summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--common/trans.c74
-rw-r--r--common/trans.h14
-rw-r--r--common/xrdp_tls.c179
-rw-r--r--libxrdp/xrdp_rdp.c9
-rw-r--r--libxrdp/xrdp_sec.c28
5 files changed, 68 insertions, 236 deletions
diff --git a/common/trans.c b/common/trans.c
index e9fc7bd5..5503ea61 100644
--- a/common/trans.c
+++ b/common/trans.c
@@ -24,6 +24,42 @@
#include "parse.h"
/*****************************************************************************/
+int APP_CC
+trans_tls_recv(struct trans *self, void *ptr, int len)
+{
+ if (self->tls == NULL)
+ {
+ return 1;
+ }
+ return xrdp_tls_read(self->tls, ptr, len);
+}
+
+/*****************************************************************************/
+int APP_CC
+trans_tls_send(struct trans *self, const void *data, int len)
+{
+ if (self->tls == NULL)
+ {
+ return 1;
+ }
+ return xrdp_tls_write(self->tls, data, len);
+}
+
+/*****************************************************************************/
+int APP_CC
+trans_tcp_recv(struct trans *self, void *ptr, int len)
+{
+ return g_tcp_recv(self->sck, ptr, len, 0);
+}
+
+/*****************************************************************************/
+int APP_CC
+trans_tcp_send(struct trans *self, const void *data, int len)
+{
+ return g_tcp_send(self->sck, data, len, 0);
+}
+
+/*****************************************************************************/
struct trans *
APP_CC
trans_create(int mode, int in_size, int out_size)
@@ -40,9 +76,9 @@ trans_create(int mode, int in_size, int out_size)
init_stream(self->out_s, out_size);
self->mode = mode;
self->tls = 0;
- /* assign tcp functions */
- self->trans_read_call = trans_tcp_force_read_s;
- self->trans_write_call = trans_tcp_force_write_s;
+ /* assign tcp calls by default */
+ self->trans_recv = trans_tcp_recv;
+ self->trans_send = trans_tcp_send;
}
return self;
@@ -147,7 +183,7 @@ send_waiting(struct trans *self, int block)
if (g_tcp_can_send(self->sck, timeout))
{
bytes = (int) (temp_s->end - temp_s->p);
- sent = g_tcp_send(self->sck, temp_s->p, bytes, 0);
+ sent = self->trans_send(self, temp_s->p, bytes);
if (sent > 0)
{
temp_s->p += sent;
@@ -259,7 +295,7 @@ trans_check_wait_objs(struct trans *self)
if (to_read > 0)
{
- read_bytes = g_tcp_recv(self->sck, self->in_s->end, to_read, 0);
+ read_bytes = self->trans_recv(self, self->in_s->end, to_read);
if (read_bytes == -1)
{
@@ -314,12 +350,6 @@ trans_check_wait_objs(struct trans *self)
int APP_CC
trans_force_read_s(struct trans *self, struct stream *in_s, int size)
{
- return self->trans_read_call(self, in_s, size);
-}
-/*****************************************************************************/
-int APP_CC
-trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size)
-{
int rcvd;
if (self->status != TRANS_STATUS_UP)
@@ -335,7 +365,7 @@ trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size)
return 1;
}
- rcvd = g_tcp_recv(self->sck, in_s->end, size, 0);
+ rcvd = self->trans_recv(self, in_s->end, size);
if (rcvd == -1)
{
@@ -389,12 +419,6 @@ trans_force_read(struct trans *self, int size)
int APP_CC
trans_force_write_s(struct trans *self, struct stream *out_s)
{
- return self->trans_write_call(self, out_s);
-}
-/*****************************************************************************/
-int APP_CC
-trans_tcp_force_write_s(struct trans *self, struct stream *out_s)
-{
int size;
int total;
int sent;
@@ -415,7 +439,7 @@ trans_tcp_force_write_s(struct trans *self, struct stream *out_s)
while (total < size)
{
- sent = g_tcp_send(self->sck, out_s->data + total, size - total, 0);
+ sent = self->trans_send(self, out_s->data + total, size - total);
if (sent == -1)
{
@@ -690,8 +714,8 @@ trans_set_tls_mode(struct trans *self, const char *key, const char *cert)
}
/* assign tls functions */
- self->trans_read_call = xrdp_tls_force_read_s;
- self->trans_write_call = xrdp_tls_force_write_s;
+ self->trans_recv = trans_tls_recv;
+ self->trans_send = trans_tls_send;
return 0;
}
@@ -705,9 +729,9 @@ trans_shutdown_tls_mode(struct trans *self)
return xrdp_tls_disconnect(self->tls);
}
- /* set callback back to tcp
- self->trans_read_call = trans_tcp_force_read_s;
- self->trans_write_call = trans_tcp_force_write_s;
- */
+ /* assign callback back to tcp cal */
+ self->trans_recv = trans_tcp_recv;
+ self->trans_send = trans_tcp_send;
+
return 0;
}
diff --git a/common/trans.h b/common/trans.h
index c5fe49e6..a169e9cb 100644
--- a/common/trans.h
+++ b/common/trans.h
@@ -41,8 +41,8 @@ typedef int (DEFAULT_CC *ttrans_data_in)(struct trans* self);
typedef int (DEFAULT_CC *ttrans_conn_in)(struct trans* self,
struct trans* new_self);
typedef int (DEFAULT_CC *tis_term)(void);
-typedef int (APP_CC *trans_read_call) (struct trans *self, struct stream *in_s, int size);
-typedef int (APP_CC *trans_write_call) (struct trans *self, struct stream *out_s);
+typedef int (APP_CC *trans_recv) (struct trans *self, void *ptr, int len);
+typedef int (APP_CC *trans_send) (struct trans *self, const void *data, int len);
struct trans
{
@@ -64,8 +64,8 @@ struct trans
int no_stream_init_on_data_in;
int extra_flags; /* user defined */
struct xrdp_tls *tls;
- trans_read_call trans_read_call;
- trans_write_call trans_write_call;
+ trans_recv trans_recv;
+ trans_send trans_send;
};
/* xrdp_tls */
@@ -87,10 +87,6 @@ int APP_CC
xrdp_tls_disconnect(struct xrdp_tls *self);
void APP_CC
xrdp_tls_delete(struct xrdp_tls *self);
-int APP_CC
-xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size);
-int APP_CC
-xrdp_tls_force_write_s(struct trans *self, struct stream *out_s);
struct trans* APP_CC
trans_create(int mode, int in_size, int out_size);
@@ -132,6 +128,6 @@ trans_shutdown_tls_mode(struct trans *self);
int APP_CC
trans_tcp_force_read_s(struct trans *self, struct stream *in_s, int size);
int APP_CC
-trans_tcp_force_write_s(struct trans *self, struct stream *out_s);
+trans_force_write_s(struct trans *self, struct stream *out_s);
#endif
diff --git a/common/xrdp_tls.c b/common/xrdp_tls.c
index 589bb598..28f1af55 100644
--- a/common/xrdp_tls.c
+++ b/common/xrdp_tls.c
@@ -266,183 +266,4 @@ xrdp_tls_write(struct xrdp_tls *tls, char *data, int length)
return status;
}
-/*****************************************************************************/
-int APP_CC
-xrdp_tls_force_read_s(struct trans *self, struct stream *in_s, int size)
-{
- int rcvd;
-
- if (self->status != TRANS_STATUS_UP)
- {
- return 1;
- }
-
- while (size > 0)
- {
- /* make sure stream has room */
- if ((in_s->end + size) > (in_s->data + in_s->size))
- {
- return 1;
- }
-
- rcvd = xrdp_tls_read(self->tls, in_s->end, size);
-
- if (rcvd == -1)
- {
- if (g_tcp_last_error_would_block(self->sck))
- {
- if (!g_tcp_can_recv(self->sck, 100))
- {
- /* check for term here */
- if (self->is_term != 0)
- {
- if (self->is_term())
- {
- /* term */
- self->status = TRANS_STATUS_DOWN;
- return 1;
- }
- }
- }
- }
- else
- {
- /* error */
- self->status = TRANS_STATUS_DOWN;
- return 1;
- }
- }
- else if (rcvd == 0)
- {
- /* error */
- self->status = TRANS_STATUS_DOWN;
- return 1;
- }
- else
- {
- in_s->end += rcvd;
- size -= rcvd;
- }
- }
-
- return 0;
-}
-
-/*****************************************************************************/
-int APP_CC
-xrdp_tls_send_waiting(struct trans *self, int block)
-{
- struct stream *temp_s;
- int bytes;
- int sent;
- int timeout;
- int cont;
-
- timeout = block ? 100 : 0;
- cont = 1;
- while (cont)
- {
- if (self->wait_s != 0)
- {
- temp_s = self->wait_s;
- if (g_tcp_can_send(self->sck, timeout))
- {
- bytes = (int) (temp_s->end - temp_s->p);
- sent = xrdp_tls_write(self->tls, temp_s->p, bytes);
- if (sent > 0)
- {
- temp_s->p += sent;
- if (temp_s->p >= temp_s->end)
- {
- self->wait_s = (struct stream *) (temp_s->next_packet);
- free_stream(temp_s);
- }
- }
- else if (sent == 0)
- {
- return 1;
- }
- else
- {
- if (!g_tcp_last_error_would_block(self->sck))
- {
- return 1;
- }
- }
- }
- }
- else
- {
- break;
- }
- cont = block;
- }
- return 0;
-}
-
-/*****************************************************************************/
-int APP_CC
-xrdp_tls_force_write_s(struct trans *self, struct stream *out_s)
-{
- int size;
- int total;
- int sent;
-
- if (self->status != TRANS_STATUS_UP)
- {
- return 1;
- }
-
- size = (int) (out_s->end - out_s->data);
- total = 0;
-
- if (xrdp_tls_send_waiting(self, 1) != 0)
- {
- self->status = TRANS_STATUS_DOWN;
- return 1;
- }
-
- while (total < size)
- {
- sent = xrdp_tls_write(self->tls, out_s->data + total, size - total);
-
- if (sent == -1)
- {
- if (g_tcp_last_error_would_block(self->sck))
- {
- if (!g_tcp_can_send(self->sck, 100))
- {
- /* check for term here */
- if (self->is_term != 0)
- {
- if (self->is_term())
- {
- /* term */
- self->status = TRANS_STATUS_DOWN;
- return 1;
- }
- }
- }
- }
- else
- {
- /* error */
- self->status = TRANS_STATUS_DOWN;
- return 1;
- }
- }
- else if (sent == 0)
- {
- /* error */
- self->status = TRANS_STATUS_DOWN;
- return 1;
- }
- else
- {
- total = total + sent;
- }
- }
-
- return 0;
-}
diff --git a/libxrdp/xrdp_rdp.c b/libxrdp/xrdp_rdp.c
index e0443a3b..4fc83ae8 100644
--- a/libxrdp/xrdp_rdp.c
+++ b/libxrdp/xrdp_rdp.c
@@ -385,15 +385,6 @@ xrdp_rdp_recv(struct xrdp_rdp *self, struct stream *s, int *code)
chan = 0;
error = xrdp_sec_recv(self->sec_layer, s, &chan);
- if (error == 3)
- {
- /* unencrypted confirm active msg arrived */
- s->next_packet = 0;
- *code = 3;
- DEBUG(("out (0) xrdp_rdp_recv"));
- return 0;
- }
-
if (error == -1) /* special code for send demand active */
{
s->next_packet = 0;
diff --git a/libxrdp/xrdp_sec.c b/libxrdp/xrdp_sec.c
index 035b8d54..63957a45 100644
--- a/libxrdp/xrdp_sec.c
+++ b/libxrdp/xrdp_sec.c
@@ -185,6 +185,8 @@ static const tui8 g_fips_ivec[8] =
0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF
};
+static int is_security_header_present = 1; /* next packet should contain security header? */
+
/*****************************************************************************/
static void APP_CC
hex_str_to_bin(char *in, char *out, int out_len)
@@ -1206,17 +1208,9 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan)
return 1;
}
- /* TODO: HACK, we should recognize packets without security header
- However, client info packet and license packet always have security header. */
- if (s->data[17] == 0x13) /* confirm active pdu */
- {
- g_writeln("CONFIRM ACTIVE ARRIVED");
- return 0;
- }
- if (s->data[17] == 0x17 || s->data[16] == 0x17) /* rdp data pdu */
+ if (!is_security_header_present)
{
- g_writeln("RDP DATA ARRIVED");
return 0;
}
@@ -1329,6 +1323,12 @@ xrdp_sec_recv(struct xrdp_sec *self, struct stream *s, int *chan)
return 1;
}
+ if (self->crypt_level == CRYPT_LEVEL_NONE
+ && self->crypt_method == CRYPT_METHOD_NONE)
+ {
+ is_security_header_present = 0; /* in tls mode, no more security header from now on */
+ }
+
DEBUG((" out xrdp_sec_recv"));
return -1; /* special error that means send demand active */
}
@@ -1791,11 +1791,11 @@ xrdp_sec_process_mcs_data_CS_SECURITY(struct xrdp_sec *self, struct stream* s)
found = 1;
}
}
- if (found == 0)
- {
- g_writeln(" can not find client / server agreed encryption method");
- return 1;
- }
+// if (found == 0)
+// {
+// g_writeln(" can not find client / server agreed encryption method");
+// return 1;
+// }
return 0;
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-11-20 03:52:04 +0000