Using xrdpapi program

[Savitar407]

Hi, I am looking for some clarification on running the xrdpapi simple test program. I have compiled it per the instructions in the source code by running: gcc simple.c -o simple -L./.libs -lxrdpapi and the program compiles fine. When i run the program with the "echo" argument i get the following error:

The log reference is NULL - log not initialized properly

WTSVirtualChannelOpenEx() failed!

I have downloaded the source code via "apt-get build-dep xrdp" and "apt-get source xrdp" and compiled by running "make"and "make install"
I assume i have just made an error or am using it incorrectly, any help would be much appreciated.

[matt335672]

Hi @Savitar407

Interesting question. I don't think anyone's looked at this corner of xrdp for some time, so I can't say how successful you'll be - it depends on what you're ultimately trying to achieve.

I've managed to sort the logging out by applying this patch. Note the change in build instructions:-

diff --git a/xrdpapi/simple.c b/xrdpapi/simple.c
index 47e3d00e..0599b350 100644
--- a/xrdpapi/simple.c
+++ b/xrdpapi/simple.c
@@ -22,7 +22,8 @@
 
 /*
  * build instructions:
- *     gcc simple.c -o simple -L./.libs -lxrdpapi
+ *     gcc simple.c -o simple -I.. -I../common -L./.libs -L../common/.libs \
+ *                            -DHAVE_CONFIG_H -lxrdpapi -lcommon
  */
 
 #if defined(HAVE_CONFIG_H)
@@ -34,6 +35,8 @@
 #endif
 
 #include "xrdpapi.h"
+#include "log.h"
+
 #include <stdlib.h>
 #include <stdio.h>
 #include <unistd.h>
@@ -47,25 +50,35 @@ int run_tsmf_test(void);
 int
 main(int argc, char **argv)
 {
-    if (argc < 2)
+    int result;
+    struct log_config *lc;
+
+    if ((lc = log_config_init_for_console(LOG_LEVEL_DEBUG, NULL)) != NULL)
     {
-        printf("usage: simple <echo|tsmf>\n");
-        return 1;
+        log_start_from_param(lc);
     }
 
-    if (strcasecmp(argv[1], "echo") == 0)
+    if (argc > 1 && strcasecmp(argv[1], "echo") == 0)
     {
-        return run_echo_test();
+        result = run_echo_test();
     }
-    else if (strcasecmp(argv[1], "tsmf") == 0)
+    else if (argc > 1 && strcasecmp(argv[1], "tsmf") == 0)
     {
-        return run_tsmf_test();
+        result = run_tsmf_test();
     }
     else
     {
         printf("usage: simple <echo|tsmf>\n");
-        return 1;
+        result = 1;
     }
+
+    if (lc != NULL)
+    {
+        log_config_free(lc);
+        log_end();
+    }
+
+    return result;
 }
 
 /**

If you copy the above to a file, and run patch -p1 < {patchfile} in the xrdp directory, that should work.

The two rather significant points are:-

• You need to run trhe program from within an RDP session

• You need to be using a Windows RDP client, according to the comment in simple.c around line 92:-

   * NOTE: THIS TEST WILL FAIL IF CONNECTED FROM A NON
   *       WINDOWS RDP CLIENT
  

With both of those, I get the following output:-

[20220208-10:05:23] [DEBUG] [WTSVirtualChannelOpenEx(xrdpapi.c:173)] WTSVirtualChannelOpenEx: chan_name_bytes 4 bytes 20 pVirtualName ECHO
[20220208-10:05:23] [DEBUG] [WTSVirtualChannelOpenEx(xrdpapi.c:204)] WTSVirtualChannelOpenEx: calling mysend with 20 bytes
[20220208-10:05:23] [DEBUG] [WTSVirtualChannelOpenEx(xrdpapi.c:213)] WTSVirtualChannelOpenEx: sent ok
[20220208-10:05:23] [DEBUG] [WTSVirtualChannelWrite(xrdpapi.c:338)] WTSVirtualChannelWrite: mysend() returned 1700
### pkt 1 passed echo test
[20220208-10:05:23] [DEBUG] [WTSVirtualChannelWrite(xrdpapi.c:338)] WTSVirtualChannelWrite: mysend() returned 1700
### pkt 2 passed echo test
[20220208-10:05:23] [DEBUG] [WTSVirtualChannelWrite(xrdpapi.c:338)] WTSVirtualChannelWrite: mysend() returned 1700
### pkt 3 passed echo test
[20220208-10:05:23] [DEBUG] [WTSVirtualChannelWrite(xrdpapi.c:338)] WTSVirtualChannelWrite: mysend() returned 1700
### pkt 4 passed echo test
[20220208-10:05:23] [DEBUG] [WTSVirtualChannelWrite(xrdpapi.c:338)] WTSVirtualChannelWrite: mysend() returned 1392
### pkt 5 passed echo test

Any good?

[Savitar407]

i am a cyber security student and i was seeing if this program would make a good test harness for fuzzing for the paper i am writing. I just need something that will easily allow me to fuzz the api. There was a blackhat lecture a few years ago where security professionals found an exploitable bug by fuzzing rdp virtual write channel.

[matt335672]

That sounds interesting too.

If you find anything which could be attributed to XRDP, please report it as per our security policy and we'll get it fixed.