From ace9bfffdb609d9eb29b89f6d122d1157b457240 Mon Sep 17 00:00:00 2001 From: Armin Novak Date: Fri, 30 Nov 2018 11:35:40 +0100 Subject: [PATCH] Moved to extended certificate verification API --- client/Mac/MRDPView.h | 16 +++++-- client/Mac/MRDPView.m | 125 +++++++++++++++++++++++++++++++------------------ client/Mac/mf_client.m | 4 +- 3 files changed, 94 insertions(+), 51 deletions(-) diff --git a/client/Mac/MRDPView.h b/client/Mac/MRDPView.h index 3afcce7..1c74a1b 100644 --- a/client/Mac/MRDPView.h +++ b/client/Mac/MRDPView.h @@ -88,10 +88,20 @@ void mac_post_disconnect(freerdp* instance); BOOL mac_authenticate(freerdp* instance, char** username, char** password, char** domain); BOOL mac_gw_authenticate(freerdp* instance, char** username, char** password, - char** domain); + char** domain); -DWORD mac_verify_certificate(freerdp* instance, const char* common_name, const char* subject, const char* issuer, const char* fingerprint, BOOL host_mismatch); -DWORD mac_verify_changed_certificate(freerdp* instance, const char* common_name, const char* subject, const char* issuer, const char* fingerprint, const char* old_subject, const char* old_issuer, const char* old_fingerprint); +DWORD mac_verify_certificate_ex(freerdp* instance, const char* host, UINT16 port, + const char* common_name, const char* subject, + const char* issuer, const char* fingerprint, + DWORD flags); +DWORD mac_verify_changed_certificate_ex(freerdp* instance, const char* host, + UINT16 port, const char* common_name, + const char* subject, const char* issuer, + const char* fingerprint, + const char* old_subject, + const char* old_issuer, + const char* old_fingerprint, + DWORD flags); int mac_logon_error_info(freerdp* instance, UINT32 data, UINT32 type); #endif /* FREERDP_CLIENT_MAC_MRDPVIEW_H */ diff --git a/client/Mac/MRDPView.m b/client/Mac/MRDPView.m index b00c5a9..e9dc950 100644 --- a/client/Mac/MRDPView.m +++ b/client/Mac/MRDPView.m @@ -142,6 +142,7 @@ DWORD WINAPI mac_client_thread(void* param) @autoreleasepool { int status; + DWORD rc; HANDLE events[16]; HANDLE inputEvent; HANDLE inputThread = NULL; @@ -200,15 +201,15 @@ DWORD WINAPI mac_client_thread(void* param) nCount += nCountTmp; } - status = WaitForMultipleObjects(nCount, events, FALSE, INFINITE); + rc = WaitForMultipleObjects(nCount, events, FALSE, INFINITE); - if (status >= (WAIT_OBJECT_0 + nCount)) + if (rc >= (WAIT_OBJECT_0 + nCount)) { - WLog_ERR(TAG, "WaitForMultipleObjects failed (0x%08X)", status); + WLog_ERR(TAG, "WaitForMultipleObjects failed (0x%08X)", rc); break; } - if (status == WAIT_OBJECT_0) + if (rc == WAIT_OBJECT_0) { /* stop event triggered */ break; @@ -307,7 +308,7 @@ DWORD WINAPI mac_client_thread(void* param) { [super mouseMoved:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -320,7 +321,7 @@ DWORD WINAPI mac_client_thread(void* param) { [super mouseDown:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -334,7 +335,7 @@ DWORD WINAPI mac_client_thread(void* param) { [super mouseUp:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -347,7 +348,7 @@ DWORD WINAPI mac_client_thread(void* param) { [super rightMouseDown:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -361,7 +362,7 @@ DWORD WINAPI mac_client_thread(void* param) { [super rightMouseUp:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -374,7 +375,7 @@ DWORD WINAPI mac_client_thread(void* param) { [super otherMouseDown:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -388,7 +389,7 @@ DWORD WINAPI mac_client_thread(void* param) { [super otherMouseUp:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -402,7 +403,7 @@ DWORD WINAPI mac_client_thread(void* param) UINT16 flags; [super scrollWheel:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -427,7 +428,7 @@ DWORD WINAPI mac_client_thread(void* param) { [super mouseDragged:event]; - if (!is_connected) + if (!self.is_connected) return; NSPoint loc = [event locationInWindow]; @@ -910,12 +911,14 @@ void mac_post_disconnect(freerdp* instance) return; PubSub_UnsubscribeChannelConnected(instance->context->pubSub, mac_OnChannelConnectedEventHandler); - PubSub_UnsubscribeChannelDisconnected(instance->context->pubSub, mac_OnChannelDisconnectedEventHandler); + PubSub_UnsubscribeChannelDisconnected(instance->context->pubSub, + mac_OnChannelDisconnectedEventHandler); gdi_free(instance); } -static BOOL mac_authenticate_int(NSString* title, freerdp* instance, char** username, char** password, - char** domain) +static BOOL mac_authenticate_int(NSString* title, freerdp* instance, char** username, + char** password, + char** domain) { mfContext* mfc = (mfContext*) instance->context; MRDPView* view = (MRDPView*) mfc->view; @@ -977,67 +980,98 @@ BOOL mac_authenticate(freerdp* instance, char** username, char** password, char** domain) { NSString* title = [NSString stringWithFormat:@"%@:%u", - [NSString stringWithCString:instance->settings->ServerHostname encoding: - NSUTF8StringEncoding], - instance->settings->ServerPort]; - + [NSString stringWithCString:instance->settings->ServerHostname encoding: + NSUTF8StringEncoding], + instance->settings->ServerPort]; return mac_authenticate_int(title, instance, username, password, domain); } BOOL mac_gw_authenticate(freerdp* instance, char** username, char** password, - char** domain) + char** domain) { NSString* title = [NSString stringWithFormat:@"%@:%u", - [NSString stringWithCString:instance->settings->GatewayHostname encoding: - NSUTF8StringEncoding], - instance->settings->GatewayPort]; - + [NSString stringWithCString:instance->settings->GatewayHostname encoding: + NSUTF8StringEncoding], + instance->settings->GatewayPort]; return mac_authenticate_int(title, instance, username, password, domain); } -DWORD mac_verify_certificate(freerdp* instance, const char* common_name, const char* subject, const char* issuer, const char* fingerprint, BOOL host_mismatch) +DWORD mac_verify_certificate_ex(freerdp* instance, const char* host, UINT16 port, + const char* common_name, const char* subject, + const char* issuer, const char* fingerprint, + DWORD flags) { mfContext* mfc = (mfContext*) instance->context; MRDPView* view = (MRDPView*) mfc->view; CertificateDialog* dialog = [CertificateDialog new]; - dialog.serverHostname = [NSString stringWithFormat:@"TODO: The server name we connect to."]; + const char* type = "RDP-Server"; + char hostname[8192]; + + if (flags & VERIFY_CERT_FLAG_GATEWAY) + type = "RDP-Gateway"; + + if (flags & VERIFY_CERT_FLAG_REDIRECT) + type = "RDP-Redirect"; + + sprintf_s(hostname, sizeof(hostname), "%s %s:%"PRIu16, type, host, port); + dialog.serverHostname = [NSString stringWithCString:hostname]; dialog.commonName = [NSString stringWithCString:common_name encoding: - NSUTF8StringEncoding]; + NSUTF8StringEncoding]; dialog.subject = [NSString stringWithCString:subject encoding: - NSUTF8StringEncoding]; + NSUTF8StringEncoding]; dialog.issuer = [NSString stringWithCString:issuer encoding: - NSUTF8StringEncoding]; + NSUTF8StringEncoding]; dialog.fingerprint = [NSString stringWithCString:fingerprint encoding: - NSUTF8StringEncoding]; - dialog.hostMismatch = host_mismatch; - dialog.changed = FALSE; + NSUTF8StringEncoding]; + + if (flags & VERIFY_CERT_FLAG_MISMATCH) + dialog.hostMismatch = TRUE; + + if (flags & VERIFY_CERT_FLAG_CHANGED) + dialog.changed = TRUE; + [dialog performSelectorOnMainThread:@selector(runModal:) withObject:[view window] waitUntilDone:TRUE]; - return dialog.result; } -DWORD mac_verify_changed_certificate(freerdp* instance, const char* common_name, - const char* subject, const char* issuer, const char* fingerprint, - const char* old_subject, const char* old_issuer, const char* old_fingerprint) +DWORD mac_verify_changed_certificate_ex(freerdp* instance, const char* host, UINT16 port, + const char* common_name, const char* subject, + const char* issuer, const char* fingerprint, + const char* old_subject, const char* old_issuer, + const char* old_fingerprint, DWORD flags) { mfContext* mfc = (mfContext*) instance->context; MRDPView* view = (MRDPView*) mfc->view; CertificateDialog* dialog = [CertificateDialog new]; - dialog.serverHostname = [NSString stringWithFormat:@"TODO: The server name we connect to."]; + const char* type = "RDP-Server"; + char hostname[8192]; + + if (flags & VERIFY_CERT_FLAG_GATEWAY) + type = "RDP-Gateway"; + + if (flags & VERIFY_CERT_FLAG_REDIRECT) + type = "RDP-Redirect"; + + sprintf_s(hostname, sizeof(hostname), "%s %s:%"PRIu16, type, host, port); + dialog.serverHostname = [NSString stringWithCString:hostname]; dialog.commonName = [NSString stringWithCString:common_name encoding: - NSUTF8StringEncoding]; + NSUTF8StringEncoding]; dialog.subject = [NSString stringWithCString:subject encoding: - NSUTF8StringEncoding]; + NSUTF8StringEncoding]; dialog.issuer = [NSString stringWithCString:issuer encoding: - NSUTF8StringEncoding]; + NSUTF8StringEncoding]; dialog.fingerprint = [NSString stringWithCString:fingerprint encoding: - NSUTF8StringEncoding]; - dialog.hostMismatch = FALSE; - dialog.changed = TRUE; + NSUTF8StringEncoding]; + + if (flags & VERIFY_CERT_FLAG_MISMATCH) + dialog.hostMismatch = TRUE; + + if (flags & VERIFY_CERT_FLAG_CHANGED) + dialog.changed = TRUE; + [dialog performSelectorOnMainThread:@selector(runModal:) withObject:[view window] waitUntilDone:TRUE]; - return dialog.result; } @@ -1045,7 +1079,6 @@ int mac_logon_error_info(freerdp* instance, UINT32 data, UINT32 type) { const char* str_data = freerdp_get_logon_error_info_data(data); const char* str_type = freerdp_get_logon_error_info_type(type); - // TODO: Error message dialog WLog_INFO(TAG, "Logon Error Info %s [%s]", str_data, str_type); return 1; diff --git a/client/Mac/mf_client.m b/client/Mac/mf_client.m index 7dc41a7..455231b 100644 --- a/client/Mac/mf_client.m +++ b/client/Mac/mf_client.m @@ -91,8 +91,8 @@ static BOOL mfreerdp_client_new(freerdp* instance, rdpContext* context) context->instance->PostDisconnect = mac_post_disconnect; context->instance->Authenticate = mac_authenticate; context->instance->GatewayAuthenticate = mac_gw_authenticate; - context->instance->VerifyCertificate = mac_verify_certificate; - context->instance->VerifyChangedCertificate = mac_verify_changed_certificate; + context->instance->VerifyCertificateEx = mac_verify_certificate_ex; + context->instance->VerifyChangedCertificateEx = mac_verify_changed_certificate_ex; context->instance->LogonErrorInfo = mac_logon_error_info; context->instance->settings = instance->settings; settings = context->settings; -- 2.7.4