/**
*YGH 25
*/
static void signer_identifier_free(signer_identifier* signer_identifier){
int i;
switch(signer_identifier->type){
case SELF:
break;
case CERTIFICATE_DIGEST_WITH_ECDSAP224:
break;
case CERTIFICATE_DIGEST_WITH_ECDSAP256:
break;
case CERTIFICATE:
certificate_free(&signer_identifier->u.certificate);
break;
case CERTIFICATE_CHAIN:
if(NULL != signer_identifier->u.certificates.buf){
for(i = 0;i<signer_identifier->u.certificates.len;i++){
certificate_free(signer_identifier->u.certificates.buf + i);
}
ARRAY_FREE(&signer_identifier->u.certificates);
}
break;
case CERTIFICATE_DIGETS_WITH_OTHER_ALGORITHM:
break;
default:
if(NULL != signer_identifier->u.id.buf)
ARRAY_FREE(&signer_identifier->u.id);
}
}
/**
*YGH 29
*@version_and_type由证书链中最后一个证书得到
*/
void tobe_encrypted_certificate_response_free(tobe_encrypted_certificate_response*
tobe_encrypted_certificate_response){
int i;
int n = tobe_encrypted_certificate_response->certificate_chain.len - 1;
switch((tobe_encrypted_certificate_response->certificate_chain.buf + n)->version_and_type){
case 2:
break;
case 3:
if(NULL != tobe_encrypted_certificate_response->u.recon_priv.buf)
ARRAY_FREE(&tobe_encrypted_certificate_response->u.recon_priv);
break;
default:
if(NULL != tobe_encrypted_certificate_response->u.other_material.buf)
ARRAY_FREE(&tobe_encrypted_certificate_response->u.other_material);
break;
}
if(NULL != tobe_encrypted_certificate_response->crl_path.buf){
for(i = 0;i<tobe_encrypted_certificate_response->crl_path.len;i++){
crl_free(tobe_encrypted_certificate_response->crl_path.buf + i);
}
ARRAY_FREE(&tobe_encrypted_certificate_response->crl_path);
}
if(NULL != tobe_encrypted_certificate_response->certificate_chain.buf){
for(i = 0;i<tobe_encrypted_certificate_response->certificate_chain.len;i++){
certificate_free(tobe_encrypted_certificate_response->certificate_chain.buf + i);
}
ARRAY_FREE(&tobe_encrypted_certificate_response->certificate_chain);
}
}
static int file_2_ca_cert(struct cmp_db* cmdb,int fd){
u8* buf = NULL;
u32 len = 400;//预估cerficate有多大。
u32 size;
buf = (u8*)malloc(len);
if(buf == NULL){
wave_error_printf("内存分配失败");
return -1;
}
pthread_mutex_lock(&cmdb->lock);
if( file_2_element(fd,&cmdb->ca_cmh,sizeof(cmdb->ca_cmh))){
pthread_mutex_unlock(&cmdb->lock);
return -1;
}
if( (size = read(fd,buf,len)) < 0 ){
wave_error_printf("读取失败");
pthread_mutex_unlock(&cmdb->lock);
return -1;
}
if(buf_2_certificate(&cmdb->ca_cert,buf,size)){
certificate_free(&cmdb->ca_cert);
wave_error_printf("cmpd证书读取失败");
pthread_mutex_unlock(&cmdb->lock);
return -1;
}
pthread_mutex_unlock(&cmdb->lock);
return 0;
}
void settings_free(rdpSettings* settings)
{
if (settings != NULL)
{
freerdp_uniconv_free(settings->uniconv);
xfree(settings->hostname);
xfree(settings->username);
xfree(settings->password);
xfree(settings->domain);
xfree(settings->shell);
xfree(settings->directory);
xfree(settings->ip_address);
xfree(settings->client_dir);
xfree(settings->cert_file);
xfree(settings->privatekey_file);
freerdp_blob_free(settings->server_random);
freerdp_blob_free(settings->server_certificate);
xfree(settings->server_random);
xfree(settings->server_certificate);
xfree(settings->rdp_key_file);
certificate_free(settings->server_cert);
xfree(settings->client_auto_reconnect_cookie);
xfree(settings->server_auto_reconnect_cookie);
xfree(settings->client_time_zone);
xfree(settings->bitmapCacheV2CellInfo);
xfree(settings->glyphCache);
xfree(settings->fragCache);
key_free(settings->server_key);
xfree(settings->config_path);
xfree(settings->current_path);
xfree(settings->development_path);
xfree(settings);
}
}
BOOL gcc_read_server_security_data(wStream* s, rdpSettings* settings)
{
BYTE* data;
UINT32 length;
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read_UINT32(s, settings->EncryptionMethods); /* encryptionMethod */
Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */
if (settings->EncryptionMethods == 0 && settings->EncryptionLevel == 0)
{
/* serverRandom and serverRandom must not be present */
settings->DisableEncryption = FALSE;
settings->EncryptionMethods = ENCRYPTION_METHOD_NONE;
settings->EncryptionLevel = ENCRYPTION_LEVEL_NONE;
return TRUE;
}
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */
Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */
if (Stream_GetRemainingLength(s) < settings->ServerRandomLength + settings->ServerCertificateLength)
return FALSE;
if (settings->ServerRandomLength > 0)
{
/* serverRandom */
settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength);
Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength);
}
else
{
return FALSE;
}
if (settings->ServerCertificateLength > 0)
{
/* serverCertificate */
settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength);
Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength);
certificate_free(settings->RdpServerCertificate);
settings->RdpServerCertificate = certificate_new();
data = settings->ServerCertificate;
length = settings->ServerCertificateLength;
if (certificate_read_server_certificate(settings->RdpServerCertificate, data, length) < 1)
return FALSE;
}
else
{
return FALSE;
}
return TRUE;
}
void freerdp_settings_free(rdpSettings* settings)
{
if (settings)
{
free(settings->ServerHostname);
free(settings->Username);
free(settings->Password);
free(settings->Domain);
free(settings->PasswordHash);
free(settings->AlternateShell);
free(settings->ShellWorkingDirectory);
free(settings->ComputerName);
free(settings->ChannelDefArray);
free(settings->MonitorDefArray);
free(settings->ClientAddress);
free(settings->ClientDir);
free(settings->PermittedTLSCiphers);
free(settings->CertificateFile);
free(settings->PrivateKeyFile);
free(settings->ConnectionFile);
free(settings->AssistanceFile);
free(settings->ReceivedCapabilities);
free(settings->OrderSupport);
free(settings->ClientHostname);
free(settings->ClientProductId);
free(settings->ServerRandom);
free(settings->ClientRandom);
free(settings->ServerCertificate);
free(settings->RdpKeyFile);
certificate_free(settings->RdpServerCertificate);
free(settings->ClientAutoReconnectCookie);
free(settings->ServerAutoReconnectCookie);
free(settings->ClientTimeZone);
free(settings->BitmapCacheV2CellInfo);
free(settings->GlyphCache);
free(settings->FragCache);
key_free(settings->RdpServerRsaKey);
free(settings->ConfigPath);
free(settings->CurrentPath);
free(settings->HomePath);
free(settings->LoadBalanceInfo);
free(settings->TargetNetAddress);
free(settings->RedirectionTargetFQDN);
free(settings->RedirectionTargetNetBiosName);
free(settings->RedirectionUsername);
free(settings->RedirectionDomain);
free(settings->RedirectionPassword);
free(settings->RedirectionTsvUrl);
free(settings->RemoteAssistanceSessionId);
free(settings->AuthenticationServiceClass);
freerdp_target_net_addresses_free(settings);
freerdp_device_collection_free(settings);
freerdp_static_channel_collection_free(settings);
freerdp_dynamic_channel_collection_free(settings);
free(settings->SettingsModified);
free(settings);
}
}
boolean gcc_read_server_security_data(STREAM* s, rdpSettings *settings)
{
uint32 serverRandomLen;
uint32 serverCertLen;
uint8* data;
uint32 len;
stream_read_uint32(s, settings->encryption_method); /* encryptionMethod */
stream_read_uint32(s, settings->encryption_level); /* encryptionLevel */
if (settings->encryption_method == 0 && settings->encryption_level == 0)
{
/* serverRandom and serverRandom must not be present */
settings->encryption = false;
settings->encryption_method = ENCRYPTION_METHOD_NONE;
settings->encryption_level = ENCRYPTION_LEVEL_NONE;
return true;
}
stream_read_uint32(s, serverRandomLen); /* serverRandomLen */
stream_read_uint32(s, serverCertLen); /* serverCertLen */
if (serverRandomLen > 0)
{
/* serverRandom */
freerdp_blob_alloc(&settings->server_random, serverRandomLen);
memcpy(settings->server_random.data, s->p, serverRandomLen);
stream_seek(s, serverRandomLen);
}
else
{
return false;
}
if (serverCertLen > 0)
{
/* serverCertificate */
freerdp_blob_alloc(&settings->server_certificate, serverCertLen);
memcpy(settings->server_certificate.data, s->p, serverCertLen);
stream_seek(s, serverCertLen);
certificate_free(settings->server_cert);
settings->server_cert = certificate_new();
data = settings->server_certificate.data;
len = settings->server_certificate.length;
if (!certificate_read_server_certificate(settings->server_cert, data, len))
{
return false;
}
}
else
{
return false;
}
return true;
}
boolean gcc_read_server_security_data(STREAM* s, rdpSettings* settings)
{
uint8* data;
uint32 length;
stream_read_uint32(s, settings->encryption_method); /* encryptionMethod */
stream_read_uint32(s, settings->encryption_level); /* encryptionLevel */
if (settings->encryption_method == 0 && settings->encryption_level == 0)
{
/* serverRandom and serverRandom must not be present */
settings->encryption = false;
settings->encryption_method = ENCRYPTION_METHOD_NONE;
settings->encryption_level = ENCRYPTION_LEVEL_NONE;
return true;
}
stream_read_uint32(s, settings->server_random_length); /* serverRandomLen */
stream_read_uint32(s, settings->server_certificate_length); /* serverCertLen */
if (settings->server_random_length > 0)
{
/* serverRandom */
settings->server_random = (BYTE*) malloc(settings->server_random_length);
stream_read(s, settings->server_random, settings->server_random_length);
}
else
{
return false;
}
if (settings->server_certificate_length > 0)
{
/* serverCertificate */
settings->server_certificate = (BYTE*) malloc(settings->server_certificate_length);
stream_read(s, settings->server_certificate, settings->server_certificate_length);
certificate_free(settings->server_cert);
settings->server_cert = certificate_new();
data = settings->server_certificate;
length = settings->server_certificate_length;
if (!certificate_read_server_certificate(settings->server_cert, data, length))
return false;
}
else
{
return false;
}
return true;
}
void license_free(rdpLicense* license)
{
if (license != NULL)
{
certificate_free(license->certificate);
license_free_product_info(license->product_info);
license_free_binary_blob(license->error_info);
license_free_binary_blob(license->key_exchange_list);
license_free_binary_blob(license->server_certificate);
license_free_binary_blob(license->client_user_name);
license_free_binary_blob(license->client_machine_name);
license_free_binary_blob(license->platform_challenge);
license_free_binary_blob(license->encrypted_platform_challenge);
license_free_binary_blob(license->encrypted_premaster_secret);
license_free_binary_blob(license->encrypted_hwid);
license_free_scope_list(license->scope_list);
xfree(license);
}
}
void freerdp_settings_free(rdpSettings* settings)
{
if (settings != NULL)
{
free(settings->ServerHostname);
free(settings->Username);
free(settings->Password);
free(settings->Domain);
free(settings->AlternateShell);
free(settings->ShellWorkingDirectory);
free(settings->ComputerName);
free(settings->ChannelDefArray);
free(settings->MonitorDefArray);
free(settings->ClientAddress);
free(settings->ClientDir);
free(settings->CertificateFile);
free(settings->PrivateKeyFile);
free(settings->ReceivedCapabilities);
free(settings->OrderSupport);
free(settings->ClientHostname);
free(settings->ClientProductId);
free(settings->ServerRandom);
free(settings->ServerCertificate);
free(settings->RdpKeyFile);
certificate_free(settings->RdpServerCertificate);
free(settings->ClientAutoReconnectCookie);
free(settings->ServerAutoReconnectCookie);
free(settings->ClientTimeZone);
free(settings->BitmapCacheV2CellInfo);
free(settings->GlyphCache);
free(settings->FragCache);
key_free(settings->RdpServerRsaKey);
free(settings->ConfigPath);
free(settings->CurrentPath);
free(settings->HomePath);
free(settings->LoadBalanceInfo);
freerdp_device_collection_free(settings);
freerdp_static_channel_collection_free(settings);
freerdp_dynamic_channel_collection_free(settings);
free(settings->settings_modified);
free(settings);
}
}
void license_free(rdpLicense* license)
{
if (license)
{
free(license->Modulus);
certificate_free(license->certificate);
license_free_product_info(license->ProductInfo);
license_free_binary_blob(license->ErrorInfo);
license_free_binary_blob(license->KeyExchangeList);
license_free_binary_blob(license->ServerCertificate);
license_free_binary_blob(license->ClientUserName);
license_free_binary_blob(license->ClientMachineName);
license_free_binary_blob(license->PlatformChallenge);
license_free_binary_blob(license->EncryptedPlatformChallenge);
license_free_binary_blob(license->EncryptedPremasterSecret);
license_free_binary_blob(license->EncryptedHardwareId);
license_free_scope_list(license->ScopeList);
free(license);
}
}
static void generate_no_ca_cert(certificate *cert,char* name) {
char pwd[100];
string pri;
string ca_pri;
certificate ca_cert;
INIT(ca_cert);
INIT(pri);
INIT(ca_pri);
strcpy(pwd,MAIN_DIR);
strcat(pwd,"issued_cert/");
strcat(pwd,name);
fill_version_and_type(cert);
fill_tobesigned_certificate(cert,pwd,&pri);
file_2_verify_pri("/home/ljh/ljh-wave-1609.2/cert/ca_cert/ca.veri.pri",&ca_pri);
file_2_cert(&ca_cert,"/home/ljh/ljh-wave-1609.2/cert/ca_cert/ca.cert");
certificate_printf(&ca_cert);
cert_signed_cert(&ca_cert,&ca_pri,cert);
string_free(&pri);
string_free(&ca_pri);
certificate_free(&ca_cert);
}
BOOL gcc_read_server_security_data(wStream* s, rdpMcs* mcs)
{
BYTE* data;
UINT32 length;
rdpSettings* settings = mcs->settings;
BOOL validCryptoConfig = FALSE;
UINT32 serverEncryptionMethod;
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read_UINT32(s, serverEncryptionMethod); /* encryptionMethod */
Stream_Read_UINT32(s, settings->EncryptionLevel); /* encryptionLevel */
/* Only accept valid/known encryption methods */
switch (serverEncryptionMethod)
{
case ENCRYPTION_METHOD_NONE:
WLog_DBG(TAG, "Server rdp encryption method: NONE");
break;
case ENCRYPTION_METHOD_40BIT:
WLog_DBG(TAG, "Server rdp encryption method: 40BIT");
break;
case ENCRYPTION_METHOD_56BIT:
WLog_DBG(TAG, "Server rdp encryption method: 56BIT");
break;
case ENCRYPTION_METHOD_128BIT:
WLog_DBG(TAG, "Server rdp encryption method: 128BIT");
break;
case ENCRYPTION_METHOD_FIPS:
WLog_DBG(TAG, "Server rdp encryption method: FIPS");
break;
default:
WLog_ERR(TAG, "Received unknown encryption method %08X", serverEncryptionMethod);
return FALSE;
}
if (settings->UseRdpSecurityLayer && !(settings->EncryptionMethods & serverEncryptionMethod))
{
WLog_WARN(TAG, "Server uses non-advertised encryption method 0x%08X", serverEncryptionMethod);
/* FIXME: Should we return FALSE; in this case ?? */
}
settings->EncryptionMethods = serverEncryptionMethod;
/* Verify encryption level/method combinations according to MS-RDPBCGR Section 5.3.2 */
switch (settings->EncryptionLevel)
{
case ENCRYPTION_LEVEL_NONE:
if (settings->EncryptionMethods == ENCRYPTION_METHOD_NONE)
{
validCryptoConfig = TRUE;
}
break;
case ENCRYPTION_LEVEL_FIPS:
if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
{
validCryptoConfig = TRUE;
}
break;
case ENCRYPTION_LEVEL_LOW:
case ENCRYPTION_LEVEL_HIGH:
case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
if (settings->EncryptionMethods == ENCRYPTION_METHOD_40BIT ||
settings->EncryptionMethods == ENCRYPTION_METHOD_56BIT ||
settings->EncryptionMethods == ENCRYPTION_METHOD_128BIT ||
settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
{
validCryptoConfig = TRUE;
}
break;
default:
WLog_ERR(TAG, "Received unknown encryption level %08X", settings->EncryptionLevel);
}
if (!validCryptoConfig)
{
WLog_ERR(TAG, "Received invalid cryptographic configuration (level=0x%08X method=0x%08X)",
settings->EncryptionLevel, settings->EncryptionMethods);
return FALSE;
}
if (settings->EncryptionLevel == ENCRYPTION_LEVEL_NONE)
{
/* serverRandomLen and serverCertLen must not be present */
settings->UseRdpSecurityLayer = FALSE;
return TRUE;
}
if (Stream_GetRemainingLength(s) < 8)
return FALSE;
Stream_Read_UINT32(s, settings->ServerRandomLength); /* serverRandomLen */
Stream_Read_UINT32(s, settings->ServerCertificateLength); /* serverCertLen */
if (Stream_GetRemainingLength(s) < settings->ServerRandomLength + settings->ServerCertificateLength)
return FALSE;
if ((settings->ServerRandomLength <= 0) || (settings->ServerCertificateLength <= 0))
return FALSE;
/* serverRandom */
settings->ServerRandom = (BYTE*) malloc(settings->ServerRandomLength);
if (!settings->ServerRandom)
return FALSE;
Stream_Read(s, settings->ServerRandom, settings->ServerRandomLength);
/* serverCertificate */
settings->ServerCertificate = (BYTE*) malloc(settings->ServerCertificateLength);
if (!settings->ServerCertificate)
return FALSE;
Stream_Read(s, settings->ServerCertificate, settings->ServerCertificateLength);
certificate_free(settings->RdpServerCertificate);
settings->RdpServerCertificate = certificate_new();
if (!settings->RdpServerCertificate)
return FALSE;
data = settings->ServerCertificate;
length = settings->ServerCertificateLength;
return certificate_read_server_certificate(settings->RdpServerCertificate, data, length);
}
static void* wme_loop(void* sdb){
//启动netlink,
int i = 0;
int recv_data_len = 0;//接收到的整个数据报文的长度
char sbuf[MAX_PAYLOAD];//发送报文缓冲区
char rbuf[MAX_PAYLOAD];//接收报文缓冲区
struct nlmsghdr nlh;
struct msghdr msg;
result ret;
/*
* 签名请求需要用到的参数
* */
struct wme_tobe_signed_wsa s_head;//接收到的需要签名报文头部
struct dot3_signed_wsa s_wsa;
int permission_len = 0;//permission部分报文的长度
struct permission per;
string unsigned_wsa;//接收到的wsa数据部分
serviceinfo_array permissions;//需要填充的permission数组
time32 life_time;
string signed_wsa;
/*
* 验证请求需要用到的参数
* */
struct dot2_tobe_verified_wsa v_head;//接收到的需要验证的报文头部
struct verified_wsa v_wsa;//验证成功需要发送给内核的报文头部
string unverified_wsa;
result_array results;
string wsa_data;
ssp_array ssp_array;
time64_with_standard_deviation generation_time;
time64 expiry_time;
three_d_location location;
struct time32_array last_crl_time;
struct time32_array next_crl_time;
certificate cert;
int fd = dot2_init_netlink(&nlh, &msg);
if(fd < 0){
wave_error_printf("netlink初始化失败");
return;
}
while(1){
memset((char*)NLMSG_DATA(&nlh), 0, MAX_PAYLOAD);
memset(rbuf, 0, MAX_PAYLOAD);
ret = recvmsg(fd, &msg, 0);
if(ret < 0){
wave_error_printf("接收netlink消息失败");
goto destructor;
}
recv_data_len = nlh.nlmsg_len;
memcpy(rbuf, NLMSG_DATA(&nlh), recv_data_len);
//解析报文
char *shift = rbuf;
//0为签名
if(*shift = 0){
INIT(permissions);
INIT(unsigned_wsa);
INIT(signed_wsa);
INIT(s_head);
INIT(s_wsa);
memcpy(&s_head, shift, RECV_S_HEAD_LEN);
life_time = s_head.lifetime;
shift += RECV_S_HEAD_LEN;
unsigned_wsa.len = s_head.wsa_len;
unsigned_wsa.buf = malloc(unsigned_wsa.len);
if(!unsigned_wsa.buf){
wave_malloc_error();
goto destructor;
}
memcpy(unsigned_wsa.buf, shift, unsigned_wsa.len);
shift += unsigned_wsa.len;
permission_len = recv_data_len - RECV_S_HEAD_LEN - unsigned_wsa.len;
permissions.len = 0;
permissions.serviceinfos = malloc(sizeof(serviceinfo)*32);//分配32个为最大的长度
while(permission_len > 0){
memcpy(&per, shift, 4);
shift += 4;
memcpy(&permissions.serviceinfos[permissions.len].max_priority, &per.priority, 1);
permissions.serviceinfos[permissions.len].psid = psidn2h(shift, per.psid_len);
if(per.ssp_len > 0){
permissions.serviceinfos[permissions.len].ssp.len = per.ssp_len;
permissions.serviceinfos[permissions.len].ssp.buf = malloc(per.ssp_len);
if(!permissions.serviceinfos[permissions.len].ssp.buf){
wave_malloc_error();
goto destructor;
}
memcpy(permissions.serviceinfos[permissions.len].ssp.buf, shift, per.ssp_len);
}
else{
permissions.serviceinfos[permissions.len].ssp.len = 0;
permissions.serviceinfos[permissions.len].ssp.buf = NULL;
}
shift += per.ssp_len;
if(per.pssi_len > 4){
wave_error_printf("lsis太长");
goto destructor;
}
permissions.serviceinfos[permissions.len].lsis = 0;
for(i = 0; i < per.pssi_len; i++){
permissions.serviceinfos[permissions.len].lsis += (*shift)*256;
shift++;
}
permissions.len++;
permission_len = permission_len - per.psid_len - per.ssp_len - per.pssi_len - 4;
}
ret = sec_signed_wsa(&sec_db, &unsigned_wsa, &permissions, life_time, &signed_wsa);
memset((char*)NLMSG_DATA(&nlh), 0, MAX_PAYLOAD);
memset(sbuf, 0, MAX_PAYLOAD);
if(ret == SUCCESS){
s_wsa.wsa_len = signed_wsa.len;
s_wsa.broadcast = s_head.broadcast;
s_wsa.change_count = s_head.change_count;
s_wsa.channel = s_head.channel;
s_wsa.result_code = DOT2_SIGN_SUCCESS;
memcpy(sbuf, &s_wsa, sizeof(struct signed_wsa));
memcpy(sbuf+sizeof(struct signed_wsa), signed_wsa.buf, signed_wsa.len);
memcpy(NLMSG_DATA(&nlh), sbuf, signed_wsa.len+sizeof(struct signed_wsa));
}
else{
wave_error_printf("签名失败");
s_wsa.wsa_len = 0;
s_wsa.broadcast = s_head.broadcast;
s_wsa.change_count = s_head.change_count;
s_wsa.channel = s_head.channel;
s_wsa.result_code = DOT2_SIGN_FAILURE;
memcpy(sbuf, &s_wsa, sizeof(struct signed_wsa));
memcpy(NLMSG_DATA(&nlh), sbuf, signed_wsa.len+sizeof(struct signed_wsa));
}
if(sendmsg(fd, &msg, 0) < 0){
wave_error_printf("发送消息给内核失败了");
goto destructor;
}
}
//验证
else if(*shift == 1){
memcpy(&v_head, shift, RECV_V_HEAD_LEN);
shift += RECV_V_HEAD_LEN;
INIT(unverified_wsa);
INIT(results);
INIT(wsa_data);
INIT(ssp_array);
INIT(generation_time);
INIT(expiry_time);
INIT(location);
INIT(last_crl_time);
INIT(next_crl_time);
INIT(cert);
unverified_wsa.len = v_head.wsa_len;
unverified_wsa.buf = malloc(v_head.wsa_len);
if(!unverified_wsa.buf){
wave_malloc_error();
goto destructor;
}
memcpy(unverified_wsa.buf, shift, v_head.wsa_len);
memset((char*)NLMSG_DATA(&nlh), 0, MAX_PAYLOAD);
memset(sbuf, 0, MAX_PAYLOAD);
ret = sec_signed_wsa_verification(&sec_db, &unverified_wsa, &results, &wsa_data, &ssp_array, &generation_time,
&expiry_time, &location, &last_crl_time, &next_crl_time, &cert);
if(ret == SUCCESS){
v_wsa.pid = getpid();
memcpy(v_wsa.src_mac, v_head.src_mac, 6);
v_wsa.rcpi = v_head.rcpi;
v_wsa.result_code[0] = DOT2_SUCCESS;
v_wsa.result_code[1] = DOT2_SUCCESS;
for(i = 0; i < results.len; i++){
if(results.result[i] == UNSECURED){
v_wsa.result_code[1] = DOT2_UNSECURED;
break;
}
}
v_wsa.wsa_len = wsa_data.len;
v_wsa.gen_time = generation_time.time;
v_wsa.expire_time = expiry_time;
v_wsa.ssp_len = 0;
v_wsa.next_crl_time_len = next_crl_time.len*sizeof(time32);
memcpy(sbuf, &v_wsa, sizeof(struct verified_wsa));
memcpy(sbuf+sizeof(struct verified_wsa), wsa_data.buf, wsa_data.len);
char *ssp_shift = sbuf + sizeof(struct verified_wsa) + wsa_data.len;
for(i = 0; i < ssp_array.len; i++){
if(ssp_array.ssps[i].len != 0){
memcpy(ssp_shift, ssp_array.ssps[i].buf, ssp_array.ssps[i].len);
ssp_shift += ssp_array.ssps[i].len;
v_wsa.ssp_len += ssp_array.ssps[i].len;
}
else{
*ssp_shift = '\0';
ssp_shift++;
v_wsa.ssp_len++;
}
}
memcpy(ssp_shift, next_crl_time.times, sizeof(time32)*next_crl_time.len);
memcpy(NLMSG_DATA(&nlh), sbuf, sizeof(struct verified_wsa)+v_wsa.wsa_len+v_wsa.ssp_len+v_wsa.next_crl_time_len);
}
else if(ret == INVALID_INPUT){
v_wsa.pid = getpid();
memcpy(v_wsa.src_mac, v_head.src_mac, 6);
v_wsa.rcpi = v_head.rcpi;
v_wsa.result_code[0] = DOT2_INVALID_INPUT;
v_wsa.result_code[1] = DOT2_INVALID_INPUT;
v_wsa.wsa_len = 0;
v_wsa.gen_time = 0;
v_wsa.expire_time = 0;
v_wsa.ssp_len = 0;
v_wsa.next_crl_time_len = 0;
memcpy(sbuf, &v_wsa, sizeof(struct verified_wsa));
memcpy(NLMSG_DATA(&nlh), sbuf, sizeof(struct verified_wsa));
}
else{
v_wsa.pid = getpid();
memcpy(v_wsa.src_mac, v_head.src_mac, 6);
v_wsa.rcpi = v_head.rcpi;
v_wsa.result_code[0] = DOT2_OTHER_FALURE;
v_wsa.result_code[1] = DOT2_OTHER_FALURE;
for(i = 0; i < results.len; i++){
if(results.result[i] == UNSECURED){
v_wsa.result_code[1] = DOT2_UNSECURED;
break;
}
}
v_wsa.wsa_len = wsa_data.len;
v_wsa.gen_time = generation_time.time;
v_wsa.expire_time = expiry_time;
v_wsa.ssp_len = 0;
v_wsa.next_crl_time_len = next_crl_time.len*sizeof(time32);
memcpy(sbuf, &v_wsa, sizeof(struct verified_wsa));
memcpy(sbuf+sizeof(struct verified_wsa), wsa_data.buf, wsa_data.len);
memcpy(NLMSG_DATA(&nlh), sbuf, sizeof(struct verified_wsa)+v_wsa.wsa_len);
}
if(sendmsg(fd, &msg, 0) < 0){
wave_error_printf("发送消息给内核失败了");
goto destructor;
}
}
else
wave_error_printf("不支持的dot3请求类型");
destructor:
string_free(&unsigned_wsa);
string_free(&signed_wsa);
serviceinfo_array_free(&permissions);
string_free(&unverified_wsa);
string_free(&wsa_data);
ssp_array_free(&ssp_array);
result_array_free(&results);
time32_array_free(&last_crl_time);
time32_array_free(&next_crl_time);
certificate_free(&cert);
}
}
void freerdp_settings_free(rdpSettings* settings)
{
if (!settings)
return;
free(settings->ServerHostname);
free(settings->Username);
free(settings->Password);
free(settings->Domain);
free(settings->PasswordHash);
free(settings->AlternateShell);
free(settings->ShellWorkingDirectory);
free(settings->ComputerName);
free(settings->ChannelDefArray);
free(settings->MonitorDefArray);
free(settings->MonitorIds);
free(settings->ClientAddress);
free(settings->ClientDir);
free(settings->AllowedTlsCiphers);
free(settings->NtlmSamFile);
free(settings->CertificateFile);
free(settings->PrivateKeyFile);
free(settings->ConnectionFile);
free(settings->AssistanceFile);
free(settings->ReceivedCapabilities);
free(settings->OrderSupport);
free(settings->ClientHostname);
free(settings->ClientProductId);
free(settings->ServerRandom);
free(settings->ClientRandom);
free(settings->ServerCertificate);
free(settings->RdpKeyFile);
certificate_free(settings->RdpServerCertificate);
free(settings->CertificateContent);
free(settings->PrivateKeyContent);
free(settings->RdpKeyContent);
free(settings->ClientAutoReconnectCookie);
free(settings->ServerAutoReconnectCookie);
free(settings->ClientTimeZone);
free(settings->BitmapCacheV2CellInfo);
free(settings->GlyphCache);
free(settings->FragCache);
key_free(settings->RdpServerRsaKey);
free(settings->ConfigPath);
free(settings->CurrentPath);
free(settings->HomePath);
free(settings->LoadBalanceInfo);
free(settings->TargetNetAddress);
free(settings->RedirectionTargetFQDN);
free(settings->RedirectionTargetNetBiosName);
free(settings->RedirectionUsername);
free(settings->RedirectionDomain);
free(settings->RedirectionPassword);
free(settings->RedirectionTsvUrl);
free(settings->RemoteAssistanceSessionId);
free(settings->RemoteAssistancePassword);
free(settings->RemoteAssistancePassStub);
free(settings->RemoteAssistanceRCTicket);
free(settings->AuthenticationServiceClass);
free(settings->GatewayHostname);
free(settings->GatewayUsername);
free(settings->GatewayPassword);
free(settings->GatewayDomain);
free(settings->CertificateName);
free(settings->DynamicDSTTimeZoneKeyName);
free(settings->PreconnectionBlob);
free(settings->KerberosKdc);
free(settings->KerberosRealm);
free(settings->DumpRemoteFxFile);
free(settings->PlayRemoteFxFile);
free(settings->RemoteApplicationName);
free(settings->RemoteApplicationIcon);
free(settings->RemoteApplicationProgram);
free(settings->RemoteApplicationFile);
free(settings->RemoteApplicationGuid);
free(settings->RemoteApplicationCmdLine);
free(settings->ImeFileName);
free(settings->DrivesToRedirect);
free(settings->WindowTitle);
free(settings->WmClass);
freerdp_target_net_addresses_free(settings);
freerdp_device_collection_free(settings);
freerdp_static_channel_collection_free(settings);
freerdp_dynamic_channel_collection_free(settings);
free(settings->SettingsModified);
free(settings);
}
