libxrdp: work on TLS support
This commit is contained in:
parent
f0b6c6b1d1
commit
7ab1d887ae
@ -143,7 +143,12 @@ libxrdp_force_read(struct trans* trans)
|
||||
init_stream(s, 32 * 1024);
|
||||
if (trans->do_tls)
|
||||
{
|
||||
/*TLS*/
|
||||
g_writeln("libxrdp_force_read: tls data in");
|
||||
if (xrdp_tls_force_read_s(trans, s, 4) != 0)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
g_hexdump(s->data, 4);
|
||||
}
|
||||
else if (trans_force_read(trans, 4) != 0) /*TCP*/
|
||||
{
|
||||
@ -161,11 +166,25 @@ libxrdp_force_read(struct trans* trans)
|
||||
g_writeln("libxrdp_force_read: error");
|
||||
return 0;
|
||||
}
|
||||
if (trans_force_read(trans, bytes - 4) != 0)
|
||||
|
||||
if (trans->do_tls)
|
||||
{
|
||||
g_writeln("libxrdp_force_read: tls data in");
|
||||
xrdp_tls_force_read_s(trans, s, bytes - 4);
|
||||
g_hexdump(s->data, bytes);
|
||||
}
|
||||
else if (trans_force_read(trans, bytes - 4) != 0) /*TCP*/
|
||||
{
|
||||
g_writeln("libxrdp_force_read: error");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
// if (trans_force_read(trans, bytes - 4) != 0)
|
||||
// {
|
||||
// g_writeln("libxrdp_force_read: error");
|
||||
// return 0;
|
||||
// }
|
||||
return s;
|
||||
}
|
||||
|
||||
|
@ -312,9 +312,9 @@ xrdp_tls_disconnect(struct xrdp_tls *self);
|
||||
void APP_CC
|
||||
xrdp_tls_delete(struct xrdp_tls *self);
|
||||
int APP_CC
|
||||
xrdp_tls_read(struct xrdp_tls *tls, unsigned char *data, int length);
|
||||
xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size);
|
||||
int APP_CC
|
||||
xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length);
|
||||
xrdp_tls_force_write_s(struct trans *self, struct stream *out_s);
|
||||
|
||||
int APP_CC
|
||||
compress_rdp(struct xrdp_mppc_enc *enc, tui8 *srcData, int len);
|
||||
|
@ -416,7 +416,14 @@ xrdp_iso_send(struct xrdp_iso *self, struct stream *s)
|
||||
out_uint8(s, ISO_PDU_DT);
|
||||
out_uint8(s, 0x80);
|
||||
|
||||
if (trans_force_write_s(self->trans, s) != 0)
|
||||
if (self->trans->do_tls)
|
||||
{
|
||||
if (xrdp_tls_force_write_s(self->trans, s) != 0)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
else if (trans_force_write_s(self->trans, s) != 0)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
@ -630,6 +630,7 @@ static int APP_CC
|
||||
xrdp_mcs_ber_out_header(struct xrdp_mcs *self, struct stream *s,
|
||||
int tag_val, int len)
|
||||
{
|
||||
g_writeln("tag_val > 0xff ? %d", tag_val > 0xff);
|
||||
if (tag_val > 0xff)
|
||||
{
|
||||
out_uint16_be(s, tag_val);
|
||||
@ -639,6 +640,7 @@ xrdp_mcs_ber_out_header(struct xrdp_mcs *self, struct stream *s,
|
||||
out_uint8(s, tag_val);
|
||||
}
|
||||
|
||||
g_writeln("len >= 0x80 ? %d", len >= 0x80);
|
||||
if (len >= 0x80)
|
||||
{
|
||||
out_uint8(s, 0x82);
|
||||
@ -720,7 +722,8 @@ xrdp_mcs_send_connect_response(struct xrdp_mcs *self)
|
||||
init_stream(s, 8192);
|
||||
data_len = (int) (self->server_mcs_data->end - self->server_mcs_data->data);
|
||||
xrdp_iso_init(self->iso_layer, s);
|
||||
xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, data_len + 38);
|
||||
//TODO: 36 - tls , 38 - rdp - we should calculate that
|
||||
xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, data_len + 36);
|
||||
xrdp_mcs_ber_out_header(self, s, BER_TAG_RESULT, 1);
|
||||
out_uint8(s, 0);
|
||||
xrdp_mcs_ber_out_header(self, s, BER_TAG_INTEGER, 1);
|
||||
@ -750,17 +753,19 @@ xrdp_mcs_incoming(struct xrdp_mcs *self)
|
||||
{
|
||||
DEBUG((" in xrdp_mcs_incoming"));
|
||||
|
||||
/* ISO */
|
||||
if (xrdp_iso_incoming(self->iso_layer) != 0)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* tls */
|
||||
/* TLS */
|
||||
if (PROTOCOL_SSL & self->iso_layer->selectedProtocol)
|
||||
{
|
||||
g_writeln("xrdp_mcs_incoming: TLS mode!");
|
||||
self->sec_layer->crypt_level = CRYPT_LEVEL_NONE;
|
||||
self->sec_layer->crypt_method = CRYPT_METHOD_NONE;
|
||||
self->sec_layer->rsa_key_bytes = 0;
|
||||
|
||||
if (xrdp_tls_accept(self->sec_layer->tls) != 0)
|
||||
{
|
||||
@ -770,6 +775,7 @@ xrdp_mcs_incoming(struct xrdp_mcs *self)
|
||||
g_writeln("xrdp_mcs_incoming: ssl_tls_accept done!!!!");
|
||||
}
|
||||
|
||||
/* MCS */
|
||||
if (xrdp_mcs_recv_connect_initial(self) != 0)
|
||||
{
|
||||
return 1;
|
||||
|
@ -277,7 +277,8 @@ xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans, int crypt_level,
|
||||
self->fastpath_layer = xrdp_fastpath_create(self, trans);
|
||||
self->chan_layer = xrdp_channel_create(self, self->mcs_layer);
|
||||
//TODO: add cert to config
|
||||
self->tls = xrdp_tls_create(trans, "/opt/xrdpdev/etc/xrdp/pkey.pem", "/opt/xrdpdev/etc/xrdp/cert.pem");
|
||||
self->tls = xrdp_tls_create(trans, "/opt/xrdpdev/etc/xrdp/pkey.pem",
|
||||
"/opt/xrdpdev/etc/xrdp/cert.pem");
|
||||
DEBUG((" out xrdp_sec_create"));
|
||||
return self;
|
||||
}
|
||||
@ -1857,7 +1858,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self)
|
||||
ud_ptr = s->p; /* User Data */
|
||||
|
||||
out_uint16_le(s, SEC_TAG_SRV_INFO);
|
||||
if (self->mcs_layer->iso_layer->selectedProtocol != -1)
|
||||
if (self->mcs_layer->iso_layer->rdpNegData)
|
||||
{
|
||||
out_uint16_le(s, 12); /* len */
|
||||
}
|
||||
@ -1869,7 +1870,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self)
|
||||
out_uint8(s, 0);
|
||||
out_uint8(s, 8);
|
||||
out_uint8(s, 0);
|
||||
if (self->mcs_layer->iso_layer->selectedProtocol != -1)
|
||||
if (self->mcs_layer->iso_layer->rdpNegData)
|
||||
{
|
||||
/* ReqeustedProtocol */
|
||||
out_uint32_le(s, self->mcs_layer->iso_layer->selectedProtocol);
|
||||
@ -1952,6 +1953,14 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self)
|
||||
out_uint8a(s, self->pub_sig, 64); /* pub sig */
|
||||
out_uint8s(s, 8); /* pad */
|
||||
}
|
||||
else if (self->rsa_key_bytes == 0) /* no security */
|
||||
{
|
||||
g_writeln("xrdp_sec_out_mcs_data: using no security");
|
||||
out_uint16_le(s, SEC_TAG_SRV_CRYPT);
|
||||
out_uint16_le(s, 12); /* len is 12 */
|
||||
out_uint32_le(s, self->crypt_method);
|
||||
out_uint32_le(s, self->crypt_level);
|
||||
}
|
||||
else
|
||||
{
|
||||
LLOGLN(0, ("xrdp_sec_out_mcs_data: error"));
|
||||
|
@ -237,3 +237,182 @@ xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length)
|
||||
return status;
|
||||
}
|
||||
/*****************************************************************************/
|
||||
int APP_CC
|
||||
xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size)
|
||||
{
|
||||
int rcvd;
|
||||
|
||||
if (self->status != TRANS_STATUS_UP)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
while (size > 0)
|
||||
{
|
||||
/* make sure stream has room */
|
||||
if ((in_s->end + size) > (in_s->data + in_s->size))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
g_writeln("xrdp_tls_force_read_s: Pending= %d", SSL_pending(self->tls->ssl));
|
||||
rcvd = xrdp_tls_read(self->tls, in_s->end, size);
|
||||
|
||||
if (rcvd == -1)
|
||||
{
|
||||
if (g_tcp_last_error_would_block(self->sck))
|
||||
{
|
||||
if (!g_tcp_can_recv(self->sck, 100))
|
||||
{
|
||||
/* check for term here */
|
||||
if (self->is_term != 0)
|
||||
{
|
||||
if (self->is_term())
|
||||
{
|
||||
/* term */
|
||||
self->status = TRANS_STATUS_DOWN;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* error */
|
||||
self->status = TRANS_STATUS_DOWN;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
else if (rcvd == 0)
|
||||
{
|
||||
/* error */
|
||||
self->status = TRANS_STATUS_DOWN;
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
in_s->end += rcvd;
|
||||
size -= rcvd;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
int APP_CC
|
||||
xrdp_tls_force_write_s(struct trans *self, struct stream *out_s)
|
||||
{
|
||||
int size;
|
||||
int total;
|
||||
int sent;
|
||||
|
||||
if (self->status != TRANS_STATUS_UP)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
|
||||
size = (int)(out_s->end - out_s->data);
|
||||
g_writeln("packet size= %d", size);
|
||||
total = 0;
|
||||
|
||||
if (send_waiting(self, 1) != 0)
|
||||
{
|
||||
self->status = TRANS_STATUS_DOWN;
|
||||
return 1;
|
||||
}
|
||||
|
||||
while (total < size)
|
||||
{
|
||||
sent = xrdp_tls_write(self->tls, out_s->data + total, size - total);
|
||||
|
||||
if (sent == -1)
|
||||
{
|
||||
if (g_tcp_last_error_would_block(self->sck))
|
||||
{
|
||||
if (!g_tcp_can_send(self->sck, 100))
|
||||
{
|
||||
/* check for term here */
|
||||
if (self->is_term != 0)
|
||||
{
|
||||
if (self->is_term())
|
||||
{
|
||||
/* term */
|
||||
self->status = TRANS_STATUS_DOWN;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* error */
|
||||
self->status = TRANS_STATUS_DOWN;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
else if (sent == 0)
|
||||
{
|
||||
/* error */
|
||||
self->status = TRANS_STATUS_DOWN;
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
total = total + sent;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
/*****************************************************************************/
|
||||
int APP_CC
|
||||
send_waiting(struct trans *self, int block)
|
||||
{
|
||||
struct stream *temp_s;
|
||||
int bytes;
|
||||
int sent;
|
||||
int timeout;
|
||||
int cont;
|
||||
|
||||
timeout = block ? 100 : 0;
|
||||
cont = 1;
|
||||
while (cont)
|
||||
{
|
||||
if (self->wait_s != 0)
|
||||
{
|
||||
temp_s = self->wait_s;
|
||||
if (g_tcp_can_send(self->sck, timeout))
|
||||
{
|
||||
bytes = (int) (temp_s->end - temp_s->p);
|
||||
sent = xrdp_tls_write(self->tls, temp_s->p, bytes);
|
||||
if (sent > 0)
|
||||
{
|
||||
temp_s->p += sent;
|
||||
if (temp_s->p >= temp_s->end)
|
||||
{
|
||||
self->wait_s = (struct stream *) (temp_s->next_packet);
|
||||
free_stream(temp_s);
|
||||
}
|
||||
}
|
||||
else if (sent == 0)
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!g_tcp_last_error_would_block(self->sck))
|
||||
{
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
break;
|
||||
}
|
||||
cont = block;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user