libxrdp: work on TLS support

This commit is contained in:
Idan Freiberg 2014-07-17 14:29:23 +03:00
parent f0b6c6b1d1
commit 7ab1d887ae
6 changed files with 230 additions and 10 deletions

View File

@ -143,7 +143,12 @@ libxrdp_force_read(struct trans* trans)
init_stream(s, 32 * 1024);
if (trans->do_tls)
{
/*TLS*/
g_writeln("libxrdp_force_read: tls data in");
if (xrdp_tls_force_read_s(trans, s, 4) != 0)
{
return 0;
}
g_hexdump(s->data, 4);
}
else if (trans_force_read(trans, 4) != 0) /*TCP*/
{
@ -161,11 +166,25 @@ libxrdp_force_read(struct trans* trans)
g_writeln("libxrdp_force_read: error");
return 0;
}
if (trans_force_read(trans, bytes - 4) != 0)
if (trans->do_tls)
{
g_writeln("libxrdp_force_read: tls data in");
xrdp_tls_force_read_s(trans, s, bytes - 4);
g_hexdump(s->data, bytes);
}
else if (trans_force_read(trans, bytes - 4) != 0) /*TCP*/
{
g_writeln("libxrdp_force_read: error");
return 0;
}
// if (trans_force_read(trans, bytes - 4) != 0)
// {
// g_writeln("libxrdp_force_read: error");
// return 0;
// }
return s;
}

View File

@ -312,9 +312,9 @@ xrdp_tls_disconnect(struct xrdp_tls *self);
void APP_CC
xrdp_tls_delete(struct xrdp_tls *self);
int APP_CC
xrdp_tls_read(struct xrdp_tls *tls, unsigned char *data, int length);
xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size);
int APP_CC
xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length);
xrdp_tls_force_write_s(struct trans *self, struct stream *out_s);
int APP_CC
compress_rdp(struct xrdp_mppc_enc *enc, tui8 *srcData, int len);

View File

@ -416,7 +416,14 @@ xrdp_iso_send(struct xrdp_iso *self, struct stream *s)
out_uint8(s, ISO_PDU_DT);
out_uint8(s, 0x80);
if (trans_force_write_s(self->trans, s) != 0)
if (self->trans->do_tls)
{
if (xrdp_tls_force_write_s(self->trans, s) != 0)
{
return 1;
}
}
else if (trans_force_write_s(self->trans, s) != 0)
{
return 1;
}

View File

@ -630,6 +630,7 @@ static int APP_CC
xrdp_mcs_ber_out_header(struct xrdp_mcs *self, struct stream *s,
int tag_val, int len)
{
g_writeln("tag_val > 0xff ? %d", tag_val > 0xff);
if (tag_val > 0xff)
{
out_uint16_be(s, tag_val);
@ -639,6 +640,7 @@ xrdp_mcs_ber_out_header(struct xrdp_mcs *self, struct stream *s,
out_uint8(s, tag_val);
}
g_writeln("len >= 0x80 ? %d", len >= 0x80);
if (len >= 0x80)
{
out_uint8(s, 0x82);
@ -720,7 +722,8 @@ xrdp_mcs_send_connect_response(struct xrdp_mcs *self)
init_stream(s, 8192);
data_len = (int) (self->server_mcs_data->end - self->server_mcs_data->data);
xrdp_iso_init(self->iso_layer, s);
xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, data_len + 38);
//TODO: 36 - tls , 38 - rdp - we should calculate that
xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, data_len + 36);
xrdp_mcs_ber_out_header(self, s, BER_TAG_RESULT, 1);
out_uint8(s, 0);
xrdp_mcs_ber_out_header(self, s, BER_TAG_INTEGER, 1);
@ -750,17 +753,19 @@ xrdp_mcs_incoming(struct xrdp_mcs *self)
{
DEBUG((" in xrdp_mcs_incoming"));
/* ISO */
if (xrdp_iso_incoming(self->iso_layer) != 0)
{
return 1;
}
/* tls */
/* TLS */
if (PROTOCOL_SSL & self->iso_layer->selectedProtocol)
{
g_writeln("xrdp_mcs_incoming: TLS mode!");
self->sec_layer->crypt_level = CRYPT_LEVEL_NONE;
self->sec_layer->crypt_method = CRYPT_METHOD_NONE;
self->sec_layer->rsa_key_bytes = 0;
if (xrdp_tls_accept(self->sec_layer->tls) != 0)
{
@ -770,6 +775,7 @@ xrdp_mcs_incoming(struct xrdp_mcs *self)
g_writeln("xrdp_mcs_incoming: ssl_tls_accept done!!!!");
}
/* MCS */
if (xrdp_mcs_recv_connect_initial(self) != 0)
{
return 1;

View File

@ -277,7 +277,8 @@ xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans, int crypt_level,
self->fastpath_layer = xrdp_fastpath_create(self, trans);
self->chan_layer = xrdp_channel_create(self, self->mcs_layer);
//TODO: add cert to config
self->tls = xrdp_tls_create(trans, "/opt/xrdpdev/etc/xrdp/pkey.pem", "/opt/xrdpdev/etc/xrdp/cert.pem");
self->tls = xrdp_tls_create(trans, "/opt/xrdpdev/etc/xrdp/pkey.pem",
"/opt/xrdpdev/etc/xrdp/cert.pem");
DEBUG((" out xrdp_sec_create"));
return self;
}
@ -1857,7 +1858,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self)
ud_ptr = s->p; /* User Data */
out_uint16_le(s, SEC_TAG_SRV_INFO);
if (self->mcs_layer->iso_layer->selectedProtocol != -1)
if (self->mcs_layer->iso_layer->rdpNegData)
{
out_uint16_le(s, 12); /* len */
}
@ -1869,7 +1870,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self)
out_uint8(s, 0);
out_uint8(s, 8);
out_uint8(s, 0);
if (self->mcs_layer->iso_layer->selectedProtocol != -1)
if (self->mcs_layer->iso_layer->rdpNegData)
{
/* ReqeustedProtocol */
out_uint32_le(s, self->mcs_layer->iso_layer->selectedProtocol);
@ -1952,6 +1953,14 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self)
out_uint8a(s, self->pub_sig, 64); /* pub sig */
out_uint8s(s, 8); /* pad */
}
else if (self->rsa_key_bytes == 0) /* no security */
{
g_writeln("xrdp_sec_out_mcs_data: using no security");
out_uint16_le(s, SEC_TAG_SRV_CRYPT);
out_uint16_le(s, 12); /* len is 12 */
out_uint32_le(s, self->crypt_method);
out_uint32_le(s, self->crypt_level);
}
else
{
LLOGLN(0, ("xrdp_sec_out_mcs_data: error"));

View File

@ -237,3 +237,182 @@ xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length)
return status;
}
/*****************************************************************************/
int APP_CC
xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size)
{
int rcvd;
if (self->status != TRANS_STATUS_UP)
{
return 1;
}
while (size > 0)
{
/* make sure stream has room */
if ((in_s->end + size) > (in_s->data + in_s->size))
{
return 1;
}
g_writeln("xrdp_tls_force_read_s: Pending= %d", SSL_pending(self->tls->ssl));
rcvd = xrdp_tls_read(self->tls, in_s->end, size);
if (rcvd == -1)
{
if (g_tcp_last_error_would_block(self->sck))
{
if (!g_tcp_can_recv(self->sck, 100))
{
/* check for term here */
if (self->is_term != 0)
{
if (self->is_term())
{
/* term */
self->status = TRANS_STATUS_DOWN;
return 1;
}
}
}
}
else
{
/* error */
self->status = TRANS_STATUS_DOWN;
return 1;
}
}
else if (rcvd == 0)
{
/* error */
self->status = TRANS_STATUS_DOWN;
return 1;
}
else
{
in_s->end += rcvd;
size -= rcvd;
}
}
return 0;
}
/*****************************************************************************/
int APP_CC
xrdp_tls_force_write_s(struct trans *self, struct stream *out_s)
{
int size;
int total;
int sent;
if (self->status != TRANS_STATUS_UP)
{
return 1;
}
size = (int)(out_s->end - out_s->data);
g_writeln("packet size= %d", size);
total = 0;
if (send_waiting(self, 1) != 0)
{
self->status = TRANS_STATUS_DOWN;
return 1;
}
while (total < size)
{
sent = xrdp_tls_write(self->tls, out_s->data + total, size - total);
if (sent == -1)
{
if (g_tcp_last_error_would_block(self->sck))
{
if (!g_tcp_can_send(self->sck, 100))
{
/* check for term here */
if (self->is_term != 0)
{
if (self->is_term())
{
/* term */
self->status = TRANS_STATUS_DOWN;
return 1;
}
}
}
}
else
{
/* error */
self->status = TRANS_STATUS_DOWN;
return 1;
}
}
else if (sent == 0)
{
/* error */
self->status = TRANS_STATUS_DOWN;
return 1;
}
else
{
total = total + sent;
}
}
return 0;
}
/*****************************************************************************/
int APP_CC
send_waiting(struct trans *self, int block)
{
struct stream *temp_s;
int bytes;
int sent;
int timeout;
int cont;
timeout = block ? 100 : 0;
cont = 1;
while (cont)
{
if (self->wait_s != 0)
{
temp_s = self->wait_s;
if (g_tcp_can_send(self->sck, timeout))
{
bytes = (int) (temp_s->end - temp_s->p);
sent = xrdp_tls_write(self->tls, temp_s->p, bytes);
if (sent > 0)
{
temp_s->p += sent;
if (temp_s->p >= temp_s->end)
{
self->wait_s = (struct stream *) (temp_s->next_packet);
free_stream(temp_s);
}
}
else if (sent == 0)
{
return 1;
}
else
{
if (!g_tcp_last_error_would_block(self->sck))
{
return 1;
}
}
}
}
else
{
break;
}
cont = block;
}
return 0;
}