mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,800 Commits 6 Branches 74 Tags 84 MiB
Commit Graph

100 Commits

Author SHA1 Message Date
akallabeth c61fc2a0fa [server,shadow] improve shadow help and startup checks 
a SAM file is required for the shadow server to work if NLA is
activated. Better document that and abort startup if no file is
available.
 2024-02-26 20:59:39 +01:00
akallabeth d7ebec5a65 [tidy] move loop variable declaration to loop 2024-02-22 12:31:50 +01:00
akallabeth 81d2c1f057 [clang-tidy] clang-analyzer-core.NullDereference 2024-02-15 11:49:16 +01:00
akallabeth 0ba995655d [clang-tidy] cppcoreguidelines-init-variables 2024-02-15 11:49:16 +01:00
akallabeth 207def5c56 [clang-tidy] readability-isolate-declaration 2024-02-15 11:49:16 +01:00
efferre79 5b731aca4d command line help should not be part of the log info 2024-01-11 09:12:57 +01:00
Armin Novak 736658a2d1 [server,shadow] fix missing set NULL after free 2023-12-15 23:21:37 +01:00
Armin Novak 9449c8c3df [server,shadow] fix opaque settings build 2023-11-24 18:19:03 +01:00
akallabeth 1f236ade7a [server] make settings opaque 2023-11-24 14:54:56 +01:00
David Fort 061148f856 [nla] initial server-side remote credential guard support 
Adds support for server-side remote credential guard in NLA. When enabled that allows
the remote user to connect without shipping credentials in TSCred packets. Instead
it will send his TGT encoded with a TGS from the remote server. This way the server
is able to populate that TGT in a local credential cache without knowing the user's
password.

The patch only treats the NLA part and does not contain the associated RDPEAR channel
that allows to have the complete interaction to retrieve new access tokens.
 2023-11-20 16:17:00 +01:00
Armin Novak 4803ba046c [server,shadow] implement CheckPeerAcceptRestrictions 
Implement a (optional) peer limitation check for shadow server.
with the command line option /max-connections:<number> the maximum
number of simultaneous connections can be limited.
 2023-06-14 17:15:21 +02:00
akallabeth a71da162ae [server,shadow] require NLA off if -auth is requested. 
* Default to authentication required for shadow server (invert previous
  default)
* force NLA off if authentication is disabled
 2023-06-12 15:04:05 +02:00
Armin Novak 50ce5b834d [core,server] warn if cert not RDP security compatible 2023-03-28 17:19:03 +02:00
Armin Novak 49f44303b1 [server,shadow] clean up certificate generation 2023-03-08 13:07:20 +01:00
Armin Novak 00f8cd350b [server,shadow] abort on invalid key/certificate 2023-03-08 13:07:20 +01:00
akallabeth ad1af95438 Removed duplicate rdp security checks 2023-02-16 10:06:17 +01:00
akallabeth fe287e199b [server,shadow] use rdpPrivateKey and rdpCertificate 2023-02-16 10:06:17 +01:00
akallabeth 97e397e768 [server,shadow] simplify resource cleanup 2023-02-03 11:09:59 +01:00
David Fort 4fc7a9417d
Various fixes / improvements (#8146) 
* xfreerdp: fix typo in logs

* winpr: file appender, small code cleanup

* shadow-server: add an option for TLS secrets

This allows to dissect connections to the shadow server.
 2022-08-22 09:42:15 +02:00
fifthdegree 7901a26a16
Kerberos User 2 User support (#8070) 
* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
 2022-08-17 12:25:26 +02:00
fifthdegree 8f7be42540 return check 2022-06-21 10:27:17 +02:00
fifthdegree eeece1a027 server-side kerberos (and some fixes) 2022-06-21 10:27:17 +02:00
akallabeth ec699f6c75 scanbuild fixes 2022-04-28 12:37:19 +02:00
Armin Novak 4d03d7c0bf Freerdp remove #ifdef HAVE_CONFIG_H 2022-03-03 11:26:48 +01:00
Armin Novak b2ad47a809 Reorganized FreeRDP headers 2022-03-03 11:26:48 +01:00
Armin Novak fd5ac4eed0 Cleaned up wnd.h includes 2021-12-23 14:27:12 +01:00
Armin Novak 0f8c52b9ca Fixed const warnings with argument parser 2021-09-09 08:53:20 +02:00
akallabeth 7dfdd248ee
Monitor coordinates are exclusive (#7145) 
* Monitor coordinates are exclusive

* Remove force override of shadow resolution.

The client might ignore the server requested values, in that case
retry
 2021-07-07 11:54:01 +02:00
akallabeth 6deb65175f Added GFX planar and rfx encoder to shadow 2021-07-01 11:56:17 +02:00
akallabeth bd256b91bc Fixed disabling of AVC444 mode if requested 2021-07-01 11:56:17 +02:00
akallabeth 3ac50697a0 Added RDPGFX_CODECID_UNCOMPRESSED path to shadow 2021-06-30 15:59:07 +02:00
Armin Novak ea78e33d17 server: Fixed warnings, added assertions 2021-06-18 11:32:16 +02:00
Armin Novak 1fd72ded43 Fixed compilation warnings 2021-06-16 14:26:06 +02:00
akallabeth 6b36c6d417
Replace fopen and path functions with wrappers (#7043) 
Functions like fopen, PathFileExists, PathMakePath need to call
the wide character versions on windows for utf-8 support.
 2021-05-31 11:42:03 +02:00
Armin Novak 6f2c6625e4 Added FREERDP/WINPR prefix to define GIT_REVISION 2021-05-18 13:37:34 +02:00
Armin Novak 8cd61a01ff Refactored shadow argument parsing 
* Remove global struct
* Add logger options
 2021-04-16 17:06:27 +02:00
akallabeth 6d86e20e1e Fixed double free 2020-06-22 11:51:38 +02:00
Linus Heckemann 5ce0ab909f
shadow_server: allow specifying IP addresses to listen on (#6050) 
* shadow_server: allow specifying IP addresses to listen on

This allows using IPv6 as well as listening only on specific
interfaces. Additionally, it enables listening on local and TCP
sockets simultaneously.

* listener: log address with square brackets

This disambiguates IPv6 addresses.

* shadow_server: check error on each socket binding

* Refactored shadow /bind-address for 2.0 compiatibility.

* Made /ipc-socket and /bind-address incompatible arguments.

* Fixed shadow /bind-address handling and description

* Allow multiple bind addresses for shadow server.

Co-authored-by: akallabeth <akallabeth@posteo.net>
 2020-05-05 08:35:19 +02:00
Armin Novak 72ca88f49c Reformatted to new style 2019-11-07 10:53:54 +01:00
Martin Fleisz bc39b32d20
Merge pull request #5685 from akallabeth/multi_instance_arg_parse 
COMMAND_LINE_ARGUMENT structs contain parser results, use one per instance
 2019-11-06 09:09:22 +01:00
Armin Novak f01e042211 Code cleanups (strlen, casts, size_t, ...) 2019-10-29 11:58:43 +01:00
Armin Novak 10ce60ade1 Use COMMAND_LINE_ARGUMENT_A copy also in shadow server code. 2019-10-28 13:30:05 +01:00
Armin Novak 0c87eaee4d COMMAND_LINE_ARGUMENT structs contain parser results, use one per instance 
Remove the old global structs as the parser modifies them. When using
multiple instances in the same process space this could break parsing.
 2019-10-28 13:30:05 +01:00
Armin Novak 19e4eb5d09 Added /buildconfig command line for shadow. 2019-10-04 16:19:23 +02:00
Armin Novak 93bf375686 Refactored settings getter/setter to stay compatible. 2019-05-08 14:35:25 +02:00
Armin Novak e76b5d442b Silenced unused parameter warnings, added log messages. 2019-04-05 09:14:35 +02:00
Pascal J. Bourguignon 15f2bafeab Cleaned up const char** -> char** for argv, since we definitely do modify the argv! 
(we overwrite the password and pin arguments).
This implies changes in the argument parsing tests that now must pass a mutable argv
(copied from the statically declared test argvs).
Some other const inconsistency have been dealt with too.
 2018-06-06 16:43:09 +02:00
Armin Novak 2517755d25 Fixed thread function return and parameters. 2018-03-07 14:36:55 +01:00
Armin Novak bb061cedb1 Increased target bitrate for shadow server. 
The target bitrate (1Mbit) was much too small for proper shadowing
on devices with higher resolutions. Increased to 10Mbit to improve
image quality.
 2018-02-02 13:59:08 +01:00
Armin Novak 33271415fe Fixed /monitors argument checks. 2017-11-29 14:13:50 +01:00