Merge pull request #1750 from ccpp/master

Support for HTTP-Proxy
2017-01-11 11:02:00 +01:00 · 2017-01-11 11:02:00 +01:00 · 3762401d43
parent 72bcc7367e 8658f04f42
commit 3762401d43
9 changed files with 412 additions and 8 deletions
--- a/client/common/cmdline.c
+++ b/client/common/cmdline.c
@ -23,6 +23,7 @@
 #include "config.h"
 #endif

+#include <ctype.h>
 #include <assert.h>

 #include <winpr/crt.h>
@ -82,6 +83,7 @@ static COMMAND_LINE_ARGUMENT_A args[] =
 	{ "gd", COMMAND_LINE_VALUE_REQUIRED, "<domain>", NULL, NULL, -1, NULL, "Gateway domain" },
 	{ "gt", COMMAND_LINE_VALUE_REQUIRED, "<rpc|http|auto>", NULL, NULL, -1, NULL, "Gateway transport type" },
 	{ "gateway-usage-method", COMMAND_LINE_VALUE_REQUIRED, "<direct|detect>", NULL, NULL, -1, "gum", "Gateway usage method" },
+	{ "proxy", COMMAND_LINE_VALUE_REQUIRED, "[<protocol>://]<host>:<port>", NULL, NULL, -1, NULL, "Proxy (see also environment variable below)" },
 	{ "load-balance-info", COMMAND_LINE_VALUE_REQUIRED, "<info string>", NULL, NULL, -1, NULL, "Load balance info" },
 	{ "app", COMMAND_LINE_VALUE_REQUIRED, "<executable path> or <||alias>", NULL, NULL, -1, NULL, "Remote application program" },
 	{ "app-name", COMMAND_LINE_VALUE_REQUIRED, "<app name>", NULL, NULL, -1, NULL, "Remote application name for user interface" },
@ -294,6 +296,16 @@ BOOL freerdp_client_print_command_line_help(int argc, char** argv)
 	printf("Multimedia Redirection: /multimedia:sys:alsa\n");
 	printf("USB Device Redirection: /usb:id,dev:054c:0268\n");
 	printf("\n");
+
+	printf("For Gateways, the https_proxy environment variable is respected:\n");
+#ifdef _WIN32
+	printf("    set HTTPS_PROXY=http://proxy.contoso.com:3128/\n");
+#else
+	printf("    export https_proxy=http://proxy.contoso.com:3128/\n");
+#endif
+	printf("    xfreerdp /g:rdp.contoso.com ...\n");
+	printf("\n");
+
 	printf("More documentation is coming, in the meantime consult source files\n");
 	printf("\n");
 	return TRUE;
@ -1777,6 +1789,45 @@ int freerdp_client_settings_parse_command_line_arguments(rdpSettings* settings,
 			settings->GatewayUseSameCredentials = TRUE;
 			freerdp_set_gateway_usage_method(settings, TSC_PROXY_MODE_DIRECT);
 		}
+		CommandLineSwitchCase(arg, "proxy")
+		{
+			if (arg->Flags & COMMAND_LINE_VALUE_PRESENT)
+			{
+				p = strstr(arg->Value, "://");
+				if (p) {
+					*p = '\0';
+					if (!strcmp("http", arg->Value)) {
+						settings->ProxyType = PROXY_TYPE_HTTP;
+					} else {
+						WLog_ERR(TAG, "Only HTTP proxys supported by now");
+						return COMMAND_LINE_ERROR_UNEXPECTED_VALUE;
+					}
+					arg->Value = p + 3;
+				}
+
+				p = strchr(arg->Value, ':');
+
+				if (p)
+				{
+					length = (int) (p - arg->Value);
+					if (!isdigit(p[1])) {
+						WLog_ERR(TAG, "Could not parse proxy port");
+						return COMMAND_LINE_ERROR_UNEXPECTED_VALUE;
+					}
+					settings->ProxyPort = atoi(&p[1]);
+					settings->ProxyHostname = (char*) malloc(length + 1);
+					strncpy(settings->ProxyHostname, arg->Value, length);
+					settings->ProxyHostname[length] = '\0';
+
+					settings->ProxyType = PROXY_TYPE_HTTP;
+				}
+			}
+			else
+			{
+				WLog_ERR(TAG, "Option http-proxy needs argument.");
+				return COMMAND_LINE_ERROR_UNEXPECTED_VALUE;
+			}
+		}
 		CommandLineSwitchCase(arg, "gu")
 		{
 			if (!(gwUser = _strdup(arg->Value)))
--- a/include/freerdp/settings.h
+++ b/include/freerdp/settings.h
@ -470,6 +470,9 @@ struct _RDPDR_PARALLEL
 };
 typedef struct _RDPDR_PARALLEL RDPDR_PARALLEL;

+#define PROXY_TYPE_NONE		0
+#define PROXY_TYPE_HTTP		1
+
 /* Settings */

 #ifdef __GNUC__
@ -686,6 +689,9 @@ typedef struct _RDPDR_PARALLEL RDPDR_PARALLEL;
 #define FreeRDP_GatewayRpcTransport				1994
 #define FreeRDP_GatewayHttpTransport				1995
 #define FreeRDP_GatewayUdpTransport				1996
+#define FreeRDP_ProxyType					2015
+#define FreeRDP_ProxyHostname					2016
+#define FreeRDP_ProxyPort   					2017
 #define FreeRDP_RemoteApplicationMode				2112
 #define FreeRDP_RemoteApplicationName				2113
 #define FreeRDP_RemoteApplicationIcon				2114
@ -1142,8 +1148,13 @@ struct rdp_settings
 	ALIGN64 BOOL GatewayRpcTransport; /* 1994 */
 	ALIGN64 BOOL GatewayHttpTransport; /* 1995 */
 	ALIGN64 BOOL GatewayUdpTransport; /* 1996 */
-	UINT64 padding2048[2048 - 1997]; /* 1997 */
-	UINT64 padding2112[2112 - 2048]; /* 2048 */
+	UINT64 padding2048[2015 - 1997]; /* 1997 */
+
+	/* Proxy */
+	ALIGN64 UINT32 ProxyType; 	/* 2015 */
+	ALIGN64 char* ProxyHostname;	/* 2016 */
+	ALIGN64 UINT16 ProxyPort;	/* 2017 */
+	UINT64 padding2112[2112 - 2018]; /* 2018 */

 	/**
 	 * RemoteApp
--- a/libfreerdp/common/settings.c
+++ b/libfreerdp/common/settings.c
@ -1850,6 +1850,12 @@ UINT32 freerdp_get_param_uint32(rdpSettings* settings, int id)
 		case FreeRDP_GatewayCredentialsSource:
 			return settings->GatewayCredentialsSource;

+		case FreeRDP_ProxyType:
+			return settings->ProxyType;
+
+		case FreeRDP_ProxyPort:
+			return settings->ProxyPort;
+
 		case FreeRDP_RemoteAppNumIconCaches:
 			return settings->RemoteAppNumIconCaches;

@ -2144,6 +2150,14 @@ int freerdp_set_param_uint32(rdpSettings* settings, int id, UINT32 param)
 			settings->GatewayCredentialsSource = param;
 			break;

+		case FreeRDP_ProxyType:
+			settings->ProxyType = param;
+			break;
+
+		case FreeRDP_ProxyPort:
+			settings->ProxyPort = param;
+			break;
+
 		case FreeRDP_RemoteAppNumIconCaches:
 			settings->RemoteAppNumIconCaches = param;
 			break;
@ -2473,6 +2487,9 @@ char* freerdp_get_param_string(rdpSettings* settings, int id)
 		case FreeRDP_GatewayDomain:
 			return settings->GatewayDomain;

+		case FreeRDP_ProxyHostname:
+			return settings->ProxyHostname;
+
 		case FreeRDP_RemoteApplicationName:
 			return settings->RemoteApplicationName;

@ -2680,6 +2697,10 @@ int freerdp_set_param_string(rdpSettings* settings, int id, const char* param)
 			tmp = &settings->GatewayDomain;
 			break;

+		case FreeRDP_ProxyHostname:
+			tmp = &settings->ProxyHostname;
+			break;
+
 		case FreeRDP_RemoteApplicationName:
 			tmp = &settings->RemoteApplicationName;
 			break;
--- a/libfreerdp/core/CMakeLists.txt
+++ b/libfreerdp/core/CMakeLists.txt
@ -104,6 +104,8 @@ set(${MODULE_PREFIX}_SRCS
 	rdp.h
 	tcp.c
 	tcp.h
+	proxy.c
+	proxy.h
 	tpdu.c
 	tpdu.h
 	tpkt.c
--- a/libfreerdp/core/gateway/rdg.c
+++ b/libfreerdp/core/gateway/rdg.c
@ -34,6 +34,7 @@
 #include <freerdp/utils/ringbuffer.h>

 #include "rdg.h"
+#include "../proxy.h"
 #include "../rdp.h"
 #include "../../crypto/opensslcompat.h"

@ -901,11 +902,14 @@ BOOL rdg_tls_out_connect(rdpRdg* rdg, const char* hostname, UINT16 port, int tim
 	BIO* socketBio = NULL;
 	BIO* bufferedBio = NULL;
 	rdpSettings* settings = rdg->settings;
+	const char *peerHostname = settings->GatewayHostname;
+	UINT16 peerPort = settings->GatewayPort;
+	BOOL isProxyConnection = proxy_prepare(settings, &peerHostname, &peerPort, TRUE);

 	assert(hostname != NULL);

-	sockfd = freerdp_tcp_connect(rdg->context, settings, settings->GatewayHostname,
-					settings->GatewayPort, timeout);
+	sockfd = freerdp_tcp_connect(rdg->context, settings, peerHostname,
+					peerPort, timeout);

 	if (sockfd < 1)
 	{
@ -932,6 +936,11 @@ BOOL rdg_tls_out_connect(rdpRdg* rdg, const char* hostname, UINT16 port, int tim
 	bufferedBio = BIO_push(bufferedBio, socketBio);
 	status = BIO_set_nonblock(bufferedBio, TRUE);

+	if (isProxyConnection) {
+		if (!proxy_connect(settings, bufferedBio, settings->GatewayHostname, settings->GatewayPort))
+			return FALSE;
+	}
+
 	if (!status)
 	{
 		BIO_free_all(bufferedBio);
@ -958,11 +967,20 @@ BOOL rdg_tls_in_connect(rdpRdg* rdg, const char* hostname, UINT16 port, int time
 	BIO* socketBio = NULL;
 	BIO* bufferedBio = NULL;
 	rdpSettings* settings = rdg->settings;
+	const char *peerHostname = settings->GatewayHostname;
+	int peerPort = settings->GatewayPort;
+	BOOL isProxyConnection = FALSE;

 	assert(hostname != NULL);

-	sockfd = freerdp_tcp_connect(rdg->context, settings, settings->GatewayHostname,
-					settings->GatewayPort, timeout);
+	if (settings->ProxyType) {
+		peerHostname = settings->ProxyHostname;
+		peerPort = settings->ProxyPort;
+		isProxyConnection = TRUE;
+	}
+
+	sockfd = freerdp_tcp_connect(rdg->context, settings, peerHostname,
+					peerPort, timeout);

 	if (sockfd < 1)
 		return FALSE;
--- a/libfreerdp/core/gateway/rpc.c
+++ b/libfreerdp/core/gateway/rpc.c
@ -37,6 +37,7 @@
 #include <valgrind/memcheck.h>
 #endif

+#include "../proxy.h"
 #include "http.h"
 #include "ntlm.h"
 #include "ncacn_http.h"
@ -759,9 +760,12 @@ int rpc_channel_tls_connect(RpcChannel* channel, int timeout)
 	rdpRpc* rpc = channel->rpc;
 	rdpContext* context = rpc->context;
 	rdpSettings* settings = context->settings;
+	const char *peerHostname = settings->GatewayHostname;
+	UINT16 peerPort = settings->GatewayPort;
+	BOOL isProxyConnection = proxy_prepare(settings, &peerHostname, &peerPort, TRUE);

-	sockfd = freerdp_tcp_connect(context, settings, settings->GatewayHostname,
-					settings->GatewayPort, timeout);
+	sockfd = freerdp_tcp_connect(context, settings, peerHostname,
+					peerPort, timeout);

 	if (sockfd < 1)
 		return -1;
@ -783,6 +787,11 @@ int rpc_channel_tls_connect(RpcChannel* channel, int timeout)
 	if (!BIO_set_nonblock(bufferedBio, TRUE))
 		return -1;

+	if (isProxyConnection) {
+		if (!proxy_connect(settings, bufferedBio, settings->GatewayHostname, settings->GatewayPort))
+			return -1;
+	}
+
 	channel->bio = bufferedBio;

 	tls = channel->tls = tls_new(settings);
--- a/libfreerdp/core/proxy.c
+++ b/libfreerdp/core/proxy.c
@ -0,0 +1,260 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Implementation
+ * HTTP Proxy support
+ *
+ * Copyright 2016 Christian Plattner <ccpp@gmx.at>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <ctype.h>
+
+#include "proxy.h"
+#include "freerdp/settings.h"
+#include "tcp.h"
+
+#include "winpr/environment.h"	/* For GetEnvironmentVariableA */
+
+#define CRLF "\r\n"
+#define TAG FREERDP_TAG("core.proxy")
+
+BOOL http_proxy_connect(BIO* bufferedBio, const char* hostname, UINT16 port);
+void proxy_read_environment(rdpSettings* settings, char* envname);
+
+BOOL proxy_prepare(rdpSettings* settings, const char** lpPeerHostname, UINT16* lpPeerPort,
+                   BOOL isHTTPS)
+{
+	/* For TSGateway, find the system HTTPS proxy automatically */
+	if (!settings->ProxyType)
+		proxy_read_environment(settings, "https_proxy");
+
+	if (!settings->ProxyType)
+		proxy_read_environment(settings, "HTTPS_PROXY");
+
+	if (settings->ProxyType)
+	{
+		*lpPeerHostname = settings->ProxyHostname;
+		*lpPeerPort = settings->ProxyPort;
+		return TRUE;
+	}
+
+	return FALSE;
+}
+
+void proxy_read_environment(rdpSettings* settings, char* envname)
+{
+	DWORD envlen;
+	char* env;
+	envlen = GetEnvironmentVariableA(envname, NULL, 0);
+
+	if (!envlen)
+		return;
+
+	env = calloc(1, envlen + 1);
+
+	if (!env)
+	{
+		WLog_ERR(TAG, "Not enough memory");
+		return;
+	}
+
+	envlen = GetEnvironmentVariableA(envname, env, envlen);
+	proxy_parse_uri(settings, env);
+	free(env);
+}
+
+BOOL proxy_parse_uri(rdpSettings* settings, const char* uri)
+{
+	const char* hostname, *pport;
+	const char* protocol;
+	const char* p;
+	UINT16 port;
+	int hostnamelen;
+	p = strstr(uri, "://");
+
+	if (p)
+	{
+		if (p == uri + 4 && !strncmp("http", uri, 4))
+		{
+			settings->ProxyType = PROXY_TYPE_HTTP;
+			protocol = "http";
+		}
+		else
+		{
+			WLog_ERR(TAG, "Only HTTP proxys supported by now");
+			return FALSE;
+		}
+
+		uri = p + 3;
+	}
+	else
+	{
+		WLog_ERR(TAG, "No scheme in proxy URI");
+		return FALSE;
+	}
+
+	hostname = uri;
+	pport = strchr(hostname, ':');
+
+	if (pport)
+	{
+		if (!isdigit(*(pport + 1)))
+		{
+			WLog_ERR(TAG, "Could not parse proxy port");
+			return FALSE;
+		}
+
+		port = atoi(pport + 1);
+	}
+	else
+	{
+		/* The default is 80. Also for Proxys. */
+		port = 80;
+		pport = strchr(hostname, '/');
+	}
+
+	if (pport)
+	{
+		hostnamelen = pport - hostname;
+	}
+	else
+	{
+		hostnamelen = strlen(hostname);
+	}
+
+	settings->ProxyHostname = calloc(1, hostnamelen + 1);
+
+	if (!settings->ProxyHostname)
+	{
+		WLog_ERR(TAG, "Not enough memory");
+		return FALSE;
+	}
+
+	memcpy(settings->ProxyHostname, hostname, hostnamelen);
+	settings->ProxyPort = port;
+	WLog_INFO(TAG, "Parsed proxy configuration: %s://%s:%d", protocol, settings->ProxyHostname,
+	          settings->ProxyPort);
+	return TRUE;
+}
+
+BOOL proxy_connect(rdpSettings* settings, BIO* bufferedBio, const char* hostname, UINT16 port)
+{
+	switch (settings->ProxyType)
+	{
+		case PROXY_TYPE_NONE:
+			return TRUE;
+
+		case PROXY_TYPE_HTTP:
+			return http_proxy_connect(bufferedBio, hostname, port);
+
+		default:
+			WLog_ERR(TAG, "Invalid internal proxy configuration");
+			return FALSE;
+	}
+}
+
+BOOL http_proxy_connect(BIO* bufferedBio, const char* hostname, UINT16 port)
+{
+	int status;
+	wStream* s;
+	char port_str[10], recv_buf[256], *eol;
+	int resultsize;
+
+	_itoa_s(port, port_str, sizeof(port_str), 10);
+
+	s = Stream_New(NULL, 200);
+	Stream_Write(s, "CONNECT ", 8);
+	Stream_Write(s, hostname, strlen(hostname));
+	Stream_Write_UINT8(s, ':');
+	Stream_Write(s, port_str, strlen(port_str));
+	Stream_Write(s, " HTTP/1.1" CRLF "Host: ", 17);
+	Stream_Write(s, hostname, strlen(hostname));
+	Stream_Write_UINT8(s, ':');
+	Stream_Write(s, port_str, strlen(port_str));
+	Stream_Write(s, CRLF CRLF, 4);
+
+	status = BIO_write(bufferedBio, Stream_Buffer(s), Stream_GetPosition(s));
+
+	if (status != Stream_GetPosition(s))
+	{
+		WLog_ERR(TAG, "HTTP proxy: failed to write CONNECT request");
+		return FALSE;
+	}
+
+	Stream_Free(s, TRUE);
+	s = NULL;
+
+	/* Read result until CR-LF-CR-LF.
+	 * Keep recv_buf a null-terminated string. */
+
+	memset(recv_buf, '\0', sizeof(recv_buf));
+	resultsize = 0;
+
+	while (strstr(recv_buf, CRLF CRLF) == NULL)
+	{
+		if (resultsize >= sizeof(recv_buf) - 1)
+		{
+			WLog_ERR(TAG, "HTTP Reply headers too long.");
+			return FALSE;
+		}
+
+		status = BIO_read(bufferedBio, (BYTE*)recv_buf + resultsize, sizeof(recv_buf) - resultsize - 1);
+
+		if (status < 0)
+		{
+			/* Error? */
+			if (BIO_should_retry(bufferedBio))
+			{
+				USleep(100);
+				continue;
+			}
+
+			WLog_ERR(TAG, "Failed reading reply from HTTP proxy (Status %d)", status);
+			return FALSE;
+		}
+		else if (status == 0)
+		{
+			/* Error? */
+			WLog_ERR(TAG, "Failed reading reply from HTTP proxy (BIO_read returned zero)");
+			return FALSE;
+		}
+
+		resultsize += status;
+	}
+
+	/* Extract HTTP status line */
+	eol = strchr(recv_buf, '\r');
+
+	if (!eol)
+	{
+		/* should never happen */
+		return FALSE;
+	}
+
+	*eol = '\0';
+
+	WLog_INFO(TAG, "HTTP Proxy: %s", recv_buf);
+
+	if (strlen(recv_buf) < 12)
+	{
+		return FALSE;
+	}
+
+	recv_buf[7] = 'X';
+
+	if (strncmp(recv_buf, "HTTP/1.X 200", 12))
+		return FALSE;
+
+	return TRUE;
+}
+
--- a/libfreerdp/core/proxy.h
+++ b/libfreerdp/core/proxy.h
@ -0,0 +1,31 @@
+/**
+ * FreeRDP: A Remote Desktop Protocol Implementation
+ * HTTP proxy support
+ *
+ * Copyright 2014 Christian Plattner <ccpp@gmx.at>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef __HTTP_PROXY_H
+#define __HTTP_PROXY_H
+
+#include "freerdp/settings.h"
+#include <openssl/bio.h>
+
+BOOL proxy_prepare(rdpSettings* settings, const char** lpPeerHostname, UINT16* lpPeerPort,
+                   BOOL isHTTPS);
+BOOL proxy_parse_uri(rdpSettings* settings, const char* uri);
+BOOL proxy_connect(rdpSettings* settings, BIO* bio, const char* hostname, UINT16 port);
+
+#endif
--- a/libfreerdp/core/settings.c
+++ b/libfreerdp/core/settings.c
@ -670,6 +670,7 @@ rdpSettings* freerdp_settings_clone(rdpSettings* settings)
 		CHECKED_STRDUP(GatewayUsername); /* 1987 */
 		CHECKED_STRDUP(GatewayPassword); /* 1988 */
 		CHECKED_STRDUP(GatewayDomain); /* 1989 */
+		CHECKED_STRDUP(ProxyHostname); /* 2016 */
 		CHECKED_STRDUP(RemoteApplicationName); /* 2113 */
 		CHECKED_STRDUP(RemoteApplicationIcon); /* 2114 */
 		CHECKED_STRDUP(RemoteApplicationProgram); /* 2115 */