Merge branch 'feature/v3' of github.com:eomsoft/teleport into feature/v3

client/tp_assist_win/ts_http_rpc.cpp

@@ -4,6 +4,9 @@
 
 #include <commdlg.h>
 #include <ShlObj.h>
+#include <WinCrypt.h>
+
+#pragma comment(lib, "Crypt32.lib")
 
 #include <teleport_const.h>
 
@@ -51,11 +54,12 @@ End Sub
 
 //#ifdef RDP_CLIENT_SYSTEM_BUILTIN
 
+//connect to console:i:%d
 //compression:i:1
 //bitmapcachepersistenable:i:1
 
 std::string rdp_content = "\
-connect to console:i:%d\n\
+administrative session:i:%d\n\
 screen mode id:i:%d\n\
 use multimon:i:0\n\
 desktopwidth:i:%d\n\
@@ -79,7 +83,6 @@ disable full window drag:i:1\n\
 disable menu anims:i:1\n\
 disable themes:i:1\n\
 disable cursor setting:i:1\n\
-bitmapcachepersistenable:i:1\n\
 full address:s:%s:%d\n\
 audiomode:i:0\n\
 redirectprinters:i:0\n\
@@ -105,6 +108,7 @@ rdgiskdcproxy:i:0\n\
 kdcproxyname:s:\n\
 drivestoredirect:s:*\n\
 username:s:%s\n\
+password 51:b:%s\n\
 ";
 
 //redirectdirectx:i:0\n\
@@ -173,6 +177,32 @@ int ts_url_decode(const char *src, int src_len, char *dst, int dst_len, int is_f
 	return i >= src_len ? j : -1;
 }
 
+bool calc_psw51b(const char* password, std::string& ret)
+{
+	DATA_BLOB DataIn;
+	DATA_BLOB DataOut;
+
+	ex_wstr w_pswd;
+	ex_astr2wstr(password, w_pswd, EX_CODEPAGE_ACP);
+
+	DataIn.cbData = w_pswd.length() * sizeof(wchar_t);
+	DataIn.pbData = (BYTE*)w_pswd.c_str();
+
+
+	if (!CryptProtectData(&DataIn, L"psw", NULL, NULL, NULL, 0, &DataOut))
+		return false;
+
+	char szRet[5] = {0};
+	for (int i = 0; i < DataOut.cbData; ++i)
+	{
+		sprintf_s(szRet, 5, "%02X", DataOut.pbData[i]);
+		ret += szRet;
+	}
+	
+	LocalFree(DataOut.pbData);
+	return true;
+}
+
 TsHttpRpc::TsHttpRpc()
 {
 	m_stop = false;
@@ -617,12 +647,28 @@ void TsHttpRpc::_rpc_func_run_client(const ex_astr& func_args, ex_astr& buf)
 			}
 		}
 
+
+		int split_pos = sid.length() - 2;
+		ex_astr real_sid = sid.substr(0, split_pos);
+		ex_astr str_pwd_len = sid.substr(split_pos, sid.length());
+		int n_pwd_len = strtol(str_pwd_len.c_str(), NULL, 16);
+		n_pwd_len -= real_sid.length();
+		n_pwd_len -= 2;
+		char szPwd[256] = { 0 };
+		for (int i = 0; i < n_pwd_len; i++)
+		{
+			szPwd[i] = '*';
+		}
+
+		ex_astr2wstr(real_sid, w_sid);
+
 		w_exe_path = _T("\"");
 		w_exe_path += g_cfg.rdp_app + _T("\" ");
 		w_exe_path += g_cfg.rdp_cmdline;
 
 		ex_wstr rdp_name = g_cfg.rdp_name;
 		if (rdp_name == L"mstsc") {
+// 			w_exe_path += g_cfg.rdp_cmdline;
 			int width = 0;
 			int higth = 0;
 			int cx = 0;
@@ -659,12 +705,23 @@ void TsHttpRpc::_rpc_func_run_client(const ex_astr& func_args, ex_astr& buf)
 			if (rdp_console)
 				console_mode = 1;
 
+			std::string psw51b;
+			if (!calc_psw51b(szPwd, psw51b))
+			{
+				EXLOGE("calc password failed.\n");
+				_create_json_ret(buf, TPE_FAILED);
+				return;
+			}
+
+			real_sid = "01" + real_sid;
+
 			char sz_rdp_file_content[4096] = { 0 };
 			sprintf_s(sz_rdp_file_content, rdp_content.c_str(),
 				console_mode, display, width, higth
 				, cx, cy, cx + width + 100, cy + higth + 100
 				, teleport_ip.c_str(), teleport_port
-				, sid.c_str()
+				, real_sid.c_str()
+				, psw51b.c_str()
 				);
 
 			char sz_file_name[MAX_PATH] = { 0 };
@@ -672,7 +729,7 @@ void TsHttpRpc::_rpc_func_run_client(const ex_astr& func_args, ex_astr& buf)
 			DWORD ret = GetTempPathA(MAX_PATH, temp_path);
 			if (ret <= 0)
 			{
-				printf("fopen failed (%d).\n", GetLastError());
+				EXLOGE("fopen failed (%d).\n", GetLastError());
 				_create_json_ret(buf, TPE_FAILED);
 				return;
 			}
@@ -685,7 +742,7 @@ void TsHttpRpc::_rpc_func_run_client(const ex_astr& func_args, ex_astr& buf)
 			FILE* f = NULL;
 			if (fopen_s(&f, sz_file_name, "wt") != 0)
 			{
-				printf("fopen failed (%d).\n", GetLastError());
+				EXLOGE("fopen failed (%d).\n", GetLastError());
 				_create_json_ret(buf, TPE_OPENFILE);
 				return;
 			}
@@ -698,6 +755,9 @@ void TsHttpRpc::_rpc_func_run_client(const ex_astr& func_args, ex_astr& buf)
 			ex_replace_all(w_exe_path, _T("{tmp_rdp_file}"), tmp_rdp_file);
 		}
 		else if (g_cfg.rdp_name == L"freerdp") {
+// 			w_exe_path += L"{size} {console} {clipboard} {drives} ";
+// 			w_exe_path += g_cfg.rdp_cmdline;
+
 			ex_wstr w_screen;
 
 			if (rdp_w == 0 || rdp_h == 0) {
@@ -721,13 +781,22 @@ void TsHttpRpc::_rpc_func_run_client(const ex_astr& func_args, ex_astr& buf)
 				w_console = L"";
 			}
 
+			ex_wstr w_password;
+			ex_astr2wstr(szPwd, w_password);
+			w_exe_path += L" /p:";
+			w_exe_path += w_password;
+
+			w_sid = L"02" + w_sid;
+
 			w_exe_path += L" /gdi:sw"; // 使用软件渲染，gdi:hw使用硬件加速，但是会出现很多黑块（录像回放时又是正常的！）
-			w_exe_path += L" -grab-keyboard"; // 防止启动FreeRDP后，失去本地键盘响应，必须得先最小化一下FreeRDP窗口（不过貌似不起作用）
+			//w_exe_path += L" -grab-keyboard"; // [new style] 防止启动FreeRDP后，失去本地键盘响应，必须得先最小化一下FreeRDP窗口（不过貌似不起作用）
+			//w_exe_path += L" -K"; // [old style] 防止启动FreeRDP后，失去本地键盘响应，必须得先最小化一下FreeRDP窗口（不过貌似不起作用）
 
 			// 变量替换
 			ex_replace_all(w_exe_path, _T("{size}"), w_screen);
 			ex_replace_all(w_exe_path, _T("{console}"), w_console);
-			ex_replace_all(w_exe_path, _T("{clipboard}"), L"+clipboard");
+			//ex_replace_all(w_exe_path, _T("{clipboard}"), L"+clipboard");
+			ex_replace_all(w_exe_path, _T("{clipboard}"), L"/clipboard");
 			ex_replace_all(w_exe_path, _T("{drives}"), L"/drives");
 		}
 		else {
@@ -849,6 +918,8 @@ void TsHttpRpc::_rpc_func_rdp_play(const ex_astr& func_args, ex_astr& buf)
 	ex_wstr2astr(w_exe_path, utf8_path, EX_CODEPAGE_UTF8);
 	root_ret["cmdline"] = utf8_path;
 
+	EXLOGD(w_exe_path.c_str());
+
 	STARTUPINFO si;
 	PROCESS_INFORMATION pi;
 

server/tp_core/core/ts_session.cpp

@@ -153,9 +153,9 @@ bool TsSessionManager::request_session(ex_astr& sid, TS_CONNECT_INFO* info)
 	if (info->protocol_type == TP_PROTOCOL_TYPE_RDP)
 	{
 		info->ref_count = 1; // 因为RDP连接之前可能会有很长时间用于确认是否连接、是否信任证书，所以很容易超时，我们认为将引用计数+1，防止因超时被清除。
-// 		char szTmp[8] = { 0 };
-// 		snprintf(szTmp, 8, "%02X", (unsigned char)(info->acc_username.length() + info->acc_secret.length()));
-// 		sid += szTmp;
+		char szTmp[8] = { 0 };
+		snprintf(szTmp, 8, "%02X", (unsigned char)(info->acc_username.length() + info->acc_secret.length()));
+		sid += szTmp;
 	}
 
 	return true;

server/www/teleport/static/js/audit/record-list.js

@@ -162,8 +162,8 @@ $app.on_table_host_cell_created = function (tbl, row_id, col_key, cell_obj) {
 
             if (action === 'replay') {
                 if (row_data.protocol_type === TP_PROTOCOL_TYPE_RDP) {
-                    // $app.do_replay_rdp(row_data.id, row_data.user_username, row_data.acc_username, row_data.host_ip, row_data.time_begin);
-                    window.open('/audit/replay/' + row_data.protocol_type + '/' + row_data.id);
+                    $app.do_replay_rdp(row_data.id, row_data.user_username, row_data.acc_username, row_data.host_ip, row_data.time_begin);
+                    // window.open('/audit/replay/' + row_data.protocol_type + '/' + row_data.id);
                 } else if (row_data.protocol_type === TP_PROTOCOL_TYPE_SSH) {
                     window.open('/audit/replay/' + row_data.protocol_type + '/' + row_data.id);
                 }
@@ -292,7 +292,7 @@ $app.on_table_host_render_created = function (render) {
             case TP_SESS_STAT_RUNNING:
                 return '<span class="label label-warning">正在连接</span>';
             case TP_SESS_STAT_STARTED:
-                return '<span class="label label-primary">使用中</span>';
+                return '<span class="label label-success">使用中</span>';
             case TP_SESS_STAT_END:
                 return '<span class="label label-ignore">已结束</span>';
             case TP_SESS_STAT_ERR_AUTH_DENIED:

server/www/teleport/static/js/ops/remote-list.js

@@ -308,6 +308,7 @@ $app.create_dlg_rdp_options = function () {
 
             dlg.rdp_w = _w;
             dlg.rdp_h = _h;
+            dlg.rdp_console = _console;
             Cookies.set('rdp_options', {w: _w, h: _h, 'c': _console}, {path: '/ops/remote'});
 
             $app.connect_remote(dlg.uni_id, dlg.acc_id, dlg.host_id, dlg.protocol_type, dlg.protocol_sub_type);
@@ -401,6 +402,8 @@ $app.connect_remote = function (uni_id, acc_id, host_id, protocol_type, protocol
         rdp_console: $app.dlg_rdp_options.rdp_console
     };
 
+    console.log('--s--', args);
+
     if(uni_id === 'none')
         args.mode = 2;
 

server/www/teleport/static/js/ops/session-list.js

@@ -306,7 +306,7 @@ $app.on_table_session_render_created = function (render) {
             case TP_SESS_STAT_RUNNING:
                 return '<span class="label label-warning">正在连接</span>';
             case TP_SESS_STAT_STARTED:
-                return '<span class="label label-primary">使用中</span>';
+                return '<span class="label label-success">使用中</span>';
             case TP_SESS_STAT_END:
                 return '<span class="label label-ignore">已结束</span>';
             case TP_SESS_STAT_ERR_AUTH_DENIED:

server/www/teleport/static/js/tp-utils.js

@@ -206,6 +206,42 @@ function tp_base64_encode(input) {
     return output;
 }
 
+function tp_base64_to_binarray(data) {
+    var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
+        ac = 0,
+        tmp_arr = [];
+
+    if (!data) {
+        return tmp_arr;
+    }
+
+    do { // unpack four hexets into three octets using index points in b64
+        h1 = base64KeyStr.indexOf(data.charAt(i++));
+        h2 = base64KeyStr.indexOf(data.charAt(i++));
+        h3 = base64KeyStr.indexOf(data.charAt(i++));
+        h4 = base64KeyStr.indexOf(data.charAt(i++));
+
+        bits = h1 << 18 | h2 << 12 | h3 << 6 | h4;
+
+        o1 = bits >> 16 & 0xff;
+        o2 = bits >> 8 & 0xff;
+        o3 = bits & 0xff;
+
+        if (h3 === 64) {
+            tmp_arr.push(o1);
+        } else if (h4 === 64) {
+            tmp_arr.push(o1);
+            tmp_arr.push(o2);
+        } else {
+            tmp_arr.push(o1);
+            tmp_arr.push(o2);
+            tmp_arr.push(o3);
+        }
+    } while (i < data.length);
+
+    return tmp_arr;
+}
+
 function tp_base64_decode(data) {
     var o1, o2, o3, h1, h2, h3, h4, bits, i = 0,
         ac = 0,

server/www/teleport/view/audit/replay-rdp.mako

@@ -7,7 +7,9 @@
 <%block name="extend_js_file">
     ##     <script type="text/javascript" src="${ static_url('plugins/xterm/xterm.js') }"></script>
 
+    <script type="text/javascript" src="${ static_url('js/audit/replay-rdp-img.js') }"></script>
     <script type="text/javascript" src="${ static_url('js/audit/replay-rdp.js') }"></script>
+    <script type="text/javascript" src="${ static_url('js/audit/rle.js') }"></script>
 </%block>
 
 <%block name="extend_css_file">

server/www/teleport/webroot/app/base/database/create.py

@@ -823,7 +823,7 @@ class DatabaseInit:
             'INSERT INTO `{}user` (`type`, `auth_type`, `username`, `surname`, `password`, `role_id`, `state`, `email`, `creator_id`, `create_time`, `last_login`, `last_chpass`) VALUES '
             '(1, {auth_type}, "{username}", "{surname}", "{password}", 1, {state}, "{email}", 0, {create_time}, {last_login}, {last_chpass});'
             ''.format(self.db.table_prefix,
-                      auth_type=TP_LOGIN_AUTH_SYS_DEFAULT,
+                      auth_type=TP_LOGIN_AUTH_USERNAME_PASSWORD_CAPTCHA,
                       username=sysadmin, surname=sysadmin, password=tp_password_generate_secret(password), state=TP_STATE_NORMAL, email=email,
                       create_time=_time_now, last_login=_time_now, last_chpass=_time_now)
         )

server/www/teleport/webroot/app/model/record.py

@@ -266,6 +266,10 @@ def read_rdp_record_data(record_id, offset):
                 # this is a data package.
                 _data = base64.b64encode(_data)
                 temp['d'] = _data.decode()
+            elif _action == 0x12:
+                # this is a bitmap package.
+                _data = base64.b64encode(_data)
+                temp['d'] = _data.decode()
             else:
                 return None, 0, TPE_FAILED