Commit Graph

567 Commits

Author SHA1 Message Date
Jay Sorg
0fbbc47092 cleanup refresh rect and check stream bounds 2019-11-07 02:03:57 +00:00
Jay Sorg
ee65ccb31d use address for tcp:// and tcp6:// and vsock:// 2019-07-01 17:56:50 -07:00
Jay Sorg
0bc7803eaa add TCP V4 and V6 only socket functions 2019-06-29 23:59:18 -07:00
Jay Sorg
ecf4acf5f1 work on suppress 2019-04-25 14:54:25 -07:00
Jay Sorg
0ed82f71e8 xrdp: check term event for more responsive shutdown 2019-04-01 23:14:09 -07:00
Koichiro IWAO
062699334e
Fix typo s/BITMACACHE/BITMAPCACHE/ 2018-12-13 17:27:25 +09:00
Koichiro IWAO
0e9e25f100
use MS name for PDU types
RDP_PDU_REDIRECT has been removed as it is not found in MS-RDPBCGR and
not used anywhere.
2018-12-12 17:40:58 +09:00
Koichiro IWAO
b2a7bb0cf0
use MS for orderType constants 2018-12-12 17:40:58 +09:00
Koichiro IWAO
83d3349c5a
add some more constants and use them 2018-11-27 15:08:22 +09:00
Koichiro IWAO
43f6ac0723
use MS name for constants 2018-11-27 15:08:22 +09:00
daixj
fcb1b825c5 neutrinordp: don't enable remote_app if the INFO_RAIL flag is not set 2018-11-23 17:18:26 +08:00
daixj
8da22cf67a Merge branch 'devel' of https://github.com/neutrinolabs/xrdp into devel-mac 2018-10-25 16:19:54 +08:00
Koichiro IWAO
c15cd91198
common: add constants of glyph support level 2018-10-25 16:00:53 +09:00
daixj
b3a1889200 Support Cache Glyph Revison 2, issue #367 2018-10-25 10:34:00 +08:00
Koichiro IWAO
74497752dc
Add TLSv1.3 support
Actually, TLSv1.3 will be enabled without this change if xrdp is compiled
with OpenSSL or alternatives which support TLSv1.3. This commit makes to
enable or disable TLSv1.3 explicitly.  Also, this commit adds a log
"TLSv1.3 enabled by config, but not supported by system OpenSSL". if
xrdp installation doesn't support TLSv1.3. It should be user-friendly.
2018-09-14 11:50:55 +09:00
daixj
88b3c06311 fix issue #1112: set SSL object's read_ahead flag to be 0 2018-05-21 11:08:41 +08:00
metalefty
f52f632e21
Merge pull request #1096 from metalefty/version_info
Show OpenSSL version to --version
2018-04-13 14:49:26 +09:00
Koichiro IWAO
b2b42d28f3
xrdp: add OpenSSL version to --version
While here, cleanup --help,  --version, and when unknown option.
2018-04-10 23:58:31 +09:00
Ben Cohen
3b5b7a5935 UDS file deleted after first connection
If you run xrdp with a Unix Domain Socket (UDS) for the port specified in
/etc/xrdp/xrdp.ini then the first connection succeeds but subsequent
connections fail.  In fact the UDS is deleted from the filesystem as soon
as the first connection is established.

Test case:

1. Edit /etc/xrdp/xrdp.ini to set "port=/var/run/xrdp-local.socket".

2. Restart xrdp.

3. Run the following.  When rdesktop starts up and the logon dialog is
   displayed, press "Cancel".

   sudo socat TCP-LISTEN:12345 UNIX-CONNECT:/var/run/xrdp-local.socket &
   rdesktop localhost:12345

4. Run the following:

    sudo socat TCP-LISTEN:12346 UNIX-CONNECT:/var/run/xrdp-local.socket &
    rdesktop localhost:12346

Expected behaviour: rdesktop starts up and displays the logon dialog.
Observed behaviour: rdesktop exits with "ERROR: Connection closed" and
                    socat exits with "No such file or directory.

This is because in the child process after forking, xrdp_listen_fork()
calls trans_delete() which deletes the UDS.  Simply commenting out the
g_file_delete() and g_free() fixes this, but that isn't a proper solution
because trans_delete() is called from elsewhere where the UDS might no
longer be wanted.

Fix by adding a function trans_delete_from_child() that frees and clears
listen_filename before calling trans_delete(), and call the new function
from xrdp_listen_fork().

(Workaround: set "fork=false" in /etc/xrdp/xrdp.ini, because
trans_delete() is then not called.)
2018-03-27 09:22:49 +03:00
Fernando Seiti Furusato
9f80fcd74e Corrected endianness detection on ppc64el.
In common/arch.h, the endianness detection considers all powerpc
architectures as big endian. Since that is not true for ppc64el, I
added a verification that checks other preprocessor macros, only for
ppc cases.

Signed-off-by: Fernando Seiti Furusato <ferseiti@gmail.com>
2018-03-27 13:45:58 +09:00
speidy
a432969746 common: ssl_calls: add support for OpenSSL>=1.1.0 API for DH keys
also fixes some memory leak introduced in PR#1024.
and adds a check that DH params generated successfully. write a proper log message if not.
2018-03-22 02:20:47 +02:00
speidy
8effc09ab7 common: ssl_calls: check if SSL object created right after its creation. 2018-03-21 08:16:12 +02:00
Koichiro IWAO
e3d0fd6d46
common: temporarily disable DHE
until make it possible to use generated DH parameters per installation.
2018-03-18 21:14:06 +09:00
Koichiro IWAO
1690950cc8
common: regenerate dhparam
Generated by: openssl dhparam -C 2236
2018-03-01 13:48:22 +09:00
Koichiro IWAO
578d23477c
common: obey coding style, remove trailing space 2018-03-01 12:11:52 +09:00
Enrico Tagliavini
70b5adb396 add support for DHE ciphers via compiled in dhparam
make it possible to use regular (non EC) EDH ciphers. To make this
possible a Diffie-Hellman parameter must be passed to the openssl
library. There are a few options possible as described in the manuals at
[1] and [2]. Simplest approach is to generate a DH parameter using
openssl dhparam -C <lenght> and include the code into the application.
The lenght used for this commit is 2236 bits long, which is the longest
possible without risking backward incompatibilities with old systems as
stated in [1]. Newer systems should use ECDH anyway, so it makes sense
to keep this method as compatible with older system as possible.
Paramters longer than 2048 should still be secure enough at the time of
writing.

[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_tmp_dh_callback(3)
2018-03-01 09:57:35 +09:00
Enrico Tagliavini
6cdc0f31b0 enable automatic ECDH when possible (openssl 1.0.2)
Openssl 1.1.0 and later are enabling ECDH automatically, but for older
version it must be enabled explicitly or all Perfect Forward Secrecy
ciphers will be silently ignored. See also [1]. This commit applies the
same fix as found in CnetOS 7 httpd package to enable automatic ECDH as
found in [2].

[1] https://wiki.openssl.org/index.php/Diffie-Hellman_parameters
[2] https://git.centos.org/blob/rpms!httpd.git/c7/SOURCES!httpd-2.4.6-ssl-ecdh-auto.patch
2018-03-01 09:57:35 +09:00
Koichiro IWAO
793a418cfb
common: log what value is set to tls_ciphers
Related to #1033.
2018-02-20 13:13:37 +09:00
Koichiro IWAO
3da4d72323
common: quit using ! as comment out symbol in config files
It is not used anywhere in default config. Some config like
`tls_ciphers` might contain `!` like this:

    tls_ciphers=FIPS:!aNULL:!eNULL

Fixes #1033.
2018-02-20 13:13:34 +09:00
daixj
31ef2552c4 log: revert permission 2018-02-13 16:44:37 +09:00
daixj
ea6bb62410 log: fix fd checking 2018-02-13 16:44:37 +09:00
daixj
551bb185c5 log: remove unused code and fix potential memory leak 2018-02-13 16:44:37 +09:00
Koichiro IWAO
577bd8214f common: add more capset constants
defined at MS-RDPBCGR 2.2.1.13.1.1.1 [1] and sort

[1] https://msdn.microsoft.com/en-us/library/cc240486.aspx
2017-12-01 11:20:42 +09:00
Koichiro IWAO
77a34e0a7b common: express capability set constants in hex
as same as done in  MS-RDPBCGR 2.2.1.13.1.1.1 [1].

[1] https://msdn.microsoft.com/en-us/library/cc240486.aspx
2017-12-01 11:20:42 +09:00
Koichiro IWAO
788ae1467a xrdp_sec: constify color depth value 2017-12-01 11:20:42 +09:00
Koichiro IWAO
d0c27a2904 common: suppress log when closing log files
because if xrdp is running 'fork=yes' mode, the log message
'shutting down log subsystem...' is logged everytime when the child
process is exitting. In other words, everytime when clients are
disconnecting.  This is a little bit too vebose.
2017-11-30 15:13:18 +09:00
Koichiro IWAO
3de3a4fab5 common: add more references to constants' origin
classify constants into these 5 types

* constants for xrdp
* constants come from ITU-T Recommendations
* constants come from Remote Desktop Protocol
* constants come from other MS products
* unclassified yet
2017-11-24 21:45:48 +09:00
Koichiro IWAO
799c230998 common: add references to constants' origin 2017-11-24 21:45:48 +09:00
Jay Sorg
a9eb21e6d7 common: avoid 100% cpu on ssl accept, can be fake client 2017-11-22 16:17:34 -08:00
Justin Terry (VM)
d7d14d7462 Implements the accept/close logic for vsock 2017-11-17 20:23:20 -08:00
Jay Sorg
bc48578a90 remove crc16.h from common/Makefile.am 2017-11-09 21:13:53 -08:00
Jay Sorg
54285d26dd remove empty crc16.h file 2017-11-09 21:13:53 -08:00
Jay Sorg
285465a1f5 common, return -1 for bad socket 2017-11-07 18:20:45 -08:00
Jay Sorg
c6c513b23c use g_memcpy, braces 2017-11-07 18:20:45 -08:00
Jay Sorg
26507644e3 vsock, move some defines 2017-11-07 18:20:45 -08:00
Justin Terry (VM)
50bd624cc4 Implements XRDP over vsock
1. Implements the ability to use AV_VSOCK for the transport rather than TCP.
2. Updates the ini file to be able to conditionally turn this feature on.
2017-11-07 18:20:45 -08:00
Koichiro IWAO
a6fd518a48 fix typo s/Roration/Rotation/ 2017-11-06 16:18:42 +09:00
Koichiro IWAO
2475893402 Constify extended mouse events 2017-11-06 16:18:42 +09:00
Koichiro IWAO
27aef96e81 Constify mouse event flags, use the MS name for constants 2017-11-06 16:18:42 +09:00
Koichiro IWAO
4a2818e183 Add some more Input Capability Set constants 2017-11-06 16:18:42 +09:00