51f3b77b [core,rdstls] log state checks
when checking expected states print a proper log message when the
requirement is not met
2023-03-08 14:05:00 +01:00
akallabeth
bc1d291b44 [core,rdstls] add state transition checks and logs 2023-03-08 14:05:00 +01:00
akallabeth
adbecf71c6 [core,rdstls] use dynamic logger 2023-03-08 14:05:00 +01:00
akallabeth
0dc59f3a41 [core,rdstls] hide rdstls parsing
* move rdstls specific code from transport_parse_pdu to rdstls_parse_pdu
* hide rdstls implementation details
2023-03-08 14:05:00 +01:00
Joan Torres
c7f214435e [core,transport] use modern stream funcs on transport_parse_pdu 2023-03-08 14:05:00 +01:00
Joan Torres
d3eab544bd [core,rdstls] validate state transitions 2023-03-08 14:05:00 +01:00
akallabeth
15b5026260 [core,rdstls] rdstls_read_data no heap
do not allocate and copy the returned data, just return a pointer in the
stream and the length of the data.
2023-03-08 14:05:00 +01:00
akallabeth
f5a8da4f62 [core,rdstls] ensure stream length on empy return 2023-03-08 14:05:00 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Armin Novak
49f44303b1 [server,shadow] clean up certificate generation 2023-03-08 13:07:20 +01:00
Armin Novak
00f8cd350b [server,shadow] abort on invalid key/certificate 2023-03-08 13:07:20 +01:00
Joan Torres
689bf6daab [core,nla]: Fix using password from redirection
If a client reconnects on redirection process and uses NLA authentication,
the client was using the old password because it wasn't setting
usePassword to false.

With this commit the client will use the new password.
2023-03-08 08:36:42 +01:00
Joan Torres
5f8e64f89c [core,connection]: Fix load balance setting on redirection
The routing token is already set for the nego on rdp_client_connect func.
2023-03-08 08:36:42 +01:00