Commit Graph

16824 Commits

Author SHA1 Message Date
akallabeth
ea42df2ccd [server,windows] update certificate loading 2023-02-16 10:06:17 +01:00
akallabeth
8b95030f5e [cryto,cert] clean up code 2023-02-16 10:06:17 +01:00
akallabeth
a2b23a83ab [crypto,cert] only extract server certificate 2023-02-16 10:06:17 +01:00
akallabeth
ad1af95438 Removed duplicate rdp security checks 2023-02-16 10:06:17 +01:00
akallabeth
8205bc5f6b [core,peer] add RSA certificate check 2023-02-16 10:06:17 +01:00
akallabeth
895ae8b137 [core] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
akallabeth
87e90903ab [server,proxy] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
akallabeth
fe287e199b [server,shadow] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
akallabeth
4d4be4d892 [server,sample] only use rdpRsaKey and rdpCertificate 2023-02-16 10:06:17 +01:00
akallabeth
2d94ff3f9e [settings] remove obsolete keys
* CertificateFile and CertificateContent are no longer used
* PrivateKeyFile and PrivateKeyContent are no longer used
2023-02-16 10:06:17 +01:00
akallabeth
45dfeabe92 [client,common] set default callbacks before ClientNew
ohterwise the default callbacks might override custom callbacks set by
an implementation by accident
2023-02-16 08:16:09 +01:00
akallabeth
a7dc9eb82c [tests] explicitly deactivate client callbacks for test 2023-02-15 13:34:18 +01:00
Armin Novak
25023d3a3a [client,scard] fix missing callback instance arg
every callback requires context, add freerdp* instance just as the
Authenticate et al callbacks already have
2023-02-15 13:34:18 +01:00
Armin Novak
5d97a03bf4 [client] auto intialize callbacks
initialize all message/user query callbacks with client_cli_*
2023-02-15 13:34:18 +01:00
akallabeth
caaf4edffa [clients] clean up .gitignore
too much was ignored, clean up the list
2023-02-15 13:34:18 +01:00
Martin Fleisz
5f9db5a89c core: Fix pointer corruption with d2i_X509
The `d2i_X509` function manipulates the passed pointer on success. This
resulted in a corrupted `rdpCertBlob` struct, crashing later on free.
2023-02-14 09:44:10 +01:00
akallabeth
ff3c7c82ee [client,x11] fix /gdi:hw drawing. 2023-02-14 09:30:45 +01:00
akallabeth
34bc5e15f5 [core,gateway] fixed missing/wrong return 2023-02-14 08:43:23 +01:00
Martin Fleisz
1f903f80a5 core: Add possibility to distinguish between auth cancelled and no creds
Currently if the authentication callback returns `FALSE` the utils
function handle this as scenario as no credentials provided (returns
`AUTH_NO_CREDENTIALS)`.

This PR introduces a new `auth_status` called `AUTH_CANCELLED` that is
returned if the authentication callback returns `FALSE`. If the callback
returns `TRUE` and username or password are empty the util function will
continue to return `AUTH_NO_CREDENTIALS`.

THe PR also fixes some incorrect returns in RPC over HTTP gateway code.
2023-02-14 08:43:23 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
Armin Novak
13d96cca9f [emu,scard] fix key sizes 2023-02-12 20:17:11 +01:00
Armin Novak
b77be1ad61 [emu,scard] use RSA struct instead of rdpCertInfo
rdpCertInfo has the RSA key in RDP specific format. Prefer direct
extraction from certificate or key
2023-02-12 20:17:11 +01:00
Armin Novak
91370e4437 [crypto,cert] use malloc for der certificate 2023-02-12 20:17:11 +01:00
Armin Novak
0cb3afd4bc [emu,scard] check for valid RSA 2023-02-12 20:17:11 +01:00
akallabeth
c306ad4c51 [crypto,cert] add RSA key check 2023-02-12 20:17:11 +01:00
akallabeth
081e187db8 [crypto] add function to determine if RSA is in use 2023-02-12 20:17:11 +01:00
akallabeth
00baf58a71 [crypto,x509] simplify retrieval of default signature digest 2023-02-12 20:17:11 +01:00
akallabeth
e43b4bc091 [crypto,common] remove unused function 2023-02-12 20:17:11 +01:00
akallabeth
55b0af1993 [cryto,x509] cleaned up header 2023-02-12 20:17:11 +01:00
akallabeth
1aa8c97a67 [crypto,key] use EVP_PKEY_up_ref
The function is available since OpenSSL 1.1.0 instead of 3.0 for
EVP_PKEY_dup
2023-02-12 20:17:11 +01:00
akallabeth
1397f4c605 [crypto] added evp_pkey private getter 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
7728df6804 [client,mac] fix wrong getter for ServerPort 2023-02-12 20:17:11 +01:00
akallabeth
b869927407 [proxy,config] extract PEM from config file
* Read a PEM file if provided via config
* Base64 decode if the certificate/private key are provided in the
  config file
2023-02-12 20:17:11 +01:00
akallabeth
87b30958a6 [cyrpto] unify PEM read/write
use crypto_read_pem and crypto_write_pem in all places required
2023-02-12 20:17:11 +01:00
akallabeth
1d3c6518fa [crypto] added PEM file read/write helpers 2023-02-12 20:17:11 +01:00
akallabeth
ac037327d5 [core,redirection] fix Wshadow 2023-02-12 20:17:11 +01:00
akallabeth
ab2de5d60c [proxy,filter] fixed uninitialized value in bitmap-filter 2023-02-12 20:17:11 +01:00
akallabeth
9e8fc60a45 [client,common] add openssl includes for TLS version 2023-02-12 20:17:11 +01:00
akallabeth
d1ddf7a6c7 [crypto,test] update to new cert/crypto API 2023-02-12 20:17:11 +01:00
akallabeth
7cd597015a [crypot,tls] use new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
94b2f551b3 [core] update to new crypto/cert API 2023-02-12 20:17:11 +01:00
akallabeth
67bd1d08d3 [emu,scard] use rdpCertificate and rdpRsaKey 2023-02-12 20:17:11 +01:00
akallabeth
b5d1ea7138 [core,license] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
4499a55f43 [core,smartcardlogon] use rdpCertificate 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
2023-02-12 20:17:11 +01:00
Martin Fleisz
35c24f208b core: Fix invalid string length 2023-02-09 12:49:47 +01:00
Martin Fleisz
4b9fb8fff9 proxy: Fix NLA to TLS fallback connection
Currently the proxy's TLS fallback if an NLA connection attempt failed
is broken. There are two issues with the current code that this PR
fixes:

- freerdp_reconnect is used which requires an already established
  connection to work correctly. This is not the case since the NLA
  connectin attempt failed. This resulted in a seemingly working TLS
  connection but i.e. channels where missing/not working.
- The fallback connection attempt just altered the NLA security setting
  in the instance's settings. However these settings have been already
  modified by the NLA connection attempt so we need to create a copy of
  the original connection settings before doing the first connect.

The PR also introduces freerdp_reset_context which restores the initial
connection settings for the given instance.
2023-02-09 12:49:47 +01:00
Armin Novak
a7c0a8c5f1 [autodetect] expose AUTODETECT_STATE 2023-02-09 12:34:27 +01:00
Armin Novak
7b140a12c7 [autodetect] add pointer for custom user data 2023-02-09 12:34:27 +01:00