How to use this redemption-validator-sock

[wscgogogo]

Hi:
I would like to know that I want the user to go through my verification program when copying in or out files or contents. If the verification passes, it is allowed to copy in and out. If the verification fails, it is not allowed to copy in and out.The following in the configuration file seems to achieve this function.If so, how can I implement this socket?

[file_verification]

#_hidden
socket_path = /var/run/redemption/redemption-validator-sock

Enable use of ICAP service for file verification on upload.

value: 0 or 1

#_hidden
#enable_up = 0

[jonathanpoelen]

You have to write the validator yourself.

The format of the packets are described in https://github.com/wallix/redemption/blob/future/src/mod/file_validator_service.hpp

A fake validator for tests based on filenames: https://github.com/wallix/redemption/blob/future/tools/icap_validator/fake_validator.py

Note: id/file_id/local_file_id is a value incremented by the proxy and the exchanges may contain an id which no longer exists when messages cross (ex: the proxy sends Eof while the validator sends Result)

[wscgogogo]

thank you very much,I have tried to verify the files upload and download without any problems,but I have another problem,can I varify the text copied from clipboard.when I use this validator it dosen't work.

[jonathanpoelen]

You need clipboard_text_up=1.

[wscgogogo]

I have already turn it on.I use function like this
#####fake_validator.py
def process_data(message, client_socket, data):
file_id, = struct.unpack_from(">I", message)
msg_data = message[4:]
print(msg_data)
if b'test' in msg_data:
print('find invalid data')
send_response_message(client_socket, file_id, REJECTED, b'test')
#####where to call
...
if type == 0x01: # File Data Flag
print('parse_message: file data')
process_data(message, client_socket, data)
...
#####log like this.I return 0x01 successfully but I can still copy the illegal data
parse_message: new data
1 8
session 3: type=1 len=8
parse_message: file data
b'test'
find invalid data
send: file_id=1 content=b'test'
b'\x05\x00\x00\x00\x10\x01\x00\x00\x00\x01\x00\x00\x00\x07test'
3 4
session 3: type=3 len=4
parse_message: end of file

[jonathanpoelen]

This is a bug

[wscgogogo]

fine,wait for the good news

[wscgogogo]

This is a bug
thank you very much.I have got your update and the function is worked,but I found another problem. When I use a validated file passed byfake_validator.py , I find that my file is broken.excel file hint me to fix it.exe file is broken.txt file looks fine.Verifier theory doesn't modify a copy of a file, right?

[jonathanpoelen]

The validation does not modify the data, but when a file is refused N null characters are sent (limitation of the RDP protocol). If this happens with an authorized file, could check the pasted file to be the same size as the original file (servers and client may send more data than the file contains, it may not be properly ignored) or determine how many bytes the files diverge from ?

[wscgogogo]

I compared two file before transmission and after transmission.transfered file is bigger.The file is truncated and fill with null character.Another question,when should I return validatied result.I tried in begining,in progress and the end. when I return pass or reject at 0x07 package,file and message will be transfered correctory,but in this condition I can only validate filename but not file content and message body.When I pending request in 0x07 and 0x01,only return pass or reject at 0x03,I can successful allow or reject the file and message transmission.When I do like this,I find the problem before file after transmission is broken.this is the file compare result

[wscgogogo]

hello.Do you still

[jonathanpoelen]

I forgot you... :)

I have the impression that you send a response twice: accepted then rejected. If so, you should not do it, there should only be one response per id.

If not, are there any interesting messages in the proxy logs? And with [debug] mod_rdp=0x4000000 in rdpproxy.ini ?