From 5fcf6beffa3367b8b313bf4414ffd6b3419c76d1 Mon Sep 17 00:00:00 2001 From: Idan Freiberg Date: Mon, 14 Jul 2014 15:33:41 +0300 Subject: [PATCH 01/22] libxrdp: enforce server security layer when rdpNegData is not exists --- libxrdp/xrdp_iso.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c index 633dc5a9..b15be2ad 100644 --- a/libxrdp/xrdp_iso.c +++ b/libxrdp/xrdp_iso.c @@ -305,12 +305,10 @@ xrdp_iso_incoming(struct xrdp_iso *self) } } + int serverSecurityLayer = self->mcs_layer->sec_layer->rdp_layer->client_info.security_layer; /* security layer negotiation */ if (self->rdpNegData) { - int - serverSecurityLayer = - self->mcs_layer->sec_layer->rdp_layer->client_info.security_layer; self->selectedProtocol = PROTOCOL_RDP; /* set default security layer */ switch (serverSecurityLayer) @@ -371,6 +369,11 @@ xrdp_iso_incoming(struct xrdp_iso *self) self->failureCode = INCONSISTENT_FLAGS; //TODO: ? } } + else if (self->requestedProtocol != serverSecurityLayer) + { + /* enforce server security */ + return 1; + } /* set things for tls connection */ From f0b6c6b1d178419ae82ad1c8ea2d74c97cc2f27b Mon Sep 17 00:00:00 2001 From: Idan Freiberg Date: Tue, 15 Jul 2014 18:29:40 +0300 Subject: [PATCH 02/22] libxrdp: started adding TLS support --- common/trans.c | 8 +- common/trans.h | 2 + libxrdp/Makefile.am | 3 +- libxrdp/libxrdp.c | 6 +- libxrdp/libxrdp.h | 26 +++++ libxrdp/xrdp_mcs.c | 18 ++++ libxrdp/xrdp_sec.c | 4 + libxrdp/xrdp_tls.c | 239 ++++++++++++++++++++++++++++++++++++++++++++ 8 files changed, 302 insertions(+), 4 deletions(-) create mode 100644 libxrdp/xrdp_tls.c diff --git a/common/trans.c b/common/trans.c index 6fd5a9d8..421d5679 100644 --- a/common/trans.c +++ b/common/trans.c @@ -38,6 +38,8 @@ trans_create(int mode, int in_size, int out_size) make_stream(self->out_s); init_stream(self->out_s, out_size); self->mode = mode; + self->do_tls = 0; /* default simple tcp layer */ + self->tls = 0; } return self; @@ -248,7 +250,7 @@ trans_check_wait_objs(struct trans *self) if (to_read > 0) { - read_bytes = g_tcp_recv(self->sck, self->in_s->end, to_read, 0); + read_bytes = g_tcp_recv(self->sck, self->in_s->end, to_read, 0); if (read_bytes == -1) { @@ -318,7 +320,9 @@ trans_force_read_s(struct trans *self, struct stream *in_s, int size) { return 1; } + rcvd = g_tcp_recv(self->sck, in_s->end, size, 0); + if (rcvd == -1) { if (g_tcp_last_error_would_block(self->sck)) @@ -391,7 +395,7 @@ trans_force_write_s(struct trans *self, struct stream *out_s) while (total < size) { - sent = g_tcp_send(self->sck, out_s->data + total, size - total, 0); + sent = g_tcp_send(self->sck, out_s->data + total, size - total, 0); if (sent == -1) { diff --git a/common/trans.h b/common/trans.h index 4a8b249c..a391309e 100644 --- a/common/trans.h +++ b/common/trans.h @@ -60,6 +60,8 @@ struct trans char port[256]; int no_stream_init_on_data_in; int extra_flags; /* user defined */ + int do_tls; /* 0 - tcp, 1 - tls */ + struct xrdp_tls *tls; }; struct trans* APP_CC diff --git a/libxrdp/Makefile.am b/libxrdp/Makefile.am index bd37cad4..57c4b716 100644 --- a/libxrdp/Makefile.am +++ b/libxrdp/Makefile.am @@ -61,7 +61,8 @@ libxrdp_la_SOURCES = \ xrdp_orders_rail.c \ xrdp_mppc_enc.c \ xrdp_fastpath.c \ - xrdp_caps.c + xrdp_caps.c \ + xrdp_tls.c libxrdp_la_LDFLAGS = \ $(EXTRA_FLAGS) diff --git a/libxrdp/libxrdp.c b/libxrdp/libxrdp.c index e9c3508b..6a79e8fb 100644 --- a/libxrdp/libxrdp.c +++ b/libxrdp/libxrdp.c @@ -141,7 +141,11 @@ libxrdp_force_read(struct trans* trans) s = trans->in_s; init_stream(s, 32 * 1024); - if (trans_force_read(trans, 4) != 0) + if (trans->do_tls) + { + /*TLS*/ + } + else if (trans_force_read(trans, 4) != 0) /*TCP*/ { g_writeln("libxrdp_force_read: error"); return 0; diff --git a/libxrdp/libxrdp.h b/libxrdp/libxrdp.h index f702c280..c2800abf 100644 --- a/libxrdp/libxrdp.h +++ b/libxrdp/libxrdp.h @@ -36,6 +36,7 @@ #include "libxrdpinc.h" #include "file_loc.h" #include "xrdp_client_info.h" +#include /* iso */ @@ -131,6 +132,7 @@ struct xrdp_sec void *encrypt_fips_info; void *decrypt_fips_info; void *sign_fips_info; + struct xrdp_tls *tls; }; /* channel */ @@ -290,6 +292,30 @@ struct xrdp_mppc_enc tui16 *hash_table; }; + +/* xrdp_tls */ +struct xrdp_tls { + SSL *ssl; + SSL_CTX *ctx; + char *cert; + char *key; + struct trans *trans; +}; + +/* xrdp_tls.c */ +struct xrdp_tls *APP_CC +xrdp_tls_create(struct trans *trans, const char *key, const char *cert); +int APP_CC +xrdp_tls_accept(struct xrdp_tls *self); +int APP_CC +xrdp_tls_disconnect(struct xrdp_tls *self); +void APP_CC +xrdp_tls_delete(struct xrdp_tls *self); +int APP_CC +xrdp_tls_read(struct xrdp_tls *tls, unsigned char *data, int length); +int APP_CC +xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length); + int APP_CC compress_rdp(struct xrdp_mppc_enc *enc, tui8 *srcData, int len); struct xrdp_mppc_enc * APP_CC diff --git a/libxrdp/xrdp_mcs.c b/libxrdp/xrdp_mcs.c index c1b0b908..df4f81f5 100644 --- a/libxrdp/xrdp_mcs.c +++ b/libxrdp/xrdp_mcs.c @@ -755,6 +755,21 @@ xrdp_mcs_incoming(struct xrdp_mcs *self) return 1; } + /* tls */ + if (PROTOCOL_SSL & self->iso_layer->selectedProtocol) + { + g_writeln("xrdp_mcs_incoming: TLS mode!"); + self->sec_layer->crypt_level = CRYPT_LEVEL_NONE; + self->sec_layer->crypt_method = CRYPT_METHOD_NONE; + + if (xrdp_tls_accept(self->sec_layer->tls) != 0) + { + g_writeln("xrdp_mcs_incoming: ssl_tls_accept failed"); + return 1; + } + g_writeln("xrdp_mcs_incoming: ssl_tls_accept done!!!!"); + } + if (xrdp_mcs_recv_connect_initial(self) != 0) { return 1; @@ -961,6 +976,7 @@ xrdp_mcs_disconnect(struct xrdp_mcs *self) if (xrdp_iso_init(self->iso_layer, s) != 0) { + xrdp_tls_disconnect(self->sec_layer->tls); free_stream(s); close_rdp_socket(self); DEBUG((" out xrdp_mcs_disconnect error - 1")); @@ -973,12 +989,14 @@ xrdp_mcs_disconnect(struct xrdp_mcs *self) if (xrdp_iso_send(self->iso_layer, s) != 0) { + xrdp_tls_disconnect(self->sec_layer->tls); free_stream(s); close_rdp_socket(self); DEBUG((" out xrdp_mcs_disconnect error - 2")); return 1; } + xrdp_tls_disconnect(self->sec_layer->tls); free_stream(s); close_rdp_socket(self); DEBUG(("xrdp_mcs_disconnect - close sent")); diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index d726f3e8..c908c081 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -276,6 +276,8 @@ xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans, int crypt_level, &(self->server_mcs_data)); self->fastpath_layer = xrdp_fastpath_create(self, trans); self->chan_layer = xrdp_channel_create(self, self->mcs_layer); + //TODO: add cert to config + self->tls = xrdp_tls_create(trans, "/opt/xrdpdev/etc/xrdp/pkey.pem", "/opt/xrdpdev/etc/xrdp/cert.pem"); DEBUG((" out xrdp_sec_create")); return self; } @@ -298,6 +300,7 @@ xrdp_sec_delete(struct xrdp_sec *self) ssl_des3_info_delete(self->decrypt_fips_info); ssl_des3_info_delete(self->encrypt_fips_info); ssl_hmac_info_delete(self->sign_fips_info); + xrdp_tls_delete(self->tls); g_free(self->client_mcs_data.data); g_free(self->server_mcs_data.data); /* Crypto information must always be cleared */ @@ -2115,6 +2118,7 @@ xrdp_sec_disconnect(struct xrdp_sec *self) int rv; DEBUG((" in xrdp_sec_disconnect")); + rv = xrdp_mcs_disconnect(self->mcs_layer); DEBUG((" out xrdp_sec_disconnect")); return rv; diff --git a/libxrdp/xrdp_tls.c b/libxrdp/xrdp_tls.c new file mode 100644 index 00000000..d893ca3c --- /dev/null +++ b/libxrdp/xrdp_tls.c @@ -0,0 +1,239 @@ +/** + * xrdp: A Remote Desktop Protocol server. + * + * Copyright (C) Idan Freiberg 2013-2014 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * transport layer security + */ + +#include "libxrdp.h" + +/*****************************************************************************/ +struct xrdp_tls *APP_CC +xrdp_tls_create(struct trans *trans, const char *key, const char *cert) +{ + struct xrdp_tls *self; + self = (struct xrdp_tls *) g_malloc(sizeof(struct xrdp_tls), 1); + + if (self != NULL) + { + self->trans = trans; + self->cert = g_malloc(g_strlen(key) + 1, 1); + self->key = g_malloc(g_strlen(cert) + 1, 1); + strcpy(self->cert, cert); + strcpy(self->key, key); + } + + return self; +} +/*****************************************************************************/ +int APP_CC +xrdp_tls_accept(struct xrdp_tls *self) +{ + int connection_status; + long options = 0; + + /** + * SSL_OP_NO_SSLv2: + * + * We only want SSLv3 and TLSv1, so disable SSLv2. + * SSLv3 is used by, eg. Microsoft RDC for Mac OS X. + */ + options |= SSL_OP_NO_SSLv2; + + /** + * SSL_OP_NO_COMPRESSION: + * + * The Microsoft RDP server does not advertise support + * for TLS compression, but alternative servers may support it. + * This was observed between early versions of the FreeRDP server + * and the FreeRDP client, and caused major performance issues, + * which is why we're disabling it. + */ + options |= SSL_OP_NO_COMPRESSION; + + /** + * SSL_OP_TLS_BLOCK_PADDING_BUG: + * + * The Microsoft RDP server does *not* support TLS padding. + * It absolutely needs to be disabled otherwise it won't work. + */ + options |= SSL_OP_TLS_BLOCK_PADDING_BUG; + + /** + * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: + * + * Just like TLS padding, the Microsoft RDP server does not + * support empty fragments. This needs to be disabled. + */ + options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + + self->ctx = SSL_CTX_new(SSLv23_server_method()); + /* set context options */ + SSL_CTX_set_mode(self->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE); + SSL_CTX_set_options(self->ctx, options); + SSL_CTX_set_read_ahead(self->ctx, 1); + + if (self->ctx == NULL) { + g_writeln("ssl_tls_accept: SSL_CTX_new failed"); + return 1; + } + + if (SSL_CTX_use_RSAPrivateKey_file(self->ctx, self->key, SSL_FILETYPE_PEM) + <= 0) { + g_writeln("ssl_tls_accept: SSL_CTX_use_RSAPrivateKey_file failed"); + return 1; + } + + self->ssl = SSL_new(self->ctx); + + if (self->ssl == NULL) { + g_writeln("ssl_tls_accept: SSL_new failed"); + return 1; + } + + if (SSL_use_certificate_file(self->ssl, self->cert, SSL_FILETYPE_PEM) <= 0) { + g_writeln("ssl_tls_accept: SSL_use_certificate_file failed"); + return 1; + } + + if (SSL_set_fd(self->ssl, self->trans->sck) < 1) { + g_writeln("ssl_tls_accept: SSL_set_fd failed"); + return 1; + } + + connection_status = SSL_accept(self->ssl); + + if (connection_status <= 0) { + if (xrdp_tls_print_error("SSL_accept", self->ssl, connection_status)) + { + return 1; + } + } + + g_writeln("ssl_tls_accept: TLS connection accepted"); + + /* set trans for TLS */ + self->trans->do_tls = 1; /* TLS layer */ + self->trans->tls = self; /* owner */ + + return 0; +} +/*****************************************************************************/ +int APP_CC +xrdp_tls_print_error(char *func, SSL *connection, int value) +{ + switch (SSL_get_error(connection, value)) + { + case SSL_ERROR_ZERO_RETURN: + g_writeln("xrdp_tls_print_error: %s: Server closed TLS connection", func); + return 1; + + case SSL_ERROR_WANT_READ: + g_writeln("xrdp_tls_print_error: SSL_ERROR_WANT_READ"); + return 0; + + case SSL_ERROR_WANT_WRITE: + g_writeln("xrdp_tls_print_error: SSL_ERROR_WANT_WRITE"); + return 0; + + case SSL_ERROR_SYSCALL: + g_writeln("xrdp_tls_print_error: %s: I/O error", func); + return 1; + + case SSL_ERROR_SSL: + g_writeln("xrdp_tls_print_error: %s: Failure in SSL library (protocol error?)", func); + return 1; + + default: + g_writeln("xrdp_tls_print_error: %s: Unknown error", func); + return 1; + } +} +/*****************************************************************************/ +int APP_CC +xrdp_tls_disconnect(struct xrdp_tls *self) +{ + SSL_shutdown(self->ssl); + return 0; +} +/*****************************************************************************/ +void APP_CC +xrdp_tls_delete(struct xrdp_tls *self) +{ + if (self != NULL) + { + if (self->ssl) + SSL_free(self->ssl); + + if (self->ctx) + SSL_CTX_free(self->ctx); + + g_free(self); + } +} +/*****************************************************************************/ +int APP_CC +xrdp_tls_read(struct xrdp_tls *tls, unsigned char *data, int length) +{ + int status; + + status = SSL_read(tls->ssl, data, length); + + switch (SSL_get_error(tls->ssl, status)) + { + case SSL_ERROR_NONE: + break; + + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + status = 0; + break; + + default: + xrdp_tls_print_error("SSL_read", tls->ssl, status); + status = -1; + break; + } + + return status; +} +/*****************************************************************************/ +int APP_CC +xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length) +{ + int status; + + status = SSL_write(tls->ssl, data, length); + + switch (SSL_get_error(tls->ssl, status)) + { + case SSL_ERROR_NONE: + break; + + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + status = 0; + break; + + default: + xrdp_tls_print_error("SSL_write", tls->ssl, status); + status = -1; + break; + } + + return status; +} +/*****************************************************************************/ From 7ab1d887aecf7883b1254cd97ecfee02de45b74a Mon Sep 17 00:00:00 2001 From: Idan Freiberg Date: Thu, 17 Jul 2014 14:29:23 +0300 Subject: [PATCH 03/22] libxrdp: work on TLS support --- libxrdp/libxrdp.c | 23 +++++- libxrdp/libxrdp.h | 4 +- libxrdp/xrdp_iso.c | 9 ++- libxrdp/xrdp_mcs.c | 10 ++- libxrdp/xrdp_sec.c | 15 +++- libxrdp/xrdp_tls.c | 179 +++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 230 insertions(+), 10 deletions(-) diff --git a/libxrdp/libxrdp.c b/libxrdp/libxrdp.c index 6a79e8fb..44e9d775 100644 --- a/libxrdp/libxrdp.c +++ b/libxrdp/libxrdp.c @@ -143,7 +143,12 @@ libxrdp_force_read(struct trans* trans) init_stream(s, 32 * 1024); if (trans->do_tls) { - /*TLS*/ + g_writeln("libxrdp_force_read: tls data in"); + if (xrdp_tls_force_read_s(trans, s, 4) != 0) + { + return 0; + } + g_hexdump(s->data, 4); } else if (trans_force_read(trans, 4) != 0) /*TCP*/ { @@ -161,11 +166,25 @@ libxrdp_force_read(struct trans* trans) g_writeln("libxrdp_force_read: error"); return 0; } - if (trans_force_read(trans, bytes - 4) != 0) + + if (trans->do_tls) + { + g_writeln("libxrdp_force_read: tls data in"); + xrdp_tls_force_read_s(trans, s, bytes - 4); + g_hexdump(s->data, bytes); + } + else if (trans_force_read(trans, bytes - 4) != 0) /*TCP*/ { g_writeln("libxrdp_force_read: error"); return 0; } + + +// if (trans_force_read(trans, bytes - 4) != 0) +// { +// g_writeln("libxrdp_force_read: error"); +// return 0; +// } return s; } diff --git a/libxrdp/libxrdp.h b/libxrdp/libxrdp.h index c2800abf..4ce39eb3 100644 --- a/libxrdp/libxrdp.h +++ b/libxrdp/libxrdp.h @@ -312,9 +312,9 @@ xrdp_tls_disconnect(struct xrdp_tls *self); void APP_CC xrdp_tls_delete(struct xrdp_tls *self); int APP_CC -xrdp_tls_read(struct xrdp_tls *tls, unsigned char *data, int length); +xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size); int APP_CC -xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length); +xrdp_tls_force_write_s(struct trans *self, struct stream *out_s); int APP_CC compress_rdp(struct xrdp_mppc_enc *enc, tui8 *srcData, int len); diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c index b15be2ad..33570e19 100644 --- a/libxrdp/xrdp_iso.c +++ b/libxrdp/xrdp_iso.c @@ -416,7 +416,14 @@ xrdp_iso_send(struct xrdp_iso *self, struct stream *s) out_uint8(s, ISO_PDU_DT); out_uint8(s, 0x80); - if (trans_force_write_s(self->trans, s) != 0) + if (self->trans->do_tls) + { + if (xrdp_tls_force_write_s(self->trans, s) != 0) + { + return 1; + } + } + else if (trans_force_write_s(self->trans, s) != 0) { return 1; } diff --git a/libxrdp/xrdp_mcs.c b/libxrdp/xrdp_mcs.c index df4f81f5..13d190d2 100644 --- a/libxrdp/xrdp_mcs.c +++ b/libxrdp/xrdp_mcs.c @@ -630,6 +630,7 @@ static int APP_CC xrdp_mcs_ber_out_header(struct xrdp_mcs *self, struct stream *s, int tag_val, int len) { + g_writeln("tag_val > 0xff ? %d", tag_val > 0xff); if (tag_val > 0xff) { out_uint16_be(s, tag_val); @@ -639,6 +640,7 @@ xrdp_mcs_ber_out_header(struct xrdp_mcs *self, struct stream *s, out_uint8(s, tag_val); } + g_writeln("len >= 0x80 ? %d", len >= 0x80); if (len >= 0x80) { out_uint8(s, 0x82); @@ -720,7 +722,8 @@ xrdp_mcs_send_connect_response(struct xrdp_mcs *self) init_stream(s, 8192); data_len = (int) (self->server_mcs_data->end - self->server_mcs_data->data); xrdp_iso_init(self->iso_layer, s); - xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, data_len + 38); + //TODO: 36 - tls , 38 - rdp - we should calculate that + xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, data_len + 36); xrdp_mcs_ber_out_header(self, s, BER_TAG_RESULT, 1); out_uint8(s, 0); xrdp_mcs_ber_out_header(self, s, BER_TAG_INTEGER, 1); @@ -750,17 +753,19 @@ xrdp_mcs_incoming(struct xrdp_mcs *self) { DEBUG((" in xrdp_mcs_incoming")); + /* ISO */ if (xrdp_iso_incoming(self->iso_layer) != 0) { return 1; } - /* tls */ + /* TLS */ if (PROTOCOL_SSL & self->iso_layer->selectedProtocol) { g_writeln("xrdp_mcs_incoming: TLS mode!"); self->sec_layer->crypt_level = CRYPT_LEVEL_NONE; self->sec_layer->crypt_method = CRYPT_METHOD_NONE; + self->sec_layer->rsa_key_bytes = 0; if (xrdp_tls_accept(self->sec_layer->tls) != 0) { @@ -770,6 +775,7 @@ xrdp_mcs_incoming(struct xrdp_mcs *self) g_writeln("xrdp_mcs_incoming: ssl_tls_accept done!!!!"); } + /* MCS */ if (xrdp_mcs_recv_connect_initial(self) != 0) { return 1; diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index c908c081..ef1b94f9 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -277,7 +277,8 @@ xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans, int crypt_level, self->fastpath_layer = xrdp_fastpath_create(self, trans); self->chan_layer = xrdp_channel_create(self, self->mcs_layer); //TODO: add cert to config - self->tls = xrdp_tls_create(trans, "/opt/xrdpdev/etc/xrdp/pkey.pem", "/opt/xrdpdev/etc/xrdp/cert.pem"); + self->tls = xrdp_tls_create(trans, "/opt/xrdpdev/etc/xrdp/pkey.pem", + "/opt/xrdpdev/etc/xrdp/cert.pem"); DEBUG((" out xrdp_sec_create")); return self; } @@ -1857,7 +1858,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) ud_ptr = s->p; /* User Data */ out_uint16_le(s, SEC_TAG_SRV_INFO); - if (self->mcs_layer->iso_layer->selectedProtocol != -1) + if (self->mcs_layer->iso_layer->rdpNegData) { out_uint16_le(s, 12); /* len */ } @@ -1869,7 +1870,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) out_uint8(s, 0); out_uint8(s, 8); out_uint8(s, 0); - if (self->mcs_layer->iso_layer->selectedProtocol != -1) + if (self->mcs_layer->iso_layer->rdpNegData) { /* ReqeustedProtocol */ out_uint32_le(s, self->mcs_layer->iso_layer->selectedProtocol); @@ -1952,6 +1953,14 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) out_uint8a(s, self->pub_sig, 64); /* pub sig */ out_uint8s(s, 8); /* pad */ } + else if (self->rsa_key_bytes == 0) /* no security */ + { + g_writeln("xrdp_sec_out_mcs_data: using no security"); + out_uint16_le(s, SEC_TAG_SRV_CRYPT); + out_uint16_le(s, 12); /* len is 12 */ + out_uint32_le(s, self->crypt_method); + out_uint32_le(s, self->crypt_level); + } else { LLOGLN(0, ("xrdp_sec_out_mcs_data: error")); diff --git a/libxrdp/xrdp_tls.c b/libxrdp/xrdp_tls.c index d893ca3c..1f6e847e 100644 --- a/libxrdp/xrdp_tls.c +++ b/libxrdp/xrdp_tls.c @@ -237,3 +237,182 @@ xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length) return status; } /*****************************************************************************/ +int APP_CC +xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size) +{ + int rcvd; + + if (self->status != TRANS_STATUS_UP) + { + return 1; + } + + while (size > 0) + { + /* make sure stream has room */ + if ((in_s->end + size) > (in_s->data + in_s->size)) + { + return 1; + } + + g_writeln("xrdp_tls_force_read_s: Pending= %d", SSL_pending(self->tls->ssl)); + rcvd = xrdp_tls_read(self->tls, in_s->end, size); + + if (rcvd == -1) + { + if (g_tcp_last_error_would_block(self->sck)) + { + if (!g_tcp_can_recv(self->sck, 100)) + { + /* check for term here */ + if (self->is_term != 0) + { + if (self->is_term()) + { + /* term */ + self->status = TRANS_STATUS_DOWN; + return 1; + } + } + } + } + else + { + /* error */ + self->status = TRANS_STATUS_DOWN; + return 1; + } + } + else if (rcvd == 0) + { + /* error */ + self->status = TRANS_STATUS_DOWN; + return 1; + } + else + { + in_s->end += rcvd; + size -= rcvd; + } + } + + return 0; +} + +/*****************************************************************************/ +int APP_CC +xrdp_tls_force_write_s(struct trans *self, struct stream *out_s) +{ + int size; + int total; + int sent; + + if (self->status != TRANS_STATUS_UP) + { + return 1; + } + + size = (int)(out_s->end - out_s->data); + g_writeln("packet size= %d", size); + total = 0; + + if (send_waiting(self, 1) != 0) + { + self->status = TRANS_STATUS_DOWN; + return 1; + } + + while (total < size) + { + sent = xrdp_tls_write(self->tls, out_s->data + total, size - total); + + if (sent == -1) + { + if (g_tcp_last_error_would_block(self->sck)) + { + if (!g_tcp_can_send(self->sck, 100)) + { + /* check for term here */ + if (self->is_term != 0) + { + if (self->is_term()) + { + /* term */ + self->status = TRANS_STATUS_DOWN; + return 1; + } + } + } + } + else + { + /* error */ + self->status = TRANS_STATUS_DOWN; + return 1; + } + } + else if (sent == 0) + { + /* error */ + self->status = TRANS_STATUS_DOWN; + return 1; + } + else + { + total = total + sent; + } + } + + return 0; +} +/*****************************************************************************/ +int APP_CC +send_waiting(struct trans *self, int block) +{ + struct stream *temp_s; + int bytes; + int sent; + int timeout; + int cont; + + timeout = block ? 100 : 0; + cont = 1; + while (cont) + { + if (self->wait_s != 0) + { + temp_s = self->wait_s; + if (g_tcp_can_send(self->sck, timeout)) + { + bytes = (int) (temp_s->end - temp_s->p); + sent = xrdp_tls_write(self->tls, temp_s->p, bytes); + if (sent > 0) + { + temp_s->p += sent; + if (temp_s->p >= temp_s->end) + { + self->wait_s = (struct stream *) (temp_s->next_packet); + free_stream(temp_s); + } + } + else if (sent == 0) + { + return 1; + } + else + { + if (!g_tcp_last_error_would_block(self->sck)) + { + return 1; + } + } + } + } + else + { + break; + } + cont = block; + } + return 0; +} From 1acdc3085eb260c166db7d575f6dfcb8a9cc2e72 Mon Sep 17 00:00:00 2001 From: speidy Date: Mon, 21 Jul 2014 07:00:12 +0300 Subject: [PATCH 04/22] libxrdp: work on TLS mode, temporary changes --- libxrdp/xrdp_mcs.c | 4 ++-- libxrdp/xrdp_sec.c | 27 ++++++++++++++------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/libxrdp/xrdp_mcs.c b/libxrdp/xrdp_mcs.c index 13d190d2..fd8fe3fb 100644 --- a/libxrdp/xrdp_mcs.c +++ b/libxrdp/xrdp_mcs.c @@ -630,7 +630,6 @@ static int APP_CC xrdp_mcs_ber_out_header(struct xrdp_mcs *self, struct stream *s, int tag_val, int len) { - g_writeln("tag_val > 0xff ? %d", tag_val > 0xff); if (tag_val > 0xff) { out_uint16_be(s, tag_val); @@ -640,7 +639,6 @@ xrdp_mcs_ber_out_header(struct xrdp_mcs *self, struct stream *s, out_uint8(s, tag_val); } - g_writeln("len >= 0x80 ? %d", len >= 0x80); if (len >= 0x80) { out_uint8(s, 0x82); @@ -721,6 +719,7 @@ xrdp_mcs_send_connect_response(struct xrdp_mcs *self) make_stream(s); init_stream(s, 8192); data_len = (int) (self->server_mcs_data->end - self->server_mcs_data->data); + g_writeln("data len = %d , +36= %d", data_len, data_len+36); xrdp_iso_init(self->iso_layer, s); //TODO: 36 - tls , 38 - rdp - we should calculate that xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, data_len + 36); @@ -734,6 +733,7 @@ xrdp_mcs_send_connect_response(struct xrdp_mcs *self) out_uint8a(s, self->server_mcs_data->data, data_len); s_mark_end(s); + g_hexdump(s->data, 150); if (xrdp_iso_send(self->iso_layer, s) != 0) { free_stream(s); diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index ef1b94f9..76fc3ae2 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -277,8 +277,8 @@ xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans, int crypt_level, self->fastpath_layer = xrdp_fastpath_create(self, trans); self->chan_layer = xrdp_channel_create(self, self->mcs_layer); //TODO: add cert to config - self->tls = xrdp_tls_create(trans, "/opt/xrdpdev/etc/xrdp/pkey.pem", - "/opt/xrdpdev/etc/xrdp/cert.pem"); + self->tls = xrdp_tls_create(trans, "/opt/xrdpinstall/etc/xrdp/pkey.pem", + "/opt/xrdpinstall/etc/xrdp/cert.pem"); DEBUG((" out xrdp_sec_create")); return self; } @@ -329,7 +329,7 @@ xrdp_sec_init(struct xrdp_sec *self, struct stream *s) } else { - s_push_layer(s, sec_hdr, 4); +// s_push_layer(s, sec_hdr, 4); } return 0; @@ -1048,6 +1048,7 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan) } in_uint32_le(s, flags); DEBUG((" in xrdp_sec_recv flags $%x", flags)); + g_writeln("userdata shareheaedr flags = %d", flags); if (flags & SEC_ENCRYPT) /* 0x08 */ { @@ -1257,7 +1258,7 @@ xrdp_sec_send(struct xrdp_sec *self, struct stream *s, int chan) } else { - out_uint32_le(s, 0); +// out_uint32_le(s, 0); } if (xrdp_mcs_send(self->mcs_layer, s, chan) != 0) @@ -1835,11 +1836,11 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) num_channels_even = num_channels + (num_channels & 1); s = &(self->server_mcs_data); init_stream(s, 8192); - out_uint16_be(s, 5); + out_uint16_be(s, 5); /* AsnBerObjectIdentifier */ out_uint16_be(s, 0x14); out_uint8(s, 0x7c); - out_uint16_be(s, 1); - out_uint8(s, 0x2a); + out_uint16_be(s, 1); /* -- */ + out_uint8(s, 0x2a); /* ConnectPDULen */ out_uint8(s, 0x14); out_uint8(s, 0x76); out_uint8(s, 0x0a); @@ -1854,7 +1855,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) out_uint8(s, 0x6e); /* n */ /* GCC Response Total Length - 2 bytes , set later */ gcc_size_ptr = s->p; /* RDPGCCUserDataResponseLength */ - out_uint8s(s, 2); + out_uint8(s, 0); ud_ptr = s->p; /* User Data */ out_uint16_le(s, SEC_TAG_SRV_INFO); @@ -1873,7 +1874,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) if (self->mcs_layer->iso_layer->rdpNegData) { /* ReqeustedProtocol */ - out_uint32_le(s, self->mcs_layer->iso_layer->selectedProtocol); + out_uint32_le(s, self->mcs_layer->iso_layer->requestedProtocol); } out_uint16_le(s, SEC_TAG_SRV_CHANNELS); out_uint16_le(s, 8 + (num_channels_even * 2)); /* len */ @@ -1960,7 +1961,7 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) out_uint16_le(s, 12); /* len is 12 */ out_uint32_le(s, self->crypt_method); out_uint32_le(s, self->crypt_level); - } + } else { LLOGLN(0, ("xrdp_sec_out_mcs_data: error")); @@ -1968,9 +1969,9 @@ xrdp_sec_out_mcs_data(struct xrdp_sec *self) /* end certificate */ s_mark_end(s); - gcc_size = (int)(s->end - ud_ptr) | 0x8000; - gcc_size_ptr[0] = gcc_size >> 8; - gcc_size_ptr[1] = gcc_size; + gcc_size = (int)(s->end - ud_ptr);// | 0x8000; + gcc_size_ptr[0] = gcc_size;// >> 8; + //gcc_size_ptr[1] = gcc_size; return 0; } From afdf638c7b56e7420e32853df6299d9217e0f8d4 Mon Sep 17 00:00:00 2001 From: Idan Freiberg Date: Wed, 23 Jul 2014 15:31:45 +0300 Subject: [PATCH 05/22] libxrdp, common: work on TLS mode --- common/Makefile.am | 5 +- common/trans.c | 65 ++++- common/trans.h | 38 ++- common/xrdp_client_info.h | 3 + {libxrdp => common}/xrdp_tls.c | 44 ++-- libxrdp/Makefile.am | 3 +- libxrdp/libxrdp.c | 27 +- libxrdp/libxrdp.h | 36 +-- libxrdp/xrdp_fastpath.c | 2 +- libxrdp/xrdp_iso.c | 15 +- libxrdp/xrdp_mcs.c | 222 ++++++++++++---- libxrdp/xrdp_rdp.c | 46 +++- libxrdp/xrdp_sec.c | 459 +++++++++++++-------------------- xrdp/xrdp.ini | 10 +- xrdp/xrdp_process.c | 1 - 15 files changed, 544 insertions(+), 432 deletions(-) rename {libxrdp => common}/xrdp_tls.c (91%) diff --git a/common/Makefile.am b/common/Makefile.am index ab9c2bd5..9feac9fb 100644 --- a/common/Makefile.am +++ b/common/Makefile.am @@ -17,7 +17,7 @@ EXTRA_DIST = \ trans.h \ xrdp_client_info.h \ xrdp_constants.h \ - xrdp_rail.h + xrdp_rail.h AM_CFLAGS = \ -DXRDP_CFG_PATH=\"${sysconfdir}/xrdp\" \ @@ -39,7 +39,8 @@ libcommon_la_SOURCES = \ os_calls.c \ ssl_calls.c \ thread_calls.c \ - trans.c + trans.c \ + xrdp_tls.c libcommon_la_LIBADD = \ -lcrypto \ diff --git a/common/trans.c b/common/trans.c index 421d5679..d58bdd91 100644 --- a/common/trans.c +++ b/common/trans.c @@ -38,8 +38,10 @@ trans_create(int mode, int in_size, int out_size) make_stream(self->out_s); init_stream(self->out_s, out_size); self->mode = mode; - self->do_tls = 0; /* default simple tcp layer */ self->tls = 0; + /* assign tcp functions */ + self->trans_read_call = trans_tcp_force_read_s; + self->trans_write_call = trans_tcp_force_write_s; } return self; @@ -70,6 +72,11 @@ trans_delete(struct trans *self) g_free(self->listen_filename); } + if (self->tls != 0) + { + xrdp_tls_delete(self->tls); + } + g_free(self); } @@ -301,10 +308,15 @@ trans_check_wait_objs(struct trans *self) return rv; } - /*****************************************************************************/ int APP_CC trans_force_read_s(struct trans *self, struct stream *in_s, int size) +{ + return self->trans_read_call(self, in_s, size); +} +/*****************************************************************************/ +int APP_CC +trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size) { int rcvd; @@ -368,12 +380,22 @@ trans_force_read_s(struct trans *self, struct stream *in_s, int size) int APP_CC trans_force_read(struct trans *self, int size) { + if (self->tls != 0) + { + return xrdp_tls_force_read_s(self, self->in_s, size); + } return trans_force_read_s(self, self->in_s, size); } /*****************************************************************************/ int APP_CC trans_force_write_s(struct trans *self, struct stream *out_s) +{ + return self->trans_write_call(self, out_s); +} +/*****************************************************************************/ +int APP_CC +trans_tcp_force_write_s(struct trans *self, struct stream *out_s) { int size; int total; @@ -632,3 +654,42 @@ trans_get_out_s(struct trans *self, int size) return rv; } +/*****************************************************************************/ +/* returns error */ +int APP_CC +trans_set_tls_mode(struct trans *self, const char *key, const char *cert) +{ + self->tls = xrdp_tls_create(self, key, cert); + if (self->tls == NULL) + { + g_writeln("trans_set_tls_mode: xrdp_tls_create malloc error"); + return 1; + } + + if (xrdp_tls_accept(self->tls) != 0) + { + g_writeln("trans_set_tls_mode: xrdp_tls_accept failed"); + return 1; + } + + /* assign tls functions */ + self->trans_read_call = xrdp_tls_force_read_s; + self->trans_write_call = xrdp_tls_force_write_s; + + return 0; +} +/*****************************************************************************/ +/* returns error */ +int APP_CC +trans_shutdown_tls_mode(struct trans *self) +{ + if (self->tls != NULL) + { + return xrdp_tls_disconnect(self->tls); + } + + /* set callback to tls */ + self->trans_read_call = trans_tcp_force_read_s; + self->trans_write_call = trans_tcp_force_write_s; + return 0; +} diff --git a/common/trans.h b/common/trans.h index a391309e..54566d85 100644 --- a/common/trans.h +++ b/common/trans.h @@ -23,6 +23,7 @@ #include "arch.h" #include "parse.h" +#include #define TRANS_MODE_TCP 1 #define TRANS_MODE_UNIX 2 @@ -35,11 +36,14 @@ #define TRANS_STATUS_UP 1 struct trans; /* forward declaration */ +struct xrdp_tls; typedef int (DEFAULT_CC *ttrans_data_in)(struct trans* self); typedef int (DEFAULT_CC *ttrans_conn_in)(struct trans* self, struct trans* new_self); typedef int (DEFAULT_CC *tis_term)(void); +typedef int (APP_CC *trans_read_call) (struct trans *self, struct stream *in_s, int size); +typedef int (APP_CC *trans_write_call) (struct trans *self, struct stream *out_s); struct trans { @@ -60,10 +64,34 @@ struct trans char port[256]; int no_stream_init_on_data_in; int extra_flags; /* user defined */ - int do_tls; /* 0 - tcp, 1 - tls */ struct xrdp_tls *tls; + trans_read_call trans_read_call; + trans_write_call trans_write_call; }; +/* xrdp_tls */ +struct xrdp_tls { + SSL *ssl; + SSL_CTX *ctx; + char *cert; + char *key; + struct trans *trans; +}; + +/* xrdp_tls.c */ +struct xrdp_tls *APP_CC +xrdp_tls_create(struct trans *trans, const char *key, const char *cert); +int APP_CC +xrdp_tls_accept(struct xrdp_tls *self); +int APP_CC +xrdp_tls_disconnect(struct xrdp_tls *self); +void APP_CC +xrdp_tls_delete(struct xrdp_tls *self); +int APP_CC +xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size); +int APP_CC +xrdp_tls_force_write_s(struct trans *self, struct stream *out_s); + struct trans* APP_CC trans_create(int mode, int in_size, int out_size); void APP_CC @@ -97,5 +125,13 @@ struct stream* APP_CC trans_get_in_s(struct trans* self); struct stream* APP_CC trans_get_out_s(struct trans* self, int size); +int APP_CC +trans_set_tls_mode(struct trans *self, const char *key, const char *cert); +int APP_CC +trans_shutdown_tls_mode(struct trans *self); +int APP_CC +trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size); +int APP_CC +trans_tcp_force_write_s(struct trans *self, struct stream *out_s); #endif diff --git a/common/xrdp_client_info.h b/common/xrdp_client_info.h index 7a7aed92..954595d8 100644 --- a/common/xrdp_client_info.h +++ b/common/xrdp_client_info.h @@ -123,6 +123,9 @@ struct xrdp_client_info int max_fastpath_frag_bytes; + char certificate[1024]; + char key_file[1024]; + }; #endif diff --git a/libxrdp/xrdp_tls.c b/common/xrdp_tls.c similarity index 91% rename from libxrdp/xrdp_tls.c rename to common/xrdp_tls.c index 1f6e847e..4429ff5e 100644 --- a/libxrdp/xrdp_tls.c +++ b/common/xrdp_tls.c @@ -18,7 +18,8 @@ * transport layer security */ -#include "libxrdp.h" +#include "trans.h" +#include "ssl_calls.h" /*****************************************************************************/ struct xrdp_tls *APP_CC @@ -30,10 +31,8 @@ xrdp_tls_create(struct trans *trans, const char *key, const char *cert) if (self != NULL) { self->trans = trans; - self->cert = g_malloc(g_strlen(key) + 1, 1); - self->key = g_malloc(g_strlen(cert) + 1, 1); - strcpy(self->cert, cert); - strcpy(self->key, key); + self->cert = (char *) cert; + self->key = (char *) key; } return self; @@ -87,30 +86,30 @@ xrdp_tls_accept(struct xrdp_tls *self) SSL_CTX_set_read_ahead(self->ctx, 1); if (self->ctx == NULL) { - g_writeln("ssl_tls_accept: SSL_CTX_new failed"); + g_writeln("xrdp_tls_accept: SSL_CTX_new failed"); return 1; } if (SSL_CTX_use_RSAPrivateKey_file(self->ctx, self->key, SSL_FILETYPE_PEM) <= 0) { - g_writeln("ssl_tls_accept: SSL_CTX_use_RSAPrivateKey_file failed"); + g_writeln("xrdp_tls_accept: SSL_CTX_use_RSAPrivateKey_file failed"); return 1; } self->ssl = SSL_new(self->ctx); if (self->ssl == NULL) { - g_writeln("ssl_tls_accept: SSL_new failed"); + g_writeln("xrdp_tls_accept: SSL_new failed"); return 1; } if (SSL_use_certificate_file(self->ssl, self->cert, SSL_FILETYPE_PEM) <= 0) { - g_writeln("ssl_tls_accept: SSL_use_certificate_file failed"); + g_writeln("xrdp_tls_accept: SSL_use_certificate_file failed"); return 1; } if (SSL_set_fd(self->ssl, self->trans->sck) < 1) { - g_writeln("ssl_tls_accept: SSL_set_fd failed"); + g_writeln("xrdp_tls_accept: SSL_set_fd failed"); return 1; } @@ -123,11 +122,7 @@ xrdp_tls_accept(struct xrdp_tls *self) } } - g_writeln("ssl_tls_accept: TLS connection accepted"); - - /* set trans for TLS */ - self->trans->do_tls = 1; /* TLS layer */ - self->trans->tls = self; /* owner */ + g_writeln("xrdp_tls_accept: TLS connection accepted"); return 0; } @@ -166,7 +161,18 @@ xrdp_tls_print_error(char *func, SSL *connection, int value) int APP_CC xrdp_tls_disconnect(struct xrdp_tls *self) { - SSL_shutdown(self->ssl); + int status = SSL_shutdown(self->ssl); + while (status != 1) + { + status = SSL_shutdown(self->ssl); + + if (status <= 0) { + if (xrdp_tls_print_error("SSL_shutdown", self->ssl, status)) + { + return 1; + } + } + } return 0; } /*****************************************************************************/ @@ -255,7 +261,6 @@ xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size) return 1; } - g_writeln("xrdp_tls_force_read_s: Pending= %d", SSL_pending(self->tls->ssl)); rcvd = xrdp_tls_read(self->tls, in_s->end, size); if (rcvd == -1) @@ -313,10 +318,9 @@ xrdp_tls_force_write_s(struct trans *self, struct stream *out_s) } size = (int)(out_s->end - out_s->data); - g_writeln("packet size= %d", size); total = 0; - if (send_waiting(self, 1) != 0) + if (xrdp_tls_send_waiting(self, 1) != 0) { self->status = TRANS_STATUS_DOWN; return 1; @@ -367,7 +371,7 @@ xrdp_tls_force_write_s(struct trans *self, struct stream *out_s) } /*****************************************************************************/ int APP_CC -send_waiting(struct trans *self, int block) +xrdp_tls_send_waiting(struct trans *self, int block) { struct stream *temp_s; int bytes; diff --git a/libxrdp/Makefile.am b/libxrdp/Makefile.am index 57c4b716..bd37cad4 100644 --- a/libxrdp/Makefile.am +++ b/libxrdp/Makefile.am @@ -61,8 +61,7 @@ libxrdp_la_SOURCES = \ xrdp_orders_rail.c \ xrdp_mppc_enc.c \ xrdp_fastpath.c \ - xrdp_caps.c \ - xrdp_tls.c + xrdp_caps.c libxrdp_la_LDFLAGS = \ $(EXTRA_FLAGS) diff --git a/libxrdp/libxrdp.c b/libxrdp/libxrdp.c index 44e9d775..3b781f70 100644 --- a/libxrdp/libxrdp.c +++ b/libxrdp/libxrdp.c @@ -141,16 +141,8 @@ libxrdp_force_read(struct trans* trans) s = trans->in_s; init_stream(s, 32 * 1024); - if (trans->do_tls) - { - g_writeln("libxrdp_force_read: tls data in"); - if (xrdp_tls_force_read_s(trans, s, 4) != 0) - { - return 0; - } - g_hexdump(s->data, 4); - } - else if (trans_force_read(trans, 4) != 0) /*TCP*/ + + if (trans_force_read(trans, 4) != 0) { g_writeln("libxrdp_force_read: error"); return 0; @@ -167,24 +159,11 @@ libxrdp_force_read(struct trans* trans) return 0; } - if (trans->do_tls) - { - g_writeln("libxrdp_force_read: tls data in"); - xrdp_tls_force_read_s(trans, s, bytes - 4); - g_hexdump(s->data, bytes); - } - else if (trans_force_read(trans, bytes - 4) != 0) /*TCP*/ + if (trans_force_read(trans, bytes - 4) != 0) { g_writeln("libxrdp_force_read: error"); return 0; } - - -// if (trans_force_read(trans, bytes - 4) != 0) -// { -// g_writeln("libxrdp_force_read: error"); -// return 0; -// } return s; } diff --git a/libxrdp/libxrdp.h b/libxrdp/libxrdp.h index 4ce39eb3..0bda9f45 100644 --- a/libxrdp/libxrdp.h +++ b/libxrdp/libxrdp.h @@ -36,7 +36,6 @@ #include "libxrdpinc.h" #include "file_loc.h" #include "xrdp_client_info.h" -#include /* iso */ @@ -123,16 +122,13 @@ struct xrdp_sec char pub_mod[256]; char pub_sig[64]; char pri_exp[256]; - int rsa_key_bytes; /* 64 or 256 */ - int channel_code; - int multimon; + int rsa_key_bytes; /* 64 or 256 , 0 = no rdp security */ char fips_encrypt_key[24]; char fips_decrypt_key[24]; char fips_sign_key[20]; void *encrypt_fips_info; void *decrypt_fips_info; void *sign_fips_info; - struct xrdp_tls *tls; }; /* channel */ @@ -293,29 +289,6 @@ struct xrdp_mppc_enc }; -/* xrdp_tls */ -struct xrdp_tls { - SSL *ssl; - SSL_CTX *ctx; - char *cert; - char *key; - struct trans *trans; -}; - -/* xrdp_tls.c */ -struct xrdp_tls *APP_CC -xrdp_tls_create(struct trans *trans, const char *key, const char *cert); -int APP_CC -xrdp_tls_accept(struct xrdp_tls *self); -int APP_CC -xrdp_tls_disconnect(struct xrdp_tls *self); -void APP_CC -xrdp_tls_delete(struct xrdp_tls *self); -int APP_CC -xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size); -int APP_CC -xrdp_tls_force_write_s(struct trans *self, struct stream *out_s); - int APP_CC compress_rdp(struct xrdp_mppc_enc *enc, tui8 *srcData, int len); struct xrdp_mppc_enc * APP_CC @@ -370,9 +343,8 @@ int APP_CC xrdp_mcs_disconnect(struct xrdp_mcs *self); /* xrdp_sec.c */ -struct xrdp_sec * APP_CC -xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans, int crypt_level, - int channel_code, int multimon); +struct xrdp_sec *APP_CC +xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans); void APP_CC xrdp_sec_delete(struct xrdp_sec *self); int APP_CC @@ -392,8 +364,6 @@ xrdp_sec_send(struct xrdp_sec *self, struct stream *s, int chan); int APP_CC xrdp_sec_process_mcs_data(struct xrdp_sec *self); int APP_CC -xrdp_sec_out_mcs_data(struct xrdp_sec *self); -int APP_CC xrdp_sec_incoming(struct xrdp_sec *self); int APP_CC xrdp_sec_disconnect(struct xrdp_sec *self); diff --git a/libxrdp/xrdp_fastpath.c b/libxrdp/xrdp_fastpath.c index 8739c764..f84f5ae1 100644 --- a/libxrdp/xrdp_fastpath.c +++ b/libxrdp/xrdp_fastpath.c @@ -117,7 +117,7 @@ xrdp_fastpath_init(struct xrdp_fastpath *self, struct stream *s) int APP_CC xrdp_fastpath_send(struct xrdp_fastpath *self, struct stream *s) { - if (trans_force_write_s(self->trans, s) != 0) + if (trans_force_write_s(self->trans, s) != 0) { return 1; } diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c index 33570e19..90bfebce 100644 --- a/libxrdp/xrdp_iso.c +++ b/libxrdp/xrdp_iso.c @@ -56,8 +56,6 @@ xrdp_iso_process_rdpNegReq(struct xrdp_iso *self, struct stream *s) int flags; int len; - DEBUG((" in xrdp_iso_process_neg_req")); - in_uint8(s, flags); if (flags != 0x0 && flags != 0x8 && flags != 0x1) { @@ -80,7 +78,6 @@ xrdp_iso_process_rdpNegReq(struct xrdp_iso *self, struct stream *s) return 1; } - DEBUG((" out xrdp_iso_process_rdpNegReq")); return 0; } /*****************************************************************************/ @@ -278,8 +275,7 @@ xrdp_iso_incoming(struct xrdp_iso *self) self->rdpNegData = 1; if (xrdp_iso_process_rdpNegReq(self, s) != 0) { - g_writeln( - "xrdp_iso_incoming: xrdp_iso_process_rdpNegReq returned non zero"); + g_writeln("xrdp_iso_incoming: xrdp_iso_process_rdpNegReq returned non zero"); return 1; } break; @@ -416,14 +412,7 @@ xrdp_iso_send(struct xrdp_iso *self, struct stream *s) out_uint8(s, ISO_PDU_DT); out_uint8(s, 0x80); - if (self->trans->do_tls) - { - if (xrdp_tls_force_write_s(self->trans, s) != 0) - { - return 1; - } - } - else if (trans_force_write_s(self->trans, s) != 0) + if (trans_force_write_s(self->trans, s) != 0) { return 1; } diff --git a/libxrdp/xrdp_mcs.c b/libxrdp/xrdp_mcs.c index fd8fe3fb..404db998 100644 --- a/libxrdp/xrdp_mcs.c +++ b/libxrdp/xrdp_mcs.c @@ -706,7 +706,163 @@ xrdp_mcs_out_domain_params(struct xrdp_mcs *self, struct stream *s, xrdp_mcs_ber_out_int8(self, s, 2); return 0; } +/*****************************************************************************/ +/* prepare server gcc data to send in mcs response msg */ +int APP_CC +xrdp_mcs_out_gcc_data(struct xrdp_sec *self) +{ + struct stream *s; + int num_channels_even; + int num_channels; + int index; + int channel; + int gcc_size; + char* gcc_size_ptr; + char* ud_ptr; + + num_channels = self->mcs_layer->channel_list->count; + num_channels_even = num_channels + (num_channels & 1); + s = &(self->server_mcs_data); + init_stream(s, 8192); + out_uint16_be(s, 5); /* AsnBerObjectIdentifier */ + out_uint16_be(s, 0x14); + out_uint8(s, 0x7c); + out_uint16_be(s, 1); /* -- */ + out_uint8(s, 0x2a); /* ConnectPDULen */ + out_uint8(s, 0x14); + out_uint8(s, 0x76); + out_uint8(s, 0x0a); + out_uint8(s, 1); + out_uint8(s, 1); + out_uint8(s, 0); + out_uint16_le(s, 0xc001); + out_uint8(s, 0); + out_uint8(s, 0x4d); /* M */ + out_uint8(s, 0x63); /* c */ + out_uint8(s, 0x44); /* D */ + out_uint8(s, 0x6e); /* n */ + /* GCC Response Total Length - 2 bytes , set later */ + gcc_size_ptr = s->p; /* RDPGCCUserDataResponseLength */ + out_uint8s(s, 2); + ud_ptr = s->p; /* User Data */ + out_uint16_le(s, SEC_TAG_SRV_INFO); + if (self->mcs_layer->iso_layer->rdpNegData) + { + out_uint16_le(s, 12); /* len */ + } + else + { + out_uint16_le(s, 8); /* len */ + } + out_uint8(s, 4); /* 4 = rdp5 1 = rdp4 */ + out_uint8(s, 0); + out_uint8(s, 8); + out_uint8(s, 0); + if (self->mcs_layer->iso_layer->rdpNegData) + { + /* ReqeustedProtocol */ + out_uint32_le(s, self->mcs_layer->iso_layer->requestedProtocol); + } + out_uint16_le(s, SEC_TAG_SRV_CHANNELS); + out_uint16_le(s, 8 + (num_channels_even * 2)); /* len */ + out_uint16_le(s, MCS_GLOBAL_CHANNEL); /* 1003, 0x03eb main channel */ + out_uint16_le(s, num_channels); /* number of other channels */ + + for (index = 0; index < num_channels_even; index++) + { + if (index < num_channels) + { + channel = MCS_GLOBAL_CHANNEL + (index + 1); + out_uint16_le(s, channel); + } + else + { + out_uint16_le(s, 0); + } + } + + if (self->rsa_key_bytes == 64) + { + g_writeln("xrdp_sec_out_mcs_data: using 512 bit RSA key"); + out_uint16_le(s, SEC_TAG_SRV_CRYPT); + out_uint16_le(s, 0x00ec); /* len is 236 */ + out_uint32_le(s, self->crypt_method); + out_uint32_le(s, self->crypt_level); + out_uint32_le(s, 32); /* 32 bytes random len */ + out_uint32_le(s, 0xb8); /* 184 bytes rsa info(certificate) len */ + out_uint8a(s, self->server_random, 32); + /* here to end is certificate */ + /* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ */ + /* TermService\Parameters\Certificate */ + out_uint32_le(s, 1); + out_uint32_le(s, 1); + out_uint32_le(s, 1); + out_uint16_le(s, SEC_TAG_PUBKEY); /* 0x0006 */ + out_uint16_le(s, 0x005c); /* 92 bytes length of SEC_TAG_PUBKEY */ + out_uint32_le(s, SEC_RSA_MAGIC); /* 0x31415352 'RSA1' */ + out_uint32_le(s, 0x0048); /* 72 bytes modulus len */ + out_uint32_be(s, 0x00020000); /* bit len */ + out_uint32_be(s, 0x3f000000); /* data len */ + out_uint8a(s, self->pub_exp, 4); /* pub exp */ + out_uint8a(s, self->pub_mod, 64); /* pub mod */ + out_uint8s(s, 8); /* pad */ + out_uint16_le(s, SEC_TAG_KEYSIG); /* 0x0008 */ + out_uint16_le(s, 72); /* len */ + out_uint8a(s, self->pub_sig, 64); /* pub sig */ + out_uint8s(s, 8); /* pad */ + } + else if (self->rsa_key_bytes == 256) + { + g_writeln("xrdp_sec_out_mcs_data: using 2048 bit RSA key"); + out_uint16_le(s, SEC_TAG_SRV_CRYPT); + out_uint16_le(s, 0x01ac); /* len is 428 */ + out_uint32_le(s, self->crypt_method); + out_uint32_le(s, self->crypt_level); + out_uint32_le(s, 32); /* 32 bytes random len */ + out_uint32_le(s, 0x178); /* 376 bytes rsa info(certificate) len */ + out_uint8a(s, self->server_random, 32); + /* here to end is certificate */ + /* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ */ + /* TermService\Parameters\Certificate */ + out_uint32_le(s, 1); + out_uint32_le(s, 1); + out_uint32_le(s, 1); + out_uint16_le(s, SEC_TAG_PUBKEY); /* 0x0006 */ + out_uint16_le(s, 0x011c); /* 284 bytes length of SEC_TAG_PUBKEY */ + out_uint32_le(s, SEC_RSA_MAGIC); /* 0x31415352 'RSA1' */ + out_uint32_le(s, 0x0108); /* 264 bytes modulus len */ + out_uint32_be(s, 0x00080000); /* bit len */ + out_uint32_be(s, 0xff000000); /* data len */ + out_uint8a(s, self->pub_exp, 4); /* pub exp */ + out_uint8a(s, self->pub_mod, 256); /* pub mod */ + out_uint8s(s, 8); /* pad */ + out_uint16_le(s, SEC_TAG_KEYSIG); /* 0x0008 */ + out_uint16_le(s, 72); /* len */ + out_uint8a(s, self->pub_sig, 64); /* pub sig */ + out_uint8s(s, 8); /* pad */ + } + else if (self->rsa_key_bytes == 0) /* no security */ + { + g_writeln("xrdp_sec_out_mcs_data: using no security"); + out_uint16_le(s, SEC_TAG_SRV_CRYPT); + out_uint16_le(s, 12); /* len is 12 */ + out_uint32_le(s, self->crypt_method); + out_uint32_le(s, self->crypt_level); + } + else + { + g_writeln("xrdp_sec_out_mcs_data: error"); + } + /* end certificate */ + s_mark_end(s); + + gcc_size = (int)(s->end - ud_ptr) | 0x8000; + gcc_size_ptr[0] = gcc_size >> 8; + gcc_size_ptr[1] = gcc_size; + + return 0; +} /*****************************************************************************/ /* returns error */ static int APP_CC @@ -719,10 +875,10 @@ xrdp_mcs_send_connect_response(struct xrdp_mcs *self) make_stream(s); init_stream(s, 8192); data_len = (int) (self->server_mcs_data->end - self->server_mcs_data->data); - g_writeln("data len = %d , +36= %d", data_len, data_len+36); xrdp_iso_init(self->iso_layer, s); - //TODO: 36 - tls , 38 - rdp - we should calculate that - xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, data_len + 36); + //TODO: we should calculate the whole length include MCS_CONNECT_RESPONSE + xrdp_mcs_ber_out_header(self, s, MCS_CONNECT_RESPONSE, + data_len > 0x80 ? data_len + 38 : data_len + 36); xrdp_mcs_ber_out_header(self, s, BER_TAG_RESULT, 1); out_uint8(s, 0); xrdp_mcs_ber_out_header(self, s, BER_TAG_INTEGER, 1); @@ -751,31 +907,9 @@ xrdp_mcs_send_connect_response(struct xrdp_mcs *self) int APP_CC xrdp_mcs_incoming(struct xrdp_mcs *self) { + int i; DEBUG((" in xrdp_mcs_incoming")); - /* ISO */ - if (xrdp_iso_incoming(self->iso_layer) != 0) - { - return 1; - } - - /* TLS */ - if (PROTOCOL_SSL & self->iso_layer->selectedProtocol) - { - g_writeln("xrdp_mcs_incoming: TLS mode!"); - self->sec_layer->crypt_level = CRYPT_LEVEL_NONE; - self->sec_layer->crypt_method = CRYPT_METHOD_NONE; - self->sec_layer->rsa_key_bytes = 0; - - if (xrdp_tls_accept(self->sec_layer->tls) != 0) - { - g_writeln("xrdp_mcs_incoming: ssl_tls_accept failed"); - return 1; - } - g_writeln("xrdp_mcs_incoming: ssl_tls_accept done!!!!"); - } - - /* MCS */ if (xrdp_mcs_recv_connect_initial(self) != 0) { return 1; @@ -787,8 +921,7 @@ xrdp_mcs_incoming(struct xrdp_mcs *self) return 1; } - /* in xrdp_sec.c */ - if (xrdp_sec_out_mcs_data(self->sec_layer) != 0) + if (xrdp_mcs_out_gcc_data(self->sec_layer) != 0) { return 1; } @@ -813,25 +946,18 @@ xrdp_mcs_incoming(struct xrdp_mcs *self) return 1; } - if (xrdp_mcs_recv_cjrq(self) != 0) - { - return 1; - } - - if (xrdp_mcs_send_cjcf(self, self->userid, - self->userid + MCS_USERCHANNEL_BASE) != 0) - { - return 1; - } - - if (xrdp_mcs_recv_cjrq(self) != 0) + for (i = 0 ; i < self->channel_list->count + 2 ; i++) { - return 1; - } + if (xrdp_mcs_recv_cjrq(self) != 0) + { + return 1; + } - if (xrdp_mcs_send_cjcf(self, self->userid, MCS_GLOBAL_CHANNEL) != 0) - { - return 1; + if (xrdp_mcs_send_cjcf(self, self->userid, + self->userid + MCS_USERCHANNEL_BASE + i) != 0) + { + return 1; + } } DEBUG((" out xrdp_mcs_incoming")); @@ -960,6 +1086,7 @@ close_rdp_socket(struct xrdp_mcs *self) { if (self->iso_layer->trans != 0) { + trans_shutdown_tls_mode(self->iso_layer->trans); g_tcp_close(self->iso_layer->trans->sck); self->iso_layer->trans->sck = 0 ; g_writeln("xrdp_mcs_disconnect - socket closed"); @@ -982,8 +1109,7 @@ xrdp_mcs_disconnect(struct xrdp_mcs *self) if (xrdp_iso_init(self->iso_layer, s) != 0) { - xrdp_tls_disconnect(self->sec_layer->tls); - free_stream(s); + free_stream(s); close_rdp_socket(self); DEBUG((" out xrdp_mcs_disconnect error - 1")); return 1; @@ -995,14 +1121,12 @@ xrdp_mcs_disconnect(struct xrdp_mcs *self) if (xrdp_iso_send(self->iso_layer, s) != 0) { - xrdp_tls_disconnect(self->sec_layer->tls); free_stream(s); close_rdp_socket(self); DEBUG((" out xrdp_mcs_disconnect error - 2")); return 1; } - xrdp_tls_disconnect(self->sec_layer->tls); free_stream(s); close_rdp_socket(self); DEBUG(("xrdp_mcs_disconnect - close sent")); diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c index 3719b015..6891bb97 100644 --- a/libxrdp/xrdp_rdp.c +++ b/libxrdp/xrdp_rdp.c @@ -177,6 +177,38 @@ xrdp_rdp_read_config(struct xrdp_client_info *client_info) client_info->security_layer = PROTOCOL_SSL | PROTOCOL_HYBRID | PROTOCOL_HYBRID_EX; } } + else if (g_strcasecmp(item, "certificate") == 0) + { + g_memset(client_info->certificate, 0, sizeof(char) * 1024); + if (value[0] != '/') + { + /* default certificate path */ + g_snprintf(client_info->certificate, 1023, "%s/cert.pem", XRDP_CFG_PATH); + log_message(LOG_LEVEL_ALWAYS,"WARNING: Invalid x.509 certificate path defined, " + "default path will be used: %s", client_info->certificate); + } + else + { + /* use user defined certificate */ + g_strncpy(client_info->certificate, value, 1023); + } + } + else if (g_strcasecmp(item, "key_file") == 0) + { + g_memset(client_info->key_file, 0, sizeof(char) * 1024); + if (value[0] != '/') + { + /* default key_file path */ + g_snprintf(client_info->key_file, 1023, "%s/key.pem", XRDP_CFG_PATH); + log_message(LOG_LEVEL_ALWAYS,"WARNING: Invalid x.509 certificate path defined, " + "default path will be used: %s", client_info->key_file); + } + else + { + /* use user defined key_file */ + g_strncpy(client_info->key_file, value, 1023); + } + } } @@ -253,10 +285,7 @@ xrdp_rdp_create(struct xrdp_session *session, struct trans *trans) /* read ini settings */ xrdp_rdp_read_config(&self->client_info); /* create sec layer */ - self->sec_layer = xrdp_sec_create(self, trans, - self->client_info.crypt_level, - self->client_info.channel_code, - self->client_info.multimon); + self->sec_layer = xrdp_sec_create(self, trans); /* default 8 bit v1 color bitmap cache entries and size */ self->client_info.cache1_entries = 600; self->client_info.cache1_size = 256; @@ -352,6 +381,15 @@ xrdp_rdp_recv(struct xrdp_rdp *self, struct stream *s, int *code) chan = 0; error = xrdp_sec_recv(self->sec_layer, s, &chan); + if (error == 3) + { + /* unencrypted confirm active msg arrived */ + s->next_packet = 0; + *code = 3; + DEBUG(("out (0) xrdp_rdp_recv")); + return 0; + } + if (error == -1) /* special code for send demand active */ { s->next_packet = 0; diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index 76fc3ae2..d5e19f76 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -222,91 +222,46 @@ hex_str_to_bin(char *in, char *out, int out_len) /*****************************************************************************/ struct xrdp_sec *APP_CC -xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans, int crypt_level, - int channel_code, int multimon) +xrdp_sec_create(struct xrdp_rdp *owner, struct trans *trans) { struct xrdp_sec *self; - DEBUG((" in xrdp_sec_create")); - self = (struct xrdp_sec *)g_malloc(sizeof(struct xrdp_sec), 1); - self->rdp_layer = owner; - self->crypt_method = CRYPT_METHOD_NONE; - self->crypt_level = CRYPT_LEVEL_NONE; - switch (crypt_level) - { - case 1: /* low */ - self->crypt_method = CRYPT_METHOD_40BIT; - self->crypt_level = CRYPT_LEVEL_LOW; - break; - case 2: /* medium */ - self->crypt_method = CRYPT_METHOD_40BIT; - self->crypt_level = CRYPT_LEVEL_CLIENT_COMPATIBLE; - break; - case 3: /* high */ - self->crypt_method = CRYPT_METHOD_128BIT; - self->crypt_level = CRYPT_LEVEL_HIGH; - break; - case 4: /* fips */ - self->crypt_method = CRYPT_METHOD_FIPS; - self->crypt_level = CRYPT_LEVEL_FIPS; - break; - default: - g_writeln("Fatal : Illegal crypt_level"); - break ; - } - - self->channel_code = channel_code; - self->multimon = multimon; - - if (self->decrypt_rc4_info != NULL) - { - g_writeln("xrdp_sec_create - decrypt_rc4_info already created !!!"); - } - - self->decrypt_rc4_info = ssl_rc4_info_create(); - - if (self->encrypt_rc4_info != NULL) - { - g_writeln("xrdp_sec_create - encrypt_rc4_info already created !!!"); - } - - self->encrypt_rc4_info = ssl_rc4_info_create(); - self->mcs_layer = xrdp_mcs_create(self, trans, - &(self->client_mcs_data), - &(self->server_mcs_data)); - self->fastpath_layer = xrdp_fastpath_create(self, trans); - self->chan_layer = xrdp_channel_create(self, self->mcs_layer); - //TODO: add cert to config - self->tls = xrdp_tls_create(trans, "/opt/xrdpinstall/etc/xrdp/pkey.pem", - "/opt/xrdpinstall/etc/xrdp/cert.pem"); - DEBUG((" out xrdp_sec_create")); - return self; + DEBUG((" in xrdp_sec_create")); + self = (struct xrdp_sec *) g_malloc(sizeof(struct xrdp_sec), 1); + self->rdp_layer = owner; + self->crypt_method = CRYPT_METHOD_NONE; /* set later */ + self->crypt_level = CRYPT_LEVEL_NONE; + self->mcs_layer = xrdp_mcs_create(self, trans, &(self->client_mcs_data), + &(self->server_mcs_data)); + self->fastpath_layer = xrdp_fastpath_create(self, trans); + self->chan_layer = xrdp_channel_create(self, self->mcs_layer); + DEBUG((" out xrdp_sec_create")); + + return self; } /*****************************************************************************/ void APP_CC -xrdp_sec_delete(struct xrdp_sec *self) -{ - if (self == 0) - { - g_writeln("xrdp_sec_delete: indata is null"); - return; - } - - xrdp_channel_delete(self->chan_layer); - xrdp_mcs_delete(self->mcs_layer); - xrdp_fastpath_delete(self->fastpath_layer); - ssl_rc4_info_delete(self->decrypt_rc4_info); /* TODO clear all data */ - ssl_rc4_info_delete(self->encrypt_rc4_info); /* TODO clear all data */ - ssl_des3_info_delete(self->decrypt_fips_info); - ssl_des3_info_delete(self->encrypt_fips_info); - ssl_hmac_info_delete(self->sign_fips_info); - xrdp_tls_delete(self->tls); - g_free(self->client_mcs_data.data); - g_free(self->server_mcs_data.data); - /* Crypto information must always be cleared */ - g_memset(self, 0, sizeof(struct xrdp_sec)); - g_free(self); +xrdp_sec_delete(struct xrdp_sec *self) { + + if (self == 0) { + g_writeln("xrdp_sec_delete: indata is null"); + return; + } + + xrdp_channel_delete(self->chan_layer); + xrdp_mcs_delete(self->mcs_layer); + xrdp_fastpath_delete(self->fastpath_layer); + ssl_rc4_info_delete(self->decrypt_rc4_info); /* TODO clear all data */ + ssl_rc4_info_delete(self->encrypt_rc4_info); /* TODO clear all data */ + ssl_des3_info_delete(self->decrypt_fips_info); + ssl_des3_info_delete(self->encrypt_fips_info); + ssl_hmac_info_delete(self->sign_fips_info); + g_free(self->client_mcs_data.data); + g_free(self->server_mcs_data.data); + /* Crypto information must always be cleared */ + g_memset(self, 0, sizeof(struct xrdp_sec)); + g_free(self); } /*****************************************************************************/ @@ -1046,9 +1001,23 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan) { return 1; } + + //TODO: HACK, we should recognize packets with sec header: client info, and license. + if (s->data[17] == 0x13) /* confirm active pdu */ + { + g_writeln("CONFIRM ACTIVE ARRIVED"); + in_uint8s(s, 6); + return 3; + } + + if (s->data[17] == 0x17 || s->data[16] == 0x17) /* rdp data pdu */ + { + g_writeln("RDP DATA ARRIVED"); + return 0; + } + in_uint32_le(s, flags); DEBUG((" in xrdp_sec_recv flags $%x", flags)); - g_writeln("userdata shareheaedr flags = %d", flags); if (flags & SEC_ENCRYPT) /* 0x08 */ { @@ -1071,7 +1040,7 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan) xrdp_sec_fips_decrypt(self, s->p, (int)(s->end - s->p)); s->end -= pad; } - else + else if (self->crypt_level > CRYPT_LEVEL_NONE) { if (!s_check_rem(s, 8)) { @@ -1622,11 +1591,14 @@ xrdp_sec_process_mcs_data_channels(struct xrdp_sec *self, struct stream *s) int num_channels; int index; struct mcs_channel_item *channel_item; + struct xrdp_client_info *client_info = (struct xrdp_client_info *)NULL; - DEBUG(("processing channels, channel_code is %d", self->channel_code)); + client_info = &(self->rdp_layer->client_info); + + DEBUG(("processing channels, channel_code is %d", client_info->channel_code)); /* this is an option set in xrdp.ini */ - if (self->channel_code != 1) /* are channels on? */ + if (client_info->channel_code != 1) /* are channels on? */ { g_writeln("Processing channel data from client - The channel is off"); return 0; @@ -1675,9 +1647,9 @@ xrdp_sec_process_mcs_data_monitors(struct xrdp_sec *self, struct stream *s) client_info = &(self->rdp_layer->client_info); - DEBUG(("processing monitors data, allow_multimon is %d", self->multimon)); + DEBUG(("processing monitors data, allow_multimon is %d", client_info->multimon)); /* this is an option set in xrdp.ini */ - if (self->multimon != 1) /* are multi-monitors allowed ? */ + if (client_info->multimon != 1) /* are multi-monitors allowed ? */ { DEBUG(("[INFO] xrdp_sec_process_mcs_data_monitors: multimon is not " "allowed, skipping")); @@ -1818,164 +1790,6 @@ xrdp_sec_process_mcs_data(struct xrdp_sec *self) return 0; } -/*****************************************************************************/ -/* prepare server mcs data to send in mcs layer */ -int APP_CC -xrdp_sec_out_mcs_data(struct xrdp_sec *self) -{ - struct stream *s; - int num_channels_even; - int num_channels; - int index; - int channel; - int gcc_size; - char* gcc_size_ptr; - char* ud_ptr; - - num_channels = self->mcs_layer->channel_list->count; - num_channels_even = num_channels + (num_channels & 1); - s = &(self->server_mcs_data); - init_stream(s, 8192); - out_uint16_be(s, 5); /* AsnBerObjectIdentifier */ - out_uint16_be(s, 0x14); - out_uint8(s, 0x7c); - out_uint16_be(s, 1); /* -- */ - out_uint8(s, 0x2a); /* ConnectPDULen */ - out_uint8(s, 0x14); - out_uint8(s, 0x76); - out_uint8(s, 0x0a); - out_uint8(s, 1); - out_uint8(s, 1); - out_uint8(s, 0); - out_uint16_le(s, 0xc001); - out_uint8(s, 0); - out_uint8(s, 0x4d); /* M */ - out_uint8(s, 0x63); /* c */ - out_uint8(s, 0x44); /* D */ - out_uint8(s, 0x6e); /* n */ - /* GCC Response Total Length - 2 bytes , set later */ - gcc_size_ptr = s->p; /* RDPGCCUserDataResponseLength */ - out_uint8(s, 0); - ud_ptr = s->p; /* User Data */ - - out_uint16_le(s, SEC_TAG_SRV_INFO); - if (self->mcs_layer->iso_layer->rdpNegData) - { - out_uint16_le(s, 12); /* len */ - } - else - { - out_uint16_le(s, 8); /* len */ - } - out_uint8(s, 4); /* 4 = rdp5 1 = rdp4 */ - out_uint8(s, 0); - out_uint8(s, 8); - out_uint8(s, 0); - if (self->mcs_layer->iso_layer->rdpNegData) - { - /* ReqeustedProtocol */ - out_uint32_le(s, self->mcs_layer->iso_layer->requestedProtocol); - } - out_uint16_le(s, SEC_TAG_SRV_CHANNELS); - out_uint16_le(s, 8 + (num_channels_even * 2)); /* len */ - out_uint16_le(s, MCS_GLOBAL_CHANNEL); /* 1003, 0x03eb main channel */ - out_uint16_le(s, num_channels); /* number of other channels */ - - for (index = 0; index < num_channels_even; index++) - { - if (index < num_channels) - { - channel = MCS_GLOBAL_CHANNEL + (index + 1); - out_uint16_le(s, channel); - } - else - { - out_uint16_le(s, 0); - } - } - - if (self->rsa_key_bytes == 64) - { - g_writeln("xrdp_sec_out_mcs_data: using 512 bit RSA key"); - out_uint16_le(s, SEC_TAG_SRV_CRYPT); - out_uint16_le(s, 0x00ec); /* len is 236 */ - out_uint32_le(s, self->crypt_method); - out_uint32_le(s, self->crypt_level); - out_uint32_le(s, 32); /* 32 bytes random len */ - out_uint32_le(s, 0xb8); /* 184 bytes rsa info(certificate) len */ - out_uint8a(s, self->server_random, 32); - /* here to end is certificate */ - /* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ */ - /* TermService\Parameters\Certificate */ - out_uint32_le(s, 1); - out_uint32_le(s, 1); - out_uint32_le(s, 1); - out_uint16_le(s, SEC_TAG_PUBKEY); /* 0x0006 */ - out_uint16_le(s, 0x005c); /* 92 bytes length of SEC_TAG_PUBKEY */ - out_uint32_le(s, SEC_RSA_MAGIC); /* 0x31415352 'RSA1' */ - out_uint32_le(s, 0x0048); /* 72 bytes modulus len */ - out_uint32_be(s, 0x00020000); /* bit len */ - out_uint32_be(s, 0x3f000000); /* data len */ - out_uint8a(s, self->pub_exp, 4); /* pub exp */ - out_uint8a(s, self->pub_mod, 64); /* pub mod */ - out_uint8s(s, 8); /* pad */ - out_uint16_le(s, SEC_TAG_KEYSIG); /* 0x0008 */ - out_uint16_le(s, 72); /* len */ - out_uint8a(s, self->pub_sig, 64); /* pub sig */ - out_uint8s(s, 8); /* pad */ - } - else if (self->rsa_key_bytes == 256) - { - g_writeln("xrdp_sec_out_mcs_data: using 2048 bit RSA key"); - out_uint16_le(s, SEC_TAG_SRV_CRYPT); - out_uint16_le(s, 0x01ac); /* len is 428 */ - out_uint32_le(s, self->crypt_method); - out_uint32_le(s, self->crypt_level); - out_uint32_le(s, 32); /* 32 bytes random len */ - out_uint32_le(s, 0x178); /* 376 bytes rsa info(certificate) len */ - out_uint8a(s, self->server_random, 32); - /* here to end is certificate */ - /* HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ */ - /* TermService\Parameters\Certificate */ - out_uint32_le(s, 1); - out_uint32_le(s, 1); - out_uint32_le(s, 1); - out_uint16_le(s, SEC_TAG_PUBKEY); /* 0x0006 */ - out_uint16_le(s, 0x011c); /* 284 bytes length of SEC_TAG_PUBKEY */ - out_uint32_le(s, SEC_RSA_MAGIC); /* 0x31415352 'RSA1' */ - out_uint32_le(s, 0x0108); /* 264 bytes modulus len */ - out_uint32_be(s, 0x00080000); /* bit len */ - out_uint32_be(s, 0xff000000); /* data len */ - out_uint8a(s, self->pub_exp, 4); /* pub exp */ - out_uint8a(s, self->pub_mod, 256); /* pub mod */ - out_uint8s(s, 8); /* pad */ - out_uint16_le(s, SEC_TAG_KEYSIG); /* 0x0008 */ - out_uint16_le(s, 72); /* len */ - out_uint8a(s, self->pub_sig, 64); /* pub sig */ - out_uint8s(s, 8); /* pad */ - } - else if (self->rsa_key_bytes == 0) /* no security */ - { - g_writeln("xrdp_sec_out_mcs_data: using no security"); - out_uint16_le(s, SEC_TAG_SRV_CRYPT); - out_uint16_le(s, 12); /* len is 12 */ - out_uint32_le(s, self->crypt_method); - out_uint32_le(s, self->crypt_level); - } - else - { - LLOGLN(0, ("xrdp_sec_out_mcs_data: error")); - } - /* end certificate */ - s_mark_end(s); - - gcc_size = (int)(s->end - ud_ptr);// | 0x8000; - gcc_size_ptr[0] = gcc_size;// >> 8; - //gcc_size_ptr[1] = gcc_size; - - return 0; -} - /*****************************************************************************/ /* process the mcs client data we received from the mcs layer */ static int APP_CC @@ -2039,66 +1853,155 @@ xrdp_sec_in_mcs_data(struct xrdp_sec *self) return 0; } +/*****************************************************************************/ +/* returns error */ +int APP_CC +xrdp_sec_init_rdp_security(struct xrdp_sec *self) +{ + switch (self->rdp_layer->client_info.crypt_level) + { + case 1: /* low */ + self->crypt_method = CRYPT_METHOD_40BIT; + self->crypt_level = CRYPT_LEVEL_LOW; + break; + case 2: /* medium */ + self->crypt_method = CRYPT_METHOD_40BIT; + self->crypt_level = CRYPT_LEVEL_CLIENT_COMPATIBLE; + break; + case 3: /* high */ + self->crypt_method = CRYPT_METHOD_128BIT; + self->crypt_level = CRYPT_LEVEL_HIGH; + break; + case 4: /* fips */ + self->crypt_method = CRYPT_METHOD_FIPS; + self->crypt_level = CRYPT_LEVEL_FIPS; + break; + default: + g_writeln("Fatal : Illegal crypt_level"); + break ; + } + + if (self->decrypt_rc4_info != NULL) + { + g_writeln("xrdp_sec_init_rdp_security: decrypt_rc4_info already created !!!"); + } + else + { + self->decrypt_rc4_info = ssl_rc4_info_create(); + } + + if (self->encrypt_rc4_info != NULL) + { + g_writeln("xrdp_sec_init_rdp_security: encrypt_rc4_info already created !!!"); + } + else + { + self->encrypt_rc4_info = ssl_rc4_info_create(); + } + + return 0; +} /*****************************************************************************/ int APP_CC xrdp_sec_incoming(struct xrdp_sec *self) { struct list *items = NULL; struct list *values = NULL; + struct xrdp_iso *iso; int index = 0; char *item = NULL; char *value = NULL; char key_file[256]; - g_memset(key_file, 0, sizeof(char) * 256); - DEBUG((" in xrdp_sec_incoming")); - g_random(self->server_random, 32); - items = list_create(); - items->auto_free = 1; - values = list_create(); - values->auto_free = 1; - g_snprintf(key_file, 255, "%s/rsakeys.ini", XRDP_CFG_PATH); + DEBUG((" in xrdp_sec_incoming:")); + iso = self->mcs_layer->iso_layer; - if (file_by_name_read_section(key_file, "keys", items, values) != 0) + /* negotiate security layer */ + if (xrdp_iso_incoming(iso) != 0) { - /* this is a show stopper */ - log_message(LOG_LEVEL_ALWAYS, "XRDP cannot read file: %s " - "(check permissions)", key_file); - list_delete(items); - list_delete(values); + DEBUG(("xrdp_sec_incoming: xrdp_iso_incoming failed")); return 1; } - for (index = 0; index < items->count; index++) + /* initialize selected security layer */ + if (iso->requestedProtocol > PROTOCOL_RDP) { - item = (char *)list_get_item(items, index); - value = (char *)list_get_item(values, index); - - if (g_strcasecmp(item, "pub_exp") == 0) - { - hex_str_to_bin(value, self->pub_exp, 4); - } - else if (g_strcasecmp(item, "pub_mod") == 0) + /* init tls security */ + DEBUG((" in xrdp_sec_incoming: init tls security")); + + if (trans_set_tls_mode(self->mcs_layer->iso_layer->trans, + self->rdp_layer->client_info.key_file, + self->rdp_layer->client_info.certificate) != 0) + { + g_writeln("xrdp_sec_incoming: trans_set_tls_mode failed"); + return 1; + } + + self->crypt_level = CRYPT_LEVEL_NONE; + self->crypt_method = CRYPT_METHOD_NONE; + self->rsa_key_bytes = 0; + + } + else + { + /* init rdp security */ + DEBUG((" in xrdp_sec_incoming: init rdp security")); + if (xrdp_sec_init_rdp_security(self) != 0) { - self->rsa_key_bytes = (g_strlen(value) + 1) / 5; - g_writeln("pub_mod bytes %d", self->rsa_key_bytes); - hex_str_to_bin(value, self->pub_mod, self->rsa_key_bytes); + DEBUG(("xrdp_sec_incoming: xrdp_sec_init_rdp_security failed")); + return 1; } - else if (g_strcasecmp(item, "pub_sig") == 0) + + g_memset(key_file, 0, sizeof(char) * 256); + g_random(self->server_random, 32); + items = list_create(); + items->auto_free = 1; + values = list_create(); + values->auto_free = 1; + g_snprintf(key_file, 255, "%s/rsakeys.ini", XRDP_CFG_PATH); + + if (file_by_name_read_section(key_file, "keys", items, values) != 0) { - hex_str_to_bin(value, self->pub_sig, 64); + /* this is a show stopper */ + log_message(LOG_LEVEL_ALWAYS, "XRDP cannot read file: %s " + "(check permissions)", key_file); + list_delete(items); + list_delete(values); + return 1; } - else if (g_strcasecmp(item, "pri_exp") == 0) + + for (index = 0; index < items->count; index++) { - self->rsa_key_bytes = (g_strlen(value) + 1) / 5; - g_writeln("pri_exp %d", self->rsa_key_bytes); - hex_str_to_bin(value, self->pri_exp, self->rsa_key_bytes); + item = (char *)list_get_item(items, index); + value = (char *)list_get_item(values, index); + + if (g_strcasecmp(item, "pub_exp") == 0) + { + hex_str_to_bin(value, self->pub_exp, 4); + } + else if (g_strcasecmp(item, "pub_mod") == 0) + { + self->rsa_key_bytes = (g_strlen(value) + 1) / 5; + g_writeln("pub_mod bytes %d", self->rsa_key_bytes); + hex_str_to_bin(value, self->pub_mod, self->rsa_key_bytes); + } + else if (g_strcasecmp(item, "pub_sig") == 0) + { + hex_str_to_bin(value, self->pub_sig, 64); + } + else if (g_strcasecmp(item, "pri_exp") == 0) + { + self->rsa_key_bytes = (g_strlen(value) + 1) / 5; + g_writeln("pri_exp %d", self->rsa_key_bytes); + hex_str_to_bin(value, self->pri_exp, self->rsa_key_bytes); + } } - } - list_delete(items); - list_delete(values); + list_delete(items); + list_delete(values); + } + /* negotiate mcs layer */ if (xrdp_mcs_incoming(self->mcs_layer) != 0) { return 1; @@ -2117,6 +2020,7 @@ xrdp_sec_incoming(struct xrdp_sec *self) { return 1; } + LLOGLN(10, ("xrdp_sec_incoming: out")); return 0; } @@ -2128,7 +2032,6 @@ xrdp_sec_disconnect(struct xrdp_sec *self) int rv; DEBUG((" in xrdp_sec_disconnect")); - rv = xrdp_mcs_disconnect(self->mcs_layer); DEBUG((" out xrdp_sec_disconnect")); return rv; diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index 5b86d4c2..52a6c7d9 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -5,11 +5,17 @@ ini_version=1 bitmap_cache=yes bitmap_compression=yes port=3389 -crypt_level=high -security_layer=rdp allow_channels=true max_bpp=32 fork=yes +crypt_level=high +# security layer can be 'tls', 'rdp' or 'negotiate' +# for client compatible layer +security_layer=rdp +# X.509 certificate and private key +# openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365 +certificate= +key_file= # regulate if the listening socket use socket option tcp_nodelay # no buffering will be performed in the TCP stack diff --git a/xrdp/xrdp_process.c b/xrdp/xrdp_process.c index c60c40dc..af56a4e1 100644 --- a/xrdp/xrdp_process.c +++ b/xrdp/xrdp_process.c @@ -171,7 +171,6 @@ xrdp_process_data_in(struct trans *self) pro->server_trans->extra_flags = 1; break; } - return 0; } From df870334895876cc9c5bec2bf720e4e2a8625daa Mon Sep 17 00:00:00 2001 From: Idan Freiberg Date: Wed, 23 Jul 2014 15:37:47 +0300 Subject: [PATCH 06/22] trans: work on TLS --- common/trans.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/common/trans.c b/common/trans.c index d58bdd91..e13cd420 100644 --- a/common/trans.c +++ b/common/trans.c @@ -380,10 +380,6 @@ trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size) int APP_CC trans_force_read(struct trans *self, int size) { - if (self->tls != 0) - { - return xrdp_tls_force_read_s(self, self->in_s, size); - } return trans_force_read_s(self, self->in_s, size); } @@ -688,7 +684,7 @@ trans_shutdown_tls_mode(struct trans *self) return xrdp_tls_disconnect(self->tls); } - /* set callback to tls */ + /* set callback back to tcp */ self->trans_read_call = trans_tcp_force_read_s; self->trans_write_call = trans_tcp_force_write_s; return 0; From 5a0d1f028a80a6a88b550c3494a95033eb11c79d Mon Sep 17 00:00:00 2001 From: Idan Freiberg Date: Wed, 23 Jul 2014 15:42:19 +0300 Subject: [PATCH 07/22] libxrdp: work on TLS mode --- libxrdp/xrdp_sec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c index d5e19f76..0bb2688c 100644 --- a/libxrdp/xrdp_sec.c +++ b/libxrdp/xrdp_sec.c @@ -1002,12 +1002,12 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan) return 1; } - //TODO: HACK, we should recognize packets with sec header: client info, and license. + /* TODO: HACK, we should recognize packets without security header + However, client info packet and license packet always have security header. */ if (s->data[17] == 0x13) /* confirm active pdu */ { g_writeln("CONFIRM ACTIVE ARRIVED"); - in_uint8s(s, 6); - return 3; + return 0; } if (s->data[17] == 0x17 || s->data[16] == 0x17) /* rdp data pdu */ From 0795400fe260652f6ae3788325e2a4c8ee05fe3a Mon Sep 17 00:00:00 2001 From: Idan Freiberg Date: Wed, 23 Jul 2014 15:51:21 +0300 Subject: [PATCH 08/22] libxrdp: mcs, delete temp hexdump --- libxrdp/xrdp_mcs.c | 1 - 1 file changed, 1 deletion(-) diff --git a/libxrdp/xrdp_mcs.c b/libxrdp/xrdp_mcs.c index 404db998..a15c2fce 100644 --- a/libxrdp/xrdp_mcs.c +++ b/libxrdp/xrdp_mcs.c @@ -889,7 +889,6 @@ xrdp_mcs_send_connect_response(struct xrdp_mcs *self) out_uint8a(s, self->server_mcs_data->data, data_len); s_mark_end(s); - g_hexdump(s->data, 150); if (xrdp_iso_send(self->iso_layer, s) != 0) { free_stream(s); From ceacbfb75e9ad57d42c99881b1d2a90a19595c15 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Thu, 24 Jul 2014 16:12:08 -0700 Subject: [PATCH 09/22] add submodule back --- .gitmodules | 2 +- librfxcodec | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) create mode 160000 librfxcodec diff --git a/.gitmodules b/.gitmodules index 74dd7c1d..d40734d4 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "librfxcodec"] path = librfxcodec - url = git://github.com/neutrinolabs/librfxcodec.git + url = git://github.com/neutrinolabs/librfxcodec diff --git a/librfxcodec b/librfxcodec new file mode 160000 index 00000000..01387f55 --- /dev/null +++ b/librfxcodec @@ -0,0 +1 @@ +Subproject commit 01387f55796858e20b1d10599a72fa7f80cf0989 From a71c0afcbfb62ce56a00743a21aff86e933a1909 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Thu, 24 Jul 2014 16:17:17 -0700 Subject: [PATCH 10/22] update submodule --- librfxcodec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/librfxcodec b/librfxcodec index 01387f55..766b06b5 160000 --- a/librfxcodec +++ b/librfxcodec @@ -1 +1 @@ -Subproject commit 01387f55796858e20b1d10599a72fa7f80cf0989 +Subproject commit 766b06b5f914e9a0b0f5faf02912451d12dba07e From 3b79792bcc7042a9843efdac74ec569958839070 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Thu, 24 Jul 2014 22:28:26 -0700 Subject: [PATCH 11/22] common: add default for XRDP_LOG_PATH --- common/file_loc.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/common/file_loc.h b/common/file_loc.h index 36821304..3b408e43 100644 --- a/common/file_loc.h +++ b/common/file_loc.h @@ -41,4 +41,8 @@ #define XRDP_LIB_PATH "/usr/local/lib/xrdp" #endif +#if !defined(XRDP_LOG_PATH) +#define XRDP_LOG_PATH "/var/log" +#endif + #endif From b39c68bdc405c67699768c7159e2b98eca0244f0 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Thu, 24 Jul 2014 22:31:47 -0700 Subject: [PATCH 12/22] common: fifo.c, os_call.h, don't need prefix dir --- common/fifo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/fifo.c b/common/fifo.c index 5e94694d..165acf8e 100644 --- a/common/fifo.c +++ b/common/fifo.c @@ -19,7 +19,7 @@ */ #include "fifo.h" -#include "common/os_calls.h" +#include "os_calls.h" /** * Create new fifo data struct From 4bf326080da8cb495ece2339a8cf1c128f1ae7bb Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Fri, 25 Jul 2014 21:18:40 -0700 Subject: [PATCH 13/22] common: indent, not logic change --- common/parse.h | 292 ++++++++++++++++++++++++------------------------- 1 file changed, 146 insertions(+), 146 deletions(-) diff --git a/common/parse.h b/common/parse.h index 34170a41..2ae3927b 100644 --- a/common/parse.h +++ b/common/parse.h @@ -36,17 +36,17 @@ /* parser state */ struct stream { - char* p; - char* end; - char* data; - int size; - /* offsets of various headers */ - char* iso_hdr; - char* mcs_hdr; - char* sec_hdr; - char* rdp_hdr; - char* channel_hdr; - char* next_packet; + char *p; + char *end; + char *data; + int size; + /* offsets of various headers */ + char *iso_hdr; + char *mcs_hdr; + char *sec_hdr; + char *rdp_hdr; + char *channel_hdr; + char *next_packet; }; /******************************************************************************/ @@ -63,58 +63,58 @@ struct stream /******************************************************************************/ #define make_stream(s) \ - (s) = (struct stream*)g_malloc(sizeof(struct stream), 1) + (s) = (struct stream*)g_malloc(sizeof(struct stream), 1) /******************************************************************************/ #define init_stream(s, v) do \ { \ - if ((v) > (s)->size) \ - { \ - g_free((s)->data); \ - (s)->data = (char*)g_malloc((v), 0); \ - (s)->size = (v); \ - } \ - (s)->p = (s)->data; \ - (s)->end = (s)->data; \ - (s)->next_packet = 0; \ + if ((v) > (s)->size) \ + { \ + g_free((s)->data); \ + (s)->data = (char*)g_malloc((v), 0); \ + (s)->size = (v); \ + } \ + (s)->p = (s)->data; \ + (s)->end = (s)->data; \ + (s)->next_packet = 0; \ } while (0) /******************************************************************************/ #define free_stream(s) do \ { \ - if ((s) != 0) \ - { \ - g_free((s)->data); \ - } \ - g_free((s)); \ + if ((s) != 0) \ + { \ + g_free((s)->data); \ + } \ + g_free((s)); \ } while (0) /******************************************************************************/ #define s_push_layer(s, h, n) do \ { \ - (s)->h = (s)->p; \ - (s)->p += (n); \ + (s)->h = (s)->p; \ + (s)->p += (n); \ } while (0) /******************************************************************************/ #define s_pop_layer(s, h) \ - (s)->p = (s)->h + (s)->p = (s)->h /******************************************************************************/ #define s_mark_end(s) \ - (s)->end = (s)->p + (s)->end = (s)->p #define in_sint8(s, v) do \ { \ - (v) = *((signed char*)((s)->p)); \ - (s)->p++; \ + (v) = *((signed char*)((s)->p)); \ + (s)->p++; \ } while (0) /******************************************************************************/ #define in_uint8(s, v) do \ { \ - (v) = *((unsigned char*)((s)->p)); \ - (s)->p++; \ + (v) = *((unsigned char*)((s)->p)); \ + (s)->p++; \ } while (0) /******************************************************************************/ #define in_uint8_peek(s, v) do { v = *s->p; } while (0) @@ -122,18 +122,18 @@ struct stream #if defined(B_ENDIAN) || defined(NEED_ALIGN) #define in_sint16_le(s, v) do \ { \ - (v) = (signed short) \ - ( \ - (*((unsigned char*)((s)->p + 0)) << 0) | \ - (*((unsigned char*)((s)->p + 1)) << 8) \ - ); \ - (s)->p += 2; \ + (v) = (signed short) \ + ( \ + (*((unsigned char*)((s)->p + 0)) << 0) | \ + (*((unsigned char*)((s)->p + 1)) << 8) \ + ); \ + (s)->p += 2; \ } while (0) #else #define in_sint16_le(s, v) do \ { \ - (v) = *((signed short*)((s)->p)); \ - (s)->p += 2; \ + (v) = *((signed short*)((s)->p)); \ + (s)->p += 2; \ } while (0) #endif @@ -141,49 +141,49 @@ struct stream #if defined(B_ENDIAN) || defined(NEED_ALIGN) #define in_uint16_le(s, v) do \ { \ - (v) = (unsigned short) \ - ( \ - (*((unsigned char*)((s)->p + 0)) << 0) | \ - (*((unsigned char*)((s)->p + 1)) << 8) \ - ); \ - (s)->p += 2; \ + (v) = (unsigned short) \ + ( \ + (*((unsigned char*)((s)->p + 0)) << 0) | \ + (*((unsigned char*)((s)->p + 1)) << 8) \ + ); \ + (s)->p += 2; \ } while (0) #else #define in_uint16_le(s, v) do \ { \ - (v) = *((unsigned short*)((s)->p)); \ - (s)->p += 2; \ + (v) = *((unsigned short*)((s)->p)); \ + (s)->p += 2; \ } while (0) #endif /******************************************************************************/ #define in_uint16_be(s, v) do \ { \ - (v) = *((unsigned char*)((s)->p)); \ - (s)->p++; \ - (v) <<= 8; \ - (v) |= *((unsigned char*)((s)->p)); \ - (s)->p++; \ + (v) = *((unsigned char*)((s)->p)); \ + (s)->p++; \ + (v) <<= 8; \ + (v) |= *((unsigned char*)((s)->p)); \ + (s)->p++; \ } while (0) /******************************************************************************/ #if defined(B_ENDIAN) || defined(NEED_ALIGN) #define in_uint32_le(s, v) do \ { \ - (v) = (unsigned int) \ - ( \ - (*((unsigned char*)((s)->p + 0)) << 0) | \ - (*((unsigned char*)((s)->p + 1)) << 8) | \ - (*((unsigned char*)((s)->p + 2)) << 16) | \ - (*((unsigned char*)((s)->p + 3)) << 24) \ - ); \ - (s)->p += 4; \ + (v) = (unsigned int) \ + ( \ + (*((unsigned char*)((s)->p + 0)) << 0) | \ + (*((unsigned char*)((s)->p + 1)) << 8) | \ + (*((unsigned char*)((s)->p + 2)) << 16) | \ + (*((unsigned char*)((s)->p + 3)) << 24) \ + ); \ + (s)->p += 4; \ } while (0) #else #define in_uint32_le(s, v) do \ { \ - (v) = *((unsigned int*)((s)->p)); \ - (s)->p += 4; \ + (v) = *((unsigned int*)((s)->p)); \ + (s)->p += 4; \ } while (0) #endif @@ -191,41 +191,41 @@ struct stream #if defined(B_ENDIAN) || defined(NEED_ALIGN) #define in_uint64_le(s, v) do \ { \ - (v) = (tui64) \ - ( \ - (((tui64)(*((unsigned char*)((s)->p + 0)))) << 0) | \ - (((tui64)(*((unsigned char*)((s)->p + 1)))) << 8) | \ - (((tui64)(*((unsigned char*)((s)->p + 2)))) << 16) | \ - (((tui64)(*((unsigned char*)((s)->p + 3)))) << 24) | \ - (((tui64)(*((unsigned char*)((s)->p + 4)))) << 32) | \ - (((tui64)(*((unsigned char*)((s)->p + 5)))) << 40) | \ - (((tui64)(*((unsigned char*)((s)->p + 6)))) << 48) | \ - (((tui64)(*((unsigned char*)((s)->p + 7)))) << 56) \ - ); \ - (s)->p += 8; \ + (v) = (tui64) \ + ( \ + (((tui64)(*((unsigned char*)((s)->p + 0)))) << 0) | \ + (((tui64)(*((unsigned char*)((s)->p + 1)))) << 8) | \ + (((tui64)(*((unsigned char*)((s)->p + 2)))) << 16) | \ + (((tui64)(*((unsigned char*)((s)->p + 3)))) << 24) | \ + (((tui64)(*((unsigned char*)((s)->p + 4)))) << 32) | \ + (((tui64)(*((unsigned char*)((s)->p + 5)))) << 40) | \ + (((tui64)(*((unsigned char*)((s)->p + 6)))) << 48) | \ + (((tui64)(*((unsigned char*)((s)->p + 7)))) << 56) \ + ); \ + (s)->p += 8; \ } while (0) #else #define in_uint64_le(s, v) do \ { \ - (v) = *((tui64*)((s)->p)); \ - (s)->p += 8; \ + (v) = *((tui64*)((s)->p)); \ + (s)->p += 8; \ } while (0) #endif /******************************************************************************/ #define in_uint32_be(s, v) do \ { \ - (v) = *((unsigned char*)((s)->p)); \ - (s)->p++; \ - (v) <<= 8; \ - (v) |= *((unsigned char*)((s)->p)); \ - (s)->p++; \ - (v) <<= 8; \ - (v) |= *((unsigned char*)((s)->p)); \ - (s)->p++; \ - (v) <<= 8; \ - (v) |= *((unsigned char*)((s)->p)); \ - (s)->p++; \ + (v) = *((unsigned char*)((s)->p)); \ + (s)->p++; \ + (v) <<= 8; \ + (v) |= *((unsigned char*)((s)->p)); \ + (s)->p++; \ + (v) <<= 8; \ + (v) |= *((unsigned char*)((s)->p)); \ + (s)->p++; \ + (v) <<= 8; \ + (v) |= *((unsigned char*)((s)->p)); \ + (s)->p++; \ } while (0) /******************************************************************************/ @@ -239,46 +239,46 @@ struct stream #if defined(B_ENDIAN) || defined(NEED_ALIGN) #define out_uint16_le(s, v) do \ { \ - *((s)->p) = (unsigned char)((v) >> 0); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 8); \ - (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 0); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 8); \ + (s)->p++; \ } while (0) #else #define out_uint16_le(s, v) do \ { \ - *((unsigned short*)((s)->p)) = (unsigned short)(v); \ - (s)->p += 2; \ + *((unsigned short*)((s)->p)) = (unsigned short)(v); \ + (s)->p += 2; \ } while (0) #endif /******************************************************************************/ #define out_uint16_be(s, v) do \ { \ - *((s)->p) = (unsigned char)((v) >> 8); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 0); \ - (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 8); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 0); \ + (s)->p++; \ } while (0) /******************************************************************************/ #if defined(B_ENDIAN) || defined(NEED_ALIGN) #define out_uint32_le(s, v) do \ { \ - *((s)->p) = (unsigned char)((v) >> 0); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 8); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 16); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 24); \ - (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 0); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 8); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 16); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 24); \ + (s)->p++; \ } while (0) #else #define out_uint32_le(s, v) do \ { \ - *((unsigned int*)((s)->p)) = (v); \ - (s)->p += 4; \ + *((unsigned int*)((s)->p)) = (v); \ + (s)->p += 4; \ } while (0) #endif @@ -286,78 +286,78 @@ struct stream #if defined(B_ENDIAN) || defined(NEED_ALIGN) #define out_uint64_le(s, v) do \ { \ - *((s)->p) = (unsigned char)((v) >> 0); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 8); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 16); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 24); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 32); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 40); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 48); \ - (s)->p++; \ - *((s)->p) = (unsigned char)((v) >> 56); \ - (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 0); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 8); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 16); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 24); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 32); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 40); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 48); \ + (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 56); \ + (s)->p++; \ } while (0) #else #define out_uint64_le(s, v) do \ { \ - *((tui64*)((s)->p)) = (v); \ - (s)->p += 8; \ + *((tui64*)((s)->p)) = (v); \ + (s)->p += 8; \ } while (0) #endif /******************************************************************************/ #define out_uint32_be(s, v) do \ { \ - *((s)->p) = (unsigned char)((v) >> 24); \ - s->p++; \ - *((s)->p) = (unsigned char)((v) >> 16); \ - s->p++; \ - *((s)->p) = (unsigned char)((v) >> 8); \ - s->p++; \ - *((s)->p) = (unsigned char)(v); \ - (s)->p++; \ + *((s)->p) = (unsigned char)((v) >> 24); \ + s->p++; \ + *((s)->p) = (unsigned char)((v) >> 16); \ + s->p++; \ + *((s)->p) = (unsigned char)((v) >> 8); \ + s->p++; \ + *((s)->p) = (unsigned char)(v); \ + (s)->p++; \ } while (0) /******************************************************************************/ #define in_uint8p(s, v, n) do \ { \ - (v) = (s)->p; \ - (s)->p += (n); \ + (v) = (s)->p; \ + (s)->p += (n); \ } while (0) /******************************************************************************/ #define in_uint8a(s, v, n) do \ { \ - g_memcpy((v), (s)->p, (n)); \ - (s)->p += (n); \ + g_memcpy((v), (s)->p, (n)); \ + (s)->p += (n); \ } while (0) /******************************************************************************/ #define in_uint8s(s, n) \ - (s)->p += (n) + (s)->p += (n) /******************************************************************************/ #define out_uint8p(s, v, n) do \ { \ - g_memcpy((s)->p, (v), (n)); \ - (s)->p += (n); \ + g_memcpy((s)->p, (v), (n)); \ + (s)->p += (n); \ } while (0) /******************************************************************************/ #define out_uint8a(s, v, n) \ - out_uint8p((s), (v), (n)) + out_uint8p((s), (v), (n)) /******************************************************************************/ #define out_uint8s(s, n) do \ { \ - g_memset((s)->p, 0, (n)); \ - (s)->p += (n); \ + g_memset((s)->p, 0, (n)); \ + (s)->p += (n); \ } while (0) /* From abf5549524bfabf212dc1d45bc5939b26cd4887d Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Fri, 25 Jul 2014 21:21:48 -0700 Subject: [PATCH 14/22] common: indent, not logic change --- common/trans.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/common/trans.h b/common/trans.h index 54566d85..c28d420b 100644 --- a/common/trans.h +++ b/common/trans.h @@ -70,12 +70,13 @@ struct trans }; /* xrdp_tls */ -struct xrdp_tls { - SSL *ssl; - SSL_CTX *ctx; - char *cert; - char *key; - struct trans *trans; +struct xrdp_tls +{ + SSL *ssl; + SSL_CTX *ctx; + char *cert; + char *key; + struct trans *trans; }; /* xrdp_tls.c */ From ff8275da582a1235d591481e7f10cbcb6115c994 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Fri, 25 Jul 2014 21:33:05 -0700 Subject: [PATCH 15/22] common: indent, not logic change --- common/list.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/common/list.h b/common/list.h index 23bc5092..cdc545a0 100644 --- a/common/list.h +++ b/common/list.h @@ -26,11 +26,11 @@ /* list */ struct list { - tbus* items; - int count; - int alloc_size; - int grow_by; - int auto_free; + tintptr* items; + int count; + int alloc_size; + int grow_by; + int auto_free; }; struct list* APP_CC @@ -38,17 +38,17 @@ list_create(void); void APP_CC list_delete(struct list* self); void APP_CC -list_add_item(struct list* self, tbus item); -tbus APP_CC +list_add_item(struct list* self, tintptr item); +tintptr APP_CC list_get_item(struct list* self, int index); void APP_CC list_clear(struct list* self); int APP_CC -list_index_of(struct list* self, tbus item); +list_index_of(struct list* self, tintptr item); void APP_CC list_remove_item(struct list* self, int index); void APP_CC -list_insert_item(struct list* self, int index, tbus item); +list_insert_item(struct list* self, int index, tintptr item); void APP_CC list_append_list_strdup(struct list* self, struct list* dest, int start_index); void APP_CC From 9e1e6d3c3eebb5f82fa6fb6207255eb99ab89ecc Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Fri, 25 Jul 2014 21:37:59 -0700 Subject: [PATCH 16/22] common: indent, not logic change --- common/fifo.c | 15 ++++++++++----- common/fifo.h | 12 +++++++----- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/common/fifo.c b/common/fifo.c index 165acf8e..ebd1ef4d 100644 --- a/common/fifo.c +++ b/common/fifo.c @@ -27,7 +27,8 @@ * @return pointer to new FIFO or NULL if system out of memory *****************************************************************************/ -FIFO *fifo_create() +FIFO * APP_CC +fifo_create(void) { return (FIFO *) g_malloc(sizeof(FIFO), 1); } @@ -36,7 +37,8 @@ FIFO *fifo_create() * Delete specified FIFO *****************************************************************************/ -void fifo_delete(FIFO *self) +void APP_CC +fifo_delete(FIFO *self) { USER_DATA *udp; @@ -85,7 +87,8 @@ void fifo_delete(FIFO *self) * @return 0 on success, -1 on error *****************************************************************************/ -int fifo_add_item(FIFO *self, void *item) +int APP_CC +fifo_add_item(FIFO *self, void *item) { USER_DATA *udp; @@ -121,7 +124,8 @@ int fifo_add_item(FIFO *self, void *item) * @return top item from FIFO or NULL if FIFO is empty *****************************************************************************/ -void *fifo_remove_item(FIFO *self) +void * APP_CC +fifo_remove_item(FIFO *self) { void *item; USER_DATA *udp; @@ -155,7 +159,8 @@ void *fifo_remove_item(FIFO *self) * @return true if FIFO is empty, false otherwise *****************************************************************************/ -int fifo_is_empty(FIFO *self) +int APP_CC +fifo_is_empty(FIFO *self) { if (!self) return 1; diff --git a/common/fifo.h b/common/fifo.h index 134227d8..813154a4 100644 --- a/common/fifo.h +++ b/common/fifo.h @@ -21,6 +21,8 @@ #ifndef _FIFO_H #define _FIFO_H +#include "arch.h" + typedef struct user_data USER_DATA; struct user_data @@ -36,10 +38,10 @@ typedef struct fifo int auto_free; } FIFO; -FIFO *fifo_create(); -void fifo_delete(FIFO *self); -int fifo_add_item(FIFO *self, void *item); -void *fifo_remove_item(FIFO *self); -int fifo_is_empty(); +FIFO * APP_CC fifo_create(void); +void APP_CC fifo_delete(FIFO *self); +int APP_CC fifo_add_item(FIFO *self, void *item); +void * APP_CC fifo_remove_item(FIFO *self); +int APP_CC fifo_is_empty(FIFO *self); #endif From a73e66513d03167391e260aa81a3e55dd27c9df8 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Fri, 25 Jul 2014 21:45:29 -0700 Subject: [PATCH 17/22] common: indent, not logic change --- common/log.h | 60 ++++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/common/log.h b/common/log.h index 6bb6180a..b95c615a 100644 --- a/common/log.h +++ b/common/log.h @@ -29,23 +29,23 @@ /* logging levels */ enum logLevels { - LOG_LEVEL_ALWAYS = 0, - LOG_LEVEL_ERROR, - LOG_LEVEL_WARNING, - LOG_LEVEL_INFO, - LOG_LEVEL_DEBUG + LOG_LEVEL_ALWAYS = 0, + LOG_LEVEL_ERROR, + LOG_LEVEL_WARNING, + LOG_LEVEL_INFO, + LOG_LEVEL_DEBUG }; /* startup return values */ enum logReturns { - LOG_STARTUP_OK = 0, - LOG_ERROR_MALLOC, - LOG_ERROR_NULL_FILE, - LOG_ERROR_FILE_OPEN, - LOG_ERROR_NO_CFG, - LOG_ERROR_FILE_NOT_OPEN, - LOG_GENERAL_ERROR + LOG_STARTUP_OK = 0, + LOG_ERROR_MALLOC, + LOG_ERROR_NULL_FILE, + LOG_ERROR_FILE_OPEN, + LOG_ERROR_NO_CFG, + LOG_ERROR_FILE_NOT_OPEN, + LOG_GENERAL_ERROR }; #define SESMAN_CFG_LOGGING "Logging" @@ -65,14 +65,14 @@ enum logReturns struct log_config { - char* program_name; - char* log_file; - int fd; - unsigned int log_level; - int enable_syslog; - unsigned int syslog_level; - pthread_mutex_t log_lock; - pthread_mutexattr_t log_lock_attr; + char *program_name; + char *log_file; + int fd; + unsigned int log_level; + int enable_syslog; + unsigned int syslog_level; + pthread_mutex_t log_lock; + pthread_mutexattr_t log_lock_attr; }; /* internal functions, only used in log.c if this ifdef is defined.*/ @@ -86,7 +86,7 @@ struct log_config * */ enum logReturns DEFAULT_CC -internal_log_start(struct log_config* l_cfg); +internal_log_start(struct log_config *l_cfg); /** * @@ -95,7 +95,7 @@ internal_log_start(struct log_config* l_cfg); * */ enum logReturns DEFAULT_CC -internal_log_end(struct log_config* l_cfg); +internal_log_end(struct log_config *l_cfg); /** * Converts a log level to a string @@ -103,7 +103,7 @@ internal_log_end(struct log_config* l_cfg); * @param str pointer where the string will be stored. */ void DEFAULT_CC -internal_log_lvl2str(const enum logLevels lvl, char* str); +internal_log_lvl2str(const enum logLevels lvl, char *str); /** * @@ -113,7 +113,7 @@ internal_log_lvl2str(const enum logLevels lvl, char* str); * */ enum logLevels DEFAULT_CC -internal_log_text2level(char* s); +internal_log_text2level(char *s); /** * A function that init our struct that holds all state and @@ -133,9 +133,9 @@ internalInitAndAllocStruct(void); * @return */ enum logReturns DEFAULT_CC -internal_config_read_logging(int file, struct log_config* lc, - struct list* param_n, - struct list* param_v, +internal_config_read_logging(int file, struct log_config *lc, + struct list *param_n, + struct list *param_v, const char *applicationName); /*End of internal functions*/ #endif @@ -147,7 +147,7 @@ internal_config_read_logging(int file, struct log_config* lc, * @return LOG_STARTUP_OK on success */ enum logReturns DEFAULT_CC -log_start(const char* iniFile, const char* applicationName); +log_start(const char *iniFile, const char *applicationName); /** * An alternative log_start where the caller gives the params directly. @@ -171,7 +171,7 @@ log_end(void); * @return */ enum logReturns DEFAULT_CC -log_message(const enum logLevels lvl, const char* msg, ...); +log_message(const enum logLevels lvl, const char *msg, ...); /** * @@ -181,7 +181,7 @@ log_message(const enum logLevels lvl, const char* msg, ...); * @return 0 on success, 1 on failure * */ -int APP_CC text2bool(char* s); +int APP_CC text2bool(char *s); /** * This function returns the configured file name for the logfile From c6126831194bf0a15d0536f0c2245a36aa55f210 Mon Sep 17 00:00:00 2001 From: speidy Date: Sat, 26 Jul 2014 08:14:19 +0300 Subject: [PATCH 18/22] common: trans indentation fix --- common/trans.c | 115 ++++++++++++++++++++++++++----------------------- 1 file changed, 60 insertions(+), 55 deletions(-) diff --git a/common/trans.c b/common/trans.c index e13cd420..85af36e0 100644 --- a/common/trans.c +++ b/common/trans.c @@ -24,12 +24,13 @@ #include "parse.h" /*****************************************************************************/ -struct trans *APP_CC +struct trans * +APP_CC trans_create(int mode, int in_size, int out_size) { - struct trans *self = (struct trans *)NULL; + struct trans *self = (struct trans *) NULL; - self = (struct trans *)g_malloc(sizeof(struct trans), 1); + self = (struct trans *) g_malloc(sizeof(struct trans), 1); if (self != NULL) { @@ -74,7 +75,7 @@ trans_delete(struct trans *self) if (self->tls != 0) { - xrdp_tls_delete(self->tls); + xrdp_tls_delete(self->tls); } g_free(self); @@ -101,9 +102,8 @@ trans_get_wait_objs(struct trans *self, tbus *objs, int *count) /*****************************************************************************/ int APP_CC -trans_get_wait_objs_rw(struct trans *self, - tbus *robjs, int *rcount, - tbus *wobjs, int *wcount) +trans_get_wait_objs_rw(struct trans *self, tbus *robjs, int *rcount, + tbus *wobjs, int *wcount) { if (self == 0) { @@ -183,8 +183,8 @@ send_waiting(struct trans *self, int block) int APP_CC trans_check_wait_objs(struct trans *self) { - tbus in_sck = (tbus)0; - struct trans *in_trans = (struct trans *)NULL; + tbus in_sck = (tbus) 0; + struct trans *in_trans = (struct trans *) NULL; int read_bytes = 0; int to_read = 0; int read_so_far = 0; @@ -207,7 +207,7 @@ trans_check_wait_objs(struct trans *self) if (g_tcp_can_recv(self->sck, 0)) { in_sck = g_sck_accept(self->sck, self->addr, sizeof(self->addr), - self->port, sizeof(self->port)); + self->port, sizeof(self->port)); if (in_sck == -1) { @@ -228,13 +228,15 @@ trans_check_wait_objs(struct trans *self) if (self->trans_conn_in != 0) /* is function assigned */ { in_trans = trans_create(self->mode, self->in_s->size, - self->out_s->size); + self->out_s->size); in_trans->sck = in_sck; in_trans->type1 = TRANS_TYPE_SERVER; in_trans->status = TRANS_STATUS_UP; in_trans->is_term = self->is_term; - g_strncpy(in_trans->addr, self->addr, sizeof(self->addr) - 1); - g_strncpy(in_trans->port, self->port, sizeof(self->port) - 1); + g_strncpy(in_trans->addr, self->addr, + sizeof(self->addr) - 1); + g_strncpy(in_trans->port, self->port, + sizeof(self->port) - 1); if (self->trans_conn_in(self, in_trans) != 0) { @@ -252,12 +254,12 @@ trans_check_wait_objs(struct trans *self) { if (g_tcp_can_recv(self->sck, 0)) { - read_so_far = (int)(self->in_s->end - self->in_s->data); + read_so_far = (int) (self->in_s->end - self->in_s->data); to_read = self->header_size - read_so_far; if (to_read > 0) { - read_bytes = g_tcp_recv(self->sck, self->in_s->end, to_read, 0); + read_bytes = g_tcp_recv(self->sck, self->in_s->end, to_read, 0); if (read_bytes == -1) { @@ -284,7 +286,7 @@ trans_check_wait_objs(struct trans *self) } } - read_so_far = (int)(self->in_s->end - self->in_s->data); + read_so_far = (int) (self->in_s->end - self->in_s->data); if (read_so_far == self->header_size) { @@ -312,7 +314,7 @@ trans_check_wait_objs(struct trans *self) int APP_CC trans_force_read_s(struct trans *self, struct stream *in_s, int size) { - return self->trans_read_call(self, in_s, size); + return self->trans_read_call(self, in_s, size); } /*****************************************************************************/ int APP_CC @@ -387,7 +389,7 @@ trans_force_read(struct trans *self, int size) int APP_CC trans_force_write_s(struct trans *self, struct stream *out_s) { - return self->trans_write_call(self, out_s); + return self->trans_write_call(self, out_s); } /*****************************************************************************/ int APP_CC @@ -402,7 +404,7 @@ trans_tcp_force_write_s(struct trans *self, struct stream *out_s) return 1; } - size = (int)(out_s->end - out_s->data); + size = (int) (out_s->end - out_s->data); total = 0; if (send_waiting(self, 1) != 0) @@ -413,7 +415,7 @@ trans_tcp_force_write_s(struct trans *self, struct stream *out_s) while (total < size) { - sent = g_tcp_send(self->sck, out_s->data + total, size - total, 0); + sent = g_tcp_send(self->sck, out_s->data + total, size - total, 0); if (sent == -1) { @@ -477,7 +479,7 @@ trans_write_copy(struct trans *self) } out_s = self->out_s; - size = (int)(out_s->end - out_s->data); + size = (int) (out_s->end - out_s->data); make_stream(wait_s); init_stream(wait_s, size); out_uint8a(wait_s, out_s->data, size); @@ -511,7 +513,7 @@ trans_write_copy(struct trans *self) /*****************************************************************************/ int APP_CC trans_connect(struct trans *self, const char *server, const char *port, - int timeout) + int timeout) { int error; @@ -615,14 +617,15 @@ trans_listen(struct trans *self, char *port) } /*****************************************************************************/ -struct stream *APP_CC +struct stream * +APP_CC trans_get_in_s(struct trans *self) { - struct stream *rv = (struct stream *)NULL; + struct stream *rv = (struct stream *) NULL; if (self == NULL) { - rv = (struct stream *)NULL; + rv = (struct stream *) NULL; } else { @@ -633,14 +636,15 @@ trans_get_in_s(struct trans *self) } /*****************************************************************************/ -struct stream *APP_CC +struct stream * +APP_CC trans_get_out_s(struct trans *self, int size) { - struct stream *rv = (struct stream *)NULL; + struct stream *rv = (struct stream *) NULL; if (self == NULL) { - rv = (struct stream *)NULL; + rv = (struct stream *) NULL; } else { @@ -655,37 +659,38 @@ trans_get_out_s(struct trans *self, int size) int APP_CC trans_set_tls_mode(struct trans *self, const char *key, const char *cert) { - self->tls = xrdp_tls_create(self, key, cert); - if (self->tls == NULL) - { - g_writeln("trans_set_tls_mode: xrdp_tls_create malloc error"); - return 1; - } - - if (xrdp_tls_accept(self->tls) != 0) - { - g_writeln("trans_set_tls_mode: xrdp_tls_accept failed"); - return 1; - } - - /* assign tls functions */ - self->trans_read_call = xrdp_tls_force_read_s; - self->trans_write_call = xrdp_tls_force_write_s; - - return 0; + self->tls = xrdp_tls_create(self, key, cert); + if (self->tls == NULL) + { + g_writeln("trans_set_tls_mode: xrdp_tls_create malloc error"); + return 1; + } + + if (xrdp_tls_accept(self->tls) != 0) + { + g_writeln("trans_set_tls_mode: xrdp_tls_accept failed"); + return 1; + } + + /* assign tls functions */ + self->trans_read_call = xrdp_tls_force_read_s; + self->trans_write_call = xrdp_tls_force_write_s; + + return 0; } /*****************************************************************************/ /* returns error */ int APP_CC trans_shutdown_tls_mode(struct trans *self) { - if (self->tls != NULL) - { - return xrdp_tls_disconnect(self->tls); - } - - /* set callback back to tcp */ - self->trans_read_call = trans_tcp_force_read_s; - self->trans_write_call = trans_tcp_force_write_s; - return 0; + if (self->tls != NULL) + { + return xrdp_tls_disconnect(self->tls); + } + + /* set callback back to tcp + self->trans_read_call = trans_tcp_force_read_s; + self->trans_write_call = trans_tcp_force_write_s; + */ + return 0; } From be51fb739cd3e2f02264b4c4ba25c64ab5c3b264 Mon Sep 17 00:00:00 2001 From: speidy Date: Sat, 26 Jul 2014 08:19:50 +0300 Subject: [PATCH 19/22] common: xrdp_tls, indentation fix --- common/xrdp_tls.c | 361 ++++++++++++++++++++++++---------------------- 1 file changed, 187 insertions(+), 174 deletions(-) diff --git a/common/xrdp_tls.c b/common/xrdp_tls.c index 4429ff5e..b370b90f 100644 --- a/common/xrdp_tls.c +++ b/common/xrdp_tls.c @@ -22,7 +22,8 @@ #include "ssl_calls.h" /*****************************************************************************/ -struct xrdp_tls *APP_CC +struct xrdp_tls * +APP_CC xrdp_tls_create(struct trans *trans, const char *key, const char *cert) { struct xrdp_tls *self; @@ -30,9 +31,9 @@ xrdp_tls_create(struct trans *trans, const char *key, const char *cert) if (self != NULL) { - self->trans = trans; - self->cert = (char *) cert; - self->key = (char *) key; + self->trans = trans; + self->cert = (char *) cert; + self->key = (char *) key; } return self; @@ -41,206 +42,218 @@ xrdp_tls_create(struct trans *trans, const char *key, const char *cert) int APP_CC xrdp_tls_accept(struct xrdp_tls *self) { - int connection_status; - long options = 0; - - /** - * SSL_OP_NO_SSLv2: - * - * We only want SSLv3 and TLSv1, so disable SSLv2. - * SSLv3 is used by, eg. Microsoft RDC for Mac OS X. - */ - options |= SSL_OP_NO_SSLv2; - - /** - * SSL_OP_NO_COMPRESSION: - * - * The Microsoft RDP server does not advertise support - * for TLS compression, but alternative servers may support it. - * This was observed between early versions of the FreeRDP server - * and the FreeRDP client, and caused major performance issues, - * which is why we're disabling it. - */ - options |= SSL_OP_NO_COMPRESSION; - - /** - * SSL_OP_TLS_BLOCK_PADDING_BUG: - * - * The Microsoft RDP server does *not* support TLS padding. - * It absolutely needs to be disabled otherwise it won't work. - */ - options |= SSL_OP_TLS_BLOCK_PADDING_BUG; - - /** - * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: - * - * Just like TLS padding, the Microsoft RDP server does not - * support empty fragments. This needs to be disabled. - */ - options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; - - self->ctx = SSL_CTX_new(SSLv23_server_method()); - /* set context options */ - SSL_CTX_set_mode(self->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE); - SSL_CTX_set_options(self->ctx, options); - SSL_CTX_set_read_ahead(self->ctx, 1); - - if (self->ctx == NULL) { - g_writeln("xrdp_tls_accept: SSL_CTX_new failed"); - return 1; - } - - if (SSL_CTX_use_RSAPrivateKey_file(self->ctx, self->key, SSL_FILETYPE_PEM) - <= 0) { - g_writeln("xrdp_tls_accept: SSL_CTX_use_RSAPrivateKey_file failed"); - return 1; - } - - self->ssl = SSL_new(self->ctx); - - if (self->ssl == NULL) { - g_writeln("xrdp_tls_accept: SSL_new failed"); - return 1; - } - - if (SSL_use_certificate_file(self->ssl, self->cert, SSL_FILETYPE_PEM) <= 0) { - g_writeln("xrdp_tls_accept: SSL_use_certificate_file failed"); - return 1; - } - - if (SSL_set_fd(self->ssl, self->trans->sck) < 1) { - g_writeln("xrdp_tls_accept: SSL_set_fd failed"); - return 1; - } - - connection_status = SSL_accept(self->ssl); - - if (connection_status <= 0) { - if (xrdp_tls_print_error("SSL_accept", self->ssl, connection_status)) - { - return 1; - } - } - - g_writeln("xrdp_tls_accept: TLS connection accepted"); - - return 0; + int connection_status; + long options = 0; + + /** + * SSL_OP_NO_SSLv2: + * + * We only want SSLv3 and TLSv1, so disable SSLv2. + * SSLv3 is used by, eg. Microsoft RDC for Mac OS X. + */ + options |= SSL_OP_NO_SSLv2; + + /** + * SSL_OP_NO_COMPRESSION: + * + * The Microsoft RDP server does not advertise support + * for TLS compression, but alternative servers may support it. + * This was observed between early versions of the FreeRDP server + * and the FreeRDP client, and caused major performance issues, + * which is why we're disabling it. + */ + options |= SSL_OP_NO_COMPRESSION; + + /** + * SSL_OP_TLS_BLOCK_PADDING_BUG: + * + * The Microsoft RDP server does *not* support TLS padding. + * It absolutely needs to be disabled otherwise it won't work. + */ + options |= SSL_OP_TLS_BLOCK_PADDING_BUG; + + /** + * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: + * + * Just like TLS padding, the Microsoft RDP server does not + * support empty fragments. This needs to be disabled. + */ + options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; + + self->ctx = SSL_CTX_new(SSLv23_server_method()); + /* set context options */ + SSL_CTX_set_mode(self->ctx, + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER + | SSL_MODE_ENABLE_PARTIAL_WRITE); + SSL_CTX_set_options(self->ctx, options); + SSL_CTX_set_read_ahead(self->ctx, 1); + + if (self->ctx == NULL) + { + g_writeln("xrdp_tls_accept: SSL_CTX_new failed"); + return 1; + } + + if (SSL_CTX_use_RSAPrivateKey_file(self->ctx, self->key, SSL_FILETYPE_PEM) + <= 0) + { + g_writeln("xrdp_tls_accept: SSL_CTX_use_RSAPrivateKey_file failed"); + return 1; + } + + self->ssl = SSL_new(self->ctx); + + if (self->ssl == NULL) + { + g_writeln("xrdp_tls_accept: SSL_new failed"); + return 1; + } + + if (SSL_use_certificate_file(self->ssl, self->cert, SSL_FILETYPE_PEM) <= 0) + { + g_writeln("xrdp_tls_accept: SSL_use_certificate_file failed"); + return 1; + } + + if (SSL_set_fd(self->ssl, self->trans->sck) < 1) + { + g_writeln("xrdp_tls_accept: SSL_set_fd failed"); + return 1; + } + + connection_status = SSL_accept(self->ssl); + + if (connection_status <= 0) + { + if (xrdp_tls_print_error("SSL_accept", self->ssl, connection_status)) + { + return 1; + } + } + + g_writeln("xrdp_tls_accept: TLS connection accepted"); + + return 0; } /*****************************************************************************/ int APP_CC xrdp_tls_print_error(char *func, SSL *connection, int value) { - switch (SSL_get_error(connection, value)) - { - case SSL_ERROR_ZERO_RETURN: - g_writeln("xrdp_tls_print_error: %s: Server closed TLS connection", func); - return 1; - - case SSL_ERROR_WANT_READ: - g_writeln("xrdp_tls_print_error: SSL_ERROR_WANT_READ"); - return 0; - - case SSL_ERROR_WANT_WRITE: - g_writeln("xrdp_tls_print_error: SSL_ERROR_WANT_WRITE"); - return 0; - - case SSL_ERROR_SYSCALL: - g_writeln("xrdp_tls_print_error: %s: I/O error", func); - return 1; - - case SSL_ERROR_SSL: - g_writeln("xrdp_tls_print_error: %s: Failure in SSL library (protocol error?)", func); - return 1; - - default: - g_writeln("xrdp_tls_print_error: %s: Unknown error", func); - return 1; - } + switch (SSL_get_error(connection, value)) + { + case SSL_ERROR_ZERO_RETURN: + g_writeln("xrdp_tls_print_error: %s: Server closed TLS connection", + func); + return 1; + + case SSL_ERROR_WANT_READ: + g_writeln("xrdp_tls_print_error: SSL_ERROR_WANT_READ"); + return 0; + + case SSL_ERROR_WANT_WRITE: + g_writeln("xrdp_tls_print_error: SSL_ERROR_WANT_WRITE"); + return 0; + + case SSL_ERROR_SYSCALL: + g_writeln("xrdp_tls_print_error: %s: I/O error", func); + return 1; + + case SSL_ERROR_SSL: + g_writeln( + "xrdp_tls_print_error: %s: Failure in SSL library (protocol error?)", + func); + return 1; + + default: + g_writeln("xrdp_tls_print_error: %s: Unknown error", func); + return 1; + } } /*****************************************************************************/ int APP_CC xrdp_tls_disconnect(struct xrdp_tls *self) { - int status = SSL_shutdown(self->ssl); - while (status != 1) - { - status = SSL_shutdown(self->ssl); - - if (status <= 0) { - if (xrdp_tls_print_error("SSL_shutdown", self->ssl, status)) - { - return 1; - } - } - } - return 0; + int status = SSL_shutdown(self->ssl); + while (status != 1) + { + status = SSL_shutdown(self->ssl); + + if (status <= 0) + { + if (xrdp_tls_print_error("SSL_shutdown", self->ssl, status)) + { + return 1; + } + } + } + return 0; } /*****************************************************************************/ void APP_CC xrdp_tls_delete(struct xrdp_tls *self) { - if (self != NULL) - { - if (self->ssl) - SSL_free(self->ssl); + if (self != NULL) + { + if (self->ssl) + SSL_free(self->ssl); - if (self->ctx) - SSL_CTX_free(self->ctx); + if (self->ctx) + SSL_CTX_free(self->ctx); - g_free(self); - } + g_free(self); + } } /*****************************************************************************/ int APP_CC xrdp_tls_read(struct xrdp_tls *tls, unsigned char *data, int length) { - int status; - - status = SSL_read(tls->ssl, data, length); + int status; - switch (SSL_get_error(tls->ssl, status)) - { - case SSL_ERROR_NONE: - break; + status = SSL_read(tls->ssl, data, length); - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - status = 0; - break; - - default: - xrdp_tls_print_error("SSL_read", tls->ssl, status); - status = -1; - break; - } + switch (SSL_get_error(tls->ssl, status)) + { + case SSL_ERROR_NONE: + break; + + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + status = 0; + break; + + default: + xrdp_tls_print_error("SSL_read", tls->ssl, status); + status = -1; + break; + } - return status; + return status; } /*****************************************************************************/ int APP_CC xrdp_tls_write(struct xrdp_tls *tls, unsigned char *data, int length) { - int status; - - status = SSL_write(tls->ssl, data, length); + int status; - switch (SSL_get_error(tls->ssl, status)) - { - case SSL_ERROR_NONE: - break; + status = SSL_write(tls->ssl, data, length); - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - status = 0; - break; - - default: - xrdp_tls_print_error("SSL_write", tls->ssl, status); - status = -1; - break; - } + switch (SSL_get_error(tls->ssl, status)) + { + case SSL_ERROR_NONE: + break; + + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + status = 0; + break; + + default: + xrdp_tls_print_error("SSL_write", tls->ssl, status); + status = -1; + break; + } - return status; + return status; } /*****************************************************************************/ int APP_CC @@ -261,7 +274,7 @@ xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size) return 1; } - rcvd = xrdp_tls_read(self->tls, in_s->end, size); + rcvd = xrdp_tls_read(self->tls, in_s->end, size); if (rcvd == -1) { @@ -317,7 +330,7 @@ xrdp_tls_force_write_s(struct trans *self, struct stream *out_s) return 1; } - size = (int)(out_s->end - out_s->data); + size = (int) (out_s->end - out_s->data); total = 0; if (xrdp_tls_send_waiting(self, 1) != 0) @@ -328,7 +341,7 @@ xrdp_tls_force_write_s(struct trans *self, struct stream *out_s) while (total < size) { - sent = xrdp_tls_write(self->tls, out_s->data + total, size - total); + sent = xrdp_tls_write(self->tls, out_s->data + total, size - total); if (sent == -1) { From 57b0495bc7f2b7c433f53d34700a88bf45048c38 Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Fri, 25 Jul 2014 22:24:40 -0700 Subject: [PATCH 20/22] common: indent, not logic change --- common/xrdp_rail.h | 100 ++++++++++++++++++++++----------------------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/common/xrdp_rail.h b/common/xrdp_rail.h index 26605cd9..b93672be 100644 --- a/common/xrdp_rail.h +++ b/common/xrdp_rail.h @@ -72,76 +72,76 @@ struct rail_icon_info { - int bpp; - int width; - int height; - int cmap_bytes; - int mask_bytes; - int data_bytes; - char* mask; - char* cmap; - char* data; + int bpp; + int width; + int height; + int cmap_bytes; + int mask_bytes; + int data_bytes; + char *mask; + char *cmap; + char *data; }; struct rail_window_rect { - short left; - short top; - short right; - short bottom; + short left; + short top; + short right; + short bottom; }; struct rail_notify_icon_infotip { - int timeout; - int flags; - char* text; - char* title; + int timeout; + int flags; + char *text; + char *title; }; struct rail_window_state_order { - int owner_window_id; - int style; - int extended_style; - int show_state; - char* title_info; - int client_offset_x; - int client_offset_y; - int client_area_width; - int client_area_height; - int rp_content; - int root_parent_handle; - int window_offset_x; - int window_offset_y; - int window_client_delta_x; - int window_client_delta_y; - int window_width; - int window_height; - int num_window_rects; - struct rail_window_rect* window_rects; - int visible_offset_x; - int visible_offset_y; - int num_visibility_rects; - struct rail_window_rect* visibility_rects; + int owner_window_id; + int style; + int extended_style; + int show_state; + char *title_info; + int client_offset_x; + int client_offset_y; + int client_area_width; + int client_area_height; + int rp_content; + int root_parent_handle; + int window_offset_x; + int window_offset_y; + int window_client_delta_x; + int window_client_delta_y; + int window_width; + int window_height; + int num_window_rects; + struct rail_window_rect *window_rects; + int visible_offset_x; + int visible_offset_y; + int num_visibility_rects; + struct rail_window_rect *visibility_rects; }; struct rail_notify_state_order { - int version; - char* tool_tip; - struct rail_notify_icon_infotip infotip; - int state; - int icon_cache_entry; - int icon_cache_id; - struct rail_icon_info icon_info; + int version; + char *tool_tip; + struct rail_notify_icon_infotip infotip; + int state; + int icon_cache_entry; + int icon_cache_id; + struct rail_icon_info icon_info; }; struct rail_monitored_desktop_order { - int active_window_id; - int num_window_ids; - int* window_ids; + int active_window_id; + int num_window_ids; + int *window_ids; }; #endif From 2cb2de7277a8a35e7924f5bd8b61ebcea91d9bdf Mon Sep 17 00:00:00 2001 From: Jay Sorg Date: Fri, 25 Jul 2014 22:42:07 -0700 Subject: [PATCH 21/22] common: log, g_ prefix for global --- common/log.c | 76 ++++++++++++++++++++++++++-------------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/common/log.c b/common/log.c index d7594d67..97053178 100644 --- a/common/log.c +++ b/common/log.c @@ -36,7 +36,7 @@ #include "log.h" /* Here we store the current state and configuration of the log */ -static struct log_config *staticLogConfig = NULL; +static struct log_config *g_staticLogConfig = NULL; /* This file first start with all private functions. In the end of the file the public functions is defined */ @@ -297,7 +297,7 @@ internalReadConfiguration(const char *inFilename, const char *applicationName) param_v->auto_free = 1; /* read logging config */ - ret = internal_config_read_logging(fd, staticLogConfig, param_n, + ret = internal_config_read_logging(fd, g_staticLogConfig, param_n, param_v, applicationName); if (ret != LOG_STARTUP_OK) @@ -394,12 +394,12 @@ enum logReturns DEFAULT_CC internalInitAndAllocStruct(void) { enum logReturns ret = LOG_GENERAL_ERROR; - staticLogConfig = g_malloc(sizeof(struct log_config), 1); + g_staticLogConfig = g_malloc(sizeof(struct log_config), 1); - if (staticLogConfig != NULL) + if (g_staticLogConfig != NULL) { - staticLogConfig->fd = -1; - staticLogConfig->enable_syslog = 0; + g_staticLogConfig->fd = -1; + g_staticLogConfig->enable_syslog = 0; ret = LOG_STARTUP_OK; } else @@ -420,7 +420,7 @@ log_start_from_param(const struct log_config *iniParams) { enum logReturns ret = LOG_GENERAL_ERROR; - if (staticLogConfig != NULL) + if (g_staticLogConfig != NULL) { log_message(LOG_LEVEL_ALWAYS, "Log already initialized"); return ret; @@ -442,24 +442,24 @@ log_start_from_param(const struct log_config *iniParams) return ret; } - staticLogConfig->enable_syslog = iniParams->enable_syslog; - staticLogConfig->fd = iniParams->fd; - staticLogConfig->log_file = g_strdup(iniParams->log_file); - staticLogConfig->log_level = iniParams->log_level; - staticLogConfig->log_lock = iniParams->log_lock; - staticLogConfig->log_lock_attr = iniParams->log_lock_attr; - staticLogConfig->program_name = g_strdup(iniParams->program_name); - staticLogConfig->syslog_level = iniParams->syslog_level; - ret = internal_log_start(staticLogConfig); + g_staticLogConfig->enable_syslog = iniParams->enable_syslog; + g_staticLogConfig->fd = iniParams->fd; + g_staticLogConfig->log_file = g_strdup(iniParams->log_file); + g_staticLogConfig->log_level = iniParams->log_level; + g_staticLogConfig->log_lock = iniParams->log_lock; + g_staticLogConfig->log_lock_attr = iniParams->log_lock_attr; + g_staticLogConfig->program_name = g_strdup(iniParams->program_name); + g_staticLogConfig->syslog_level = iniParams->syslog_level; + ret = internal_log_start(g_staticLogConfig); if (ret != LOG_STARTUP_OK) { g_writeln("Could not start log"); - if (staticLogConfig != NULL) + if (g_staticLogConfig != NULL) { - g_free(staticLogConfig); - staticLogConfig = NULL; + g_free(g_staticLogConfig); + g_staticLogConfig = NULL; } } } @@ -489,16 +489,16 @@ log_start(const char *iniFile, const char *applicationName) if (ret == LOG_STARTUP_OK) { - ret = internal_log_start(staticLogConfig); + ret = internal_log_start(g_staticLogConfig); if (ret != LOG_STARTUP_OK) { g_writeln("Could not start log"); - if (staticLogConfig != NULL) + if (g_staticLogConfig != NULL) { - g_free(staticLogConfig); - staticLogConfig = NULL; + g_free(g_staticLogConfig); + g_staticLogConfig = NULL; } } } @@ -519,12 +519,12 @@ enum logReturns DEFAULT_CC log_end(void) { enum logReturns ret = LOG_GENERAL_ERROR; - ret = internal_log_end(staticLogConfig); + ret = internal_log_end(g_staticLogConfig); - if (staticLogConfig != NULL) + if (g_staticLogConfig != NULL) { - g_free(staticLogConfig); - staticLogConfig = NULL; + g_free(g_staticLogConfig); + g_staticLogConfig = NULL; } return ret; @@ -541,13 +541,13 @@ log_message(const enum logLevels lvl, const char *msg, ...) time_t now_t; struct tm *now; - if (staticLogConfig == NULL) + if (g_staticLogConfig == NULL) { g_writeln("The log reference is NULL - log not initialized properly"); return LOG_ERROR_NO_CFG; } - if (0 > staticLogConfig->fd && staticLogConfig->enable_syslog == 0) + if (0 > g_staticLogConfig->fd && g_staticLogConfig->enable_syslog == 0) { return LOG_ERROR_FILE_NOT_OPEN; } @@ -586,7 +586,7 @@ log_message(const enum logLevels lvl, const char *msg, ...) #endif #endif - if (staticLogConfig->enable_syslog && (lvl <= staticLogConfig->syslog_level)) + if (g_staticLogConfig->enable_syslog && (lvl <= g_staticLogConfig->syslog_level)) { /* log to syslog*/ /* %s fix compiler warning 'not a string literal' */ @@ -594,19 +594,19 @@ log_message(const enum logLevels lvl, const char *msg, ...) tc_get_threadid(), buff + 20); } - if (lvl <= staticLogConfig->log_level) + if (lvl <= g_staticLogConfig->log_level) { /* log to console */ g_printf("%s", buff); /* log to application logfile */ #ifdef LOG_ENABLE_THREAD - pthread_mutex_lock(&(staticLogConfig->log_lock)); + pthread_mutex_lock(&(g_staticLogConfig->log_lock)); #endif - if (staticLogConfig->fd > 0) + if (g_staticLogConfig->fd > 0) { - writereply = g_file_write(staticLogConfig->fd, buff, g_strlen(buff)); + writereply = g_file_write(g_staticLogConfig->fd, buff, g_strlen(buff)); if (writereply <= 0) { @@ -615,7 +615,7 @@ log_message(const enum logLevels lvl, const char *msg, ...) } #ifdef LOG_ENABLE_THREAD - pthread_mutex_unlock(&(staticLogConfig->log_lock)); + pthread_mutex_unlock(&(g_staticLogConfig->log_lock)); #endif } @@ -629,11 +629,11 @@ log_message(const enum logLevels lvl, const char *msg, ...) char *DEFAULT_CC getLogFile(char *replybuf, int bufsize) { - if (staticLogConfig) + if (g_staticLogConfig) { - if (staticLogConfig->log_file) + if (g_staticLogConfig->log_file) { - g_strncpy(replybuf, staticLogConfig->log_file, bufsize); + g_strncpy(replybuf, g_staticLogConfig->log_file, bufsize); } else { From 0f9bd232d91a431f68853a308b768e782ab37ff1 Mon Sep 17 00:00:00 2001 From: speidy Date: Sat, 26 Jul 2014 09:04:22 +0300 Subject: [PATCH 22/22] common: indent fix --- common/trans.c | 12 ++++++------ common/xrdp_tls.c | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/common/trans.c b/common/trans.c index 85af36e0..92ad6e0a 100644 --- a/common/trans.c +++ b/common/trans.c @@ -103,7 +103,7 @@ trans_get_wait_objs(struct trans *self, tbus *objs, int *count) /*****************************************************************************/ int APP_CC trans_get_wait_objs_rw(struct trans *self, tbus *robjs, int *rcount, - tbus *wobjs, int *wcount) + tbus *wobjs, int *wcount) { if (self == 0) { @@ -207,7 +207,7 @@ trans_check_wait_objs(struct trans *self) if (g_tcp_can_recv(self->sck, 0)) { in_sck = g_sck_accept(self->sck, self->addr, sizeof(self->addr), - self->port, sizeof(self->port)); + self->port, sizeof(self->port)); if (in_sck == -1) { @@ -228,15 +228,15 @@ trans_check_wait_objs(struct trans *self) if (self->trans_conn_in != 0) /* is function assigned */ { in_trans = trans_create(self->mode, self->in_s->size, - self->out_s->size); + self->out_s->size); in_trans->sck = in_sck; in_trans->type1 = TRANS_TYPE_SERVER; in_trans->status = TRANS_STATUS_UP; in_trans->is_term = self->is_term; g_strncpy(in_trans->addr, self->addr, - sizeof(self->addr) - 1); + sizeof(self->addr) - 1); g_strncpy(in_trans->port, self->port, - sizeof(self->port) - 1); + sizeof(self->port) - 1); if (self->trans_conn_in(self, in_trans) != 0) { @@ -513,7 +513,7 @@ trans_write_copy(struct trans *self) /*****************************************************************************/ int APP_CC trans_connect(struct trans *self, const char *server, const char *port, - int timeout) + int timeout) { int error; diff --git a/common/xrdp_tls.c b/common/xrdp_tls.c index b370b90f..48f6b827 100644 --- a/common/xrdp_tls.c +++ b/common/xrdp_tls.c @@ -83,8 +83,8 @@ xrdp_tls_accept(struct xrdp_tls *self) self->ctx = SSL_CTX_new(SSLv23_server_method()); /* set context options */ SSL_CTX_set_mode(self->ctx, - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER - | SSL_MODE_ENABLE_PARTIAL_WRITE); + SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | + SSL_MODE_ENABLE_PARTIAL_WRITE); SSL_CTX_set_options(self->ctx, options); SSL_CTX_set_read_ahead(self->ctx, 1); @@ -143,7 +143,7 @@ xrdp_tls_print_error(char *func, SSL *connection, int value) { case SSL_ERROR_ZERO_RETURN: g_writeln("xrdp_tls_print_error: %s: Server closed TLS connection", - func); + func); return 1; case SSL_ERROR_WANT_READ: