2015-03-17 21:54:16 +03:00
|
|
|
/**
|
2019-11-06 17:24:51 +03:00
|
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
|
|
|
* Remote Desktop Gateway (RDG)
|
|
|
|
*
|
|
|
|
* Copyright 2015 Denis Vincent <dvincent@devolutions.net>
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2022-02-16 13:20:38 +03:00
|
|
|
#include <freerdp/config.h>
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2023-10-16 13:59:19 +03:00
|
|
|
#include "../settings.h"
|
|
|
|
|
2021-06-09 15:03:34 +03:00
|
|
|
#include <winpr/assert.h>
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
#include <winpr/crt.h>
|
|
|
|
#include <winpr/synch.h>
|
|
|
|
#include <winpr/print.h>
|
|
|
|
#include <winpr/stream.h>
|
|
|
|
#include <winpr/winsock.h>
|
2022-10-16 22:54:59 +03:00
|
|
|
#include <winpr/cred.h>
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
#include <freerdp/log.h>
|
|
|
|
#include <freerdp/error.h>
|
|
|
|
#include <freerdp/utils/ringbuffer.h>
|
2022-10-16 22:54:59 +03:00
|
|
|
#include <freerdp/utils/smartcardlogon.h>
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
#include "rdg.h"
|
2023-06-17 22:59:49 +03:00
|
|
|
#include "websocket.h"
|
2022-09-06 06:16:21 +03:00
|
|
|
#include "../credssp_auth.h"
|
2016-12-09 22:43:02 +03:00
|
|
|
#include "../proxy.h"
|
2015-03-17 21:54:16 +03:00
|
|
|
#include "../rdp.h"
|
2016-11-21 19:28:54 +03:00
|
|
|
#include "../../crypto/opensslcompat.h"
|
2018-11-16 17:41:19 +03:00
|
|
|
#include "rpc_fault.h"
|
2021-07-29 13:33:22 +03:00
|
|
|
#include "../utils.h"
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
#define TAG FREERDP_TAG("core.gateway.rdg")
|
|
|
|
|
2022-11-03 15:47:21 +03:00
|
|
|
#define AUTH_PKG NEGO_SSP_NAME
|
2022-09-06 06:16:21 +03:00
|
|
|
|
2018-10-24 16:42:44 +03:00
|
|
|
/* HTTP channel response fields present flags. */
|
|
|
|
#define HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID 0x1
|
|
|
|
#define HTTP_CHANNEL_RESPONSE_OPTIONAL 0x2
|
|
|
|
#define HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT 0x4
|
|
|
|
|
|
|
|
/* HTTP extended auth. */
|
|
|
|
#define HTTP_EXTENDED_AUTH_NONE 0x0
|
2019-11-06 17:24:51 +03:00
|
|
|
#define HTTP_EXTENDED_AUTH_SC 0x1 /* Smart card authentication. */
|
|
|
|
#define HTTP_EXTENDED_AUTH_PAA 0x02 /* Pluggable authentication. */
|
|
|
|
#define HTTP_EXTENDED_AUTH_SSPI_NTLM 0x04 /* NTLM extended authentication. */
|
2023-06-14 19:48:32 +03:00
|
|
|
#define HTTP_EXTENDED_AUTH_BEARER 0x08 /* HTTP Bearer authentication. */
|
2018-10-24 16:42:44 +03:00
|
|
|
|
|
|
|
/* HTTP packet types. */
|
|
|
|
#define PKT_TYPE_HANDSHAKE_REQUEST 0x1
|
|
|
|
#define PKT_TYPE_HANDSHAKE_RESPONSE 0x2
|
|
|
|
#define PKT_TYPE_EXTENDED_AUTH_MSG 0x3
|
|
|
|
#define PKT_TYPE_TUNNEL_CREATE 0x4
|
|
|
|
#define PKT_TYPE_TUNNEL_RESPONSE 0x5
|
|
|
|
#define PKT_TYPE_TUNNEL_AUTH 0x6
|
|
|
|
#define PKT_TYPE_TUNNEL_AUTH_RESPONSE 0x7
|
|
|
|
#define PKT_TYPE_CHANNEL_CREATE 0x8
|
|
|
|
#define PKT_TYPE_CHANNEL_RESPONSE 0x9
|
|
|
|
#define PKT_TYPE_DATA 0xA
|
|
|
|
#define PKT_TYPE_SERVICE_MESSAGE 0xB
|
|
|
|
#define PKT_TYPE_REAUTH_MESSAGE 0xC
|
|
|
|
#define PKT_TYPE_KEEPALIVE 0xD
|
|
|
|
#define PKT_TYPE_CLOSE_CHANNEL 0x10
|
|
|
|
#define PKT_TYPE_CLOSE_CHANNEL_RESPONSE 0x11
|
|
|
|
|
|
|
|
/* HTTP tunnel auth fields present flags. */
|
|
|
|
#define HTTP_TUNNEL_AUTH_FIELD_SOH 0x1
|
|
|
|
|
|
|
|
/* HTTP tunnel auth response fields present flags. */
|
|
|
|
#define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS 0x1
|
|
|
|
#define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT 0x2
|
|
|
|
#define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE 0x4
|
|
|
|
|
|
|
|
/* HTTP tunnel packet fields present flags. */
|
|
|
|
#define HTTP_TUNNEL_PACKET_FIELD_PAA_COOKIE 0x1
|
|
|
|
#define HTTP_TUNNEL_PACKET_FIELD_REAUTH 0x2
|
|
|
|
|
|
|
|
/* HTTP tunnel response fields present flags. */
|
|
|
|
#define HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID 0x1
|
|
|
|
#define HTTP_TUNNEL_RESPONSE_FIELD_CAPS 0x2
|
|
|
|
#define HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ 0x4
|
|
|
|
#define HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG 0x10
|
|
|
|
|
|
|
|
/* HTTP capability type enumeration. */
|
|
|
|
#define HTTP_CAPABILITY_TYPE_QUAR_SOH 0x1
|
|
|
|
#define HTTP_CAPABILITY_IDLE_TIMEOUT 0x2
|
|
|
|
#define HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN 0x4
|
|
|
|
#define HTTP_CAPABILITY_MESSAGING_SERVICE_MSG 0x8
|
|
|
|
#define HTTP_CAPABILITY_REAUTH 0x10
|
|
|
|
#define HTTP_CAPABILITY_UDP_TRANSPORT 0x20
|
|
|
|
|
2021-01-25 10:39:30 +03:00
|
|
|
typedef struct
|
|
|
|
{
|
|
|
|
TRANSFER_ENCODING httpTransferEncoding;
|
2021-01-25 18:20:18 +03:00
|
|
|
BOOL isWebsocketTransport;
|
2021-01-25 10:39:30 +03:00
|
|
|
union _context
|
|
|
|
{
|
2023-06-26 20:24:58 +03:00
|
|
|
http_encoding_chunked_context chunked;
|
2023-06-17 22:59:49 +03:00
|
|
|
websocket_context websocket;
|
2021-01-25 10:39:30 +03:00
|
|
|
} context;
|
|
|
|
} rdg_http_encoding_context;
|
|
|
|
|
2018-10-24 16:42:44 +03:00
|
|
|
struct rdp_rdg
|
|
|
|
{
|
|
|
|
rdpContext* context;
|
2018-11-13 14:22:09 +03:00
|
|
|
BOOL attached;
|
2018-10-24 16:42:44 +03:00
|
|
|
BIO* frontBio;
|
|
|
|
rdpTls* tlsIn;
|
|
|
|
rdpTls* tlsOut;
|
2022-09-06 06:16:21 +03:00
|
|
|
rdpCredsspAuth* auth;
|
2018-10-24 16:42:44 +03:00
|
|
|
HttpContext* http;
|
|
|
|
CRITICAL_SECTION writeSection;
|
|
|
|
|
|
|
|
UUID guid;
|
|
|
|
|
|
|
|
int state;
|
|
|
|
UINT16 packetRemainingCount;
|
2018-10-24 17:49:25 +03:00
|
|
|
UINT16 reserved1;
|
2018-10-24 16:42:44 +03:00
|
|
|
int timeout;
|
|
|
|
UINT16 extAuth;
|
2018-10-24 17:49:25 +03:00
|
|
|
UINT16 reserved2;
|
2021-01-25 10:39:30 +03:00
|
|
|
rdg_http_encoding_context transferEncoding;
|
2022-10-16 22:54:59 +03:00
|
|
|
|
|
|
|
SmartcardCertInfo* smartcard;
|
2024-03-06 17:08:25 +03:00
|
|
|
wLog* log;
|
2018-10-24 16:42:44 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
enum
|
|
|
|
{
|
|
|
|
RDG_CLIENT_STATE_INITIAL,
|
|
|
|
RDG_CLIENT_STATE_HANDSHAKE,
|
|
|
|
RDG_CLIENT_STATE_TUNNEL_CREATE,
|
|
|
|
RDG_CLIENT_STATE_TUNNEL_AUTHORIZE,
|
|
|
|
RDG_CLIENT_STATE_CHANNEL_CREATE,
|
|
|
|
RDG_CLIENT_STATE_OPENED,
|
|
|
|
};
|
|
|
|
|
2015-03-17 23:09:17 +03:00
|
|
|
#pragma pack(push, 1)
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
typedef struct rdg_packet_header
|
|
|
|
{
|
|
|
|
UINT16 type;
|
|
|
|
UINT16 reserved;
|
|
|
|
UINT32 packetLength;
|
|
|
|
} RdgPacketHeader;
|
|
|
|
|
2015-03-17 23:09:17 +03:00
|
|
|
#pragma pack(pop)
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2018-11-16 17:41:19 +03:00
|
|
|
typedef struct
|
|
|
|
{
|
|
|
|
UINT32 code;
|
|
|
|
const char* name;
|
2020-07-30 16:22:40 +03:00
|
|
|
} t_flag_mapping;
|
2018-11-16 17:41:19 +03:00
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
static const t_flag_mapping tunnel_response_fields_present[] = {
|
2019-11-06 17:24:51 +03:00
|
|
|
{ HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID, "HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID" },
|
|
|
|
{ HTTP_TUNNEL_RESPONSE_FIELD_CAPS, "HTTP_TUNNEL_RESPONSE_FIELD_CAPS" },
|
|
|
|
{ HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ, "HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ" },
|
|
|
|
{ HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG, "HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG" }
|
2018-11-21 16:32:07 +03:00
|
|
|
};
|
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
static const t_flag_mapping channel_response_fields_present[] = {
|
2019-11-06 17:24:51 +03:00
|
|
|
{ HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID, "HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID" },
|
|
|
|
{ HTTP_CHANNEL_RESPONSE_OPTIONAL, "HTTP_CHANNEL_RESPONSE_OPTIONAL" },
|
|
|
|
{ HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT, "HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT" }
|
2018-11-16 17:41:19 +03:00
|
|
|
};
|
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
static const t_flag_mapping tunnel_authorization_response_fields_present[] = {
|
2019-11-06 17:24:51 +03:00
|
|
|
{ HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS, "HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS" },
|
|
|
|
{ HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT,
|
|
|
|
"HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT" },
|
|
|
|
{ HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE,
|
|
|
|
"HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE" }
|
2018-11-21 16:32:07 +03:00
|
|
|
};
|
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
static const t_flag_mapping extended_auth[] = {
|
2019-11-06 17:24:51 +03:00
|
|
|
{ HTTP_EXTENDED_AUTH_NONE, "HTTP_EXTENDED_AUTH_NONE" },
|
|
|
|
{ HTTP_EXTENDED_AUTH_SC, "HTTP_EXTENDED_AUTH_SC" },
|
|
|
|
{ HTTP_EXTENDED_AUTH_PAA, "HTTP_EXTENDED_AUTH_PAA" },
|
|
|
|
{ HTTP_EXTENDED_AUTH_SSPI_NTLM, "HTTP_EXTENDED_AUTH_SSPI_NTLM" }
|
2018-11-16 17:41:19 +03:00
|
|
|
};
|
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
static const t_flag_mapping capabilities_enum[] = {
|
|
|
|
{ HTTP_CAPABILITY_TYPE_QUAR_SOH, "HTTP_CAPABILITY_TYPE_QUAR_SOH" },
|
|
|
|
{ HTTP_CAPABILITY_IDLE_TIMEOUT, "HTTP_CAPABILITY_IDLE_TIMEOUT" },
|
|
|
|
{ HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN, "HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN" },
|
|
|
|
{ HTTP_CAPABILITY_MESSAGING_SERVICE_MSG, "HTTP_CAPABILITY_MESSAGING_SERVICE_MSG" },
|
|
|
|
{ HTTP_CAPABILITY_REAUTH, "HTTP_CAPABILITY_REAUTH" },
|
|
|
|
{ HTTP_CAPABILITY_UDP_TRANSPORT, "HTTP_CAPABILITY_UDP_TRANSPORT" }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const char* flags_to_string(UINT32 flags, const t_flag_mapping* map, size_t elements)
|
2018-11-16 17:41:19 +03:00
|
|
|
{
|
|
|
|
static char buffer[1024] = { 0 };
|
2022-06-03 11:25:30 +03:00
|
|
|
char fields[12] = { 0 };
|
2018-11-16 17:41:19 +03:00
|
|
|
|
2024-01-30 12:25:38 +03:00
|
|
|
for (size_t x = 0; x < elements; x++)
|
2018-11-16 17:41:19 +03:00
|
|
|
{
|
2022-06-03 11:25:30 +03:00
|
|
|
const t_flag_mapping* cur = &map[x];
|
2018-11-16 17:41:19 +03:00
|
|
|
|
2022-06-03 11:25:30 +03:00
|
|
|
if ((cur->code & flags) != 0)
|
|
|
|
winpr_str_append(cur->name, buffer, sizeof(buffer), "|");
|
2018-11-16 17:41:19 +03:00
|
|
|
}
|
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
sprintf_s(fields, ARRAYSIZE(fields), " [%04" PRIx32 "]", flags);
|
2022-06-03 11:25:30 +03:00
|
|
|
winpr_str_append(fields, buffer, sizeof(buffer), NULL);
|
2018-11-16 17:41:19 +03:00
|
|
|
return buffer;
|
|
|
|
}
|
|
|
|
|
2018-11-21 16:32:07 +03:00
|
|
|
static const char* channel_response_fields_present_to_string(UINT16 fieldsPresent)
|
2018-11-16 17:41:19 +03:00
|
|
|
{
|
2020-07-30 16:22:40 +03:00
|
|
|
return flags_to_string(fieldsPresent, channel_response_fields_present,
|
|
|
|
ARRAYSIZE(channel_response_fields_present));
|
2018-11-21 16:32:07 +03:00
|
|
|
}
|
2018-11-16 17:41:19 +03:00
|
|
|
|
2018-11-21 16:32:07 +03:00
|
|
|
static const char* tunnel_response_fields_present_to_string(UINT16 fieldsPresent)
|
|
|
|
{
|
2020-07-30 16:22:40 +03:00
|
|
|
return flags_to_string(fieldsPresent, tunnel_response_fields_present,
|
|
|
|
ARRAYSIZE(tunnel_response_fields_present));
|
2018-11-21 16:32:07 +03:00
|
|
|
}
|
2018-11-16 17:41:19 +03:00
|
|
|
|
2018-11-21 16:32:07 +03:00
|
|
|
static const char* tunnel_authorization_response_fields_present_to_string(UINT16 fieldsPresent)
|
|
|
|
{
|
2020-07-30 16:22:40 +03:00
|
|
|
return flags_to_string(fieldsPresent, tunnel_authorization_response_fields_present,
|
|
|
|
ARRAYSIZE(tunnel_authorization_response_fields_present));
|
2018-11-21 16:32:07 +03:00
|
|
|
}
|
2018-11-16 17:41:19 +03:00
|
|
|
|
2018-11-21 16:32:07 +03:00
|
|
|
static const char* extended_auth_to_string(UINT16 auth)
|
|
|
|
{
|
|
|
|
if (auth == HTTP_EXTENDED_AUTH_NONE)
|
|
|
|
return "HTTP_EXTENDED_AUTH_NONE [0x0000]";
|
2018-11-16 17:41:19 +03:00
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
return flags_to_string(auth, extended_auth, ARRAYSIZE(extended_auth));
|
|
|
|
}
|
|
|
|
|
|
|
|
static const char* capabilities_enum_to_string(UINT32 capabilities)
|
|
|
|
{
|
|
|
|
return flags_to_string(capabilities, capabilities_enum, ARRAYSIZE(capabilities_enum));
|
|
|
|
}
|
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
static BOOL rdg_read_http_unicode_string(wLog* log, wStream* s, const WCHAR** string,
|
|
|
|
UINT16* lengthInBytes)
|
2020-07-30 16:22:40 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
UINT16 strLenBytes = 0;
|
2021-05-25 09:03:19 +03:00
|
|
|
size_t rem = Stream_GetRemainingLength(s);
|
2020-07-30 16:22:40 +03:00
|
|
|
|
|
|
|
/* Read length of the string */
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
|
2021-05-25 09:03:19 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(log, WLOG_ERROR, "Could not read stream length, only have %" PRIuz " bytes",
|
|
|
|
rem);
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
2021-05-25 09:03:19 +03:00
|
|
|
}
|
2020-07-30 16:22:40 +03:00
|
|
|
Stream_Read_UINT16(s, strLenBytes);
|
|
|
|
|
|
|
|
/* Remember position of our string */
|
2023-06-07 16:38:21 +03:00
|
|
|
const WCHAR* str = Stream_ConstPointer(s);
|
2020-07-30 16:22:40 +03:00
|
|
|
|
|
|
|
/* seek past the string - if this fails something is wrong */
|
|
|
|
if (!Stream_SafeSeek(s, strLenBytes))
|
2021-05-25 09:03:19 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(log, WLOG_ERROR,
|
|
|
|
"Could not read stream data, only have %" PRIuz " bytes, expected %" PRIu16,
|
|
|
|
rem - 4, strLenBytes);
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
2021-05-25 09:03:19 +03:00
|
|
|
}
|
2020-07-30 16:22:40 +03:00
|
|
|
|
|
|
|
/* return the string data (if wanted) */
|
|
|
|
if (string)
|
2020-08-10 17:39:49 +03:00
|
|
|
*string = str;
|
2020-07-30 16:22:40 +03:00
|
|
|
if (lengthInBytes)
|
|
|
|
*lengthInBytes = strLenBytes;
|
|
|
|
|
|
|
|
return TRUE;
|
2018-11-16 17:41:19 +03:00
|
|
|
}
|
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
static BOOL rdg_write_chunked(BIO* bio, wStream* sPacket)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
size_t len = 0;
|
|
|
|
int status = 0;
|
|
|
|
wStream* sChunk = NULL;
|
2015-03-17 21:54:16 +03:00
|
|
|
char chunkSize[11];
|
2019-11-06 17:24:51 +03:00
|
|
|
sprintf_s(chunkSize, sizeof(chunkSize), "%" PRIXz "\r\n", Stream_Length(sPacket));
|
2019-10-29 12:18:09 +03:00
|
|
|
sChunk = Stream_New(NULL, strnlen(chunkSize, sizeof(chunkSize)) + Stream_Length(sPacket) + 2);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!sChunk)
|
|
|
|
return FALSE;
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2019-10-29 12:18:09 +03:00
|
|
|
Stream_Write(sChunk, chunkSize, strnlen(chunkSize, sizeof(chunkSize)));
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Write(sChunk, Stream_Buffer(sPacket), Stream_Length(sPacket));
|
|
|
|
Stream_Write(sChunk, "\r\n", 2);
|
|
|
|
Stream_SealLength(sChunk);
|
2021-01-25 18:20:18 +03:00
|
|
|
len = Stream_Length(sChunk);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
if (len > INT_MAX)
|
2021-04-27 11:04:47 +03:00
|
|
|
{
|
|
|
|
Stream_Free(sChunk, TRUE);
|
2018-10-24 17:49:25 +03:00
|
|
|
return FALSE;
|
2021-04-27 11:04:47 +03:00
|
|
|
}
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2022-07-02 16:53:10 +03:00
|
|
|
ERR_clear_error();
|
2021-01-25 18:20:18 +03:00
|
|
|
status = BIO_write(bio, Stream_Buffer(sChunk), (int)len);
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Free(sChunk, TRUE);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2021-02-16 18:10:23 +03:00
|
|
|
if (status != (SSIZE_T)len)
|
2021-01-25 18:20:18 +03:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
static BOOL rdg_write_packet(rdpRdg* rdg, wStream* sPacket)
|
|
|
|
{
|
|
|
|
if (rdg->transferEncoding.isWebsocketTransport)
|
|
|
|
{
|
|
|
|
if (rdg->transferEncoding.context.websocket.closeSent)
|
|
|
|
return FALSE;
|
2023-06-17 22:59:49 +03:00
|
|
|
return websocket_write_wstream(rdg->tlsOut->bio, sPacket, WebsocketBinaryOpcode);
|
2021-01-25 18:20:18 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return rdg_write_chunked(rdg->tlsIn->bio, sPacket);
|
|
|
|
}
|
|
|
|
|
2021-01-25 10:39:30 +03:00
|
|
|
static int rdg_socket_read(BIO* bio, BYTE* pBuffer, size_t size,
|
|
|
|
rdg_http_encoding_context* encodingContext)
|
|
|
|
{
|
2021-06-09 15:03:34 +03:00
|
|
|
WINPR_ASSERT(encodingContext != NULL);
|
2021-01-25 18:20:18 +03:00
|
|
|
|
|
|
|
if (encodingContext->isWebsocketTransport)
|
|
|
|
{
|
2023-06-17 22:59:49 +03:00
|
|
|
return websocket_read(bio, pBuffer, size, &encodingContext->context.websocket);
|
2021-01-25 18:20:18 +03:00
|
|
|
}
|
|
|
|
|
2021-01-25 10:39:30 +03:00
|
|
|
switch (encodingContext->httpTransferEncoding)
|
|
|
|
{
|
|
|
|
case TransferEncodingIdentity:
|
2022-07-01 06:30:21 +03:00
|
|
|
ERR_clear_error();
|
2021-01-25 10:39:30 +03:00
|
|
|
return BIO_read(bio, pBuffer, size);
|
|
|
|
case TransferEncodingChunked:
|
2023-06-26 20:24:58 +03:00
|
|
|
return http_chuncked_read(bio, pBuffer, size, &encodingContext->context.chunked);
|
2021-01-25 10:39:30 +03:00
|
|
|
default:
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-03-15 15:17:37 +03:00
|
|
|
static BOOL rdg_shall_abort(rdpRdg* rdg)
|
|
|
|
{
|
|
|
|
WINPR_ASSERT(rdg);
|
|
|
|
return freerdp_shall_disconnect_context(rdg->context);
|
|
|
|
}
|
|
|
|
|
|
|
|
static BOOL rdg_read_all(rdpContext* context, rdpTls* tls, BYTE* buffer, size_t size,
|
2021-01-25 10:39:30 +03:00
|
|
|
rdg_http_encoding_context* transferEncoding)
|
|
|
|
{
|
|
|
|
size_t readCount = 0;
|
2018-10-19 12:56:56 +03:00
|
|
|
BYTE* pBuffer = buffer;
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-04-05 05:06:59 +03:00
|
|
|
while (readCount < size)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-03-15 15:17:37 +03:00
|
|
|
if (freerdp_shall_disconnect_context(context))
|
|
|
|
return FALSE;
|
|
|
|
|
2021-01-25 10:39:30 +03:00
|
|
|
int status = rdg_socket_read(tls->bio, pBuffer, size - readCount, transferEncoding);
|
2018-04-05 05:06:59 +03:00
|
|
|
if (status <= 0)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2018-04-05 05:06:59 +03:00
|
|
|
if (!BIO_should_retry(tls->bio))
|
|
|
|
return FALSE;
|
|
|
|
|
2021-01-25 10:39:30 +03:00
|
|
|
Sleep(10);
|
2015-03-17 21:54:16 +03:00
|
|
|
continue;
|
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
readCount += status;
|
2018-10-19 12:56:56 +03:00
|
|
|
pBuffer += status;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
2018-05-03 13:25:52 +03:00
|
|
|
|
2018-04-05 05:06:59 +03:00
|
|
|
return TRUE;
|
|
|
|
}
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2018-04-05 05:06:59 +03:00
|
|
|
static wStream* rdg_receive_packet(rdpRdg* rdg)
|
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
const size_t header = sizeof(RdgPacketHeader);
|
2024-01-23 18:49:54 +03:00
|
|
|
size_t packetLength = 0;
|
2022-11-21 11:00:12 +03:00
|
|
|
wStream* s = Stream_New(NULL, 1024);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-04-05 05:06:59 +03:00
|
|
|
if (!s)
|
|
|
|
return NULL;
|
|
|
|
|
2024-03-15 15:17:37 +03:00
|
|
|
if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s), header, &rdg->transferEncoding))
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2018-04-05 05:06:59 +03:00
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
return NULL;
|
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-04-05 23:12:20 +03:00
|
|
|
Stream_Seek(s, 4);
|
|
|
|
Stream_Read_UINT32(s, packetLength);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2020-04-15 18:21:46 +03:00
|
|
|
if ((packetLength > INT_MAX) || !Stream_EnsureCapacity(s, packetLength) ||
|
|
|
|
(packetLength < header))
|
2018-04-05 05:06:59 +03:00
|
|
|
{
|
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
return NULL;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2024-03-15 15:17:37 +03:00
|
|
|
if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s) + header,
|
|
|
|
(int)packetLength - (int)header, &rdg->transferEncoding))
|
2018-04-05 05:06:59 +03:00
|
|
|
{
|
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
Stream_SetLength(s, packetLength);
|
2015-03-17 21:54:16 +03:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_send_handshake(rdpRdg* rdg)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2023-06-05 16:16:52 +03:00
|
|
|
BOOL status = FALSE;
|
|
|
|
wStream* s = Stream_New(NULL, 14);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!s)
|
|
|
|
return FALSE;
|
|
|
|
|
2015-03-17 23:09:17 +03:00
|
|
|
Stream_Write_UINT16(s, PKT_TYPE_HANDSHAKE_REQUEST); /* Type (2 bytes) */
|
2019-11-06 17:24:51 +03:00
|
|
|
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
|
|
|
|
Stream_Write_UINT32(s, 14); /* PacketLength (4 bytes) */
|
|
|
|
Stream_Write_UINT8(s, 1); /* VersionMajor (1 byte) */
|
|
|
|
Stream_Write_UINT8(s, 0); /* VersionMinor (1 byte) */
|
|
|
|
Stream_Write_UINT16(s, 0); /* ClientVersion (2 bytes), must be 0 */
|
|
|
|
Stream_Write_UINT16(s, rdg->extAuth); /* ExtendedAuthentication (2 bytes) */
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_SealLength(s);
|
|
|
|
status = rdg_write_packet(rdg, s);
|
|
|
|
Stream_Free(s, TRUE);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (status)
|
|
|
|
{
|
|
|
|
rdg->state = RDG_CLIENT_STATE_HANDSHAKE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2022-11-16 17:10:27 +03:00
|
|
|
static BOOL rdg_send_extauth_sspi(rdpRdg* rdg)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
wStream* s = NULL;
|
|
|
|
BOOL status = 0;
|
2022-11-16 17:10:27 +03:00
|
|
|
UINT32 packetSize = 8 + 4 + 2;
|
|
|
|
|
|
|
|
WINPR_ASSERT(rdg);
|
|
|
|
|
|
|
|
const SecBuffer* authToken = credssp_auth_get_output_buffer(rdg->auth);
|
|
|
|
if (!authToken)
|
|
|
|
return FALSE;
|
|
|
|
packetSize += authToken->cbBuffer;
|
|
|
|
|
|
|
|
s = Stream_New(NULL, packetSize);
|
|
|
|
|
|
|
|
if (!s)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
Stream_Write_UINT16(s, PKT_TYPE_EXTENDED_AUTH_MSG); /* Type (2 bytes) */
|
|
|
|
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
|
|
|
|
Stream_Write_UINT32(s, packetSize); /* PacketLength (4 bytes) */
|
|
|
|
Stream_Write_UINT32(s, ERROR_SUCCESS); /* Error code */
|
|
|
|
Stream_Write_UINT16(s, (UINT16)authToken->cbBuffer);
|
|
|
|
Stream_Write(s, authToken->pvBuffer, authToken->cbBuffer);
|
|
|
|
|
|
|
|
Stream_SealLength(s);
|
|
|
|
status = rdg_write_packet(rdg, s);
|
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
wStream* s = NULL;
|
|
|
|
BOOL status = 0;
|
2018-04-05 05:08:26 +03:00
|
|
|
UINT32 packetSize = 16;
|
|
|
|
UINT16 fieldsPresent = 0;
|
2018-02-13 18:40:23 +03:00
|
|
|
WCHAR* PAACookie = NULL;
|
2022-10-28 09:09:27 +03:00
|
|
|
size_t PAACookieLen = 0;
|
2020-07-30 16:22:40 +03:00
|
|
|
const UINT32 capabilities = HTTP_CAPABILITY_TYPE_QUAR_SOH |
|
|
|
|
HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN |
|
|
|
|
HTTP_CAPABILITY_MESSAGING_SERVICE_MSG;
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-02-13 18:40:23 +03:00
|
|
|
if (rdg->extAuth == HTTP_EXTENDED_AUTH_PAA)
|
|
|
|
{
|
2024-06-27 09:40:05 +03:00
|
|
|
PAACookie =
|
|
|
|
ConvertUtf8ToWCharAlloc(rdg->context->settings->GatewayAccessToken, &PAACookieLen);
|
2018-02-13 18:40:23 +03:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
if (!PAACookie || (PAACookieLen > UINT16_MAX / sizeof(WCHAR)))
|
2018-10-24 17:49:25 +03:00
|
|
|
{
|
|
|
|
free(PAACookie);
|
2018-02-13 18:40:23 +03:00
|
|
|
return FALSE;
|
2018-10-24 17:49:25 +03:00
|
|
|
}
|
2018-02-13 18:40:23 +03:00
|
|
|
|
2022-12-01 17:09:11 +03:00
|
|
|
PAACookieLen += 1; /* include \0 */
|
|
|
|
packetSize += 2 + (UINT32)(PAACookieLen) * sizeof(WCHAR);
|
2018-04-05 05:08:26 +03:00
|
|
|
fieldsPresent = HTTP_TUNNEL_PACKET_FIELD_PAA_COOKIE;
|
2018-02-13 18:40:23 +03:00
|
|
|
}
|
|
|
|
|
2018-04-05 05:08:26 +03:00
|
|
|
s = Stream_New(NULL, packetSize);
|
|
|
|
|
|
|
|
if (!s)
|
|
|
|
{
|
|
|
|
free(PAACookie);
|
|
|
|
return FALSE;
|
2018-02-13 18:40:23 +03:00
|
|
|
}
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_CREATE); /* Type (2 bytes) */
|
|
|
|
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
|
|
|
|
Stream_Write_UINT32(s, packetSize); /* PacketLength (4 bytes) */
|
|
|
|
Stream_Write_UINT32(s, capabilities); /* CapabilityFlags (4 bytes) */
|
|
|
|
Stream_Write_UINT16(s, fieldsPresent); /* FieldsPresent (2 bytes) */
|
|
|
|
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes), must be 0 */
|
2018-02-13 18:40:23 +03:00
|
|
|
|
2018-04-05 05:08:26 +03:00
|
|
|
if (PAACookie)
|
2018-02-13 18:40:23 +03:00
|
|
|
{
|
2022-11-30 22:01:49 +03:00
|
|
|
Stream_Write_UINT16(s, (UINT16)PAACookieLen * sizeof(WCHAR)); /* PAA cookie string length */
|
2018-10-24 17:49:25 +03:00
|
|
|
Stream_Write_UTF16_String(s, PAACookie, (size_t)PAACookieLen);
|
2018-02-13 18:40:23 +03:00
|
|
|
}
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_SealLength(s);
|
|
|
|
status = rdg_write_packet(rdg, s);
|
|
|
|
Stream_Free(s, TRUE);
|
2018-02-13 18:40:23 +03:00
|
|
|
free(PAACookie);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (status)
|
|
|
|
{
|
|
|
|
rdg->state = RDG_CLIENT_STATE_TUNNEL_CREATE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
wStream* s = NULL;
|
|
|
|
BOOL status = 0;
|
2022-10-28 09:09:27 +03:00
|
|
|
WINPR_ASSERT(rdg);
|
|
|
|
size_t clientNameLen = 0;
|
2024-06-27 09:40:05 +03:00
|
|
|
WCHAR* clientName = freerdp_settings_get_string_as_utf16(
|
|
|
|
rdg->context->settings, FreeRDP_ClientHostname, &clientNameLen);
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
if (!clientName || (clientNameLen >= UINT16_MAX / sizeof(WCHAR)))
|
2018-10-24 17:49:25 +03:00
|
|
|
{
|
|
|
|
free(clientName);
|
2016-01-21 16:47:10 +03:00
|
|
|
return FALSE;
|
2018-10-24 17:49:25 +03:00
|
|
|
}
|
2016-01-21 16:47:10 +03:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
clientNameLen++; // length including terminating '\0'
|
|
|
|
|
|
|
|
size_t packetSize = 12ull + clientNameLen * sizeof(WCHAR);
|
2015-03-17 21:54:16 +03:00
|
|
|
s = Stream_New(NULL, packetSize);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!s)
|
2016-01-21 16:47:10 +03:00
|
|
|
{
|
|
|
|
free(clientName);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
2016-01-21 16:47:10 +03:00
|
|
|
}
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2023-02-13 14:37:17 +03:00
|
|
|
Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_AUTH); /* Type (2 bytes) */
|
|
|
|
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
|
|
|
|
Stream_Write_UINT32(s, packetSize); /* PacketLength (4 bytes) */
|
|
|
|
Stream_Write_UINT16(s, 0); /* FieldsPresent (2 bytes) */
|
2022-10-28 09:09:27 +03:00
|
|
|
Stream_Write_UINT16(s, (UINT16)clientNameLen * sizeof(WCHAR)); /* Client name string length */
|
2018-10-24 17:49:25 +03:00
|
|
|
Stream_Write_UTF16_String(s, clientName, (size_t)clientNameLen);
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_SealLength(s);
|
|
|
|
status = rdg_write_packet(rdg, s);
|
2015-03-17 23:54:45 +03:00
|
|
|
Stream_Free(s, TRUE);
|
2016-01-21 16:47:10 +03:00
|
|
|
free(clientName);
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (status)
|
|
|
|
{
|
|
|
|
rdg->state = RDG_CLIENT_STATE_TUNNEL_AUTHORIZE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_send_channel_create(rdpRdg* rdg)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2018-11-13 11:30:47 +03:00
|
|
|
wStream* s = NULL;
|
|
|
|
BOOL status = FALSE;
|
2018-11-12 18:48:31 +03:00
|
|
|
WCHAR* serverName = NULL;
|
2022-10-28 09:09:27 +03:00
|
|
|
size_t serverNameLen = 0;
|
|
|
|
|
|
|
|
WINPR_ASSERT(rdg);
|
2024-06-27 09:40:05 +03:00
|
|
|
serverName = freerdp_settings_get_string_as_utf16(rdg->context->settings,
|
|
|
|
FreeRDP_ServerHostname, &serverNameLen);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
if (!serverName || (serverNameLen >= UINT16_MAX / sizeof(WCHAR)))
|
2018-11-13 11:30:47 +03:00
|
|
|
goto fail;
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2022-10-28 09:09:27 +03:00
|
|
|
serverNameLen++; // length including terminating '\0'
|
|
|
|
size_t packetSize = 16ull + serverNameLen * sizeof(WCHAR);
|
2015-03-17 21:54:16 +03:00
|
|
|
s = Stream_New(NULL, packetSize);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!s)
|
2018-11-13 11:30:47 +03:00
|
|
|
goto fail;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2015-03-17 23:54:45 +03:00
|
|
|
Stream_Write_UINT16(s, PKT_TYPE_CHANNEL_CREATE); /* Type (2 bytes) */
|
2019-11-06 17:24:51 +03:00
|
|
|
Stream_Write_UINT16(s, 0); /* Reserved (2 bytes) */
|
|
|
|
Stream_Write_UINT32(s, packetSize); /* PacketLength (4 bytes) */
|
|
|
|
Stream_Write_UINT8(s, 1); /* Number of resources. (1 byte) */
|
|
|
|
Stream_Write_UINT8(s, 0); /* Number of alternative resources (1 byte) */
|
2024-06-27 09:40:05 +03:00
|
|
|
Stream_Write_UINT16(s,
|
|
|
|
(UINT16)rdg->context->settings->ServerPort); /* Resource port (2 bytes) */
|
2019-11-06 17:24:51 +03:00
|
|
|
Stream_Write_UINT16(s, 3); /* Protocol number (2 bytes) */
|
2022-10-28 09:09:27 +03:00
|
|
|
Stream_Write_UINT16(s, (UINT16)serverNameLen * sizeof(WCHAR));
|
2018-11-12 18:48:31 +03:00
|
|
|
Stream_Write_UTF16_String(s, serverName, (size_t)serverNameLen);
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_SealLength(s);
|
|
|
|
status = rdg_write_packet(rdg, s);
|
2018-11-13 11:30:47 +03:00
|
|
|
fail:
|
|
|
|
free(serverName);
|
2015-03-17 23:54:45 +03:00
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (status)
|
|
|
|
rdg->state = RDG_CLIENT_STATE_CHANNEL_CREATE;
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
static BOOL rdg_set_auth_header(rdpCredsspAuth* auth, HttpRequest* request)
|
2018-04-05 05:08:00 +03:00
|
|
|
{
|
2022-09-06 06:16:21 +03:00
|
|
|
const SecBuffer* authToken = credssp_auth_get_output_buffer(auth);
|
|
|
|
char* base64AuthToken = NULL;
|
2018-04-05 05:08:00 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
if (authToken)
|
2021-06-18 10:58:46 +03:00
|
|
|
{
|
2022-09-06 06:16:21 +03:00
|
|
|
if (authToken->cbBuffer > INT_MAX)
|
2021-06-18 10:58:46 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
base64AuthToken = crypto_base64_encode(authToken->pvBuffer, (int)authToken->cbBuffer);
|
2021-06-18 10:58:46 +03:00
|
|
|
}
|
2018-04-05 05:08:00 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
if (base64AuthToken)
|
2018-04-05 05:08:00 +03:00
|
|
|
{
|
2022-09-06 06:16:21 +03:00
|
|
|
BOOL rc = http_request_set_auth_scheme(request, credssp_auth_pkg_name(auth)) &&
|
|
|
|
http_request_set_auth_param(request, base64AuthToken);
|
|
|
|
free(base64AuthToken);
|
2018-04-05 05:08:00 +03:00
|
|
|
|
2018-09-27 16:04:41 +03:00
|
|
|
if (!rc)
|
2018-04-05 05:08:00 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2018-04-05 05:08:08 +03:00
|
|
|
static wStream* rdg_build_http_request(rdpRdg* rdg, const char* method,
|
2021-01-25 10:39:30 +03:00
|
|
|
TRANSFER_ENCODING transferEncoding)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2018-08-17 16:47:46 +03:00
|
|
|
wStream* s = NULL;
|
2015-03-17 21:54:16 +03:00
|
|
|
HttpRequest* request = NULL;
|
2024-01-23 18:49:54 +03:00
|
|
|
const char* uri = NULL;
|
2018-09-27 16:04:41 +03:00
|
|
|
|
2018-10-25 14:19:22 +03:00
|
|
|
if (!rdg || !method)
|
2018-09-27 16:04:41 +03:00
|
|
|
return NULL;
|
|
|
|
|
|
|
|
uri = http_context_get_uri(rdg->http);
|
2015-03-17 21:54:16 +03:00
|
|
|
request = http_request_new();
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!request)
|
|
|
|
return NULL;
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
if (!http_request_set_method(request, method) || !http_request_set_uri(request, uri))
|
2018-08-17 16:47:46 +03:00
|
|
|
goto out;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
if (rdg->auth)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2022-09-06 06:16:21 +03:00
|
|
|
if (!rdg_set_auth_header(rdg->auth, request))
|
2018-08-17 16:47:46 +03:00
|
|
|
goto out;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
2023-06-14 19:48:32 +03:00
|
|
|
else if (rdg->extAuth == HTTP_EXTENDED_AUTH_BEARER)
|
|
|
|
{
|
|
|
|
http_request_set_auth_scheme(request, "Bearer");
|
2024-06-27 09:40:05 +03:00
|
|
|
http_request_set_auth_param(request, rdg->context->settings->GatewayHttpExtAuthBearer);
|
2023-06-14 19:48:32 +03:00
|
|
|
}
|
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
http_request_set_transfer_encoding(request, transferEncoding);
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
s = http_request_write(rdg->http, request);
|
2018-08-17 16:47:46 +03:00
|
|
|
out:
|
2015-03-17 21:54:16 +03:00
|
|
|
http_request_free(request);
|
|
|
|
|
2015-05-26 15:50:13 +03:00
|
|
|
if (s)
|
|
|
|
Stream_SealLength(s);
|
2015-09-15 17:37:57 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
static BOOL rdg_recv_auth_token(wLog* log, rdpCredsspAuth* auth, HttpResponse* response)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
size_t len = 0;
|
2018-09-27 17:05:14 +03:00
|
|
|
const char* token64 = NULL;
|
2022-09-06 06:16:21 +03:00
|
|
|
size_t authTokenLength = 0;
|
|
|
|
BYTE* authTokenData = NULL;
|
|
|
|
SecBuffer authToken = { 0 };
|
2024-01-23 18:49:54 +03:00
|
|
|
long StatusCode = 0;
|
|
|
|
int rc = 0;
|
2018-04-05 05:08:00 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
if (!auth || !response)
|
2018-09-27 16:04:41 +03:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
StatusCode = http_response_get_status_code(response);
|
2022-09-06 06:16:21 +03:00
|
|
|
switch (StatusCode)
|
2018-04-05 05:08:08 +03:00
|
|
|
{
|
2022-09-06 06:16:21 +03:00
|
|
|
case HTTP_STATUS_DENIED:
|
|
|
|
case HTTP_STATUS_OK:
|
|
|
|
break;
|
|
|
|
default:
|
2024-03-06 17:08:25 +03:00
|
|
|
http_response_log_error_status(log, WLOG_WARN, response);
|
2022-09-06 06:16:21 +03:00
|
|
|
return FALSE;
|
2018-04-05 05:08:08 +03:00
|
|
|
}
|
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
token64 = http_response_get_auth_token(response, credssp_auth_pkg_name(auth));
|
2018-04-05 05:08:00 +03:00
|
|
|
|
|
|
|
if (!token64)
|
|
|
|
return FALSE;
|
|
|
|
|
2018-10-24 17:49:25 +03:00
|
|
|
len = strlen(token64);
|
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
crypto_base64_decode(token64, len, &authTokenData, &authTokenLength);
|
2018-04-05 05:08:00 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
if (authTokenLength && authTokenData)
|
2018-04-05 05:08:00 +03:00
|
|
|
{
|
2022-09-06 06:16:21 +03:00
|
|
|
authToken.pvBuffer = authTokenData;
|
|
|
|
authToken.cbBuffer = authTokenLength;
|
2022-10-09 10:17:19 +03:00
|
|
|
credssp_auth_take_input_buffer(auth, &authToken);
|
2018-04-05 05:08:00 +03:00
|
|
|
}
|
2024-04-11 13:52:02 +03:00
|
|
|
else
|
|
|
|
free(authTokenData);
|
2018-04-05 05:08:00 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
rc = credssp_auth_authenticate(auth);
|
|
|
|
if (rc < 0)
|
2018-11-12 18:48:31 +03:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
return TRUE;
|
2018-04-05 05:08:00 +03:00
|
|
|
}
|
|
|
|
|
2024-03-15 15:48:11 +03:00
|
|
|
static BOOL rdg_skip_seed_payload(rdpContext* context, rdpTls* tls, size_t lastResponseLength,
|
2021-01-25 10:39:30 +03:00
|
|
|
rdg_http_encoding_context* transferEncoding)
|
2018-04-05 05:07:11 +03:00
|
|
|
{
|
2022-11-21 11:00:12 +03:00
|
|
|
BYTE seed_payload[10] = { 0 };
|
2019-02-07 16:22:28 +03:00
|
|
|
const size_t size = sizeof(seed_payload);
|
|
|
|
|
2018-04-05 05:07:11 +03:00
|
|
|
/* Per [MS-TSGU] 3.3.5.1 step 4, after final OK response RDG server sends
|
|
|
|
* random "seed" payload of limited size. In practice it's 10 bytes.
|
|
|
|
*/
|
2024-03-15 15:48:11 +03:00
|
|
|
if (lastResponseLength < size)
|
2018-11-12 18:48:31 +03:00
|
|
|
{
|
2024-03-15 15:17:37 +03:00
|
|
|
if (!rdg_read_all(context, tls, seed_payload, size - lastResponseLength, transferEncoding))
|
2018-11-12 18:48:31 +03:00
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
2018-04-05 05:07:11 +03:00
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_process_handshake_response(rdpRdg* rdg, wStream* s)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
UINT32 errorCode = 0;
|
|
|
|
UINT16 serverVersion = 0;
|
|
|
|
UINT16 extendedAuth = 0;
|
|
|
|
BYTE verMajor = 0;
|
|
|
|
BYTE verMinor = 0;
|
|
|
|
const char* error = NULL;
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "Handshake response received");
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
if (rdg->state != RDG_CLIENT_STATE_HANDSHAKE)
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 10))
|
2015-05-26 15:50:13 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Read_UINT32(s, errorCode);
|
2018-11-16 17:41:19 +03:00
|
|
|
Stream_Read_UINT8(s, verMajor);
|
|
|
|
Stream_Read_UINT8(s, verMinor);
|
|
|
|
Stream_Read_UINT16(s, serverVersion);
|
|
|
|
Stream_Read_UINT16(s, extendedAuth);
|
|
|
|
error = rpc_error_to_string(errorCode);
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG,
|
|
|
|
"errorCode=%s, verMajor=%" PRId8 ", verMinor=%" PRId8 ", serverVersion=%" PRId16
|
|
|
|
", extendedAuth=%s",
|
|
|
|
error, verMajor, verMinor, serverVersion, extended_auth_to_string(extendedAuth));
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2022-12-01 17:09:11 +03:00
|
|
|
if (FAILED((HRESULT)errorCode))
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Handshake error %s", error);
|
2020-01-08 19:39:25 +03:00
|
|
|
freerdp_set_last_error_log(rdg->context, errorCode);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2022-11-16 17:10:27 +03:00
|
|
|
if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
|
|
|
|
return rdg_send_extauth_sspi(rdg);
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
return rdg_send_tunnel_request(rdg);
|
|
|
|
}
|
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg, wStream* s, UINT16 fieldsPresent)
|
|
|
|
{
|
|
|
|
if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID)
|
|
|
|
{
|
|
|
|
/* Seek over tunnelId (4 bytes) */
|
|
|
|
if (!Stream_SafeSeek(s, 4))
|
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Short tunnelId, got %" PRIuz ", expected 4",
|
|
|
|
Stream_GetRemainingLength(s));
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CAPS)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
UINT32 caps = 0;
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 4))
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
Stream_Read_UINT32(s, caps);
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "capabilities=%s", capabilities_enum_to_string(caps));
|
2020-07-30 16:22:40 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ)
|
|
|
|
{
|
|
|
|
/* Seek over nonce (20 bytes) */
|
|
|
|
if (!Stream_SafeSeek(s, 20))
|
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Short nonce, got %" PRIuz ", expected 20",
|
|
|
|
Stream_GetRemainingLength(s));
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Read serverCert */
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!rdg_read_http_unicode_string(rdg->log, s, NULL, NULL))
|
2020-07-30 16:22:40 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Failed to read server certificate");
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
const WCHAR* msg = NULL;
|
|
|
|
UINT16 msgLenBytes = 0;
|
2020-07-30 16:22:40 +03:00
|
|
|
rdpContext* context = rdg->context;
|
|
|
|
|
2021-06-09 15:03:34 +03:00
|
|
|
WINPR_ASSERT(context);
|
|
|
|
WINPR_ASSERT(context->instance);
|
2020-07-30 16:22:40 +03:00
|
|
|
|
|
|
|
/* Read message string and invoke callback */
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!rdg_read_http_unicode_string(rdg->log, s, &msg, &msgLenBytes))
|
2020-07-30 16:22:40 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Failed to read consent message");
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
|
2020-08-04 10:11:41 +03:00
|
|
|
GATEWAY_MESSAGE_CONSENT, TRUE, TRUE, msgLenBytes, msg);
|
2020-07-30 16:22:40 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_process_tunnel_response(rdpRdg* rdg, wStream* s)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
UINT16 serverVersion = 0;
|
|
|
|
UINT16 fieldsPresent = 0;
|
|
|
|
UINT32 errorCode = 0;
|
|
|
|
const char* error = NULL;
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "Tunnel response received");
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
if (rdg->state != RDG_CLIENT_STATE_TUNNEL_CREATE)
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 10))
|
2015-05-26 15:50:13 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2018-11-16 17:41:19 +03:00
|
|
|
Stream_Read_UINT16(s, serverVersion);
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Read_UINT32(s, errorCode);
|
2018-11-16 17:41:19 +03:00
|
|
|
Stream_Read_UINT16(s, fieldsPresent);
|
|
|
|
Stream_Seek_UINT16(s); /* reserved */
|
|
|
|
error = rpc_error_to_string(errorCode);
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "serverVersion=%" PRId16 ", errorCode=%s, fieldsPresent=%s",
|
|
|
|
serverVersion, error, tunnel_response_fields_present_to_string(fieldsPresent));
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2022-12-01 17:09:11 +03:00
|
|
|
if (FAILED((HRESULT)errorCode))
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Tunnel creation error %s", error);
|
2020-01-08 19:39:25 +03:00
|
|
|
freerdp_set_last_error_log(rdg->context, errorCode);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
if (!rdg_process_tunnel_response_optional(rdg, s, fieldsPresent))
|
|
|
|
return FALSE;
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
return rdg_send_tunnel_authorization(rdg);
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_process_tunnel_authorization_response(rdpRdg* rdg, wStream* s)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
UINT32 errorCode = 0;
|
|
|
|
UINT16 fieldsPresent = 0;
|
|
|
|
const char* error = NULL;
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "Tunnel authorization received");
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
if (rdg->state != RDG_CLIENT_STATE_TUNNEL_AUTHORIZE)
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
|
2015-05-26 15:50:13 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Read_UINT32(s, errorCode);
|
2018-11-16 17:41:19 +03:00
|
|
|
Stream_Read_UINT16(s, fieldsPresent);
|
|
|
|
Stream_Seek_UINT16(s); /* reserved */
|
|
|
|
error = rpc_error_to_string(errorCode);
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "errorCode=%s, fieldsPresent=%s", error,
|
|
|
|
tunnel_authorization_response_fields_present_to_string(fieldsPresent));
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2022-12-01 17:09:11 +03:00
|
|
|
/* [MS-TSGU] 3.7.5.2.7 */
|
|
|
|
if (errorCode != S_OK && errorCode != E_PROXY_QUARANTINE_ACCESSDENIED)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Tunnel authorization error %s", error);
|
2020-01-08 19:39:25 +03:00
|
|
|
freerdp_set_last_error_log(rdg->context, errorCode);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS)
|
|
|
|
{
|
|
|
|
UINT32 redirFlags = 0;
|
|
|
|
if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 4))
|
|
|
|
return FALSE;
|
|
|
|
Stream_Read_UINT32(s, redirFlags);
|
|
|
|
|
|
|
|
rdpContext* context = rdg->context;
|
|
|
|
if (!utils_apply_gateway_policy(rdg->log, context, redirFlags, "RDG"))
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT)
|
|
|
|
{
|
|
|
|
UINT32 idleTimeout = 0;
|
|
|
|
if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 4))
|
|
|
|
return FALSE;
|
|
|
|
Stream_Read_UINT32(s, idleTimeout);
|
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "[IDLE_TIMEOUT] idleTimeout=%" PRIu32 ": TODO: unused",
|
|
|
|
idleTimeout);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE)
|
|
|
|
{
|
|
|
|
UINT16 cbLen = 0;
|
|
|
|
if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 2))
|
|
|
|
return FALSE;
|
|
|
|
Stream_Read_UINT16(s, cbLen);
|
|
|
|
|
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "[SOH_RESPONSE] cbLen=%" PRIu16 ": TODO: unused", cbLen);
|
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, cbLen))
|
|
|
|
return FALSE;
|
|
|
|
Stream_Seek(s, cbLen);
|
|
|
|
}
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
return rdg_send_channel_create(rdg);
|
|
|
|
}
|
|
|
|
|
2022-11-16 17:10:27 +03:00
|
|
|
static BOOL rdg_process_extauth_sspi(rdpRdg* rdg, wStream* s)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
UINT32 errorCode = 0;
|
|
|
|
UINT16 authBlobLen = 0;
|
2022-11-16 17:10:27 +03:00
|
|
|
SecBuffer authToken = { 0 };
|
|
|
|
BYTE* authTokenData = NULL;
|
|
|
|
|
|
|
|
WINPR_ASSERT(rdg);
|
|
|
|
|
|
|
|
Stream_Read_UINT32(s, errorCode);
|
|
|
|
Stream_Read_UINT16(s, authBlobLen);
|
|
|
|
|
|
|
|
if (errorCode != ERROR_SUCCESS)
|
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "EXTAUTH_SSPI_NTLM failed with error %s [0x%08X]",
|
|
|
|
GetSecurityStatusString(errorCode), errorCode);
|
2022-11-16 17:10:27 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (authBlobLen == 0)
|
|
|
|
{
|
|
|
|
if (credssp_auth_is_complete(rdg->auth))
|
|
|
|
{
|
|
|
|
credssp_auth_free(rdg->auth);
|
|
|
|
rdg->auth = NULL;
|
|
|
|
return rdg_send_tunnel_request(rdg);
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
authTokenData = malloc(authBlobLen);
|
2024-04-05 01:28:29 +03:00
|
|
|
if (authTokenData == NULL)
|
|
|
|
return FALSE;
|
2022-11-16 17:10:27 +03:00
|
|
|
Stream_Read(s, authTokenData, authBlobLen);
|
|
|
|
|
|
|
|
authToken.pvBuffer = authTokenData;
|
|
|
|
authToken.cbBuffer = authBlobLen;
|
|
|
|
|
|
|
|
credssp_auth_take_input_buffer(rdg->auth, &authToken);
|
|
|
|
|
|
|
|
if (credssp_auth_authenticate(rdg->auth) < 0)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
if (credssp_auth_have_output_token(rdg->auth))
|
|
|
|
return rdg_send_extauth_sspi(rdg);
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_process_channel_response(rdpRdg* rdg, wStream* s)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
UINT16 fieldsPresent = 0;
|
|
|
|
UINT32 errorCode = 0;
|
|
|
|
const char* error = NULL;
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "Channel response received");
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
if (rdg->state != RDG_CLIENT_STATE_CHANNEL_CREATE)
|
|
|
|
{
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
|
2015-05-26 15:50:13 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Read_UINT32(s, errorCode);
|
2018-11-16 17:41:19 +03:00
|
|
|
Stream_Read_UINT16(s, fieldsPresent);
|
|
|
|
Stream_Seek_UINT16(s); /* reserved */
|
|
|
|
error = rpc_error_to_string(errorCode);
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "channel response errorCode=%s, fieldsPresent=%s", error,
|
|
|
|
channel_response_fields_present_to_string(fieldsPresent));
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2022-12-01 17:09:11 +03:00
|
|
|
if (FAILED((HRESULT)errorCode))
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "channel response errorCode=%s, fieldsPresent=%s", error,
|
|
|
|
channel_response_fields_present_to_string(fieldsPresent));
|
2020-01-08 19:39:25 +03:00
|
|
|
freerdp_set_last_error_log(rdg->context, errorCode);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
rdg->state = RDG_CLIENT_STATE_OPENED;
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_process_packet(rdpRdg* rdg, wStream* s)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
|
|
|
BOOL status = TRUE;
|
2024-01-23 18:49:54 +03:00
|
|
|
UINT16 type = 0;
|
|
|
|
UINT32 packetLength = 0;
|
2015-05-27 18:35:25 +03:00
|
|
|
Stream_SetPosition(s, 0);
|
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
|
2015-05-26 15:50:13 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2018-11-16 17:41:19 +03:00
|
|
|
Stream_Read_UINT16(s, type);
|
|
|
|
Stream_Seek_UINT16(s); /* reserved */
|
|
|
|
Stream_Read_UINT32(s, packetLength);
|
|
|
|
|
2018-11-23 11:45:09 +03:00
|
|
|
if (Stream_Length(s) < packetLength)
|
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Short packet %" PRIuz ", expected %" PRIuz,
|
|
|
|
Stream_Length(s), packetLength);
|
2018-11-16 17:41:19 +03:00
|
|
|
return FALSE;
|
2018-11-23 11:45:09 +03:00
|
|
|
}
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
switch (type)
|
|
|
|
{
|
2015-03-17 23:09:17 +03:00
|
|
|
case PKT_TYPE_HANDSHAKE_RESPONSE:
|
|
|
|
status = rdg_process_handshake_response(rdg, s);
|
|
|
|
break;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2015-03-17 23:09:17 +03:00
|
|
|
case PKT_TYPE_TUNNEL_RESPONSE:
|
|
|
|
status = rdg_process_tunnel_response(rdg, s);
|
|
|
|
break;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2015-03-17 23:09:17 +03:00
|
|
|
case PKT_TYPE_TUNNEL_AUTH_RESPONSE:
|
|
|
|
status = rdg_process_tunnel_authorization_response(rdg, s);
|
|
|
|
break;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2015-03-17 23:09:17 +03:00
|
|
|
case PKT_TYPE_CHANNEL_RESPONSE:
|
|
|
|
status = rdg_process_channel_response(rdg, s);
|
|
|
|
break;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2015-03-17 23:09:17 +03:00
|
|
|
case PKT_TYPE_DATA:
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Unexpected packet type DATA");
|
2015-03-18 23:13:32 +03:00
|
|
|
return FALSE;
|
2022-11-16 17:10:27 +03:00
|
|
|
|
|
|
|
case PKT_TYPE_EXTENDED_AUTH_MSG:
|
|
|
|
status = rdg_process_extauth_sspi(rdg, s);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "PKG TYPE 0x%x not implemented", type);
|
2022-11-16 17:10:27 +03:00
|
|
|
return FALSE;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2015-04-21 13:24:50 +03:00
|
|
|
DWORD rdg_get_event_handles(rdpRdg* rdg, HANDLE* events, DWORD count)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2015-04-21 13:35:55 +03:00
|
|
|
DWORD nCount = 0;
|
2021-06-09 15:03:34 +03:00
|
|
|
WINPR_ASSERT(rdg != NULL);
|
2015-03-18 23:13:32 +03:00
|
|
|
|
2015-03-17 22:13:11 +03:00
|
|
|
if (rdg->tlsOut && rdg->tlsOut->bio)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2015-04-21 13:24:50 +03:00
|
|
|
if (events && (nCount < count))
|
|
|
|
{
|
2015-03-17 21:54:16 +03:00
|
|
|
BIO_get_event(rdg->tlsOut->bio, &events[nCount]);
|
2015-04-21 13:24:50 +03:00
|
|
|
nCount++;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
return 0;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
2021-03-05 20:19:06 +03:00
|
|
|
if (!rdg->transferEncoding.isWebsocketTransport && rdg->tlsIn && rdg->tlsIn->bio)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2015-04-21 13:24:50 +03:00
|
|
|
if (events && (nCount < count))
|
|
|
|
{
|
2015-03-17 21:54:16 +03:00
|
|
|
BIO_get_event(rdg->tlsIn->bio, &events[nCount]);
|
2015-04-21 13:24:50 +03:00
|
|
|
nCount++;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
return 0;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return nCount;
|
|
|
|
}
|
|
|
|
|
2022-10-16 22:54:59 +03:00
|
|
|
static BOOL rdg_get_gateway_credentials(rdpContext* context, rdp_auth_reason reason)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
|
|
|
freerdp* instance = context->instance;
|
|
|
|
|
2022-10-16 22:54:59 +03:00
|
|
|
auth_status rc = utils_authenticate_gateway(instance, reason);
|
2021-07-29 13:33:22 +03:00
|
|
|
switch (rc)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2021-07-29 13:33:22 +03:00
|
|
|
case AUTH_SUCCESS:
|
|
|
|
case AUTH_SKIP:
|
|
|
|
return TRUE;
|
2023-02-13 14:37:17 +03:00
|
|
|
case AUTH_CANCELLED:
|
|
|
|
freerdp_set_last_error_log(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
|
|
|
|
return FALSE;
|
2021-07-29 13:33:22 +03:00
|
|
|
case AUTH_NO_CREDENTIALS:
|
2023-07-26 16:43:12 +03:00
|
|
|
WLog_INFO(TAG, "No credentials provided - using NULL identity");
|
|
|
|
return TRUE;
|
2021-10-15 12:45:08 +03:00
|
|
|
case AUTH_FAILED:
|
2021-07-29 13:33:22 +03:00
|
|
|
default:
|
2019-07-15 11:08:39 +03:00
|
|
|
return FALSE;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
2018-04-05 05:08:00 +03:00
|
|
|
}
|
|
|
|
|
2022-11-16 17:10:27 +03:00
|
|
|
static BOOL rdg_auth_init(rdpRdg* rdg, rdpTls* tls, TCHAR* authPkg)
|
2018-04-05 05:08:00 +03:00
|
|
|
{
|
|
|
|
rdpContext* context = rdg->context;
|
|
|
|
rdpSettings* settings = context->settings;
|
2022-09-06 06:16:21 +03:00
|
|
|
SEC_WINNT_AUTH_IDENTITY identity = { 0 };
|
2024-01-23 18:49:54 +03:00
|
|
|
int rc = 0;
|
2018-04-05 05:08:00 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
rdg->auth = credssp_auth_new(context);
|
|
|
|
if (!rdg->auth)
|
2018-04-05 05:08:00 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2022-11-16 17:10:27 +03:00
|
|
|
if (!credssp_auth_init(rdg->auth, authPkg, tls->Bindings))
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2023-02-16 13:18:30 +03:00
|
|
|
bool doSCLogon = freerdp_settings_get_bool(settings, FreeRDP_SmartcardLogon);
|
|
|
|
if (doSCLogon)
|
2022-10-16 22:54:59 +03:00
|
|
|
{
|
|
|
|
if (!smartcard_getCert(context, &rdg->smartcard, TRUE))
|
|
|
|
return FALSE;
|
2018-04-05 05:08:00 +03:00
|
|
|
|
2022-10-16 22:54:59 +03:00
|
|
|
if (!rdg_get_gateway_credentials(context, AUTH_SMARTCARD_PIN))
|
|
|
|
return FALSE;
|
2023-02-16 13:18:30 +03:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if (!rdg_get_gateway_credentials(context, GW_AUTH_RDG))
|
|
|
|
return FALSE;
|
2022-10-16 22:54:59 +03:00
|
|
|
|
2023-02-16 13:18:30 +03:00
|
|
|
/* Auth callback might changed logon to smartcard so check again */
|
|
|
|
doSCLogon = freerdp_settings_get_bool(settings, FreeRDP_SmartcardLogon);
|
|
|
|
if (doSCLogon && !smartcard_getCert(context, &rdg->smartcard, TRUE))
|
|
|
|
return FALSE;
|
|
|
|
}
|
2022-10-16 22:54:59 +03:00
|
|
|
|
2023-07-26 16:43:12 +03:00
|
|
|
SEC_WINNT_AUTH_IDENTITY* identityArg = &identity;
|
2023-02-16 13:18:30 +03:00
|
|
|
if (doSCLogon)
|
|
|
|
{
|
2023-04-04 18:04:30 +03:00
|
|
|
if (!identity_set_from_smartcard_hash(&identity, settings, FreeRDP_GatewayUsername,
|
|
|
|
FreeRDP_GatewayDomain, FreeRDP_GatewayPassword,
|
|
|
|
rdg->smartcard->sha1Hash,
|
|
|
|
sizeof(rdg->smartcard->sha1Hash)))
|
2023-02-16 13:18:30 +03:00
|
|
|
return FALSE;
|
2022-10-16 22:54:59 +03:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2023-04-04 18:04:30 +03:00
|
|
|
if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername,
|
|
|
|
FreeRDP_GatewayDomain, FreeRDP_GatewayPassword))
|
2022-10-16 22:54:59 +03:00
|
|
|
return FALSE;
|
2023-07-26 16:43:12 +03:00
|
|
|
|
|
|
|
if (!settings->GatewayUsername)
|
|
|
|
identityArg = NULL;
|
2022-10-16 22:54:59 +03:00
|
|
|
}
|
|
|
|
|
2023-07-26 16:43:12 +03:00
|
|
|
if (!credssp_auth_setup_client(rdg->auth, "HTTP", settings->GatewayHostname, identityArg,
|
2023-02-23 18:08:13 +03:00
|
|
|
rdg->smartcard ? rdg->smartcard->pkinitArgs : NULL))
|
2022-09-06 06:16:21 +03:00
|
|
|
{
|
|
|
|
sspi_FreeAuthIdentity(&identity);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
sspi_FreeAuthIdentity(&identity);
|
|
|
|
|
2022-10-19 05:26:43 +03:00
|
|
|
credssp_auth_set_flags(rdg->auth, ISC_REQ_CONFIDENTIALITY | ISC_REQ_MUTUAL_AUTH);
|
2022-09-06 06:16:21 +03:00
|
|
|
|
|
|
|
rc = credssp_auth_authenticate(rdg->auth);
|
|
|
|
if (rc < 0)
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
return TRUE;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
2018-04-05 05:08:08 +03:00
|
|
|
static BOOL rdg_send_http_request(rdpRdg* rdg, rdpTls* tls, const char* method,
|
2021-01-25 10:39:30 +03:00
|
|
|
TRANSFER_ENCODING transferEncoding)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
size_t sz = 0;
|
2015-03-17 21:54:16 +03:00
|
|
|
wStream* s = NULL;
|
2018-10-24 17:49:25 +03:00
|
|
|
int status = -1;
|
2018-04-05 05:08:08 +03:00
|
|
|
s = rdg_build_http_request(rdg, method, transferEncoding);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!s)
|
|
|
|
return FALSE;
|
|
|
|
|
2018-10-24 17:49:25 +03:00
|
|
|
sz = Stream_Length(s);
|
|
|
|
|
|
|
|
if (sz <= INT_MAX)
|
2023-01-14 05:25:26 +03:00
|
|
|
status = freerdp_tls_write_all(tls, Stream_Buffer(s), (int)sz);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Free(s, TRUE);
|
2018-04-05 05:07:25 +03:00
|
|
|
return (status >= 0);
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
2018-04-05 05:07:52 +03:00
|
|
|
static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls, const char* peerAddress, int timeout)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
|
|
|
int sockfd = 0;
|
2018-10-24 17:49:25 +03:00
|
|
|
long status = 0;
|
2015-03-17 21:54:16 +03:00
|
|
|
BIO* socketBio = NULL;
|
|
|
|
BIO* bufferedBio = NULL;
|
2024-06-27 09:40:05 +03:00
|
|
|
rdpSettings* settings = rdg->context->settings;
|
2018-01-15 14:43:37 +03:00
|
|
|
const char* peerHostname = settings->GatewayHostname;
|
2018-10-24 17:49:25 +03:00
|
|
|
UINT16 peerPort = (UINT16)settings->GatewayPort;
|
2024-01-23 18:49:54 +03:00
|
|
|
const char* proxyUsername = NULL;
|
|
|
|
const char* proxyPassword = NULL;
|
2019-11-06 17:24:51 +03:00
|
|
|
BOOL isProxyConnection =
|
|
|
|
proxy_prepare(settings, &peerHostname, &peerPort, &proxyUsername, &proxyPassword);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
|
|
|
if (settings->GatewayPort > UINT16_MAX)
|
|
|
|
return FALSE;
|
|
|
|
|
2021-09-06 12:01:36 +03:00
|
|
|
sockfd = freerdp_tcp_connect(rdg->context, peerAddress ? peerAddress : peerHostname, peerPort,
|
|
|
|
timeout);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-08-17 16:47:46 +03:00
|
|
|
if (sockfd < 0)
|
2018-10-24 17:49:25 +03:00
|
|
|
{
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
2018-10-24 17:49:25 +03:00
|
|
|
}
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
socketBio = BIO_new(BIO_s_simple_socket());
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!socketBio)
|
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
closesocket((SOCKET)sockfd);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
BIO_set_fd(socketBio, sockfd, BIO_CLOSE);
|
|
|
|
bufferedBio = BIO_new(BIO_s_buffered_socket());
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!bufferedBio)
|
|
|
|
{
|
2018-11-12 18:29:28 +03:00
|
|
|
BIO_free_all(socketBio);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
bufferedBio = BIO_push(bufferedBio, socketBio);
|
|
|
|
status = BIO_set_nonblock(bufferedBio, TRUE);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
if (isProxyConnection)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
if (!proxy_connect(settings, bufferedBio, proxyUsername, proxyPassword,
|
|
|
|
settings->GatewayHostname, (UINT16)settings->GatewayPort))
|
2018-11-12 18:29:28 +03:00
|
|
|
{
|
|
|
|
BIO_free_all(bufferedBio);
|
2016-12-11 01:13:35 +03:00
|
|
|
return FALSE;
|
2018-11-12 18:29:28 +03:00
|
|
|
}
|
2016-12-09 22:43:02 +03:00
|
|
|
}
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!status)
|
|
|
|
{
|
2015-03-18 23:13:32 +03:00
|
|
|
BIO_free_all(bufferedBio);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2018-04-05 05:07:52 +03:00
|
|
|
tls->hostname = settings->GatewayHostname;
|
2018-10-24 17:49:25 +03:00
|
|
|
tls->port = (int)settings->GatewayPort;
|
2018-04-05 05:07:52 +03:00
|
|
|
tls->isGatewayTransport = TRUE;
|
2023-01-14 05:25:26 +03:00
|
|
|
status = freerdp_tls_connect(tls, bufferedBio);
|
2019-07-15 16:51:46 +03:00
|
|
|
if (status < 1)
|
|
|
|
{
|
|
|
|
rdpContext* context = rdg->context;
|
|
|
|
if (status < 0)
|
|
|
|
{
|
2020-01-09 12:34:27 +03:00
|
|
|
freerdp_set_last_error_if_not(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
|
2019-07-15 16:51:46 +03:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2020-01-09 12:34:27 +03:00
|
|
|
freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
|
2019-07-15 16:51:46 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
}
|
2018-04-05 05:07:52 +03:00
|
|
|
return (status >= 1);
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
static BOOL rdg_establish_data_connection(rdpRdg* rdg, rdpTls* tls, const char* method,
|
|
|
|
const char* peerAddress, int timeout, BOOL* rpcFallback)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2023-04-06 10:04:18 +03:00
|
|
|
char buffer[64] = { 0 };
|
2018-04-05 05:08:08 +03:00
|
|
|
HttpResponse* response = NULL;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2018-04-05 05:08:08 +03:00
|
|
|
if (!rdg_tls_connect(rdg, tls, peerAddress, timeout))
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
|
2022-11-14 10:17:23 +03:00
|
|
|
WINPR_ASSERT(rpcFallback);
|
2024-06-27 09:40:05 +03:00
|
|
|
if (rdg->context->settings->GatewayHttpExtAuthBearer && rdg->extAuth == HTTP_EXTENDED_AUTH_NONE)
|
2023-06-14 19:48:32 +03:00
|
|
|
rdg->extAuth = HTTP_EXTENDED_AUTH_BEARER;
|
2018-04-05 05:08:08 +03:00
|
|
|
if (rdg->extAuth == HTTP_EXTENDED_AUTH_NONE)
|
|
|
|
{
|
2022-11-16 17:10:27 +03:00
|
|
|
if (!rdg_auth_init(rdg, tls, AUTH_PKG))
|
2018-04-05 05:08:08 +03:00
|
|
|
return FALSE;
|
2015-04-21 13:24:50 +03:00
|
|
|
|
2021-01-25 10:39:30 +03:00
|
|
|
if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
|
2018-04-05 05:08:08 +03:00
|
|
|
return FALSE;
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-11-12 17:40:10 +03:00
|
|
|
response = http_response_recv(tls, TRUE);
|
2022-11-13 13:45:37 +03:00
|
|
|
/* MS RD Gateway seems to just terminate the tls connection without
|
|
|
|
* sending an answer if it is not happy with the http request */
|
2018-04-05 05:08:08 +03:00
|
|
|
if (!response)
|
2022-11-13 13:45:37 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_INFO, "RD Gateway HTTP transport broken.");
|
2022-11-14 10:17:23 +03:00
|
|
|
*rpcFallback = TRUE;
|
2018-04-05 05:08:08 +03:00
|
|
|
return FALSE;
|
2022-11-13 13:45:37 +03:00
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2023-07-28 14:11:37 +03:00
|
|
|
const long StatusCode = http_response_get_status_code(response);
|
2018-09-27 16:04:41 +03:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
switch (StatusCode)
|
2018-04-18 03:05:20 +03:00
|
|
|
{
|
2019-07-11 11:38:15 +03:00
|
|
|
case HTTP_STATUS_NOT_FOUND:
|
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_INFO, "RD Gateway does not support HTTP transport.");
|
2022-11-14 10:17:23 +03:00
|
|
|
*rpcFallback = TRUE;
|
2019-07-11 11:38:15 +03:00
|
|
|
|
|
|
|
http_response_free(response);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2023-07-28 14:11:37 +03:00
|
|
|
case HTTP_STATUS_OK:
|
|
|
|
break;
|
2019-07-11 11:38:15 +03:00
|
|
|
default:
|
2024-03-06 17:08:25 +03:00
|
|
|
http_response_log_error_status(rdg->log, WLOG_WARN, response);
|
2019-07-11 11:38:15 +03:00
|
|
|
break;
|
2018-04-18 03:05:20 +03:00
|
|
|
}
|
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
while (!credssp_auth_is_complete(rdg->auth))
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!rdg_recv_auth_token(rdg->log, rdg->auth, response))
|
2022-09-06 06:16:21 +03:00
|
|
|
{
|
|
|
|
http_response_free(response);
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (credssp_auth_have_output_token(rdg->auth))
|
|
|
|
{
|
|
|
|
http_response_free(response);
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
response = http_response_recv(tls, TRUE);
|
|
|
|
if (!response)
|
2022-11-13 13:45:37 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_INFO, "RD Gateway HTTP transport broken.");
|
2022-11-14 10:17:23 +03:00
|
|
|
*rpcFallback = TRUE;
|
2022-09-06 06:16:21 +03:00
|
|
|
return FALSE;
|
2022-11-13 13:45:37 +03:00
|
|
|
}
|
2022-09-06 06:16:21 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
credssp_auth_free(rdg->auth);
|
|
|
|
rdg->auth = NULL;
|
2018-04-05 05:08:08 +03:00
|
|
|
}
|
2022-09-06 06:16:21 +03:00
|
|
|
else
|
|
|
|
{
|
|
|
|
credssp_auth_free(rdg->auth);
|
|
|
|
rdg->auth = NULL;
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
|
|
|
|
return FALSE;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
response = http_response_recv(tls, TRUE);
|
2018-05-03 13:25:52 +03:00
|
|
|
|
2022-09-06 06:16:21 +03:00
|
|
|
if (!response)
|
2022-11-13 13:45:37 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_INFO, "RD Gateway HTTP transport broken.");
|
2022-11-14 10:17:23 +03:00
|
|
|
*rpcFallback = TRUE;
|
2022-09-06 06:16:21 +03:00
|
|
|
return FALSE;
|
2022-11-13 13:45:37 +03:00
|
|
|
}
|
2022-09-06 06:16:21 +03:00
|
|
|
}
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2023-07-28 14:11:37 +03:00
|
|
|
const long statusCode = http_response_get_status_code(response);
|
|
|
|
const size_t bodyLength = http_response_get_body_length(response);
|
|
|
|
const TRANSFER_ENCODING encoding = http_response_get_transfer_encoding(response);
|
|
|
|
const BOOL isWebsocket = http_response_is_websocket(rdg->http, response);
|
2024-04-06 08:28:53 +03:00
|
|
|
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "%s authorization result: %s", method,
|
|
|
|
freerdp_http_status_string_format(statusCode, buffer, ARRAYSIZE(buffer)));
|
2015-04-21 13:24:50 +03:00
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
switch (statusCode)
|
2019-07-11 11:38:15 +03:00
|
|
|
{
|
|
|
|
case HTTP_STATUS_OK:
|
2021-01-25 18:20:18 +03:00
|
|
|
/* old rdg endpoint without websocket support, don't request websocket for RDG_IN_DATA
|
|
|
|
*/
|
|
|
|
http_context_enable_websocket_upgrade(rdg->http, FALSE);
|
2024-04-06 08:28:53 +03:00
|
|
|
http_response_free(response);
|
2019-07-11 11:38:15 +03:00
|
|
|
break;
|
|
|
|
case HTTP_STATUS_DENIED:
|
2020-01-08 19:39:25 +03:00
|
|
|
freerdp_set_last_error_log(rdg->context, FREERDP_ERROR_CONNECT_ACCESS_DENIED);
|
2024-04-06 08:28:53 +03:00
|
|
|
http_response_free(response);
|
2019-07-11 11:38:15 +03:00
|
|
|
return FALSE;
|
2021-01-25 18:20:18 +03:00
|
|
|
case HTTP_STATUS_SWITCH_PROTOCOLS:
|
2024-04-06 08:28:53 +03:00
|
|
|
http_response_free(response);
|
2021-01-25 18:20:18 +03:00
|
|
|
if (!isWebsocket)
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* webserver is broken, a fallback may be possible here
|
|
|
|
* but only if already tested with oppurtonistic upgrade
|
|
|
|
*/
|
|
|
|
if (http_context_is_websocket_upgrade_enabled(rdg->http))
|
|
|
|
{
|
|
|
|
int fd = BIO_get_fd(tls->bio, NULL);
|
|
|
|
if (fd >= 0)
|
|
|
|
closesocket((SOCKET)fd);
|
|
|
|
http_context_enable_websocket_upgrade(rdg->http, FALSE);
|
|
|
|
return rdg_establish_data_connection(rdg, tls, method, peerAddress, timeout,
|
|
|
|
rpcFallback);
|
|
|
|
}
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
rdg->transferEncoding.isWebsocketTransport = TRUE;
|
|
|
|
rdg->transferEncoding.context.websocket.state = WebsocketStateOpcodeAndFin;
|
|
|
|
rdg->transferEncoding.context.websocket.responseStreamBuffer = NULL;
|
2022-11-16 17:10:27 +03:00
|
|
|
if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
|
|
|
|
{
|
|
|
|
/* create a new auth context for SSPI_NTLM. This must be done after the last
|
|
|
|
* rdg_send_http_request */
|
|
|
|
if (!rdg_auth_init(rdg, tls, NTLM_SSP_NAME))
|
|
|
|
return FALSE;
|
|
|
|
}
|
2021-01-25 18:20:18 +03:00
|
|
|
return TRUE;
|
2019-07-11 12:44:18 +03:00
|
|
|
default:
|
2024-03-06 17:08:25 +03:00
|
|
|
http_response_log_error_status(rdg->log, WLOG_WARN, response);
|
2024-04-06 08:28:53 +03:00
|
|
|
http_response_free(response);
|
2019-07-11 12:44:18 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-04-05 05:08:08 +03:00
|
|
|
if (strcmp(method, "RDG_OUT_DATA") == 0)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2021-01-25 10:39:30 +03:00
|
|
|
if (encoding == TransferEncodingChunked)
|
|
|
|
{
|
|
|
|
rdg->transferEncoding.httpTransferEncoding = TransferEncodingChunked;
|
|
|
|
rdg->transferEncoding.context.chunked.nextOffset = 0;
|
|
|
|
rdg->transferEncoding.context.chunked.headerFooterPos = 0;
|
|
|
|
rdg->transferEncoding.context.chunked.state = ChunkStateLenghHeader;
|
|
|
|
}
|
2024-03-15 15:17:37 +03:00
|
|
|
if (!rdg_skip_seed_payload(rdg->context, tls, bodyLength, &rdg->transferEncoding))
|
2021-01-25 10:39:30 +03:00
|
|
|
{
|
2018-04-05 05:08:08 +03:00
|
|
|
return FALSE;
|
2021-01-25 10:39:30 +03:00
|
|
|
}
|
2018-04-05 05:08:08 +03:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2021-01-25 10:39:30 +03:00
|
|
|
if (!rdg_send_http_request(rdg, tls, method, TransferEncodingChunked))
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
2022-11-16 17:10:27 +03:00
|
|
|
|
|
|
|
if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
|
|
|
|
{
|
|
|
|
/* create a new auth context for SSPI_NTLM. This must be done after the last
|
|
|
|
* rdg_send_http_request (RDG_IN_DATA is always after RDG_OUT_DATA) */
|
|
|
|
if (!rdg_auth_init(rdg, tls, NTLM_SSP_NAME))
|
|
|
|
return FALSE;
|
|
|
|
}
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_tunnel_connect(rdpRdg* rdg)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
BOOL status = 0;
|
|
|
|
wStream* s = NULL;
|
2018-04-05 05:08:08 +03:00
|
|
|
rdg_send_handshake(rdg);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
while (rdg->state < RDG_CLIENT_STATE_OPENED)
|
|
|
|
{
|
2018-04-05 05:08:08 +03:00
|
|
|
status = FALSE;
|
|
|
|
s = rdg_receive_packet(rdg);
|
|
|
|
|
|
|
|
if (s)
|
|
|
|
{
|
|
|
|
status = rdg_process_packet(rdg, s);
|
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!status)
|
|
|
|
{
|
2021-09-06 12:01:36 +03:00
|
|
|
WINPR_ASSERT(rdg);
|
|
|
|
WINPR_ASSERT(rdg->context);
|
|
|
|
WINPR_ASSERT(rdg->context->rdp);
|
|
|
|
transport_set_layer(rdg->context->rdp->transport, TRANSPORT_LAYER_CLOSED);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2020-06-17 09:41:21 +03:00
|
|
|
BOOL rdg_connect(rdpRdg* rdg, DWORD timeout, BOOL* rpcFallback)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
BOOL status = 0;
|
2018-05-03 13:24:16 +03:00
|
|
|
SOCKET outConnSocket = 0;
|
2018-04-05 05:08:08 +03:00
|
|
|
char* peerAddress = NULL;
|
2022-11-14 10:17:23 +03:00
|
|
|
BOOL rpcFallbackLocal = FALSE;
|
|
|
|
|
2021-06-09 15:03:34 +03:00
|
|
|
WINPR_ASSERT(rdg != NULL);
|
2022-11-14 10:17:23 +03:00
|
|
|
status = rdg_establish_data_connection(rdg, rdg->tlsOut, "RDG_OUT_DATA", NULL, timeout,
|
|
|
|
&rpcFallbackLocal);
|
2015-03-17 21:54:16 +03:00
|
|
|
|
2018-04-05 05:08:08 +03:00
|
|
|
if (status)
|
|
|
|
{
|
2021-01-25 18:20:18 +03:00
|
|
|
if (rdg->transferEncoding.isWebsocketTransport)
|
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG, "Upgraded to websocket. RDG_IN_DATA not required");
|
2021-01-25 18:20:18 +03:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Establish IN connection with the same peer/server as OUT connection,
|
|
|
|
* even when server hostname resolves to different IP addresses.
|
|
|
|
*/
|
|
|
|
BIO_get_socket(rdg->tlsOut->underlying, &outConnSocket);
|
|
|
|
peerAddress = freerdp_tcp_get_peer_address(outConnSocket);
|
|
|
|
status = rdg_establish_data_connection(rdg, rdg->tlsIn, "RDG_IN_DATA", peerAddress,
|
2022-11-14 10:17:23 +03:00
|
|
|
timeout, &rpcFallbackLocal);
|
2021-01-25 18:20:18 +03:00
|
|
|
free(peerAddress);
|
|
|
|
}
|
2018-04-05 05:08:08 +03:00
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2022-11-14 10:17:23 +03:00
|
|
|
if (rpcFallback)
|
|
|
|
*rpcFallback = rpcFallbackLocal;
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!status)
|
2018-04-05 05:08:08 +03:00
|
|
|
{
|
2021-09-06 12:01:36 +03:00
|
|
|
WINPR_ASSERT(rdg);
|
|
|
|
WINPR_ASSERT(rdg->context);
|
|
|
|
WINPR_ASSERT(rdg->context->rdp);
|
2022-11-14 10:17:23 +03:00
|
|
|
if (rpcFallbackLocal)
|
|
|
|
{
|
|
|
|
http_context_enable_websocket_upgrade(rdg->http, FALSE);
|
|
|
|
credssp_auth_free(rdg->auth);
|
|
|
|
rdg->auth = NULL;
|
|
|
|
}
|
|
|
|
|
2021-09-06 12:01:36 +03:00
|
|
|
transport_set_layer(rdg->context->rdp->transport, TRANSPORT_LAYER_CLOSED);
|
2015-03-17 21:54:16 +03:00
|
|
|
return FALSE;
|
2018-04-05 05:08:08 +03:00
|
|
|
}
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
status = rdg_tunnel_connect(rdg);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!status)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
static int rdg_write_websocket_data_packet(rdpRdg* rdg, const BYTE* buf, int isize)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
size_t payloadSize = 0;
|
|
|
|
size_t fullLen = 0;
|
|
|
|
int status = 0;
|
|
|
|
wStream* sWS = NULL;
|
2021-01-25 18:20:18 +03:00
|
|
|
|
2024-01-23 18:49:54 +03:00
|
|
|
uint32_t maskingKey = 0;
|
2021-01-25 18:20:18 +03:00
|
|
|
BYTE* maskingKeyByte1 = (BYTE*)&maskingKey;
|
|
|
|
BYTE* maskingKeyByte2 = maskingKeyByte1 + 1;
|
|
|
|
BYTE* maskingKeyByte3 = maskingKeyByte1 + 2;
|
|
|
|
BYTE* maskingKeyByte4 = maskingKeyByte1 + 3;
|
|
|
|
|
2024-01-23 18:49:54 +03:00
|
|
|
int streamPos = 0;
|
2021-01-25 18:20:18 +03:00
|
|
|
|
2023-06-20 10:03:21 +03:00
|
|
|
winpr_RAND(&maskingKey, 4);
|
2021-01-25 18:20:18 +03:00
|
|
|
|
|
|
|
payloadSize = isize + 10;
|
|
|
|
if ((isize < 0) || (isize > UINT16_MAX))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (payloadSize < 1)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (payloadSize < 126)
|
|
|
|
fullLen = payloadSize + 6; /* 2 byte "mini header" + 4 byte masking key */
|
|
|
|
else if (payloadSize < 0x10000)
|
|
|
|
fullLen = payloadSize + 8; /* 2 byte "mini header" + 2 byte length + 4 byte masking key */
|
|
|
|
else
|
|
|
|
fullLen = payloadSize + 14; /* 2 byte "mini header" + 8 byte length + 4 byte masking key */
|
|
|
|
|
|
|
|
sWS = Stream_New(NULL, fullLen);
|
|
|
|
if (!sWS)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
Stream_Write_UINT8(sWS, WEBSOCKET_FIN_BIT | WebsocketBinaryOpcode);
|
|
|
|
if (payloadSize < 126)
|
|
|
|
Stream_Write_UINT8(sWS, payloadSize | WEBSOCKET_MASK_BIT);
|
|
|
|
else if (payloadSize < 0x10000)
|
|
|
|
{
|
|
|
|
Stream_Write_UINT8(sWS, 126 | WEBSOCKET_MASK_BIT);
|
|
|
|
Stream_Write_UINT16_BE(sWS, payloadSize);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
Stream_Write_UINT8(sWS, 127 | WEBSOCKET_MASK_BIT);
|
|
|
|
/* biggest packet possible is 0xffff + 0xa, so 32bit is always enough */
|
|
|
|
Stream_Write_UINT32_BE(sWS, 0);
|
|
|
|
Stream_Write_UINT32_BE(sWS, payloadSize);
|
|
|
|
}
|
|
|
|
Stream_Write_UINT32(sWS, maskingKey);
|
|
|
|
|
|
|
|
Stream_Write_UINT16(sWS, PKT_TYPE_DATA ^ (*maskingKeyByte1 | *maskingKeyByte2 << 8)); /* Type */
|
|
|
|
Stream_Write_UINT16(sWS, 0 ^ (*maskingKeyByte3 | *maskingKeyByte4 << 8)); /* Reserved */
|
|
|
|
Stream_Write_UINT32(sWS, (UINT32)payloadSize ^ maskingKey); /* Packet length */
|
|
|
|
Stream_Write_UINT16(sWS,
|
|
|
|
(UINT16)isize ^ (*maskingKeyByte1 | *maskingKeyByte2 << 8)); /* Data size */
|
|
|
|
|
|
|
|
/* masking key is now off by 2 bytes. fix that */
|
|
|
|
maskingKey = (maskingKey & 0xffff) << 16 | (maskingKey >> 16);
|
|
|
|
|
|
|
|
/* mask as much as possible with 32bit access */
|
|
|
|
for (streamPos = 0; streamPos + 4 <= isize; streamPos += 4)
|
|
|
|
{
|
2021-08-02 13:13:34 +03:00
|
|
|
uint32_t masked = *((const uint32_t*)((const BYTE*)buf + streamPos)) ^ maskingKey;
|
2021-01-25 18:20:18 +03:00
|
|
|
Stream_Write_UINT32(sWS, masked);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* mask the rest byte by byte */
|
|
|
|
for (; streamPos < isize; streamPos++)
|
|
|
|
{
|
|
|
|
BYTE* partialMask = (BYTE*)(&maskingKey) + streamPos % 4;
|
2021-08-02 13:13:34 +03:00
|
|
|
BYTE masked = *((const BYTE*)((const BYTE*)buf + streamPos)) ^ *partialMask;
|
2021-01-25 18:20:18 +03:00
|
|
|
Stream_Write_UINT8(sWS, masked);
|
|
|
|
}
|
|
|
|
|
|
|
|
Stream_SealLength(sWS);
|
|
|
|
|
2023-01-14 05:25:26 +03:00
|
|
|
status = freerdp_tls_write_all(rdg->tlsOut, Stream_Buffer(sWS), Stream_Length(sWS));
|
2021-01-25 18:20:18 +03:00
|
|
|
Stream_Free(sWS, TRUE);
|
|
|
|
|
|
|
|
if (status < 0)
|
|
|
|
return status;
|
|
|
|
|
|
|
|
return isize;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rdg_write_chunked_data_packet(rdpRdg* rdg, const BYTE* buf, int isize)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
int status = 0;
|
|
|
|
size_t len = 0;
|
|
|
|
wStream* sChunk = NULL;
|
2018-10-24 17:49:25 +03:00
|
|
|
size_t size = (size_t)isize;
|
|
|
|
size_t packetSize = size + 10;
|
2015-03-17 21:54:16 +03:00
|
|
|
char chunkSize[11];
|
|
|
|
|
2018-10-24 17:49:25 +03:00
|
|
|
if ((isize < 0) || (isize > UINT16_MAX))
|
|
|
|
return -1;
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (size < 1)
|
|
|
|
return 0;
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
sprintf_s(chunkSize, sizeof(chunkSize), "%" PRIxz "\r\n", packetSize);
|
2019-10-29 12:18:09 +03:00
|
|
|
sChunk = Stream_New(NULL, strnlen(chunkSize, sizeof(chunkSize)) + packetSize + 2);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!sChunk)
|
|
|
|
return -1;
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2019-10-29 12:18:09 +03:00
|
|
|
Stream_Write(sChunk, chunkSize, strnlen(chunkSize, sizeof(chunkSize)));
|
2019-11-06 17:24:51 +03:00
|
|
|
Stream_Write_UINT16(sChunk, PKT_TYPE_DATA); /* Type */
|
|
|
|
Stream_Write_UINT16(sChunk, 0); /* Reserved */
|
|
|
|
Stream_Write_UINT32(sChunk, (UINT32)packetSize); /* Packet length */
|
|
|
|
Stream_Write_UINT16(sChunk, (UINT16)size); /* Data size */
|
|
|
|
Stream_Write(sChunk, buf, size); /* Data */
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Write(sChunk, "\r\n", 2);
|
|
|
|
Stream_SealLength(sChunk);
|
2021-01-25 18:20:18 +03:00
|
|
|
len = Stream_Length(sChunk);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
if (len > INT_MAX)
|
2021-04-27 11:04:47 +03:00
|
|
|
{
|
|
|
|
Stream_Free(sChunk, TRUE);
|
2018-10-24 17:49:25 +03:00
|
|
|
return -1;
|
2021-04-27 11:04:47 +03:00
|
|
|
}
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2023-01-14 05:25:26 +03:00
|
|
|
status = freerdp_tls_write_all(rdg->tlsIn, Stream_Buffer(sChunk), (int)len);
|
2015-03-17 21:54:16 +03:00
|
|
|
Stream_Free(sChunk, TRUE);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (status < 0)
|
|
|
|
return -1;
|
|
|
|
|
2018-10-24 17:49:25 +03:00
|
|
|
return (int)size;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
static int rdg_write_data_packet(rdpRdg* rdg, const BYTE* buf, int isize)
|
|
|
|
{
|
|
|
|
if (rdg->transferEncoding.isWebsocketTransport)
|
|
|
|
{
|
|
|
|
if (rdg->transferEncoding.context.websocket.closeSent == TRUE)
|
|
|
|
return -1;
|
|
|
|
return rdg_write_websocket_data_packet(rdg, buf, isize);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
return rdg_write_chunked_data_packet(rdg, buf, isize);
|
|
|
|
}
|
|
|
|
|
2020-12-22 17:20:24 +03:00
|
|
|
static BOOL rdg_process_close_packet(rdpRdg* rdg, wStream* s)
|
2015-03-18 23:13:32 +03:00
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
int status = -1;
|
2024-01-23 18:49:54 +03:00
|
|
|
wStream* sClose = NULL;
|
|
|
|
UINT32 errorCode = 0;
|
2018-10-24 17:49:25 +03:00
|
|
|
UINT32 packetSize = 12;
|
|
|
|
|
2020-12-22 17:20:24 +03:00
|
|
|
/* Read error code */
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 4))
|
2020-12-22 17:20:24 +03:00
|
|
|
return FALSE;
|
|
|
|
Stream_Read_UINT32(s, errorCode);
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2020-12-22 17:20:24 +03:00
|
|
|
if (errorCode != 0)
|
|
|
|
freerdp_set_last_error_log(rdg->context, errorCode);
|
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
sClose = Stream_New(NULL, packetSize);
|
|
|
|
if (!sClose)
|
2015-09-15 17:37:57 +03:00
|
|
|
return FALSE;
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
Stream_Write_UINT16(sClose, PKT_TYPE_CLOSE_CHANNEL_RESPONSE); /* Type */
|
|
|
|
Stream_Write_UINT16(sClose, 0); /* Reserved */
|
|
|
|
Stream_Write_UINT32(sClose, packetSize); /* Packet length */
|
|
|
|
Stream_Write_UINT32(sClose, 0); /* Status code */
|
|
|
|
Stream_SealLength(sClose);
|
|
|
|
status = rdg_write_packet(rdg, sClose);
|
|
|
|
Stream_Free(sClose, TRUE);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2015-09-15 17:37:57 +03:00
|
|
|
return (status < 0 ? FALSE : TRUE);
|
2015-09-15 16:03:39 +03:00
|
|
|
}
|
2015-03-18 23:13:32 +03:00
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_process_keep_alive_packet(rdpRdg* rdg)
|
2015-09-15 16:03:39 +03:00
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
int status = -1;
|
2024-01-23 18:49:54 +03:00
|
|
|
wStream* sKeepAlive = NULL;
|
2018-10-24 17:49:25 +03:00
|
|
|
size_t packetSize = 8;
|
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
sKeepAlive = Stream_New(NULL, packetSize);
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
if (!sKeepAlive)
|
2015-09-15 17:37:57 +03:00
|
|
|
return FALSE;
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
Stream_Write_UINT16(sKeepAlive, PKT_TYPE_KEEPALIVE); /* Type */
|
|
|
|
Stream_Write_UINT16(sKeepAlive, 0); /* Reserved */
|
|
|
|
Stream_Write_UINT32(sKeepAlive, (UINT32)packetSize); /* Packet length */
|
|
|
|
Stream_SealLength(sKeepAlive);
|
|
|
|
status = rdg_write_packet(rdg, sKeepAlive);
|
|
|
|
Stream_Free(sKeepAlive, TRUE);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2015-09-15 17:37:57 +03:00
|
|
|
return (status < 0 ? FALSE : TRUE);
|
2015-03-18 23:13:32 +03:00
|
|
|
}
|
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
static BOOL rdg_process_service_message(rdpRdg* rdg, wStream* s)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
const WCHAR* msg = NULL;
|
|
|
|
UINT16 msgLenBytes = 0;
|
2020-07-30 16:22:40 +03:00
|
|
|
rdpContext* context = rdg->context;
|
2021-06-09 15:03:34 +03:00
|
|
|
WINPR_ASSERT(context);
|
|
|
|
WINPR_ASSERT(context->instance);
|
2020-07-30 16:22:40 +03:00
|
|
|
|
|
|
|
/* Read message string */
|
2024-03-06 17:08:25 +03:00
|
|
|
if (!rdg_read_http_unicode_string(rdg->log, s, &msg, &msgLenBytes))
|
2020-07-30 16:22:40 +03:00
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR, "Failed to read string");
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
|
2020-08-04 10:11:41 +03:00
|
|
|
GATEWAY_MESSAGE_SERVICE, TRUE, FALSE, msgLenBytes, msg);
|
2020-07-30 16:22:40 +03:00
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BOOL rdg_process_unknown_packet(rdpRdg* rdg, int type)
|
2015-03-18 23:13:32 +03:00
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
WINPR_UNUSED(rdg);
|
|
|
|
WINPR_UNUSED(type);
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_WARN, "Unknown Control Packet received: %X", type);
|
2015-03-18 23:13:32 +03:00
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2018-01-15 18:50:01 +03:00
|
|
|
static BOOL rdg_process_control_packet(rdpRdg* rdg, int type, size_t packetLength)
|
2015-03-18 23:13:32 +03:00
|
|
|
{
|
2015-03-19 16:17:56 +03:00
|
|
|
wStream* s = NULL;
|
2018-01-15 18:50:01 +03:00
|
|
|
size_t readCount = 0;
|
2024-01-23 18:49:54 +03:00
|
|
|
int status = 0;
|
2018-01-15 18:50:01 +03:00
|
|
|
size_t payloadSize = packetLength - sizeof(RdgPacketHeader);
|
2015-03-18 23:13:32 +03:00
|
|
|
|
2018-10-24 17:49:25 +03:00
|
|
|
if (packetLength < sizeof(RdgPacketHeader))
|
|
|
|
return FALSE;
|
|
|
|
|
2021-06-09 15:03:34 +03:00
|
|
|
WINPR_ASSERT(sizeof(RdgPacketHeader) < INT_MAX);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2015-03-18 23:13:32 +03:00
|
|
|
if (payloadSize)
|
|
|
|
{
|
|
|
|
s = Stream_New(NULL, payloadSize);
|
2015-09-15 17:37:57 +03:00
|
|
|
|
2015-03-18 23:13:32 +03:00
|
|
|
if (!s)
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
while (readCount < payloadSize)
|
|
|
|
{
|
2024-03-15 15:17:37 +03:00
|
|
|
if (rdg_shall_abort(rdg))
|
|
|
|
{
|
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2021-01-25 10:39:30 +03:00
|
|
|
status = rdg_socket_read(rdg->tlsOut->bio, Stream_Pointer(s), payloadSize - readCount,
|
|
|
|
&rdg->transferEncoding);
|
2015-03-18 23:13:32 +03:00
|
|
|
|
|
|
|
if (status <= 0)
|
|
|
|
{
|
|
|
|
if (!BIO_should_retry(rdg->tlsOut->bio))
|
|
|
|
{
|
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2015-03-18 23:13:32 +03:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
2018-10-24 17:49:25 +03:00
|
|
|
Stream_Seek(s, (size_t)status);
|
|
|
|
readCount += (size_t)status;
|
|
|
|
|
|
|
|
if (readCount > INT_MAX)
|
|
|
|
{
|
|
|
|
Stream_Free(s, TRUE);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2015-03-18 23:13:32 +03:00
|
|
|
}
|
2020-07-30 16:22:40 +03:00
|
|
|
|
|
|
|
Stream_SetPosition(s, 0);
|
2015-03-18 23:13:32 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
switch (type)
|
|
|
|
{
|
2015-09-15 17:37:57 +03:00
|
|
|
case PKT_TYPE_CLOSE_CHANNEL:
|
|
|
|
EnterCriticalSection(&rdg->writeSection);
|
2020-12-22 17:20:24 +03:00
|
|
|
status = rdg_process_close_packet(rdg, s);
|
2015-09-15 17:37:57 +03:00
|
|
|
LeaveCriticalSection(&rdg->writeSection);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case PKT_TYPE_KEEPALIVE:
|
|
|
|
EnterCriticalSection(&rdg->writeSection);
|
|
|
|
status = rdg_process_keep_alive_packet(rdg);
|
|
|
|
LeaveCriticalSection(&rdg->writeSection);
|
|
|
|
break;
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2020-07-30 16:22:40 +03:00
|
|
|
case PKT_TYPE_SERVICE_MESSAGE:
|
|
|
|
if (!s)
|
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_ERROR,
|
|
|
|
"PKT_TYPE_SERVICE_MESSAGE requires payload but none was sent");
|
2020-07-30 16:22:40 +03:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
status = rdg_process_service_message(rdg, s);
|
|
|
|
break;
|
|
|
|
|
2015-09-15 17:37:57 +03:00
|
|
|
default:
|
|
|
|
status = rdg_process_unknown_packet(rdg, type);
|
|
|
|
break;
|
2015-03-18 23:13:32 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
Stream_Free(s, TRUE);
|
2015-09-15 16:03:39 +03:00
|
|
|
return status;
|
2015-03-18 23:13:32 +03:00
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static int rdg_read_data_packet(rdpRdg* rdg, BYTE* buffer, int size)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
|
|
|
RdgPacketHeader header;
|
2018-01-15 18:50:01 +03:00
|
|
|
size_t readCount = 0;
|
2024-01-23 18:49:54 +03:00
|
|
|
size_t readSize = 0;
|
|
|
|
int status = 0;
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
if (!rdg->packetRemainingCount)
|
|
|
|
{
|
2021-06-09 15:03:34 +03:00
|
|
|
WINPR_ASSERT(sizeof(RdgPacketHeader) < INT_MAX);
|
2018-10-24 17:49:25 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
while (readCount < sizeof(RdgPacketHeader))
|
|
|
|
{
|
2024-03-15 15:17:37 +03:00
|
|
|
if (rdg_shall_abort(rdg))
|
|
|
|
return -1;
|
|
|
|
|
2021-01-25 10:39:30 +03:00
|
|
|
status = rdg_socket_read(rdg->tlsOut->bio, (BYTE*)(&header) + readCount,
|
|
|
|
(int)sizeof(RdgPacketHeader) - (int)readCount,
|
|
|
|
&rdg->transferEncoding);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (status <= 0)
|
|
|
|
{
|
|
|
|
if (!BIO_should_retry(rdg->tlsOut->bio))
|
|
|
|
return -1;
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2015-09-15 16:03:39 +03:00
|
|
|
if (!readCount)
|
2015-03-17 21:54:16 +03:00
|
|
|
return 0;
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2015-09-16 16:54:03 +03:00
|
|
|
BIO_wait_read(rdg->tlsOut->bio, 50);
|
2015-03-17 21:54:16 +03:00
|
|
|
continue;
|
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-10-24 17:49:25 +03:00
|
|
|
readCount += (size_t)status;
|
|
|
|
|
|
|
|
if (readCount > INT_MAX)
|
|
|
|
return -1;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (header.type != PKT_TYPE_DATA)
|
|
|
|
{
|
2015-03-18 23:13:32 +03:00
|
|
|
status = rdg_process_control_packet(rdg, header.type, header.packetLength);
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2015-03-18 23:13:32 +03:00
|
|
|
if (!status)
|
|
|
|
return -1;
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
return 0;
|
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
readCount = 0;
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
while (readCount < 2)
|
|
|
|
{
|
2024-03-15 15:17:37 +03:00
|
|
|
if (rdg_shall_abort(rdg))
|
|
|
|
return -1;
|
2021-01-25 10:39:30 +03:00
|
|
|
status =
|
|
|
|
rdg_socket_read(rdg->tlsOut->bio, (BYTE*)(&rdg->packetRemainingCount) + readCount,
|
|
|
|
2 - (int)readCount, &rdg->transferEncoding);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (status < 0)
|
|
|
|
{
|
|
|
|
if (!BIO_should_retry(rdg->tlsOut->bio))
|
|
|
|
return -1;
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2015-09-16 16:54:03 +03:00
|
|
|
BIO_wait_read(rdg->tlsOut->bio, 50);
|
2015-03-17 21:54:16 +03:00
|
|
|
continue;
|
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2018-10-24 17:49:25 +03:00
|
|
|
readCount += (size_t)status;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-25 10:39:30 +03:00
|
|
|
readSize = (rdg->packetRemainingCount < size) ? rdg->packetRemainingCount : size;
|
|
|
|
status = rdg_socket_read(rdg->tlsOut->bio, buffer, readSize, &rdg->transferEncoding);
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-09-15 16:03:39 +03:00
|
|
|
if (status <= 0)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
|
|
|
if (!BIO_should_retry(rdg->tlsOut->bio))
|
|
|
|
{
|
|
|
|
return -1;
|
|
|
|
}
|
2018-01-15 14:43:37 +03:00
|
|
|
|
2015-09-15 17:37:57 +03:00
|
|
|
return 0;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2015-03-18 23:13:32 +03:00
|
|
|
rdg->packetRemainingCount -= status;
|
|
|
|
return status;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static int rdg_bio_write(BIO* bio, const char* buf, int num)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
int status = 0;
|
2019-11-06 17:24:51 +03:00
|
|
|
rdpRdg* rdg = (rdpRdg*)BIO_get_data(bio);
|
2015-03-19 18:44:47 +03:00
|
|
|
BIO_clear_flags(bio, BIO_FLAGS_WRITE);
|
2015-09-15 17:37:57 +03:00
|
|
|
EnterCriticalSection(&rdg->writeSection);
|
2019-11-06 17:24:51 +03:00
|
|
|
status = rdg_write_data_packet(rdg, (const BYTE*)buf, num);
|
2015-09-15 17:37:57 +03:00
|
|
|
LeaveCriticalSection(&rdg->writeSection);
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
if (status < 0)
|
|
|
|
{
|
|
|
|
BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else if (status < num)
|
|
|
|
{
|
|
|
|
BIO_set_flags(bio, BIO_FLAGS_WRITE);
|
|
|
|
WSASetLastError(WSAEWOULDBLOCK);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2015-09-16 16:54:03 +03:00
|
|
|
BIO_set_flags(bio, BIO_FLAGS_WRITE);
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rdg_bio_read(BIO* bio, char* buf, int size)
|
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
int status = 0;
|
2019-11-06 17:24:51 +03:00
|
|
|
rdpRdg* rdg = (rdpRdg*)BIO_get_data(bio);
|
|
|
|
status = rdg_read_data_packet(rdg, (BYTE*)buf, size);
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
if (status < 0)
|
|
|
|
{
|
2015-09-15 20:03:11 +03:00
|
|
|
BIO_clear_retry_flags(bio);
|
2015-03-17 21:54:16 +03:00
|
|
|
return -1;
|
|
|
|
}
|
2015-09-15 20:03:11 +03:00
|
|
|
else if (status == 0)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2015-09-15 20:03:11 +03:00
|
|
|
BIO_set_retry_read(bio);
|
2015-03-17 21:54:16 +03:00
|
|
|
WSASetLastError(WSAEWOULDBLOCK);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2015-09-16 16:54:03 +03:00
|
|
|
BIO_set_flags(bio, BIO_FLAGS_READ);
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rdg_bio_puts(BIO* bio, const char* str)
|
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
WINPR_UNUSED(bio);
|
|
|
|
WINPR_UNUSED(str);
|
2015-09-15 16:03:39 +03:00
|
|
|
return -2;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
static int rdg_bio_gets(BIO* bio, char* str, int size)
|
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
WINPR_UNUSED(bio);
|
|
|
|
WINPR_UNUSED(str);
|
|
|
|
WINPR_UNUSED(size);
|
2015-09-15 16:03:39 +03:00
|
|
|
return -2;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
2021-07-29 11:07:04 +03:00
|
|
|
static long rdg_bio_ctrl(BIO* in_bio, int cmd, long arg1, void* arg2)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
long status = -1;
|
2021-07-29 11:07:04 +03:00
|
|
|
rdpRdg* rdg = (rdpRdg*)BIO_get_data(in_bio);
|
2015-03-17 21:54:16 +03:00
|
|
|
rdpTls* tlsOut = rdg->tlsOut;
|
|
|
|
rdpTls* tlsIn = rdg->tlsIn;
|
|
|
|
|
|
|
|
if (cmd == BIO_CTRL_FLUSH)
|
|
|
|
{
|
2015-03-23 19:35:11 +03:00
|
|
|
(void)BIO_flush(tlsOut->bio);
|
2021-03-05 20:19:06 +03:00
|
|
|
if (!rdg->transferEncoding.isWebsocketTransport)
|
|
|
|
(void)BIO_flush(tlsIn->bio);
|
2015-03-17 21:54:16 +03:00
|
|
|
status = 1;
|
|
|
|
}
|
|
|
|
else if (cmd == BIO_C_SET_NONBLOCK)
|
|
|
|
{
|
|
|
|
status = 1;
|
|
|
|
}
|
|
|
|
else if (cmd == BIO_C_READ_BLOCKED)
|
|
|
|
{
|
2021-07-29 11:07:04 +03:00
|
|
|
BIO* cbio = tlsOut->bio;
|
|
|
|
status = BIO_read_blocked(cbio);
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
else if (cmd == BIO_C_WRITE_BLOCKED)
|
|
|
|
{
|
2021-07-29 11:07:04 +03:00
|
|
|
BIO* cbio = tlsIn->bio;
|
2021-03-05 20:19:06 +03:00
|
|
|
|
|
|
|
if (rdg->transferEncoding.isWebsocketTransport)
|
2021-07-29 11:07:04 +03:00
|
|
|
cbio = tlsOut->bio;
|
2021-03-05 20:19:06 +03:00
|
|
|
|
2021-07-29 11:07:04 +03:00
|
|
|
status = BIO_write_blocked(cbio);
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
else if (cmd == BIO_C_WAIT_READ)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
int timeout = (int)arg1;
|
2021-07-29 11:07:04 +03:00
|
|
|
BIO* cbio = tlsOut->bio;
|
2015-09-15 20:03:11 +03:00
|
|
|
|
2021-07-29 11:07:04 +03:00
|
|
|
if (BIO_read_blocked(cbio))
|
|
|
|
return BIO_wait_read(cbio, timeout);
|
|
|
|
else if (BIO_write_blocked(cbio))
|
|
|
|
return BIO_wait_write(cbio, timeout);
|
2015-09-15 20:03:11 +03:00
|
|
|
else
|
|
|
|
status = 1;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
else if (cmd == BIO_C_WAIT_WRITE)
|
|
|
|
{
|
2019-11-06 17:24:51 +03:00
|
|
|
int timeout = (int)arg1;
|
2021-07-29 11:07:04 +03:00
|
|
|
BIO* cbio = tlsIn->bio;
|
2015-09-15 20:03:11 +03:00
|
|
|
|
2021-03-05 20:19:06 +03:00
|
|
|
if (rdg->transferEncoding.isWebsocketTransport)
|
2021-07-29 11:07:04 +03:00
|
|
|
cbio = tlsOut->bio;
|
2021-03-05 20:19:06 +03:00
|
|
|
|
2021-07-29 11:07:04 +03:00
|
|
|
if (BIO_write_blocked(cbio))
|
|
|
|
status = BIO_wait_write(cbio, timeout);
|
|
|
|
else if (BIO_read_blocked(cbio))
|
|
|
|
status = BIO_wait_read(cbio, timeout);
|
2015-09-15 20:03:11 +03:00
|
|
|
else
|
|
|
|
status = 1;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
2018-04-24 17:35:04 +03:00
|
|
|
else if (cmd == BIO_C_GET_EVENT || cmd == BIO_C_GET_FD)
|
2018-04-18 11:47:06 +03:00
|
|
|
{
|
|
|
|
/*
|
2018-04-24 17:35:04 +03:00
|
|
|
* A note about BIO_C_GET_FD:
|
2018-04-18 11:47:06 +03:00
|
|
|
* Even if two FDs are part of RDG, only one FD can be returned here.
|
|
|
|
*
|
|
|
|
* In FreeRDP, BIO FDs are only used for polling, so it is safe to use the outgoing FD only
|
|
|
|
*
|
|
|
|
* See issue #3602
|
|
|
|
*/
|
2018-04-18 22:50:47 +03:00
|
|
|
status = BIO_ctrl(tlsOut->bio, cmd, arg1, arg2);
|
2018-04-18 11:47:06 +03:00
|
|
|
}
|
2022-04-24 22:16:52 +03:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
|
|
|
|
else if (cmd == BIO_CTRL_GET_KTLS_SEND)
|
|
|
|
{
|
|
|
|
/* Even though BIO_get_ktls_send says that returning negative values is valid
|
|
|
|
* openssl internal sources are full of if(!BIO_get_ktls_send && ) stuff. This has some
|
|
|
|
* nasty sideeffects. return 0 as proper no KTLS offloading flag
|
|
|
|
*/
|
|
|
|
status = 0;
|
|
|
|
}
|
|
|
|
else if (cmd == BIO_CTRL_GET_KTLS_RECV)
|
|
|
|
{
|
|
|
|
/* Even though BIO_get_ktls_recv says that returning negative values is valid
|
|
|
|
* there is no reason to trust trust negative values are implemented right everywhere
|
|
|
|
*/
|
|
|
|
status = 0;
|
|
|
|
}
|
|
|
|
#endif
|
2015-03-17 21:54:16 +03:00
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rdg_bio_new(BIO* bio)
|
|
|
|
{
|
2016-11-21 19:28:54 +03:00
|
|
|
BIO_set_init(bio, 1);
|
|
|
|
BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
|
2015-03-17 21:54:16 +03:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int rdg_bio_free(BIO* bio)
|
|
|
|
{
|
2018-10-24 17:49:25 +03:00
|
|
|
WINPR_UNUSED(bio);
|
2015-03-17 21:54:16 +03:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
static BIO_METHOD* BIO_s_rdg(void)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2016-11-21 19:28:54 +03:00
|
|
|
static BIO_METHOD* bio_methods = NULL;
|
|
|
|
|
|
|
|
if (bio_methods == NULL)
|
|
|
|
{
|
|
|
|
if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "RDGateway")))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
BIO_meth_set_write(bio_methods, rdg_bio_write);
|
|
|
|
BIO_meth_set_read(bio_methods, rdg_bio_read);
|
|
|
|
BIO_meth_set_puts(bio_methods, rdg_bio_puts);
|
|
|
|
BIO_meth_set_gets(bio_methods, rdg_bio_gets);
|
|
|
|
BIO_meth_set_ctrl(bio_methods, rdg_bio_ctrl);
|
|
|
|
BIO_meth_set_create(bio_methods, rdg_bio_new);
|
|
|
|
BIO_meth_set_destroy(bio_methods, rdg_bio_free);
|
|
|
|
}
|
|
|
|
|
|
|
|
return bio_methods;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
2018-10-24 16:42:44 +03:00
|
|
|
rdpRdg* rdg_new(rdpContext* context)
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
2024-01-23 18:49:54 +03:00
|
|
|
rdpRdg* rdg = NULL;
|
2018-10-24 16:42:44 +03:00
|
|
|
|
|
|
|
if (!context)
|
|
|
|
return NULL;
|
|
|
|
|
2019-11-06 17:24:51 +03:00
|
|
|
rdg = (rdpRdg*)calloc(1, sizeof(rdpRdg));
|
2015-03-17 21:54:16 +03:00
|
|
|
|
|
|
|
if (rdg)
|
|
|
|
{
|
2024-03-06 17:08:25 +03:00
|
|
|
rdg->log = WLog_Get(TAG);
|
2015-03-17 21:54:16 +03:00
|
|
|
rdg->state = RDG_CLIENT_STATE_INITIAL;
|
2018-10-24 16:42:44 +03:00
|
|
|
rdg->context = context;
|
2024-06-27 09:40:05 +03:00
|
|
|
rdg->context->settings = rdg->context->settings;
|
|
|
|
rdg->extAuth =
|
|
|
|
(rdg->context->settings->GatewayHttpExtAuthSspiNtlm ? HTTP_EXTENDED_AUTH_SSPI_NTLM
|
|
|
|
: HTTP_EXTENDED_AUTH_NONE);
|
2018-02-13 18:40:23 +03:00
|
|
|
|
2024-06-27 09:40:05 +03:00
|
|
|
if (rdg->context->settings->GatewayAccessToken)
|
2018-02-13 18:40:23 +03:00
|
|
|
rdg->extAuth = HTTP_EXTENDED_AUTH_PAA;
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
UuidCreate(&rdg->guid);
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2024-06-27 09:40:05 +03:00
|
|
|
rdg->tlsOut = freerdp_tls_new(rdg->context);
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!rdg->tlsOut)
|
|
|
|
goto rdg_alloc_error;
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2024-06-27 09:40:05 +03:00
|
|
|
rdg->tlsIn = freerdp_tls_new(rdg->context);
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!rdg->tlsIn)
|
|
|
|
goto rdg_alloc_error;
|
|
|
|
|
|
|
|
rdg->http = http_context_new();
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!rdg->http)
|
|
|
|
goto rdg_alloc_error;
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2018-09-27 16:04:41 +03:00
|
|
|
if (!http_context_set_uri(rdg->http, "/remoteDesktopGateway/") ||
|
|
|
|
!http_context_set_accept(rdg->http, "*/*") ||
|
|
|
|
!http_context_set_cache_control(rdg->http, "no-cache") ||
|
|
|
|
!http_context_set_pragma(rdg->http, "no-cache") ||
|
|
|
|
!http_context_set_connection(rdg->http, "Keep-Alive") ||
|
|
|
|
!http_context_set_user_agent(rdg->http, "MS-RDGateway/1.0") ||
|
2024-06-27 09:40:05 +03:00
|
|
|
!http_context_set_host(rdg->http, rdg->context->settings->GatewayHostname) ||
|
2023-11-02 12:53:13 +03:00
|
|
|
!http_context_set_rdg_connection_id(rdg->http, &rdg->guid) ||
|
|
|
|
!http_context_set_rdg_correlation_id(rdg->http, &rdg->guid) ||
|
2021-03-05 14:59:33 +03:00
|
|
|
!http_context_enable_websocket_upgrade(
|
2024-06-27 09:40:05 +03:00
|
|
|
rdg->http, freerdp_settings_get_bool(rdg->context->settings,
|
|
|
|
FreeRDP_GatewayHttpUseWebsockets)))
|
2015-03-17 21:54:16 +03:00
|
|
|
{
|
|
|
|
goto rdg_alloc_error;
|
|
|
|
}
|
|
|
|
|
2018-02-13 18:40:23 +03:00
|
|
|
if (rdg->extAuth != HTTP_EXTENDED_AUTH_NONE)
|
|
|
|
{
|
|
|
|
switch (rdg->extAuth)
|
|
|
|
{
|
|
|
|
case HTTP_EXTENDED_AUTH_PAA:
|
2018-09-27 16:04:41 +03:00
|
|
|
if (!http_context_set_rdg_auth_scheme(rdg->http, "PAA"))
|
2018-02-13 18:40:23 +03:00
|
|
|
goto rdg_alloc_error;
|
|
|
|
|
2022-11-22 16:38:06 +03:00
|
|
|
break;
|
|
|
|
|
2022-11-16 17:10:27 +03:00
|
|
|
case HTTP_EXTENDED_AUTH_SSPI_NTLM:
|
|
|
|
if (!http_context_set_rdg_auth_scheme(rdg->http, "SSPI_NTLM"))
|
|
|
|
goto rdg_alloc_error;
|
|
|
|
|
2018-02-13 18:40:23 +03:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
2024-03-06 17:08:25 +03:00
|
|
|
WLog_Print(rdg->log, WLOG_DEBUG,
|
|
|
|
"RDG extended authentication method %d not supported", rdg->extAuth);
|
2018-02-13 18:40:23 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
rdg->frontBio = BIO_new(BIO_s_rdg());
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2015-03-17 21:54:16 +03:00
|
|
|
if (!rdg->frontBio)
|
|
|
|
goto rdg_alloc_error;
|
2015-03-17 23:54:45 +03:00
|
|
|
|
2016-11-21 19:28:54 +03:00
|
|
|
BIO_set_data(rdg->frontBio, rdg);
|
2015-09-15 17:37:57 +03:00
|
|
|
InitializeCriticalSection(&rdg->writeSection);
|
2021-01-25 10:39:30 +03:00
|
|
|
|
|
|
|
rdg->transferEncoding.httpTransferEncoding = TransferEncodingIdentity;
|
2021-01-25 18:20:18 +03:00
|
|
|
rdg->transferEncoding.isWebsocketTransport = FALSE;
|
2015-03-17 21:54:16 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return rdg;
|
|
|
|
rdg_alloc_error:
|
2024-02-04 13:11:29 +03:00
|
|
|
WINPR_PRAGMA_DIAG_PUSH
|
|
|
|
WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC
|
2015-03-17 21:54:16 +03:00
|
|
|
rdg_free(rdg);
|
2024-02-04 13:11:29 +03:00
|
|
|
WINPR_PRAGMA_DIAG_POP
|
2015-03-17 21:54:16 +03:00
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2015-03-17 23:09:17 +03:00
|
|
|
void rdg_free(rdpRdg* rdg)
|
|
|
|
{
|
2015-03-17 23:54:45 +03:00
|
|
|
if (!rdg)
|
|
|
|
return;
|
2015-03-17 23:09:17 +03:00
|
|
|
|
2023-01-14 05:25:26 +03:00
|
|
|
freerdp_tls_free(rdg->tlsOut);
|
|
|
|
freerdp_tls_free(rdg->tlsIn);
|
2018-11-08 14:09:49 +03:00
|
|
|
http_context_free(rdg->http);
|
2022-09-06 06:16:21 +03:00
|
|
|
credssp_auth_free(rdg->auth);
|
2018-11-13 14:22:09 +03:00
|
|
|
|
|
|
|
if (!rdg->attached)
|
|
|
|
BIO_free_all(rdg->frontBio);
|
|
|
|
|
2018-01-15 14:43:37 +03:00
|
|
|
DeleteCriticalSection(&rdg->writeSection);
|
2021-01-25 10:39:30 +03:00
|
|
|
|
2021-01-25 18:20:18 +03:00
|
|
|
if (rdg->transferEncoding.isWebsocketTransport)
|
|
|
|
{
|
|
|
|
if (rdg->transferEncoding.context.websocket.responseStreamBuffer != NULL)
|
|
|
|
Stream_Free(rdg->transferEncoding.context.websocket.responseStreamBuffer, TRUE);
|
|
|
|
}
|
|
|
|
|
2022-10-16 22:54:59 +03:00
|
|
|
smartcardCertInfo_Free(rdg->smartcard);
|
|
|
|
|
2015-03-17 23:54:45 +03:00
|
|
|
free(rdg);
|
2015-03-17 23:09:17 +03:00
|
|
|
}
|
2018-10-24 16:42:44 +03:00
|
|
|
|
2018-11-13 14:22:09 +03:00
|
|
|
BIO* rdg_get_front_bio_and_take_ownership(rdpRdg* rdg)
|
2018-10-24 16:42:44 +03:00
|
|
|
{
|
|
|
|
if (!rdg)
|
|
|
|
return NULL;
|
|
|
|
|
2018-11-13 14:22:09 +03:00
|
|
|
rdg->attached = TRUE;
|
2018-10-24 16:42:44 +03:00
|
|
|
return rdg->frontBio;
|
|
|
|
}
|