FreeRDP
|
#include <winpr/wtypes.h>
#include <winpr/stream.h>
#include <winpr/collections.h>
#include <winpr/interlocked.h>
#include <freerdp/log.h>
#include <freerdp/utils/ringbuffer.h>
#include "../tcp.h"
#include "../transport.h"
#include "http.h"
#include "ntlm.h"
#include <time.h>
#include <winpr/sspi.h>
#include <freerdp/types.h>
#include <freerdp/settings.h>
#include <freerdp/crypto/tls.h>
#include <freerdp/crypto/crypto.h>
#include <freerdp/api.h>
#include <winpr/print.h>
Typedefs | |
typedef struct RPC_PDU * | PRPC_PDU |
typedef UINT16 | p_context_id_t |
typedef UINT16 | p_reject_reason_t |
typedef struct ndr_format_t * | ndr_format_p_t |
typedef version_t | p_rt_version_t |
typedef UINT16 | rpcrt_reason_code_t |
#define CALLED_PADDR_UNKNOWN 3 |
#define DEFAULT_CONTEXT_NOT_SUPPORTED 5 |
#define DEFINE_RPC_FAULT_CODE | ( | _code, | |
cat | |||
) |
#define LOCAL_LIMIT_EXCEEDED 2 |
#define nca_s_bad_actid 0x1C00000A |
#define nca_s_comm_failure 0x1C010001 |
#define nca_s_fault_addr_error 0x1C000002 |
#define nca_s_fault_cancel 0x1C00000D |
#define nca_s_fault_codeset_conv_error 0x1C000023 |
#define nca_s_fault_context_mismatch 0x1C00001A |
#define nca_s_fault_fp_div_zero 0x1C000003 |
#define nca_s_fault_fp_error 0x1C00000F |
#define nca_s_fault_fp_overflow 0x1C000005 |
#define nca_s_fault_fp_underflow 0x1C000004 |
#define nca_s_fault_ill_inst 0x1C00000E |
#define nca_s_fault_int_div_by_zero 0x1C000001 |
#define nca_s_fault_int_overflow 0x1C000010 |
#define nca_s_fault_invalid_bound 0x1C000007 |
#define nca_s_fault_invalid_tag 0x1C000006 |
#define nca_s_fault_no_client_stub 0x1C000025 |
#define nca_s_fault_object_not_found 0x1C000024 |
#define nca_s_fault_pipe_closed 0x1C000015 |
#define nca_s_fault_pipe_comm_error 0x1C000018 |
#define nca_s_fault_pipe_discipline 0x1C000017 |
#define nca_s_fault_pipe_empty 0x1C000014 |
#define nca_s_fault_pipe_memory 0x1C000019 |
#define nca_s_fault_pipe_order 0x1C000016 |
#define nca_s_fault_remote_comm_failure 0x1C000013 |
#define nca_s_fault_remote_no_memory 0x1C00001B |
#define nca_s_fault_string_too_long 0x1C010015 |
#define nca_s_fault_tx_open_failed 0x1C000022 |
#define nca_s_fault_unspec 0x1C000012 |
#define nca_s_fault_user_defined 0x1C000021 |
#define nca_s_invalid_checksum 0x1C00001F |
#define nca_s_invalid_crc 0x1C000020 |
#define nca_s_invalid_pres_context_id 0x1C00001C |
#define nca_s_manager_not_entered 0x1C00000C |
#define nca_s_op_rng_error 0x1C010002 |
#define nca_s_out_args_too_big 0x1C010013 |
#define nca_s_proto_error 0x1C01000B |
#define nca_s_rpc_version_mismatch 0x1C000008 |
#define nca_s_server_too_busy 0x1C010014 |
#define nca_s_unk_if 0x1C010003 |
#define nca_s_unspec_reject 0x1C000009 |
#define nca_s_unsupported_authn_level 0x1C00001D |
#define nca_s_unsupported_type 0x1C010017 |
#define nca_s_who_are_you_failed 0x1C00000B |
#define nca_s_wrong_boot_time 0x1C010006 |
#define nca_s_you_crashed 0x1C010009 |
#define ndr_c_char_ascii 0 |
#define ndr_c_char_ebcdic 1 |
#define ndr_c_float_cray 2 |
#define ndr_c_float_ibm 3 |
#define ndr_c_float_ieee 0 |
#define ndr_c_float_vax 1 |
#define ndr_c_int_big_endian 0 |
#define ndr_c_int_little_endian 1 |
#define NO_PSAP_AVAILABLE 7 |
#define PFC_CONC_MPX 0x10 |
#define PFC_DID_NOT_EXECUTE 0x20 |
#define PFC_FIRST_FRAG 0x01 |
#define PFC_LAST_FRAG 0x02 |
#define PFC_MAYBE 0x40 |
#define PFC_OBJECT_UUID 0x80 |
#define PFC_PENDING_CANCEL 0x04 |
#define PFC_RESERVED_1 0x08 |
#define PFC_SUPPORT_HEADER_SIGN 0x04 |
#define PROTOCOL_VERSION_NOT_SUPPORTED 4 |
#define PTYPE_ACK 0x07 |
#define PTYPE_ALTER_CONTEXT 0x0E |
#define PTYPE_ALTER_CONTEXT_RESP 0x0F |
#define PTYPE_BIND 0x0B |
#define PTYPE_BIND_ACK 0x0C |
#define PTYPE_BIND_NAK 0x0D |
#define PTYPE_CANCEL_ACK 0x0A |
#define PTYPE_CL_CANCEL 0x08 |
#define PTYPE_CO_CANCEL 0x12 |
#define PTYPE_FACK 0x09 |
#define PTYPE_FAULT 0x03 |
#define PTYPE_NOCALL 0x05 |
#define PTYPE_ORPHANED 0x13 |
#define PTYPE_PING 0x01 |
#define PTYPE_REJECT 0x06 |
#define PTYPE_REQUEST 0x00 |
CAE Specification DCE 1.1: Remote Procedure Call Document Number: C706 http://pubs.opengroup.org/onlinepubs/9629399/
#define PTYPE_RESPONSE 0x02 |
#define PTYPE_RPC_AUTH_3 0x10 |
#define PTYPE_RTS 0x14 |
#define PTYPE_SHUTDOWN 0x11 |
#define PTYPE_WORKING 0x04 |
#define REASON_NOT_SPECIFIED 0 |
#define RPC_CL_MUST_RECV_FRAG_SIZE 1464 |
#define RPC_CO_MUST_RECV_FRAG_SIZE 1432 |
#define RPC_COMMON_FIELDS_LENGTH sizeof(rpcconn_common_hdr_t) |
#define RPC_PDU_FLAG_STUB 0x00000001 |
#define RPC_PDU_HEADER_MAX_LENGTH 32 |
The PDU maximum header length is enough to contain either the RPC common fields or all fields up to the stub data in PDUs that use it (request, response, fault)
#define RPC_UUID_FORMAT_ARGUMENTS | ( | _rpc_uuid | ) |
#define RPC_UUID_FORMAT_STRING "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x" |
#define RTS_PDU_HEADER_LENGTH 20 |
#define TEMPORARY_CONGESTION 1 |
#define USER_DATA_NOT_READABLE 6 |
typedef struct ndr_format_t * ndr_format_p_t |
typedef UINT16 p_context_id_t |
typedef UINT16 p_reject_reason_t |
typedef version_t p_rt_version_t |
typedef UINT16 rpcrt_reason_code_t |
enum p_cont_def_result_t |
enum p_provider_reason_t |
enum RPC_CLIENT_STATE |
FREERDP_LOCAL void rpc_channel_free | ( | RpcChannel * | channel | ) |
FREERDP_LOCAL SSIZE_T rpc_channel_read | ( | RpcChannel * | channel, |
wStream * | s, | ||
size_t | length | ||
) |
FREERDP_LOCAL SSIZE_T rpc_channel_write | ( | RpcChannel * | channel, |
const BYTE * | data, | ||
size_t | length | ||
) |
FREERDP_LOCAL BOOL rpc_connect | ( | rdpRpc * | rpc, |
UINT32 | timeout | ||
) |
FREERDP_LOCAL void rpc_free | ( | rdpRpc * | rpc | ) |
FREERDP_LOCAL BOOL rpc_get_stub_data_info | ( | const rpcconn_hdr_t * | header, |
size_t * | poffset, | ||
size_t * | length | ||
) |
PDU Segments:
| | | PDU Header |
________________________________ |
---|
PDU Body |
________________________________ |
Security Trailer |
________________________________ |
Authentication Token |
________________________________ |
PDU Structure with verification trailer
MUST only appear in a request PDU!
| | | PDU Header | |________________________________| _______ | | /|\ | | |
Stub Data | |
---|---|
________________________________ | |
PDU Body | |
Stub Pad | |
________________________________ | |
Verification Trailer | |
________________________________ | |
Authentication Pad | |
________________________________ | __|/__ |
| | | Security Trailer |
________________________________ |
---|
Authentication Token |
________________________________ |
Security Trailer:
The sec_trailer structure MUST be placed at the end of the PDU, including past stub data, when present. The sec_trailer structure MUST be 4-byte aligned with respect to the beginning of the PDU. Padding octets MUST be used to align the sec_trailer structure if its natural beginning is not already 4-byte aligned.
All PDUs that carry sec_trailer information share certain common fields: frag_length and auth_length. The beginning of the sec_trailer structure for each PDU MUST be calculated to start from offset (frag_length – auth_length – 8) from the beginning of the PDU.
Immediately after the sec_trailer structure, there MUST be a BLOB carrying the authentication information produced by the security provider. This BLOB is called the authentication token and MUST be of size auth_length. The size MUST also be equal to the length from the first octet immediately after the sec_trailer structure all the way to the end of the fragment; the two values MUST be the same.
A client or a server that (during composing of a PDU) has allocated more space for the authentication token than the security provider fills in SHOULD fill in the rest of the allocated space with zero octets. These zero octets are still considered to belong to the authentication token part of the PDU.
According to [MS-RPCE], auth_pad_length is the number of padding octets used to 4-byte align the security trailer, but in practice we get values up to 15, which indicates 16-byte alignment.
FREERDP_LOCAL BOOL rpc_in_channel_transition_to_state | ( | RpcInChannel * | inChannel, |
CLIENT_IN_CHANNEL_STATE | state | ||
) |
FREERDP_LOCAL rdpRpc* rpc_new | ( | rdpTransport * | transport | ) |
FREERDP_LOCAL size_t rpc_offset_align | ( | size_t * | offset, |
size_t | alignment | ||
) |
FREERDP_LOCAL size_t rpc_offset_pad | ( | size_t * | offset, |
size_t | pad | ||
) |
FREERDP_LOCAL RpcOutChannel* rpc_out_channel_new | ( | rdpRpc * | rpc | ) |
FREERDP_LOCAL int rpc_out_channel_replacement_connect | ( | RpcOutChannel * | outChannel, |
int | timeout | ||
) |
FREERDP_LOCAL BOOL rpc_out_channel_transition_to_state | ( | RpcOutChannel * | outChannel, |
CLIENT_OUT_CHANNEL_STATE | state | ||
) |
FREERDP_LOCAL rpcconn_common_hdr_t rpc_pdu_header_init | ( | const rdpRpc * | rpc | ) |
FREERDP_LOCAL void rpc_pdu_header_print | ( | const rpcconn_hdr_t * | header | ) |
[MS-RPCH]: Remote Procedure Call over HTTP Protocol Specification: http://msdn.microsoft.com/en-us/library/cc243950/
Connection Establishment\n
Client Outbound Proxy Inbound Proxy Server
| | | |
|--------------—IN Channel Request------------—>| |
|—OUT Channel Request-->| |<-Legacy Server Response-|
| |<-----------—Legacy Server Response-----------—|
| | | |
|------—CONN_A1-----—>| | |
|-------------------—CONN_B1------------------—>| |
| |-------------------—CONN_A2------------------—>|
| | | |
|<–OUT Channel Response–| |------—CONN_B2-----—>|
|<-----—CONN_A3------—| | |
| |<------------------—CONN_C1-------------------—|
| | |<-----—CONN_B3------—|
|<-----—CONN_C2------—| | |
| | | |
FREERDP_LOCAL BOOL rpc_virtual_connection_transition_to_state | ( | rdpRpc * | rpc, |
RpcVirtualConnection * | connection, | ||
VIRTUAL_CONNECTION_STATE | state | ||
) |