FreeRDP
Loading...
Searching...
No Matches
arm.c
1
21#include <freerdp/config.h>
22#include <freerdp/version.h>
23
24#include "../settings.h"
25
26#include <winpr/assert.h>
27
28#include <winpr/crt.h>
29#include <winpr/synch.h>
30#include <winpr/print.h>
31#include <winpr/stream.h>
32#include <winpr/winsock.h>
33#include <winpr/cred.h>
34#include <winpr/bcrypt.h>
35
36#include <freerdp/log.h>
37#include <freerdp/error.h>
38#include <freerdp/crypto/certificate.h>
39#include <freerdp/utils/ringbuffer.h>
40#include <freerdp/utils/smartcardlogon.h>
41#include <freerdp/utils/aad.h>
42
43#include "arm.h"
44#include "wst.h"
45#include "websocket.h"
46#include "http.h"
47#include "../credssp_auth.h"
48#include "../proxy.h"
49#include "../rdp.h"
50#include "../../crypto/crypto.h"
51#include "../../crypto/certificate.h"
52#include "../../crypto/opensslcompat.h"
53#include "rpc_fault.h"
54#include "../utils.h"
55#include "../redirection.h"
56
57#include <winpr/json.h>
58
59#include <string.h>
60
61struct rdp_arm
62{
63 rdpContext* context;
64 rdpTls* tls;
65 HttpContext* http;
66
67 UINT32 gateway_retry;
68 wLog* log;
69};
70
71typedef struct rdp_arm rdpArm;
72
73#define TAG FREERDP_TAG("core.gateway.arm")
74
75#ifdef WITH_AAD
76static BOOL arm_tls_connect(rdpArm* arm, rdpTls* tls, UINT32 timeout)
77{
78 WINPR_ASSERT(arm);
79 WINPR_ASSERT(tls);
80 int sockfd = 0;
81 long status = 0;
82 BIO* socketBio = nullptr;
83 BIO* bufferedBio = nullptr;
84 rdpSettings* settings = arm->context->settings;
85 if (!settings)
86 return FALSE;
87
88 const char* peerHostname = freerdp_settings_get_string(settings, FreeRDP_GatewayHostname);
89 if (!peerHostname)
90 return FALSE;
91
92 UINT16 peerPort = (UINT16)freerdp_settings_get_uint32(settings, FreeRDP_GatewayPort);
93 const char* proxyUsername = nullptr;
94 const char* proxyPassword = nullptr;
95 BOOL isProxyConnection =
96 proxy_prepare(settings, &peerHostname, &peerPort, &proxyUsername, &proxyPassword);
97
98 sockfd = freerdp_tcp_connect(arm->context, peerHostname, peerPort, timeout);
99
100 WLog_Print(arm->log, WLOG_DEBUG, "connecting to %s %d", peerHostname, peerPort);
101 if (sockfd < 0)
102 return FALSE;
103
104 socketBio = BIO_new(BIO_s_simple_socket());
105
106 if (!socketBio)
107 {
108 closesocket((SOCKET)sockfd);
109 return FALSE;
110 }
111
112 BIO_set_fd(socketBio, sockfd, BIO_CLOSE);
113 bufferedBio = BIO_new(BIO_s_buffered_socket());
114
115 if (!bufferedBio)
116 {
117 BIO_free_all(socketBio);
118 return FALSE;
119 }
120
121 bufferedBio = BIO_push(bufferedBio, socketBio);
122 if (!bufferedBio)
123 return FALSE;
124
125 status = BIO_set_nonblock(bufferedBio, TRUE);
126
127 if (isProxyConnection)
128 {
129 if (!proxy_connect(arm->context, bufferedBio, proxyUsername, proxyPassword,
130 freerdp_settings_get_string(settings, FreeRDP_GatewayHostname),
131 (UINT16)freerdp_settings_get_uint32(settings, FreeRDP_GatewayPort)))
132 {
133 BIO_free_all(bufferedBio);
134 return FALSE;
135 }
136 }
137
138 if (!status)
139 {
140 BIO_free_all(bufferedBio);
141 return FALSE;
142 }
143
144 tls->hostname = freerdp_settings_get_string(settings, FreeRDP_GatewayHostname);
145 tls->port = MIN(UINT16_MAX, WINPR_ASSERTING_INT_CAST(int32_t, settings->GatewayPort));
146 tls->isGatewayTransport = TRUE;
147 status = freerdp_tls_connect(tls, bufferedBio);
148 if (status < 1)
149 {
150 rdpContext* context = arm->context;
151 if (status < 0)
152 freerdp_set_last_error_if_not(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
153 else
154 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
155
156 return FALSE;
157 }
158 return (status >= 1);
159}
160
161static BOOL arm_fetch_wellknown(rdpArm* arm)
162{
163 WINPR_ASSERT(arm);
164 WINPR_ASSERT(arm->context);
165 WINPR_ASSERT(arm->context->rdp);
166
167 rdpRdp* rdp = arm->context->rdp;
168 if (rdp->wellknown)
169 return TRUE;
170
171 const char* base =
172 freerdp_settings_get_string(arm->context->settings, FreeRDP_GatewayAzureActiveDirectory);
173 const BOOL useTenant =
174 freerdp_settings_get_bool(arm->context->settings, FreeRDP_GatewayAvdUseTenantid);
175 const char* tenantid = "common";
176 if (useTenant)
177 tenantid =
178 freerdp_settings_get_string(arm->context->settings, FreeRDP_GatewayAvdAadtenantid);
179
180 rdp->wellknown = freerdp_utils_aad_get_wellknown(arm->log, base, tenantid);
181 return (rdp->wellknown != nullptr);
182}
183
184static wStream* arm_build_http_request(rdpArm* arm, const char* method,
185 TRANSFER_ENCODING transferEncoding, const char* content_type,
186 size_t content_length)
187{
188 wStream* s = nullptr;
189
190 WINPR_ASSERT(arm);
191 WINPR_ASSERT(method);
192 WINPR_ASSERT(content_type);
193
194 WINPR_ASSERT(arm->context);
195 WINPR_ASSERT(arm->context->rdp);
196
197 const char* uri = http_context_get_uri(arm->http);
198 HttpRequest* request = http_request_new();
199
200 if (!request)
201 return nullptr;
202
203 rdpSettings* settings = arm->context->settings;
204
205 if (!http_request_set_method(request, method) || !http_request_set_uri(request, uri))
206 goto out;
207
208 if (!freerdp_settings_get_string(settings, FreeRDP_GatewayHttpExtAuthBearer))
209 {
210 char* token = nullptr;
211
212 pGetCommonAccessToken GetCommonAccessToken = freerdp_get_common_access_token(arm->context);
213 if (!GetCommonAccessToken)
214 {
215 WLog_Print(arm->log, WLOG_ERROR, "No authorization token provided");
216 goto out;
217 }
218
219 if (!arm_fetch_wellknown(arm))
220 goto out;
221
222 if (!GetCommonAccessToken(arm->context, ACCESS_TOKEN_TYPE_AVD, &token, 0))
223 {
224 WLog_Print(arm->log, WLOG_ERROR, "Unable to obtain access token");
225 goto out;
226 }
227
228 if (!freerdp_settings_set_string(settings, FreeRDP_GatewayHttpExtAuthBearer, token))
229 {
230 free(token);
231 goto out;
232 }
233 free(token);
234 }
235
236 if (!http_request_set_auth_scheme(request, "Bearer") ||
237 !http_request_set_auth_param(
238 request, freerdp_settings_get_string(settings, FreeRDP_GatewayHttpExtAuthBearer)))
239 goto out;
240
241 if (!http_request_set_transfer_encoding(request, transferEncoding) ||
242 !http_request_set_content_length(request, content_length) ||
243 !http_request_set_content_type(request, content_type))
244 goto out;
245
246 s = http_request_write(arm->http, request);
247out:
248 http_request_free(request);
249
250 if (s)
251 Stream_SealLength(s);
252
253 return s;
254}
255
256static BOOL arm_send_http_request(rdpArm* arm, rdpTls* tls, const char* method,
257 const char* content_type, const char* data, size_t content_length)
258{
259 int status = -1;
260 wStream* s =
261 arm_build_http_request(arm, method, TransferEncodingIdentity, content_type, content_length);
262
263 if (!s)
264 return FALSE;
265
266 const size_t sz = Stream_Length(s);
267 WLog_Print(arm->log, WLOG_TRACE, "header [%" PRIuz "]: %s", sz, Stream_Buffer(s));
268 WLog_Print(arm->log, WLOG_TRACE, "body [%" PRIuz "]: %s", content_length, data);
269 status = freerdp_tls_write_all(tls, Stream_Buffer(s), sz);
270
271 Stream_Free(s, TRUE);
272 if (status >= 0 && content_length > 0 && data)
273 status = freerdp_tls_write_all(tls, (const BYTE*)data, content_length);
274
275 return (status >= 0);
276}
277
278static void arm_free(rdpArm* arm)
279{
280 if (!arm)
281 return;
282
283 freerdp_tls_free(arm->tls);
284 http_context_free(arm->http);
285
286 free(arm);
287}
288
289static rdpArm* arm_new(rdpContext* context)
290{
291 WINPR_ASSERT(context);
292
293 rdpArm* arm = (rdpArm*)calloc(1, sizeof(rdpArm));
294 if (!arm)
295 goto fail;
296
297 arm->log = WLog_Get(TAG);
298 arm->context = context;
299 arm->tls = freerdp_tls_new(context);
300 if (!arm->tls)
301 goto fail;
302
303 arm->http = http_context_new();
304
305 if (!arm->http)
306 goto fail;
307
308 return arm;
309
310fail:
311 arm_free(arm);
312 return nullptr;
313}
314
315static char* arm_create_request_json(rdpArm* arm)
316{
317 char* lbi = nullptr;
318 char* message = nullptr;
319
320 WINPR_ASSERT(arm);
321
322 WINPR_JSON* json = WINPR_JSON_CreateObject();
323 if (!json)
324 goto arm_create_cleanup;
326 json, "application",
327 freerdp_settings_get_string(arm->context->settings, FreeRDP_RemoteApplicationProgram)))
328 goto arm_create_cleanup;
329
330 lbi = calloc(
331 freerdp_settings_get_uint32(arm->context->settings, FreeRDP_LoadBalanceInfoLength) + 1,
332 sizeof(char));
333 if (!lbi)
334 goto arm_create_cleanup;
335
336 {
337 const size_t len =
338 freerdp_settings_get_uint32(arm->context->settings, FreeRDP_LoadBalanceInfoLength);
339 memcpy(lbi, freerdp_settings_get_pointer(arm->context->settings, FreeRDP_LoadBalanceInfo),
340 len);
341 }
342
343 if (!WINPR_JSON_AddStringToObject(json, "loadBalanceInfo", lbi))
344 goto arm_create_cleanup;
345 if (!WINPR_JSON_AddNullToObject(json, "LogonToken"))
346 goto arm_create_cleanup;
347 if (!WINPR_JSON_AddNullToObject(json, "gatewayLoadBalancerToken"))
348 goto arm_create_cleanup;
349
350 message = WINPR_JSON_PrintUnformatted(json);
351arm_create_cleanup:
352 if (json)
353 WINPR_JSON_Delete(json);
354 free(lbi);
355 return message;
356}
357
372static WINPR_CIPHER_CTX* treatAuthBlob(wLog* log, const BYTE* pbInput, size_t cbInput,
373 size_t* pBlockSize)
374{
375 WINPR_CIPHER_CTX* ret = nullptr;
376 char algoName[100] = WINPR_C_ARRAY_INIT;
377
378 WINPR_ASSERT(pBlockSize);
379 SSIZE_T algoSz = ConvertWCharNToUtf8((const WCHAR*)pbInput, cbInput / sizeof(WCHAR), algoName,
380 sizeof(algoName) - 1);
381 if (algoSz <= 0)
382 {
383 WLog_Print(log, WLOG_ERROR, "invalid algoName");
384 return nullptr;
385 }
386
387 if (strcmp(algoName, "AES") != 0)
388 {
389 WLog_Print(log, WLOG_ERROR, "only AES is supported for now");
390 return nullptr;
391 }
392
393 *pBlockSize = WINPR_AES_BLOCK_SIZE;
394 const size_t algoLen = WINPR_ASSERTING_INT_CAST(size_t, (algoSz + 1)) * sizeof(WCHAR);
395 if (cbInput < algoLen)
396 {
397 WLog_Print(log, WLOG_ERROR, "invalid AuthBlob size");
398 return nullptr;
399 }
400
401 cbInput -= algoLen;
402
403 /* BCRYPT_KEY_DATA_BLOB_HEADER */
404 wStream staticStream = WINPR_C_ARRAY_INIT;
405 wStream* s = Stream_StaticConstInit(&staticStream, &pbInput[algoLen], cbInput);
406
407 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
408 return nullptr;
409
410 const UINT32 dwMagic = Stream_Get_UINT32(s);
411 if (dwMagic != BCRYPT_KEY_DATA_BLOB_MAGIC)
412 {
413 WLog_Print(log, WLOG_ERROR, "unsupported authBlob type");
414 return nullptr;
415 }
416
417 const UINT32 dwVersion = Stream_Get_UINT32(s);
418 if (dwVersion != BCRYPT_KEY_DATA_BLOB_VERSION1)
419 {
420 WLog_Print(log, WLOG_ERROR, "unsupported authBlob version %" PRIu32 ", expecting %d",
421 dwVersion, BCRYPT_KEY_DATA_BLOB_VERSION1);
422 return nullptr;
423 }
424
425 const UINT32 cbKeyData = Stream_Get_UINT32(s);
426 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, cbKeyData))
427 {
428 WLog_Print(log, WLOG_ERROR, "invalid authBlob size");
429 return nullptr;
430 }
431
432 WINPR_CIPHER_TYPE cipherType = WINPR_CIPHER_NONE;
433 switch (cbKeyData)
434 {
435 case 16:
436 cipherType = WINPR_CIPHER_AES_128_CBC;
437 break;
438 case 24:
439 cipherType = WINPR_CIPHER_AES_192_CBC;
440 break;
441 case 32:
442 cipherType = WINPR_CIPHER_AES_256_CBC;
443 break;
444 default:
445 WLog_Print(log, WLOG_ERROR, "invalid authBlob cipher size");
446 return nullptr;
447 }
448
449 ret = winpr_Cipher_NewEx(cipherType, WINPR_ENCRYPT, Stream_Pointer(s), cbKeyData, nullptr, 0);
450 if (!ret)
451 {
452 WLog_Print(log, WLOG_ERROR, "error creating cipher");
453 return nullptr;
454 }
455
456 if (!winpr_Cipher_SetPadding(ret, TRUE))
457 {
458 WLog_Print(log, WLOG_ERROR, "unable to enable padding on cipher");
459 winpr_Cipher_Free(ret);
460 return nullptr;
461 }
462
463 return ret;
464}
465
466static BOOL arm_stringEncodeW(const BYTE* pin, size_t cbIn, BYTE** ppOut, size_t* pcbOut)
467{
468 *ppOut = nullptr;
469 *pcbOut = 0;
470
471 /* encode to base64 with crlf */
472 char* b64encoded = crypto_base64_encode_ex(pin, cbIn, TRUE);
473 if (!b64encoded)
474 return FALSE;
475
476 /* and then convert to Unicode */
477 size_t outSz = 0;
478 *ppOut = (BYTE*)ConvertUtf8NToWCharAlloc(b64encoded, strlen(b64encoded), &outSz);
479 free(b64encoded);
480
481 if (!*ppOut)
482 return FALSE;
483
484 *pcbOut = (outSz + 1) * sizeof(WCHAR);
485 return TRUE;
486}
487
488static BOOL arm_encodeRedirectPasswd(wLog* log, rdpSettings* settings, const rdpCertificate* cert,
489 WINPR_CIPHER_CTX* cipher, size_t blockSize)
490{
491 BOOL ret = FALSE;
492 BYTE* output = nullptr;
493 BYTE* finalOutput = nullptr;
494
495 /* let's prepare the encrypted password, first we do a
496 * cipheredPass = AES(redirectedAuthBlob, toUtf16(passwd))
497 */
498
499 size_t wpasswdLen = 0;
500 WCHAR* wpasswd = freerdp_settings_get_string_as_utf16(settings, FreeRDP_Password, &wpasswdLen);
501 if (!wpasswd)
502 {
503 WLog_Print(log, WLOG_ERROR, "error when converting password to UTF16");
504 return FALSE;
505 }
506
507 const size_t wpasswdBytes = (wpasswdLen + 1) * sizeof(WCHAR);
508 BYTE* encryptedPass = calloc(1, wpasswdBytes + blockSize); /* 16: block size of AES (padding) */
509
510 if (!encryptedPass)
511 goto out;
512
513 {
514 size_t encryptedPassLen = 0;
515 if (!winpr_Cipher_Update(cipher, wpasswd, wpasswdBytes, encryptedPass, &encryptedPassLen))
516 goto out;
517
518 if (encryptedPassLen > wpasswdBytes)
519 goto out;
520
521 {
522 size_t finalLen = 0;
523 if (!winpr_Cipher_Final(cipher, &encryptedPass[encryptedPassLen], &finalLen))
524 {
525 WLog_Print(log, WLOG_ERROR, "error when ciphering password");
526 goto out;
527 }
528 encryptedPassLen += finalLen;
529 }
530
531 /* then encrypt(cipheredPass, publicKey(redirectedServerCert) */
532 {
533 size_t output_length = 0;
534 if (!freerdp_certificate_publickey_encrypt(cert, encryptedPass, encryptedPassLen,
535 &output, &output_length))
536 {
537 WLog_Print(log, WLOG_ERROR, "unable to encrypt with the server's public key");
538 goto out;
539 }
540
541 {
542 size_t finalOutputLen = 0;
543 if (!arm_stringEncodeW(output, output_length, &finalOutput, &finalOutputLen))
544 {
545 WLog_Print(log, WLOG_ERROR, "unable to base64+utf16 final blob");
546 goto out;
547 }
548
549 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_RedirectionPassword,
550 finalOutput, finalOutputLen))
551 {
552 WLog_Print(log, WLOG_ERROR,
553 "unable to set the redirection password in settings");
554 goto out;
555 }
556 }
557 }
558 }
559
560 settings->RdstlsSecurity = TRUE;
561 settings->AadSecurity = FALSE;
562 settings->NlaSecurity = FALSE;
563 settings->RdpSecurity = FALSE;
564 settings->TlsSecurity = FALSE;
565 settings->RedirectionFlags = LB_PASSWORD_IS_PK_ENCRYPTED;
566 ret = TRUE;
567out:
568 free(finalOutput);
569 free(output);
570 free(encryptedPass);
571 free(wpasswd);
572 return ret;
573}
574
579static BOOL arm_pick_base64Utf16Field(wLog* log, const WINPR_JSON* json, const char* name,
580 BYTE** poutput, size_t* plen)
581{
582 *poutput = nullptr;
583 *plen = 0;
584
585 WINPR_JSON* node = WINPR_JSON_GetObjectItemCaseSensitive(json, name);
586 if (!node || !WINPR_JSON_IsString(node))
587 return TRUE;
588
589 const char* nodeValue = WINPR_JSON_GetStringValue(node);
590 if (!nodeValue)
591 return TRUE;
592
593 BYTE* output1 = nullptr;
594 size_t len1 = 0;
595 crypto_base64_decode(nodeValue, strlen(nodeValue), &output1, &len1);
596 if (!output1 || !len1)
597 {
598 WLog_Print(log, WLOG_ERROR, "error when first unbase64 for %s", name);
599 free(output1);
600 return FALSE;
601 }
602
603 size_t len2 = 0;
604 char* output2 = ConvertWCharNToUtf8Alloc((WCHAR*)output1, len1 / sizeof(WCHAR), &len2);
605 free(output1);
606 if (!output2 || !len2)
607 {
608 WLog_Print(log, WLOG_ERROR, "error when decode('utf-16') for %s", name);
609 free(output2);
610 return FALSE;
611 }
612
613 BYTE* output = nullptr;
614 crypto_base64_decode(output2, len2, &output, plen);
615 free(output2);
616 if (!output || !*plen)
617 {
618 WLog_Print(log, WLOG_ERROR, "error when second unbase64 for %s", name);
619 free(output);
620 return FALSE;
621 }
622
623 *poutput = output;
624 return TRUE;
625}
626
647static size_t arm_parse_ipvx_count(WINPR_JSON* ipvX)
648{
649 WINPR_ASSERT(ipvX);
650 WINPR_JSON* ipAddress = WINPR_JSON_GetObjectItemCaseSensitive(ipvX, "ipAddress");
651 if (!ipAddress || !WINPR_JSON_IsArray(ipAddress))
652 return 0;
653
654 /* Each entry might contain a public and a private address */
655 return WINPR_JSON_GetArraySize(ipAddress) * 2;
656}
657
658static BOOL arm_parse_ipv6(rdpSettings* settings, WINPR_JSON* ipv6, size_t* pAddressIdx)
659{
660 WINPR_ASSERT(settings);
661 WINPR_ASSERT(ipv6);
662 WINPR_ASSERT(pAddressIdx);
663
664 if (!freerdp_settings_get_bool(settings, FreeRDP_IPv6Enabled))
665 return TRUE;
666
667 WINPR_JSON* ipAddress = WINPR_JSON_GetObjectItemCaseSensitive(ipv6, "ipAddress");
668 if (!ipAddress || !WINPR_JSON_IsArray(ipAddress))
669 return TRUE;
670 const size_t naddresses = WINPR_JSON_GetArraySize(ipAddress);
671 const uint32_t count = freerdp_settings_get_uint32(settings, FreeRDP_TargetNetAddressCount);
672 for (size_t j = 0; j < naddresses; j++)
673 {
674 WINPR_JSON* adressN = WINPR_JSON_GetArrayItem(ipAddress, j);
675 if (!adressN || !WINPR_JSON_IsString(adressN))
676 continue;
677
678 const char* addr = WINPR_JSON_GetStringValue(adressN);
679 if (utils_str_is_empty(addr))
680 continue;
681
682 if (*pAddressIdx >= count)
683 {
684 WLog_ERR(TAG, "Exceeded TargetNetAddresses, parsing failed");
685 return FALSE;
686 }
687
688 if (!winpr_str_is_valid_url(addr))
689 return FALSE;
690
691 if (!freerdp_settings_set_pointer_array(settings, FreeRDP_TargetNetAddresses,
692 (*pAddressIdx)++, addr))
693 return FALSE;
694 }
695 return TRUE;
696}
697
698static BOOL arm_parse_ipv4(rdpSettings* settings, WINPR_JSON* ipv4, size_t* pAddressIdx)
699{
700 WINPR_ASSERT(settings);
701 WINPR_ASSERT(ipv4);
702 WINPR_ASSERT(pAddressIdx);
703
704 WINPR_JSON* ipAddress = WINPR_JSON_GetObjectItemCaseSensitive(ipv4, "ipAddress");
705 if (!ipAddress || !WINPR_JSON_IsArray(ipAddress))
706 return TRUE;
707
708 const size_t naddresses = WINPR_JSON_GetArraySize(ipAddress);
709 const uint32_t count = freerdp_settings_get_uint32(settings, FreeRDP_TargetNetAddressCount);
710 for (size_t j = 0; j < naddresses; j++)
711 {
712 WINPR_JSON* adressN = WINPR_JSON_GetArrayItem(ipAddress, j);
713 if (!adressN)
714 continue;
715
716 WINPR_JSON* publicIpNode =
717 WINPR_JSON_GetObjectItemCaseSensitive(adressN, "publicIpAddress");
718 if (publicIpNode && WINPR_JSON_IsString(publicIpNode))
719 {
720 const char* publicIp = WINPR_JSON_GetStringValue(publicIpNode);
721 if (!utils_str_is_empty(publicIp))
722 {
723 if (*pAddressIdx >= count)
724 {
725 WLog_ERR(TAG, "Exceeded TargetNetAddresses, parsing failed");
726 return FALSE;
727 }
728
729 if (!utils_is_valid_ip(publicIp))
730 return FALSE;
731
732 if (!freerdp_settings_set_pointer_array(settings, FreeRDP_TargetNetAddresses,
733 (*pAddressIdx)++, publicIp))
734 return FALSE;
735 }
736 }
737
738 WINPR_JSON* privateIpNode =
739 WINPR_JSON_GetObjectItemCaseSensitive(adressN, "privateIpAddress");
740 if (privateIpNode && WINPR_JSON_IsString(privateIpNode))
741 {
742 const char* privateIp = WINPR_JSON_GetStringValue(privateIpNode);
743 if (!utils_str_is_empty(privateIp))
744 {
745 if (*pAddressIdx >= count)
746 {
747 WLog_ERR(TAG, "Exceeded TargetNetAddresses, parsing failed");
748 return FALSE;
749 }
750 if (!utils_is_valid_ip(privateIp))
751 return FALSE;
752
753 if (!freerdp_settings_set_pointer_array(settings, FreeRDP_TargetNetAddresses,
754 (*pAddressIdx)++, privateIp))
755 return FALSE;
756 }
757 }
758 }
759 return TRUE;
760}
761
762static BOOL arm_treat_azureInstanceNetworkMetadata(wLog* log, const char* metadata,
763 rdpSettings* settings)
764{
765 BOOL ret = FALSE;
766
767 WINPR_ASSERT(settings);
768
769 if (!freerdp_target_net_adresses_reset(settings, 0))
770 return FALSE;
771
772 WINPR_JSON* json = WINPR_JSON_Parse(metadata);
773 if (!json)
774 {
775 WLog_Print(log, WLOG_ERROR, "invalid azureInstanceNetworkMetadata");
776 return FALSE;
777 }
778
779 WINPR_JSON* iface = WINPR_JSON_GetObjectItemCaseSensitive(json, "interface");
780 if (!iface)
781 {
782 ret = TRUE;
783 goto out;
784 }
785
786 if (!WINPR_JSON_IsArray(iface))
787 {
788 WLog_Print(log, WLOG_ERROR, "expecting interface to be an Array");
789 goto out;
790 }
791
792 {
793 const size_t interfaceSz = WINPR_JSON_GetArraySize(iface);
794 if (interfaceSz == 0)
795 {
796 WLog_WARN(TAG, "no addresses in azure instance metadata");
797 ret = TRUE;
798 goto out;
799 }
800
801 {
802 size_t count = 0;
803 for (size_t i = 0; i < interfaceSz; i++)
804 {
805 WINPR_JSON* interN = WINPR_JSON_GetArrayItem(iface, i);
806 if (!interN)
807 continue;
808
809 WINPR_JSON* ipv6 = WINPR_JSON_GetObjectItemCaseSensitive(interN, "ipv6");
810 if (ipv6)
811 count += arm_parse_ipvx_count(ipv6);
812
813 WINPR_JSON* ipv4 = WINPR_JSON_GetObjectItemCaseSensitive(interN, "ipv4");
814 if (ipv4)
815 count += arm_parse_ipvx_count(ipv4);
816 }
817
818 if (!freerdp_target_net_adresses_reset(settings, count))
819 return FALSE;
820 }
821
822 {
823 size_t addressIdx = 0;
824 for (size_t i = 0; i < interfaceSz; i++)
825 {
826 WINPR_JSON* interN = WINPR_JSON_GetArrayItem(iface, i);
827 if (!interN)
828 continue;
829
830 WINPR_JSON* ipv6 = WINPR_JSON_GetObjectItemCaseSensitive(interN, "ipv6");
831 if (ipv6)
832 {
833 if (!arm_parse_ipv6(settings, ipv6, &addressIdx))
834 goto out;
835 }
836
837 WINPR_JSON* ipv4 = WINPR_JSON_GetObjectItemCaseSensitive(interN, "ipv4");
838 if (ipv4)
839 {
840 if (!arm_parse_ipv4(settings, ipv4, &addressIdx))
841 goto out;
842 }
843 }
844 if (addressIdx > UINT32_MAX)
845 goto out;
846
847 if (!freerdp_settings_set_uint32(settings, FreeRDP_TargetNetAddressCount,
848 (UINT32)addressIdx))
849 goto out;
850
851 ret = addressIdx > 0;
852 }
853 }
854
855out:
856 WINPR_JSON_Delete(json);
857 return ret;
858}
859
860static void zfree(char* str)
861{
862 if (str)
863 {
864 char* cur = str;
865 while (*cur != '\0')
866 *cur++ = '\0';
867 }
868 free(str);
869}
870
871static BOOL arm_fill_rdstls(rdpArm* arm, rdpSettings* settings, const WINPR_JSON* json,
872 const rdpCertificate* redirectedServerCert)
873{
874 WINPR_ASSERT(arm);
875 BOOL ret = FALSE;
876 BYTE* authBlob = nullptr;
877 WCHAR* wGUID = nullptr;
878
879 const char* redirUser = freerdp_settings_get_string(settings, FreeRDP_RedirectionUsername);
880 if (redirUser)
881 {
882 if (!freerdp_settings_set_string(settings, FreeRDP_Username, redirUser))
883 goto end;
884 }
885
886 /* Azure/Entra requires the domain field to be set to 'AzureAD' in most cases.
887 * Some setups have been reported to require a different one, so only supply the suggested
888 * default if there was no other domain provided.
889 */
890 {
891 const char* redirDomain = freerdp_settings_get_string(settings, FreeRDP_Domain);
892 if (!redirDomain)
893 {
894 if (!freerdp_settings_set_string(settings, FreeRDP_Domain, "AzureAD"))
895 goto end;
896 }
897 }
898
899 {
900 const char* duser = freerdp_settings_get_string(settings, FreeRDP_Username);
901 const char* ddomain = freerdp_settings_get_string(settings, FreeRDP_Domain);
902 const char* dpwd = freerdp_settings_get_string(settings, FreeRDP_Password);
903 if (!duser || !dpwd)
904 {
905 WINPR_ASSERT(arm->context);
906 WINPR_ASSERT(arm->context->instance);
907
908 char* username = nullptr;
909 char* password = nullptr;
910 char* domain = nullptr;
911
912 if (ddomain)
913 domain = _strdup(ddomain);
914 if (duser)
915 username = _strdup(duser);
916
917 const BOOL rc =
918 IFCALLRESULT(FALSE, arm->context->instance->AuthenticateEx, arm->context->instance,
919 &username, &password, &domain, AUTH_RDSTLS);
920
921 const BOOL rc1 = freerdp_settings_set_string(settings, FreeRDP_Username, username);
922 const BOOL rc2 = freerdp_settings_set_string(settings, FreeRDP_Password, password);
923 const BOOL rc3 = freerdp_settings_set_string(settings, FreeRDP_Domain, domain);
924 zfree(username);
925 zfree(password);
926 zfree(domain);
927 if (!rc || !rc1 || !rc2 || !rc3)
928 goto end;
929 }
930 }
931
932 /* redirectedAuthGuid */
933 {
934 WINPR_JSON* redirectedAuthGuidNode =
935 WINPR_JSON_GetObjectItemCaseSensitive(json, "redirectedAuthGuid");
936 if (!redirectedAuthGuidNode || !WINPR_JSON_IsString(redirectedAuthGuidNode))
937 goto end;
938
939 {
940 const char* redirectedAuthGuid = WINPR_JSON_GetStringValue(redirectedAuthGuidNode);
941 if (!redirectedAuthGuid)
942 goto end;
943
944 {
945 size_t wGUID_len = 0;
946 wGUID = ConvertUtf8ToWCharAlloc(redirectedAuthGuid, &wGUID_len);
947 if (!wGUID || (wGUID_len == 0))
948 {
949 WLog_Print(arm->log, WLOG_ERROR,
950 "unable to allocate space for redirectedAuthGuid");
951 goto end;
952 }
953
954 {
955 const BOOL status = freerdp_settings_set_pointer_len(
956 settings, FreeRDP_RedirectionGuid, wGUID, (wGUID_len + 1) * sizeof(WCHAR));
957
958 if (!status)
959 {
960 WLog_Print(arm->log, WLOG_ERROR, "unable to set RedirectionGuid");
961 goto end;
962 }
963 }
964 }
965 }
966 }
967
968 /* redirectedAuthBlob */
969 {
970 size_t authBlobLen = 0;
971 if (!arm_pick_base64Utf16Field(arm->log, json, "redirectedAuthBlob", &authBlob,
972 &authBlobLen))
973 goto end;
974
975 {
976 size_t blockSize = 0;
977 WINPR_CIPHER_CTX* cipher = treatAuthBlob(arm->log, authBlob, authBlobLen, &blockSize);
978 if (!cipher)
979 goto end;
980
981 {
982 const BOOL rerp = arm_encodeRedirectPasswd(arm->log, settings, redirectedServerCert,
983 cipher, blockSize);
984 winpr_Cipher_Free(cipher);
985 if (!rerp)
986 goto end;
987 }
988 }
989 }
990
991 ret = TRUE;
992
993end:
994 free(wGUID);
995 free(authBlob);
996 return ret;
997}
998
999static BOOL arm_fill_gateway_parameters(rdpArm* arm, const char* message, size_t len)
1000{
1001 WINPR_ASSERT(arm);
1002 WINPR_ASSERT(arm->context);
1003 WINPR_ASSERT(message);
1004
1005 rdpCertificate* redirectedServerCert = nullptr;
1006 WINPR_JSON* json = WINPR_JSON_ParseWithLength(message, len);
1007 BOOL status = FALSE;
1008 if (!json)
1009 {
1010 WLog_Print(arm->log, WLOG_ERROR, "Response data is not valid JSON: %s",
1012 return FALSE;
1013 }
1014
1015 if (WLog_IsLevelActive(arm->log, WLOG_DEBUG))
1016 {
1017 char* str = WINPR_JSON_PrintUnformatted(json);
1018 WLog_Print(arm->log, WLOG_DEBUG, "Got HTTP Response data: %s", str);
1019 free(str);
1020 }
1021
1022 rdpSettings* settings = arm->context->settings;
1023 WINPR_JSON* gwurl = WINPR_JSON_GetObjectItemCaseSensitive(json, "gatewayLocationPreWebSocket");
1024 if (!gwurl)
1025 gwurl = WINPR_JSON_GetObjectItemCaseSensitive(json, "gatewayLocation");
1026 const char* gwurlstr = WINPR_JSON_GetStringValue(gwurl);
1027 if (gwurlstr != nullptr)
1028 {
1029 WLog_Print(arm->log, WLOG_DEBUG, "extracted target url %s", gwurlstr);
1030 if (!freerdp_settings_set_string(settings, FreeRDP_GatewayUrl, gwurlstr))
1031 goto fail;
1032 }
1033
1034 {
1035 WINPR_JSON* serverNameNode =
1036 WINPR_JSON_GetObjectItemCaseSensitive(json, "redirectedServerName");
1037 if (serverNameNode)
1038 {
1039 const char* serverName = WINPR_JSON_GetStringValue(serverNameNode);
1040 if (serverName)
1041 {
1042 if (!freerdp_settings_set_string(settings, FreeRDP_ServerHostname, serverName))
1043 goto fail;
1044 }
1045 }
1046 }
1047
1048 {
1049 const char key[] = "redirectedUsername";
1050 if (WINPR_JSON_HasObjectItem(json, key))
1051 {
1052 const char* userName = nullptr;
1053 WINPR_JSON* userNameNode = WINPR_JSON_GetObjectItemCaseSensitive(json, key);
1054 if (userNameNode)
1055 userName = WINPR_JSON_GetStringValue(userNameNode);
1056 if (!freerdp_settings_set_string(settings, FreeRDP_RedirectionUsername, userName))
1057 goto fail;
1058 }
1059 }
1060
1061 {
1062 WINPR_JSON* azureMeta =
1063 WINPR_JSON_GetObjectItemCaseSensitive(json, "azureInstanceNetworkMetadata");
1064 if (azureMeta && WINPR_JSON_IsString(azureMeta))
1065 {
1066 if (!arm_treat_azureInstanceNetworkMetadata(
1067 arm->log, WINPR_JSON_GetStringValue(azureMeta), settings))
1068 {
1069 WLog_Print(arm->log, WLOG_ERROR,
1070 "error when treating azureInstanceNetworkMetadata");
1071 goto fail;
1072 }
1073 }
1074 }
1075
1076 /* redirectedServerCert */
1077 {
1078 size_t certLen = 0;
1079 BYTE* cert = nullptr;
1080 if (arm_pick_base64Utf16Field(arm->log, json, "redirectedServerCert", &cert, &certLen))
1081 {
1082 const BOOL rc = rdp_redirection_read_target_cert(&redirectedServerCert, cert, certLen);
1083 free(cert);
1084 if (!rc)
1085 goto fail;
1086 else if (!rdp_set_target_certificate(settings, redirectedServerCert))
1087 goto fail;
1088 }
1089 }
1090
1091 if (freerdp_settings_get_bool(settings, FreeRDP_AadSecurity))
1092 status = TRUE;
1093 else
1094 status = arm_fill_rdstls(arm, settings, json, redirectedServerCert);
1095
1096fail:
1097 WINPR_JSON_Delete(json);
1098 freerdp_certificate_free(redirectedServerCert);
1099 return status;
1100}
1101
1102static BOOL arm_handle_request_ok(rdpArm* arm, const HttpResponse* response)
1103{
1104 const size_t len = http_response_get_body_length(response);
1105 const char* msg = http_response_get_body(response);
1106 const size_t alen = strnlen(msg, len + 1);
1107 if (alen > len)
1108 {
1109 WLog_Print(arm->log, WLOG_ERROR, "Got HTTP Response data with invalid termination");
1110 return FALSE;
1111 }
1112
1113 return arm_fill_gateway_parameters(arm, msg, len);
1114}
1115
1116static BOOL arm_handle_bad_request(rdpArm* arm, const HttpResponse* response, BOOL* retry)
1117{
1118 WINPR_ASSERT(response);
1119 WINPR_ASSERT(retry);
1120
1121 *retry = FALSE;
1122
1123 BOOL rc = FALSE;
1124
1125 http_response_log_error_status(WLog_Get(TAG), WLOG_ERROR, response);
1126
1127 const size_t len = http_response_get_body_length(response);
1128 const char* msg = http_response_get_body(response);
1129 if (msg && (strnlen(msg, len + 1) > len))
1130 {
1131 WLog_Print(arm->log, WLOG_ERROR, "Got HTTP Response data, but length is invalid");
1132
1133 return FALSE;
1134 }
1135
1136 WLog_Print(arm->log, WLOG_DEBUG, "Got HTTP Response data: %s", msg);
1137
1138 WINPR_JSON* json = WINPR_JSON_ParseWithLength(msg, len);
1139 if (json == nullptr)
1140 {
1141 const char* error_ptr = WINPR_JSON_GetErrorPtr();
1142 WLog_Print(arm->log, WLOG_ERROR, "WINPR_JSON_ParseWithLength: %s", error_ptr);
1143
1144 return FALSE;
1145 }
1146 else
1147 {
1148 WINPR_JSON* gateway_code_obj = WINPR_JSON_GetObjectItemCaseSensitive(json, "Code");
1149 const char* gw_code_str = WINPR_JSON_GetStringValue(gateway_code_obj);
1150 if (gw_code_str == nullptr)
1151 {
1152 WLog_Print(arm->log, WLOG_ERROR, "Response has no \"Code\" property");
1153 goto fail;
1154 }
1155
1156 if (strcmp(gw_code_str, "E_PROXY_ORCHESTRATION_LB_SESSIONHOST_DEALLOCATED") == 0)
1157 {
1158 *retry = TRUE;
1159 WINPR_JSON* message = WINPR_JSON_GetObjectItemCaseSensitive(json, "Message");
1160 const char* msgstr = WINPR_JSON_GetStringValue(message);
1161 if (!msgstr)
1162 WLog_WARN(TAG, "Starting your VM. It may take up to 5 minutes");
1163 else
1164 WLog_WARN(TAG, "%s", msgstr);
1165 freerdp_set_last_error_if_not(arm->context, FREERDP_ERROR_CONNECT_TARGET_BOOTING);
1166 }
1167 else
1168 {
1169 goto fail;
1170 }
1171 }
1172
1173 rc = TRUE;
1174fail:
1175 WINPR_JSON_Delete(json);
1176 return rc;
1177}
1178
1179static BOOL arm_handle_request(rdpArm* arm, BOOL* retry, DWORD timeout)
1180{
1181 WINPR_ASSERT(retry);
1182
1183 if (!arm_fetch_wellknown(arm))
1184 {
1185 *retry = TRUE;
1186 return FALSE;
1187 }
1188
1189 *retry = FALSE;
1190
1191 char* message = nullptr;
1192 BOOL rc = FALSE;
1193
1194 HttpResponse* response = nullptr;
1195 long StatusCode = 0;
1196
1197 const char* useragent =
1198 freerdp_settings_get_string(arm->context->settings, FreeRDP_GatewayHttpUserAgent);
1199 const char* msuseragent =
1200 freerdp_settings_get_string(arm->context->settings, FreeRDP_GatewayHttpMsUserAgent);
1201 if (!http_context_set_uri(arm->http, "/api/arm/v2/connections") ||
1202 !http_context_set_accept(arm->http, "*/*") ||
1203 !http_context_set_cache_control(arm->http, "no-cache") ||
1204 !http_context_set_pragma(arm->http, "no-cache") ||
1205 !http_context_set_connection(arm->http, "Keep-Alive") ||
1206 !http_context_set_user_agent(arm->http, useragent) ||
1207 !http_context_set_x_ms_user_agent(arm->http, msuseragent) ||
1208 !http_context_set_host(arm->http, freerdp_settings_get_string(arm->context->settings,
1209 FreeRDP_GatewayHostname)))
1210 goto arm_error;
1211
1212 if (!arm_tls_connect(arm, arm->tls, timeout))
1213 goto arm_error;
1214
1215 message = arm_create_request_json(arm);
1216 if (!message)
1217 goto arm_error;
1218
1219 if (!arm_send_http_request(arm, arm->tls, "POST", "application/json", message, strlen(message)))
1220 goto arm_error;
1221
1222 response = http_response_recv(arm->tls, TRUE);
1223 if (!response)
1224 goto arm_error;
1225
1226 StatusCode = http_response_get_status_code(response);
1227 if (StatusCode == HTTP_STATUS_OK)
1228 {
1229 if (!arm_handle_request_ok(arm, response))
1230 goto arm_error;
1231 }
1232 else if (StatusCode == HTTP_STATUS_BAD_REQUEST)
1233 {
1234 if (!arm_handle_bad_request(arm, response, retry))
1235 goto arm_error;
1236 }
1237 else
1238 {
1239 http_response_log_error_status(WLog_Get(TAG), WLOG_ERROR, response);
1240 goto arm_error;
1241 }
1242
1243 rc = TRUE;
1244arm_error:
1245 http_response_free(response);
1246 free(message);
1247 return rc;
1248}
1249
1250#endif
1251
1252BOOL arm_resolve_endpoint(wLog* log, rdpContext* context, DWORD timeout)
1253{
1254#ifndef WITH_AAD
1255 WLog_Print(log, WLOG_ERROR, "arm gateway support not compiled in");
1256 return FALSE;
1257#else
1258
1259 if (!context)
1260 return FALSE;
1261
1262 if (!context->settings)
1263 return FALSE;
1264
1265 if ((freerdp_settings_get_uint32(context->settings, FreeRDP_LoadBalanceInfoLength) == 0) ||
1266 (freerdp_settings_get_string(context->settings, FreeRDP_RemoteApplicationProgram) ==
1267 nullptr))
1268 {
1269 WLog_Print(log, WLOG_ERROR, "loadBalanceInfo and RemoteApplicationProgram needed");
1270 return FALSE;
1271 }
1272
1273 rdpArm* arm = arm_new(context);
1274 if (!arm)
1275 return FALSE;
1276
1277 BOOL retry = FALSE;
1278 BOOL rc = FALSE;
1279 do
1280 {
1281 if (retry && rc)
1282 {
1283 freerdp* instance = context->instance;
1284 WINPR_ASSERT(instance);
1285 SSIZE_T delay = IFCALLRESULT(-1, instance->RetryDialog, instance, "arm-transport",
1286 arm->gateway_retry, arm);
1287 arm->gateway_retry++;
1288 if (delay <= 0)
1289 break; /* error or no retry desired, abort loop */
1290 else
1291 {
1292 WLog_Print(arm->log, WLOG_DEBUG, "Delay for %" PRIdz "ms before next attempt",
1293 delay);
1294 while (delay > 0)
1295 {
1296 DWORD slp = (UINT32)delay;
1297 if (delay > UINT32_MAX)
1298 slp = UINT32_MAX;
1299 Sleep(slp);
1300 delay -= slp;
1301 }
1302 }
1303 }
1304 rc = arm_handle_request(arm, &retry, timeout);
1305
1306 } while (retry && rc);
1307 arm_free(arm);
1308 return rc;
1309#endif
1310}
WINPR_ATTR_NODISCARD WINPR_API WINPR_JSON * WINPR_JSON_CreateObject(void)
WINPR_JSON_CreateObject.
Definition c-json.c:232
WINPR_ATTR_NODISCARD WINPR_API BOOL WINPR_JSON_HasObjectItem(const WINPR_JSON *object, const char *string)
Check if JSON has an object matching the name.
Definition c-json.c:132
WINPR_ATTR_NODISCARD WINPR_API size_t WINPR_JSON_GetArraySize(const WINPR_JSON *array)
Get the number of arrayitems from an array.
Definition c-json.c:114
WINPR_ATTR_NODISCARD WINPR_API WINPR_JSON * WINPR_JSON_GetObjectItemCaseSensitive(const WINPR_JSON *object, const char *string)
Same as WINPR_JSON_GetObjectItem but with case sensitive matching.
Definition c-json.c:127
WINPR_API WINPR_JSON * WINPR_JSON_ParseWithLength(const char *value, size_t buffer_length)
Parse a JSON string.
Definition c-json.c:98
WINPR_ATTR_NODISCARD WINPR_API const char * WINPR_JSON_GetErrorPtr(void)
Return an error string.
Definition c-json.c:137
WINPR_ATTR_NODISCARD WINPR_API BOOL WINPR_JSON_IsString(const WINPR_JSON *item)
Check if JSON item is of type String.
Definition c-json.c:182
WINPR_ATTR_NODISCARD WINPR_API WINPR_JSON * WINPR_JSON_GetArrayItem(const WINPR_JSON *array, size_t index)
Return a pointer to an item in the array.
Definition c-json.c:108
WINPR_API char * WINPR_JSON_PrintUnformatted(WINPR_JSON *item)
Serialize a JSON instance to string without formatting for human readable formatted output see WINPR_...
Definition c-json.c:311
WINPR_ATTR_NODISCARD WINPR_API BOOL WINPR_JSON_IsArray(const WINPR_JSON *item)
Check if JSON item is of type Array.
Definition c-json.c:187
WINPR_ATTR_NODISCARD WINPR_API WINPR_JSON * WINPR_JSON_AddNullToObject(WINPR_JSON *object, const char *name)
WINPR_JSON_AddNullToObject.
Definition c-json.c:237
WINPR_ATTR_NODISCARD WINPR_API WINPR_JSON * WINPR_JSON_AddStringToObject(WINPR_JSON *object, const char *name, const char *string)
WINPR_JSON_AddStringToObject.
Definition c-json.c:269
WINPR_API void WINPR_JSON_Delete(WINPR_JSON *item)
Delete a WinPR JSON wrapper object.
Definition c-json.c:103
WINPR_ATTR_NODISCARD WINPR_API const char * WINPR_JSON_GetStringValue(WINPR_JSON *item)
Return the String value of a JSON item.
Definition c-json.c:142
WINPR_API WINPR_JSON * WINPR_JSON_Parse(const char *value)
Parse a '\0' terminated JSON string.
Definition c-json.c:93
WINPR_ATTR_NODISCARD FREERDP_API const void * freerdp_settings_get_pointer(const rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a immutable pointer settings value.
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_uint32(rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id, UINT32 val)
Sets a UINT32 settings value.
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_pointer_len(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id, const void *data, size_t len)
Set a pointer to value data.
WINPR_ATTR_NODISCARD FREERDP_API UINT32 freerdp_settings_get_uint32(const rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id)
Returns a UINT32 settings value.
FREERDP_API WCHAR * freerdp_settings_get_string_as_utf16(const rdpSettings *settings, FreeRDP_Settings_Keys_String id, size_t *pCharLen)
Return an allocated UTF16 string.
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_string(rdpSettings *settings, FreeRDP_Settings_Keys_String id, const char *val)
Sets a string settings value. The param is copied.
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.