mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
18,239 Commits 6 Branches 74 Tags 84 MiB
db73c562a2
Commit Graph

146 Commits

Author SHA1 Message Date
David Fort
079731068c [core] fix freezing connection to childSession 
When connecting to child session(or a VM), we have CredSSP/Nego/ActivationSequence
instead of Nego/CredSSP/ActivationSequence. Before the patch, we were not applying
flags read in the NegoResponse to the settings and that was leading to FreeRDP
thinking that the remote server was not supporting EXTENDED_CLIENT_DATA_SUPPORTED.
That was later preventing some GCC blocks to be sent, and make the server unhappy
and freeze the connection.
 2023-11-28 13:28:08 +01:00
David Fort
061148f856 [nla] initial server-side remote credential guard support 
Adds support for server-side remote credential guard in NLA. When enabled that allows
the remote user to connect without shipping credentials in TSCred packets. Instead
it will send his TGT encoded with a TGS from the remote server. This way the server
is able to populate that TGT in a local credential cache without knowing the user's
password.

The patch only treats the NLA part and does not contain the associated RDPEAR channel
that allows to have the complete interaction to retrieve new access tokens.
 2023-11-20 16:17:00 +01:00
Armin Novak
53b65ff7bd [documentation] fix Wdocumentation warnings 2023-10-16 15:10:13 +02:00
David Fort
3c18a9980f [client,win32] implement connection to child session 
Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
 2023-09-27 11:57:49 +02:00
ehdgks0627
d04ba8d6ef Correct typos and formatting errors in format strings 
In several files, fixed typos in format strings that were causing unexpected output and formatting issues.
 2023-07-28 15:34:46 +02:00
Armin Novak
66cb8c68d4 [core,nego] change nego_set_routing_token argument 
Use void* instead of BYTE* as the real type is unknown and warnings can
be avoided
 2023-06-29 14:46:41 +02:00
Hugues LEFEBVRE
b67afecf0f CredSSP with early user auth (nla_ext) support 2023-06-26 11:53:46 +02:00
Mikhail Kashin
aeb6ec6f97 [core] fix handling loadbalanceinfo tsv://MS Terminal Services Plugin 2023-06-14 09:06:50 +02:00
Armin Novak
970f0c54e8 [stream] use const correct Stream_Pointer access 2023-06-08 08:09:33 +02:00
Armin Novak
39bf831d50 [core,nego] unify SelectedProtocol usage 2023-03-13 09:36:07 +01:00
Armin Novak
f26dc59a9d [core,aad] make AAD optional 
* make cJSON an optional dependency
* disable AAD if cJSON was not compiled in
 2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD 
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
 2023-03-10 16:38:07 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol 
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
 2023-03-08 14:05:00 +01:00
akallabeth
895ae8b137 [core] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
Armin Novak
9ab5bde349 [core,nego] use settings getter/setter 2023-01-24 10:16:55 +01:00
akallabeth
37ab25e19d Fixed all Wdocumentation warnings 2022-12-12 14:24:55 +01:00
akallabeth
5799fb2018 Replace ConvertFromUnicode and ConvertToUnicode 
* Use new ConvertUtf8ToWChar, ConvertUtf8NToWChar,
  ConvertUtf8ToWCharAlloc and ConvertUtf8NToWCharAlloc
* Use new ConvertWCharToUtf8, ConvertWCharNToUtf8,
  ConvertWCharToUtf8Alloc and ConvertWCharNToUtf8Alloc
* Use new Stream UTF16 to/from UTF8 read/write functions
* Use new settings UTF16 to/from UTF8 read/write functions
 2022-11-28 10:42:36 +01:00
Armin Novak
eb2782b3af [core,nego] Fixed a broken format string 2022-11-21 10:51:19 +01:00
akallabeth
d15e80e266 Fixed return of tpkt_verify_header 
Allow detection of an error (e.g. not enough data in stream)
 2022-11-04 14:46:58 +01:00
Armin Novak
b672bda85e Removed RdpKeyFile and RdpKeyContent settings 
They are a duplicate of PrivateKeyFile and PrivateKeyContent
 2022-07-06 12:01:23 +02:00
akallabeth
f25261e271 Unifiy string append functions 2022-06-17 08:41:46 +02:00
akallabeth
962c5c3ef0 Fixed dead store warnings 2022-04-28 12:37:19 +02:00
akallabeth
6fd71fe737 Eliminate Dead nested assignment warnings 2022-04-28 12:37:19 +02:00
akallabeth
73cdcdfe09
Logging and parser fixes (#7796) 
* Fixed remdesk settings pointer

* Fixed sign warnings in display_write_monitor_layout_pdu

* Use freerdp_abort_connect_context and freerdp_shall_disconnect_context

* Added and updates settings

* info assert/dynamic timezone

* mcs assert/log/flags

* Fixed and added assertions for wStream

* Unified stream length checks

* Added new function to check for lenght and log
* Replace all usages with this new function

* Cleaned up PER, added parser logging

* Cleaned up BER, added parser logging

* log messages

* Modified Stream_CheckAndLogRequiredLengthEx

* Allow custom format and options
* Add Stream_CheckAndLogRequiredLengthExVa for prepared va_list

* Improved Stream_CheckAndLogRequiredLength

* Now have log level adjustable
* Added function equivalents for existing logger
* Added a backtrace in case of a failure is detected

* Fixed public API input checks
 2022-04-19 14:29:17 +02:00
akallabeth
3d38d2636c Decreased logging verbosity for INFO level 2022-03-04 09:34:02 +01:00
Armin Novak
4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak
b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
Armin Novak
874f47f01e Added more error checks to nego 2021-12-14 13:46:34 +01:00
Steve Pronovost
592f8d95be Fix connection negotiation with mstsc/msrdc 
mstsc/msrdc includes an optional correlation info
(RDP_NEG_CORRELATION_INFO) during connection negotiation. This confuses
FreeRDP which interpret this as a cookie and eventually fails the
negotiation, preventing a successful connection to these RDP client.

This commit addresses 3 things.

1) When processing connection token or cookie, skip if the remaining
bytes are neither.
2) After processing the RDP_NEG_REQ info, skip the optional correlation
info (RDP_NEG_CORRELATION_INFO) if one is present.
3) Allow local connection without server certificate when the client
inherently trust the server.
 2021-10-21 13:11:21 +02:00
Armin Novak
17f530a866 Transport opaque 2021-09-09 08:36:01 +02:00
akallabeth
f1bde376b1
Raw channel send (#7255) 
* Added raw channel data write function

* Use nego_set_state

* Added ArrayList_ForEachAP

* Provide va_copy for older VS compilers
 2021-08-26 16:17:51 +02:00
Armin Novak
2a91afb0cf Added adjustable tcp connect timeout 2021-06-08 08:21:47 +02:00
akallabeth
e2fd9db0b5 Added const to function arguments 2021-02-17 11:29:56 +01:00
akallabeth
5409f4f043 Implemented 2.2.1.17.1 Persistent Key List PDU Data, added checks 
* Implemented missing server side version of PDU (just skip data)
* Refactored read/write functions to properly check stream
  length/capacity and handle return values.
 2020-11-20 09:39:25 +01:00
akallabeth
6b485b146a Fixed oob read in irp_write and similar 2020-05-06 13:31:57 +02:00
Armin Novak
318cb3dd47 Added tpkt header length plausibility checks. 2020-03-02 11:40:35 +01:00
Armin Novak
72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Armin Novak
d7877186d6 Fixed strnlen issues. 2019-11-05 14:55:33 +01:00
Armin Novak
f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
asapelkin
82eadad4a4 Fix some static analizer warnings 2019-10-22 15:39:54 +02:00
Armin Novak
306c557512 Getter for state to string 2019-09-04 15:46:47 +02:00
Mati Shabtay
b907324009 First version of an RDP proxy (#5372) 
* server: Add proxy dir with barebones server

* sever/proxy: Remove licensing

* server/proxy: Add client files

* server/proxy: rm binary

* server/proxy: Formatting

* server/proxy: Fixed includes and added basic client creation functionality

* server/proxy: Remove licensing and fix ifndef

* proxy/server: Fix cmake indentation

* server/proxy: Fix licensing

* server/proxy: Forward connection on peer_post_connect

* server/proxy: Fix function signature

* server/proxy: Changed function signature of proxy_client_start

* server/proxy: Now peer_post_connect calls proxy_client_start in a new thread

* pfreerdp.c: Clean up useless comments and logs

* server/proxy: Fix license

* server/proxy: Remove all non-connection related data from proxy_context

* server/proxy: Move Log Tag definition to pf_log.h

* server/proxy: Move context definition to pf_context

* server/proxy: Delete pfreerdp.h

* pfreerdp.c: Move context callbacks to pf_context.c

* server/proxy: Update CMakeLists.txt

* pf_channels: Use new proxy context API

* pf_client: Move context to pf_context

* pf_client.c: Remove unnessecary event handling

* server/proxy: Formatting

* proxy/server: Move server logic to pf_server.c

* server/proxy: Handle client disconnection

* Merge stash

* pf_server.c: Open GFX Connection to client

* server: CMakeLists: build proxy along with other servers

* server: proxy: get target server from rdpNego->RoutingToken

Iv'e omitted a check from  which im not sure is right. Should check in docs

* server/proxy: Handle remote server -> client disconnection

* server/proxy: Move common function  to pf_common.c

* server/proxy: Move common function  to pf_common.c

* rdpgfx.h: Add reference to freerdp.h for rdpContext

* pf_channels: Pipe GFX on channel connection

* server/proxy: Add pf_rdpgfx for proxy gfx callbacks

* pf_client: Declare dynvc and gfx capabilities on connection

* server/proxy: Add graphics callbacks

* server/proxy: Add graphics callbacks

* pf_server: Listen to channel events

* Pass user settings to server

* pf_server: Proxy mouse events

* fixup! server/proxy: Add graphics callbacks

* pf_client: Fix setting initialization

* Merge feat/proxy-gfx to feat/proxy

* pf_server: Fix double freed credentials

* server/proxy: Remove unnecessary call to freerdp_client_settings_parse_command_line

* server/proxy: Refactor re-activation code

* server/proxy: Run format scripts

* server/proxy: Fix segfault when post_disconnect return FALSE

* server/proxy: Refactor proxy_settings_mirror

* server/proxy: Redirect credentials

* server/proxy: move proxy_settings_mirror to pf_common.c

* server/proxy: Redirect desktop_resize event

* pf_client: Remove interactive CLI auth methods

* fixup! server/proxy: Redirect credentials

* server/proxy: Rename proxy_mirror_settings to pf_common_copy_settings

* pf_server.c: Fixed non-freed context

When the disconnection is forced by the target server, the function
`pf_server_handle_client_disconnection` isn't called. Therefore, the
context of the connection between the proxy to tagrget isn't freed.

* fixup! pf_server.c: Fixed non-freed context

* pf_client: Prefix all client methods with pf_client

* pf_context: Add init client to proxy context method

* pf_server: Confirm all GFX caps regardless of settings

* pf_server: Prefix all methods with pf_server

* pf_server: Move variable decleration to start of method

* pf_server: Fix client setting

* pf_server: Fix GFX init method

* pf_server: Move variable decleration to start of methods

* server/proxy: Formatting

* Merge feat/proxy

* pf_server: Proxy synchronize event

* pf_server: Proxy refresh rect update events

* pf_server: Proxy suppress output messages

* server/proxy: Fix licensing

* server/proxy: Move client input callbacks to pf_input

* server/proxy: Move client update callbacks to pf_update

* server/proxy: Fix non-terminated target host string

* Feat/proxy config (#2)

* server/proxy: Add config loading support

* server/proxy: Add config file

* server/proxy: Format code

* server/proxy: Code refactor, rename update_register_callbacks and input_register_callbacks

* server/proxy: Update config file

* server/proxy: Remove config.ini from root directory

* Remove comment from config file

* server/proxy: Fix leak in pf_server_load_config

* server/proxy: Add rdpServerProxy struct and embed it in proxyContext

* server/proxy: Load configuration and pass it inside every proxyContext instance

* server/proxy: Move rdpProxyServer to proxy.h

* server/proxy: Use configuration while proxying input events

* server/proxy: Update CMakeLists

* server/proxy: Refactor pf_input.c

* server/proxy: Add AllowedChannels, DeniedChannels in configuration

* server/proxy: Remove unnecessary variable from parse_channels_from_str

* server/proxy: Update config file

* server/proxy: config: Rename  to

* server/proxy: config: Add mode - blacklist/whitelist

* server/proxy: Refactor, fix NULL deref

* server/proxy: Add license to proxy.h

* server/proxy: Fix newline in pf_config.c

* server/proxy: config: Rename Mode to WhitelistMode

* Add target in config. Add checks for configuration validity (#3)

* Add target in config. Add checks for configuration validity

* Update config file

* libfreerdp: nego: revert commented out check of routingToken length

* pf_server: Fix target host info from RoutingToken

* pf_server: Remove hardcoded lenght of routing token prefix

* Feat/refactor context (#8)

* Refactor main structs

* Update CMakeLists.txt

* pf_server.c: Free pdata at the end of the connection

* Run format scripts

* Rename tf to pc

* Fix licenses

* pf_server: Refactor names of structs and functions

* proxy: gfx: sync caps (#4)

* proxy: gfx: sync caps

* proxy: gfx: sync caps, hook gfx client's OnClose() call and close server resources

* fixup! Feat/refactor context (#8)

* fixup! fixup! Feat/refactor context (#8)

* rdpgfx/client: Fix rdpgfx_recv_caps_confirm_pdu caps set length parsing

* Run format scripts

* proxy config.ini: Change default port to 3389

* pf_rdpgfx: Limit caps version to freerdp's supported versions

* Gfx OnOpen() wait for dynvc ready (#10)

* proxy/gfx: Wait for dynvc ready state before open

* pf_channels: Initialize pc->gfx

* pf_rdpgfx: Add log and fix comments

* rdpgfx: Fix GFX v10.6 PDUs parsing and naming according to the spec

* pf_rdpgfx: Proxy rdpgfx v10.6 PDUs

* gfx client: Publish FrameAck sending and add auto ack flag

* proxy/gfx: Forward frame ack messages

* pf_context: Forward domain on connection

* pf_rdpgfx: Change max supported caps to 10.6

* proxy: Update config

* server/proxy: Use configuration in pf_server_handle_client

* rdpgfx/client: Fix size of surface_to_scaled_window, surface_to_window

* pf_rdpgfx: Fix formatting

* pf_server.c: Fix comments

* Move pf_server_rdpgfx_init to pf_rdpgfx

* server/proxy/CMakeLists.txt: Fix formatting

* pf_client.c: Add comment in proxy_server_reactivate

* Fixed const correctness of gfx function pointer

Signed-off-by: Mati Shabtay <matishabtay@gmail.com>

* server: proxy: update copyright

* server: proxy: wrap rdpNego and add a getter for routing token

* Refactor routing token getter (#14)

* Refactor routing token getter

* pf_server_parse_target_from_routing_token change routing_token_length to be DWORD

* libfreerdp/core/nego.c: Run format script

* pf_server: Run format script

* server/proxy: Fix os msbuild tests

* pf_channels.c: Remove unused channels

* pf_client: Remove unused callbacks

* proxy: Remove encomsp callbacks from proxy's client

* client/rdpgfx_main.c: Fix msbuild test

* pf_config.c: Use StrSep instead of strsep for Windows builds

* Removed nego struct from direct access.

Signed-off-by: Mati Shabtay <matishabtay@gmail.com>

* proxy: Rename binary to freerdp-proxy

* rdpgfx_main.c: Revert unwanted double change to send_supported_caps

* Cleaned up proxy server code.

* All internal functions static
* Added simple command line argument to supply a config file
* Silence compiler warnings

Signed-off-by: kubistika <kmizrachi18@gmail.com>
 2019-05-17 14:32:54 +02:00
Armin Novak
8110c391bf Fixed requested protocol define names according to spec. 2018-12-05 10:55:06 +01:00
Armin Novak
b1d2a4767b Fixed warnings in nego. 2018-12-05 10:55:06 +01:00
Armin Novak
82863a8518 Refactored NLA to be self contained. 2018-12-05 10:55:06 +01:00
Armin Novak
5ca8eca18e Made nego self contained. 2018-12-05 10:55:06 +01:00
Armin Novak
7ec9e942fb Fixed zero sized allocation. 2018-11-29 12:11:33 +01:00
Ondrej Holy
6e0f05cbdb core/nego: Fix leak found by covscan 
leaked_storage: Variable "wszPCB" going out of scope leaks the storage it points to.
 2018-08-22 14:34:02 +02:00
Armin Novak
77eb93b4b7 Made internal functions static to help compiler optimize. 2018-07-10 12:21:38 +02:00
Armin Novak
7a39dcd7e2 Updated reconnect to handle cases where PostConnect was not called 
freerdp_reconnect might be called after a freerdp_connect failed due
to a TCP timeout waiting for user input.
In such cases we need to know if PostConect was already called and
do that if not.
 2018-07-10 12:04:27 +02:00