diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 2e2de425f..97030a760 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -209,14 +209,6 @@ BOOL rdp_client_connect(rdpRdp* rdp) nego_set_cookie(rdp->nego, cookie); free(cookie); - - settings->RdpSecurity = TRUE; - settings->TlsSecurity = FALSE; - settings->NlaSecurity = FALSE; - settings->ExtSecurity = FALSE; - - //settings->TlsSecurity = TRUE; - //settings->NlaSecurity = TRUE; } else { diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c index 13afb11fd..299cd7203 100644 --- a/libfreerdp/core/nego.c +++ b/libfreerdp/core/nego.c @@ -43,11 +43,16 @@ static const char* const NEGO_STATE_STRINGS[] = "NEGO_STATE_FINAL" }; -static const char PROTOCOL_SECURITY_STRINGS[4][4] = +static const char PROTOCOL_SECURITY_STRINGS[9][4] = { "RDP", "TLS", "NLA", + "UNK", + "UNK", + "UNK", + "UNK", + "UNK", "EXT" }; diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index 1bface6dc..3bc9cbc2d 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -138,8 +138,18 @@ int credssp_ntlm_client_init(rdpCredssp* credssp) (char*) credssp->identity.User, (char*) credssp->identity.Domain, (char*) credssp->identity.Password); #endif - sspi_SecBufferAlloc(&credssp->PublicKey, credssp->transport->TlsIn->PublicKeyLength); - CopyMemory(credssp->PublicKey.pvBuffer, credssp->transport->TlsIn->PublicKey, credssp->transport->TlsIn->PublicKeyLength); + rdpTls *tls = NULL; + if(credssp->transport->layer == TRANSPORT_LAYER_TLS) { + tls = credssp->transport->TlsIn; + } else if(credssp->transport->layer == TRANSPORT_LAYER_TSG_TLS) { + tls = credssp->transport->TsgTls; + } else { + fprintf(stderr, "Unknown NLA transport layer\n"); + return 0; + } + + sspi_SecBufferAlloc(&credssp->PublicKey, tls->PublicKeyLength); + CopyMemory(credssp->PublicKey.pvBuffer, tls->PublicKey, tls->PublicKeyLength); length = sizeof(TERMSRV_SPN_PREFIX) + strlen(settings->ServerHostname); diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 17a0333e8..3cd138273 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -77,7 +77,7 @@ BOOL transport_disconnect(rdpTransport* transport) if (transport->layer == TRANSPORT_LAYER_TLS) status &= tls_disconnect(transport->TlsIn); - if (transport->layer == TRANSPORT_LAYER_TSG) + if (transport->layer == TRANSPORT_LAYER_TSG || transport->layer == TRANSPORT_LAYER_TSG_TLS) { tsg_disconnect(transport->tsg); } @@ -106,9 +106,6 @@ BOOL transport_connect_rdp(rdpTransport* transport) long transport_bio_tsg_callback(BIO* bio, int mode, const char* argp, int argi, long argl, long ret) { - printf("transport_bio_tsg_callback: mode: %d argp: %p argi: %d argl: %d ret: %d\n", - mode, argp, argi, argl, ret); - return 1; } @@ -117,13 +114,9 @@ static int transport_bio_tsg_write(BIO* bio, const char* buf, int num) int status; rdpTsg* tsg; - printf("transport_bio_tsg_write: %d\n", num); - tsg = (rdpTsg*) bio->ptr; status = tsg_write(tsg, (BYTE*) buf, num); - printf("tsg_write: %d\n", status); - BIO_clear_retry_flags(bio); if (status <= 0) @@ -139,13 +132,9 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, int size) int status; rdpTsg* tsg; - printf("transport_bio_tsg_read: %d\n", size); - tsg = (rdpTsg*) bio->ptr; status = tsg_read(bio->ptr, (BYTE*) buf, size); - printf("tsg_read: %d\n", status); - BIO_clear_retry_flags(bio); if (status <= 0) @@ -153,31 +142,31 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, int size) BIO_set_retry_read(bio); } - return status; + return status > 0 ? status : -1; } static int transport_bio_tsg_puts(BIO* bio, const char* str) { - printf("transport_bio_tsg_puts: %d\n", strlen(str)); return 1; } static int transport_bio_tsg_gets(BIO* bio, char* str, int size) { - printf("transport_bio_tsg_gets: %d\n", size); return 1; } static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) { - printf("transport_bio_tsg_ctrl: cmd: %d arg1: %d arg2: %p\n", cmd, arg1, arg2); - return 1; + if (cmd == BIO_CTRL_FLUSH) + { + return 1; + } + + return 0; } static int transport_bio_tsg_new(BIO* bio) { - printf("transport_bio_tsg_new\n"); - bio->init = 1; bio->num = 0; bio->ptr = NULL; @@ -188,7 +177,6 @@ static int transport_bio_tsg_new(BIO* bio) static int transport_bio_tsg_free(BIO* bio) { - printf("transport_bio_tsg_free\n"); return 1; } @@ -217,28 +205,21 @@ BOOL transport_connect_tls(rdpTransport* transport) { if (transport->layer == TRANSPORT_LAYER_TSG) { - if (!transport->TlsIn) - transport->TlsIn = tls_new(transport->settings); + transport->TsgTls = tls_new(transport->settings); - if (!transport->TlsOut) - transport->TlsOut = transport->TlsIn; + transport->TsgTls->methods = BIO_s_tsg(); + transport->TsgTls->tsg = (void*) transport->tsg; - transport->TlsIn->methods = BIO_s_tsg(); - transport->TlsIn->tsg = (void*) transport->tsg; + transport->layer = TRANSPORT_LAYER_TSG_TLS; - transport->layer = TRANSPORT_LAYER_TLS; - - if (tls_connect(transport->TlsIn) != TRUE) + if (tls_connect(transport->TsgTls) != TRUE) { if (!connectErrorCode) connectErrorCode = TLSCONNECTERROR; - tls_free(transport->TlsIn); + tls_free(transport->TsgTls); - if (transport->TlsIn == transport->TlsOut) - transport->TlsIn = transport->TlsOut = NULL; - else - transport->TlsIn = NULL; + transport->TsgTls = NULL; return FALSE; } @@ -278,9 +259,6 @@ BOOL transport_connect_nla(rdpTransport* transport) freerdp* instance; rdpSettings* settings; - if (transport->layer == TRANSPORT_LAYER_TSG) - return TRUE; - if (!transport_connect_tls(transport)) return FALSE; @@ -522,6 +500,9 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) status = tcp_read(transport->TcpIn, data + read, bytes - read); else if (transport->layer == TRANSPORT_LAYER_TSG) status = tsg_read(transport->tsg, data + read, bytes - read); + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) { + status = tls_read(transport->TsgTls, data + read, bytes - read); + } /* blocking means that we can't continue until this is read */ @@ -687,6 +668,8 @@ int transport_write(rdpTransport* transport, wStream* s) status = tcp_write(transport->TcpOut, Stream_Pointer(s), length); else if (transport->layer == TRANSPORT_LAYER_TSG) status = tsg_write(transport->tsg, Stream_Pointer(s), length); + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) + status = tls_write(transport->TsgTls, Stream_Pointer(s), length); if (status < 0) break; /* error occurred */ @@ -705,6 +688,8 @@ int transport_write(rdpTransport* transport, wStream* s) tls_wait_write(transport->TlsOut); else if (transport->layer == TRANSPORT_LAYER_TCP) tcp_wait_write(transport->TcpOut); + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) + tls_wait_write(transport->TsgTls); else USleep(transport->SleepInterval); } @@ -931,7 +916,7 @@ BOOL transport_set_blocking_mode(rdpTransport* transport, BOOL blocking) status &= tcp_set_blocking_mode(transport->TcpIn, blocking); } - if (transport->layer == TRANSPORT_LAYER_TSG) + if (transport->layer == TRANSPORT_LAYER_TSG || transport->layer == TRANSPORT_LAYER_TSG_TLS) { tsg_set_blocking_mode(transport->tsg, blocking); } diff --git a/libfreerdp/core/transport.h b/libfreerdp/core/transport.h index ce3a35417..decc96dea 100644 --- a/libfreerdp/core/transport.h +++ b/libfreerdp/core/transport.h @@ -59,6 +59,7 @@ struct rdp_transport rdpTcp* TcpOut; rdpTls* TlsIn; rdpTls* TlsOut; + rdpTls* TsgTls; rdpCredssp* credssp; rdpSettings* settings; UINT32 SleepInterval; diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index e5c496b40..324e00acf 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -99,8 +99,6 @@ SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert) static void tls_ssl_info_callback(const SSL* ssl, int type, int val) { - printf("tls_ssl_info_callback: type: %d val: %d\n"); - if (type & SSL_CB_HANDSHAKE_START) {