mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,962 Commits 6 Branches 74 Tags
Commit Graph

384 Commits

Author SHA1 Message Date
akallabeth
ecc21a2cfc [settings] add freerdp_settings_copy_item 
convenience function to copy a value of opaque type from one settings
struct to another, cleaning up possible existing data first
 2023-11-24 14:54:56 +01:00
David Fort
061148f856 [nla] initial server-side remote credential guard support 
Adds support for server-side remote credential guard in NLA. When enabled that allows
the remote user to connect without shipping credentials in TSCred packets. Instead
it will send his TGT encoded with a TGS from the remote server. This way the server
is able to populate that TGT in a local credential cache without knowing the user's
password.

The patch only treats the NLA part and does not contain the associated RDPEAR channel
that allows to have the complete interaction to retrieve new access tokens.
 2023-11-20 16:17:00 +01:00
Mariusz Bialonczyk
1d1171489f [tools] update-settings-tests, update-rdpSettings, clang-format 2023-10-19 16:37:28 +02:00
akallabeth
4d99b4ff9b [settings] add ClipboardUseSelection 2023-10-19 14:22:19 +02:00
Pascal Nowack
9835a916ae settings: Add missing to_string() case for RDP_VERSION_10_12 2023-10-19 04:47:53 +02:00
Pascal Nowack
038660949c settings: Fix wrong version string 2023-10-19 04:47:53 +02:00
Armin Novak
60390ea40c [pragma] unify compiler diagnostics 2023-10-16 15:10:13 +02:00
akallabeth
1f7bc15bb1 [settings] add HasQoeEvent 2023-10-13 16:05:27 +02:00
akallabeth
910e3b9fb4 [settings] added new setting for HasRelativeMouseEvent 2023-10-13 16:05:27 +02:00
David Fort
3c18a9980f [client,win32] implement connection to child session 
Under windows you can connect to a child session by requesting a named pipe to
the local server, and then do some RDP on this named pipe.
The protocol is like for /vmconnect with CredSSP, then Nego and then the "normal"
workflow for a connection. For CredSSP we force the usage of NTLM for the Negociate
SSPI, and the credentials are empty.
 2023-09-27 11:57:49 +02:00
akallabeth
635626be12 [client,common] avd related keys to rdp file parser 2023-09-21 10:30:09 +02:00
akallabeth
b4ce44c290 [settings] add freerdp_settings_take_string 
this function can take an allocated value, set the settings string to it
and free it up once replaced by something else.
 2023-09-02 07:56:21 +02:00
Marc-André Moreau
30c31d64e8 WinSCard dynamic API loading with /winscard-module cli argument 2023-08-23 12:26:27 +02:00
Armin Novak
e61880d077 [standard] replace __FUNCTION__ with __func__ 2023-07-27 20:02:43 +02:00
Armin Novak
70ddb6518a [PathCchAppend] fix missing return checks 2023-07-26 10:57:42 +02:00
Armin Novak
3d1bb4e1d9 [client,common] allow forcing default callbacks 
All clients can implement their own callbacks for
certificate/credential/smartcard/... but there is a common (default)
implementation for all clients.
with the new setting FreeRDP_UseCommonStdioCallbacks it is now possible
to force these over the client implementation provided ones
 2023-07-20 14:25:08 +02:00
akallabeth
ee078cdda4 [warnings] fix format string warnings 2023-07-20 14:20:28 +02:00
Armin Novak
10e010329c [client,file] add WebAuthN rdp file parsing support 2023-07-10 10:45:28 +02:00
akallabeth
a01f3ec5ab [client,common] allow adding a named keyboard pipe 
This allows starting FreeRDP clients with a named pipe that will type in
text written to the named pipe as keyboard input
 2023-07-03 13:21:43 +02:00
akallabeth
4fb7035242 [common,assistance] fix shadowed variable 2023-06-29 18:34:51 +02:00
Michael Saxl
d55e035260 [gateway,arm] Azure Virtual Desktop Gateway support 
This PR creates a new /gateway:type:arm transport.
It depends on CJSON

The arm transport is not a transport by itself but is responsible
for getting the websocket endpoint from a configuration url derived from
the configured gateway host in the rdpw file or cmdline
 2023-06-27 21:15:08 +02:00
Michael Saxl
44c1ec3276 [gateway,websocket] implement plain websocket transport 
* factor out most websocket specific code parts into websocket.c
* create wst.c (Websocket Transport) as gateway transport implementation
* introduce GatewayUrl setting that holds the websocket url
* introduce GatewayHttpExtAuthBearer that holds the HTTP Bearer
* GatewayHttpExtAuthBearer can be used by both rdg and wst
 2023-06-22 09:21:42 +02:00
Michael Saxl
6478edda5b rdg bearer support 2023-06-22 09:21:42 +02:00
akallabeth
1fc0d5b4b1 [winpr] remove casts for winpr_RAND calls 2023-06-21 09:57:52 +02:00
Armin Novak
e264512220 [common,assistance] fix missing NULL check 2023-06-19 09:24:18 +02:00
Armin Novak
84320903c3 [common,assistance] add test case 2023-06-19 09:24:18 +02:00
akallabeth
18df3176e1 [common,assistance] fix assistance file parser 
* ensure a valid delimiter is following the token searched for
* add a test case to ensure this works
 2023-06-16 09:14:10 +02:00
Armin Novak
010e1252c4 [common,assistance] fix NULL argument for strstr 2023-06-14 13:50:59 +02:00
akallabeth
89bbed83db [common,assistance] clean up assistance file parser 2023-06-13 10:03:57 +02:00
Sergey Bronnikov
62697e58d9 [libfreerdp] Pass a zero-terminated string to freerdp_assistance_parse_file_buffer 
```
READ of size 2 at 0x602000000091 thread T0
SCARINESS: 14 (2-byte-read-heap-buffer-overflow)
    #0 0x4c6fb9 in StrstrCheck(void*, char*, char const*, char const*) /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:580:5
    #1 0x4c6df1 in strstr /src/llvm-project/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors.inc:597:5
    #2 0x56c9ba in freerdp_assistance_parse_file_buffer /src/FreeRDP/libfreerdp/common/assistance.c:743:6
    #3 0x56b58e in parse_file_buffer /src/FreeRDP/libfreerdp/common/test/TestFuzzCommonAssistanceParseFileBuffer.c:11:11
    #4 0x56b58e in LLVMFuzzerTestOneInput /src/FreeRDP/libfreerdp/common/test/TestFuzzCommonAssistanceParseFileBuffer.c:20:2
    #5 0x43f5e3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #6 0x440994 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:804:3
```
 2023-06-07 14:25:57 +02:00
Sergey Bronnikov
3266dc984a [libfreerdp] Fix TestFuzzCommonAssistanceHexStringToBin 
Test breaks contract in freerdp_assistance_hex_string_to_bin():
function expects zero-terminated string. Patch fixes that.
 2023-06-07 14:25:57 +02:00
Sergey Bronnikov
d8254c5ff3 [libfreerdp] Fix msan's use-of-uninitialized-value 
Uninitialized bytes in __interceptor_strlen at offset 0 inside [0x701000000040, 1)
==220==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x535c13 in freerdp_assistance_hex_string_to_bin /src/FreeRDP/libfreerdp/common/assistance.c:711:11
    #1 0x533deb in LLVMFuzzerTestOneInput /src/FreeRDP/libfreerdp/common/test/TestFuzzCommonAssistanceHexStringToBin.c:5:15
    #2 0x43f5f3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #3 0x4409a4 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:804:3
    #4 0x440e79 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3
    #5 0x4304df in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #6 0x459b32 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
    #7 0x7effc08bb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #8 0x420f1d in _start (/tmp/not-out/tmpu5o6go0a/TestFuzzCommonAssistanceHexStringToBin+0x420f1d)
 2023-06-07 14:25:57 +02:00
Armin Novak
a4c6b36a19 [build] fix memory sanitizer stack frame warnings 2023-06-07 09:14:45 +02:00
Sergey Bronnikov
b1ae467ae2 [libfreerdp/common] Add fuzzing tests 
Part of #5063
Closes #6681
 2023-06-05 11:28:48 +02:00
akallabeth
393577750e [settings] add FreeRDP_ClipboardFeatureMask 2023-05-25 16:26:39 +02:00
Richard Markiewicz
13e52cfae2 [channels,settings] add a setting to ignore invalid devices 2023-04-24 11:29:05 +02:00
Armin Novak
391f5e0ddb [settings] add freerdp_supported_color_depths_string 2023-04-13 14:35:51 +02:00
Armin Novak
39767c5423 [settings] add supported color depths setting 2023-04-13 14:35:51 +02:00
fifthdegree
4cbfa006f2 Implement support for RDS AAD 
Have a working implementation of the RDS AAD enhanced security mechanism
for Azure AD logons
 2023-03-10 16:38:07 +01:00
Joan Torres
7c24da917e Add RDSTLS security protocol 
The client tries to connect using RDSTLS only when it has received a
server redirection PDU with LB_PASSWORD_IS_ENCRYPTED flag.

The server exposes RDSTLS on negotiation if it has been configured on settings.
Then authenticates a client using configured credentials from settings:
RedirectionGuid, Username, Domain, Password.
 2023-03-08 14:05:00 +01:00
Armin Novak
ae8f0106bd [core,redirect] extract and check redirection cert 
* extract the certificate from the redirection PDU
* if there is a certificate provided accept it if it matches the
  redirection target certificate without further user checks
 2023-02-28 15:49:58 +01:00
akallabeth
2d94ff3f9e [settings] remove obsolete keys 
* CertificateFile and CertificateContent are no longer used
* PrivateKeyFile and PrivateKeyContent are no longer used
 2023-02-16 10:06:17 +01:00
Armin Novak
a7dac52a42 [license] updated copyright headers 2023-02-12 20:17:11 +01:00
akallabeth
af371bef6a [crypto] rename rdpRsaKey to rdpPrivateKey 2023-02-12 20:17:11 +01:00
akallabeth
9b51df8b10 [core,crypto] refactor certificate management 
* Properly split certificate_store, certificate_data, certificate and
  private key functions to files
* Prefix all functions with freerdp_ to have a unique name
* Update certificate store to use one file per host instead of
  known_hosts2
* Merge CryptoCert and rdpCertificate
 2023-02-12 20:17:11 +01:00
akallabeth
2eda0aa2ea [core,settings] remove unused setting 2023-02-03 11:24:32 +01:00
Armin Novak
cd48e17740 [gateway,settings] add GatewayAutoConsent option 
with this option the client automatically accepts consent messages of
the gateway server.
 2023-02-03 11:08:46 +01:00
Armin Novak
0c496681f5 [core,settings] fix use of FreeRDP_TargetNetPorts 2023-02-01 09:51:54 +01:00
akallabeth
da42a2141e [core,settings] update getter/setter generation 
fix issues with const and non const string pointer update
 2023-02-01 09:51:54 +01:00
Armin Novak
641022b795 [logging] remove __FUNCTION__ from actual message 
prefer the log formatter to provide that information.
 2023-01-25 16:26:39 +01:00