FreeRDP/libfreerdp/core/gateway/rpc_client.c
2021-12-01 10:28:53 +01:00

1172 lines
28 KiB
C

/**
* FreeRDP: A Remote Desktop Protocol Implementation
* RPC Client
*
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <freerdp/log.h>
#include <winpr/crt.h>
#include <winpr/assert.h>
#include <winpr/print.h>
#include <winpr/synch.h>
#include <winpr/thread.h>
#include <winpr/stream.h>
#include "http.h"
#include "ncacn_http.h"
#include "rpc_bind.h"
#include "rpc_fault.h"
#include "rpc_client.h"
#include "rts_signature.h"
#include "../rdp.h"
#include "../proxy.h"
#define TAG FREERDP_TAG("core.gateway.rpc")
static void rpc_pdu_reset(RPC_PDU* pdu)
{
pdu->Type = 0;
pdu->Flags = 0;
pdu->CallId = 0;
Stream_SetPosition(pdu->s, 0);
}
static RPC_PDU* rpc_pdu_new(void)
{
RPC_PDU* pdu;
pdu = (RPC_PDU*)malloc(sizeof(RPC_PDU));
if (!pdu)
return NULL;
pdu->s = Stream_New(NULL, 4096);
if (!pdu->s)
{
free(pdu);
return NULL;
}
rpc_pdu_reset(pdu);
return pdu;
}
static void rpc_pdu_free(RPC_PDU* pdu)
{
if (!pdu)
return;
Stream_Free(pdu->s, TRUE);
free(pdu);
}
static int rpc_client_receive_pipe_write(RpcClient* client, const BYTE* buffer, size_t length)
{
int status = 0;
if (!client || !buffer)
return -1;
EnterCriticalSection(&(client->PipeLock));
if (ringbuffer_write(&(client->ReceivePipe), buffer, length))
status += (int)length;
if (ringbuffer_used(&(client->ReceivePipe)) > 0)
SetEvent(client->PipeEvent);
LeaveCriticalSection(&(client->PipeLock));
return status;
}
int rpc_client_receive_pipe_read(RpcClient* client, BYTE* buffer, size_t length)
{
int index = 0;
size_t status = 0;
int nchunks = 0;
DataChunk chunks[2];
if (!client || !buffer)
return -1;
EnterCriticalSection(&(client->PipeLock));
nchunks = ringbuffer_peek(&(client->ReceivePipe), chunks, length);
for (index = 0; index < nchunks; index++)
{
CopyMemory(&buffer[status], chunks[index].data, chunks[index].size);
status += chunks[index].size;
}
if (status > 0)
ringbuffer_commit_read_bytes(&(client->ReceivePipe), status);
if (ringbuffer_used(&(client->ReceivePipe)) < 1)
ResetEvent(client->PipeEvent);
LeaveCriticalSection(&(client->PipeLock));
if (status > INT_MAX)
return -1;
return (int)status;
}
static int rpc_client_transition_to_state(rdpRpc* rpc, RPC_CLIENT_STATE state)
{
int status = 1;
const char* str = "RPC_CLIENT_STATE_UNKNOWN";
switch (state)
{
case RPC_CLIENT_STATE_INITIAL:
str = "RPC_CLIENT_STATE_INITIAL";
break;
case RPC_CLIENT_STATE_ESTABLISHED:
str = "RPC_CLIENT_STATE_ESTABLISHED";
break;
case RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK:
str = "RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK";
break;
case RPC_CLIENT_STATE_WAIT_UNSECURE_BIND_ACK:
str = "RPC_CLIENT_STATE_WAIT_UNSECURE_BIND_ACK";
break;
case RPC_CLIENT_STATE_WAIT_SECURE_ALTER_CONTEXT_RESPONSE:
str = "RPC_CLIENT_STATE_WAIT_SECURE_ALTER_CONTEXT_RESPONSE";
break;
case RPC_CLIENT_STATE_CONTEXT_NEGOTIATED:
str = "RPC_CLIENT_STATE_CONTEXT_NEGOTIATED";
break;
case RPC_CLIENT_STATE_WAIT_RESPONSE:
str = "RPC_CLIENT_STATE_WAIT_RESPONSE";
break;
case RPC_CLIENT_STATE_FINAL:
str = "RPC_CLIENT_STATE_FINAL";
break;
}
rpc->State = state;
WLog_DBG(TAG, "%s", str);
return status;
}
static int rpc_client_recv_pdu(rdpRpc* rpc, RPC_PDU* pdu)
{
int status = -1;
rdpTsg* tsg;
WINPR_ASSERT(rpc);
WINPR_ASSERT(pdu);
Stream_SealLength(pdu->s);
Stream_SetPosition(pdu->s, 0);
tsg = transport_get_tsg(rpc->transport);
if (rpc->VirtualConnection->State < VIRTUAL_CONNECTION_STATE_OPENED)
{
switch (rpc->VirtualConnection->State)
{
case VIRTUAL_CONNECTION_STATE_INITIAL:
break;
case VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT:
break;
case VIRTUAL_CONNECTION_STATE_WAIT_A3W:
if (!rts_match_pdu_signature(&RTS_PDU_CONN_A3_SIGNATURE, pdu->s, NULL))
{
WLog_ERR(TAG, "unexpected RTS PDU: Expected CONN/A3");
return -1;
}
if (!rts_recv_CONN_A3_pdu(rpc, pdu->s))
{
WLog_ERR(TAG, "rts_recv_CONN_A3_pdu failure");
return -1;
}
rpc_virtual_connection_transition_to_state(rpc, rpc->VirtualConnection,
VIRTUAL_CONNECTION_STATE_WAIT_C2);
status = 1;
break;
case VIRTUAL_CONNECTION_STATE_WAIT_C2:
if (!rts_match_pdu_signature(&RTS_PDU_CONN_C2_SIGNATURE, pdu->s, NULL))
{
WLog_ERR(TAG, "unexpected RTS PDU: Expected CONN/C2");
return -1;
}
if (!rts_recv_CONN_C2_pdu(rpc, pdu->s))
{
WLog_ERR(TAG, "rts_recv_CONN_C2_pdu failure");
return -1;
}
rpc_virtual_connection_transition_to_state(rpc, rpc->VirtualConnection,
VIRTUAL_CONNECTION_STATE_OPENED);
rpc_client_transition_to_state(rpc, RPC_CLIENT_STATE_ESTABLISHED);
if (rpc_send_bind_pdu(rpc) < 0)
{
WLog_ERR(TAG, "rpc_send_bind_pdu failure");
return -1;
}
rpc_client_transition_to_state(rpc, RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK);
status = 1;
break;
case VIRTUAL_CONNECTION_STATE_OPENED:
break;
case VIRTUAL_CONNECTION_STATE_FINAL:
break;
}
}
else if (rpc->State < RPC_CLIENT_STATE_CONTEXT_NEGOTIATED)
{
if (rpc->State == RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK)
{
if (pdu->Type == PTYPE_BIND_ACK)
{
if (!rpc_recv_bind_ack_pdu(rpc, pdu->s))
{
WLog_ERR(TAG, "rpc_recv_bind_ack_pdu failure");
return -1;
}
}
else
{
WLog_ERR(TAG,
"RPC_CLIENT_STATE_WAIT_SECURE_BIND_ACK unexpected pdu type: 0x%08" PRIX32
"",
pdu->Type);
return -1;
}
if (rpc_send_rpc_auth_3_pdu(rpc) < 0)
{
WLog_ERR(TAG, "rpc_secure_bind: error sending rpc_auth_3 pdu!");
return -1;
}
rpc_client_transition_to_state(rpc, RPC_CLIENT_STATE_CONTEXT_NEGOTIATED);
if (!tsg_proxy_begin(tsg))
{
WLog_ERR(TAG, "tsg_proxy_begin failure");
return -1;
}
status = 1;
}
else
{
WLog_ERR(TAG, "rpc_client_recv_pdu: invalid rpc->State: %d", rpc->State);
}
}
else if (rpc->State >= RPC_CLIENT_STATE_CONTEXT_NEGOTIATED)
{
if (!tsg_recv_pdu(tsg, pdu))
status = -1;
else
status = 1;
}
return status;
}
static int rpc_client_recv_fragment(rdpRpc* rpc, wStream* fragment)
{
int rc = -1;
RPC_PDU* pdu;
size_t StubOffset;
size_t StubLength;
RpcClientCall* call;
rpcconn_hdr_t header = { 0 };
WINPR_ASSERT(rpc);
WINPR_ASSERT(rpc->client);
WINPR_ASSERT(fragment);
pdu = rpc->client->pdu;
WINPR_ASSERT(pdu);
Stream_SealLength(fragment);
Stream_SetPosition(fragment, 0);
if (!rts_read_pdu_header(fragment, &header))
goto fail;
if (header.common.ptype == PTYPE_RESPONSE)
{
rpc->VirtualConnection->DefaultOutChannel->BytesReceived += header.common.frag_length;
rpc->VirtualConnection->DefaultOutChannel->ReceiverAvailableWindow -=
header.common.frag_length;
if (rpc->VirtualConnection->DefaultOutChannel->ReceiverAvailableWindow <
(rpc->ReceiveWindow / 2))
{
if (!rts_send_flow_control_ack_pdu(rpc))
goto fail;
}
if (!rpc_get_stub_data_info(&header, &StubOffset, &StubLength))
{
WLog_ERR(TAG, "expected stub");
goto fail;
}
if (StubLength == 4)
{
if ((header.common.call_id == rpc->PipeCallId) &&
(header.common.pfc_flags & PFC_LAST_FRAG))
{
/* End of TsProxySetupReceivePipe */
TerminateEventArgs e;
rdpContext* context = transport_get_context(rpc->transport);
rdpTsg* tsg = transport_get_tsg(rpc->transport);
WINPR_ASSERT(context);
if (Stream_Length(fragment) < StubOffset + 4)
goto fail;
Stream_SetPosition(fragment, StubOffset);
Stream_Read_UINT32(fragment, rpc->result);
freerdp_abort_connect(context->instance);
tsg_set_state(tsg, TSG_STATE_TUNNEL_CLOSE_PENDING);
EventArgsInit(&e, "freerdp");
e.code = 0;
PubSub_OnTerminate(context->pubSub, context, &e);
rc = 0;
goto success;
}
if (header.common.call_id != rpc->PipeCallId)
{
/* Ignoring non-TsProxySetupReceivePipe Response */
rc = 0;
goto success;
}
}
if (rpc->StubFragCount == 0)
rpc->StubCallId = header.common.call_id;
if (rpc->StubCallId != header.common.call_id)
{
WLog_ERR(TAG,
"invalid call_id: actual: %" PRIu32 ", expected: %" PRIu32
", frag_count: %" PRIu32 "",
rpc->StubCallId, header.common.call_id, rpc->StubFragCount);
}
call = rpc_client_call_find_by_id(rpc->client, rpc->StubCallId);
if (!call)
goto fail;
if (call->OpNum != TsProxySetupReceivePipeOpnum)
{
const rpcconn_response_hdr_t* response =
(const rpcconn_response_hdr_t*)&header.response;
if (!Stream_EnsureCapacity(pdu->s, response->alloc_hint))
goto fail;
if (Stream_Length(fragment) < StubOffset + StubLength)
goto fail;
Stream_SetPosition(fragment, StubOffset);
Stream_Write(pdu->s, Stream_Pointer(fragment), StubLength);
rpc->StubFragCount++;
if (response->alloc_hint == StubLength)
{
pdu->Flags = RPC_PDU_FLAG_STUB;
pdu->Type = PTYPE_RESPONSE;
pdu->CallId = rpc->StubCallId;
if (rpc_client_recv_pdu(rpc, pdu) < 0)
goto fail;
rpc_pdu_reset(pdu);
rpc->StubFragCount = 0;
rpc->StubCallId = 0;
}
}
else
{
const rpcconn_response_hdr_t* response = &header.response;
if (Stream_Length(fragment) < StubOffset + StubLength)
goto fail;
Stream_SetPosition(fragment, StubOffset);
rpc_client_receive_pipe_write(rpc->client, Stream_Pointer(fragment),
(size_t)StubLength);
rpc->StubFragCount++;
if (response->alloc_hint == StubLength)
{
rpc->StubFragCount = 0;
rpc->StubCallId = 0;
}
}
goto success;
}
else if (header.common.ptype == PTYPE_RTS)
{
if (rpc->State < RPC_CLIENT_STATE_CONTEXT_NEGOTIATED)
{
pdu->Flags = 0;
pdu->Type = header.common.ptype;
pdu->CallId = header.common.call_id;
if (!Stream_EnsureCapacity(pdu->s, Stream_Length(fragment)))
goto fail;
Stream_Write(pdu->s, Stream_Buffer(fragment), Stream_Length(fragment));
if (rpc_client_recv_pdu(rpc, pdu) < 0)
goto fail;
rpc_pdu_reset(pdu);
}
else
{
if (!rts_recv_out_of_sequence_pdu(rpc, fragment, &header))
goto fail;
}
goto success;
}
else if (header.common.ptype == PTYPE_BIND_ACK)
{
pdu->Flags = 0;
pdu->Type = header.common.ptype;
pdu->CallId = header.common.call_id;
if (!Stream_EnsureCapacity(pdu->s, Stream_Length(fragment)))
goto fail;
Stream_Write(pdu->s, Stream_Buffer(fragment), Stream_Length(fragment));
if (rpc_client_recv_pdu(rpc, pdu) < 0)
goto fail;
rpc_pdu_reset(pdu);
goto success;
}
else if (header.common.ptype == PTYPE_FAULT)
{
const rpcconn_fault_hdr_t* fault = (const rpcconn_fault_hdr_t*)&header.fault;
rpc_recv_fault_pdu(fault->status);
goto fail;
}
else
{
WLog_ERR(TAG, "unexpected RPC PDU type 0x%02" PRIX8 "", header.common.ptype);
goto fail;
}
success:
rc = (rc < 0) ? 1 : 0; /* In case of default error return change to 1, otherwise we already set
the return code */
fail:
rts_free_pdu_header(&header, FALSE);
return rc;
}
static int rpc_client_default_out_channel_recv(rdpRpc* rpc)
{
int status = -1;
UINT32 statusCode;
HttpResponse* response;
RpcInChannel* inChannel;
RpcOutChannel* outChannel;
HANDLE outChannelEvent = NULL;
RpcVirtualConnection* connection = rpc->VirtualConnection;
inChannel = connection->DefaultInChannel;
outChannel = connection->DefaultOutChannel;
BIO_get_event(outChannel->common.tls->bio, &outChannelEvent);
if (outChannel->State < CLIENT_OUT_CHANNEL_STATE_OPENED)
{
if (WaitForSingleObject(outChannelEvent, 0) != WAIT_OBJECT_0)
return 1;
response = http_response_recv(outChannel->common.tls, TRUE);
if (!response)
return -1;
if (outChannel->State == CLIENT_OUT_CHANNEL_STATE_SECURITY)
{
/* Receive OUT Channel Response */
if (!rpc_ncacn_http_recv_out_channel_response(&outChannel->common, response))
{
http_response_free(response);
WLog_ERR(TAG, "rpc_ncacn_http_recv_out_channel_response failure");
return -1;
}
/* Send OUT Channel Request */
if (!rpc_ncacn_http_send_out_channel_request(&outChannel->common, FALSE))
{
http_response_free(response);
WLog_ERR(TAG, "rpc_ncacn_http_send_out_channel_request failure");
return -1;
}
rpc_ncacn_http_ntlm_uninit(&outChannel->common);
rpc_out_channel_transition_to_state(outChannel, CLIENT_OUT_CHANNEL_STATE_NEGOTIATED);
/* Send CONN/A1 PDU over OUT channel */
if (!rts_send_CONN_A1_pdu(rpc))
{
http_response_free(response);
WLog_ERR(TAG, "rpc_send_CONN_A1_pdu error!");
return -1;
}
rpc_out_channel_transition_to_state(outChannel, CLIENT_OUT_CHANNEL_STATE_OPENED);
if (inChannel->State == CLIENT_IN_CHANNEL_STATE_OPENED)
{
rpc_virtual_connection_transition_to_state(
rpc, connection, VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT);
}
status = 1;
}
http_response_free(response);
}
else if (connection->State == VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT)
{
/* Receive OUT channel response */
if (WaitForSingleObject(outChannelEvent, 0) != WAIT_OBJECT_0)
return 1;
response = http_response_recv(outChannel->common.tls, FALSE);
if (!response)
return -1;
statusCode = http_response_get_status_code(response);
if (statusCode != HTTP_STATUS_OK)
{
WLog_ERR(TAG, "error! Status Code: %" PRIu32 "", statusCode);
http_response_print(response);
if (statusCode == HTTP_STATUS_DENIED)
{
rdpContext* context = transport_get_context(rpc->transport);
freerdp_set_last_error_if_not(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
}
http_response_free(response);
return -1;
}
http_response_free(response);
rpc_virtual_connection_transition_to_state(rpc, rpc->VirtualConnection,
VIRTUAL_CONNECTION_STATE_WAIT_A3W);
status = 1;
}
else
{
wStream* fragment = rpc->client->ReceiveFragment;
while (1)
{
size_t pos;
rpcconn_common_hdr_t header = { 0 };
while (Stream_GetPosition(fragment) < RPC_COMMON_FIELDS_LENGTH)
{
status = rpc_channel_read(&outChannel->common, fragment,
RPC_COMMON_FIELDS_LENGTH - Stream_GetPosition(fragment));
if (status < 0)
return -1;
if (Stream_GetPosition(fragment) < RPC_COMMON_FIELDS_LENGTH)
return 0;
}
pos = Stream_GetPosition(fragment);
Stream_SetPosition(fragment, 0);
/* Ignore errors, the PDU might not be complete. */
rts_read_common_pdu_header(fragment, &header);
Stream_SetPosition(fragment, pos);
if (header.frag_length > rpc->max_recv_frag)
{
WLog_ERR(TAG,
"rpc_client_recv: invalid fragment size: %" PRIu16 " (max: %" PRIu16 ")",
header.frag_length, rpc->max_recv_frag);
winpr_HexDump(TAG, WLOG_ERROR, Stream_Buffer(fragment),
Stream_GetPosition(fragment));
return -1;
}
while (Stream_GetPosition(fragment) < header.frag_length)
{
status = rpc_channel_read(&outChannel->common, fragment,
header.frag_length - Stream_GetPosition(fragment));
if (status < 0)
{
WLog_ERR(TAG, "error reading fragment body");
return -1;
}
if (Stream_GetPosition(fragment) < header.frag_length)
return 0;
}
{
/* complete fragment received */
status = rpc_client_recv_fragment(rpc, fragment);
if (status < 0)
return status;
/* channel recycling may update channel pointers */
if (outChannel->State == CLIENT_OUT_CHANNEL_STATE_RECYCLED &&
connection->NonDefaultOutChannel)
{
rpc_channel_free(&connection->DefaultOutChannel->common);
connection->DefaultOutChannel = connection->NonDefaultOutChannel;
connection->NonDefaultOutChannel = NULL;
rpc_out_channel_transition_to_state(connection->DefaultOutChannel,
CLIENT_OUT_CHANNEL_STATE_OPENED);
rpc_virtual_connection_transition_to_state(
rpc, connection, VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT);
return 0;
}
Stream_SetPosition(fragment, 0);
}
}
}
return status;
}
static int rpc_client_nondefault_out_channel_recv(rdpRpc* rpc)
{
int status = -1;
HttpResponse* response;
RpcOutChannel* nextOutChannel;
HANDLE nextOutChannelEvent = NULL;
nextOutChannel = rpc->VirtualConnection->NonDefaultOutChannel;
BIO_get_event(nextOutChannel->common.tls->bio, &nextOutChannelEvent);
if (WaitForSingleObject(nextOutChannelEvent, 0) != WAIT_OBJECT_0)
return 1;
response = http_response_recv(nextOutChannel->common.tls, TRUE);
if (response)
{
switch (nextOutChannel->State)
{
case CLIENT_OUT_CHANNEL_STATE_SECURITY:
if (rpc_ncacn_http_recv_out_channel_response(&nextOutChannel->common, response))
{
if (rpc_ncacn_http_send_out_channel_request(&nextOutChannel->common, TRUE))
{
rpc_ncacn_http_ntlm_uninit(&nextOutChannel->common);
if (rts_send_OUT_R1_A3_pdu(rpc))
{
status = 1;
rpc_out_channel_transition_to_state(
nextOutChannel, CLIENT_OUT_CHANNEL_STATE_OPENED_A6W);
}
else
{
WLog_ERR(TAG, "rts_send_OUT_R1/A3_pdu failure");
}
}
else
{
WLog_ERR(TAG, "rpc_ncacn_http_send_out_channel_request failure");
}
}
else
{
WLog_ERR(TAG, "rpc_ncacn_http_recv_out_channel_response failure");
}
break;
case CLIENT_OUT_CHANNEL_STATE_INITIAL:
case CLIENT_OUT_CHANNEL_STATE_CONNECTED:
case CLIENT_OUT_CHANNEL_STATE_NEGOTIATED:
default:
WLog_ERR(TAG,
"rpc_client_nondefault_out_channel_recv: Unexpected message %08" PRIx32,
nextOutChannel->State);
status = -1;
}
http_response_free(response);
}
return status;
}
int rpc_client_out_channel_recv(rdpRpc* rpc)
{
int status;
RpcVirtualConnection* connection = rpc->VirtualConnection;
if (connection->DefaultOutChannel)
{
status = rpc_client_default_out_channel_recv(rpc);
if (status < 0)
return -1;
}
if (connection->NonDefaultOutChannel)
{
status = rpc_client_nondefault_out_channel_recv(rpc);
if (status < 0)
return -1;
}
return 1;
}
int rpc_client_in_channel_recv(rdpRpc* rpc)
{
int status = 1;
HttpResponse* response;
RpcInChannel* inChannel;
RpcOutChannel* outChannel;
HANDLE InChannelEvent = NULL;
RpcVirtualConnection* connection = rpc->VirtualConnection;
inChannel = connection->DefaultInChannel;
outChannel = connection->DefaultOutChannel;
BIO_get_event(inChannel->common.tls->bio, &InChannelEvent);
if (WaitForSingleObject(InChannelEvent, 0) != WAIT_OBJECT_0)
return 1;
if (inChannel->State < CLIENT_IN_CHANNEL_STATE_OPENED)
{
response = http_response_recv(inChannel->common.tls, TRUE);
if (!response)
return -1;
if (inChannel->State == CLIENT_IN_CHANNEL_STATE_SECURITY)
{
if (!rpc_ncacn_http_recv_in_channel_response(&inChannel->common, response))
{
WLog_ERR(TAG, "rpc_ncacn_http_recv_in_channel_response failure");
http_response_free(response);
return -1;
}
/* Send IN Channel Request */
if (!rpc_ncacn_http_send_in_channel_request(&inChannel->common))
{
WLog_ERR(TAG, "rpc_ncacn_http_send_in_channel_request failure");
http_response_free(response);
return -1;
}
rpc_ncacn_http_ntlm_uninit(&inChannel->common);
rpc_in_channel_transition_to_state(inChannel, CLIENT_IN_CHANNEL_STATE_NEGOTIATED);
/* Send CONN/B1 PDU over IN channel */
if (!rts_send_CONN_B1_pdu(rpc))
{
WLog_ERR(TAG, "rpc_send_CONN_B1_pdu error!");
http_response_free(response);
return -1;
}
rpc_in_channel_transition_to_state(inChannel, CLIENT_IN_CHANNEL_STATE_OPENED);
if (outChannel->State == CLIENT_OUT_CHANNEL_STATE_OPENED)
{
rpc_virtual_connection_transition_to_state(
rpc, connection, VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT);
}
status = 1;
}
http_response_free(response);
}
else
{
response = http_response_recv(inChannel->common.tls, TRUE);
if (!response)
return -1;
/* We can receive an unauthorized HTTP response on the IN channel */
http_response_free(response);
}
return status;
}
/**
* [MS-RPCE] Client Call:
* http://msdn.microsoft.com/en-us/library/gg593159/
*/
RpcClientCall* rpc_client_call_find_by_id(RpcClient* client, UINT32 CallId)
{
size_t index;
size_t count;
RpcClientCall* clientCall = NULL;
if (!client)
return NULL;
ArrayList_Lock(client->ClientCallList);
count = ArrayList_Count(client->ClientCallList);
for (index = 0; index < count; index++)
{
clientCall = (RpcClientCall*)ArrayList_GetItem(client->ClientCallList, index);
if (clientCall->CallId == CallId)
break;
}
ArrayList_Unlock(client->ClientCallList);
return clientCall;
}
RpcClientCall* rpc_client_call_new(UINT32 CallId, UINT32 OpNum)
{
RpcClientCall* clientCall;
clientCall = (RpcClientCall*)calloc(1, sizeof(RpcClientCall));
if (!clientCall)
return NULL;
clientCall->CallId = CallId;
clientCall->OpNum = OpNum;
clientCall->State = RPC_CLIENT_CALL_STATE_SEND_PDUS;
return clientCall;
}
void rpc_client_call_free(RpcClientCall* clientCall)
{
free(clientCall);
}
static void rpc_array_client_call_free(void* call)
{
rpc_client_call_free((RpcClientCall*)call);
}
int rpc_in_channel_send_pdu(RpcInChannel* inChannel, const BYTE* buffer, size_t length)
{
SSIZE_T status;
RpcClientCall* clientCall;
wStream s;
rpcconn_common_hdr_t header = { 0 };
status = rpc_channel_write(&inChannel->common, buffer, length);
if (status <= 0)
return -1;
Stream_StaticConstInit(&s, buffer, length);
if (!rts_read_common_pdu_header(&s, &header))
return -1;
clientCall = rpc_client_call_find_by_id(inChannel->common.client, header.call_id);
clientCall->State = RPC_CLIENT_CALL_STATE_DISPATCHED;
/*
* This protocol specifies that only RPC PDUs are subject to the flow control abstract
* data model. RTS PDUs and the HTTP request and response headers are not subject to flow
* control. Implementations of this protocol MUST NOT include them when computing any of the
* variables specified by this abstract data model.
*/
if (header.ptype == PTYPE_REQUEST)
{
inChannel->BytesSent += status;
inChannel->SenderAvailableWindow -= status;
}
return status;
}
BOOL rpc_client_write_call(rdpRpc* rpc, wStream* s, UINT16 opnum)
{
size_t offset;
BYTE* buffer = NULL;
UINT32 stub_data_pad;
SecBuffer Buffers[2] = { 0 };
SecBufferDesc Message;
RpcClientCall* clientCall = NULL;
rdpNtlm* ntlm;
rpcconn_request_hdr_t request_pdu = { 0 };
RpcVirtualConnection* connection;
RpcInChannel* inChannel;
size_t length;
SSIZE_T size;
BOOL rc = FALSE;
if (!s)
return FALSE;
if (!rpc)
goto fail;
ntlm = rpc->ntlm;
connection = rpc->VirtualConnection;
if (!ntlm)
{
WLog_ERR(TAG, "invalid ntlm context");
goto fail;
}
if (!connection)
goto fail;
inChannel = connection->DefaultInChannel;
if (!inChannel)
goto fail;
Stream_SealLength(s);
length = Stream_Length(s);
if (ntlm_client_query_auth_size(ntlm) < 0)
goto fail;
size = ntlm_client_get_context_max_size(ntlm);
if (size < 0)
goto fail;
request_pdu.header = rpc_pdu_header_init(rpc);
request_pdu.header.ptype = PTYPE_REQUEST;
request_pdu.header.pfc_flags = PFC_FIRST_FRAG | PFC_LAST_FRAG;
request_pdu.header.auth_length = (UINT16)size;
request_pdu.header.call_id = rpc->CallId++;
request_pdu.alloc_hint = length;
request_pdu.p_cont_id = 0x0000;
request_pdu.opnum = opnum;
clientCall = rpc_client_call_new(request_pdu.header.call_id, request_pdu.opnum);
if (!clientCall)
goto fail;
if (!ArrayList_Append(rpc->client->ClientCallList, clientCall))
{
rpc_client_call_free(clientCall);
goto fail;
}
if (request_pdu.opnum == TsProxySetupReceivePipeOpnum)
rpc->PipeCallId = request_pdu.header.call_id;
request_pdu.stub_data = Stream_Buffer(s);
offset = 24;
stub_data_pad = rpc_offset_align(&offset, 8);
offset += length;
request_pdu.auth_verifier.auth_pad_length = rpc_offset_align(&offset, 4);
request_pdu.auth_verifier.auth_type = RPC_C_AUTHN_WINNT;
request_pdu.auth_verifier.auth_level = RPC_C_AUTHN_LEVEL_PKT_INTEGRITY;
request_pdu.auth_verifier.auth_reserved = 0x00;
request_pdu.auth_verifier.auth_context_id = 0x00000000;
offset += (8 + request_pdu.header.auth_length);
request_pdu.header.frag_length = offset;
buffer = (BYTE*)calloc(1, request_pdu.header.frag_length);
if (!buffer)
goto fail;
CopyMemory(buffer, &request_pdu, 24);
offset = 24;
rpc_offset_pad(&offset, stub_data_pad);
CopyMemory(&buffer[offset], request_pdu.stub_data, length);
offset += length;
rpc_offset_pad(&offset, request_pdu.auth_verifier.auth_pad_length);
CopyMemory(&buffer[offset], &request_pdu.auth_verifier.auth_type, 8);
offset += 8;
Buffers[0].BufferType = SECBUFFER_DATA | SECBUFFER_READONLY; /* auth_data */
Buffers[1].BufferType = SECBUFFER_TOKEN; /* signature */
Buffers[0].pvBuffer = buffer;
Buffers[0].cbBuffer = offset;
Buffers[1].cbBuffer = size;
Buffers[1].pvBuffer = calloc(1, Buffers[1].cbBuffer);
if (!Buffers[1].pvBuffer)
goto fail;
Message.cBuffers = 2;
Message.ulVersion = SECBUFFER_VERSION;
Message.pBuffers = (PSecBuffer)&Buffers;
if (!ntlm_client_encrypt(ntlm, 0, &Message, rpc->SendSeqNum++))
goto fail;
CopyMemory(&buffer[offset], Buffers[1].pvBuffer, Buffers[1].cbBuffer);
offset += Buffers[1].cbBuffer;
if (rpc_in_channel_send_pdu(inChannel, buffer, request_pdu.header.frag_length) < 0)
goto fail;
rc = TRUE;
fail:
free(buffer);
free(Buffers[1].pvBuffer);
Stream_Free(s, TRUE);
return rc;
}
static BOOL rpc_client_resolve_gateway(rdpSettings* settings, char** host, UINT16* port,
BOOL* isProxy)
{
struct addrinfo* result;
if (!settings || !host || !port || !isProxy)
return FALSE;
else
{
const char* peerHostname = freerdp_settings_get_string(settings, FreeRDP_GatewayHostname);
const char* proxyUsername = freerdp_settings_get_string(settings, FreeRDP_GatewayUsername);
const char* proxyPassword = freerdp_settings_get_string(settings, FreeRDP_GatewayPassword);
*port = (UINT16)freerdp_settings_get_uint32(settings, FreeRDP_GatewayPort);
*isProxy = proxy_prepare(settings, &peerHostname, port, &proxyUsername, &proxyPassword);
result = freerdp_tcp_resolve_host(peerHostname, *port, 0);
if (!result)
return FALSE;
*host =
freerdp_tcp_address_to_string((const struct sockaddr_storage*)result->ai_addr, NULL);
freeaddrinfo(result);
return TRUE;
}
}
RpcClient* rpc_client_new(rdpContext* context, UINT32 max_recv_frag)
{
wObject* obj;
RpcClient* client = (RpcClient*)calloc(1, sizeof(RpcClient));
if (!client)
return NULL;
if (!rpc_client_resolve_gateway(context->settings, &client->host, &client->port,
&client->isProxy))
goto fail;
client->context = context;
if (!client->context)
goto fail;
client->pdu = rpc_pdu_new();
if (!client->pdu)
goto fail;
client->ReceiveFragment = Stream_New(NULL, max_recv_frag);
if (!client->ReceiveFragment)
goto fail;
client->PipeEvent = CreateEvent(NULL, TRUE, FALSE, NULL);
if (!client->PipeEvent)
goto fail;
if (!ringbuffer_init(&(client->ReceivePipe), 4096))
goto fail;
if (!InitializeCriticalSectionAndSpinCount(&(client->PipeLock), 4000))
goto fail;
client->ClientCallList = ArrayList_New(TRUE);
if (!client->ClientCallList)
goto fail;
obj = ArrayList_Object(client->ClientCallList);
obj->fnObjectFree = rpc_array_client_call_free;
return client;
fail:
rpc_client_free(client);
return NULL;
}
void rpc_client_free(RpcClient* client)
{
if (!client)
return;
free(client->host);
if (client->ReceiveFragment)
Stream_Free(client->ReceiveFragment, TRUE);
if (client->PipeEvent)
CloseHandle(client->PipeEvent);
ringbuffer_destroy(&(client->ReceivePipe));
DeleteCriticalSection(&(client->PipeLock));
if (client->pdu)
rpc_pdu_free(client->pdu);
if (client->ClientCallList)
ArrayList_Free(client->ClientCallList);
free(client);
}