diff options
author | Marc-André Moreau <marcandre.moreau@gmail.com> | 2011-06-29 05:40:49 +0400 |
---|---|---|
committer | Marc-André Moreau <marcandre.moreau@gmail.com> | 2011-06-29 05:40:49 +0400 |
commit | 4bd25818ea7aea270e047504b4cefe3b259b49d7 (patch) | |
tree | 7ba03d9af9b1db970d6fd4e3d0ca1069489d1cb0 | |
parent | bb5f40c903e3e750be0c390c1a97aac09c71b908 (diff) |
libfreerdp-core: cleanup of rdp.c, tcp.c, secure.c, network.c
-rw-r--r-- | include/freerdp/types/base.h | 5 | ||||
-rw-r--r-- | include/freerdp/types/ui.h | 5 | ||||
-rw-r--r-- | libfreerdp-core/crypto/openssl.c | 1 | ||||
-rw-r--r-- | libfreerdp-core/freerdp.c | 4 | ||||
-rw-r--r-- | libfreerdp-core/license.c | 1 | ||||
-rw-r--r-- | libfreerdp-core/network.c | 151 | ||||
-rw-r--r-- | libfreerdp-core/network.h | 1 | ||||
-rw-r--r-- | libfreerdp-core/rdp.c | 11 | ||||
-rw-r--r-- | libfreerdp-core/secure.c | 4 | ||||
-rw-r--r-- | libfreerdp-core/secure.h | 7 | ||||
-rw-r--r-- | libfreerdp-core/tcp.c | 55 | ||||
-rw-r--r-- | libfreerdp-core/tcp.h | 4 |
12 files changed, 131 insertions, 118 deletions
diff --git a/include/freerdp/types/base.h b/include/freerdp/types/base.h index de200ca..327c5b3 100644 --- a/include/freerdp/types/base.h +++ b/include/freerdp/types/base.h @@ -23,6 +23,11 @@ #ifndef __TYPES_BASE_H #define __TYPES_BASE_H +#ifndef True +#define True (1) +#define False (0) +#endif + typedef unsigned char uint8; typedef signed char sint8; typedef unsigned short uint16; diff --git a/include/freerdp/types/ui.h b/include/freerdp/types/ui.h index 067363d..f96a32c 100644 --- a/include/freerdp/types/ui.h +++ b/include/freerdp/types/ui.h @@ -31,11 +31,6 @@ typedef void *RD_HGLYPH; typedef void *RD_HPALETTE; typedef void *RD_HCURSOR; -#ifndef True -#define True (1) -#define False (0) -#endif - typedef struct _RD_POINT { sint16 x, y; diff --git a/libfreerdp-core/crypto/openssl.c b/libfreerdp-core/crypto/openssl.c index 84417d7..507288c 100644 --- a/libfreerdp-core/crypto/openssl.c +++ b/libfreerdp-core/crypto/openssl.c @@ -19,6 +19,7 @@ #include "frdp.h" #include "crypto.h" +#include <freerdp/types/base.h> #include <freerdp/utils/memory.h> #include <freerdp/constants/constants.h> #include <time.h> diff --git a/libfreerdp-core/freerdp.c b/libfreerdp-core/freerdp.c index 0ee77a6..a65a0eb 100644 --- a/libfreerdp-core/freerdp.c +++ b/libfreerdp-core/freerdp.c @@ -452,7 +452,7 @@ l_rdp_get_fds(rdpInst * inst, void ** read_fds, int * read_count, #ifdef _WIN32 read_fds[*read_count] = (void *) (rdp->net->tcp->wsa_event); #else - read_fds[*read_count] = (void *)(long) (rdp->net->tcp->sock); + read_fds[*read_count] = (void *)(long) (rdp->net->tcp->sockfd); #endif (*read_count)++; return 0; @@ -471,7 +471,7 @@ l_rdp_check_fds(rdpInst * inst) WSAResetEvent(rdp->net->tcp->wsa_event); #endif rv = 0; - if (tcp_can_recv(rdp->net->tcp->sock, 0)) + if (tcp_can_recv(rdp->net->tcp->sockfd, 0)) { if (!rdp_loop(rdp, &deactivated)) { diff --git a/libfreerdp-core/license.c b/libfreerdp-core/license.c index 20ce159..7f2b14a 100644 --- a/libfreerdp-core/license.c +++ b/libfreerdp-core/license.c @@ -397,6 +397,7 @@ license_process(rdpLicense * license, STREAM s) default: ui_unimpl(license->net->rdp->inst, "Unknown license tag 0x%x", tag); + break; } s->p = license_start + wMsgSize; /* FIXME: Shouldn't be necessary if parsed properly */ ASSERT(s->p <= s->end); diff --git a/libfreerdp-core/network.c b/libfreerdp-core/network.c index 389dc1b..5d9904d 100644 --- a/libfreerdp-core/network.c +++ b/libfreerdp-core/network.c @@ -17,6 +17,7 @@ limitations under the License. */ +#include <freerdp/types/base.h> #include <freerdp/utils/memory.h> #include "network.h" @@ -58,17 +59,6 @@ network_verify_tls(rdpNetwork * net) CryptoCert cert; RD_BOOL verified = False; -#ifdef _WIN32 - /* - * TODO: FIX ME! This is really bad, I know... - * There appears to be a buffer overflow only - * on Windows that affects this part of the code. - * Skipping it is a workaround, but it's obviously - * not a permanent "solution". - */ - return True; -#endif - cert = tls_get_certificate(net->tls); if (!cert) @@ -103,6 +93,78 @@ exit: #endif RD_BOOL +network_connect_rdp(rdpNetwork * net) +{ + RD_BOOL status = False; + + printf("Standard RDP encryption negotiated\n"); + + status = mcs_connect(net->mcs); + + if (status && net->rdp->settings->encryption) + sec_establish_key(net->sec); + + return status; +} + +RD_BOOL +network_connect_tls(rdpNetwork * net) +{ + RD_BOOL status = False; + net->tls = tls_new(); + + if (!tls_connect(net->tls, net->tcp->sockfd)) + return False; + + if (!network_verify_tls(net)) + return False; + + net->tls_connected = 1; + net->rdp->settings->encryption = 0; + + status = mcs_connect(net->mcs); + + return status; +} + +RD_BOOL +network_connect_nla(rdpNetwork * net) +{ + /* TLS with NLA was successfully negotiated */ + + RD_BOOL status = 1; + net->tls = tls_new(); + + if (!tls_connect(net->tls, net->tcp->sockfd)) + return False; + + if (!network_verify_tls(net)) + return False; + + net->tls_connected = 1; + net->rdp->settings->encryption = 0; + + if (!net->rdp->settings->autologin) + if (!ui_authenticate(net->rdp->inst)) + return False; + + net->credssp = credssp_new(net); + + if (credssp_authenticate(net->credssp) < 0) + { + printf("Authentication failure, check credentials.\n" + "If credentials are valid, the NTLMSSP implementation may be to blame.\n"); + credssp_free(net->credssp); + return 0; + } + + credssp_free(net->credssp); + status = mcs_connect(net->mcs); + + return status; +} + +RD_BOOL network_connect(rdpNetwork * net, char* server, char* username, int port) { NEGO *nego = net->iso->nego; @@ -126,75 +188,22 @@ network_connect(rdpNetwork * net, char* server, char* username, int port) if(nego->selected_protocol & PROTOCOL_NLA) { /* TLS with NLA was successfully negotiated */ - - RD_BOOL status = 1; printf("TLS encryption with NLA negotiated\n"); - net->tls = tls_new(); - - if (!tls_connect(net->tls, net->tcp->sock)) - return False; - - if (!network_verify_tls(net)) - return False; - - net->sec->tls_connected = 1; - net->rdp->settings->encryption = 0; - - if (!net->rdp->settings->autologin) - if (!ui_authenticate(net->rdp->inst)) - return False; - - net->credssp = credssp_new(net); - - if (credssp_authenticate(net->credssp) < 0) - { - printf("Authentication failure, check credentials.\n" - "If credentials are valid, the NTLMSSP implementation may be to blame.\n"); - credssp_free(net->credssp); - return 0; - } - - credssp_free(net->credssp); - - status = mcs_connect(net->mcs); - return status; + return network_connect_nla(net); } else if(nego->selected_protocol & PROTOCOL_TLS) { /* TLS without NLA was successfully negotiated */ - RD_BOOL success; printf("TLS encryption negotiated\n"); - net->tls = tls_new(); - - if (!tls_connect(net->tls, net->tcp->sock)) - return False; - - if (!network_verify_tls(net)) - return False; - - net->sec->tls_connected = 1; - net->rdp->settings->encryption = 0; - - success = mcs_connect(net->mcs); - - return success; + return network_connect_tls(net); } else #endif { - RD_BOOL success; - - printf("Standard RDP encryption negotiated\n"); - - success = mcs_connect(net->mcs); - - if (success && net->rdp->settings->encryption) - sec_establish_key(net->sec); - - return success; + return network_connect_rdp(net); } - return 0; + return False; } void @@ -211,14 +220,14 @@ void network_send(rdpNetwork * net, STREAM s) { #ifndef DISABLE_TLS - if (net->sec->tls_connected) + if (net->tls_connected) { tls_write(net->tls, (char*) s->data, s->end - s->data); } else #endif { - tcp_write(net->tcp, s); + tcp_write(net->tcp, (char*) s->data, s->end - s->data); } } @@ -260,7 +269,7 @@ network_recv(rdpNetwork * net, STREAM s, uint32 length) while (length > 0) { #ifndef DISABLE_TLS - if (net->sec->tls_connected) + if (net->tls_connected) { rcvd = tls_read(net->tls, (char*) s->end, length); diff --git a/libfreerdp-core/network.h b/libfreerdp-core/network.h index 24891f0..bbda801 100644 --- a/libfreerdp-core/network.h +++ b/libfreerdp-core/network.h @@ -40,6 +40,7 @@ struct rdp_network char* username; struct stream in; struct stream out; + int tls_connected; struct _NEGO * nego; struct rdp_rdp * rdp; struct rdp_tcp * tcp; diff --git a/libfreerdp-core/rdp.c b/libfreerdp-core/rdp.c index 1ee0d23..29dffcd 100644 --- a/libfreerdp-core/rdp.c +++ b/libfreerdp-core/rdp.c @@ -154,7 +154,7 @@ rdp_init_data(rdpRdp * rdp, int maxlen) uint32 sec_flags; - if (rdp->sec->tls_connected) + if (rdp->net->tls_connected) sec_flags = 0; else sec_flags = rdp->settings->encryption ? SEC_ENCRYPT : 0; @@ -765,7 +765,7 @@ rdp_send_confirm_active(rdpRdp * rdp) s_mark_end(caps); caplen = (int) (caps->end - caps->data); - if (rdp->sec->tls_connected) + if (rdp->net->tls_connected) sec_flags = 0; else sec_flags = rdp->settings->encryption ? SEC_ENCRYPT : 0; @@ -1043,6 +1043,7 @@ process_system_pointer_pdu(rdpRdp * rdp, STREAM s) default: ui_unimpl(rdp->inst, "Unknown System Pointer message 0x%x\n", system_pointer_type); + break; } } @@ -1092,6 +1093,7 @@ process_pointer_pdu(rdpRdp * rdp, STREAM s) default: ui_unimpl(rdp->inst, "Unknown Pointer message 0x%x\n", message_type); + break; } } @@ -1264,6 +1266,7 @@ process_update_pdu(rdpRdp * rdp, STREAM s) default: ui_unimpl(rdp->inst, "Unknown update pdu type 0x%x\n", update_type); + break; } ui_end_update(rdp->inst); } @@ -1361,6 +1364,7 @@ process_data_pdu(rdpRdp * rdp, STREAM s) default: ui_unimpl(rdp->inst, "Unknown data PDU type 0x%x\n", pduType2); + break; } return False; } @@ -1643,6 +1647,7 @@ rdp_loop(rdpRdp * rdp, RD_BOOL * deactivated) break; default: ui_unimpl(rdp->inst, "Unknown PDU type 0x%x", type); + break; } if (disc) return False; @@ -1681,7 +1686,7 @@ rdp_connect(rdpRdp * rdp) xfree(password_encoded); /* by setting encryption to False here, we have an encrypted login packet but unencrypted transfer of other packets */ - if (rdp->sec->tls_connected) + if (rdp->net->tls_connected) rdp->settings->encryption = 0; return True; diff --git a/libfreerdp-core/secure.c b/libfreerdp-core/secure.c index 06e1e3e..8b6f185 100644 --- a/libfreerdp-core/secure.c +++ b/libfreerdp-core/secure.c @@ -258,7 +258,7 @@ static void sec_decrypt(rdpSec * sec, uint8 * data, int length) { #ifndef DISABLE_TLS - if (sec->tls_connected) + if (sec->net->tls_connected) return; #endif @@ -462,7 +462,7 @@ sec_out_client_security_data(rdpSec * sec, rdpSet * settings, STREAM s) out_uint16_le(s, UDH_CS_SECURITY); /* User Data Header type */ out_uint16_le(s, 12); /* total length */ - if (settings->encryption || sec->tls_connected) + if (settings->encryption || sec->net->tls_connected) encryptionMethods = ENCRYPTION_40BIT_FLAG | ENCRYPTION_128BIT_FLAG; out_uint32_le(s, encryptionMethods); /* encryptionMethods */ diff --git a/libfreerdp-core/secure.h b/libfreerdp-core/secure.h index 5a44da1..d446cfe 100644 --- a/libfreerdp-core/secure.h +++ b/libfreerdp-core/secure.h @@ -37,8 +37,9 @@ sec_global_finish(void); struct rdp_sec { - struct rdp_rdp * rdp; int rc4_key_len; + struct rdp_rdp * rdp; + struct rdp_network * net; CryptoRc4 rc4_decrypt_key; CryptoRc4 rc4_encrypt_key; uint32 server_public_key_len; @@ -51,8 +52,6 @@ struct rdp_sec /* These values must be available to reset state - Session Directory */ int sec_encrypt_use_count; int sec_decrypt_use_count; - int tls_connected; - struct rdp_network * net; }; enum sec_recv_type @@ -92,8 +91,6 @@ void sec_out_gcc_conference_create_request(rdpSec * sec, STREAM s); void sec_establish_key(rdpSec * sec); -RD_BOOL -sec_verify_tls(rdpSec * sec, const char * server); void sec_disconnect(rdpSec * sec); rdpSec * diff --git a/libfreerdp-core/tcp.c b/libfreerdp-core/tcp.c index cbb9e21..b7fe6e4 100644 --- a/libfreerdp-core/tcp.c +++ b/libfreerdp-core/tcp.c @@ -131,22 +131,21 @@ tcp_can_recv(int sck, int millis) } void -tcp_write(rdpTcp * tcp, STREAM s) +tcp_write(rdpTcp * tcp, char* b, int length) { int sent = 0; int total = 0; - int length = s->end - s->data; while (total < length) { while (total < length) { - sent = send(tcp->sock, s->data + total, length - total, MSG_NOSIGNAL); + sent = send(tcp->sockfd, b + total, length - total, MSG_NOSIGNAL); if (sent <= 0) { if (sent == -1 && TCP_BLOCKS) { - tcp_can_send(tcp->sock, 100); + tcp_can_send(tcp->sockfd, 100); sent = 0; } else @@ -165,16 +164,16 @@ tcp_read(rdpTcp * tcp, char* b, int length) { int rcvd = 0; - if (!ui_select(tcp->net->sec->rdp->inst, tcp->sock)) + if (!ui_select(tcp->net->sec->rdp->inst, tcp->sockfd)) return -1; /* user quit */ - rcvd = recv(tcp->sock, b, length, 0); + rcvd = recv(tcp->sockfd, b, length, 0); if (rcvd < 0) { if (rcvd == -1 && TCP_BLOCKS) { - tcp_can_recv(tcp->sock, 1); + tcp_can_recv(tcp->sockfd, 1); rcvd = 0; } else @@ -196,7 +195,7 @@ tcp_read(rdpTcp * tcp, char* b, int length) RD_BOOL tcp_connect(rdpTcp * tcp, char * server, int port) { - int sock; + int sockfd; uint32 option_value; socklen_t option_len; @@ -221,22 +220,22 @@ tcp_connect(rdpTcp * tcp, char * server, int port) } ressave = res; - sock = -1; + sockfd = -1; while (res) { - sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if (!(sock < 0)) + sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (!(sockfd < 0)) { - if (connect(sock, res->ai_addr, res->ai_addrlen) == 0) + if (connect(sockfd, res->ai_addr, res->ai_addrlen) == 0) break; - TCP_CLOSE(sock); - sock = -1; + TCP_CLOSE(sockfd); + sockfd = -1; } res = res->ai_next; } freeaddrinfo(ressave); - if (sock == -1) + if (sockfd == -1) { ui_error(tcp->net->rdp->inst, "%s: unable to connect\n", server); return False; @@ -277,33 +276,33 @@ tcp_connect(rdpTcp * tcp, char * server, int port) #endif /* IPv6 */ - tcp->sock = sock; + tcp->sockfd = sockfd; /* set socket as non blocking */ #ifdef _WIN32 { u_long arg = 1; - ioctlsocket(tcp->sock, FIONBIO, &arg); + ioctlsocket(tcp->sockfd, FIONBIO, &arg); tcp->wsa_event = WSACreateEvent(); - WSAEventSelect(tcp->sock, tcp->wsa_event, FD_READ); + WSAEventSelect(tcp->sockfd, tcp->wsa_event, FD_READ); } #else - option_value = fcntl(tcp->sock, F_GETFL); + option_value = fcntl(tcp->sockfd, F_GETFL); option_value = option_value | O_NONBLOCK; - fcntl(tcp->sock, F_SETFL, option_value); + fcntl(tcp->sockfd, F_SETFL, option_value); #endif option_value = 1; option_len = sizeof(option_value); - setsockopt(tcp->sock, IPPROTO_TCP, TCP_NODELAY, (void *) &option_value, option_len); + setsockopt(tcp->sockfd, IPPROTO_TCP, TCP_NODELAY, (void *) &option_value, option_len); /* receive buffer must be a least 16 K */ - if (getsockopt(tcp->sock, SOL_SOCKET, SO_RCVBUF, (void *) &option_value, &option_len) == 0) + if (getsockopt(tcp->sockfd, SOL_SOCKET, SO_RCVBUF, (void *) &option_value, &option_len) == 0) { if (option_value < (1024 * 16)) { option_value = 1024 * 16; option_len = sizeof(option_value); - setsockopt(tcp->sock, SOL_SOCKET, SO_RCVBUF, (void *) &option_value, + setsockopt(tcp->sockfd, SOL_SOCKET, SO_RCVBUF, (void *) &option_value, option_len); } } @@ -315,10 +314,10 @@ tcp_connect(rdpTcp * tcp, char * server, int port) void tcp_disconnect(rdpTcp * tcp) { - if (tcp->sock != -1) + if (tcp->sockfd != -1) { - TCP_CLOSE(tcp->sock); - tcp->sock = -1; + TCP_CLOSE(tcp->sockfd); + tcp->sockfd = -1; } #ifdef _WIN32 if (tcp->wsa_event) @@ -335,7 +334,7 @@ tcp_get_address(rdpTcp * tcp) { struct sockaddr_in sockaddr; socklen_t len = sizeof(sockaddr); - if (getsockname(tcp->sock, (struct sockaddr *) &sockaddr, &len) == 0) + if (getsockname(tcp->sockfd, (struct sockaddr *) &sockaddr, &len) == 0) { uint8 *ip = (uint8 *) & sockaddr.sin_addr; snprintf(tcp->ipaddr, sizeof(tcp->ipaddr), "%d.%d.%d.%d", ip[0], ip[1], ip[2], @@ -358,7 +357,7 @@ tcp_new(struct rdp_network * net) { memset(self, 0, sizeof(rdpTcp)); self->net = net; - self->sock = -1; + self->sockfd = -1; } return self; diff --git a/libfreerdp-core/tcp.h b/libfreerdp-core/tcp.h index b06954c..e71ded2 100644 --- a/libfreerdp-core/tcp.h +++ b/libfreerdp-core/tcp.h @@ -26,7 +26,7 @@ struct rdp_tcp { - int sock; + int sockfd; char ipaddr[32]; int tcp_port_rdp; struct rdp_network * net; @@ -37,7 +37,7 @@ struct rdp_tcp typedef struct rdp_tcp rdpTcp; void -tcp_write(rdpTcp * tcp, STREAM s); +tcp_write(rdpTcp * tcp, char* b, int length); int tcp_read(rdpTcp * tcp, char* b, int length); |