Commit Graph

2505 Commits

Author SHA1 Message Date
Armin Novak
0afa2e88b5 [crypto,cert] imrove logged warnings for certificates 2023-07-31 08:32:43 +02:00
Armin Novak
e61880d077 [standard] replace __FUNCTION__ with __func__ 2023-07-27 20:02:43 +02:00
akallabeth
14d0ec9335 [core] move http status to string to utils
freerdp_http_status_string and freerdp_http_status_string_format are now
exposed as public API functions to work with http status codes
2023-07-21 14:53:19 +02:00
Armin Novak
3d1bb4e1d9 [client,common] allow forcing default callbacks
All clients can implement their own callbacks for
certificate/credential/smartcard/... but there is a common (default)
implementation for all clients.
with the new setting FreeRDP_UseCommonStdioCallbacks it is now possible
to force these over the client implementation provided ones
2023-07-20 14:25:08 +02:00
akallabeth
734117351d [aad,avc] unify callbacks to GetAccessToken
The AAD and AVD authentication mechanisms both need an OAuth2 token.
They only differ in the provided arguments, so unify the callbacks into
a single one with variable argument lists.
2023-07-20 14:20:28 +02:00
fifthdegree
d309fcd6e8 Restructure Azure AD related stuff
- Move responsibility for obtaining access tokens to clients
- Add function for getting access tokens for AVD
- Get correct server hostname during AVD setup
- Add utility function for doing http requests
2023-07-20 14:20:28 +02:00
Pascal Nowack
d7d3055b5f X11/cliprdr: Rework server to client clipboard handling
The purpose of clipboard data locking is to make the other peer
retaining the current file list until a pending paste operation is done,
even though the clipboard selection changed.
As it may be difficult to determine, when a lock is needed, imitate the
same behaviour as mstsc:
When the server side supports clipboard data locking, always attempt to
lock the file list on the server regardless of what is advertised in a
FormatList PDU.
The Lock Clipboard Data PDU can even be already sent, before the
Format List Response PDU is sent.
This is also what mstsc, does: First, lock the new (potential) file
list, then unlock the file list, when the pending paste operation is
done.
So, rework the current clipboard implementation in that direction.

Since the implementation for timeouts for old file lists is a bit hard,
for now always force unlock pending locks, when the selection changes.
However, timeouts for old file lists can still be added in the future.

The reworked clipboard handling is done with the help of three hash
tables:

1. The inode table: This hash table manages all inodes for each file.
   The keys in this table are the inodes themselves, while the values
   the files and directories and their attributes (file size, last write
   time, etc.).
2. The clipdata table: This table manages the locks for each file list.
   The keys in this table represent the clip data id and the values the
   clip data entries, which have a reference to the clip data dir, a
   directory containing the whole selection, and some helper attributes,
   like the clip data id itself.
3. The request table: Every file size or file range request is managed
   here. When a FileContentsRequest is made, its stream id with the
   respective details are added to this table. When a response is
   received, these details can then be easily looked up here.
2023-07-20 11:36:11 +02:00
Pascal Nowack
f1ed11135c server/audin: Remove wrong comment 2023-07-20 11:36:11 +02:00
Armin Novak
10e010329c [client,file] add WebAuthN rdp file parsing support 2023-07-10 10:45:28 +02:00
akallabeth
a01f3ec5ab [client,common] allow adding a named keyboard pipe
This allows starting FreeRDP clients with a named pipe that will type in
text written to the named pipe as keyboard input
2023-07-03 13:21:43 +02:00
Michael Saxl
d55e035260 [gateway,arm] Azure Virtual Desktop Gateway support
This PR creates a new /gateway:type:arm transport.
It depends on CJSON

The arm transport is not a transport by itself but is responsible
for getting the websocket endpoint from a configuration url derived from
the configured gateway host in the rdpw file or cmdline
2023-06-27 21:15:08 +02:00
Armin Novak
fd338c3bd4 [server,proxy] allow reading arbitrary keys from config
Allow the proxy configuration to contain arbitrary section/key/value
entries which can be used by plugins for configuration.
2023-06-27 17:36:57 +02:00
Vic Lee
5fffaf6cd2 [codec,rfx] missing palette setting api. 2023-06-27 08:54:54 +02:00
Armin Novak
d6ae30e7fa [channels,rdpei] add variadic argument calls 2023-06-26 11:22:32 +02:00
Armin Novak
93423eaf11 [client,common] move pen detection to client common 2023-06-26 11:22:32 +02:00
Michael Saxl
44c1ec3276 [gateway,websocket] implement plain websocket transport
* factor out most websocket specific code parts into websocket.c
* create wst.c (Websocket Transport) as gateway transport implementation
* introduce GatewayUrl setting that holds the websocket url
* introduce GatewayHttpExtAuthBearer that holds the HTTP Bearer
* GatewayHttpExtAuthBearer can be used by both rdg and wst
2023-06-22 09:21:42 +02:00
Michael Saxl
6478edda5b rdg bearer support 2023-06-22 09:21:42 +02:00
digitalsignalperson
9c7a541d9c Implement pen functionality for X11, including pressure, hover, and eraser 2023-06-21 18:42:38 +02:00
Armin Novak
4803ba046c [server,shadow] implement CheckPeerAcceptRestrictions
Implement a (optional) peer limitation check for shadow server.
with the command line option /max-connections:<number> the maximum
number of simultaneous connections can be limited.
2023-06-14 17:15:21 +02:00
Armin Novak
df3c78a91d [server,core] add CheckPeerAcceptRestrictions
the new (optional) callback CheckPeerAcceptRestrictions is used to check
for server implementation specific connection requirements before
accepting a client.
2023-06-14 17:15:21 +02:00
akallabeth
393577750e [settings] add FreeRDP_ClipboardFeatureMask 2023-05-25 16:26:39 +02:00
fifthdegree
449b96adb2 Use popup browser for AAD auth in SDL client
Optionally build the SDL client with Qt WebEngine to create a popup
browser for authentication to AAD. Also change the URL output on the
command line to use the "nativeclient" redirect for easier copy/pasting
of the authorization code.
2023-05-23 06:04:55 +02:00
akallabeth
105f0d2366 [channel,audin] move common code to server channel
* manage channel related callbacks with default implementations
* use dynamic logger for server audin channel
2023-05-17 13:33:35 +02:00
Pascal Nowack
c5278c874f channels/audin: Rework API to be closer to documentation
The current server side channel handling of AUDIO_INPUT is currently
very constrained:

- Server implementations cannot measure the clients uplink, since the
  Incoming Data PDU is currently unhandled and FreeRDPs DSP handling
  delays the callback call of ReceiveSamples
- Servers currently cannot prefer a different protocol version
- Servers currently cannot change the used format

To solve these issues without running into the risk that some
simplifications constraint certain API usage, rework the current channel
handling to be very close to the documentation.
This means, that all documented API calls can be made by server
implementations and all documented PDUs, that the server side is
expected to receive are just parsed inside FreeRDP and then forwarded to
the API implementation.
2023-05-17 13:33:35 +02:00
David Fort
6ec762fdec fix typo 2023-05-11 16:31:42 +02:00
Alexandru Bagu
a231c09fff fixes for llvm-mingw build 2023-05-04 12:56:16 +02:00
akallabeth
12a2e55588 [core,autodetect] improve logging
* use dynamically allocated logger of context
* improve stringification, print string representations with value for
  message and header types
2023-05-03 13:46:39 +02:00
Pascal Nowack
288f4d58f0 core: Make a couple of capability defines public
The settings for these defines are public, but these settings cannot be
properly used, when the respective defines are not public too.
2023-05-02 09:51:40 +02:00
akallabeth
6c38e20e4e [crypto,cert] add openssl3 support 2023-04-28 08:33:06 +02:00
akallabeth
9ebbeeb2f6 [crypto,pkey] add openssl3 support 2023-04-28 08:33:06 +02:00
David Fort
0b16fcef18 rail: add missing server-side calls
This patch adds support for text_scale and caret_blink messages on the server-side.
2023-04-25 07:27:37 +02:00
Armin Novak
4d3d1bfe4d [core,autodetect] revert to [MS-RDPBCGR] states
remove 'convenience' states in main RDP state machine for autodetect
2023-04-24 14:18:20 +02:00
Richard Markiewicz
13e52cfae2 [channels,settings] add a setting to ignore invalid devices 2023-04-24 11:29:05 +02:00
Armin Novak
41eb024d98 [channels,audin] add missing include 2023-04-24 10:58:01 +02:00
akallabeth
c0dc193a39 [winpr,input] use enum for keyboard types
* move type definition to WinPR as used there too.
* supported keyboard types are defined in
  [MS-RDPBCGR] 2.2.1.3.2 Client Core Data (TS_UD_CS_CORE)]
  use a enum instead of magic numbers to make code more readable.
2023-04-21 12:31:51 +02:00
akallabeth
7f2714a341 [client,cliprdr] fix missing include 2023-04-17 16:44:46 +02:00
Pascal Nowack
8362b3707e pointer: Rename position to hotspot position in Color Pointer Update
The attributes xPos and yPos for a Color Pointer Update are confusing,
as they may be confused with the xPos and yPos of the pointer bitmap on
the actual screen.
Rename these attributes to what they actually represent, and that is the
hotspot position.
xPos and yPos are still members of the hotspot. However, hotSpotX and
hotSpotY are much more clearer.
In addition to that, the Large Pointer Update uses the same names for
the hotspot coordinates.
2023-04-14 08:31:20 +02:00
Armin Novak
391f5e0ddb [settings] add freerdp_supported_color_depths_string 2023-04-13 14:35:51 +02:00
Armin Novak
39767c5423 [settings] add supported color depths setting 2023-04-13 14:35:51 +02:00
Pascal Nowack
43f0fbdc12 core/autodetect: Allow overriding connect-time autodetection handling
Currently, FreeRDP-based server implementations can do connect-time
autodetection.
However, without having any control over it.

In order to be able to override the default connect-time autodetection
handling, introduce three new states for the state machine of the
connection sequence and two new callbacks for the autodetect handling.

These are:
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_BEGIN
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_IN_PROGRESS
- CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_END

- OnConnectTimeAutoDetectBegin()
- OnConnectTimeAutoDetectProgress()

The END state is pretty simple: When the autodetection is finished and
the autodetect state is FREERDP_AUTODETECT_STATE_COMPLETE, transition
into the next state of the connection sequence.

The BEGIN state is entered, when capability-wise network autodetection
is available.
In this state, the OnConnectTimeAutoDetectBegin callback is called, the
server implementation may initialize any related handling here.
If the server implementation determines, that no further handling is
required, it can end the autodetection phase by returning
FREERDP_AUTODETECT_STATE_COMPLETE.
If not, and an autodetection request is sent, it returns
FREERDP_AUTODETECT_STATE_REQUEST.
The state machine of the connection sequence will then switch into the
IN_PROGRESS state.

In the IN_PROGRESS state, any incoming PDU is handled first, then the
OnConnectTimeAutoDetectProgress callback is called.
Like in the BEGIN state, the return value will determine, whether the
state machine of the connection sequence goes into the END state or goes
into (or rather stays) in the IN_PROGRESS state.
2023-04-13 09:58:52 +02:00
Pascal Nowack
91ff145ae8 core/autodetect: Rework server side API to be closer to documentation
The current state of the autodetect API for the server side does not
include all allowed scenarios where the network autodetection can be
used.
This for example includes the connect-time autodetection, as the
related calls are hidden inside FreeRDP, and not exposed as public API.
In order to avoid duplicate send methods, check the state of the
connection sequence.
If the connection sequence is not yet done, use the connect-time request
types.
Otherwise, use the continuous request types.

The Bandwidth Measure Payload PDU is a little special case, as it is
only allowed to be sent during the connection sequence.
To ensure this, add an assertion in its sending method.

Also fix the handling for the Network Characteristics Sync PDU:
Previously, after parsing the PDU data, the read data was just sent
again to the client, which is wrong.
To fix this issue, introduce a callback for this client-to-server PDU,
so that the actual server implementation can hook up its own handling
for this PDU.
Depending on the situation, the server side may want to discard or use
the retrieved data here.

Moreover, decouple the send-handling for the Network Characteristics
Result PDU from the local autodetect variables.
Currently, these variables are shared between the send and receive
methods.
This leads to access problems, where the server side, wants to use a
different thread to send the autodetect PDU, as the receive handler may
receive an autodetect PDU and overwrite these values with possible
nonsense values.
This is especially the case with RTT response PDUs, as the written
netCharAverageRTT and netCharBaseRTT values are only correct, when only
one RTTRequest happens at a time and no stray RTTResponses are received.
2023-04-13 09:58:52 +02:00
akallabeth
7739815a90 [codec,h264] add getter/setter for h264 options 2023-04-11 10:58:03 +02:00
akallabeth
983c820f16 [codecs] make h264 and planar opaque 2023-04-11 10:58:03 +02:00
Joan Torres
1f58b64f68 [core,redirection] Fix sending redirection certificate
TargetCertificate option is set in TARGET_CERTIFICATE_CONTAINER format.

Exposed ELEMENT_TYPE_CERTIFICATE and ENCODING_TYPE_ASN1_DER1 to allow
building it externally in the mentioned format.
2023-04-11 10:29:16 +02:00
akallabeth
182f15e475 [core] add logger to rdpContext
Add a dynamic logger for rdpContext
2023-04-06 12:11:46 +02:00
Armin Novak
f66110c611 [codec,rfx] refactor API
* Hide implementation details
* Add missing getter/setter
2023-04-05 20:41:42 +02:00
Armin Novak
a86218c761 [codec,rfx] fix numTile update
ensure there are enough tiles allocated before setting
2023-04-05 20:41:42 +02:00
Armin Novak
50ce5b834d [core,server] warn if cert not RDP security compatible 2023-03-28 17:19:03 +02:00
David Fort
b7b46b8123 [codecs] make progressive honor threading flags
Progressive codec was not honoring the threading flags in settings like does
remoteFX, so even when no multiple threads decoding was asked, progressive was
using multiple threads anyway. This patch fixes it.
2023-03-20 15:32:28 +01:00
akallabeth
a5b42f0f84 [includes] untangled circular includes 2023-03-15 08:22:23 +01:00
akallabeth
61779694ee [includes] improved c++ guards 2023-03-15 08:22:23 +01:00
akallabeth
7e44d447f0 [documentation] document Authenticate and AuthenticateEx 2023-03-13 09:36:07 +01:00
Armin Novak
e9bc54e8b7 [core] improve logging in freerdp_set_last_error 2023-03-13 09:36:07 +01:00
Marc-André Moreau
b34bad2b50 fix and improve cJSON detection 2023-03-11 08:20:10 +01:00
fifthdegree
7f54770fd0 fixup! Implement support for RDS AAD 2023-03-10 16:38:07 +01:00
akallabeth
157d71e802 [core,aad] migrate to cJSON parser library 2023-03-10 16:38:07 +01:00
akallabeth
f5423caace [auth,aad] add freerdp* argument to callback 2023-03-10 16:38:07 +01:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
2023-03-10 16:38:07 +01:00
fifthdegree
5df4d4c934 Implement a basic JSON parser 2023-03-10 16:38:07 +01:00
fifthdegree
8d6c92c037 Implement base64url encoding/decoding
Tweak the base64 functions to allow for encoding and decoding base64url
as well
2023-03-10 16:38:07 +01:00
Martin Fleisz
093bf79837 common:: Fix const issues with current rdp file API 2023-03-08 14:08:34 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
2023-03-08 14:05:00 +01:00
Armin Novak
1bf0bb1a26 [server] fixed build without CHANNEL_AUDIN_SERVER 2023-03-06 21:46:51 +01:00
Armin Novak
7722961fcc [client,common] simplify file clipboard API 2023-03-05 17:55:28 +01:00
Armin Novak
bfea14a5b1 [cliprdr] deactivate local file paste if not supported
if the file clipboard was compiled without FUSE do not announce the
availability.
2023-03-05 17:55:28 +01:00
Armin Novak
39c06a4683 [client,common] fix file copy client to server 2023-03-05 17:55:28 +01:00
Armin Novak
60998a62b4 [utils] added FILEDESCRIPTORW read/write routines 2023-03-05 17:55:28 +01:00
Armin Novak
ba128f4661 [client] move file clipboard to client common 2023-03-05 17:55:28 +01:00
Armin Novak
73158a040a [client,common] add warning functions
Added helper functions to inform a user about current state of a client
in use:
* freerdp_client_warn_exeprimental warns about unstable clients
* freerdp_client_warn_deprecated warns about clients to be dropped
2023-03-01 13:45:13 +01:00
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
2023-02-28 15:49:58 +01:00
Armin Novak
acc5e2d301 [client,common] use non blocking IO
when reading from stdin use non blocking IO so that we can check if the
session terminated in between.
2023-02-28 09:47:54 +01:00
Armin Novak
4398126dde [utils,signal] remove terminal reset 2023-02-28 09:47:54 +01:00
akallabeth
b342194d4b [includes] add missing c++ guards 2023-02-27 17:31:52 +01:00
akallabeth
adce7378c3 [core,cache] make protocol caches private
most protocol internal caches do not need to be exposed. this reduces
the public API and allows us to more easily improve/change this during a
release cycle
2023-02-27 17:31:52 +01:00
Marc-André Moreau
3a8dce07ea expose last NLA/CredSSP SSPI error code (freerdp_get_nla_sspi_error) 2023-02-24 13:19:19 -05:00
Armin Novak
3c160ff8b1 [build] remove unused option WITH_DEBUG_X11_CLIPRDR 2023-02-23 20:28:15 +01:00
Armin Novak
f357312584 [utils] term signal cleanup handlers
add functions to register/unregister termination cleanup handlers
2023-02-23 20:28:15 +01:00
Armin Novak
d8d4d044ff [clipboard] cleanup definitions
* remove definitions for clipboard formats that are dynamically registered
* fix length of converted clipboard string
2023-02-23 20:28:15 +01:00
Armin Novak
b8a709ccda [client,x11] fixed file clipboard cache
if files are pasted in different file-browser (or e.g. xclip is used)
the data was retrieved in wrong format.
2023-02-21 16:42:54 +01:00
Armin Novak
68d3bcb99a [clipboard] remove linux specifics from channels/cliprdr.h 2023-02-21 16:42:54 +01:00
akallabeth
2d94ff3f9e [settings] remove obsolete keys
* CertificateFile and CertificateContent are no longer used
* PrivateKeyFile and PrivateKeyContent are no longer used
2023-02-16 10:06:17 +01:00
Armin Novak
25023d3a3a [client,scard] fix missing callback instance arg
every callback requires context, add freerdp* instance just as the
Authenticate et al callbacks already have
2023-02-15 13:34:18 +01:00
Armin Novak
5d97a03bf4 [client] auto intialize callbacks
initialize all message/user query callbacks with client_cli_*
2023-02-15 13:34:18 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
081e187db8 [crypto] add function to determine if RSA is in use 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
b869927407 [proxy,config] extract PEM from config file
* Read a PEM file if provided via config
* Base64 decode if the certificate/private key are provided in the
  config file
2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa [crypto] added PEM file read/write helpers 2023-02-12 20:17:11 +01:00
akallabeth
4499a55f43 [core,smartcardlogon] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
Martin Fleisz
4b9fb8fff9 proxy: Fix NLA to TLS fallback connection
Currently the proxy's TLS fallback if an NLA connection attempt failed
is broken. There are two issues with the current code that this PR
fixes:

- freerdp_reconnect is used which requires an already established
  connection to work correctly. This is not the case since the NLA
  connectin attempt failed. This resulted in a seemingly working TLS
  connection but i.e. channels where missing/not working.
- The fallback connection attempt just altered the NLA security setting
  in the instance's settings. However these settings have been already
  modified by the NLA connection attempt so we need to create a copy of
  the original connection settings before doing the first connect.

The PR also introduces freerdp_reset_context which restores the initial
connection settings for the given instance.
2023-02-09 12:49:47 +01:00
Armin Novak
a7c0a8c5f1 [autodetect] expose AUTODETECT_STATE 2023-02-09 12:34:27 +01:00
Armin Novak
7b140a12c7 [autodetect] add pointer for custom user data 2023-02-09 12:34:27 +01:00
akallabeth
2eda0aa2ea [core,settings] remove unused setting 2023-02-03 11:24:32 +01:00
akallabeth
7c1007b1b6 [core,crypto] removed rsa functions from public API
should only be used internally
2023-02-03 11:09:59 +01:00
akallabeth
a3152871ab [core,crypto] refactor rsa functions
* public encrypt/decrypt take rdpCertInfo data as argument
* private encrypt/decrypt take rdpRsaKey as argument
* Add missing length arguments
2023-02-03 11:09:59 +01:00
akallabeth
2c2e9602b3 [core] refactor certificate handling
* Remove duplications in rdpRsaKey, reuse rdpCertificate for public
  components
* Move all private key and certificate code to certificate.c,
  remove the tssk_* variables from gcc
* Handle update of client and server random keys in wrapping functions
* Simplify gcc_write_server_security_data, use certificate.c functions
  to write the certificate data
* Refactor security_establish_keys, use the random values stored in
  settings directly
2023-02-03 11:09:59 +01:00
Armin Novak
cd48e17740 [gateway,settings] add GatewayAutoConsent option
with this option the client automatically accepts consent messages of
the gateway server.
2023-02-03 11:08:46 +01:00
akallabeth
ee07a13130 [cleanup] fix compiler warnings 2023-01-26 09:30:17 +01:00
akallabeth
f26079edf2 [proxy] implement dynamic channel filter
* Allow modules to configure intercept channels
* Allow modules to rewrite packets
2023-01-26 09:30:17 +01:00