1186 lines
36 KiB
C
1186 lines
36 KiB
C
/**
|
|
* FreeRDP: A Remote Desktop Protocol Implementation
|
|
* Terminal Server Gateway (TSG)
|
|
*
|
|
* Copyright 2012 Fujitsu Technology Solutions GmbH
|
|
* Copyright 2012 Dmitrij Jasnov <dmitrij.jasnov@ts.fujitsu.com>
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
#include "config.h"
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include <freerdp/utils/sleep.h>
|
|
#include <freerdp/utils/stream.h>
|
|
#include <freerdp/utils/memory.h>
|
|
#include <freerdp/utils/hexdump.h>
|
|
#include <freerdp/utils/unicode.h>
|
|
|
|
#include <winpr/crt.h>
|
|
#include <winpr/ndr.h>
|
|
#include <winpr/error.h>
|
|
|
|
#include "tsg.h"
|
|
|
|
/**
|
|
* RPC Functions: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378623/
|
|
* Remote Procedure Call: http://msdn.microsoft.com/en-us/library/windows/desktop/aa378651/
|
|
* RPC NDR Interface Reference: http://msdn.microsoft.com/en-us/library/windows/desktop/hh802752/
|
|
*/
|
|
|
|
const RPC_FAULT_CODE RPC_TSG_FAULT_CODES[] =
|
|
{
|
|
DEFINE_RPC_FAULT_CODE(ERROR_SUCCESS)
|
|
DEFINE_RPC_FAULT_CODE(ERROR_ACCESS_DENIED)
|
|
DEFINE_RPC_FAULT_CODE(ERROR_ONLY_IF_CONNECTED)
|
|
DEFINE_RPC_FAULT_CODE(ERROR_INVALID_PARAMETER)
|
|
DEFINE_RPC_FAULT_CODE(ERROR_GRACEFUL_DISCONNECT)
|
|
DEFINE_RPC_FAULT_CODE(ERROR_OPERATION_ABORTED)
|
|
DEFINE_RPC_FAULT_CODE(ERROR_BAD_ARGUMENTS)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_INTERNALERROR)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_RAP_ACCESSDENIED)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_NAP_ACCESSDENIED)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_TS_CONNECTFAILED)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_ALREADYDISCONNECTED)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_QUARANTINE_ACCESSDENIED)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_NOCERTAVAILABLE)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_COOKIE_BADPACKET)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_COOKIE_AUTHENTICATION_ACCESS_DENIED)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_UNSUPPORTED_AUTHENTICATION_METHOD)
|
|
DEFINE_RPC_FAULT_CODE(E_PROXY_CAPABILITYMISMATCH)
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_NOTSUPPORTED))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_TS_CONNECTFAILED))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_MAXCONNECTIONSREACHED))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_INTERNALERROR))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_SESSIONTIMEOUT))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_REAUTH_AUTHN_FAILED))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_REAUTH_CAP_FAILED))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_REAUTH_RAP_FAILED))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_SDR_NOT_SUPPORTED_BY_TS))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_REAUTH_NAP_FAILED))
|
|
DEFINE_RPC_FAULT_CODE(HRESULT_CODE(E_PROXY_CONNECTIONABORTED))
|
|
DEFINE_RPC_FAULT_CODE(__HRESULT_FROM_WIN32(RPC_S_CALL_CANCELLED))
|
|
{ 0, NULL }
|
|
};
|
|
|
|
/* this might be a verification trailer */
|
|
|
|
BYTE TsProxyCreateTunnelUnknownTrailerBytes[60] =
|
|
{
|
|
0x8A, 0xE3, 0x13, 0x71, 0x02, 0xF4, 0x36, 0x71, 0x01, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00, 0x00,
|
|
0x02, 0x40, 0x28, 0x00, 0xDD, 0x65, 0xE2, 0x44, 0xAF, 0x7D, 0xCD, 0x42, 0x85, 0x60, 0x3C, 0xDB,
|
|
0x6E, 0x7A, 0x27, 0x29, 0x01, 0x00, 0x03, 0x00, 0x04, 0x5D, 0x88, 0x8A, 0xEB, 0x1C, 0xC9, 0x11,
|
|
0x9F, 0xE8, 0x08, 0x00, 0x2B, 0x10, 0x48, 0x60, 0x02, 0x00, 0x00, 0x00
|
|
};
|
|
|
|
DWORD TsProxySendToServer(handle_t IDL_handle, byte pRpcMessage[], UINT32 count, UINT32* lengths)
|
|
{
|
|
STREAM* s;
|
|
int status;
|
|
int length;
|
|
rdpTsg* tsg;
|
|
byte* buffer1 = NULL;
|
|
byte* buffer2 = NULL;
|
|
byte* buffer3 = NULL;
|
|
UINT32 buffer1Length;
|
|
UINT32 buffer2Length;
|
|
UINT32 buffer3Length;
|
|
UINT32 numBuffers = 0;
|
|
UINT32 totalDataBytes = 0;
|
|
|
|
tsg = (rdpTsg*) IDL_handle;
|
|
buffer1Length = buffer2Length = buffer3Length = 0;
|
|
|
|
if (count > 0)
|
|
{
|
|
numBuffers++;
|
|
buffer1 = &pRpcMessage[0];
|
|
buffer1Length = lengths[0];
|
|
totalDataBytes += lengths[0] + 4;
|
|
}
|
|
|
|
if (count > 1)
|
|
{
|
|
numBuffers++;
|
|
buffer2 = &pRpcMessage[1];
|
|
buffer2Length = lengths[1];
|
|
totalDataBytes += lengths[1] + 4;
|
|
}
|
|
|
|
if (count > 2)
|
|
{
|
|
numBuffers++;
|
|
buffer3 = &pRpcMessage[2];
|
|
buffer3Length = lengths[2];
|
|
totalDataBytes += lengths[2] + 4;
|
|
}
|
|
|
|
s = stream_new(28 + totalDataBytes);
|
|
|
|
/* PCHANNEL_CONTEXT_HANDLE_NOSERIALIZE_NR (20 bytes) */
|
|
stream_write(s, &tsg->ChannelContext.ContextType, 4); /* ContextType (4 bytes) */
|
|
stream_write(s, tsg->ChannelContext.ContextUuid, 16); /* ContextUuid (16 bytes) */
|
|
|
|
stream_write_UINT32_be(s, totalDataBytes); /* totalDataBytes (4 bytes) */
|
|
stream_write_UINT32_be(s, numBuffers); /* numBuffers (4 bytes) */
|
|
|
|
if (buffer1Length > 0)
|
|
stream_write_UINT32_be(s, buffer1Length); /* buffer1Length (4 bytes) */
|
|
if (buffer2Length > 0)
|
|
stream_write_UINT32_be(s, buffer2Length); /* buffer2Length (4 bytes) */
|
|
if (buffer3Length > 0)
|
|
stream_write_UINT32_be(s, buffer3Length); /* buffer3Length (4 bytes) */
|
|
|
|
if (buffer1Length > 0)
|
|
stream_write(s, buffer1, buffer1Length); /* buffer1 (variable) */
|
|
if (buffer2Length > 0)
|
|
stream_write(s, buffer2, buffer2Length); /* buffer2 (variable) */
|
|
if (buffer3Length > 0)
|
|
stream_write(s, buffer3, buffer3Length); /* buffer3 (variable) */
|
|
|
|
stream_seal(s);
|
|
|
|
length = s->size;
|
|
status = rpc_tsg_write(tsg->rpc, s->data, s->size, TsProxySendToServerOpnum);
|
|
|
|
stream_free(s);
|
|
|
|
if (status <= 0)
|
|
{
|
|
printf("rpc_tsg_write failed!\n");
|
|
return -1;
|
|
}
|
|
|
|
return length;
|
|
}
|
|
|
|
BOOL TsProxyCreateTunnelWriteRequest(rdpTsg* tsg)
|
|
{
|
|
int status;
|
|
BYTE* buffer;
|
|
UINT32 length;
|
|
UINT32 NapCapabilities;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
|
|
length = 108;
|
|
buffer = (BYTE*) malloc(length);
|
|
|
|
*((UINT32*) &buffer[0]) = TSG_PACKET_TYPE_VERSIONCAPS; /* PacketId */
|
|
*((UINT32*) &buffer[4]) = TSG_PACKET_TYPE_VERSIONCAPS; /* SwitchValue */
|
|
|
|
*((UINT32*) &buffer[8]) = 0x00020000; /* PacketVersionCapsPtr */
|
|
|
|
*((UINT16*) &buffer[12]) = TS_GATEWAY_TRANSPORT; /* ComponentId */
|
|
*((UINT16*) &buffer[14]) = TSG_PACKET_TYPE_VERSIONCAPS; /* PacketId */
|
|
|
|
*((UINT32*) &buffer[16]) = 0x00020004; /* TsgCapsPtr */
|
|
*((UINT32*) &buffer[20]) = 0x00000001; /* NumCapabilities */
|
|
|
|
*((UINT16*) &buffer[24]) = 0x0001; /* MajorVersion */
|
|
*((UINT16*) &buffer[26]) = 0x0001; /* MinorVersion */
|
|
*((UINT16*) &buffer[28]) = 0x0000; /* QuarantineCapabilities */
|
|
|
|
/* 4-byte alignment (30 + 2) */
|
|
*((UINT16*) &buffer[30]) = 0x0000; /* 2-byte pad */
|
|
|
|
*((UINT32*) &buffer[32]) = 0x00000001; /* MaxCount */
|
|
*((UINT32*) &buffer[36]) = TSG_CAPABILITY_TYPE_NAP; /* CapabilityType */
|
|
*((UINT32*) &buffer[40]) = TSG_CAPABILITY_TYPE_NAP; /* SwitchValue */
|
|
|
|
NapCapabilities =
|
|
TSG_NAP_CAPABILITY_QUAR_SOH |
|
|
TSG_NAP_CAPABILITY_IDLE_TIMEOUT |
|
|
TSG_MESSAGING_CAP_CONSENT_SIGN |
|
|
TSG_MESSAGING_CAP_SERVICE_MSG |
|
|
TSG_MESSAGING_CAP_REAUTH;
|
|
|
|
/*
|
|
* FIXME: Alternate Code Path
|
|
*
|
|
* Using reduced capabilities appears to trigger
|
|
* TSG_PACKET_TYPE_QUARENC_RESPONSE instead of TSG_PACKET_TYPE_CAPS_RESPONSE
|
|
*/
|
|
NapCapabilities = TSG_NAP_CAPABILITY_IDLE_TIMEOUT;
|
|
|
|
*((UINT32*) &buffer[44]) = NapCapabilities; /* capabilities */
|
|
|
|
CopyMemory(&buffer[48], TsProxyCreateTunnelUnknownTrailerBytes, 60);
|
|
|
|
status = rpc_tsg_write(rpc, buffer, length, TsProxyCreateTunnelOpnum);
|
|
|
|
if (status <= 0)
|
|
return FALSE;
|
|
|
|
free(buffer);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg)
|
|
{
|
|
int status;
|
|
BYTE* buffer;
|
|
UINT32 count;
|
|
UINT32 length;
|
|
UINT32 offset;
|
|
UINT32 Pointer;
|
|
PTSG_PACKET packet;
|
|
UINT32 SwitchValue;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
PTSG_PACKET_CAPABILITIES tsgCaps;
|
|
PTSG_PACKET_VERSIONCAPS versionCaps;
|
|
PTSG_PACKET_CAPS_RESPONSE packetCapsResponse;
|
|
PTSG_PACKET_QUARENC_RESPONSE packetQuarEncResponse;
|
|
|
|
status = rpc_recv_pdu(rpc);
|
|
|
|
if (status <= 0)
|
|
return FALSE;
|
|
|
|
length = status;
|
|
buffer = rpc->buffer;
|
|
|
|
packet = (PTSG_PACKET) malloc(sizeof(TSG_PACKET));
|
|
ZeroMemory(packet, sizeof(TSG_PACKET));
|
|
|
|
packet->packetId = *((UINT32*) &buffer[28]); /* PacketId */
|
|
SwitchValue = *((UINT32*) &buffer[32]); /* SwitchValue */
|
|
|
|
if ((packet->packetId == TSG_PACKET_TYPE_CAPS_RESPONSE) && (SwitchValue == TSG_PACKET_TYPE_CAPS_RESPONSE))
|
|
{
|
|
packetCapsResponse = (PTSG_PACKET_CAPS_RESPONSE) malloc(sizeof(TSG_PACKET_CAPS_RESPONSE));
|
|
ZeroMemory(packetCapsResponse, sizeof(TSG_PACKET_CAPS_RESPONSE));
|
|
packet->tsgPacket.packetCapsResponse = packetCapsResponse;
|
|
|
|
/* PacketQuarResponsePtr (4 bytes) */
|
|
packetCapsResponse->pktQuarEncResponse.flags = *((UINT32*) &buffer[40]); /* Flags */
|
|
packetCapsResponse->pktQuarEncResponse.certChainLen = *((UINT32*) &buffer[44]); /* CertChainLength */
|
|
/* CertChainDataPtr (4 bytes) */
|
|
CopyMemory(&packetCapsResponse->pktQuarEncResponse.nonce, &buffer[52], 16); /* Nonce */
|
|
offset = 68;
|
|
|
|
Pointer = *((UINT32*) &buffer[offset]); /* Ptr */
|
|
offset += 4;
|
|
|
|
if (Pointer == 0x0002000C)
|
|
{
|
|
/* Not sure exactly what this is */
|
|
offset += 4; /* 0x00000001 (4 bytes) */
|
|
offset += 4; /* 0x00000001 (4 bytes) */
|
|
offset += 4; /* 0x00000000 (4 bytes) */
|
|
offset += 4; /* 0x00000001 (4 bytes) */
|
|
}
|
|
|
|
if (packetCapsResponse->pktQuarEncResponse.certChainLen)
|
|
{
|
|
Pointer = *((UINT32*) &buffer[offset]); /* Ptr (4 bytes): 0x00020014 */
|
|
offset += 4;
|
|
|
|
offset += 4; /* MaxCount (4 bytes) */
|
|
offset += 4; /* Offset (4 bytes) */
|
|
count = *((UINT32*) &buffer[offset]); /* ActualCount (4 bytes) */
|
|
offset += 4;
|
|
|
|
/*
|
|
* CertChainData is a wide character string, and the count is
|
|
* given in characters excluding the null terminator, therefore:
|
|
* size = ((count + 1) * 2)
|
|
*/
|
|
offset += ((count + 1) * 2); /* CertChainData */
|
|
}
|
|
else
|
|
{
|
|
Pointer = *((UINT32*) &buffer[offset]); /* Ptr (4 bytes) */
|
|
offset += 4;
|
|
}
|
|
|
|
versionCaps = (PTSG_PACKET_VERSIONCAPS) malloc(sizeof(TSG_PACKET_VERSIONCAPS));
|
|
ZeroMemory(versionCaps, sizeof(TSG_PACKET_VERSIONCAPS));
|
|
packetCapsResponse->pktQuarEncResponse.versionCaps = versionCaps;
|
|
|
|
versionCaps->tsgHeader.ComponentId = *((UINT16*) &buffer[offset]); /* ComponentId */
|
|
versionCaps->tsgHeader.PacketId = *((UINT16*) &buffer[offset + 2]); /* PacketId */
|
|
offset += 4;
|
|
|
|
if (versionCaps->tsgHeader.ComponentId != TS_GATEWAY_TRANSPORT)
|
|
{
|
|
printf("Unexpected ComponentId: 0x%04X, Expected TS_GATEWAY_TRANSPORT\n",
|
|
versionCaps->tsgHeader.ComponentId);
|
|
return FALSE;
|
|
}
|
|
|
|
Pointer = *((UINT32*) &buffer[offset]); /* TsgCapsPtr */
|
|
versionCaps->numCapabilities = *((UINT32*) &buffer[offset + 4]); /* NumCapabilities */
|
|
versionCaps->majorVersion = *((UINT16*) &buffer[offset + 8]); /* MajorVersion */
|
|
versionCaps->majorVersion = *((UINT16*) &buffer[offset + 10]); /* MinorVersion */
|
|
versionCaps->quarantineCapabilities = *((UINT16*) &buffer[offset + 12]); /* QuarantineCapabilities */
|
|
offset += 14;
|
|
|
|
/* 4-byte alignment */
|
|
rpc_offset_align(&offset, 4);
|
|
|
|
tsgCaps = (PTSG_PACKET_CAPABILITIES) malloc(sizeof(TSG_PACKET_CAPABILITIES));
|
|
ZeroMemory(tsgCaps, sizeof(TSG_PACKET_CAPABILITIES));
|
|
versionCaps->tsgCaps = tsgCaps;
|
|
|
|
offset += 4; /* MaxCount (4 bytes) */
|
|
tsgCaps->capabilityType = *((UINT32*) &buffer[offset]); /* CapabilityType */
|
|
SwitchValue = *((UINT32*) &buffer[offset + 4]); /* SwitchValue */
|
|
offset += 8;
|
|
|
|
if ((SwitchValue != TSG_CAPABILITY_TYPE_NAP) ||
|
|
(tsgCaps->capabilityType != TSG_CAPABILITY_TYPE_NAP))
|
|
{
|
|
printf("Unexpected CapabilityType: 0x%08X, Expected TSG_CAPABILITY_TYPE_NAP\n",
|
|
tsgCaps->capabilityType);
|
|
return FALSE;
|
|
}
|
|
|
|
tsgCaps->tsgPacket.tsgCapNap.capabilities = *((UINT32*) &buffer[offset]); /* Capabilities */
|
|
offset += 4;
|
|
|
|
/* ??? (16 bytes): all zeros */
|
|
offset += 16;
|
|
|
|
/* TunnelContext (20 bytes) */
|
|
CopyMemory(&tsg->TunnelContext.ContextType, &buffer[offset], 4); /* ContextType */
|
|
CopyMemory(tsg->TunnelContext.ContextUuid, &buffer[offset + 4], 16); /* ContextUuid */
|
|
offset += 20;
|
|
|
|
/* TODO: trailing bytes */
|
|
|
|
#ifdef WITH_DEBUG_TSG
|
|
printf("TSG TunnelContext:\n");
|
|
freerdp_hexdump((void*) &tsg->TunnelContext, 20);
|
|
printf("\n");
|
|
#endif
|
|
|
|
free(tsgCaps);
|
|
free(versionCaps);
|
|
free(packetCapsResponse);
|
|
}
|
|
else if ((packet->packetId == TSG_PACKET_TYPE_QUARENC_RESPONSE) && (SwitchValue == TSG_PACKET_TYPE_QUARENC_RESPONSE))
|
|
{
|
|
packetQuarEncResponse = (PTSG_PACKET_QUARENC_RESPONSE) malloc(sizeof(TSG_PACKET_QUARENC_RESPONSE));
|
|
ZeroMemory(packetQuarEncResponse, sizeof(TSG_PACKET_QUARENC_RESPONSE));
|
|
packet->tsgPacket.packetQuarEncResponse = packetQuarEncResponse;
|
|
|
|
/* PacketQuarResponsePtr (4 bytes) */
|
|
packetQuarEncResponse->flags = *((UINT32*) &buffer[40]); /* Flags */
|
|
packetQuarEncResponse->certChainLen = *((UINT32*) &buffer[44]); /* CertChainLength */
|
|
/* CertChainDataPtr (4 bytes) */
|
|
CopyMemory(&packetQuarEncResponse->nonce, &buffer[52], 16); /* Nonce */
|
|
offset = 68;
|
|
|
|
if (packetQuarEncResponse->certChainLen > 0)
|
|
{
|
|
Pointer = *((UINT32*) &buffer[offset]); /* Ptr (4 bytes): 0x0002000C */
|
|
offset += 4;
|
|
|
|
offset += 4; /* MaxCount (4 bytes) */
|
|
offset += 4; /* Offset (4 bytes) */
|
|
count = *((UINT32*) &buffer[offset]); /* ActualCount (4 bytes) */
|
|
offset += 4;
|
|
|
|
/*
|
|
* CertChainData is a wide character string, and the count is
|
|
* given in characters excluding the null terminator, therefore:
|
|
* size = ((count + 1) * 2)
|
|
*/
|
|
offset += ((count + 1) * 2); /* CertChainData */
|
|
}
|
|
else
|
|
{
|
|
Pointer = *((UINT32*) &buffer[offset]); /* Ptr (4 bytes): 0x00020008 */
|
|
offset += 4;
|
|
}
|
|
|
|
versionCaps = (PTSG_PACKET_VERSIONCAPS) malloc(sizeof(TSG_PACKET_VERSIONCAPS));
|
|
ZeroMemory(versionCaps, sizeof(TSG_PACKET_VERSIONCAPS));
|
|
packetQuarEncResponse->versionCaps = versionCaps;
|
|
|
|
versionCaps->tsgHeader.ComponentId = *((UINT16*) &buffer[offset]); /* ComponentId */
|
|
versionCaps->tsgHeader.PacketId = *((UINT16*) &buffer[offset + 2]); /* PacketId */
|
|
offset += 4;
|
|
|
|
if (versionCaps->tsgHeader.ComponentId != TS_GATEWAY_TRANSPORT)
|
|
{
|
|
printf("Unexpected ComponentId: 0x%04X, Expected TS_GATEWAY_TRANSPORT\n",
|
|
versionCaps->tsgHeader.ComponentId);
|
|
return FALSE;
|
|
}
|
|
|
|
Pointer = *((UINT32*) &buffer[offset]); /* TsgCapsPtr */
|
|
versionCaps->numCapabilities = *((UINT32*) &buffer[offset + 4]); /* NumCapabilities */
|
|
versionCaps->majorVersion = *((UINT16*) &buffer[offset + 8]); /* MajorVersion */
|
|
versionCaps->majorVersion = *((UINT16*) &buffer[offset + 10]); /* MinorVersion */
|
|
versionCaps->quarantineCapabilities = *((UINT16*) &buffer[offset + 12]); /* QuarantineCapabilities */
|
|
offset += 14;
|
|
|
|
/* 4-byte alignment */
|
|
rpc_offset_align(&offset, 4);
|
|
|
|
/* Not sure exactly what this is */
|
|
offset += 4; /* 0x00000001 (4 bytes) */
|
|
offset += 4; /* 0x00000001 (4 bytes) */
|
|
offset += 4; /* 0x00000001 (4 bytes) */
|
|
offset += 4; /* 0x00000002 (4 bytes) */
|
|
|
|
/* TunnelContext (20 bytes) */
|
|
CopyMemory(&tsg->TunnelContext.ContextType, &buffer[offset], 4); /* ContextType */
|
|
CopyMemory(tsg->TunnelContext.ContextUuid, &buffer[offset + 4], 16); /* ContextUuid */
|
|
offset += 20;
|
|
|
|
/* TODO: trailing bytes */
|
|
|
|
#ifdef WITH_DEBUG_TSG
|
|
printf("TSG TunnelContext:\n");
|
|
freerdp_hexdump((void*) &tsg->TunnelContext, 20);
|
|
printf("\n");
|
|
#endif
|
|
|
|
free(versionCaps);
|
|
free(packetQuarEncResponse);
|
|
}
|
|
else
|
|
{
|
|
printf("Unexpected PacketId: 0x%08X, Expected TSG_PACKET_TYPE_CAPS_RESPONSE "
|
|
"or TSG_PACKET_TYPE_QUARENC_RESPONSE\n", packet->packetId);
|
|
return FALSE;
|
|
}
|
|
|
|
free(packet);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyCreateTunnel(rdpTsg* tsg, PTSG_PACKET tsgPacket, PTSG_PACKET* tsgPacketResponse,
|
|
PTUNNEL_CONTEXT_HANDLE_SERIALIZE* tunnelContext, UINT32* tunnelId)
|
|
{
|
|
/**
|
|
* OpNum = 1
|
|
*
|
|
* HRESULT TsProxyCreateTunnel(
|
|
* [in, ref] PTSG_PACKET tsgPacket,
|
|
* [out, ref] PTSG_PACKET* tsgPacketResponse,
|
|
* [out] PTUNNEL_CONTEXT_HANDLE_SERIALIZE* tunnelContext,
|
|
* [out] unsigned long* tunnelId
|
|
* );
|
|
*/
|
|
|
|
DEBUG_TSG("TsProxyCreateTunnel");
|
|
|
|
if (!TsProxyCreateTunnelWriteRequest(tsg))
|
|
{
|
|
printf("TsProxyCreateTunnel: error writing request\n");
|
|
return FALSE;
|
|
}
|
|
|
|
if (!TsProxyCreateTunnelReadResponse(tsg))
|
|
{
|
|
printf("TsProxyCreateTunnel: error reading response\n");
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg)
|
|
{
|
|
UINT32 pad;
|
|
int status;
|
|
BYTE* buffer;
|
|
UINT32 count;
|
|
UINT32 length;
|
|
UINT32 offset;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
|
|
count = _wcslen(tsg->MachineName) + 1;
|
|
|
|
offset = 64 + (count * 2);
|
|
rpc_offset_align(&offset, 4);
|
|
offset += 4;
|
|
|
|
length = offset;
|
|
buffer = (BYTE*) malloc(length);
|
|
|
|
/* TunnelContext */
|
|
CopyMemory(&buffer[0], &tsg->TunnelContext.ContextType, 4); /* ContextType */
|
|
CopyMemory(&buffer[4], tsg->TunnelContext.ContextUuid, 16); /* ContextUuid */
|
|
|
|
/* 4-byte alignment */
|
|
|
|
*((UINT32*) &buffer[20]) = TSG_PACKET_TYPE_QUARREQUEST; /* PacketId */
|
|
*((UINT32*) &buffer[24]) = TSG_PACKET_TYPE_QUARREQUEST; /* SwitchValue */
|
|
|
|
*((UINT32*) &buffer[28]) = 0x00020000; /* PacketQuarRequestPtr */
|
|
|
|
*((UINT32*) &buffer[32]) = 0x00000000; /* Flags */
|
|
|
|
*((UINT32*) &buffer[36]) = 0x00020004; /* MachineNamePtr */
|
|
|
|
*((UINT32*) &buffer[40]) = count; /* NameLength */
|
|
|
|
*((UINT32*) &buffer[44]) = 0x00020008; /* DataPtr */
|
|
*((UINT32*) &buffer[48]) = 0; /* DataLength */
|
|
|
|
/* MachineName */
|
|
*((UINT32*) &buffer[52]) = count; /* MaxCount */
|
|
*((UINT32*) &buffer[56]) = 0; /* Offset */
|
|
*((UINT32*) &buffer[60]) = count; /* ActualCount */
|
|
CopyMemory(&buffer[64], tsg->MachineName, count * 2); /* Array */
|
|
offset = 64 + (count * 2);
|
|
|
|
/* 4-byte alignment */
|
|
pad = rpc_offset_align(&offset, 4);
|
|
ZeroMemory(&buffer[offset - pad], pad);
|
|
|
|
*((UINT32*) &buffer[offset]) = 0x00000000; /* MaxCount */
|
|
offset += 4;
|
|
|
|
status = rpc_tsg_write(rpc, buffer, length, TsProxyAuthorizeTunnelOpnum);
|
|
|
|
if (status <= 0)
|
|
return FALSE;
|
|
|
|
free(buffer);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg)
|
|
{
|
|
int status;
|
|
BYTE* buffer;
|
|
UINT32 length;
|
|
UINT32 offset;
|
|
UINT32 Pointer;
|
|
UINT32 SizeValue;
|
|
UINT32 SwitchValue;
|
|
PTSG_PACKET packet;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
PTSG_PACKET_RESPONSE packetResponse;
|
|
|
|
status = rpc_recv_pdu(rpc);
|
|
|
|
if (status <= 0)
|
|
return FALSE;
|
|
|
|
length = status;
|
|
buffer = rpc->buffer;
|
|
|
|
packet = (PTSG_PACKET) malloc(sizeof(TSG_PACKET));
|
|
ZeroMemory(packet, sizeof(TSG_PACKET));
|
|
|
|
packet->packetId = *((UINT32*) &buffer[28]); /* PacketId */
|
|
SwitchValue = *((UINT32*) &buffer[32]); /* SwitchValue */
|
|
|
|
if ((packet->packetId != TSG_PACKET_TYPE_RESPONSE) ||
|
|
(SwitchValue != TSG_PACKET_TYPE_RESPONSE))
|
|
{
|
|
printf("Unexpected PacketId: 0x%08X, Expected TSG_PACKET_TYPE_RESPONSE\n", packet->packetId);
|
|
return FALSE;
|
|
}
|
|
|
|
packetResponse = (PTSG_PACKET_RESPONSE) malloc(sizeof(TSG_PACKET_RESPONSE));
|
|
ZeroMemory(packetResponse, sizeof(TSG_PACKET_RESPONSE));
|
|
packet->tsgPacket.packetResponse = packetResponse;
|
|
|
|
Pointer = *((UINT32*) &buffer[36]); /* PacketResponsePtr */
|
|
packetResponse->flags = *((UINT32*) &buffer[40]); /* Flags */
|
|
|
|
if (packetResponse->flags != TSG_PACKET_TYPE_QUARREQUEST)
|
|
{
|
|
printf("Unexpected Packet Response Flags: 0x%08X, Expected TSG_PACKET_TYPE_QUARREQUEST\n",
|
|
packetResponse->flags);
|
|
return FALSE;
|
|
}
|
|
|
|
/* Reserved (4 bytes) */
|
|
Pointer = *((UINT32*) &buffer[48]); /* ResponseDataPtr */
|
|
packetResponse->responseDataLen = *((UINT32*) &buffer[52]); /* ResponseDataLength */
|
|
|
|
packetResponse->redirectionFlags.enableAllRedirections = *((UINT32*) &buffer[56]); /* EnableAllRedirections */
|
|
packetResponse->redirectionFlags.disableAllRedirections = *((UINT32*) &buffer[60]); /* DisableAllRedirections */
|
|
packetResponse->redirectionFlags.driveRedirectionDisabled = *((UINT32*) &buffer[64]); /* DriveRedirectionDisabled */
|
|
packetResponse->redirectionFlags.printerRedirectionDisabled = *((UINT32*) &buffer[68]); /* PrinterRedirectionDisabled */
|
|
packetResponse->redirectionFlags.portRedirectionDisabled = *((UINT32*) &buffer[72]); /* PortRedirectionDisabled */
|
|
packetResponse->redirectionFlags.reserved = *((UINT32*) &buffer[76]); /* Reserved */
|
|
packetResponse->redirectionFlags.clipboardRedirectionDisabled = *((UINT32*) &buffer[80]); /* ClipboardRedirectionDisabled */
|
|
packetResponse->redirectionFlags.pnpRedirectionDisabled = *((UINT32*) &buffer[84]); /* PnpRedirectionDisabled */
|
|
offset = 88;
|
|
|
|
SizeValue = *((UINT32*) &buffer[offset]);
|
|
offset += 4;
|
|
|
|
if (SizeValue != packetResponse->responseDataLen)
|
|
{
|
|
printf("Unexpected size value: %d, expected: %d\n", SizeValue, packetResponse->responseDataLen);
|
|
return FALSE;
|
|
}
|
|
|
|
offset += SizeValue; /* ResponseData */
|
|
|
|
/* TODO: trailing bytes */
|
|
|
|
free(packetResponse);
|
|
free(packet);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyAuthorizeTunnel(rdpTsg* tsg, PTUNNEL_CONTEXT_HANDLE_NOSERIALIZE tunnelContext,
|
|
PTSG_PACKET tsgPacket, PTSG_PACKET* tsgPacketResponse)
|
|
{
|
|
/**
|
|
* OpNum = 2
|
|
*
|
|
* HRESULT TsProxyAuthorizeTunnel(
|
|
* [in] PTUNNEL_CONTEXT_HANDLE_NOSERIALIZE tunnelContext,
|
|
* [in, ref] PTSG_PACKET tsgPacket,
|
|
* [out, ref] PTSG_PACKET* tsgPacketResponse
|
|
* );
|
|
*
|
|
*/
|
|
|
|
DEBUG_TSG("TsProxyAuthorizeTunnel");
|
|
|
|
if (!TsProxyAuthorizeTunnelWriteRequest(tsg))
|
|
{
|
|
printf("TsProxyAuthorizeTunnel: error writing request\n");
|
|
return FALSE;
|
|
}
|
|
|
|
if (!TsProxyAuthorizeTunnelReadResponse(tsg))
|
|
{
|
|
printf("TsProxyAuthorizeTunnel: error reading response\n");
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyMakeTunnelCallWriteRequest(rdpTsg* tsg)
|
|
{
|
|
int status;
|
|
BYTE* buffer;
|
|
UINT32 length;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
|
|
length = 40;
|
|
buffer = (BYTE*) malloc(length);
|
|
|
|
/* TunnelContext */
|
|
CopyMemory(&buffer[0], &tsg->TunnelContext.ContextType, 4); /* ContextType */
|
|
CopyMemory(&buffer[4], tsg->TunnelContext.ContextUuid, 16); /* ContextUuid */
|
|
|
|
*((UINT32*) &buffer[20]) = TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST; /* ProcId */
|
|
|
|
/* 4-byte alignment */
|
|
|
|
*((UINT32*) &buffer[24]) = TSG_PACKET_TYPE_MSGREQUEST_PACKET; /* PacketId */
|
|
*((UINT32*) &buffer[28]) = TSG_PACKET_TYPE_MSGREQUEST_PACKET; /* SwitchValue */
|
|
|
|
*((UINT32*) &buffer[32]) = 0x00020000; /* PacketMsgRequestPtr */
|
|
|
|
*((UINT32*) &buffer[36]) = 0x00000001; /* MaxMessagesPerBatch */
|
|
|
|
status = rpc_tsg_write(rpc, buffer, length, TsProxyMakeTunnelCallOpnum);
|
|
|
|
if (status <= 0)
|
|
return FALSE;
|
|
|
|
free(buffer);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg)
|
|
{
|
|
/* ??? */
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyMakeTunnelCall(rdpTsg* tsg, PTUNNEL_CONTEXT_HANDLE_NOSERIALIZE tunnelContext,
|
|
UINT32 procId, PTSG_PACKET tsgPacket, PTSG_PACKET* tsgPacketResponse)
|
|
{
|
|
/**
|
|
* OpNum = 3
|
|
*
|
|
* HRESULT TsProxyMakeTunnelCall(
|
|
* [in] PTUNNEL_CONTEXT_HANDLE_NOSERIALIZE tunnelContext,
|
|
* [in] unsigned long procId,
|
|
* [in, ref] PTSG_PACKET tsgPacket,
|
|
* [out, ref] PTSG_PACKET* tsgPacketResponse
|
|
* );
|
|
*/
|
|
|
|
DEBUG_TSG("TsProxyMakeTunnelCall");
|
|
|
|
if (!TsProxyMakeTunnelCallWriteRequest(tsg))
|
|
{
|
|
printf("TsProxyMakeTunnelCall: error writing request\n");
|
|
return FALSE;
|
|
}
|
|
|
|
if (!TsProxyMakeTunnelCallReadResponse(tsg))
|
|
{
|
|
printf("TsProxyMakeTunnelCall: error reading response\n");
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg)
|
|
{
|
|
int status;
|
|
UINT32 count;
|
|
BYTE* buffer;
|
|
UINT32 length;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
|
|
count = _wcslen(tsg->Hostname) + 1;
|
|
|
|
#ifdef WITH_DEBUG_TSG
|
|
printf("ResourceName:\n");
|
|
freerdp_hexdump((BYTE*) tsg->Hostname, (count - 1) * 2);
|
|
printf("\n");
|
|
#endif
|
|
|
|
length = 60 + (count * 2);
|
|
|
|
buffer = (BYTE*) malloc(length);
|
|
|
|
/* TunnelContext */
|
|
CopyMemory(&buffer[0], &tsg->TunnelContext.ContextType, 4); /* ContextType */
|
|
CopyMemory(&buffer[4], tsg->TunnelContext.ContextUuid, 16); /* ContextUuid */
|
|
|
|
/* TSENDPOINTINFO */
|
|
|
|
*((UINT32*) &buffer[20]) = 0x00020000; /* ResourceNamePtr */
|
|
*((UINT32*) &buffer[24]) = 0x00000001; /* NumResourceNames */
|
|
*((UINT32*) &buffer[28]) = 0x00000000; /* AlternateResourceNamesPtr */
|
|
*((UINT32*) &buffer[32]) = 0x00000000; /* NumAlternateResourceNames */
|
|
|
|
*((UINT16*) &buffer[36]) = 0x0003; /* ??? */
|
|
|
|
*((UINT16*) &buffer[38]) = tsg->Port; /* Port */
|
|
|
|
*((UINT32*) &buffer[40]) = 0x00000001; /* ??? */
|
|
|
|
*((UINT32*) &buffer[44]) = 0x00020004; /* ResourceNamePtr */
|
|
*((UINT32*) &buffer[48]) = count; /* MaxCount */
|
|
*((UINT32*) &buffer[52]) = 0; /* Offset */
|
|
*((UINT32*) &buffer[56]) = count; /* ActualCount */
|
|
CopyMemory(&buffer[60], tsg->Hostname, count * 2); /* Array */
|
|
|
|
status = rpc_tsg_write(rpc, buffer, length, TsProxyCreateChannelOpnum);
|
|
|
|
if (status <= 0)
|
|
return FALSE;
|
|
|
|
free(buffer);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyCreateChannelReadResponse(rdpTsg* tsg)
|
|
{
|
|
int status;
|
|
BYTE* buffer;
|
|
UINT32 length;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
|
|
status = rpc_recv_pdu(rpc);
|
|
|
|
if (status < 0)
|
|
return FALSE;
|
|
|
|
length = status;
|
|
buffer = rpc->buffer;
|
|
|
|
/* ChannelContext (20 bytes) */
|
|
CopyMemory(&tsg->ChannelContext.ContextType, &rpc->buffer[24], 4); /* ContextType (4 bytes) */
|
|
CopyMemory(tsg->ChannelContext.ContextUuid, &rpc->buffer[28], 16); /* ContextUuid (16 bytes) */
|
|
|
|
/* TODO: trailing bytes */
|
|
|
|
#ifdef WITH_DEBUG_TSG
|
|
printf("ChannelContext:\n");
|
|
freerdp_hexdump((void*) &tsg->ChannelContext, 20);
|
|
printf("\n");
|
|
#endif
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxyCreateChannel(rdpTsg* tsg, PTUNNEL_CONTEXT_HANDLE_NOSERIALIZE tunnelContext, PTSENDPOINTINFO tsEndPointInfo,
|
|
PCHANNEL_CONTEXT_HANDLE_SERIALIZE* channelContext, UINT32* channelId)
|
|
{
|
|
/**
|
|
* OpNum = 4
|
|
*
|
|
* HRESULT TsProxyCreateChannel(
|
|
* [in] PTUNNEL_CONTEXT_HANDLE_NOSERIALIZE tunnelContext,
|
|
* [in, ref] PTSENDPOINTINFO tsEndPointInfo,
|
|
* [out] PCHANNEL_CONTEXT_HANDLE_SERIALIZE* channelContext,
|
|
* [out] unsigned long* channelId
|
|
* );
|
|
*/
|
|
|
|
DEBUG_TSG("TsProxyCreateChannel");
|
|
|
|
if (!TsProxyCreateChannelWriteRequest(tsg))
|
|
{
|
|
printf("TsProxyCreateChannel: error writing request\n");
|
|
return FALSE;
|
|
}
|
|
|
|
if (!TsProxyCreateChannelReadResponse(tsg))
|
|
{
|
|
printf("TsProxyCreateChannel: error reading response\n");
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
HRESULT TsProxyCloseChannel(PCHANNEL_CONTEXT_HANDLE_NOSERIALIZE* context)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
HRESULT TsProxyCloseTunnel(PTUNNEL_CONTEXT_HANDLE_SERIALIZE* context)
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
BOOL TsProxySetupReceivePipeWriteRequest(rdpTsg* tsg)
|
|
{
|
|
int status;
|
|
BYTE* buffer;
|
|
UINT32 length;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
|
|
length = 20;
|
|
|
|
buffer = (BYTE*) malloc(length);
|
|
|
|
/* ChannelContext */
|
|
CopyMemory(&buffer[0], &tsg->ChannelContext.ContextType, 4); /* ContextType */
|
|
CopyMemory(&buffer[4], tsg->ChannelContext.ContextUuid, 16); /* ContextUuid */
|
|
|
|
status = rpc_tsg_write(rpc, buffer, length, TsProxySetupReceivePipeOpnum);
|
|
|
|
if (status <= 0)
|
|
return FALSE;
|
|
|
|
free(buffer);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxySetupReceivePipeReadResponse(rdpTsg* tsg)
|
|
{
|
|
#if 0
|
|
int status;
|
|
BYTE* buffer;
|
|
UINT32 length;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
|
|
status = rpc_recv_pdu(rpc);
|
|
|
|
if (status < 0)
|
|
return FALSE;
|
|
|
|
length = status;
|
|
buffer = rpc->buffer;
|
|
#endif
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL TsProxySetupReceivePipe(handle_t IDL_handle, BYTE* pRpcMessage)
|
|
{
|
|
rdpTsg* tsg;
|
|
|
|
/**
|
|
* OpNum = 8
|
|
*
|
|
* DWORD TsProxySetupReceivePipe(
|
|
* [in, max_is(32767)] byte pRpcMessage[]
|
|
* );
|
|
*/
|
|
|
|
tsg = (rdpTsg*) IDL_handle;
|
|
|
|
DEBUG_TSG("TsProxySetupReceivePipe");
|
|
|
|
if (!TsProxySetupReceivePipeWriteRequest(tsg))
|
|
{
|
|
printf("TsProxySetupReceivePipe: error writing request\n");
|
|
return FALSE;
|
|
}
|
|
|
|
if (!TsProxySetupReceivePipeReadResponse(tsg))
|
|
{
|
|
printf("TsProxySetupReceivePipe: error reading response\n");
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL tsg_connect(rdpTsg* tsg, const char* hostname, UINT16 port)
|
|
{
|
|
rdpRpc* rpc = tsg->rpc;
|
|
rdpSettings* settings = rpc->settings;
|
|
|
|
tsg->Port = port;
|
|
freerdp_AsciiToUnicodeAlloc(hostname, &tsg->Hostname, 0);
|
|
freerdp_AsciiToUnicodeAlloc(settings->ComputerName, &tsg->MachineName, 0);
|
|
|
|
if (!rpc_connect(rpc))
|
|
{
|
|
printf("rpc_connect failed!\n");
|
|
return FALSE;
|
|
}
|
|
|
|
DEBUG_TSG("rpc_connect success");
|
|
|
|
/*
|
|
* Sequential processing rules for connection process:
|
|
*
|
|
* 1. The RDG client MUST call TsProxyCreateTunnel to create a tunnel to the gateway.
|
|
*
|
|
* 2. If the call fails, the RDG client MUST end the protocol and MUST NOT perform the following steps.
|
|
*
|
|
* 3. The RDG client MUST initialize the following ADM elements using TsProxyCreateTunnel out parameters:
|
|
*
|
|
* a. The RDG client MUST initialize the ADM element Tunnel id with the tunnelId out parameter.
|
|
*
|
|
* b. The RDG client MUST initialize the ADM element Tunnel Context Handle with the tunnelContext
|
|
* out parameter. This Tunnel Context Handle is used for subsequent tunnel-related calls.
|
|
*
|
|
* c. If TSGPacketResponse->packetId is TSG_PACKET_TYPE_CAPS_RESPONSE, where TSGPacketResponse is an out parameter,
|
|
*
|
|
* i. The RDG client MUST initialize the ADM element Nonce with TSGPacketResponse->
|
|
* TSGPacket.packetCapsResponse->pktQuarEncResponse.nonce.
|
|
*
|
|
* ii. The RDG client MUST initialize the ADM element Negotiated Capabilities with TSGPacketResponse->
|
|
* TSGPacket.packetCapsResponse->pktQuarEncResponse.versionCaps->TSGCaps[0].TSGPacket.TSGCapNap.capabilities.
|
|
*
|
|
* d. If TSGPacketResponse->packetId is TSG_PACKET_TYPE_QUARENC_RESPONSE, where TSGPacketResponse is an out parameter,
|
|
*
|
|
* i. The RDG client MUST initialize the ADM element Nonce with TSGPacketResponse->
|
|
* TSGPacket.packetQuarEncResponse->nonce.
|
|
*
|
|
* ii. The RDG client MUST initialize the ADM element Negotiated Capabilities with TSGPacketResponse->
|
|
* TSGPacket.packetQuarEncResponse->versionCaps->TSGCaps[0].TSGPacket.TSGCapNap.capabilities.
|
|
*
|
|
* 4. The RDG client MUST get its statement of health (SoH) by calling NAP EC API.<49> Details of the SoH format are
|
|
* specified in [TNC-IF-TNCCSPBSoH]. If the SoH is received successfully, then the RDG client MUST encrypt the SoH
|
|
* using the Triple Data Encryption Standard algorithm and encode it using one of PKCS #7 or X.509 encoding types,
|
|
* whichever is supported by the RDG server certificate context available in the ADM element CertChainData.
|
|
*
|
|
* 5. The RDG client MUST copy the ADM element Nonce to TSGPacket.packetQuarRequest->data and append the encrypted SoH
|
|
* message into TSGPacket.packetQuarRequest->data. The RDG client MUST set the TSGPacket.packetQuarRequest->dataLen
|
|
* to the sum of the number of bytes in the encrypted SoH message and number of bytes in the ADM element Nonce, where
|
|
* TSGpacket is an input parameter of TsProxyAuthorizeTunnel. The format of the packetQuarRequest field is specified
|
|
* in section 2.2.9.2.1.4.
|
|
*/
|
|
|
|
if (!TsProxyCreateTunnel(tsg, NULL, NULL, NULL, NULL))
|
|
return FALSE;
|
|
|
|
/**
|
|
* Sequential processing rules for connection process (continued):
|
|
*
|
|
* 6. The RDG client MUST call TsProxyAuthorizeTunnel to authorize the tunnel.
|
|
*
|
|
* 7. If the call succeeds or fails with error E_PROXY_QUARANTINE_ACCESSDENIED, follow the steps later in this section.
|
|
* Else, the RDG client MUST end the protocol and MUST NOT follow the steps later in this section.
|
|
*
|
|
* 8. If the ADM element Negotiated Capabilities contains TSG_NAP_CAPABILITY_IDLE_TIMEOUT, then the ADM element Idle
|
|
* Timeout Value SHOULD be initialized with first 4 bytes of TSGPacketResponse->TSGPacket.packetResponse->responseData
|
|
* and the Statement of health response variable should be initialized with the remaining bytes of responseData, where
|
|
* TSGPacketResponse is an out parameter of TsProxyAuthorizeTunnel. The format of the responseData member is specified
|
|
* in section 2.2.9.2.1.5.1.
|
|
*
|
|
* 9. If the ADM element Negotiated Capabilities doesn't contain TSG_NAP_CAPABILITY_IDLE_TIMEOUT, then the ADM element Idle
|
|
* Timeout Value SHOULD be initialized to zero and the Statement of health response variable should be initialized with all
|
|
* the bytes of TSGPacketResponse->TSGPacket.packetResponse->responseData.
|
|
*
|
|
* 10. Verify the signature of the Statement of health response variable using SHA-1 hash and decode it using the RDG server
|
|
* certificate context available in the ADM element CertChainData using one of PKCS #7 or X.509 encoding types, whichever
|
|
* is supported by the RDG Server certificate. The SoHR is processed by calling the NAP EC API
|
|
* INapEnforcementClientConnection::GetSoHResponse.
|
|
*
|
|
* 11. If the call TsProxyAuthorizeTunnel fails with error E_PROXY_QUARANTINE_ACCESSDENIED, the RDG client MUST end the protocol
|
|
* and MUST NOT follow the steps later in this section.
|
|
*
|
|
* 12. If the ADM element Idle Timeout Value is nonzero, the RDG client SHOULD start the idle time processing as specified in
|
|
* section 3.6.2.1.1 and SHOULD end the protocol when the connection has been idle for the specified Idle Timeout Value.
|
|
*/
|
|
|
|
if (!TsProxyAuthorizeTunnel(tsg, NULL, NULL, NULL))
|
|
return FALSE;
|
|
|
|
/**
|
|
* Sequential processing rules for connection process (continued):
|
|
*
|
|
* 13. If the ADM element Negotiated Capabilities contains TSG_MESSAGING_CAP_SERVICE_MSG, a TsProxyMakeTunnelCall call MAY be
|
|
* made by the client, with TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST as the parameter, to receive messages from the RDG server.
|
|
*
|
|
*/
|
|
|
|
if (!TsProxyMakeTunnelCall(tsg, NULL, 0, NULL, NULL))
|
|
return FALSE;
|
|
|
|
/**
|
|
* Sequential processing rules for connection process (continued):
|
|
*
|
|
* 14. The RDG client MUST call TsProxyCreateChannel to create a channel to the target server name as specified by the ADM
|
|
* element Target Server Name (section 3.5.1).
|
|
*
|
|
* 15. If the call fails, the RDG client MUST end the protocol and MUST not follow the below steps.
|
|
*
|
|
* 16. The RDG client MUST initialize the following ADM elements using TsProxyCreateChannel out parameters.
|
|
*
|
|
* a. The RDG client MUST initialize the ADM element Channel id with the channelId out parameter.
|
|
*
|
|
* b. The RDG client MUST initialize the ADM element Channel Context Handle with the channelContext
|
|
* out parameter. This Channel Context Handle is used for subsequent channel-related calls.
|
|
*/
|
|
|
|
if (!TsProxyCreateChannel(tsg, NULL, NULL, NULL, NULL))
|
|
return FALSE;
|
|
|
|
/**
|
|
* Sequential processing rules for data transfer:
|
|
*
|
|
* 1. The RDG client MUST call TsProxySetupReceivePipe to receive data from the target server, via the RDG server.
|
|
*
|
|
* 2. The RDG client MUST call TsProxySendToServer to send data to the target server via the RDG server, and if
|
|
* the Idle Timeout Timer is started, the RDG client SHOULD reset the Idle Timeout Timer.
|
|
*
|
|
* 3. If TsProxyMakeTunnelCall is returned, the RDG client MUST process the message and MAY call TsProxyMakeTunnelCall
|
|
* again with TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST as the parameter.
|
|
*
|
|
* 4. The RDG client MUST end the protocol after it receives the final response to TsProxySetupReceivePipe.
|
|
* The final response format is specified in section 2.2.9.4.3.
|
|
*/
|
|
|
|
if (!TsProxySetupReceivePipe((handle_t) tsg, NULL))
|
|
return FALSE;
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
int tsg_read(rdpTsg* tsg, BYTE* data, UINT32 length)
|
|
{
|
|
int status;
|
|
int CopyLength;
|
|
RPC_PDU_HEADER* header;
|
|
rdpRpc* rpc = tsg->rpc;
|
|
|
|
printf("tsg_read: %d, pending: %d\n", length, tsg->PendingPdu);
|
|
|
|
if (tsg->PendingPdu)
|
|
{
|
|
header = (RPC_PDU_HEADER*) rpc->buffer;
|
|
|
|
CopyLength = (tsg->BytesAvailable > length) ? length : tsg->BytesAvailable;
|
|
|
|
CopyMemory(data, &rpc->buffer[tsg->StubOffset + tsg->BytesRead], CopyLength);
|
|
tsg->BytesAvailable -= CopyLength;
|
|
tsg->BytesRead += CopyLength;
|
|
|
|
if (tsg->BytesAvailable < 1)
|
|
tsg->PendingPdu = FALSE;
|
|
|
|
return CopyLength;
|
|
}
|
|
else
|
|
{
|
|
status = rpc_recv_pdu(rpc);
|
|
header = (RPC_PDU_HEADER*) rpc->buffer;
|
|
|
|
if (header->frag_length == 64)
|
|
{
|
|
printf("Ignoring 64-byte length PDU (probably TsProxySetupReceivePipe return code)\n");
|
|
return tsg_read(tsg, data, length);
|
|
}
|
|
|
|
if (!rpc_get_stub_data_info(rpc, rpc->buffer, &tsg->StubOffset, &tsg->StubLength))
|
|
{
|
|
printf("tsg_read error: expected stub\n");
|
|
return -1;
|
|
}
|
|
|
|
tsg->PendingPdu = TRUE;
|
|
tsg->BytesAvailable = tsg->StubLength;
|
|
tsg->BytesRead = 0;
|
|
|
|
printf("RPC Stub (offset: %d length: %d):\n", tsg->StubOffset, tsg->StubLength);
|
|
freerdp_hexdump(&rpc->buffer[tsg->StubOffset], tsg->StubLength);
|
|
|
|
CopyLength = (tsg->BytesAvailable > length) ? length : tsg->BytesAvailable;
|
|
|
|
CopyMemory(data, &rpc->buffer[tsg->StubOffset + tsg->BytesRead], CopyLength);
|
|
tsg->BytesAvailable -= CopyLength;
|
|
tsg->BytesRead += CopyLength;
|
|
|
|
return CopyLength;
|
|
}
|
|
}
|
|
|
|
int tsg_write(rdpTsg* tsg, BYTE* data, UINT32 length)
|
|
{
|
|
return TsProxySendToServer((handle_t) tsg, data, 1, &length);
|
|
}
|
|
|
|
rdpTsg* tsg_new(rdpTransport* transport)
|
|
{
|
|
rdpTsg* tsg;
|
|
|
|
tsg = xnew(rdpTsg);
|
|
|
|
if (tsg != NULL)
|
|
{
|
|
tsg->transport = transport;
|
|
tsg->settings = transport->settings;
|
|
tsg->rpc = rpc_new(tsg->transport);
|
|
tsg->PendingPdu = FALSE;
|
|
}
|
|
|
|
return tsg;
|
|
}
|
|
|
|
void tsg_free(rdpTsg* tsg)
|
|
{
|
|
if (tsg != NULL)
|
|
{
|
|
rpc_free(tsg->rpc);
|
|
free(tsg);
|
|
}
|
|
}
|