Hardening consulting

In (the future) FreeRDP 3.0, there is support for the smartcard logon, on which I have worked, let's give some details.


Smartcard support

We start by checking that we can access the smartcard, in my case it is a yubikey(TM):

$opensc-tool -l
# Detected readers (pcsc)
Nr. Card Features Name
0 Yes Yubico YubiKey OTP+FIDO+CCID 00 00

Read more…

Let's take a closer look at the RDPUDP protocol which will transport data over UDP. To begin with, remember that only channel data can be transported on top of UDP, so it doesn't affect older graphics orders (so forget speed up of bitmapUpdates with UDP), however it will work with any egfx transported graphics. The migration from TCP to UDP is done through the dynamic channel, so drdynvc is mandatory. This mechanism also allows static channels to be migrated to UDP by setting the TRANSPORTTYPE_UDP_PREFERRED flag in the gcc packet of multi-transport channel data.

Read more…

I've recently done some fixes in winPR with timers with completion and I've encoutered a case that you may find interesting.

It's about handling EINTR: when a system call in interrupted by an incoming signal, you'll get a -1 return code and errno set to EINTR. So usually when you want to be protected against that behaviour you'll code something like:

#include <sys/select.h>
#include <errno.h>

void myFunction() {
    struct fd_set rset;
    int status, max_fd;

    ...


    do {
        ret = select(max_fd, &rset, NULL, NULL, NULL);
    } while (ret < 0 && errno == EINTR);
}

Ok, so problem treated, you can apply that scheme for any system call and you're done, isn't it ?

The poll case

Read more…

Months that I have not posted anything. So let's begin with some wishes for the new year, let's hope the Covid will be more quiet in 2021.

I'm currently working on implementing UDP support in FreeRDP, so let's have a serie of post on that subject. I'm gonna begin with an overview, how it works, implications and I'll certainly go more in the details in the next posts.


Overview of the UDP transport

Documentation and specifications

The UDP transport is described in multiple specifications:

  • MS-RDPBCGR : the core RDP specification, we have some flags in GCC packets, and of course the description of multi-transport;
  • MS-RDPEMT : this document describes multi-transport, that allows to install multiple transports at the same time;
  • MS-RDPEUDP : the UDP transport itself;
  • MS-RDPEUDP2 : the new version of the protocol;
  • MS_RDPEDYC : dynamic channels specification;

Read more…

Long time no post. I did quite a lot of things around ogon these last months, and for testing purpose, I had to deploy ogon on many hosts. The deployment guide is ok, but it's a long and repetitive operation. And thinking of it, if we can write these instructions in a manual, then for sure we can automate these operations in a script.


Accendino

So I've created that little software accendino (lighter in italian) that will allow you to start a big fire (ogon in russian).

Read more…

Windows VMs are so slow under KVM. When you're a FreeRDP developper, you always end up with being forced to have windows VMs to test that old features are still working, or to test new shiny features (yes I love unicorns).


Read more…

When you're working on FreeRDP, it's quite usual to increase the log level and to have to collect a massive amount of logs. And most often it doesn't fit in the terminal backscroll history, or it is so slow (terminal rendering is CPU intensive) that you need a file storage. Another case is when you're on a remote host and you want to retrieve the log over the network.

As each time I want to use the WLog capacities I'm looking at the source code, I had the idea to write that post on the subject, so that next time I will look at this text.

Read more…

While working on topka, I've used the twisted framework. Twisted tutorials are really good with lots of practical examples, anyway after using the framework for weeks, I gain enough experience to write a post about some tricks I've discovered.

Disclaimer: you will not find here something that is not already in the twisted docs.

Using deferred

While using twisted, it happens that you can be a situation where you can either return a final value or do the computation asynchronously and return a Deferred. The code looks like:

import twisted.internet.defer as defer

def myFunc():
    def treatRet():
        ...

    ret = functionThatProcess(...)
    if isinstance(ret, defer.Deferred):
        ret.addCallback(treatRet)
    else:
        ret = treatRet(ret)

    return ret

Read more…

Better late than never. Four years ago I was giving a talk on FreeRDS at the XDC 2014 and I was announcing that we would opensource the project at the end of the year. The opensourcing is finally here but in April 2018, you can observe a kind of delay !


About

We were late

So obviously lots of things have occured since 2014. First the project's name has changed: it was initially FreeRDS but the name was owned by one of the project's member. And our fork has diverged a lot, so there was the necessity for a new name. We thought at fireRDS,

Read more…

After watching a video on meson, it made me want to play with this software to see how it was in practise. So I did a first shot on a OGON subproject that uses cmake as build system.


Lovely CMake

I often hear that everybody hates cmake, but lots of projects use it anyway. So most probably it's for bad reasons. I'm not an exception, and as soon as I have to touch these lovely CMakeFile.txt, I always feel dirty, or at least I never have the impression to have done some nice job. This happens even when everything goes as I wanted. Not even talking of when things go wrong, with epic debugging sessions. I must be missing the cmake pĥilosophy because everytime I suspect a behaviour, cmake does it the opposite way. So everytime there's some cmake involved I'm reticent to go in that work.

Read more…