From e9787c7a9dd8bab49ae6d784f10d3619480e8abb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= Date: Fri, 11 Oct 2013 02:10:02 -0400 Subject: [PATCH 01/13] libfreerdp-core: minor TS Gateway fixes --- client/common/file.c | 4 ++++ libfreerdp/core/gateway/rpc_client.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/client/common/file.c b/client/common/file.c index fecfe54c2..769108e35 100644 --- a/client/common/file.c +++ b/client/common/file.c @@ -832,6 +832,10 @@ BOOL freerdp_client_populate_settings_from_rdp_file(rdpFile* file, rdpSettings* if (file->GatewayUsageMethod == TSC_PROXY_MODE_DIRECT) freerdp_set_param_bool(settings, FreeRDP_GatewayEnabled, TRUE); + else if (file->GatewayUsageMethod == TSC_PROXY_MODE_DETECT) + freerdp_set_param_bool(settings, FreeRDP_GatewayEnabled, TRUE); + else if (file->GatewayUsageMethod == TSC_PROXY_MODE_DEFAULT) + freerdp_set_param_bool(settings, FreeRDP_GatewayEnabled, TRUE); else if (file->GatewayUsageMethod == TSC_PROXY_MODE_NONE_DETECT) freerdp_set_param_bool(settings, FreeRDP_GatewayEnabled, FALSE); } diff --git a/libfreerdp/core/gateway/rpc_client.c b/libfreerdp/core/gateway/rpc_client.c index f58a7db2c..502ea9dad 100644 --- a/libfreerdp/core/gateway/rpc_client.c +++ b/libfreerdp/core/gateway/rpc_client.c @@ -161,7 +161,7 @@ int rpc_client_on_fragment_received_event(rdpRpc* rpc) if (StubLength == 4) { //fprintf(stderr, "Ignoring TsProxySendToServer Response\n"); - printf("Got stub length 4 with flags %d and callid %d\n", header->common.pfc_flags, header->common.call_id); + //printf("Got stub length 4 with flags %d and callid %d\n", header->common.pfc_flags, header->common.call_id); /* received a disconnect request from the server? */ if ((header->common.call_id == rpc->PipeCallId) && (header->common.pfc_flags & PFC_LAST_FRAG)) From bd6760bd136b85a2c44ef0145a3d9dac4a688f96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= Date: Fri, 11 Oct 2013 06:12:50 -0400 Subject: [PATCH 02/13] libfreerdp-core: start implement TSG OpenSSL BIO --- include/freerdp/crypto/tls.h | 3 + libfreerdp/core/transport.c | 104 +++++++++++++++++++++++++++++++++++ libfreerdp/core/transport.h | 1 + libfreerdp/crypto/tls.c | 27 +++++++-- 4 files changed, 130 insertions(+), 5 deletions(-) diff --git a/include/freerdp/crypto/tls.h b/include/freerdp/crypto/tls.h index 7e9aca995..a18597308 100644 --- a/include/freerdp/crypto/tls.h +++ b/include/freerdp/crypto/tls.h @@ -39,9 +39,12 @@ typedef struct rdp_tls rdpTls; struct rdp_tls { SSL* ssl; + BIO* bio; + void* tsg; int sockfd; SSL_CTX* ctx; BYTE* PublicKey; + BIO_METHOD* methods; DWORD PublicKeyLength; rdpSettings* settings; SecPkgContext_Bindings* Bindings; diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index e06e92893..fb3c013d8 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -104,10 +104,114 @@ BOOL transport_connect_rdp(rdpTransport* transport) return TRUE; } +static int transport_bio_tsg_write(BIO* bio, const char* buf, int num) +{ + printf("transport_bio_tsg_write: %d\n", num); + + tsg_write((rdpTsg*) bio->ptr, (BYTE*) buf, num); + BIO_clear_retry_flags(bio); + + return num; +} + +static int transport_bio_tsg_read(BIO* bio, char* buf, int size) +{ + printf("transport_bio_tsg_read: %d\n", size); + + BIO_clear_retry_flags(bio); + + return 1; +} + +static int transport_bio_tsg_puts(BIO* bio, const char* str) +{ + printf("transport_bio_tsg_puts: %d\n", strlen(str)); + return 1; +} + +static int transport_bio_tsg_gets(BIO* bio, char* str, int size) +{ + printf("transport_bio_tsg_gets: %d\n", size); + return 1; +} + +static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) +{ + printf("transport_bio_tsg_puts: cmd: %d arg1: %d arg2: %p\n", cmd, arg1, arg2); + return 1; +} + +static int transport_bio_tsg_new(BIO* bio) +{ + printf("transport_bio_tsg_new\n"); + + bio->init = 1; + bio->num = 0; + bio->ptr = NULL; + bio->flags = 0; + + return 1; +} + +static int transport_bio_tsg_free(BIO* bio) +{ + printf("transport_bio_tsg_free\n"); + return 1; +} + +#define BIO_TYPE_TSG 65 + +static BIO_METHOD transport_bio_tsg_methods = +{ + BIO_TYPE_TSG, + "TSGateway", + transport_bio_tsg_write, + transport_bio_tsg_read, + transport_bio_tsg_puts, + transport_bio_tsg_gets, + transport_bio_tsg_ctrl, + transport_bio_tsg_new, + transport_bio_tsg_free, + NULL, +}; + +BIO_METHOD* BIO_s_tsg(void) +{ + return &transport_bio_tsg_methods; +} + BOOL transport_connect_tls(rdpTransport* transport) { if (transport->layer == TRANSPORT_LAYER_TSG) + { + if (!transport->TlsIn) + transport->TlsIn = tls_new(transport->settings); + + if (!transport->TlsOut) + transport->TlsOut = transport->TlsIn; + + transport->TlsIn->methods = BIO_s_tsg(); + transport->TlsIn->tsg = (void*) transport->tsg; + + transport->layer = TRANSPORT_LAYER_TLS; + + if (tls_connect(transport->TlsIn) != TRUE) + { + if (!connectErrorCode) + connectErrorCode = TLSCONNECTERROR; + + tls_free(transport->TlsIn); + + if (transport->TlsIn == transport->TlsOut) + transport->TlsIn = transport->TlsOut = NULL; + else + transport->TlsIn = NULL; + + return FALSE; + } + return TRUE; + } if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); diff --git a/libfreerdp/core/transport.h b/libfreerdp/core/transport.h index bb573b6eb..821ab37fd 100644 --- a/libfreerdp/core/transport.h +++ b/libfreerdp/core/transport.h @@ -25,6 +25,7 @@ typedef enum TRANSPORT_LAYER_TCP, TRANSPORT_LAYER_TLS, TRANSPORT_LAYER_TSG, + TRANSPORT_LAYER_TSG_TLS, TRANSPORT_LAYER_CLOSED } TRANSPORT_LAYER; diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index 3e089e418..7b58645b6 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -106,7 +106,7 @@ BOOL tls_connect(rdpTls* tls) tls->ctx = SSL_CTX_new(TLSv1_client_method()); - if (tls->ctx == NULL) + if (!tls->ctx) { fprintf(stderr, "SSL_CTX_new failed\n"); return FALSE; @@ -147,16 +147,33 @@ BOOL tls_connect(rdpTls* tls) tls->ssl = SSL_new(tls->ctx); - if (tls->ssl == NULL) + if (!tls->ssl) { fprintf(stderr, "SSL_new failed\n"); return FALSE; } - if (SSL_set_fd(tls->ssl, tls->sockfd) < 1) + if (tls->tsg) { - fprintf(stderr, "SSL_set_fd failed\n"); - return FALSE; + tls->bio = BIO_new(tls->methods); + + if (!tls->bio) + { + fprintf(stderr, "BIO_new failed\n"); + return FALSE; + } + + tls->bio->ptr = tls->tsg; + + SSL_set_bio(tls->ssl, tls->bio, tls->bio); + } + else + { + if (SSL_set_fd(tls->ssl, tls->sockfd) < 1) + { + fprintf(stderr, "SSL_set_fd failed\n"); + return FALSE; + } } connection_status = SSL_connect(tls->ssl); From b5dd670e73d17132326e1088a7ab38d53d910ed8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Moreau?= Date: Fri, 11 Oct 2013 15:27:22 -0400 Subject: [PATCH 03/13] libfreerdp-core: extend OpenSSL TSG BIO --- libfreerdp/core/transport.c | 39 ++++++++++++++++++++++++++++++++++--- libfreerdp/crypto/tls.c | 12 ++++++++++++ 2 files changed, 48 insertions(+), 3 deletions(-) diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index fb3c013d8..862489c0d 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -104,23 +104,56 @@ BOOL transport_connect_rdp(rdpTransport* transport) return TRUE; } +long transport_bio_tsg_callback(BIO* bio, int mode, const char* argp, int argi, long argl, long ret) +{ + printf("transport_bio_tsg_callback: mode: %d argp: %p argi: %d argl: %d ret: %d\n", + mode, argp, argi, argl, ret); + + return 1; +} + static int transport_bio_tsg_write(BIO* bio, const char* buf, int num) { + int status; + rdpTsg* tsg; + printf("transport_bio_tsg_write: %d\n", num); - tsg_write((rdpTsg*) bio->ptr, (BYTE*) buf, num); + tsg = (rdpTsg*) bio->ptr; + status = tsg_write(tsg, (BYTE*) buf, num); + + printf("tsg_write: %d\n", status); + BIO_clear_retry_flags(bio); + if (status <= 0) + { + BIO_set_retry_write(bio); + } + return num; } static int transport_bio_tsg_read(BIO* bio, char* buf, int size) { + int status; + rdpTsg* tsg; + printf("transport_bio_tsg_read: %d\n", size); + tsg = (rdpTsg*) bio->ptr; + status = tsg_read(bio->ptr, (BYTE*) buf, size); + + printf("tsg_read: %d\n", status); + BIO_clear_retry_flags(bio); - return 1; + if (status <= 0) + { + BIO_set_retry_read(bio); + } + + return status; } static int transport_bio_tsg_puts(BIO* bio, const char* str) @@ -137,7 +170,7 @@ static int transport_bio_tsg_gets(BIO* bio, char* str, int size) static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) { - printf("transport_bio_tsg_puts: cmd: %d arg1: %d arg2: %p\n", cmd, arg1, arg2); + printf("transport_bio_tsg_ctrl: cmd: %d arg1: %d arg2: %p\n", cmd, arg1, arg2); return 1; } diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index 7b58645b6..e5d20c61d 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -97,6 +97,16 @@ SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert) return ContextBindings; } +static void tls_ssl_info_callback(const SSL* ssl, int type, int val) +{ + printf("tls_ssl_info_callback: type: %d val: %d\n"); + + if (type & SSL_CB_HANDSHAKE_START) + { + + } +} + BOOL tls_connect(rdpTls* tls) { CryptoCert cert; @@ -166,6 +176,8 @@ BOOL tls_connect(rdpTls* tls) tls->bio->ptr = tls->tsg; SSL_set_bio(tls->ssl, tls->bio, tls->bio); + + SSL_CTX_set_info_callback(tls->ctx, tls_ssl_info_callback); } else { From eb25e45149c640a4dd650c28e4008c562ca736df Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Thu, 24 Oct 2013 12:13:41 -0600 Subject: [PATCH 04/13] TLS over TLS maybe working. --- libfreerdp/core/connection.c | 4 ++-- libfreerdp/core/gateway/rpc.c | 2 ++ libfreerdp/core/gateway/rpc_client.c | 2 ++ libfreerdp/core/transport.c | 30 ++++++++++++++-------------- libfreerdp/core/transport.h | 1 + 5 files changed, 22 insertions(+), 17 deletions(-) diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 2e2de425f..36aa0234d 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -211,11 +211,11 @@ BOOL rdp_client_connect(rdpRdp* rdp) free(cookie); settings->RdpSecurity = TRUE; - settings->TlsSecurity = FALSE; +/* settings->TlsSecurity = FALSE; */ settings->NlaSecurity = FALSE; settings->ExtSecurity = FALSE; - //settings->TlsSecurity = TRUE; + settings->TlsSecurity = TRUE; //settings->NlaSecurity = TRUE; } else diff --git a/libfreerdp/core/gateway/rpc.c b/libfreerdp/core/gateway/rpc.c index ae024cd9e..43485df84 100644 --- a/libfreerdp/core/gateway/rpc.c +++ b/libfreerdp/core/gateway/rpc.c @@ -335,10 +335,12 @@ int rpc_in_write(rdpRpc* rpc, BYTE* data, int length) int status; #ifdef WITH_DEBUG_TSG + /* fprintf(stderr, "Sending PDU (length: %d)\n", length); rpc_pdu_header_print((rpcconn_hdr_t*) data); winpr_HexDump(data, length); fprintf(stderr, "\n"); + */ #endif status = tls_write_all(rpc->TlsIn, data, length); diff --git a/libfreerdp/core/gateway/rpc_client.c b/libfreerdp/core/gateway/rpc_client.c index 502ea9dad..b9ce57122 100644 --- a/libfreerdp/core/gateway/rpc_client.c +++ b/libfreerdp/core/gateway/rpc_client.c @@ -432,12 +432,14 @@ RPC_PDU* rpc_recv_dequeue_pdu(rdpRpc* rpc) pdu = (RPC_PDU*) Queue_Dequeue(rpc->client->ReceiveQueue); #ifdef WITH_DEBUG_TSG + /* if (pdu) { fprintf(stderr, "Receiving PDU (length: %d, CallId: %d)\n", pdu->s->length, pdu->CallId); winpr_HexDump(Stream_Buffer(pdu->s), Stream_Length(pdu->s)); fprintf(stderr, "\n"); } + */ #endif return pdu; diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 862489c0d..079f989c0 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -171,7 +171,10 @@ static int transport_bio_tsg_gets(BIO* bio, char* str, int size) static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) { printf("transport_bio_tsg_ctrl: cmd: %d arg1: %d arg2: %p\n", cmd, arg1, arg2); - return 1; + if(cmd == BIO_CTRL_FLUSH) { + return 1; + } + return 0; } static int transport_bio_tsg_new(BIO* bio) @@ -217,28 +220,21 @@ BOOL transport_connect_tls(rdpTransport* transport) { if (transport->layer == TRANSPORT_LAYER_TSG) { - if (!transport->TlsIn) - transport->TlsIn = tls_new(transport->settings); + transport->TsgTls = tls_new(transport->settings); - if (!transport->TlsOut) - transport->TlsOut = transport->TlsIn; + transport->TsgTls->methods = BIO_s_tsg(); + transport->TsgTls->tsg = (void*) transport->tsg; - transport->TlsIn->methods = BIO_s_tsg(); - transport->TlsIn->tsg = (void*) transport->tsg; + transport->layer = TRANSPORT_LAYER_TSG_TLS; - transport->layer = TRANSPORT_LAYER_TLS; - - if (tls_connect(transport->TlsIn) != TRUE) + if (tls_connect(transport->TsgTls) != TRUE) { if (!connectErrorCode) connectErrorCode = TLSCONNECTERROR; - tls_free(transport->TlsIn); + tls_free(transport->TsgTls); - if (transport->TlsIn == transport->TlsOut) - transport->TlsIn = transport->TlsOut = NULL; - else - transport->TlsIn = NULL; + transport->TsgTls = NULL; return FALSE; } @@ -522,6 +518,8 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) status = tcp_read(transport->TcpIn, data + read, bytes - read); else if (transport->layer == TRANSPORT_LAYER_TSG) status = tsg_read(transport->tsg, data + read, bytes - read); + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) + status = tls_read(transport->TsgTls, data + read, bytes - read); /* blocking means that we can't continue until this is read */ @@ -677,6 +675,8 @@ int transport_write(rdpTransport* transport, wStream* s) status = tcp_write(transport->TcpOut, Stream_Pointer(s), length); else if (transport->layer == TRANSPORT_LAYER_TSG) status = tsg_write(transport->tsg, Stream_Pointer(s), length); + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) + status = tls_write(transport->TsgTls, Stream_Pointer(s), length); if (status < 0) break; /* error occurred */ diff --git a/libfreerdp/core/transport.h b/libfreerdp/core/transport.h index 821ab37fd..235e5b3e5 100644 --- a/libfreerdp/core/transport.h +++ b/libfreerdp/core/transport.h @@ -58,6 +58,7 @@ struct rdp_transport rdpTcp* TcpOut; rdpTls* TlsIn; rdpTls* TlsOut; + rdpTls* TsgTls; rdpCredssp* credssp; rdpSettings* settings; UINT32 SleepInterval; From db890d9bf2c52402173b89a59360e69df3a9c053 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Thu, 24 Oct 2013 12:31:28 -0600 Subject: [PATCH 05/13] TLS over TLS baseline functionality. TLS over TLS works and we get screen drawing and server interaction. Network traffic flows in spurts with frequent apparent hangups. --- libfreerdp/core/connection.c | 4 +--- libfreerdp/core/transport.c | 22 +++++++++++----------- 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 36aa0234d..2c3be5c9b 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -211,12 +211,10 @@ BOOL rdp_client_connect(rdpRdp* rdp) free(cookie); settings->RdpSecurity = TRUE; -/* settings->TlsSecurity = FALSE; */ + settings->TlsSecurity = TRUE; settings->NlaSecurity = FALSE; settings->ExtSecurity = FALSE; - settings->TlsSecurity = TRUE; - //settings->NlaSecurity = TRUE; } else { diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 079f989c0..375b57013 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -106,8 +106,8 @@ BOOL transport_connect_rdp(rdpTransport* transport) long transport_bio_tsg_callback(BIO* bio, int mode, const char* argp, int argi, long argl, long ret) { - printf("transport_bio_tsg_callback: mode: %d argp: %p argi: %d argl: %d ret: %d\n", - mode, argp, argi, argl, ret); +/* printf("transport_bio_tsg_callback: mode: %d argp: %p argi: %d argl: %d ret: %d\n", */ +/* mode, argp, argi, argl, ret); */ return 1; } @@ -117,12 +117,12 @@ static int transport_bio_tsg_write(BIO* bio, const char* buf, int num) int status; rdpTsg* tsg; - printf("transport_bio_tsg_write: %d\n", num); +/* printf("transport_bio_tsg_write: %d\n", num); */ tsg = (rdpTsg*) bio->ptr; status = tsg_write(tsg, (BYTE*) buf, num); - printf("tsg_write: %d\n", status); +/* printf("tsg_write: %d\n", status); */ BIO_clear_retry_flags(bio); @@ -139,12 +139,12 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, int size) int status; rdpTsg* tsg; - printf("transport_bio_tsg_read: %d\n", size); +/* printf("transport_bio_tsg_read: %d\n", size); */ tsg = (rdpTsg*) bio->ptr; status = tsg_read(bio->ptr, (BYTE*) buf, size); - printf("tsg_read: %d\n", status); +/* printf("tsg_read: %d\n", status); */ BIO_clear_retry_flags(bio); @@ -158,19 +158,19 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, int size) static int transport_bio_tsg_puts(BIO* bio, const char* str) { - printf("transport_bio_tsg_puts: %d\n", strlen(str)); +/* printf("transport_bio_tsg_puts: %d\n", strlen(str)); */ return 1; } static int transport_bio_tsg_gets(BIO* bio, char* str, int size) { - printf("transport_bio_tsg_gets: %d\n", size); +/* printf("transport_bio_tsg_gets: %d\n", size); */ return 1; } static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) { - printf("transport_bio_tsg_ctrl: cmd: %d arg1: %d arg2: %p\n", cmd, arg1, arg2); +/* printf("transport_bio_tsg_ctrl: cmd: %d arg1: %d arg2: %p\n", cmd, arg1, arg2); */ if(cmd == BIO_CTRL_FLUSH) { return 1; } @@ -179,7 +179,7 @@ static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) static int transport_bio_tsg_new(BIO* bio) { - printf("transport_bio_tsg_new\n"); +/* printf("transport_bio_tsg_new\n"); */ bio->init = 1; bio->num = 0; @@ -191,7 +191,7 @@ static int transport_bio_tsg_new(BIO* bio) static int transport_bio_tsg_free(BIO* bio) { - printf("transport_bio_tsg_free\n"); +/* printf("transport_bio_tsg_free\n"); */ return 1; } From f13c8a0be70ed1a0d7f27f2ce4ec497e64682945 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Fri, 25 Oct 2013 10:43:21 -0600 Subject: [PATCH 06/13] Logging --- include/freerdp/crypto/tls.h | 1 + libfreerdp/core/transport.c | 65 +++++++++++++++++++++++++++++++----- libfreerdp/crypto/tls.c | 12 ++++++- lwd.h | 22 ++++++++++++ 4 files changed, 91 insertions(+), 9 deletions(-) create mode 100644 lwd.h diff --git a/include/freerdp/crypto/tls.h b/include/freerdp/crypto/tls.h index a18597308..c65af3529 100644 --- a/include/freerdp/crypto/tls.h +++ b/include/freerdp/crypto/tls.h @@ -49,6 +49,7 @@ struct rdp_tls rdpSettings* settings; SecPkgContext_Bindings* Bindings; rdpCertificateStore* certificate_store; + char desc[20]; }; FREERDP_API BOOL tls_connect(rdpTls* tls); diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 375b57013..c8eb3cc18 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -49,6 +49,8 @@ #define BUFFER_SIZE 16384 +#include "lwd.h" + static void* transport_client_thread(void* arg); wStream* transport_send_stream_init(rdpTransport* transport, int size) @@ -221,6 +223,7 @@ BOOL transport_connect_tls(rdpTransport* transport) if (transport->layer == TRANSPORT_LAYER_TSG) { transport->TsgTls = tls_new(transport->settings); + sprintf(transport->TsgTls->desc, "TsgTls"); transport->TsgTls->methods = BIO_s_tsg(); transport->TsgTls->tsg = (void*) transport->tsg; @@ -242,8 +245,10 @@ BOOL transport_connect_tls(rdpTransport* transport) return TRUE; } - if (transport->TlsIn == NULL) + if (transport->TlsIn == NULL) { transport->TlsIn = tls_new(transport->settings); + sprintf(transport->TlsIn->desc, "TlsIn"); + } if (transport->TlsOut == NULL) transport->TlsOut = transport->TlsIn; @@ -317,13 +322,17 @@ BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16 transport->tsg = tsg; transport->SplitInputOutput = TRUE; - if (transport->TlsIn == NULL) + if (transport->TlsIn == NULL) { transport->TlsIn = tls_new(transport->settings); + sprintf(transport->TlsIn->desc, "TlsIn"); + } transport->TlsIn->sockfd = transport->TcpIn->sockfd; - if (transport->TlsOut == NULL) + if (transport->TlsOut == NULL) { transport->TlsOut = tls_new(transport->settings); + sprintf(transport->TlsOut->desc, "TlsOut"); + } transport->TlsOut->sockfd = transport->TcpOut->sockfd; @@ -387,8 +396,10 @@ BOOL transport_accept_rdp(rdpTransport* transport) BOOL transport_accept_tls(rdpTransport* transport) { - if (transport->TlsIn == NULL) + if (transport->TlsIn == NULL) { transport->TlsIn = tls_new(transport->settings); + sprintf(transport->TlsIn->desc, "TlsIn"); + } if (transport->TlsOut == NULL) transport->TlsOut = transport->TlsIn; @@ -410,8 +421,10 @@ BOOL transport_accept_nla(rdpTransport* transport) if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); - if (transport->TlsOut == NULL) + if (transport->TlsOut == NULL) { transport->TlsOut = transport->TlsIn; + sprintf(transport->TlsIn->desc, "TlsIn"); + } transport->layer = TRANSPORT_LAYER_TLS; transport->TlsIn->sockfd = transport->TcpIn->sockfd; @@ -509,9 +522,21 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) { int read = 0; int status = -1; + char *layer = "UNKNOWN"; + + if (transport->layer == TRANSPORT_LAYER_TLS) + layer = "TLS"; + else if (transport->layer == TRANSPORT_LAYER_TCP) + layer = "TCP"; + else if (transport->layer == TRANSPORT_LAYER_TSG) + layer = "TSG"; + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) + layer = "TSG_TLS"; while (read < bytes) { + LWD("layer %s bytes %d read %d", layer, bytes, read); + if (transport->layer == TRANSPORT_LAYER_TLS) status = tls_read(transport->TlsIn, data + read, bytes - read); else if (transport->layer == TRANSPORT_LAYER_TCP) @@ -523,11 +548,15 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) /* blocking means that we can't continue until this is read */ - if (!transport->blocking) + if (!transport->blocking) { + LWD("layer %s return %d not blocking", layer, status); return status; + } - if (status < 0) + if (status < 0) { + LWD("layer %s return %d negative status", layer, status); return status; + } read += status; @@ -541,6 +570,7 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) } } + LWD("layer %s return %d normal", layer, status); return read; } @@ -653,6 +683,7 @@ int transport_write(rdpTransport* transport, wStream* s) { int length; int status = -1; + char *layer = "UNKNOWN"; WaitForSingleObject(transport->WriteMutex, INFINITE); @@ -667,8 +698,19 @@ int transport_write(rdpTransport* transport, wStream* s) } #endif + if (transport->layer == TRANSPORT_LAYER_TLS) + layer = "TLS"; + else if (transport->layer == TRANSPORT_LAYER_TCP) + layer = "TCP"; + else if (transport->layer == TRANSPORT_LAYER_TSG) + layer = "TSG"; + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) + layer = "TSG_TLS"; + while (length > 0) { + LWD("layer %s length %d", layer, length); + if (transport->layer == TRANSPORT_LAYER_TLS) status = tls_write(transport->TlsOut, Stream_Pointer(s), length); else if (transport->layer == TRANSPORT_LAYER_TCP) @@ -678,11 +720,15 @@ int transport_write(rdpTransport* transport, wStream* s) else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) status = tls_write(transport->TsgTls, Stream_Pointer(s), length); - if (status < 0) + if (status < 0) { + LWD("layer %s length %d break %d negative status", + layer, length, status); break; /* error occurred */ + } if (status == 0) { + LWD("layer %s status 0", layer); /* when sending is blocked in nonblocking mode, the receiving buffer should be checked */ if (!transport->blocking) { @@ -695,6 +741,8 @@ int transport_write(rdpTransport* transport, wStream* s) tls_wait_write(transport->TlsOut); else if (transport->layer == TRANSPORT_LAYER_TCP) tcp_wait_write(transport->TcpOut); + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) + tls_wait_write(transport->TsgTls); else USleep(transport->SleepInterval); } @@ -714,6 +762,7 @@ int transport_write(rdpTransport* transport, wStream* s) ReleaseMutex(transport->WriteMutex); + LWD("layer %s return %d", layer, status); return status; } diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index e5d20c61d..031ef12f5 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -31,6 +31,8 @@ #include +#include + static CryptoCert tls_get_certificate(rdpTls* tls, BOOL peer) { CryptoCert cert; @@ -99,7 +101,7 @@ SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert) static void tls_ssl_info_callback(const SSL* ssl, int type, int val) { - printf("tls_ssl_info_callback: type: %d val: %d\n"); +/* printf("tls_ssl_info_callback: type: %d val: %d\n", type, val); */ if (type & SSL_CB_HANDSHAKE_START) { @@ -373,6 +375,8 @@ int tls_read(rdpTls* tls, BYTE* data, int length) int error; int status; + LWD("length %d", length); + status = SSL_read(tls->ssl, data, length); if (status <= 0) @@ -411,6 +415,8 @@ int tls_read(rdpTls* tls, BYTE* data, int length) } } + LWD("ret %d", status); + return status; } @@ -434,6 +440,8 @@ int tls_write(rdpTls* tls, BYTE* data, int length) int error; int status; + LWD("length %d", length); + status = SSL_write(tls->ssl, data, length); if (status <= 0) @@ -471,6 +479,8 @@ int tls_write(rdpTls* tls, BYTE* data, int length) } } + LWD("ret %d", status); + return status; } diff --git a/lwd.h b/lwd.h new file mode 100644 index 000000000..16fdb84de --- /dev/null +++ b/lwd.h @@ -0,0 +1,22 @@ + +#ifndef __LWD_H__ +#define __LWD_H__ + +#include +#include +#include + +#define LWD(fmt, ...) do { \ + time_t tod = time(NULL); \ + char buf[25]; \ + struct tm* tm_info = localtime(&tod); \ + strftime(buf, 25, "%Y:%m:%d %H:%M:%S", tm_info); \ + fprintf(stderr, "%s [%s] ", __FUNCTION__, buf); \ + fprintf(stderr, fmt, ## __VA_ARGS__); \ + fprintf(stderr, "\n"); \ + fflush(stderr); \ + } while( 0 ) + + + +#endif From cefcac34146f88f8f6d54ace864abc6034c7385b Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Fri, 25 Oct 2013 15:29:46 -0600 Subject: [PATCH 07/13] more debug --- client/X11/cli/xfreerdp.c | 2 ++ libfreerdp/core/gateway/rpc.c | 20 ++++++++++++++++++ libfreerdp/core/transport.c | 38 ++++++++++++++++++++++++++++++----- libfreerdp/crypto/tls.c | 8 ++++---- lwd.h | 7 +++---- 5 files changed, 62 insertions(+), 13 deletions(-) diff --git a/client/X11/cli/xfreerdp.c b/client/X11/cli/xfreerdp.c index 8e39158c2..dcaf5dbfd 100644 --- a/client/X11/cli/xfreerdp.c +++ b/client/X11/cli/xfreerdp.c @@ -42,6 +42,8 @@ int main(int argc, char* argv[]) rdpSettings* settings; RDP_CLIENT_ENTRY_POINTS clientEntryPoints; + setvbuf(stderr, NULL, _IONBF, 0); + ZeroMemory(&clientEntryPoints, sizeof(RDP_CLIENT_ENTRY_POINTS)); clientEntryPoints.Size = sizeof(RDP_CLIENT_ENTRY_POINTS); clientEntryPoints.Version = RDP_CLIENT_INTERFACE_VERSION; diff --git a/libfreerdp/core/gateway/rpc.c b/libfreerdp/core/gateway/rpc.c index 43485df84..56fa9489d 100644 --- a/libfreerdp/core/gateway/rpc.c +++ b/libfreerdp/core/gateway/rpc.c @@ -43,6 +43,8 @@ #include "rpc.h" +#include "lwd.h" + /* Security Verification Trailer Signature */ rpc_sec_verification_trailer RPC_SEC_VERIFICATION_TRAILER = @@ -316,8 +318,12 @@ int rpc_out_read(rdpRpc* rpc, BYTE* data, int length) { int status; + LWD("len %d", length); + status = tls_read(rpc->TlsOut, data, length); + LWD("status %d", status); + return status; } @@ -325,8 +331,12 @@ int rpc_out_write(rdpRpc* rpc, BYTE* data, int length) { int status; + LWD("len %d", length); + status = tls_write_all(rpc->TlsOut, data, length); + LWD("status %d", status); + return status; } @@ -342,9 +352,13 @@ int rpc_in_write(rdpRpc* rpc, BYTE* data, int length) fprintf(stderr, "\n"); */ #endif + + LWD("len %d", length); status = tls_write_all(rpc->TlsIn, data, length); + LWD("status %d", status); + return status; } @@ -362,9 +376,12 @@ int rpc_write(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum) ntlm = rpc->ntlm; + LWD("len %d", length); + if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK) { fprintf(stderr, "QueryContextAttributes SECPKG_ATTR_SIZES failure\n"); + LWD("status -1 query context"); return -1; } @@ -436,6 +453,7 @@ int rpc_write(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum) { fprintf(stderr, "EncryptMessage status: 0x%08X\n", encrypt_status); free(request_pdu); + LWD("status -1 encrypt_status fail"); return -1; } @@ -446,6 +464,8 @@ int rpc_write(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum) rpc_send_enqueue_pdu(rpc, buffer, request_pdu->frag_length); free(request_pdu); + LWD("status %d", length); + return length; } diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index c8eb3cc18..d8976bf87 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -223,6 +223,7 @@ BOOL transport_connect_tls(rdpTransport* transport) if (transport->layer == TRANSPORT_LAYER_TSG) { transport->TsgTls = tls_new(transport->settings); + LWD("create TsgTls"); sprintf(transport->TsgTls->desc, "TsgTls"); transport->TsgTls->methods = BIO_s_tsg(); @@ -247,6 +248,7 @@ BOOL transport_connect_tls(rdpTransport* transport) if (transport->TlsIn == NULL) { transport->TlsIn = tls_new(transport->settings); + LWD("create TlsIn"); sprintf(transport->TlsIn->desc, "TlsIn"); } @@ -324,6 +326,7 @@ BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16 if (transport->TlsIn == NULL) { transport->TlsIn = tls_new(transport->settings); + LWD("create TlsIn"); sprintf(transport->TlsIn->desc, "TlsIn"); } @@ -331,6 +334,7 @@ BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16 if (transport->TlsOut == NULL) { transport->TlsOut = tls_new(transport->settings); + LWD("create TlsOut"); sprintf(transport->TlsOut->desc, "TlsOut"); } @@ -398,6 +402,7 @@ BOOL transport_accept_tls(rdpTransport* transport) { if (transport->TlsIn == NULL) { transport->TlsIn = tls_new(transport->settings); + LWD("create TlsIn"); sprintf(transport->TlsIn->desc, "TlsIn"); } @@ -418,13 +423,14 @@ BOOL transport_accept_nla(rdpTransport* transport) freerdp* instance; rdpSettings* settings; - if (transport->TlsIn == NULL) + if (transport->TlsIn == NULL) { transport->TlsIn = tls_new(transport->settings); - - if (transport->TlsOut == NULL) { - transport->TlsOut = transport->TlsIn; + LWD("create TlsIn"); sprintf(transport->TlsIn->desc, "TlsIn"); } + + if (transport->TlsOut == NULL) + transport->TlsOut = transport->TlsIn; transport->layer = TRANSPORT_LAYER_TLS; transport->TlsIn->sockfd = transport->TcpIn->sockfd; @@ -518,6 +524,24 @@ UINT32 nla_header_length(wStream* s) return length; } +char *want(rdpTls *tls) +{ + int what = SSL_want(tls->ssl); + switch(what) + { + case SSL_NOTHING: + return "NOTHING"; + case SSL_WRITING: + return "WRITING"; + case SSL_READING: + return "READING"; + case SSL_X509_LOOKUP: + return "X509_LOOKUP"; + default: + return "UNKNOWN"; + } +} + int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) { int read = 0; @@ -543,8 +567,12 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) status = tcp_read(transport->TcpIn, data + read, bytes - read); else if (transport->layer == TRANSPORT_LAYER_TSG) status = tsg_read(transport->tsg, data + read, bytes - read); - else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) + else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) { + LWD("TlsIn SSL pending %d want %s", SSL_pending(transport->TlsIn->ssl), want(transport->TlsIn)); + LWD("TlsOut SSL pending %d want %s", SSL_pending(transport->TlsOut->ssl), want(transport->TlsOut)); + LWD("TsgTls SSL pending %d want %s", SSL_pending(transport->TsgTls->ssl), want(transport->TsgTls)); status = tls_read(transport->TsgTls, data + read, bytes - read); + } /* blocking means that we can't continue until this is read */ diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index 031ef12f5..d2d8d7d1d 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -375,7 +375,7 @@ int tls_read(rdpTls* tls, BYTE* data, int length) int error; int status; - LWD("length %d", length); + LWD("tls %s length %d", tls->desc, length); status = SSL_read(tls->ssl, data, length); @@ -415,7 +415,7 @@ int tls_read(rdpTls* tls, BYTE* data, int length) } } - LWD("ret %d", status); + LWD("tls %s ret %d", tls->desc, status); return status; } @@ -440,7 +440,7 @@ int tls_write(rdpTls* tls, BYTE* data, int length) int error; int status; - LWD("length %d", length); + LWD("tls %s length %d", tls->desc, length); status = SSL_write(tls->ssl, data, length); @@ -479,7 +479,7 @@ int tls_write(rdpTls* tls, BYTE* data, int length) } } - LWD("ret %d", status); + LWD("tls %s ret %d", tls->desc, status); return status; } diff --git a/lwd.h b/lwd.h index 16fdb84de..c62eb07f0 100644 --- a/lwd.h +++ b/lwd.h @@ -10,13 +10,12 @@ time_t tod = time(NULL); \ char buf[25]; \ struct tm* tm_info = localtime(&tod); \ - strftime(buf, 25, "%Y:%m:%d %H:%M:%S", tm_info); \ - fprintf(stderr, "%s [%s] ", __FUNCTION__, buf); \ + strftime(buf, 25, "%H:%M:%S", tm_info); \ + fprintf(stderr, "%20.20s [%s] ", __FUNCTION__, buf); \ fprintf(stderr, fmt, ## __VA_ARGS__); \ fprintf(stderr, "\n"); \ - fflush(stderr); \ } while( 0 ) - +// fflush(stderr); #endif From 426dc2cf840593a23b6e7169ee4cea101ae28dd2 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Fri, 25 Oct 2013 17:17:36 -0600 Subject: [PATCH 08/13] fix blocking issues. Full TLS over TLS. --- libfreerdp/core/transport.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index d8976bf87..1554cdd98 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -79,7 +79,7 @@ BOOL transport_disconnect(rdpTransport* transport) if (transport->layer == TRANSPORT_LAYER_TLS) status &= tls_disconnect(transport->TlsIn); - if (transport->layer == TRANSPORT_LAYER_TSG) + if (transport->layer == TRANSPORT_LAYER_TSG || transport->layer == TRANSPORT_LAYER_TSG_TLS) { tsg_disconnect(transport->tsg); } @@ -119,11 +119,15 @@ static int transport_bio_tsg_write(BIO* bio, const char* buf, int num) int status; rdpTsg* tsg; + LWD("len %d", num); + /* printf("transport_bio_tsg_write: %d\n", num); */ tsg = (rdpTsg*) bio->ptr; status = tsg_write(tsg, (BYTE*) buf, num); + LWD("status %d", status); + /* printf("tsg_write: %d\n", status); */ BIO_clear_retry_flags(bio); @@ -141,11 +145,15 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, int size) int status; rdpTsg* tsg; + LWD("len %d", size); + /* printf("transport_bio_tsg_read: %d\n", size); */ tsg = (rdpTsg*) bio->ptr; status = tsg_read(bio->ptr, (BYTE*) buf, size); + LWD("status %d", status); + /* printf("tsg_read: %d\n", status); */ BIO_clear_retry_flags(bio); @@ -155,7 +163,7 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, int size) BIO_set_retry_read(bio); } - return status; + return status > 0 ? status : -1; } static int transport_bio_tsg_puts(BIO* bio, const char* str) @@ -281,7 +289,7 @@ BOOL transport_connect_nla(rdpTransport* transport) freerdp* instance; rdpSettings* settings; - if (transport->layer == TRANSPORT_LAYER_TSG) + if (transport->layer == TRANSPORT_LAYER_TSG || transport->layer == TRANSPORT_LAYER_TSG_TLS) return TRUE; if (!transport_connect_tls(transport)) @@ -568,9 +576,11 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) else if (transport->layer == TRANSPORT_LAYER_TSG) status = tsg_read(transport->tsg, data + read, bytes - read); else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) { + /* LWD("TlsIn SSL pending %d want %s", SSL_pending(transport->TlsIn->ssl), want(transport->TlsIn)); LWD("TlsOut SSL pending %d want %s", SSL_pending(transport->TlsOut->ssl), want(transport->TlsOut)); - LWD("TsgTls SSL pending %d want %s", SSL_pending(transport->TsgTls->ssl), want(transport->TsgTls)); + LWD("TsgTls SSL pending %d want %s", SSL_pending(transport->TsgTls->ssl), want(transport->TlsIn)); + */ status = tls_read(transport->TsgTls, data + read, bytes - read); } @@ -998,7 +1008,7 @@ BOOL transport_set_blocking_mode(rdpTransport* transport, BOOL blocking) status &= tcp_set_blocking_mode(transport->TcpIn, blocking); } - if (transport->layer == TRANSPORT_LAYER_TSG) + if (transport->layer == TRANSPORT_LAYER_TSG || transport->layer == TRANSPORT_LAYER_TSG_TLS) { tsg_set_blocking_mode(transport->tsg, blocking); } From c025042d075d283a3177310640578d09515ca418 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Mon, 28 Oct 2013 14:39:10 -0600 Subject: [PATCH 09/13] NLA over TLS support Improve credssp transport layer handling, so that it works with the correct TLS object. --- libfreerdp/core/connection.c | 3 +++ libfreerdp/core/nla.c | 42 +++++++++++++++++++++++++++++++----- libfreerdp/core/transport.c | 2 ++ 3 files changed, 42 insertions(+), 5 deletions(-) diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 2c3be5c9b..01d3b5d08 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -210,10 +210,12 @@ BOOL rdp_client_connect(rdpRdp* rdp) nego_set_cookie(rdp->nego, cookie); free(cookie); + /* settings->RdpSecurity = TRUE; settings->TlsSecurity = TRUE; settings->NlaSecurity = FALSE; settings->ExtSecurity = FALSE; + */ } else @@ -272,6 +274,7 @@ BOOL rdp_client_connect(rdpRdp* rdp) { if (rdp_check_fds(rdp) < 0) return FALSE; + usleep(100); } return TRUE; diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index 2978a2a79..895540d3f 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -37,6 +37,7 @@ #include #include "nla.h" +#include "lwd.h" /** * TSRequest ::= SEQUENCE { @@ -137,8 +138,18 @@ int credssp_ntlm_client_init(rdpCredssp* credssp) (char*) credssp->identity.User, (char*) credssp->identity.Domain, (char*) credssp->identity.Password); #endif - sspi_SecBufferAlloc(&credssp->PublicKey, credssp->transport->TlsIn->PublicKeyLength); - CopyMemory(credssp->PublicKey.pvBuffer, credssp->transport->TlsIn->PublicKey, credssp->transport->TlsIn->PublicKeyLength); + rdpTls *tls = NULL; + if(credssp->transport->layer == TRANSPORT_LAYER_TLS) { + tls = credssp->transport->TlsIn; + } else if(credssp->transport->layer == TRANSPORT_LAYER_TSG_TLS) { + tls = credssp->transport->TsgTls; + } else { + fprintf(stderr, "Unknown NLA transport layer\n"); + return 0; + } + + sspi_SecBufferAlloc(&credssp->PublicKey, tls->PublicKeyLength); + CopyMemory(credssp->PublicKey.pvBuffer, tls->PublicKey, tls->PublicKeyLength); length = sizeof(TERMSRV_SPN_PREFIX) + strlen(settings->ServerHostname); @@ -191,10 +202,14 @@ int credssp_client_authenticate(rdpCredssp* credssp) BOOL have_input_buffer; BOOL have_pub_key_auth; + LWD(""); + sspi_GlobalInit(); - if (credssp_ntlm_client_init(credssp) == 0) + if (credssp_ntlm_client_init(credssp) == 0) { + LWD("ret 0 at init"); return 0; + } #ifdef WITH_NATIVE_SSPI { @@ -220,6 +235,7 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (status != SEC_E_OK) { fprintf(stderr, "QuerySecurityPackageInfo status: 0x%08X\n", status); + LWD("QSPI status 0x%X", status); return 0; } @@ -231,6 +247,7 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (status != SEC_E_OK) { fprintf(stderr, "AcquireCredentialsHandle status: 0x%08X\n", status); + LWD("ACH status 0x%X", status); return 0; } @@ -282,6 +299,7 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (credssp->table->QueryContextAttributes(&credssp->context, SECPKG_ATTR_SIZES, &credssp->ContextSizes) != SEC_E_OK) { fprintf(stderr, "QueryContextAttributes SECPKG_ATTR_SIZES failure\n"); + LWD("QCA fail ret 0"); return 0; } @@ -319,8 +337,10 @@ int credssp_client_authenticate(rdpCredssp* credssp) input_buffer_desc.pBuffers = &input_buffer; input_buffer.BufferType = SECBUFFER_TOKEN; - if (credssp_recv(credssp) < 0) + if (credssp_recv(credssp) < 0) { + LWD("credssp_recv ret -1 point 1"); return -1; + } #ifdef WITH_DEBUG_CREDSSP fprintf(stderr, "Receiving Authentication Token (%d)\n", (int) credssp->negoToken.cbBuffer); @@ -335,8 +355,10 @@ int credssp_client_authenticate(rdpCredssp* credssp) } /* Encrypted Public Key +1 */ - if (credssp_recv(credssp) < 0) + if (credssp_recv(credssp) < 0) { + LWD("credssp_recv ret -1 point 2"); return -1; + } /* Verify Server Public Key Echo */ @@ -346,6 +368,7 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (status != SEC_E_OK) { fprintf(stderr, "Could not verify public key echo!\n"); + LWD("verify fail public key ret -1"); return -1; } @@ -356,6 +379,7 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (status != SEC_E_OK) { fprintf(stderr, "credssp_encrypt_ts_credentials status: 0x%08X\n", status); + LWD("credssp encrypt ts cred ret 0"); return 0; } @@ -367,6 +391,7 @@ int credssp_client_authenticate(rdpCredssp* credssp) credssp->table->FreeCredentialsHandle(&credentials); credssp->table->FreeContextBuffer(pPackageInfo); + LWD("ret 1"); return 1; } @@ -1069,6 +1094,10 @@ void credssp_send(rdpCredssp* credssp) ts_request_length = credssp_sizeof_ts_request(length); + LWD("nego_len %d pub_len %d auth_len %d len %d ts_len %d", + nego_tokens_length, pub_key_auth_length, auth_info_length, + length, ts_request_length); + s = Stream_New(NULL, ber_sizeof_sequence(ts_request_length)); /* TSRequest */ @@ -1111,8 +1140,11 @@ void credssp_send(rdpCredssp* credssp) Stream_SealLength(s); + LWD("len %d", Stream_Length(s)); transport_write(credssp->transport, s); + winpr_HexDump(Stream_Buffer(s), Stream_Length(s)); + Stream_Free(s, TRUE); } diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 1554cdd98..7cce9faa0 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -289,8 +289,10 @@ BOOL transport_connect_nla(rdpTransport* transport) freerdp* instance; rdpSettings* settings; + /* if (transport->layer == TRANSPORT_LAYER_TSG || transport->layer == TRANSPORT_LAYER_TSG_TLS) return TRUE; + */ if (!transport_connect_tls(transport)) return FALSE; From a38c3ac794754f658f2cbbd307fc932e050fc4fb Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Mon, 28 Oct 2013 14:54:00 -0600 Subject: [PATCH 10/13] Debug message fix for DEBUG_NLA --- libfreerdp/core/nego.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libfreerdp/core/nego.c b/libfreerdp/core/nego.c index 2e97d059d..448aff7bb 100644 --- a/libfreerdp/core/nego.c +++ b/libfreerdp/core/nego.c @@ -43,11 +43,16 @@ static const char* const NEGO_STATE_STRINGS[] = "NEGO_STATE_FINAL" }; -static const char PROTOCOL_SECURITY_STRINGS[4][4] = +static const char PROTOCOL_SECURITY_STRINGS[9][4] = { "RDP", "TLS", "NLA", + "UNK", + "UNK", + "UNK", + "UNK", + "UNK", "EXT" }; From 1dd2e649e3cf34a4c9139e4629e6cfc1f6227110 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Mon, 28 Oct 2013 15:08:50 -0600 Subject: [PATCH 11/13] Cleanup pass 1 --- libfreerdp/core/transport.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 7cce9faa0..5fd79e1d0 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -108,8 +108,10 @@ BOOL transport_connect_rdp(rdpTransport* transport) long transport_bio_tsg_callback(BIO* bio, int mode, const char* argp, int argi, long argl, long ret) { -/* printf("transport_bio_tsg_callback: mode: %d argp: %p argi: %d argl: %d ret: %d\n", */ -/* mode, argp, argi, argl, ret); */ + /* + printf("transport_bio_tsg_callback: mode: %d argp: %p argi: %d argl: %d ret: %d\n", + mode, argp, argi, argl, ret); + */ return 1; } @@ -289,11 +291,6 @@ BOOL transport_connect_nla(rdpTransport* transport) freerdp* instance; rdpSettings* settings; - /* - if (transport->layer == TRANSPORT_LAYER_TSG || transport->layer == TRANSPORT_LAYER_TSG_TLS) - return TRUE; - */ - if (!transport_connect_tls(transport)) return FALSE; From f02daaa2d5eadb9fd784c92f3e7359fb08c842f6 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Mon, 28 Oct 2013 15:46:28 -0600 Subject: [PATCH 12/13] More cleanups - remove LWD and all references. --- include/freerdp/crypto/tls.h | 1 - libfreerdp/core/connection.c | 1 - libfreerdp/core/gateway/rpc.c | 22 --------- libfreerdp/core/nla.c | 29 ++--------- libfreerdp/core/transport.c | 90 ++++------------------------------- libfreerdp/crypto/tls.c | 10 ---- lwd.h | 21 -------- 7 files changed, 12 insertions(+), 162 deletions(-) delete mode 100644 lwd.h diff --git a/include/freerdp/crypto/tls.h b/include/freerdp/crypto/tls.h index c65af3529..a18597308 100644 --- a/include/freerdp/crypto/tls.h +++ b/include/freerdp/crypto/tls.h @@ -49,7 +49,6 @@ struct rdp_tls rdpSettings* settings; SecPkgContext_Bindings* Bindings; rdpCertificateStore* certificate_store; - char desc[20]; }; FREERDP_API BOOL tls_connect(rdpTls* tls); diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index 01d3b5d08..f941f219f 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -274,7 +274,6 @@ BOOL rdp_client_connect(rdpRdp* rdp) { if (rdp_check_fds(rdp) < 0) return FALSE; - usleep(100); } return TRUE; diff --git a/libfreerdp/core/gateway/rpc.c b/libfreerdp/core/gateway/rpc.c index 56fa9489d..ae024cd9e 100644 --- a/libfreerdp/core/gateway/rpc.c +++ b/libfreerdp/core/gateway/rpc.c @@ -43,8 +43,6 @@ #include "rpc.h" -#include "lwd.h" - /* Security Verification Trailer Signature */ rpc_sec_verification_trailer RPC_SEC_VERIFICATION_TRAILER = @@ -318,12 +316,8 @@ int rpc_out_read(rdpRpc* rpc, BYTE* data, int length) { int status; - LWD("len %d", length); - status = tls_read(rpc->TlsOut, data, length); - LWD("status %d", status); - return status; } @@ -331,12 +325,8 @@ int rpc_out_write(rdpRpc* rpc, BYTE* data, int length) { int status; - LWD("len %d", length); - status = tls_write_all(rpc->TlsOut, data, length); - LWD("status %d", status); - return status; } @@ -345,20 +335,14 @@ int rpc_in_write(rdpRpc* rpc, BYTE* data, int length) int status; #ifdef WITH_DEBUG_TSG - /* fprintf(stderr, "Sending PDU (length: %d)\n", length); rpc_pdu_header_print((rpcconn_hdr_t*) data); winpr_HexDump(data, length); fprintf(stderr, "\n"); - */ #endif - - LWD("len %d", length); status = tls_write_all(rpc->TlsIn, data, length); - LWD("status %d", status); - return status; } @@ -376,12 +360,9 @@ int rpc_write(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum) ntlm = rpc->ntlm; - LWD("len %d", length); - if (ntlm->table->QueryContextAttributes(&ntlm->context, SECPKG_ATTR_SIZES, &ntlm->ContextSizes) != SEC_E_OK) { fprintf(stderr, "QueryContextAttributes SECPKG_ATTR_SIZES failure\n"); - LWD("status -1 query context"); return -1; } @@ -453,7 +434,6 @@ int rpc_write(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum) { fprintf(stderr, "EncryptMessage status: 0x%08X\n", encrypt_status); free(request_pdu); - LWD("status -1 encrypt_status fail"); return -1; } @@ -464,8 +444,6 @@ int rpc_write(rdpRpc* rpc, BYTE* data, int length, UINT16 opnum) rpc_send_enqueue_pdu(rpc, buffer, request_pdu->frag_length); free(request_pdu); - LWD("status %d", length); - return length; } diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index 895540d3f..f0bfbd05a 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -37,7 +37,6 @@ #include #include "nla.h" -#include "lwd.h" /** * TSRequest ::= SEQUENCE { @@ -202,14 +201,10 @@ int credssp_client_authenticate(rdpCredssp* credssp) BOOL have_input_buffer; BOOL have_pub_key_auth; - LWD(""); - sspi_GlobalInit(); - if (credssp_ntlm_client_init(credssp) == 0) { - LWD("ret 0 at init"); + if (credssp_ntlm_client_init(credssp) == 0) return 0; - } #ifdef WITH_NATIVE_SSPI { @@ -235,7 +230,6 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (status != SEC_E_OK) { fprintf(stderr, "QuerySecurityPackageInfo status: 0x%08X\n", status); - LWD("QSPI status 0x%X", status); return 0; } @@ -247,7 +241,6 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (status != SEC_E_OK) { fprintf(stderr, "AcquireCredentialsHandle status: 0x%08X\n", status); - LWD("ACH status 0x%X", status); return 0; } @@ -299,7 +292,6 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (credssp->table->QueryContextAttributes(&credssp->context, SECPKG_ATTR_SIZES, &credssp->ContextSizes) != SEC_E_OK) { fprintf(stderr, "QueryContextAttributes SECPKG_ATTR_SIZES failure\n"); - LWD("QCA fail ret 0"); return 0; } @@ -337,10 +329,8 @@ int credssp_client_authenticate(rdpCredssp* credssp) input_buffer_desc.pBuffers = &input_buffer; input_buffer.BufferType = SECBUFFER_TOKEN; - if (credssp_recv(credssp) < 0) { - LWD("credssp_recv ret -1 point 1"); + if (credssp_recv(credssp) < 0) return -1; - } #ifdef WITH_DEBUG_CREDSSP fprintf(stderr, "Receiving Authentication Token (%d)\n", (int) credssp->negoToken.cbBuffer); @@ -355,10 +345,9 @@ int credssp_client_authenticate(rdpCredssp* credssp) } /* Encrypted Public Key +1 */ - if (credssp_recv(credssp) < 0) { - LWD("credssp_recv ret -1 point 2"); + if (credssp_recv(credssp) < 0) return -1; - } + /* Verify Server Public Key Echo */ @@ -368,7 +357,6 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (status != SEC_E_OK) { fprintf(stderr, "Could not verify public key echo!\n"); - LWD("verify fail public key ret -1"); return -1; } @@ -379,7 +367,6 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (status != SEC_E_OK) { fprintf(stderr, "credssp_encrypt_ts_credentials status: 0x%08X\n", status); - LWD("credssp encrypt ts cred ret 0"); return 0; } @@ -391,7 +378,6 @@ int credssp_client_authenticate(rdpCredssp* credssp) credssp->table->FreeCredentialsHandle(&credentials); credssp->table->FreeContextBuffer(pPackageInfo); - LWD("ret 1"); return 1; } @@ -1094,10 +1080,6 @@ void credssp_send(rdpCredssp* credssp) ts_request_length = credssp_sizeof_ts_request(length); - LWD("nego_len %d pub_len %d auth_len %d len %d ts_len %d", - nego_tokens_length, pub_key_auth_length, auth_info_length, - length, ts_request_length); - s = Stream_New(NULL, ber_sizeof_sequence(ts_request_length)); /* TSRequest */ @@ -1140,11 +1122,8 @@ void credssp_send(rdpCredssp* credssp) Stream_SealLength(s); - LWD("len %d", Stream_Length(s)); transport_write(credssp->transport, s); - winpr_HexDump(Stream_Buffer(s), Stream_Length(s)); - Stream_Free(s, TRUE); } diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 5fd79e1d0..76c13f579 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -49,8 +49,6 @@ #define BUFFER_SIZE 16384 -#include "lwd.h" - static void* transport_client_thread(void* arg); wStream* transport_send_stream_init(rdpTransport* transport, int size) @@ -121,17 +119,9 @@ static int transport_bio_tsg_write(BIO* bio, const char* buf, int num) int status; rdpTsg* tsg; - LWD("len %d", num); - -/* printf("transport_bio_tsg_write: %d\n", num); */ - tsg = (rdpTsg*) bio->ptr; status = tsg_write(tsg, (BYTE*) buf, num); - LWD("status %d", status); - -/* printf("tsg_write: %d\n", status); */ - BIO_clear_retry_flags(bio); if (status <= 0) @@ -147,17 +137,9 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, int size) int status; rdpTsg* tsg; - LWD("len %d", size); - -/* printf("transport_bio_tsg_read: %d\n", size); */ - tsg = (rdpTsg*) bio->ptr; status = tsg_read(bio->ptr, (BYTE*) buf, size); - LWD("status %d", status); - -/* printf("tsg_read: %d\n", status); */ - BIO_clear_retry_flags(bio); if (status <= 0) @@ -233,8 +215,6 @@ BOOL transport_connect_tls(rdpTransport* transport) if (transport->layer == TRANSPORT_LAYER_TSG) { transport->TsgTls = tls_new(transport->settings); - LWD("create TsgTls"); - sprintf(transport->TsgTls->desc, "TsgTls"); transport->TsgTls->methods = BIO_s_tsg(); transport->TsgTls->tsg = (void*) transport->tsg; @@ -256,11 +236,8 @@ BOOL transport_connect_tls(rdpTransport* transport) return TRUE; } - if (transport->TlsIn == NULL) { + if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); - LWD("create TlsIn"); - sprintf(transport->TlsIn->desc, "TlsIn"); - } if (transport->TlsOut == NULL) transport->TlsOut = transport->TlsIn; @@ -331,19 +308,13 @@ BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16 transport->tsg = tsg; transport->SplitInputOutput = TRUE; - if (transport->TlsIn == NULL) { + if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); - LWD("create TlsIn"); - sprintf(transport->TlsIn->desc, "TlsIn"); - } transport->TlsIn->sockfd = transport->TcpIn->sockfd; - if (transport->TlsOut == NULL) { + if (transport->TlsOut == NULL) transport->TlsOut = tls_new(transport->settings); - LWD("create TlsOut"); - sprintf(transport->TlsOut->desc, "TlsOut"); - } transport->TlsOut->sockfd = transport->TcpOut->sockfd; @@ -407,11 +378,8 @@ BOOL transport_accept_rdp(rdpTransport* transport) BOOL transport_accept_tls(rdpTransport* transport) { - if (transport->TlsIn == NULL) { + if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); - LWD("create TlsIn"); - sprintf(transport->TlsIn->desc, "TlsIn"); - } if (transport->TlsOut == NULL) transport->TlsOut = transport->TlsIn; @@ -430,11 +398,8 @@ BOOL transport_accept_nla(rdpTransport* transport) freerdp* instance; rdpSettings* settings; - if (transport->TlsIn == NULL) { + if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); - LWD("create TlsIn"); - sprintf(transport->TlsIn->desc, "TlsIn"); - } if (transport->TlsOut == NULL) transport->TlsOut = transport->TlsIn; @@ -553,21 +518,9 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) { int read = 0; int status = -1; - char *layer = "UNKNOWN"; - - if (transport->layer == TRANSPORT_LAYER_TLS) - layer = "TLS"; - else if (transport->layer == TRANSPORT_LAYER_TCP) - layer = "TCP"; - else if (transport->layer == TRANSPORT_LAYER_TSG) - layer = "TSG"; - else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) - layer = "TSG_TLS"; while (read < bytes) { - LWD("layer %s bytes %d read %d", layer, bytes, read); - if (transport->layer == TRANSPORT_LAYER_TLS) status = tls_read(transport->TlsIn, data + read, bytes - read); else if (transport->layer == TRANSPORT_LAYER_TCP) @@ -575,25 +528,16 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) else if (transport->layer == TRANSPORT_LAYER_TSG) status = tsg_read(transport->tsg, data + read, bytes - read); else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) { - /* - LWD("TlsIn SSL pending %d want %s", SSL_pending(transport->TlsIn->ssl), want(transport->TlsIn)); - LWD("TlsOut SSL pending %d want %s", SSL_pending(transport->TlsOut->ssl), want(transport->TlsOut)); - LWD("TsgTls SSL pending %d want %s", SSL_pending(transport->TsgTls->ssl), want(transport->TlsIn)); - */ status = tls_read(transport->TsgTls, data + read, bytes - read); } /* blocking means that we can't continue until this is read */ - if (!transport->blocking) { - LWD("layer %s return %d not blocking", layer, status); + if (!transport->blocking) return status; - } - if (status < 0) { - LWD("layer %s return %d negative status", layer, status); + if (status < 0) return status; - } read += status; @@ -607,7 +551,6 @@ int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) } } - LWD("layer %s return %d normal", layer, status); return read; } @@ -720,7 +663,6 @@ int transport_write(rdpTransport* transport, wStream* s) { int length; int status = -1; - char *layer = "UNKNOWN"; WaitForSingleObject(transport->WriteMutex, INFINITE); @@ -735,19 +677,8 @@ int transport_write(rdpTransport* transport, wStream* s) } #endif - if (transport->layer == TRANSPORT_LAYER_TLS) - layer = "TLS"; - else if (transport->layer == TRANSPORT_LAYER_TCP) - layer = "TCP"; - else if (transport->layer == TRANSPORT_LAYER_TSG) - layer = "TSG"; - else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) - layer = "TSG_TLS"; - while (length > 0) { - LWD("layer %s length %d", layer, length); - if (transport->layer == TRANSPORT_LAYER_TLS) status = tls_write(transport->TlsOut, Stream_Pointer(s), length); else if (transport->layer == TRANSPORT_LAYER_TCP) @@ -757,15 +688,11 @@ int transport_write(rdpTransport* transport, wStream* s) else if (transport->layer == TRANSPORT_LAYER_TSG_TLS) status = tls_write(transport->TsgTls, Stream_Pointer(s), length); - if (status < 0) { - LWD("layer %s length %d break %d negative status", - layer, length, status); + if (status < 0) break; /* error occurred */ - } if (status == 0) { - LWD("layer %s status 0", layer); /* when sending is blocked in nonblocking mode, the receiving buffer should be checked */ if (!transport->blocking) { @@ -799,7 +726,6 @@ int transport_write(rdpTransport* transport, wStream* s) ReleaseMutex(transport->WriteMutex); - LWD("layer %s return %d", layer, status); return status; } diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index d2d8d7d1d..c3e60e205 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -31,8 +31,6 @@ #include -#include - static CryptoCert tls_get_certificate(rdpTls* tls, BOOL peer) { CryptoCert cert; @@ -375,8 +373,6 @@ int tls_read(rdpTls* tls, BYTE* data, int length) int error; int status; - LWD("tls %s length %d", tls->desc, length); - status = SSL_read(tls->ssl, data, length); if (status <= 0) @@ -415,8 +411,6 @@ int tls_read(rdpTls* tls, BYTE* data, int length) } } - LWD("tls %s ret %d", tls->desc, status); - return status; } @@ -440,8 +434,6 @@ int tls_write(rdpTls* tls, BYTE* data, int length) int error; int status; - LWD("tls %s length %d", tls->desc, length); - status = SSL_write(tls->ssl, data, length); if (status <= 0) @@ -479,8 +471,6 @@ int tls_write(rdpTls* tls, BYTE* data, int length) } } - LWD("tls %s ret %d", tls->desc, status); - return status; } diff --git a/lwd.h b/lwd.h deleted file mode 100644 index c62eb07f0..000000000 --- a/lwd.h +++ /dev/null @@ -1,21 +0,0 @@ - -#ifndef __LWD_H__ -#define __LWD_H__ - -#include -#include -#include - -#define LWD(fmt, ...) do { \ - time_t tod = time(NULL); \ - char buf[25]; \ - struct tm* tm_info = localtime(&tod); \ - strftime(buf, 25, "%H:%M:%S", tm_info); \ - fprintf(stderr, "%20.20s [%s] ", __FUNCTION__, buf); \ - fprintf(stderr, fmt, ## __VA_ARGS__); \ - fprintf(stderr, "\n"); \ - } while( 0 ) - -// fflush(stderr); - -#endif From 66ecabb647d8be54e32a5291702ca034255724e0 Mon Sep 17 00:00:00 2001 From: Dan Bungert Date: Mon, 28 Oct 2013 16:59:02 -0600 Subject: [PATCH 13/13] Final cleanups - merge ready. --- client/X11/cli/xfreerdp.c | 2 -- libfreerdp/core/connection.c | 8 ------- libfreerdp/core/gateway/rpc_client.c | 2 -- libfreerdp/core/nla.c | 1 - libfreerdp/core/transport.c | 31 +--------------------------- libfreerdp/crypto/tls.c | 2 -- 6 files changed, 1 insertion(+), 45 deletions(-) diff --git a/client/X11/cli/xfreerdp.c b/client/X11/cli/xfreerdp.c index dcaf5dbfd..8e39158c2 100644 --- a/client/X11/cli/xfreerdp.c +++ b/client/X11/cli/xfreerdp.c @@ -42,8 +42,6 @@ int main(int argc, char* argv[]) rdpSettings* settings; RDP_CLIENT_ENTRY_POINTS clientEntryPoints; - setvbuf(stderr, NULL, _IONBF, 0); - ZeroMemory(&clientEntryPoints, sizeof(RDP_CLIENT_ENTRY_POINTS)); clientEntryPoints.Size = sizeof(RDP_CLIENT_ENTRY_POINTS); clientEntryPoints.Version = RDP_CLIENT_INTERFACE_VERSION; diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c index f941f219f..97030a760 100644 --- a/libfreerdp/core/connection.c +++ b/libfreerdp/core/connection.c @@ -209,14 +209,6 @@ BOOL rdp_client_connect(rdpRdp* rdp) nego_set_cookie(rdp->nego, cookie); free(cookie); - - /* - settings->RdpSecurity = TRUE; - settings->TlsSecurity = TRUE; - settings->NlaSecurity = FALSE; - settings->ExtSecurity = FALSE; - */ - } else { diff --git a/libfreerdp/core/gateway/rpc_client.c b/libfreerdp/core/gateway/rpc_client.c index b9ce57122..502ea9dad 100644 --- a/libfreerdp/core/gateway/rpc_client.c +++ b/libfreerdp/core/gateway/rpc_client.c @@ -432,14 +432,12 @@ RPC_PDU* rpc_recv_dequeue_pdu(rdpRpc* rpc) pdu = (RPC_PDU*) Queue_Dequeue(rpc->client->ReceiveQueue); #ifdef WITH_DEBUG_TSG - /* if (pdu) { fprintf(stderr, "Receiving PDU (length: %d, CallId: %d)\n", pdu->s->length, pdu->CallId); winpr_HexDump(Stream_Buffer(pdu->s), Stream_Length(pdu->s)); fprintf(stderr, "\n"); } - */ #endif return pdu; diff --git a/libfreerdp/core/nla.c b/libfreerdp/core/nla.c index f0bfbd05a..34cbc3784 100644 --- a/libfreerdp/core/nla.c +++ b/libfreerdp/core/nla.c @@ -348,7 +348,6 @@ int credssp_client_authenticate(rdpCredssp* credssp) if (credssp_recv(credssp) < 0) return -1; - /* Verify Server Public Key Echo */ status = credssp_decrypt_public_key_echo(credssp); diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c index 76c13f579..e87516472 100644 --- a/libfreerdp/core/transport.c +++ b/libfreerdp/core/transport.c @@ -106,11 +106,6 @@ BOOL transport_connect_rdp(rdpTransport* transport) long transport_bio_tsg_callback(BIO* bio, int mode, const char* argp, int argi, long argl, long ret) { - /* - printf("transport_bio_tsg_callback: mode: %d argp: %p argi: %d argl: %d ret: %d\n", - mode, argp, argi, argl, ret); - */ - return 1; } @@ -152,19 +147,16 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, int size) static int transport_bio_tsg_puts(BIO* bio, const char* str) { -/* printf("transport_bio_tsg_puts: %d\n", strlen(str)); */ return 1; } static int transport_bio_tsg_gets(BIO* bio, char* str, int size) { -/* printf("transport_bio_tsg_gets: %d\n", size); */ return 1; } static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) { -/* printf("transport_bio_tsg_ctrl: cmd: %d arg1: %d arg2: %p\n", cmd, arg1, arg2); */ if(cmd == BIO_CTRL_FLUSH) { return 1; } @@ -173,8 +165,6 @@ static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2) static int transport_bio_tsg_new(BIO* bio) { -/* printf("transport_bio_tsg_new\n"); */ - bio->init = 1; bio->num = 0; bio->ptr = NULL; @@ -185,7 +175,6 @@ static int transport_bio_tsg_new(BIO* bio) static int transport_bio_tsg_free(BIO* bio) { -/* printf("transport_bio_tsg_free\n"); */ return 1; } @@ -400,7 +389,7 @@ BOOL transport_accept_nla(rdpTransport* transport) if (transport->TlsIn == NULL) transport->TlsIn = tls_new(transport->settings); - + if (transport->TlsOut == NULL) transport->TlsOut = transport->TlsIn; @@ -496,24 +485,6 @@ UINT32 nla_header_length(wStream* s) return length; } -char *want(rdpTls *tls) -{ - int what = SSL_want(tls->ssl); - switch(what) - { - case SSL_NOTHING: - return "NOTHING"; - case SSL_WRITING: - return "WRITING"; - case SSL_READING: - return "READING"; - case SSL_X509_LOOKUP: - return "X509_LOOKUP"; - default: - return "UNKNOWN"; - } -} - int transport_read_layer(rdpTransport* transport, UINT8* data, int bytes) { int read = 0; diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c index c3e60e205..17d41699a 100644 --- a/libfreerdp/crypto/tls.c +++ b/libfreerdp/crypto/tls.c @@ -99,8 +99,6 @@ SecPkgContext_Bindings* tls_get_channel_bindings(X509* cert) static void tls_ssl_info_callback(const SSL* ssl, int type, int val) { -/* printf("tls_ssl_info_callback: type: %d val: %d\n", type, val); */ - if (type & SSL_CB_HANDSHAKE_START) {