vapp

[busuanzi] 2022-07-11

字数统计: 1.6k字 | 阅读时长≈ 9分

问题单

http://10.0.0.6/issues/53985

环境

服务器

10.90.3.26 mcadmin1/ksvd2022 root/unikylinsec
https://10.90.3.26:8443/mc/image/list

用户 ygh /
规格 ygh-vapp

客户端包

arm

ip 10.20.1.112
用户 kylin/qwer1234

xfreerdp

ygh@ygh:/opt/ksvd/usr/bin$ xfreerdp --help | grep usb -C5
    /tune-list                        Print options allowed for /tune
    /u:[[<domain>\]<user>|<user>[@<domain>]]
                                      Username
    +unmap-buttons                    Enable Let server see real physical pointer
                                      button
    /usb:[dbg,][id:<vid>:<pid>#...,][addr:<bus>:<addr>#...,][auto]
                                      Redirect USB device
    /v:<server>[:port]                Server hostname
    /vc:<channel>[,<options>]         Static virtual channel
    /version                          Print version
    /video                            Video optimized remoting channel

功能


ygh@ygh:/opt/ksvd/usr/bin$ ps auxf  | grep xfreerdp
ygh       111408  0.0  0.0  22712  4844 pts/0    S+   15:00   0:00  |   |   \_ grep --color=auto xfreerdp
ygh       110626  1.0  0.7 1173172 57516 ?       Sl   14:57   0:01      \_ /opt/ksvd//usr/bin/vapp-xfreerdp /u:__ygh /p:************ /app:C:\Program Files (x86)\UnifaceVapp\VApp.exe /app-cmd:Yzpcd2luZG93c1xzeXN0ZW0zMlxtc3BhaW50LmV4ZQ== /v:127.0.0.1:44395 /t:Paint /cert-ignore +fonts +home-drive +clipboard /audio-mode:0 /log-level:INFO /load-balance-info:tsv://MS Terminal Services Plugin.1.vapp

进程树

vapp-launcher
- /opt/ksvd//usr/bin/vapp-xfreerdp

调研尝试

在/opt/ksvd/usr/bin/vapp-laucher中添加参数

代码路径 http://192.168.120.13/module_app/remoteapp

编译

sudo apt-get install libgnutls28-dev
sudo apt-get install libx11-dev libxcursor-dev libxrandr-dev
apt-file search wintypes.h

2136  sudo apt-file search wintypes.h
2137  sudo apt-get install libpcsclite-dev 
2139  sudo apt-file search gassapi.h
2140  sudo apt-file search gssapi.h
2141  sudo apt-get install libkrb5-dev 
2143  sudo apt-file search cmake
2144  sudo apt-file search /usr/bin/cmake
2145  sudo apt-get install cmake
2150  sudo apt-get install qmake
2151  sudo apt-file search qmake
2152  sudo apt-get install qtchooser
2154  sudo apt-file search /usr/lib/qt5/bin/qmake
2155  sudo apt-get install qt5-qmake-bin
2157  sudo apt-file search linux-g++
2158  sudo apt-get install qt5-qmake
2163  sudo apt-file search xsltproc
2164  sudo apt-get install xsltproc 
2170  sudo apt-get install libusb-dev 
2171  sudo apt-get install libusb-1.0-dev
2172  sudo apt-get install libusb-1.0-0-dev 
2173  sudo apt-get update
2174  sudo apt-get install libusb-1.0-0-dev 
2175  sudo apt-get update
2176  sudo apt-get install libusb-1.0-0-dev --fix-missing
2177  cat /etc/apt/sources.list
2178  sudo apt-get update
2179  cat /etc/apt/sources.list
2180  sudo apt-get update
2181  sudo apt-get install libusb-1.0-0-dev

Unknown module(s) in QT: core gui network

xfreerdp 日志

WLOG_APPENDER -> FILE
WLOG_FILEAPPENDER_OUTPUT_FILE_PATH -> /tmp/xrdp.log
export WLOG_APPENDER=FILE
export WLOG_FILEAPPENDER_OUTPUT_FILE_PATH=/tmp/xrdp.log
开启失败

修改代码后，需要替换库

1
2
3

2457  sudo cp -f /home/ygh/code/kylin/remoteapp/xfreerdp/freerdp-2.7.0/client/common/libfreerdp-client2.so.2.7.0 ../../usr/lib/uniface-vapp/libfreerdp-client2.so.2.7.0 
2458  sudo cp -f /home/ygh/code/kylin/remoteapp/xfreerdp/freerdp-2.7.0/libfreerdp/libfreerdp2.so.2.7.0 ../../usr/lib/uniface-vapp/libfreerdp2.so.2.7.0 
2459  sudo cp -f /home/ygh/code/kylin/remoteapp/xfreerdp/freerdp-2.7.0/winpr/libwinpr/libwinpr2.so.2.7.0 ../../usr/lib/uniface-vapp/libwinpr2.so.2.7.0 -f

分析代码

初步分析结论

可能是因为没有root权限导致的

开启日志后，确认是打开问题

[09:44:22:885] [801994:801996] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel urbdrc
[09:44:22:887] [801994:801996] [DEBUG][com.freerdp.channels.urbdrc.client] - UDEVMAN device registered.
[09:44:22:888] [801994:801996] [INFO][com.freerdp.channels.urbdrc.client] - VID: 0x0781, PID: 0x5581
[09:44:22:888] [801994:801996] [ERROR][com.freerdp.channels.urbdrc.client] - libusb_open: error LIBUSB_ERROR_ACCESS[-3]
[09:44:22:888] [801994:801996] [ERROR][com.freerdp.channels.urbdrc.client] - libusb_open [b=0x01,p=0x06,a=0x04,VID=0x0781,PID=0x5581]: error LIBUSB_ERROR_IO[-1]
[09:44:22:888] [801994:801996] [WARN][com.freerdp.channels.urbdrc.client] - Could not find or redirect any usb devices by id 0781:5581

通过spice的提权应用，给usb进行提权，可以正常枚举
但是在中间的交互过程中，还是会产生错误
IOCTL_INTERNAL_USB_GET_PORT_STATUS请求，失败

[14:39:42:195] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - URB TS_URB_BULK_OR_INTERRUPT_TRANSFER[u]
[14:39:42:195] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - urb_bulk_or_interrupt_transfer: ep:0x81 transfer_type 2 flag:3 OutputBufferSize:0x8
[14:39:42:195] [1317707:1317771] [DEBUG][com.freerdp.channels.urbdrc.client] - [WRITE] URB_COMPLETION_NO_DATA            [proxy|client] [00000102] InterfaceId=40000000, MessageId=00000000, FunctionId=00000102, length=36
[14:39:42:211] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - [READ ] TRANSFER_IN_REQUEST               [proxy|server] [00000105] InterfaceId=40000005, MessageId=00000000, FunctionId=00000105, length=36
[14:39:42:211] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - URB TS_URB_BULK_OR_INTERRUPT_TRANSFER[u]
[14:39:42:211] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - urb_bulk_or_interrupt_transfer: ep:0x81 transfer_type 2 flag:3 OutputBufferSize:0x200
[14:39:42:211] [1317707:1317771] [DEBUG][com.freerdp.channels.urbdrc.client] - [WRITE] URB_COMPLETION_NO_DATA            [proxy|client] [00000102] InterfaceId=40000000, MessageId=00000000, FunctionId=00000102, length=36
[14:39:42:226] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - [READ ] IO_CONTROL                        [proxy|server] [00000102] InterfaceId=40000005, MessageId=00000000, FunctionId=00000102, length=28
[14:39:42:226] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - ioctl: IOCTL_INTERNAL_USB_GET_PORT_STATUS
[14:39:42:227] [1317707:1317777] [ERROR][com.freerdp.channels.urbdrc.client] - libusb_control_transfer: error LIBUSB_ERROR_PIPE[-9]
[14:39:42:227] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - PORT STATUS:0x00000000
[14:39:42:227] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - [WRITE] IOCONTROL_COMPLETION              [proxy|client] [00000100] InterfaceId=40000000, MessageId=00000000, FunctionId=00000100, length=36
[14:39:42:242] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - [READ ] REGISTER_REQUEST_CALLBACK         [proxy|server] [00000101] InterfaceId=40000005, MessageId=00000000, FunctionId=00000101, length=16
[14:39:42:242] [1317707:1317777] [DEBUG][com.freerdp.channels.urbdrc.client] - urbdrc_process_register_request_callback

编译环境

docker pull 192.168.120.44/dev_builders/vapp_builder@sha256:8b1ab1f5bdb87204fb30a893379c03933adb7dcb195ee0e806d9e30763963d3b

结构

flle	func
build-deb-auto.sh	debian包编译脚本
build-rpm-auto.sh	rpm包编译脚本
build.sh	未知
build-win.bat	windows编译脚本
install_dep	记录依赖包
Makefile.lin
setup.nsi	windows使用
sysprep.bat	windows使用
uniface-vapp.pro
uniface-vapp.pro.user
uniface-vapp.qm
uniface-vapp.spec	rpm包编译spcec文件
uniface-vapp.ts
uniface-vapp-win.pro

acl

usb 提权代码

base64

common

submodule common

include

头文件

kraclient

lib

submodule boost

libs

放了些 dll， windows使用

libvapp-client 【linux】【QT】

NSIS

rdestop 【linux】

开源，需要单独configure

script

seamlessrdp 【windows】

super_exec【linux】【QT】

疑似以前的提权文件

tools 【windows】

VApp 【windows】【QT】

vapp-launcher 【linux】【QT】

分发程序

登陆程序

VAppServer 【windows】【QT】

xfreerdp [linux]

核心工作程序
开源，需要cmake 开启特性
1
cmake -DCHANNEL_URBDRC_CLIENT=ON .

uwac

新划分方案

win
- seamlessrdp
- qt
  - VApp
  - VAppSever
  - uniface-vapp.pro
linux
- Makefile
- submodule
  - common
  - boost
- include ?
- rdesktop
- xfreerdp
- acl
- qt
  - uniface-vapp.pro
  - super_exec
  - libvapp-client
- RPM
  - uniface-vapp.spec
  - build.sh
- DEB
  - build.sh
    README.md
web
- kraclient

qt:
    make -c qt
rdesktop:
    make -c rdesktop
xfreerdp:
    make -c xfreerdp
acl:
    make -c acl
all: qt 
install:
clean:

编译环境 sw

docker run -itd –privileged –userns=host –network host -v /home/uos/ygh/:/root/code -w /root/code –name vapp 192.168.120.44/dev_builders/uos_sw_64:latest

问题

rdesktop/config.guess 不支持sw

暂时修改，使用x86的参数

sw_64:Linux:*:*)
    set_cc_for_build
    LIBCABI=$LIBC
    if test "$CC_FOR_BUILD" != no_compiler_found; then
        if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
            (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
            grep IS_X32 >/dev/null
        then
            LIBCABI="$LIBC"x32
        fi
    fi
    #echo "$UNAME_MACHINE"-pc-linux-"$LIBCABI"
    echo x86_64-pc-linux-"$LIBCABI"
    exit ;;

[rdesktop] CredSSP support requires GSSAPI, install the dependency

apt-get install libsasl2-modules-gssapi-mit

暂时避过

./configure –disable-credssp –disable-smartcard

编译环境 arm

ssh root@192.168.120.167 ksvd@KylinOs
docker run -itd –privileged –userns=host –network host -v /home/ygh/:/root/code -w /root/code –name vapp 192.168.120.44/dev_builders/ky336-tc-aarch64:v1

docker exec -it vapp /bin/bash

USB重定向

竞品环境

http://10.0.0.10:5080/wiki/#/team/6B7ew4b7/space/HqAKrvss/page/4xpGR6xb

sxf文档

ftp://192.168.120.2/vdi/sangfor/

思杰文档

http://10.0.0.10:5080/wiki/#/team/6B7ew4b7/space/L7ryBznf/page/7QQvU9mh

XenApp对应我没VAPP功能，文档中，只描述了基本配置，并未涉及，USB重定向

本文作者： crazyboy
本文链接： http://crazyboy.www.crazyboy.info/blog/blog/2022/07/11/kylin/vapp/
版权声明： 本博客所有文章除特别声明外，均采用 MIT 许可协议。转载请注明出处！

问题单

环境

服务器