Commit Graph

622 Commits

Author SHA1 Message Date
Petr Sumbera
17df42e4b5 Fixes some build issues on Solaris 11. 2015-02-02 08:48:54 -08:00
Bernhard Miklautz
43beef36ff rdtk/shadow: install libraries versioned 2014-12-12 19:26:23 +01:00
Bernhard Miklautz
1b663ceffe build: cmake 3.1 compatibility
* fix problem with REMOVE_DUPLICATES on undefined lists
* since 3.1 file(GLOB FILEPATHS RELATIVE .. returns single / instead of // as
  previously - necessary adoptions for regex and matches done. Should
	work with all cmake versions.

Tested with 3.1.0-rc3
2014-12-12 19:26:22 +01:00
Norbert Federa
939f1c639a Standard RDP Security Layer Levels/Method Overhaul
[MS-RDPBCGR] Section 5.3 describes the encryption level and method values for
standard RDP security.

Looking at the current usage of these values in the FreeRDP code gives me
reason to believe that there is a certain lack of understanding of how these
values should be handled.

The encryption level is only configured on the server side in the "Encryption
Level" setting found in the Remote Desktop Session Host Configuration RDP-Tcp
properties dialog and this value is never transferred from the client to the
server over the wire.
The possible options are "None", "Low", "Client Compatible", "High" and
"FIPS Compliant". The client receices this value in the Server Security Data
block (TS_UD_SC_SEC1), probably only for informational purposes and maybe to
give the client the possibility to verify if the server's decision for the
encryption method confirms to the server's encryption level.
The possible encryption methods are "NONE", "40BIT", "56BIT", "128BIT" and
"FIPS" and the RDP client advertises the ones it supports to the server in the
Client Security Data block (TS_UD_CS_SEC).
The server's configured encryption level value restricts the possible final
encryption method.
Something that I was not able to find in the documentation is the priority
level of the individual encryption methods based on which the server makes its
final method decision if there are several options.
My analysis with Windows Servers reveiled that the order is 128, 56, 40, FIPS.
The server only chooses FIPS if the level is "FIPS Comliant" or if it is the
only method advertised by the client.

Bottom line:
* FreeRDP's client side does not need to set settings->EncryptionLevel
(which was done quite frequently).
* FreeRDP's server side does not have to set the supported encryption methods
list in settings->EncryptionMethods

Changes in this commit:

Removed unnecessary/confusing changes of EncryptionLevel/Methods settings

Refactor settings->DisableEncryption
* This value actually means "Advanced RDP Encryption (NLA/TLS) is NOT used"
* The old name caused lots of confusion among developers
* Renamed it to "UseRdpSecurityLayer" (the compare logic stays untouched)

Any client's setting of settings->EncryptionMethods were annihilated
* All clients "want" to set all supported methods
* Some clients forgot 56bit because 56bit was not supported at the time the
code was written
* settings->EncryptionMethods was overwritten anyways in nego_connect()
* Removed all client side settings of settings->EncryptionMethods
The default is "None" (0)
* Changed nego_connect() to advertise all supported methods if
settings->EncryptionMethods is 0 (None)
* Added a commandline option /encryption-methods:comma separated list of the
values "40", "56", "128", "FIPS". E.g. /encryption-methods:56,128
* Print warning if server chooses non-advertised method

Verify received level and method in client's gcc_read_server_security_data
* Only accept valid/known encryption methods
* Verify encryption level/method combinations according to MS-RDPBCGR 5.3.2

Server implementations can now set settings->EncryptionLevel
* The default for settings->EncryptionLevel is 0 (None)
* nego_send_negotiation_response() changes it to ClientCompatible in that case
* default to ClientCompatible if the server implementation set an invalid level

Fix server's gcc_write_server_security_data
* Verify server encryption level value set by server implementations
* Choose rdp encryption method based on level and supported client methods
* Moved FIPS to the lowest priority (only used if other methods are possible)

Updated sample server
* Support RDP Security (RdpKeyFile was not set)
* Added commented sample code for setting the security level
2014-12-12 02:17:12 +01:00
Armin Novak
547054a48b Fixed uninitialized value. 2014-12-07 00:23:46 +01:00
Marc-André Moreau
7881ec762e server/shadow: avoid sending pointer updates when not active, fix remdesk leak 2014-11-21 15:10:39 -05:00
Marc-André Moreau
ab9a4318c8 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-11-18 14:21:55 -05:00
Marc-André Moreau
4fbec7633a cmake: add WITH_FREERDS option 2014-11-17 12:31:31 -05:00
Marc-André Moreau
8a7a71a7b6 Merge pull request #2213 from akallabeth/wlog_callback_appender
Wlog callback appender
2014-11-17 09:41:58 -05:00
Armin Novak
c44f85c2b4 Fixed memory leak. 2014-11-17 00:42:05 +01:00
Armin Novak
f34ee395eb Fixed memory leak. 2014-11-17 00:34:17 +01:00
Armin Novak
d9b889ddb7 Fixed memory leak. 2014-11-17 00:33:37 +01:00
Armin Novak
232aa89efd Fixed memory leak. 2014-11-17 00:22:33 +01:00
Armin Novak
7c3adc8449 Fixed nonnull warning. 2014-11-17 00:21:04 +01:00
Armin Novak
8d4589b1e1 Replaced fprintf error messages with WLog. 2014-11-16 12:21:38 +01:00
Marc-André Moreau
496ce10637 Merge branch 'master' of github.com:FreeRDP/FreeRDP 2014-11-15 12:37:29 -05:00
Marc-André Moreau
ddedc574f3 freerdp: remove tcp, uds utils 2014-11-12 14:06:34 -05:00
Bernhard Miklautz
3e0e0c868e Revert a bug introduced in PR #2134
FREERDP_CHANNELS_SERVER_SRCS need to be added to server/common that the
symbols get added and exported with libfreerdp-server.

Also remove duplicated version information.
2014-11-12 17:15:13 +01:00
Marc-André Moreau
04299bb18b shadow: improve pointer updates 2014-11-07 13:51:10 -05:00
Marc-André Moreau
a538e791b3 shadow: add improved pointer updates 2014-11-06 17:25:41 -05:00
Marc-André Moreau
ad611b5c09 Merge branch 'master' of github.com:awakecoding/FreeRDP 2014-11-04 10:34:06 -05:00
Vic Lee
288097e271 Removed library prefix on Windows def files. 2014-11-03 12:39:27 +08:00
Martin Fleisz
0be28ba0f6 Merge pull request #1965 from akallabeth/dynamic-addin-naming
Dynamic channel library naming
2014-10-31 13:42:16 +01:00
Marc-André Moreau
eea475b436 shadow: fix null ClientDir 2014-10-29 16:11:22 -07:00
Marc-André Moreau
d85a2bf3e6 shadow: fix bitmap update fragmentation 2014-10-25 15:36:36 -04:00
Armin Novak
22c775988b Using global RC_VERSION_PATCH now. 2014-10-09 16:20:32 +02:00
Armin Novak
89bb28adb2 Fixed setting of RV_VERSION_PATCH, now BUILD_NUMBER is used for every library.
Executable names are now correctly set, using CMAKE_EXECUTABLE_SUFFIX now.
Fixed version defines for winpr executables.
2014-10-09 16:18:35 +02:00
Armin Novak
5364a834c4 Added windows version information to build. 2014-10-03 15:17:40 +02:00
Marc-André Moreau
7da4621334 librdtk: improve text positioning 2014-10-01 12:18:17 -04:00
Marc-André Moreau
24b594d592 librdtk: stub NinePatch, TextField and Button 2014-09-30 14:54:36 -04:00
Marc-André Moreau
abd87ace55 rdtk: initial commit 2014-09-29 16:08:08 -04:00
Marc-André Moreau
169a9c83ee shadow: initial font rendering 2014-09-29 14:07:48 -04:00
Marc-André Moreau
6eeace868b shadow: start bitmap font loader 2014-09-28 21:41:12 -04:00
Marc-André Moreau
668aa17a22 shadow: add X11 PAM authentication 2014-09-26 19:03:48 -04:00
Marc-André Moreau
315d16a978 shadow: fix X11 extended keycodes 2014-09-26 17:51:45 -04:00
Marc-André Moreau
255bd6f7a2 shadow: fix bitmap updates 2014-09-24 13:17:52 -04:00
Marc-André Moreau
41282e569f shadow: fix surface frame markers 2014-09-24 12:10:02 -04:00
Marc-André Moreau
ea84067c80 shadow: add workaround for Mac RDP client 2014-09-23 21:05:10 -04:00
Marc-André Moreau
8123a1d9b8 libfreerdp-codec: refactor NSCodec 2014-09-23 20:00:26 -04:00
Marc-André Moreau
af858e8f2a shadow: disable RemoteFX if connection type is not LAN 2014-09-23 18:19:05 -04:00
Marc-André Moreau
7574788ba5 libfreerdp-core: fix GCC core data block negotiation 2014-09-22 11:38:33 -04:00
Marc-André Moreau
343947143e shadow/X11: fix color depth check 2014-09-22 10:06:16 -04:00
Marc-André Moreau
e20ff661e3 shadow: disable unsupported X11 color depths 2014-09-22 09:59:56 -04:00
Marc-André Moreau
c4ad706c34 libfreerdp-core: improve bitmap codec negotiation 2014-09-21 15:40:27 -04:00
Marc-André Moreau
86c7f46b76 shadow: improve bitmap update performance 2014-09-20 16:29:13 -04:00
Marc-André Moreau
45b9a5454e libfreerdp-codec: improve compressor interfaces 2014-09-20 15:25:33 -04:00
Marc-André Moreau
d6250b1aec shadow: improve Mac subsystem 2014-09-19 19:58:49 -04:00
Marc-André Moreau
c4588fb14f libfreerdp-core: remove dependency on OPENSSL_Applink on Windows 2014-09-19 17:11:56 -04:00
Marc-André Moreau
3ddbb128cc libfreerdp-core: add SurfaceFrameBits function to combine frame marker with surface commands 2014-09-19 14:23:17 -04:00
Marc-André Moreau
aa2e6dacbb shadow: fix frame acks + bitmap negotiation 2014-09-19 12:06:12 -04:00