From 0e57706de515029150034a0249edd92c81ea0e87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= Date: Tue, 17 Feb 2015 21:01:27 -0500 Subject: [PATCH] libfreerdp-core: cleanup connect error codes, fix Win32 NLA --- libfreerdp/core/connection.c | 4 -- libfreerdp/core/freerdp.c | 80 ++++++++++++++++++++-------- libfreerdp/core/gateway/ncacn_http.c | 1 - libfreerdp/core/gateway/rpc_bind.c | 1 - libfreerdp/core/gateway/rpc_client.c | 5 -- libfreerdp/core/mcs.c | 7 --- libfreerdp/core/nla.c | 27 ++++------ libfreerdp/core/transport.c | 9 ---- 8 files changed, 69 insertions(+), 65 deletions(-) diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 348f32630..9832959bf 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -268,9 +268,7 @@ BOOL rdp_client_connect(rdpRdp* rdp) if (!nego_connect(rdp->nego)) { if (!freerdp_get_last_error(rdp->context)) - { freerdp_set_last_error(rdp->context, FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED); - } WLog_ERR(TAG, "Error: protocol security negotiation or connection failure"); return FALSE; @@ -300,9 +298,7 @@ BOOL rdp_client_connect(rdpRdp* rdp) if (rdp_check_fds(rdp) < 0) { if (!freerdp_get_last_error(rdp->context)) - { freerdp_set_last_error(rdp->context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED); - } return FALSE; } diff --git a/libfreerdp/core/freerdp.c b/libfreerdp/core/freerdp.c index 54d6d14fe..fc955efc8 100644 --- a/libfreerdp/core/freerdp.c +++ b/libfreerdp/core/freerdp.c @@ -84,17 +84,10 @@ BOOL freerdp_connect(freerdp* instance) if (!status) { - if (!connectErrorCode) - { - connectErrorCode = PREECONNECTERROR; - } - if (!freerdp_get_last_error(rdp->context)) - { freerdp_set_last_error(instance->context, FREERDP_ERROR_PRE_CONNECT_FAILED); - } - WLog_ERR(TAG, "freerdp_pre_connect failed"); + WLog_ERR(TAG, "freerdp_pre_connect failed"); goto freerdp_connect_finally; } @@ -103,7 +96,7 @@ BOOL freerdp_connect(freerdp* instance) /* --authonly tests the connection without a UI */ if (instance->settings->AuthenticationOnly) { - WLog_ERR(TAG, "Authentication only, exit status %d", !status); + WLog_ERR(TAG, "Authentication only, exit status %d", !status); goto freerdp_connect_finally; } @@ -122,17 +115,10 @@ BOOL freerdp_connect(freerdp* instance) if (!status) { - WLog_ERR(TAG, "freerdp_post_connect failed"); - - if (!connectErrorCode) - { - connectErrorCode = POSTCONNECTERROR; - } + WLog_ERR(TAG, "freerdp_post_connect failed"); if (!freerdp_get_last_error(rdp->context)) - { freerdp_set_last_error(instance->context, FREERDP_ERROR_POST_CONNECT_FAILED); - } goto freerdp_connect_finally; } @@ -183,10 +169,7 @@ BOOL freerdp_connect(freerdp* instance) } if (rdp->errorInfo == ERRINFO_SERVER_INSUFFICIENT_PRIVILEGES) - { - connectErrorCode = INSUFFICIENTPRIVILEGESERROR; freerdp_set_last_error(instance->context, FREERDP_ERROR_INSUFFICIENT_PRIVILEGES); - } SetEvent(rdp->transport->connectedEvent); freerdp_connect_finally: @@ -531,9 +514,64 @@ UINT32 freerdp_get_last_error(rdpContext* context) void freerdp_set_last_error(rdpContext* context, UINT32 lastError) { if (lastError) - WLog_ERR(TAG, "freerdp_set_last_error 0x%04X", lastError); + WLog_ERR(TAG, "freerdp_set_last_error 0x%04X", lastError); context->LastError = lastError; + + switch (lastError) + { + case FREERDP_ERROR_PRE_CONNECT_FAILED: + connectErrorCode = PREECONNECTERROR; + break; + + case FREERDP_ERROR_CONNECT_UNDEFINED: + connectErrorCode = UNDEFINEDCONNECTERROR; + break; + + case FREERDP_ERROR_POST_CONNECT_FAILED: + connectErrorCode = POSTCONNECTERROR; + break; + + case FREERDP_ERROR_DNS_ERROR: + connectErrorCode = DNSERROR; + break; + + case FREERDP_ERROR_DNS_NAME_NOT_FOUND: + connectErrorCode = DNSNAMENOTFOUND; + break; + + case FREERDP_ERROR_CONNECT_FAILED: + connectErrorCode = CONNECTERROR; + break; + + case FREERDP_ERROR_MCS_CONNECT_INITIAL_ERROR: + connectErrorCode = MCSCONNECTINITIALERROR; + break; + + case FREERDP_ERROR_TLS_CONNECT_FAILED: + connectErrorCode = TLSCONNECTERROR; + break; + + case FREERDP_ERROR_AUTHENTICATION_FAILED: + connectErrorCode = AUTHENTICATIONERROR; + break; + + case FREERDP_ERROR_INSUFFICIENT_PRIVILEGES: + connectErrorCode = INSUFFICIENTPRIVILEGESERROR; + break; + + case FREERDP_ERROR_CONNECT_CANCELLED: + connectErrorCode = CANCELEDBYUSER; + break; + + case FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED: + connectErrorCode = CONNECTERROR; + break; + + case FREERDP_ERROR_CONNECT_TRANSPORT_FAILED: + connectErrorCode = CONNECTERROR; + break; + } } /** Allocator function for the rdp_freerdp structure. diff --git a/libfreerdp/core/gateway/ncacn_http.c b/libfreerdp/core/gateway/ncacn_http.c index 77f8d2f4d..b67663788 100644 --- a/libfreerdp/core/gateway/ncacn_http.c +++ b/libfreerdp/core/gateway/ncacn_http.c @@ -132,7 +132,6 @@ int rpc_ncacn_http_ntlm_init(rdpRpc* rpc, RpcChannel* channel) if (!proceed) { - connectErrorCode = CANCELEDBYUSER; freerdp_set_last_error(context, FREERDP_ERROR_CONNECT_CANCELLED); return 0; } diff --git a/libfreerdp/core/gateway/rpc_bind.c b/libfreerdp/core/gateway/rpc_bind.c index 4c04563db..e4f1105af 100644 --- a/libfreerdp/core/gateway/rpc_bind.c +++ b/libfreerdp/core/gateway/rpc_bind.c @@ -143,7 +143,6 @@ int rpc_send_bind_pdu(rdpRpc* rpc) if (!proceed) { - connectErrorCode = CANCELEDBYUSER; freerdp_set_last_error(instance->context, FREERDP_ERROR_CONNECT_CANCELLED); return 0; } diff --git a/libfreerdp/core/gateway/rpc_client.c b/libfreerdp/core/gateway/rpc_client.c index 5abddfd8a..05ca5d150 100644 --- a/libfreerdp/core/gateway/rpc_client.c +++ b/libfreerdp/core/gateway/rpc_client.c @@ -525,13 +525,8 @@ int rpc_client_out_channel_recv(rdpRpc* rpc) if (response->StatusCode == HTTP_STATUS_DENIED) { - if (!connectErrorCode) - connectErrorCode = AUTHENTICATIONERROR; - if (!freerdp_get_last_error(rpc->context)) - { freerdp_set_last_error(rpc->context, FREERDP_ERROR_AUTHENTICATION_FAILED); - } } return -1; diff --git a/libfreerdp/core/mcs.c b/libfreerdp/core/mcs.c index d1603b930..ea931abe1 100644 --- a/libfreerdp/core/mcs.c +++ b/libfreerdp/core/mcs.c @@ -1056,15 +1056,8 @@ BOOL mcs_client_begin(rdpMcs* mcs) if (!mcs_send_connect_initial(mcs)) { - if (!connectErrorCode) - { - connectErrorCode = MCSCONNECTINITIALERROR; - } - if (!freerdp_get_last_error(context)) - { freerdp_set_last_error(context, FREERDP_ERROR_MCS_CONNECT_INITIAL_ERROR); - } WLog_ERR(TAG, "Error: unable to send MCS Connect Initial"); return FALSE; diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index b7a1a5b58..884d906f1 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -109,13 +109,10 @@ int nla_client_init(rdpNla* nla) { char* spn; int length; - BOOL PromptPassword; rdpTls* tls = NULL; - freerdp* instance; - rdpSettings* settings; - PromptPassword = FALSE; - settings = nla->settings; - instance = (freerdp*) settings->instance; + BOOL PromptPassword = FALSE; + freerdp* instance = nla->instance; + rdpSettings* settings = nla->settings; nla->state = NLA_STATE_INITIAL; @@ -129,7 +126,6 @@ int nla_client_init(rdpNla* nla) } #ifndef _WIN32 - if (PromptPassword) { if (settings->RestrictedAdminModeRequired) @@ -138,7 +134,6 @@ int nla_client_init(rdpNla* nla) PromptPassword = FALSE; } } - #endif if (PromptPassword) @@ -150,7 +145,6 @@ int nla_client_init(rdpNla* nla) if (!proceed) { - connectErrorCode = CANCELEDBYUSER; freerdp_set_last_error(instance->context, FREERDP_ERROR_CONNECT_CANCELLED); return 0; } @@ -158,6 +152,7 @@ int nla_client_init(rdpNla* nla) } sspi_SetAuthIdentity(&(nla->identity), settings->Username, settings->Domain, settings->Password); + #ifndef _WIN32 { SEC_WINNT_AUTH_IDENTITY* identity = &(nla->identity); @@ -184,9 +179,6 @@ int nla_client_init(rdpNla* nla) } #endif - WLog_DBG(TAG, "User: %s Domain: %s Password: %s", - (char*) nla->identity.User, (char*) nla->identity.Domain, (char*) nla->identity.Password); - tls = nla->transport->tls; if (!tls) @@ -205,15 +197,16 @@ int nla_client_init(rdpNla* nla) return -1; sprintf(spn, "%s%s", TERMSRV_SPN_PREFIX, settings->ServerHostname); + #ifdef UNICODE - nla->ServicePrincipalName = (LPTSTR) malloc(length * 2 + 2); - MultiByteToWideChar(CP_UTF8, 0, spn, length, (LPWSTR) nla->ServicePrincipalName, length); + nla->ServicePrincipalName = NULL; + ConvertToUnicode(CP_UTF8, 0, spn, -1, &nla->ServicePrincipalName, 0); free(spn); #else nla->ServicePrincipalName = spn; #endif - nla->table = InitSecurityInterfaceEx(0); + nla->table = InitSecurityInterfaceEx(SSPI_INTERFACE_WINPR); nla->status = nla->table->QuerySecurityPackageInfo(NLA_PKG_NAME, &nla->pPackageInfo); if (nla->status != SEC_E_OK) @@ -771,9 +764,9 @@ SECURITY_STATUS nla_decrypt_public_key_echo(rdpNla* nla) SecBufferDesc Message; SECURITY_STATUS status; - if (nla->PublicKey.cbBuffer + nla->ContextSizes.cbMaxSignature != nla->pubKeyAuth.cbBuffer) + if ((nla->PublicKey.cbBuffer + nla->ContextSizes.cbMaxSignature) != nla->pubKeyAuth.cbBuffer) { - WLog_ERR(TAG, "unexpected pubKeyAuth buffer size:%d", (int) nla->pubKeyAuth.cbBuffer); + WLog_ERR(TAG, "unexpected pubKeyAuth buffer size: %d", (int) nla->pubKeyAuth.cbBuffer); return SEC_E_INVALID_TOKEN; } diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 80879150e..be6c0a1e3 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -130,9 +130,6 @@ BOOL transport_connect_tls(rdpTransport* transport) { if (tlsStatus < 0) { - if (!connectErrorCode) - connectErrorCode = TLSCONNECTERROR; - if (!freerdp_get_last_error(context)) freerdp_set_last_error(context, FREERDP_ERROR_TLS_CONNECT_FAILED); } @@ -187,15 +184,9 @@ BOOL transport_connect_nla(rdpTransport* transport) if (nla_client_begin(rdp->nla) < 0) { - if (!connectErrorCode) - connectErrorCode = AUTHENTICATIONERROR; - if (!freerdp_get_last_error(context)) freerdp_set_last_error(context, FREERDP_ERROR_AUTHENTICATION_FAILED); - WLog_ERR(TAG, "Authentication failure, check credentials." - "If credentials are valid, the NTLMSSP implementation may be to blame."); - transport_set_nla_mode(transport, FALSE); return FALSE;