From 4015f526dbbef25e6d947a312512f59fb3e92820 Mon Sep 17 00:00:00 2001 From: speidy Date: Fri, 22 Aug 2014 09:13:33 +0300 Subject: [PATCH] work on tls mode --- common/trans.c | 74 ++++++++++++------- common/trans.h | 14 ++-- common/xrdp_tls.c | 179 --------------------------------------------- libxrdp/xrdp_rdp.c | 9 --- libxrdp/xrdp_sec.c | 28 +++---- 5 files changed, 68 insertions(+), 236 deletions(-) diff --git a/common/trans.c b/common/trans.c index e9fc7bd5..5503ea61 100644 --- a/common/trans.c +++ b/common/trans.c @@ -23,6 +23,42 @@ #include "arch.h" #include "parse.h" +/*****************************************************************************/ +int APP_CC +trans_tls_recv(struct trans *self, void *ptr, int len) +{ + if (self->tls == NULL) + { + return 1; + } + return xrdp_tls_read(self->tls, ptr, len); +} + +/*****************************************************************************/ +int APP_CC +trans_tls_send(struct trans *self, const void *data, int len) +{ + if (self->tls == NULL) + { + return 1; + } + return xrdp_tls_write(self->tls, data, len); +} + +/*****************************************************************************/ +int APP_CC +trans_tcp_recv(struct trans *self, void *ptr, int len) +{ + return g_tcp_recv(self->sck, ptr, len, 0); +} + +/*****************************************************************************/ +int APP_CC +trans_tcp_send(struct trans *self, const void *data, int len) +{ + return g_tcp_send(self->sck, data, len, 0); +} + /*****************************************************************************/ struct trans * APP_CC @@ -40,9 +76,9 @@ trans_create(int mode, int in_size, int out_size) init_stream(self->out_s, out_size); self->mode = mode; self->tls = 0; - /* assign tcp functions */ - self->trans_read_call = trans_tcp_force_read_s; - self->trans_write_call = trans_tcp_force_write_s; + /* assign tcp calls by default */ + self->trans_recv = trans_tcp_recv; + self->trans_send = trans_tcp_send; } return self; @@ -147,7 +183,7 @@ send_waiting(struct trans *self, int block) if (g_tcp_can_send(self->sck, timeout)) { bytes = (int) (temp_s->end - temp_s->p); - sent = g_tcp_send(self->sck, temp_s->p, bytes, 0); + sent = self->trans_send(self, temp_s->p, bytes); if (sent > 0) { temp_s->p += sent; @@ -259,7 +295,7 @@ trans_check_wait_objs(struct trans *self) if (to_read > 0) { - read_bytes = g_tcp_recv(self->sck, self->in_s->end, to_read, 0); + read_bytes = self->trans_recv(self, self->in_s->end, to_read); if (read_bytes == -1) { @@ -313,12 +349,6 @@ trans_check_wait_objs(struct trans *self) /*****************************************************************************/ int APP_CC trans_force_read_s(struct trans *self, struct stream *in_s, int size) -{ - return self->trans_read_call(self, in_s, size); -} -/*****************************************************************************/ -int APP_CC -trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size) { int rcvd; @@ -335,7 +365,7 @@ trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size) return 1; } - rcvd = g_tcp_recv(self->sck, in_s->end, size, 0); + rcvd = self->trans_recv(self, in_s->end, size); if (rcvd == -1) { @@ -388,12 +418,6 @@ trans_force_read(struct trans *self, int size) /*****************************************************************************/ int APP_CC trans_force_write_s(struct trans *self, struct stream *out_s) -{ - return self->trans_write_call(self, out_s); -} -/*****************************************************************************/ -int APP_CC -trans_tcp_force_write_s(struct trans *self, struct stream *out_s) { int size; int total; @@ -415,7 +439,7 @@ trans_tcp_force_write_s(struct trans *self, struct stream *out_s) while (total < size) { - sent = g_tcp_send(self->sck, out_s->data + total, size - total, 0); + sent = self->trans_send(self, out_s->data + total, size - total); if (sent == -1) { @@ -690,8 +714,8 @@ trans_set_tls_mode(struct trans *self, const char *key, const char *cert) } /* assign tls functions */ - self->trans_read_call = xrdp_tls_force_read_s; - self->trans_write_call = xrdp_tls_force_write_s; + self->trans_recv = trans_tls_recv; + self->trans_send = trans_tls_send; return 0; } @@ -705,9 +729,9 @@ trans_shutdown_tls_mode(struct trans *self) return xrdp_tls_disconnect(self->tls); } - /* set callback back to tcp - self->trans_read_call = trans_tcp_force_read_s; - self->trans_write_call = trans_tcp_force_write_s; - */ + /* assign callback back to tcp cal */ + self->trans_recv = trans_tcp_recv; + self->trans_send = trans_tcp_send; + return 0; } diff --git a/common/trans.h b/common/trans.h index c5fe49e6..a169e9cb 100644 --- a/common/trans.h +++ b/common/trans.h @@ -41,8 +41,8 @@ typedef int (DEFAULT_CC *ttrans_data_in)(struct trans* self); typedef int (DEFAULT_CC *ttrans_conn_in)(struct trans* self, struct trans* new_self); typedef int (DEFAULT_CC *tis_term)(void); -typedef int (APP_CC *trans_read_call) (struct trans *self, struct stream *in_s, int size); -typedef int (APP_CC *trans_write_call) (struct trans *self, struct stream *out_s); +typedef int (APP_CC *trans_recv) (struct trans *self, void *ptr, int len); +typedef int (APP_CC *trans_send) (struct trans *self, const void *data, int len); struct trans { @@ -64,8 +64,8 @@ struct trans int no_stream_init_on_data_in; int extra_flags; /* user defined */ struct xrdp_tls *tls; - trans_read_call trans_read_call; - trans_write_call trans_write_call; + trans_recv trans_recv; + trans_send trans_send; }; /* xrdp_tls */ @@ -87,10 +87,6 @@ int APP_CC xrdp_tls_disconnect(struct xrdp_tls *self); void APP_CC xrdp_tls_delete(struct xrdp_tls *self); -int APP_CC -xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size); -int APP_CC -xrdp_tls_force_write_s(struct trans *self, struct stream *out_s); struct trans* APP_CC trans_create(int mode, int in_size, int out_size); @@ -132,6 +128,6 @@ trans_shutdown_tls_mode(struct trans *self); int APP_CC trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size); int APP_CC -trans_tcp_force_write_s(struct trans *self, struct stream *out_s); +trans_force_write_s(struct trans *self, struct stream *out_s); #endif diff --git a/common/xrdp_tls.c b/common/xrdp_tls.c index 589bb598..28f1af55 100644 --- a/common/xrdp_tls.c +++ b/common/xrdp_tls.c @@ -266,183 +266,4 @@ xrdp_tls_write(struct xrdp_tls *tls, char *data, int length) return status; } -/*****************************************************************************/ -int APP_CC -xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size) -{ - int rcvd; - - if (self->status != TRANS_STATUS_UP) - { - return 1; - } - - while (size > 0) - { - /* make sure stream has room */ - if ((in_s->end + size) > (in_s->data + in_s->size)) - { - return 1; - } - - rcvd = xrdp_tls_read(self->tls, in_s->end, size); - - if (rcvd == -1) - { - if (g_tcp_last_error_would_block(self->sck)) - { - if (!g_tcp_can_recv(self->sck, 100)) - { - /* check for term here */ - if (self->is_term != 0) - { - if (self->is_term()) - { - /* term */ - self->status = TRANS_STATUS_DOWN; - return 1; - } - } - } - } - else - { - /* error */ - self->status = TRANS_STATUS_DOWN; - return 1; - } - } - else if (rcvd == 0) - { - /* error */ - self->status = TRANS_STATUS_DOWN; - return 1; - } - else - { - in_s->end += rcvd; - size -= rcvd; - } - } - - return 0; -} - -/*****************************************************************************/ -int APP_CC -xrdp_tls_send_waiting(struct trans *self, int block) -{ - struct stream *temp_s; - int bytes; - int sent; - int timeout; - int cont; - - timeout = block ? 100 : 0; - cont = 1; - while (cont) - { - if (self->wait_s != 0) - { - temp_s = self->wait_s; - if (g_tcp_can_send(self->sck, timeout)) - { - bytes = (int) (temp_s->end - temp_s->p); - sent = xrdp_tls_write(self->tls, temp_s->p, bytes); - if (sent > 0) - { - temp_s->p += sent; - if (temp_s->p >= temp_s->end) - { - self->wait_s = (struct stream *) (temp_s->next_packet); - free_stream(temp_s); - } - } - else if (sent == 0) - { - return 1; - } - else - { - if (!g_tcp_last_error_would_block(self->sck)) - { - return 1; - } - } - } - } - else - { - break; - } - cont = block; - } - return 0; -} - -/*****************************************************************************/ -int APP_CC -xrdp_tls_force_write_s(struct trans *self, struct stream *out_s) -{ - int size; - int total; - int sent; - - if (self->status != TRANS_STATUS_UP) - { - return 1; - } - - size = (int) (out_s->end - out_s->data); - total = 0; - - if (xrdp_tls_send_waiting(self, 1) != 0) - { - self->status = TRANS_STATUS_DOWN; - return 1; - } - - while (total < size) - { - sent = xrdp_tls_write(self->tls, out_s->data + total, size - total); - - if (sent == -1) - { - if (g_tcp_last_error_would_block(self->sck)) - { - if (!g_tcp_can_send(self->sck, 100)) - { - /* check for term here */ - if (self->is_term != 0) - { - if (self->is_term()) - { - /* term */ - self->status = TRANS_STATUS_DOWN; - return 1; - } - } - } - } - else - { - /* error */ - self->status = TRANS_STATUS_DOWN; - return 1; - } - } - else if (sent == 0) - { - /* error */ - self->status = TRANS_STATUS_DOWN; - return 1; - } - else - { - total = total + sent; - } - } - - return 0; -} diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index e0443a3b..4fc83ae8 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -385,15 +385,6 @@ xrdp_rdp_recv(struct xrdp_rdp *self, struct stream *s, int *code) chan = 0; error = xrdp_sec_recv(self->sec_layer, s, &chan); - if (error == 3) - { - /* unencrypted confirm active msg arrived */ - s->next_packet = 0; - *code = 3; - DEBUG(("out (0) xrdp_rdp_recv")); - return 0; - } - if (error == -1) /* special code for send demand active */ { s->next_packet = 0; diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index 035b8d54..63957a45 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -185,6 +185,8 @@ static const tui8 g_fips_ivec[8] = 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF }; +static int is_security_header_present = 1; /* next packet should contain security header? */ + /*****************************************************************************/ static void APP_CC hex_str_to_bin(char *in, char *out, int out_len) @@ -1206,17 +1208,9 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan) return 1; } - /* TODO: HACK, we should recognize packets without security header - However, client info packet and license packet always have security header. */ - if (s->data[17] == 0x13) /* confirm active pdu */ - { - g_writeln("CONFIRM ACTIVE ARRIVED"); - return 0; - } - if (s->data[17] == 0x17 || s->data[16] == 0x17) /* rdp data pdu */ + if (!is_security_header_present) { - g_writeln("RDP DATA ARRIVED"); return 0; } @@ -1329,6 +1323,12 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan) return 1; } + if (self->crypt_level == CRYPT_LEVEL_NONE + && self->crypt_method == CRYPT_METHOD_NONE) + { + is_security_header_present = 0; /* in tls mode, no more security header from now on */ + } + DEBUG((" out xrdp_sec_recv")); return -1; /* special error that means send demand active */ } @@ -1791,11 +1791,11 @@ xrdp_sec_process_mcs_data_CS_SECURITY(struct xrdp_sec *self, struct stream* s) found = 1; } } - if (found == 0) - { - g_writeln(" can not find client / server agreed encryption method"); - return 1; - } +// if (found == 0) +// { +// g_writeln(" can not find client / server agreed encryption method"); +// return 1; +// } return 0; }