2012-02-17 09:58:30 +04:00
|
|
|
/**
|
2012-02-21 09:56:55 +04:00
|
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
2012-02-17 09:58:30 +04:00
|
|
|
* Certificate Handling
|
|
|
|
*
|
|
|
|
* Copyright 2011 Jiten Pathy
|
2012-02-21 09:56:55 +04:00
|
|
|
* Copyright 2011-2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
2012-02-17 09:58:30 +04:00
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2012-08-15 01:09:01 +04:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
#include "config.h"
|
|
|
|
#endif
|
|
|
|
|
2012-02-17 09:58:30 +04:00
|
|
|
#include <errno.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
2015-07-13 16:52:06 +03:00
|
|
|
#include <ctype.h>
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
#include <winpr/crypto.h>
|
2012-10-09 07:42:01 +04:00
|
|
|
#include <winpr/crt.h>
|
2013-03-22 23:52:43 +04:00
|
|
|
#include <winpr/file.h>
|
|
|
|
#include <winpr/path.h>
|
2012-10-09 07:42:01 +04:00
|
|
|
|
2012-02-17 09:58:30 +04:00
|
|
|
#include <openssl/pem.h>
|
|
|
|
#include <openssl/rsa.h>
|
|
|
|
|
|
|
|
static const char certificate_store_dir[] = "certs";
|
2013-06-07 00:45:19 +04:00
|
|
|
static const char certificate_server_dir[] = "server";
|
2015-06-12 10:30:01 +03:00
|
|
|
static const char certificate_known_hosts_file[] = "known_hosts2";
|
2015-06-09 17:12:41 +03:00
|
|
|
static const char certificate_legacy_hosts_file[] = "known_hosts";
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2014-09-12 16:36:29 +04:00
|
|
|
#include <freerdp/log.h>
|
2012-02-17 09:58:30 +04:00
|
|
|
#include <freerdp/crypto/certificate.h>
|
|
|
|
|
2014-09-12 16:36:29 +04:00
|
|
|
#define TAG FREERDP_TAG("crypto")
|
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
static BOOL certificate_split_line(char* line, char** host, UINT16* port,
|
2015-06-11 12:34:22 +03:00
|
|
|
char**subject, char**issuer,
|
|
|
|
char** fingerprint);
|
2018-05-11 12:09:54 +03:00
|
|
|
static BOOL certificate_line_is_comment(const char* line, size_t length)
|
|
|
|
{
|
|
|
|
while(length > 0)
|
|
|
|
{
|
|
|
|
switch(*line)
|
|
|
|
{
|
|
|
|
case ' ':
|
|
|
|
case '\t':
|
|
|
|
line++;
|
|
|
|
length--;
|
|
|
|
break;
|
|
|
|
case '#':
|
|
|
|
return TRUE;
|
|
|
|
default:
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (length < 1)
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
}
|
2015-06-09 16:33:13 +03:00
|
|
|
|
2015-05-05 20:45:34 +03:00
|
|
|
BOOL certificate_store_init(rdpCertificateStore* certificate_store)
|
2012-02-17 09:58:30 +04:00
|
|
|
{
|
2015-05-05 20:45:34 +03:00
|
|
|
char* server_path = NULL;
|
2012-02-17 09:58:30 +04:00
|
|
|
rdpSettings* settings;
|
|
|
|
|
|
|
|
settings = certificate_store->settings;
|
|
|
|
|
2013-03-28 04:10:18 +04:00
|
|
|
if (!PathFileExistsA(settings->ConfigPath))
|
|
|
|
{
|
2015-06-03 12:47:40 +03:00
|
|
|
if (!PathMakePathA(settings->ConfigPath, 0))
|
2015-05-05 20:45:34 +03:00
|
|
|
{
|
2015-06-09 16:33:13 +03:00
|
|
|
WLog_ERR(TAG, "error creating directory '%s'", settings->ConfigPath);
|
2015-05-05 20:45:34 +03:00
|
|
|
goto fail;
|
|
|
|
}
|
2015-06-09 16:33:13 +03:00
|
|
|
WLog_INFO(TAG, "creating directory %s", settings->ConfigPath);
|
2013-03-28 04:10:18 +04:00
|
|
|
}
|
|
|
|
|
2015-05-05 20:45:34 +03:00
|
|
|
if (!(certificate_store->path = GetCombinedPath(settings->ConfigPath, (char*) certificate_store_dir)))
|
|
|
|
goto fail;
|
2014-07-18 05:15:22 +04:00
|
|
|
|
2013-03-28 04:10:18 +04:00
|
|
|
if (!PathFileExistsA(certificate_store->path))
|
2012-02-17 09:58:30 +04:00
|
|
|
{
|
2015-06-03 12:47:40 +03:00
|
|
|
if (!PathMakePathA(certificate_store->path, 0))
|
2015-05-05 20:45:34 +03:00
|
|
|
{
|
2015-06-09 16:33:13 +03:00
|
|
|
WLog_ERR(TAG, "error creating directory [%s]", certificate_store->path);
|
2015-05-05 20:45:34 +03:00
|
|
|
goto fail;
|
|
|
|
}
|
2015-06-09 16:33:13 +03:00
|
|
|
WLog_INFO(TAG, "creating directory [%s]", certificate_store->path);
|
2012-02-17 09:58:30 +04:00
|
|
|
}
|
|
|
|
|
2015-05-05 20:45:34 +03:00
|
|
|
if (!(server_path = GetCombinedPath(settings->ConfigPath, (char*) certificate_server_dir)))
|
|
|
|
goto fail;
|
2014-07-18 05:15:22 +04:00
|
|
|
|
2013-06-07 00:45:19 +04:00
|
|
|
if (!PathFileExistsA(server_path))
|
|
|
|
{
|
2015-06-03 12:47:40 +03:00
|
|
|
if (!PathMakePathA(server_path, 0))
|
2015-05-05 20:45:34 +03:00
|
|
|
{
|
2015-06-09 16:33:13 +03:00
|
|
|
WLog_ERR(TAG, "error creating directory [%s]", server_path);
|
2015-05-05 20:45:34 +03:00
|
|
|
goto fail;
|
|
|
|
}
|
2015-06-09 16:33:13 +03:00
|
|
|
WLog_INFO(TAG, "created directory [%s]", server_path);
|
2013-06-07 00:45:19 +04:00
|
|
|
}
|
|
|
|
|
2015-05-05 20:45:34 +03:00
|
|
|
if (!(certificate_store->file = GetCombinedPath(settings->ConfigPath, (char*) certificate_known_hosts_file)))
|
|
|
|
goto fail;
|
2014-07-18 05:15:22 +04:00
|
|
|
|
2015-06-09 17:12:41 +03:00
|
|
|
if (!(certificate_store->legacy_file = GetCombinedPath(settings->ConfigPath,
|
2015-06-10 10:15:28 +03:00
|
|
|
(char*) certificate_legacy_hosts_file)))
|
2015-06-09 17:12:41 +03:00
|
|
|
goto fail;
|
|
|
|
|
2015-05-05 20:45:34 +03:00
|
|
|
free(server_path);
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
fail:
|
2015-06-09 16:33:13 +03:00
|
|
|
WLog_ERR(TAG, "certificate store initialization failed");
|
2015-05-05 20:45:34 +03:00
|
|
|
free(server_path);
|
|
|
|
free(certificate_store->path);
|
|
|
|
free(certificate_store->file);
|
|
|
|
certificate_store->path = NULL;
|
|
|
|
certificate_store->file = NULL;
|
|
|
|
return FALSE;
|
2012-02-17 09:58:30 +04:00
|
|
|
}
|
|
|
|
|
2015-06-09 17:12:41 +03:00
|
|
|
static int certificate_data_match_legacy(rdpCertificateStore* certificate_store,
|
|
|
|
rdpCertificateData* certificate_data)
|
|
|
|
{
|
2015-12-09 20:29:41 +03:00
|
|
|
HANDLE fp;
|
2015-06-09 17:12:41 +03:00
|
|
|
int match = 1;
|
|
|
|
char* data;
|
|
|
|
char* mdata;
|
|
|
|
char* pline;
|
2016-03-30 03:34:52 +03:00
|
|
|
char* hostname = NULL;
|
2015-12-09 20:29:41 +03:00
|
|
|
DWORD lowSize, highSize;
|
|
|
|
UINT64 size;
|
2015-06-09 17:12:41 +03:00
|
|
|
size_t length;
|
2015-12-09 20:29:41 +03:00
|
|
|
DWORD read;
|
2015-06-09 17:12:41 +03:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
/* Assure POSIX style paths, CreateFile expects either '/' or '\\' */
|
|
|
|
PathCchConvertStyleA(certificate_store->legacy_file, strlen(certificate_store->legacy_file), PATH_STYLE_UNIX);
|
2016-03-30 03:34:52 +03:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
fp = CreateFileA(certificate_store->legacy_file, GENERIC_READ, FILE_SHARE_READ,
|
|
|
|
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
2016-03-30 03:34:52 +03:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (fp == INVALID_HANDLE_VALUE)
|
2015-06-09 17:12:41 +03:00
|
|
|
return match;
|
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if ((lowSize = GetFileSize(fp, &highSize)) == INVALID_FILE_SIZE)
|
2015-07-13 15:16:04 +03:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "GetFileSize(%s) returned %s [0x%08"PRIX32"]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->legacy_file, strerror(errno), GetLastError());
|
|
|
|
CloseHandle(fp);
|
2015-07-13 15:16:04 +03:00
|
|
|
return match;
|
|
|
|
}
|
2015-12-09 20:29:41 +03:00
|
|
|
size = (UINT64)lowSize | ((UINT64)highSize << 32);
|
2015-06-09 17:12:41 +03:00
|
|
|
|
|
|
|
if (size < 1)
|
|
|
|
{
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 17:12:41 +03:00
|
|
|
return match;
|
|
|
|
}
|
|
|
|
|
|
|
|
mdata = (char*) malloc(size + 2);
|
|
|
|
if (!mdata)
|
|
|
|
{
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 17:12:41 +03:00
|
|
|
return match;
|
|
|
|
}
|
|
|
|
|
|
|
|
data = mdata;
|
2015-12-09 20:29:41 +03:00
|
|
|
if (!ReadFile(fp, data, size, &read, NULL) || (read != size))
|
2015-06-09 17:12:41 +03:00
|
|
|
{
|
|
|
|
free(data);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 17:12:41 +03:00
|
|
|
return match;
|
|
|
|
}
|
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 17:12:41 +03:00
|
|
|
|
|
|
|
data[size] = '\n';
|
|
|
|
data[size + 1] = '\0';
|
|
|
|
pline = StrSep(&data, "\r\n");
|
|
|
|
|
|
|
|
while (pline != NULL)
|
|
|
|
{
|
|
|
|
length = strlen(pline);
|
|
|
|
|
|
|
|
if (length > 0)
|
|
|
|
{
|
|
|
|
hostname = StrSep(&pline, " \t");
|
|
|
|
if (!hostname || !pline)
|
|
|
|
WLog_WARN(TAG, "Invalid %s entry %s %s!", certificate_legacy_hosts_file,
|
|
|
|
hostname, pline);
|
|
|
|
else if (strcmp(hostname, certificate_data->hostname) == 0)
|
|
|
|
{
|
2017-07-18 13:43:55 +03:00
|
|
|
const int diff = strcmp(pline, certificate_data->fingerprint);
|
|
|
|
|
|
|
|
match = (diff == 0) ? 0 : -1;
|
2015-06-09 17:12:41 +03:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pline = StrSep(&data, "\r\n");
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Found a valid fingerprint in legacy file,
|
|
|
|
* copy to new file in new format. */
|
|
|
|
if (0 == match)
|
|
|
|
{
|
2015-07-13 15:16:04 +03:00
|
|
|
rdpCertificateData* data = certificate_data_new(
|
|
|
|
hostname,
|
|
|
|
certificate_data->port,
|
|
|
|
NULL, NULL,
|
|
|
|
certificate_data->fingerprint);
|
2015-06-09 17:12:41 +03:00
|
|
|
if (data)
|
2015-07-13 15:16:04 +03:00
|
|
|
{
|
|
|
|
free (data->subject);
|
|
|
|
free (data->issuer);
|
|
|
|
|
|
|
|
data->subject = NULL;
|
|
|
|
data->issuer = NULL;
|
|
|
|
if (certificate_data->subject)
|
|
|
|
{
|
|
|
|
data->subject = _strdup(certificate_data->subject);
|
|
|
|
if (!data->subject)
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
if (certificate_data->issuer)
|
|
|
|
{
|
|
|
|
data->issuer = _strdup(certificate_data->issuer);
|
|
|
|
if (!data->issuer)
|
|
|
|
goto out;
|
|
|
|
}
|
2015-06-09 17:12:41 +03:00
|
|
|
match = certificate_data_print(certificate_store, data) ? 0 : 1;
|
2015-07-13 15:16:04 +03:00
|
|
|
}
|
|
|
|
out:
|
2015-06-09 17:12:41 +03:00
|
|
|
certificate_data_free(data);
|
|
|
|
}
|
2015-07-13 15:16:04 +03:00
|
|
|
free(mdata);
|
2015-06-09 17:12:41 +03:00
|
|
|
|
|
|
|
return match;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2015-06-11 00:33:58 +03:00
|
|
|
static int certificate_data_match_raw(rdpCertificateStore* certificate_store,
|
2015-06-11 12:34:22 +03:00
|
|
|
rdpCertificateData* certificate_data,
|
|
|
|
char** psubject, char** pissuer,
|
|
|
|
char** fprint)
|
2012-02-17 09:58:30 +04:00
|
|
|
{
|
2015-06-09 17:12:41 +03:00
|
|
|
BOOL found = FALSE;
|
2015-12-09 20:29:41 +03:00
|
|
|
HANDLE fp;
|
2015-07-13 15:16:04 +03:00
|
|
|
size_t length;
|
2012-02-17 09:58:30 +04:00
|
|
|
char* data;
|
2015-06-09 16:33:13 +03:00
|
|
|
char* mdata;
|
2012-02-17 09:58:30 +04:00
|
|
|
char* pline;
|
|
|
|
int match = 1;
|
2015-12-09 20:29:41 +03:00
|
|
|
DWORD lowSize, highSize;
|
|
|
|
UINT64 size;
|
2015-06-09 16:33:13 +03:00
|
|
|
char* hostname = NULL;
|
2015-06-11 12:16:45 +03:00
|
|
|
char* subject = NULL;
|
|
|
|
char* issuer = NULL;
|
2015-06-09 16:33:13 +03:00
|
|
|
char* fingerprint = NULL;
|
|
|
|
unsigned short port = 0;
|
2015-12-09 20:29:41 +03:00
|
|
|
DWORD read;
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
/* Assure POSIX style paths, CreateFile expects either '/' or '\\' */
|
|
|
|
PathCchConvertStyleA(certificate_store->file, strlen(certificate_store->file), PATH_STYLE_UNIX);
|
|
|
|
fp = CreateFileA(certificate_store->file, GENERIC_READ, FILE_SHARE_READ,
|
|
|
|
NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_NORMAL, NULL);
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (fp == INVALID_HANDLE_VALUE)
|
2012-02-17 09:58:30 +04:00
|
|
|
return match;
|
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if ((lowSize = GetFileSize(fp, &highSize)) == INVALID_FILE_SIZE)
|
2015-07-13 15:16:04 +03:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "GetFileSize(%s) returned %s [0x%08"PRIX32"]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->legacy_file, strerror(errno), GetLastError());
|
|
|
|
CloseHandle(fp);
|
2015-07-13 15:16:04 +03:00
|
|
|
return match;
|
|
|
|
}
|
2015-12-09 20:29:41 +03:00
|
|
|
size = (UINT64)lowSize | ((UINT64)highSize << 32);
|
2012-02-17 09:58:30 +04:00
|
|
|
|
|
|
|
if (size < 1)
|
2015-06-10 11:34:02 +03:00
|
|
|
{
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2012-02-17 09:58:30 +04:00
|
|
|
return match;
|
2015-06-10 11:34:02 +03:00
|
|
|
}
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2015-06-09 16:33:13 +03:00
|
|
|
mdata = (char*) malloc(size + 2);
|
|
|
|
if (!mdata)
|
2015-06-10 11:34:02 +03:00
|
|
|
{
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 16:33:13 +03:00
|
|
|
return match;
|
2015-06-10 11:34:02 +03:00
|
|
|
}
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2015-06-09 16:33:13 +03:00
|
|
|
data = mdata;
|
2015-12-09 20:29:41 +03:00
|
|
|
if (!ReadFile(fp, data, size, &read, NULL) || (read != size))
|
2012-02-17 09:58:30 +04:00
|
|
|
{
|
2012-10-09 07:21:26 +04:00
|
|
|
free(data);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2012-02-17 09:58:30 +04:00
|
|
|
return match;
|
|
|
|
}
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2012-02-17 09:58:30 +04:00
|
|
|
|
|
|
|
data[size] = '\n';
|
|
|
|
data[size + 1] = '\0';
|
2015-06-09 16:33:13 +03:00
|
|
|
pline = StrSep(&data, "\r\n");
|
2012-02-17 09:58:30 +04:00
|
|
|
|
|
|
|
while (pline != NULL)
|
|
|
|
{
|
|
|
|
length = strlen(pline);
|
|
|
|
|
|
|
|
if (length > 0)
|
|
|
|
{
|
2018-05-11 12:09:54 +03:00
|
|
|
if (certificate_line_is_comment(pline, length))
|
|
|
|
{
|
|
|
|
}
|
|
|
|
else if (!certificate_split_line(pline, &hostname, &port,
|
2015-06-11 12:34:22 +03:00
|
|
|
&subject, &issuer, &fingerprint))
|
2015-06-11 12:16:45 +03:00
|
|
|
WLog_WARN(TAG, "Invalid %s entry %s!",
|
2015-06-11 12:34:22 +03:00
|
|
|
certificate_known_hosts_file, pline);
|
2015-06-09 16:33:13 +03:00
|
|
|
else if (strcmp(pline, certificate_data->hostname) == 0)
|
2012-02-17 09:58:30 +04:00
|
|
|
{
|
2015-06-11 12:16:45 +03:00
|
|
|
int outLen;
|
|
|
|
|
2015-06-09 16:33:13 +03:00
|
|
|
if (port == certificate_data->port)
|
|
|
|
{
|
2015-06-09 17:12:41 +03:00
|
|
|
found = TRUE;
|
2017-05-31 22:05:51 +03:00
|
|
|
if (fingerprint)
|
|
|
|
{
|
|
|
|
match = (strcmp(certificate_data->fingerprint, fingerprint) == 0) ? 0 : -1;
|
|
|
|
if (fprint)
|
|
|
|
*fprint = _strdup(fingerprint);
|
|
|
|
}
|
2015-06-11 12:16:45 +03:00
|
|
|
if (subject && psubject)
|
2015-06-11 12:34:22 +03:00
|
|
|
crypto_base64_decode(subject, strlen(subject), (BYTE**)psubject, &outLen);
|
2015-06-11 12:16:45 +03:00
|
|
|
if (issuer && pissuer)
|
2015-06-11 12:34:22 +03:00
|
|
|
crypto_base64_decode(issuer, strlen(issuer), (BYTE**)pissuer, &outLen);
|
2015-06-09 16:33:13 +03:00
|
|
|
break;
|
|
|
|
}
|
2012-02-17 09:58:30 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-06-09 16:33:13 +03:00
|
|
|
pline = StrSep(&data, "\r\n");
|
2012-02-17 09:58:30 +04:00
|
|
|
}
|
2015-06-09 16:33:13 +03:00
|
|
|
free(mdata);
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2015-06-09 17:12:41 +03:00
|
|
|
if ((match != 0) && !found)
|
|
|
|
match = certificate_data_match_legacy(certificate_store, certificate_data);
|
|
|
|
|
2012-02-17 09:58:30 +04:00
|
|
|
return match;
|
|
|
|
}
|
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
BOOL certificate_get_stored_data(rdpCertificateStore* certificate_store,
|
|
|
|
rdpCertificateData* certificate_data,
|
|
|
|
char** subject, char** issuer,
|
|
|
|
char** fingerprint)
|
2015-06-11 00:33:58 +03:00
|
|
|
{
|
2015-06-11 12:16:45 +03:00
|
|
|
int rc = certificate_data_match_raw(certificate_store, certificate_data,
|
2015-06-11 12:34:22 +03:00
|
|
|
subject, issuer, fingerprint);
|
2015-06-11 10:58:34 +03:00
|
|
|
|
|
|
|
if ((rc == 0) || (rc == -1))
|
|
|
|
return TRUE;
|
|
|
|
return FALSE;
|
2015-06-11 00:33:58 +03:00
|
|
|
}
|
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
int certificate_data_match(rdpCertificateStore* certificate_store,
|
2015-06-11 12:34:22 +03:00
|
|
|
rdpCertificateData* certificate_data)
|
2015-06-11 00:33:58 +03:00
|
|
|
{
|
2015-06-11 12:16:45 +03:00
|
|
|
return certificate_data_match_raw(certificate_store, certificate_data,
|
2015-06-11 12:34:22 +03:00
|
|
|
NULL, NULL, NULL);
|
2015-06-11 00:33:58 +03:00
|
|
|
}
|
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
BOOL certificate_data_replace(rdpCertificateStore* certificate_store,
|
2015-06-11 12:34:22 +03:00
|
|
|
rdpCertificateData* certificate_data)
|
2012-06-29 05:05:10 +04:00
|
|
|
{
|
2015-12-09 20:29:41 +03:00
|
|
|
HANDLE fp;
|
2015-06-10 10:15:28 +03:00
|
|
|
BOOL rc = FALSE;
|
2015-07-13 15:16:04 +03:00
|
|
|
size_t length;
|
2012-06-29 05:05:10 +04:00
|
|
|
char* data;
|
2015-06-09 16:33:13 +03:00
|
|
|
char* sdata;
|
2012-06-29 05:05:10 +04:00
|
|
|
char* pline;
|
2015-12-09 20:29:41 +03:00
|
|
|
UINT64 size;
|
|
|
|
DWORD read, written;
|
|
|
|
DWORD lowSize, highSize;
|
2012-06-29 05:05:10 +04:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
/* Assure POSIX style paths, CreateFile expects either '/' or '\\' */
|
|
|
|
PathCchConvertStyleA(certificate_store->file, strlen(certificate_store->file), PATH_STYLE_UNIX);
|
|
|
|
fp = CreateFileA(certificate_store->file, GENERIC_READ | GENERIC_WRITE, 0,
|
|
|
|
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
2012-06-29 05:05:10 +04:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (fp == INVALID_HANDLE_VALUE)
|
2015-07-13 15:16:04 +03:00
|
|
|
return FALSE;
|
2012-06-29 05:05:10 +04:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if ((lowSize = GetFileSize(fp, &highSize)) == INVALID_FILE_SIZE)
|
2015-06-10 11:34:02 +03:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "GetFileSize(%s) returned %s [0x%08"PRIX32"]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->legacy_file, strerror(errno), GetLastError());
|
|
|
|
CloseHandle(fp);
|
2015-07-13 15:16:04 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
2015-12-09 20:29:41 +03:00
|
|
|
size = (UINT64)lowSize | ((UINT64)highSize << 32);
|
2015-07-13 15:16:04 +03:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (size < 1)
|
2015-07-13 15:16:04 +03:00
|
|
|
{
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 16:33:13 +03:00
|
|
|
return FALSE;
|
2015-06-10 11:34:02 +03:00
|
|
|
}
|
2012-06-29 05:05:10 +04:00
|
|
|
|
2012-10-09 07:21:26 +04:00
|
|
|
data = (char*) malloc(size + 2);
|
2015-06-09 16:33:13 +03:00
|
|
|
if (!data)
|
2012-06-29 05:05:10 +04:00
|
|
|
{
|
2015-06-10 11:34:02 +03:00
|
|
|
fclose(fp);
|
2015-06-09 16:33:13 +03:00
|
|
|
return FALSE;
|
2012-06-29 05:05:10 +04:00
|
|
|
}
|
2015-06-09 16:33:13 +03:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (!ReadFile(fp, data, size, &read, NULL) || (read != size))
|
2015-06-09 16:33:13 +03:00
|
|
|
{
|
|
|
|
free(data);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 16:33:13 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (SetFilePointer(fp, 0, NULL, FILE_BEGIN) == INVALID_SET_FILE_POINTER)
|
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "SetFilePointer(%s) returned %s [0x%08"PRIX32"]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->file, strerror(errno), GetLastError());
|
2015-12-10 15:57:05 +03:00
|
|
|
free(data);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2015-06-11 10:23:32 +03:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (!SetEndOfFile(fp))
|
2015-06-11 10:23:32 +03:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "SetEndOfFile(%s) returned %s [0x%08"PRIX32"]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->file, strerror(errno), GetLastError());
|
2015-12-10 15:57:05 +03:00
|
|
|
free(data);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-11 10:23:32 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2015-06-10 11:34:02 +03:00
|
|
|
/* Write the file back out, with appropriate fingerprint substitutions */
|
2012-06-29 05:05:10 +04:00
|
|
|
data[size] = '\n';
|
|
|
|
data[size + 1] = '\0';
|
2015-06-09 16:33:13 +03:00
|
|
|
sdata = data;
|
|
|
|
pline = StrSep(&sdata, "\r\n");
|
2012-06-29 05:05:10 +04:00
|
|
|
|
|
|
|
while (pline != NULL)
|
|
|
|
{
|
|
|
|
length = strlen(pline);
|
|
|
|
|
|
|
|
if (length > 0)
|
|
|
|
{
|
2015-06-09 16:33:13 +03:00
|
|
|
UINT16 port = 0;
|
2015-06-11 12:16:45 +03:00
|
|
|
char* hostname = NULL;
|
|
|
|
char* fingerprint = NULL;
|
|
|
|
char* subject = NULL;
|
|
|
|
char* issuer = NULL;
|
2015-12-09 20:29:41 +03:00
|
|
|
char* tdata;
|
2015-06-09 16:33:13 +03:00
|
|
|
|
2018-05-11 12:09:54 +03:00
|
|
|
if (certificate_line_is_comment(pline, length))
|
|
|
|
{
|
|
|
|
}
|
|
|
|
else if (!certificate_split_line(pline, &hostname, &port, &subject, &issuer, &fingerprint))
|
2015-06-11 10:58:34 +03:00
|
|
|
WLog_WARN(TAG, "Skipping invalid %s entry %s!",
|
2015-06-11 12:34:22 +03:00
|
|
|
certificate_known_hosts_file, pline);
|
2012-06-29 05:05:10 +04:00
|
|
|
else
|
2015-06-09 16:33:13 +03:00
|
|
|
{
|
|
|
|
/* If this is the replaced hostname, use the updated fingerprint. */
|
2015-06-11 10:58:34 +03:00
|
|
|
if ((strcmp(hostname, certificate_data->hostname) == 0) &&
|
|
|
|
(port == certificate_data->port))
|
2015-06-10 10:15:28 +03:00
|
|
|
{
|
2015-06-09 16:33:13 +03:00
|
|
|
fingerprint = certificate_data->fingerprint;
|
2015-06-10 10:15:28 +03:00
|
|
|
rc = TRUE;
|
|
|
|
}
|
2015-12-09 20:29:41 +03:00
|
|
|
|
2016-12-14 00:47:08 +03:00
|
|
|
size = _snprintf(NULL, 0, "%s %"PRIu16" %s %s %s\n", hostname, port, fingerprint, subject, issuer);
|
2015-12-09 20:29:41 +03:00
|
|
|
tdata = malloc(size + 1);
|
|
|
|
if (!tdata)
|
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "malloc(%s) returned %s [0x%08X]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->file, strerror(errno), errno);
|
2015-12-10 15:57:05 +03:00
|
|
|
free(data);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2016-12-14 00:47:08 +03:00
|
|
|
if (_snprintf(tdata, size + 1, "%s %"PRIu16" %s %s %s\n", hostname, port, fingerprint, subject, issuer) != size)
|
2015-07-13 15:16:04 +03:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "_snprintf(%s) returned %s [0x%08X]",
|
2015-07-13 15:16:04 +03:00
|
|
|
certificate_store->file, strerror(errno), errno);
|
2015-12-09 20:29:41 +03:00
|
|
|
free(tdata);
|
2015-12-10 15:57:05 +03:00
|
|
|
free(data);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-07-13 15:16:04 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
2015-12-09 20:29:41 +03:00
|
|
|
if (!WriteFile(fp, tdata, size, &written, NULL) || (written != size))
|
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "WriteFile(%s) returned %s [0x%08X]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->file, strerror(errno), errno);
|
|
|
|
free(tdata);
|
2015-12-10 15:57:05 +03:00
|
|
|
free(data);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
free(tdata);
|
2015-06-09 16:33:13 +03:00
|
|
|
}
|
2012-06-29 05:05:10 +04:00
|
|
|
}
|
|
|
|
|
2015-06-09 16:33:13 +03:00
|
|
|
pline = StrSep(&sdata, "\r\n");
|
2012-06-29 05:05:10 +04:00
|
|
|
}
|
2015-06-09 16:33:13 +03:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 16:33:13 +03:00
|
|
|
free(data);
|
|
|
|
|
2015-06-10 10:15:28 +03:00
|
|
|
return rc;
|
2012-06-29 05:05:10 +04:00
|
|
|
}
|
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
BOOL certificate_split_line(char* line, char** host, UINT16* port, char** subject,
|
2015-06-11 12:34:22 +03:00
|
|
|
char** issuer, char** fingerprint)
|
2015-06-09 16:33:13 +03:00
|
|
|
{
|
|
|
|
char* cur;
|
|
|
|
size_t length = strlen(line);
|
|
|
|
|
|
|
|
if (length <= 0)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
cur = StrSep(&line, " \t");
|
|
|
|
if (!cur)
|
|
|
|
return FALSE;
|
|
|
|
*host = cur;
|
|
|
|
|
|
|
|
cur = StrSep(&line, " \t");
|
|
|
|
if (!cur)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if(sscanf(cur, "%hu", port) != 1)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
cur = StrSep(&line, " \t");
|
|
|
|
if (!cur)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
*fingerprint = cur;
|
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
cur = StrSep(&line, " \t");
|
|
|
|
if (!cur)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
*subject = cur;
|
|
|
|
|
|
|
|
cur = StrSep(&line, " \t");
|
|
|
|
if (!cur)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
*issuer = cur;
|
|
|
|
|
2015-06-09 16:33:13 +03:00
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
BOOL certificate_data_print(rdpCertificateStore* certificate_store, rdpCertificateData* certificate_data)
|
2012-02-17 09:58:30 +04:00
|
|
|
{
|
2015-12-09 20:29:41 +03:00
|
|
|
HANDLE fp;
|
|
|
|
char* tdata;
|
|
|
|
UINT64 size;
|
|
|
|
DWORD written;
|
2012-02-17 09:58:30 +04:00
|
|
|
|
|
|
|
/* reopen in append mode */
|
2015-12-09 20:29:41 +03:00
|
|
|
/* Assure POSIX style paths, CreateFile expects either '/' or '\\' */
|
|
|
|
PathCchConvertStyleA(certificate_store->file, strlen(certificate_store->file), PATH_STYLE_UNIX);
|
|
|
|
fp = CreateFileA(certificate_store->file, GENERIC_WRITE, 0,
|
|
|
|
NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (fp == INVALID_HANDLE_VALUE)
|
2015-06-09 16:33:13 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
if (SetFilePointer(fp, 0, NULL, FILE_END) == INVALID_SET_FILE_POINTER)
|
2015-07-13 15:16:04 +03:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "SetFilePointer(%s) returned %s [0x%08"PRIX32"]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->file, strerror(errno), GetLastError());
|
|
|
|
CloseHandle(fp);
|
2015-07-13 15:16:04 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2016-12-14 00:47:08 +03:00
|
|
|
size = _snprintf(NULL, 0, "%s %"PRIu16" %s %s %s\n", certificate_data->hostname, certificate_data->port,
|
2015-06-11 12:16:45 +03:00
|
|
|
certificate_data->fingerprint, certificate_data->subject,
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_data->issuer);
|
|
|
|
tdata = malloc(size + 1);
|
|
|
|
if (!tdata)
|
2015-07-13 15:16:04 +03:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "malloc(%s) returned %s [0x%08X]",
|
2015-07-13 15:16:04 +03:00
|
|
|
certificate_store->file, strerror(errno), errno);
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-07-13 15:16:04 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
2016-12-14 00:47:08 +03:00
|
|
|
if (_snprintf(tdata, size + 1, "%s %"PRIu16" %s %s %s\n", certificate_data->hostname, certificate_data->port,
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_data->fingerprint, certificate_data->subject,
|
|
|
|
certificate_data->issuer) != size)
|
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "_snprintf(%s) returned %s [0x%08X]",
|
2015-12-09 20:29:41 +03:00
|
|
|
certificate_store->file, strerror(errno), errno);
|
|
|
|
free(tdata);
|
|
|
|
CloseHandle(fp);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
if (!WriteFile(fp, tdata, size, &written, NULL) || (written != size))
|
2015-07-13 15:16:04 +03:00
|
|
|
{
|
2016-12-14 00:47:08 +03:00
|
|
|
WLog_ERR(TAG, "WriteFile(%s) returned %s [0x%08X]",
|
2015-07-13 15:16:04 +03:00
|
|
|
certificate_store->file, strerror(errno), errno);
|
2015-12-09 20:29:41 +03:00
|
|
|
free(tdata);
|
|
|
|
CloseHandle(fp);
|
|
|
|
return FALSE;
|
2015-07-13 15:16:04 +03:00
|
|
|
}
|
2015-12-09 20:29:41 +03:00
|
|
|
free(tdata);
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2015-12-09 20:29:41 +03:00
|
|
|
CloseHandle(fp);
|
2015-06-09 16:33:13 +03:00
|
|
|
|
|
|
|
return TRUE;
|
2012-02-17 09:58:30 +04:00
|
|
|
}
|
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
rdpCertificateData* certificate_data_new(char* hostname, UINT16 port, char* subject, char* issuer, char* fingerprint)
|
2012-02-17 09:58:30 +04:00
|
|
|
{
|
2015-07-13 16:52:06 +03:00
|
|
|
size_t i;
|
2012-02-17 09:58:30 +04:00
|
|
|
rdpCertificateData* certdata;
|
|
|
|
|
2015-06-11 12:34:22 +03:00
|
|
|
if (!hostname)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (!fingerprint)
|
|
|
|
return NULL;
|
|
|
|
|
2014-03-26 02:13:08 +04:00
|
|
|
certdata = (rdpCertificateData *)calloc(1, sizeof(rdpCertificateData));
|
|
|
|
if (!certdata)
|
|
|
|
return NULL;
|
|
|
|
|
2015-06-09 16:33:13 +03:00
|
|
|
certdata->port = port;
|
2014-03-26 02:13:08 +04:00
|
|
|
certdata->hostname = _strdup(hostname);
|
2015-06-11 12:34:22 +03:00
|
|
|
if (subject)
|
|
|
|
certdata->subject = crypto_base64_encode((BYTE*)subject, strlen(subject));
|
|
|
|
else
|
|
|
|
certdata->subject = crypto_base64_encode((BYTE*)"", 0);
|
|
|
|
if (issuer)
|
2015-07-13 16:52:06 +03:00
|
|
|
certdata->issuer = crypto_base64_encode((BYTE*)issuer, strlen(issuer));
|
2015-06-11 12:34:22 +03:00
|
|
|
else
|
|
|
|
certdata->issuer = crypto_base64_encode((BYTE*)"", 0);
|
2014-03-26 02:13:08 +04:00
|
|
|
certdata->fingerprint = _strdup(fingerprint);
|
2015-06-11 12:16:45 +03:00
|
|
|
|
|
|
|
if (!certdata->hostname || !certdata->subject ||
|
2015-06-11 12:34:22 +03:00
|
|
|
!certdata->issuer || !certdata->fingerprint)
|
2015-06-11 12:16:45 +03:00
|
|
|
goto fail;
|
|
|
|
|
2015-07-13 16:52:06 +03:00
|
|
|
for (i=0; i<strlen(hostname); i++)
|
|
|
|
certdata->hostname[i] = tolower(certdata->hostname[i]);
|
|
|
|
|
2012-02-17 09:58:30 +04:00
|
|
|
return certdata;
|
2014-03-26 02:13:08 +04:00
|
|
|
|
2015-06-11 12:16:45 +03:00
|
|
|
fail:
|
2014-03-26 02:13:08 +04:00
|
|
|
free(certdata->hostname);
|
2015-06-11 12:16:45 +03:00
|
|
|
free(certdata->subject);
|
|
|
|
free(certdata->issuer);
|
|
|
|
free(certdata->fingerprint);
|
2014-03-26 02:13:08 +04:00
|
|
|
free(certdata);
|
|
|
|
return NULL;
|
2012-02-17 09:58:30 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
void certificate_data_free(rdpCertificateData* certificate_data)
|
|
|
|
{
|
|
|
|
if (certificate_data != NULL)
|
|
|
|
{
|
2012-10-09 07:21:26 +04:00
|
|
|
free(certificate_data->hostname);
|
2015-06-11 12:16:45 +03:00
|
|
|
free(certificate_data->subject);
|
|
|
|
free(certificate_data->issuer);
|
2012-10-09 07:21:26 +04:00
|
|
|
free(certificate_data->fingerprint);
|
|
|
|
free(certificate_data);
|
2012-02-17 09:58:30 +04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
rdpCertificateStore* certificate_store_new(rdpSettings* settings)
|
|
|
|
{
|
|
|
|
rdpCertificateStore* certificate_store;
|
|
|
|
|
2014-07-18 05:15:22 +04:00
|
|
|
certificate_store = (rdpCertificateStore*) calloc(1, sizeof(rdpCertificateStore));
|
2012-02-17 09:58:30 +04:00
|
|
|
|
2014-04-09 18:07:06 +04:00
|
|
|
if (!certificate_store)
|
|
|
|
return NULL;
|
2012-11-22 04:22:41 +04:00
|
|
|
|
2014-04-09 18:07:06 +04:00
|
|
|
certificate_store->settings = settings;
|
2014-07-18 05:15:22 +04:00
|
|
|
|
2015-05-05 20:45:34 +03:00
|
|
|
if (!certificate_store_init(certificate_store))
|
|
|
|
{
|
|
|
|
free(certificate_store);
|
|
|
|
return NULL;
|
|
|
|
}
|
2012-02-17 09:58:30 +04:00
|
|
|
|
|
|
|
return certificate_store;
|
|
|
|
}
|
|
|
|
|
|
|
|
void certificate_store_free(rdpCertificateStore* certstore)
|
|
|
|
{
|
|
|
|
if (certstore != NULL)
|
|
|
|
{
|
2012-10-09 07:21:26 +04:00
|
|
|
free(certstore->path);
|
|
|
|
free(certstore->file);
|
2015-06-23 16:40:37 +03:00
|
|
|
free(certstore->legacy_file);
|
2012-10-09 07:21:26 +04:00
|
|
|
free(certstore);
|
2012-02-17 09:58:30 +04:00
|
|
|
}
|
|
|
|
}
|