Merge pull request #4596 from p-pautov/rdg_ssl_fixes

RDG related fixes for better compatibility with mstsc
This commit is contained in:
Martin Fleisz 2018-05-03 10:23:12 +02:00 committed by GitHub
commit 296b19e172
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 21 additions and 32 deletions

3
client/common/file.c Normal file → Executable file
View File

@ -855,8 +855,7 @@ BOOL freerdp_client_populate_settings_from_rdp_file(rdpFile* file, rdpSettings*
* 2: If server authentication fails, show a warning and allow me to connect or refuse the connection (Warn me). * 2: If server authentication fails, show a warning and allow me to connect or refuse the connection (Warn me).
* 3: No authentication requirement is specified. * 3: No authentication requirement is specified.
*/ */
freerdp_set_param_bool(settings, FreeRDP_IgnoreCertificate, settings->AuthenticationLevel = file->AuthenticationLevel;
(file->AuthenticationLevel == 0) ? TRUE : FALSE);
} }
if (~file->ConnectionType) if (~file->ConnectionType)

View File

@ -734,7 +734,7 @@ static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls, const char* peerAddress, i
} }
static BOOL rdg_establish_data_connection(rdpRdg* rdg, rdpTls* tls, static BOOL rdg_establish_data_connection(rdpRdg* rdg, rdpTls* tls,
const char* method, const char* peerAddress, int timeout) const char* method, const char* peerAddress, int timeout, BOOL* rpcFallback)
{ {
HttpResponse* response = NULL; HttpResponse* response = NULL;
int statusCode; int statusCode;
@ -755,6 +755,14 @@ static BOOL rdg_establish_data_connection(rdpRdg* rdg, rdpTls* tls,
if (!response) if (!response)
return FALSE; return FALSE;
if (response->StatusCode == HTTP_STATUS_NOT_FOUND)
{
WLog_INFO(TAG, "RD Gateway does not support HTTP transport.");
if (rpcFallback) *rpcFallback = TRUE;
http_response_free(response);
return FALSE;
}
if (!rdg_handle_ntlm_challenge(rdg->ntlm, response)) if (!rdg_handle_ntlm_challenge(rdg->ntlm, response))
{ {
http_response_free(response); http_response_free(response);
@ -825,7 +833,7 @@ static BOOL rdg_tunnel_connect(rdpRdg* rdg)
return TRUE; return TRUE;
} }
BOOL rdg_connect(rdpRdg* rdg, const char* hostname, UINT16 port, int timeout) BOOL rdg_connect(rdpRdg* rdg, int timeout, BOOL* rpcFallback)
{ {
BOOL status; BOOL status;
int outConnSocket = 0; int outConnSocket = 0;
@ -833,7 +841,7 @@ BOOL rdg_connect(rdpRdg* rdg, const char* hostname, UINT16 port, int timeout)
assert(rdg != NULL); assert(rdg != NULL);
status = rdg_establish_data_connection( status = rdg_establish_data_connection(
rdg, rdg->tlsOut, "RDG_OUT_DATA", NULL, timeout); rdg, rdg->tlsOut, "RDG_OUT_DATA", NULL, timeout, rpcFallback);
if (status) if (status)
{ {
@ -844,7 +852,7 @@ BOOL rdg_connect(rdpRdg* rdg, const char* hostname, UINT16 port, int timeout)
peerAddress = freerdp_tcp_get_peer_address(outConnSocket); peerAddress = freerdp_tcp_get_peer_address(outConnSocket);
status = rdg_establish_data_connection( status = rdg_establish_data_connection(
rdg, rdg->tlsIn, "RDG_IN_DATA", peerAddress, timeout); rdg, rdg->tlsIn, "RDG_IN_DATA", peerAddress, timeout, NULL);
free(peerAddress); free(peerAddress);
} }

View File

@ -138,8 +138,7 @@ struct rdp_rdg
FREERDP_LOCAL rdpRdg* rdg_new(rdpTransport* transport); FREERDP_LOCAL rdpRdg* rdg_new(rdpTransport* transport);
FREERDP_LOCAL void rdg_free(rdpRdg* rdg); FREERDP_LOCAL void rdg_free(rdpRdg* rdg);
FREERDP_LOCAL BOOL rdg_connect(rdpRdg* rdg, const char* hostname, UINT16 port, FREERDP_LOCAL BOOL rdg_connect(rdpRdg* rdg, int timeout, BOOL* rpcFallback);
int timeout);
FREERDP_LOCAL DWORD rdg_get_event_handles(rdpRdg* rdg, HANDLE* events, FREERDP_LOCAL DWORD rdg_get_event_handles(rdpRdg* rdg, HANDLE* events,
DWORD count); DWORD count);

5
libfreerdp/core/transport.c Normal file → Executable file
View File

@ -354,6 +354,7 @@ BOOL transport_connect(rdpTransport* transport, const char* hostname,
BOOL status = FALSE; BOOL status = FALSE;
rdpSettings* settings = transport->settings; rdpSettings* settings = transport->settings;
rdpContext* context = transport->context; rdpContext* context = transport->context;
BOOL rpcFallback = !settings->GatewayHttpTransport;
transport->async = settings->AsyncTransport; transport->async = settings->AsyncTransport;
if (transport->GatewayEnabled) if (transport->GatewayEnabled)
@ -365,7 +366,7 @@ BOOL transport_connect(rdpTransport* transport, const char* hostname,
if (!transport->rdg) if (!transport->rdg)
return FALSE; return FALSE;
status = rdg_connect(transport->rdg, hostname, port, timeout); status = rdg_connect(transport->rdg, timeout, &rpcFallback);
if (status) if (status)
{ {
@ -381,7 +382,7 @@ BOOL transport_connect(rdpTransport* transport, const char* hostname,
} }
} }
if (!status && settings->GatewayRpcTransport) if (!status && settings->GatewayRpcTransport && rpcFallback)
{ {
transport->tsg = tsg_new(transport); transport->tsg = tsg_new(transport);

View File

@ -78,12 +78,6 @@ struct _BIO_RDP_TLS
}; };
typedef struct _BIO_RDP_TLS BIO_RDP_TLS; typedef struct _BIO_RDP_TLS BIO_RDP_TLS;
static long bio_rdp_tls_callback(BIO* bio, int mode, const char* argp, int argi,
long argl, long ret)
{
return 1;
}
static int bio_rdp_tls_write(BIO* bio, const char* buf, int size) static int bio_rdp_tls_write(BIO* bio, const char* buf, int size)
{ {
int error; int error;
@ -1052,21 +1046,6 @@ BOOL tls_send_alert(rdpTls* tls)
return TRUE; return TRUE;
} }
static BIO* findBufferedBio(BIO* front)
{
BIO* ret = front;
while (ret)
{
if (BIO_method_type(ret) == BIO_TYPE_BUFFERED)
return ret;
ret = BIO_next(ret);
}
return ret;
}
int tls_write_all(rdpTls* tls, const BYTE* data, int length) int tls_write_all(rdpTls* tls, const BYTE* data, int length)
{ {
int status; int status;
@ -1245,8 +1224,11 @@ int tls_verify_certificate(rdpTls* tls, CryptoCert cert, char* hostname,
if (tls->settings->IgnoreCertificate) if (tls->settings->IgnoreCertificate)
return 1; /* success! */ return 1; /* success! */
if (!tls->isGatewayTransport && tls->settings->AuthenticationLevel == 0)
return 1; /* success! */
/* if user explicitly specified a certificate name, use it instead of the hostname */ /* if user explicitly specified a certificate name, use it instead of the hostname */
if (tls->settings->CertificateName) if (!tls->isGatewayTransport && tls->settings->CertificateName)
hostname = tls->settings->CertificateName; hostname = tls->settings->CertificateName;
/* attempt verification using OpenSSL and the ~/.freerdp/certs certificate store */ /* attempt verification using OpenSSL and the ~/.freerdp/certs certificate store */