rdpTls* tls_new(rdpSettings* settings) { rdpTls* tls; tls = (rdpTls*) calloc(1, sizeof(rdpTls)); if (!tls) return NULL; winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT); tls->settings = settings; if (!settings->ServerMode) { tls->certificate_store = certificate_store_new(settings); if (!tls->certificate_store) goto out_free; } tls->alertLevel = TLS_ALERT_LEVEL_WARNING; tls->alertDescription = TLS_ALERT_DESCRIPTION_CLOSE_NOTIFY; return tls; out_free: free(tls); return NULL; }
void sspi_GlobalInit() { if (!sspi_initialized) { winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT); sspi_ContextBufferAllocTableNew(); sspi_initialized = TRUE; } }
SCHANNEL_OPENSSL* schannel_openssl_new() { SCHANNEL_OPENSSL* context; context = (SCHANNEL_OPENSSL*) calloc(1, sizeof(SCHANNEL_OPENSSL)); if (context != NULL) { winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT); context->connected = FALSE; } return context; }
int TestCommonAssistance(int argc, char* argv[]) { wLog* log = WLog_Get(__FUNCTION__); winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT); if (!test_msrsc_incident_file_type1(log)) { WLog_Print(log, WLOG_ERROR, "test_msrsc_incident_file_type1 failed"); return -1; } if (!test_msrsc_incident_file_type2(log)) { WLog_Print(log, WLOG_ERROR, "test_msrsc_incident_file_type1 failed"); return -1; } return 0; }
static BOOL CALLBACK sspi_init(PINIT_ONCE InitOnce, PVOID Parameter, PVOID* Context) { winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT); sspi_ContextBufferAllocTableNew(); return TRUE; }
BOOL rdp_client_connect(rdpRdp* rdp) { BOOL status; rdpSettings* settings = rdp->settings; /* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL FIPS flag for openssl initialization */ DWORD flags = WINPR_SSL_INIT_DEFAULT; if (settings->FIPSMode) flags |= WINPR_SSL_INIT_ENABLE_FIPS; winpr_InitializeSSL(flags); /* FIPS Mode forces the following and overrides the following(by happening later */ /* in the command line processing): */ /* 1. Disables NLA Security since NLA in freerdp uses NTLM(no Kerberos support yet) which uses algorithms */ /* not allowed in FIPS for sensitive data. So, we disallow NLA when FIPS is required. */ /* 2. Forces the only supported RDP encryption method to be FIPS. */ if (settings->FIPSMode || winpr_FIPSMode()) { settings->NlaSecurity = FALSE; settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS; } nego_init(rdp->nego); nego_set_target(rdp->nego, settings->ServerHostname, settings->ServerPort); if (settings->GatewayEnabled) { char* user = NULL; char* domain = NULL; char* cookie = NULL; int user_length = 0; int domain_length = 0; int cookie_length = 0; if (settings->Username) { user = settings->Username; user_length = strlen(settings->Username); } if (settings->Domain) domain = settings->Domain; else domain = settings->ComputerName; domain_length = strlen(domain); cookie_length = domain_length + 1 + user_length; cookie = (char*) malloc(cookie_length + 1); if (!cookie) return FALSE; CopyMemory(cookie, domain, domain_length); CharUpperBuffA(cookie, domain_length); cookie[domain_length] = '\\'; if (settings->Username) CopyMemory(&cookie[domain_length + 1], user, user_length); cookie[cookie_length] = '\0'; status = nego_set_cookie(rdp->nego, cookie); free(cookie); } else { status = nego_set_cookie(rdp->nego, settings->Username); } if (!status) return FALSE; nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu); nego_set_preconnection_id(rdp->nego, settings->PreconnectionId); nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob); nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer); nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired); nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled); nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal); nego_enable_rdp(rdp->nego, settings->RdpSecurity); nego_enable_tls(rdp->nego, settings->TlsSecurity); nego_enable_nla(rdp->nego, settings->NlaSecurity); nego_enable_ext(rdp->nego, settings->ExtSecurity); if (settings->MstscCookieMode) settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH; nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength); if (settings->LoadBalanceInfo) { if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength)) return FALSE; } rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO); if (!nego_connect(rdp->nego)) { if (!freerdp_get_last_error(rdp->context)) freerdp_set_last_error(rdp->context, FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED); WLog_ERR(TAG, "Error: protocol security negotiation or connection failure"); return FALSE; } if ((rdp->nego->SelectedProtocol & PROTOCOL_TLS) || (rdp->nego->SelectedProtocol == PROTOCOL_RDP)) { if ((settings->Username != NULL) && ((settings->Password != NULL) || (settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0))) settings->AutoLogonEnabled = TRUE; } /* everything beyond this point is event-driven and non blocking */ rdp->transport->ReceiveCallback = rdp_recv_callback; rdp->transport->ReceiveExtra = rdp; transport_set_blocking_mode(rdp->transport, FALSE); if (rdp->state != CONNECTION_STATE_NLA) { if (!mcs_client_begin(rdp->mcs)) return FALSE; } while (rdp->state != CONNECTION_STATE_ACTIVE) { if (rdp_check_fds(rdp) < 0) { if (!freerdp_get_last_error(rdp->context)) freerdp_set_last_error(rdp->context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED); return FALSE; } } return TRUE; }
int main(int argc, char* argv[]) { WSADATA wsaData; freerdp_listener* instance; char* file; char name[MAX_PATH]; long port = 3389, i; BOOL localOnly = FALSE; errno = 0; for (i = 1; i < argc; i++) { char* arg = argv[i]; if (strncmp(arg, "--fast", 7) == 0) test_dump_rfx_realtime = FALSE; else if (strncmp(arg, "--port=", 7) == 0) { StrSep(&arg, "="); if (!arg) return -1; port = strtol(arg, NULL, 10); if ((port < 1) || (port > 0xFFFF) || (errno != 0)) return -1; } else if (strcmp(arg, "--local-only")) localOnly = TRUE; else if (strncmp(arg, "--", 2)) test_pcap_file = arg; } WTSRegisterWtsApiFunctionTable(FreeRDP_InitWtsApi()); winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT); instance = freerdp_listener_new(); if (!instance) return -1; instance->PeerAccepted = test_peer_accepted; if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) { freerdp_listener_free(instance); return -1; } /* Open the server socket and start listening. */ sprintf_s(name, sizeof(name), "tfreerdp-server.%ld", port); file = GetKnownSubPath(KNOWN_PATH_TEMP, name); if (!file) { freerdp_listener_free(instance); WSACleanup(); return -1; } if ((localOnly || instance->Open(instance, NULL, port)) && instance->OpenLocal(instance, file)) { /* Entering the server main loop. In a real server the listener can be run in its own thread. */ test_server_mainloop(instance); } free(file); freerdp_listener_free(instance); WSACleanup(); return 0; }