#351 session redirection broken in 1.7.0

v1.8.2
closed-fixed
7
2014-05-21
2011-10-25
m_etscheid
No

Hi,

the support for session redirection for W2003 is broken in 1.7.0. The RDP redirect paket does not contain the complete user name.
Version 1.6.0 works fine.

Discussion

  • m_etscheid

    m_etscheid - 2011-10-26

    Found following changes:

    --- rdesktop-1.7.0.org/rdp.c 2011-04-18 04:21:57.000000000 -0700
    +++ rdesktop-1.7.0/rdp.c 2011-10-26 01:01:00.789038907 -0700
    @@ -1520,7 +1520,7 @@

        /\* read username string \*/
        g\_redirect\_username = \(char \*\) xmalloc\(len + 1\);
    

    - rdp_in_unistr(s, g_redirect_username, strlen(g_redirect_username), len);
    + rdp_in_unistr(s, g_redirect_username, len + 1, len);
    }

    if \(g\_redirect\_flags & PDU\_REDIRECT\_HAS\_DOMAIN\)
    

    --- rdesktop-1.7.0.org/rdesktop.c 2011-04-18 04:21:57.000000000 -0700
    +++ rdesktop-1.7.0/rdesktop.c 2011-10-26 00:58:33.445042788 -0700
    @@ -988,7 +988,7 @@
    STRNCPY(domain, g_redirect_domain, sizeof(domain));
    xfree(g_username);
    g_username = (char *) xmalloc(strlen(g_redirect_username) + 1);
    - STRNCPY(g_username, g_redirect_username, sizeof(g_username));
    + STRNCPY(g_username, g_redirect_username, strlen(g_redirect_username) + 1);
    STRNCPY(password, g_redirect_password, sizeof(password));
    STRNCPY(server, g_redirect_server, sizeof(server));
    flags |= RDP_LOGON_AUTO;

     
  • m_etscheid

    m_etscheid - 2011-10-26
    • summary: session redirection broke in 1.7.0 --> session redirection broken in 1.7.0
    • priority: 5 --> 7
     
  • Peter Åstrand

    Peter Åstrand - 2011-10-26

    I've committed a patch to trunk now. Can you try the latest SVN version and see if it works?

     
  • m_etscheid

    m_etscheid - 2011-10-26
    • status: open --> closed
     
  • m_etscheid

    m_etscheid - 2011-10-26

    I used last SVN version and it works. Thanks

     
  • Peter Åstrand

    Peter Åstrand - 2011-10-26
    • status: closed --> closed-fixed
     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-10-29

    I haven't tried r1639 from svn yet, but I suspect it will not work in my case. The problem I have is that the redirect is coming with a 120 byte cookie instead of a password, so the iconv() on it fails because it's not a unicode string. It's just binary.

    To be clear, I'm sure the username will remain intact after a Broker redurect, but the password will not, so even though a user has entered the correct password they will have to enter it again if they are redirected to a different server. This redirection without re-entering your password feature works correctly in Mac and Windows RDP clients (or so I am told).

    I'm going to work on a patch, but my C skills are super rusty so I'm offering this comment in case someone is inspired to come up with a fix faster than I can.

    I'm also not sure if this bug should be re-opened or if I should open a separate bug for the "password not kept" behavior. I kinda lump it all together in my head as "redirect data not kept intact between receipt and re-connection."

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-10-29

    Sorry, I left out some information. The systems I'm connecting to are setting the flags such that the password field has a length of 120 bytes and is definitely not unicode (I get an EINVAL from iconv()). I also saw at the RDP protocol docs that the password field could also be a cookie (http://msdn.microsoft.com/en-us/library/ee443575(v=PROT.10).aspx). The relevant portion of the protocol text is below the packet diagram and says, "Password (variable): A variable-length array of bytes containing the password used by the user in Unicode format, including a null-terminator or a cookie value that MUST be passed to the target server on successful connection." I think it's the "or a cookie value" portion that is messing stuff up for me.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-10-29

    I tested r1639 and confirmed it does not address the password handling. The result is that a user is prompted for their password again if they are redirected after logging in. From reading the protocol docs, I think the redirect may need to be handled as a re-connect rather than a re-auth? I also get the feeling that I'm in way over my head and should wait to hear from someone with experience with this stuff.

     
  • Peter Åstrand

    Peter Åstrand - 2011-10-31

    Unfortunately it seems like a few people have experience in this area. Your comments are very useful. If it is really iconv that is the problem, it should work if you build rdesktop without iconv support. You can do this by editing the Makefile after running configure. Replace HAVE_ICONV_H and HAVE_ICONV with anything (suggesting adding an X as a prefix).

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-11-17

    I just tried the latest trunk build. I'm still seeing a problem. The username is being passed correctly, but when it tries to redirect to the correct computer, I get a "The user name or password is incorrect". In the console, I get:

    WARNING: rdp_in_unistr: iconv fail, errno 84

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2011-11-17

    I also tried replacing the HAVE_ICONV stuff in the Makefile. That gets rid of iconv error, but the redirect still doesn't work. And I just realized I'm using Win2k8 R2, not win2k3. So maybe it needs to be a different bug report?

     
  • Peter Åstrand

    Peter Åstrand - 2011-11-22
    • status: closed-fixed --> open
     
  • Peter Åstrand

    Peter Åstrand - 2011-11-22

    I think patch r1639 is correct, but there might be other bugs lurking. To everyone that still have problems: Does any revision/version of rdesktop work for you? Ie, does the latest revision cause any regression, or is it just that it still needs some work?

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-03-20

    I just built r1658 (1.7.1post) and tried against our farm with 2008R2 machines, and I redirect is still broken. I dont get any iconv errors this time, it just freezes for a while, then gives me a "broken pipe" error and exits.

    I also tried removing the iconv stuff from the makefile, same error.

    What more info can I provide to help get this fixed?

     
  • Stefano Girolimetti

    This bug seems a duplictae of 2845414.
    I've just left some notes there.
    I'm also affected and I'm on version 1.71.
    We should get this fixed.
    I can provide packet captures / straces if needed.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-10-19

    Hello,

    Please see:
    https://sourceforge.net/tracker/?func=detail&aid=3575645&group_id=24366&atid=381349
    (tracker patches item 3575645)

    Cheers

    Jarek

     
  • Henrik Andersson

    • status: open --> open-fixed
    • Group: v1.7.1 --> NextRelease
     
  • Henrik Andersson

    The server redirection has been rewritten and this is a not an issue anymore.

     
  • Henrik Andersson

    • status: open-fixed --> closed-fixed
    • assigned_to: Henrik Andersson
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks