22 #include <freerdp/config.h>
24 #include "../settings.h"
26 #include <winpr/assert.h>
28 #include <winpr/crt.h>
29 #include <winpr/synch.h>
30 #include <winpr/print.h>
31 #include <winpr/stream.h>
32 #include <winpr/winsock.h>
33 #include <winpr/cred.h>
35 #include <freerdp/log.h>
36 #include <freerdp/error.h>
37 #include <freerdp/utils/ringbuffer.h>
38 #include <freerdp/utils/smartcardlogon.h>
41 #include "websocket.h"
42 #include "../credssp_auth.h"
45 #include "../../crypto/opensslcompat.h"
46 #include "rpc_fault.h"
49 #define TAG FREERDP_TAG("core.gateway.rdg")
51 #define AUTH_PKG NEGO_SSP_NAME
54 #define HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID 0x1
55 #define HTTP_CHANNEL_RESPONSE_OPTIONAL 0x2
56 #define HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT 0x4
59 #define HTTP_EXTENDED_AUTH_NONE 0x0
60 #define HTTP_EXTENDED_AUTH_SC 0x1
61 #define HTTP_EXTENDED_AUTH_PAA 0x02
62 #define HTTP_EXTENDED_AUTH_SSPI_NTLM 0x04
63 #define HTTP_EXTENDED_AUTH_BEARER 0x08
66 #define PKT_TYPE_HANDSHAKE_REQUEST 0x1
67 #define PKT_TYPE_HANDSHAKE_RESPONSE 0x2
68 #define PKT_TYPE_EXTENDED_AUTH_MSG 0x3
69 #define PKT_TYPE_TUNNEL_CREATE 0x4
70 #define PKT_TYPE_TUNNEL_RESPONSE 0x5
71 #define PKT_TYPE_TUNNEL_AUTH 0x6
72 #define PKT_TYPE_TUNNEL_AUTH_RESPONSE 0x7
73 #define PKT_TYPE_CHANNEL_CREATE 0x8
74 #define PKT_TYPE_CHANNEL_RESPONSE 0x9
75 #define PKT_TYPE_DATA 0xA
76 #define PKT_TYPE_SERVICE_MESSAGE 0xB
77 #define PKT_TYPE_REAUTH_MESSAGE 0xC
78 #define PKT_TYPE_KEEPALIVE 0xD
79 #define PKT_TYPE_CLOSE_CHANNEL 0x10
80 #define PKT_TYPE_CLOSE_CHANNEL_RESPONSE 0x11
86 #define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS 0x1
87 #define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT 0x2
88 #define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE 0x4
91 #define HTTP_TUNNEL_PACKET_FIELD_PAA_COOKIE 0x1
95 #define HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID 0x1
96 #define HTTP_TUNNEL_RESPONSE_FIELD_CAPS 0x2
97 #define HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ 0x4
98 #define HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG 0x10
101 #define HTTP_CAPABILITY_TYPE_QUAR_SOH 0x1
102 #define HTTP_CAPABILITY_IDLE_TIMEOUT 0x2
103 #define HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN 0x4
104 #define HTTP_CAPABILITY_MESSAGING_SERVICE_MSG 0x8
105 #define HTTP_CAPABILITY_REAUTH 0x10
106 #define HTTP_CAPABILITY_UDP_TRANSPORT 0x20
110 TRANSFER_ENCODING httpTransferEncoding;
111 BOOL isWebsocketTransport;
117 } rdg_http_encoding_context;
126 rdpCredsspAuth* auth;
133 UINT16 packetRemainingCount;
138 rdg_http_encoding_context transferEncoding;
146 RDG_CLIENT_STATE_INITIAL,
147 RDG_CLIENT_STATE_HANDSHAKE,
148 RDG_CLIENT_STATE_TUNNEL_CREATE,
149 RDG_CLIENT_STATE_TUNNEL_AUTHORIZE,
150 RDG_CLIENT_STATE_CHANNEL_CREATE,
151 RDG_CLIENT_STATE_OPENED,
154 #pragma pack(push, 1)
156 typedef struct rdg_packet_header
171 static const t_flag_mapping tunnel_response_fields_present[] = {
172 { HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID,
"HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID" },
173 { HTTP_TUNNEL_RESPONSE_FIELD_CAPS,
"HTTP_TUNNEL_RESPONSE_FIELD_CAPS" },
174 { HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ,
"HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ" },
175 { HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG,
"HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG" }
178 static const t_flag_mapping channel_response_fields_present[] = {
179 { HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID,
"HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID" },
180 { HTTP_CHANNEL_RESPONSE_OPTIONAL,
"HTTP_CHANNEL_RESPONSE_OPTIONAL" },
181 { HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT,
"HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT" }
184 static const t_flag_mapping tunnel_authorization_response_fields_present[] = {
185 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS,
"HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS" },
186 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT,
187 "HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT" },
188 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE,
189 "HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE" }
192 static const t_flag_mapping extended_auth[] = {
193 { HTTP_EXTENDED_AUTH_NONE,
"HTTP_EXTENDED_AUTH_NONE" },
194 { HTTP_EXTENDED_AUTH_SC,
"HTTP_EXTENDED_AUTH_SC" },
195 { HTTP_EXTENDED_AUTH_PAA,
"HTTP_EXTENDED_AUTH_PAA" },
196 { HTTP_EXTENDED_AUTH_SSPI_NTLM,
"HTTP_EXTENDED_AUTH_SSPI_NTLM" }
199 static const t_flag_mapping capabilities_enum[] = {
200 { HTTP_CAPABILITY_TYPE_QUAR_SOH,
"HTTP_CAPABILITY_TYPE_QUAR_SOH" },
201 { HTTP_CAPABILITY_IDLE_TIMEOUT,
"HTTP_CAPABILITY_IDLE_TIMEOUT" },
202 { HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN,
"HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN" },
203 { HTTP_CAPABILITY_MESSAGING_SERVICE_MSG,
"HTTP_CAPABILITY_MESSAGING_SERVICE_MSG" },
204 { HTTP_CAPABILITY_REAUTH,
"HTTP_CAPABILITY_REAUTH" },
205 { HTTP_CAPABILITY_UDP_TRANSPORT,
"HTTP_CAPABILITY_UDP_TRANSPORT" }
208 static const char* flags_to_string(UINT32 flags,
const t_flag_mapping* map,
size_t elements)
210 static char buffer[1024] = { 0 };
211 char fields[12] = { 0 };
213 for (
size_t x = 0; x < elements; x++)
215 const t_flag_mapping* cur = &map[x];
217 if ((cur->code & flags) != 0)
218 winpr_str_append(cur->name, buffer,
sizeof(buffer),
"|");
221 (void)sprintf_s(fields, ARRAYSIZE(fields),
" [%04" PRIx32
"]", flags);
222 winpr_str_append(fields, buffer,
sizeof(buffer), NULL);
226 static const char* channel_response_fields_present_to_string(UINT16 fieldsPresent)
228 return flags_to_string(fieldsPresent, channel_response_fields_present,
229 ARRAYSIZE(channel_response_fields_present));
232 static const char* tunnel_response_fields_present_to_string(UINT16 fieldsPresent)
234 return flags_to_string(fieldsPresent, tunnel_response_fields_present,
235 ARRAYSIZE(tunnel_response_fields_present));
238 static const char* tunnel_authorization_response_fields_present_to_string(UINT16 fieldsPresent)
240 return flags_to_string(fieldsPresent, tunnel_authorization_response_fields_present,
241 ARRAYSIZE(tunnel_authorization_response_fields_present));
244 static const char* extended_auth_to_string(UINT16 auth)
246 if (auth == HTTP_EXTENDED_AUTH_NONE)
247 return "HTTP_EXTENDED_AUTH_NONE [0x0000]";
249 return flags_to_string(auth, extended_auth, ARRAYSIZE(extended_auth));
252 static const char* capabilities_enum_to_string(UINT32 capabilities)
254 return flags_to_string(capabilities, capabilities_enum, ARRAYSIZE(capabilities_enum));
257 static BOOL rdg_read_http_unicode_string(wLog* log,
wStream* s,
const WCHAR**
string,
258 UINT16* lengthInBytes)
260 UINT16 strLenBytes = 0;
261 size_t rem = Stream_GetRemainingLength(s);
264 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
266 WLog_Print(log, WLOG_ERROR,
"Could not read stream length, only have %" PRIuz
" bytes",
270 Stream_Read_UINT16(s, strLenBytes);
273 const WCHAR* str = Stream_ConstPointer(s);
276 if (!Stream_SafeSeek(s, strLenBytes))
278 WLog_Print(log, WLOG_ERROR,
279 "Could not read stream data, only have %" PRIuz
" bytes, expected %" PRIu16,
280 rem - 4, strLenBytes);
288 *lengthInBytes = strLenBytes;
293 static BOOL rdg_write_chunked(BIO* bio,
wStream* sPacket)
299 (void)sprintf_s(chunkSize,
sizeof(chunkSize),
"%" PRIXz
"\r\n", Stream_Length(sPacket));
300 sChunk = Stream_New(NULL, strnlen(chunkSize,
sizeof(chunkSize)) + Stream_Length(sPacket) + 2);
305 Stream_Write(sChunk, chunkSize, strnlen(chunkSize,
sizeof(chunkSize)));
306 Stream_Write(sChunk, Stream_Buffer(sPacket), Stream_Length(sPacket));
307 Stream_Write(sChunk,
"\r\n", 2);
308 Stream_SealLength(sChunk);
309 len = Stream_Length(sChunk);
313 Stream_Free(sChunk, TRUE);
318 status = BIO_write(bio, Stream_Buffer(sChunk), (
int)len);
319 Stream_Free(sChunk, TRUE);
321 if (status != (SSIZE_T)len)
327 static BOOL rdg_write_packet(rdpRdg* rdg,
wStream* sPacket)
329 if (rdg->transferEncoding.isWebsocketTransport)
331 if (rdg->transferEncoding.context.websocket.closeSent)
333 return websocket_write_wstream(rdg->tlsOut->bio, sPacket, WebsocketBinaryOpcode);
336 return rdg_write_chunked(rdg->tlsIn->bio, sPacket);
339 static int rdg_socket_read(BIO* bio, BYTE* pBuffer,
size_t size,
340 rdg_http_encoding_context* encodingContext)
342 WINPR_ASSERT(encodingContext != NULL);
343 if (size > INT32_MAX)
346 if (encodingContext->isWebsocketTransport)
348 return websocket_read(bio, pBuffer, size, &encodingContext->context.websocket);
351 switch (encodingContext->httpTransferEncoding)
353 case TransferEncodingIdentity:
355 return BIO_read(bio, pBuffer, (
int)size);
356 case TransferEncodingChunked:
357 return http_chuncked_read(bio, pBuffer, size, &encodingContext->context.chunked);
363 static BOOL rdg_shall_abort(rdpRdg* rdg)
366 return freerdp_shall_disconnect_context(rdg->context);
369 static BOOL rdg_read_all(rdpContext* context, rdpTls* tls, BYTE* buffer,
size_t size,
370 rdg_http_encoding_context* transferEncoding)
372 size_t readCount = 0;
373 BYTE* pBuffer = buffer;
375 while (readCount < size)
377 if (freerdp_shall_disconnect_context(context))
380 int status = rdg_socket_read(tls->bio, pBuffer, size - readCount, transferEncoding);
383 if (!BIO_should_retry(tls->bio))
397 static wStream* rdg_receive_packet(rdpRdg* rdg)
399 const size_t header =
sizeof(RdgPacketHeader);
400 size_t packetLength = 0;
401 wStream* s = Stream_New(NULL, 1024);
406 if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s), header, &rdg->transferEncoding))
408 Stream_Free(s, TRUE);
413 Stream_Read_UINT32(s, packetLength);
415 if ((packetLength > INT_MAX) || !Stream_EnsureCapacity(s, packetLength) ||
416 (packetLength < header))
418 Stream_Free(s, TRUE);
422 if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s) + header,
423 (
int)packetLength - (
int)header, &rdg->transferEncoding))
425 Stream_Free(s, TRUE);
429 Stream_SetLength(s, packetLength);
433 static BOOL rdg_send_handshake(rdpRdg* rdg)
436 wStream* s = Stream_New(NULL, 14);
441 Stream_Write_UINT16(s, PKT_TYPE_HANDSHAKE_REQUEST);
442 Stream_Write_UINT16(s, 0);
443 Stream_Write_UINT32(s, 14);
444 Stream_Write_UINT8(s, 1);
445 Stream_Write_UINT8(s, 0);
446 Stream_Write_UINT16(s, 0);
447 Stream_Write_UINT16(s, rdg->extAuth);
448 Stream_SealLength(s);
449 status = rdg_write_packet(rdg, s);
450 Stream_Free(s, TRUE);
454 rdg->state = RDG_CLIENT_STATE_HANDSHAKE;
460 static BOOL rdg_send_extauth_sspi(rdpRdg* rdg)
464 UINT32 packetSize = 8 + 4 + 2;
468 const SecBuffer* authToken = credssp_auth_get_output_buffer(rdg->auth);
471 packetSize += authToken->cbBuffer;
473 s = Stream_New(NULL, packetSize);
478 Stream_Write_UINT16(s, PKT_TYPE_EXTENDED_AUTH_MSG);
479 Stream_Write_UINT16(s, 0);
480 Stream_Write_UINT32(s, packetSize);
481 Stream_Write_UINT32(s, ERROR_SUCCESS);
482 Stream_Write_UINT16(s, (UINT16)authToken->cbBuffer);
483 Stream_Write(s, authToken->pvBuffer, authToken->cbBuffer);
485 Stream_SealLength(s);
486 status = rdg_write_packet(rdg, s);
487 Stream_Free(s, TRUE);
492 static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
496 UINT32 packetSize = 16;
497 UINT16 fieldsPresent = 0;
498 WCHAR* PAACookie = NULL;
499 size_t PAACookieLen = 0;
500 const UINT32 capabilities = HTTP_CAPABILITY_TYPE_QUAR_SOH |
501 HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN |
502 HTTP_CAPABILITY_MESSAGING_SERVICE_MSG;
504 if (rdg->extAuth == HTTP_EXTENDED_AUTH_PAA)
507 ConvertUtf8ToWCharAlloc(rdg->context->settings->GatewayAccessToken, &PAACookieLen);
509 if (!PAACookie || (PAACookieLen > UINT16_MAX /
sizeof(WCHAR)))
516 packetSize += 2 + (UINT32)(PAACookieLen) *
sizeof(WCHAR);
517 fieldsPresent = HTTP_TUNNEL_PACKET_FIELD_PAA_COOKIE;
520 s = Stream_New(NULL, packetSize);
528 Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_CREATE);
529 Stream_Write_UINT16(s, 0);
530 Stream_Write_UINT32(s, packetSize);
531 Stream_Write_UINT32(s, capabilities);
532 Stream_Write_UINT16(s, fieldsPresent);
533 Stream_Write_UINT16(s, 0);
537 Stream_Write_UINT16(s, (UINT16)PAACookieLen *
sizeof(WCHAR));
538 Stream_Write_UTF16_String(s, PAACookie, PAACookieLen);
541 Stream_SealLength(s);
542 status = rdg_write_packet(rdg, s);
543 Stream_Free(s, TRUE);
548 rdg->state = RDG_CLIENT_STATE_TUNNEL_CREATE;
554 static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg)
559 size_t clientNameLen = 0;
561 rdg->context->settings, FreeRDP_ClientHostname, &clientNameLen);
565 const size_t packetSize = 12ull + clientNameLen *
sizeof(WCHAR);
566 if (!clientName || (clientNameLen >= UINT16_MAX /
sizeof(WCHAR)) || (packetSize > UINT32_MAX))
572 s = Stream_New(NULL, packetSize);
580 Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_AUTH);
581 Stream_Write_UINT16(s, 0);
582 Stream_Write_UINT32(s, (UINT32)packetSize);
583 Stream_Write_UINT16(s, 0);
584 Stream_Write_UINT16(s, (UINT16)clientNameLen *
sizeof(WCHAR));
585 Stream_Write_UTF16_String(s, clientName, clientNameLen);
586 Stream_SealLength(s);
587 status = rdg_write_packet(rdg, s);
588 Stream_Free(s, TRUE);
593 rdg->state = RDG_CLIENT_STATE_TUNNEL_AUTHORIZE;
599 static BOOL rdg_send_channel_create(rdpRdg* rdg)
603 WCHAR* serverName = NULL;
604 size_t serverNameLen = 0;
608 FreeRDP_ServerHostname, &serverNameLen);
611 const size_t packetSize = 16ull + serverNameLen *
sizeof(WCHAR);
612 if (!serverName || (serverNameLen >= UINT16_MAX /
sizeof(WCHAR)) || (packetSize > UINT32_MAX))
615 s = Stream_New(NULL, packetSize);
620 Stream_Write_UINT16(s, PKT_TYPE_CHANNEL_CREATE);
621 Stream_Write_UINT16(s, 0);
622 Stream_Write_UINT32(s, (UINT32)packetSize);
623 Stream_Write_UINT8(s, 1);
624 Stream_Write_UINT8(s, 0);
625 Stream_Write_UINT16(s,
626 (UINT16)rdg->context->settings->ServerPort);
627 Stream_Write_UINT16(s, 3);
628 Stream_Write_UINT16(s, (UINT16)serverNameLen *
sizeof(WCHAR));
629 Stream_Write_UTF16_String(s, serverName, serverNameLen);
630 Stream_SealLength(s);
631 status = rdg_write_packet(rdg, s);
634 Stream_Free(s, TRUE);
637 rdg->state = RDG_CLIENT_STATE_CHANNEL_CREATE;
642 static BOOL rdg_set_auth_header(rdpCredsspAuth* auth, HttpRequest* request)
644 const SecBuffer* authToken = credssp_auth_get_output_buffer(auth);
645 char* base64AuthToken = NULL;
649 if (authToken->cbBuffer > INT_MAX)
652 base64AuthToken = crypto_base64_encode(authToken->pvBuffer, (
int)authToken->cbBuffer);
657 BOOL rc = http_request_set_auth_scheme(request, credssp_auth_pkg_name(auth)) &&
658 http_request_set_auth_param(request, base64AuthToken);
659 free(base64AuthToken);
668 static wStream* rdg_build_http_request(rdpRdg* rdg,
const char* method,
669 TRANSFER_ENCODING transferEncoding)
672 HttpRequest* request = NULL;
673 const char* uri = NULL;
678 uri = http_context_get_uri(rdg->http);
679 request = http_request_new();
684 if (!http_request_set_method(request, method) || !http_request_set_uri(request, uri))
689 if (!rdg_set_auth_header(rdg->auth, request))
693 else if (rdg->extAuth == HTTP_EXTENDED_AUTH_BEARER)
695 http_request_set_auth_scheme(request,
"Bearer");
696 http_request_set_auth_param(request, rdg->context->settings->GatewayHttpExtAuthBearer);
699 http_request_set_transfer_encoding(request, transferEncoding);
701 s = http_request_write(rdg->http, request);
703 http_request_free(request);
706 Stream_SealLength(s);
711 static BOOL rdg_recv_auth_token(wLog* log, rdpCredsspAuth* auth, HttpResponse* response)
714 const char* token64 = NULL;
715 size_t authTokenLength = 0;
716 BYTE* authTokenData = NULL;
721 if (!auth || !response)
724 StatusCode = http_response_get_status_code(response);
727 case HTTP_STATUS_DENIED:
729 case HTTP_STATUS_SWITCH_PROTOCOLS:
732 http_response_log_error_status(log, WLOG_WARN, response);
736 token64 = http_response_get_auth_token(response, credssp_auth_pkg_name(auth));
741 len = strlen(token64);
743 crypto_base64_decode(token64, len, &authTokenData, &authTokenLength);
745 if (authTokenLength && authTokenData && (authTokenLength <= UINT32_MAX))
747 authToken.pvBuffer = authTokenData;
748 authToken.cbBuffer = (UINT32)authTokenLength;
749 credssp_auth_take_input_buffer(auth, &authToken);
754 rc = credssp_auth_authenticate(auth);
761 static BOOL rdg_skip_seed_payload(rdpContext* context, rdpTls* tls,
size_t lastResponseLength,
762 rdg_http_encoding_context* transferEncoding)
764 BYTE seed_payload[10] = { 0 };
765 const size_t size =
sizeof(seed_payload);
770 if (lastResponseLength < size)
772 if (!rdg_read_all(context, tls, seed_payload, size - lastResponseLength, transferEncoding))
781 static BOOL rdg_process_handshake_response(rdpRdg* rdg,
wStream* s)
783 UINT32 errorCode = 0;
784 UINT16 serverVersion = 0;
785 UINT16 extendedAuth = 0;
788 const char* error = NULL;
789 WLog_Print(rdg->log, WLOG_DEBUG,
"Handshake response received");
791 if (rdg->state != RDG_CLIENT_STATE_HANDSHAKE)
796 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 10))
799 Stream_Read_UINT32(s, errorCode);
800 Stream_Read_UINT8(s, verMajor);
801 Stream_Read_UINT8(s, verMinor);
802 Stream_Read_UINT16(s, serverVersion);
803 Stream_Read_UINT16(s, extendedAuth);
804 error = rpc_error_to_string(errorCode);
805 WLog_Print(rdg->log, WLOG_DEBUG,
806 "errorCode=%s, verMajor=%" PRId8
", verMinor=%" PRId8
", serverVersion=%" PRId16
808 error, verMajor, verMinor, serverVersion, extended_auth_to_string(extendedAuth));
810 if (FAILED((HRESULT)errorCode))
812 WLog_Print(rdg->log, WLOG_ERROR,
"Handshake error %s", error);
813 freerdp_set_last_error_log(rdg->context, errorCode);
817 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
818 return rdg_send_extauth_sspi(rdg);
820 return rdg_send_tunnel_request(rdg);
823 static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg,
wStream* s, UINT16 fieldsPresent)
825 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID)
828 if (!Stream_SafeSeek(s, 4))
830 WLog_Print(rdg->log, WLOG_ERROR,
"Short tunnelId, got %" PRIuz
", expected 4",
831 Stream_GetRemainingLength(s));
836 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CAPS)
839 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 4))
842 Stream_Read_UINT32(s, caps);
843 WLog_Print(rdg->log, WLOG_DEBUG,
"capabilities=%s", capabilities_enum_to_string(caps));
846 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ)
849 if (!Stream_SafeSeek(s, 20))
851 WLog_Print(rdg->log, WLOG_ERROR,
"Short nonce, got %" PRIuz
", expected 20",
852 Stream_GetRemainingLength(s));
857 if (!rdg_read_http_unicode_string(rdg->log, s, NULL, NULL))
859 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read server certificate");
864 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG)
866 const WCHAR* msg = NULL;
867 UINT16 msgLenBytes = 0;
868 rdpContext* context = rdg->context;
870 WINPR_ASSERT(context);
871 WINPR_ASSERT(context->instance);
874 if (!rdg_read_http_unicode_string(rdg->log, s, &msg, &msgLenBytes))
876 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read consent message");
880 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
881 GATEWAY_MESSAGE_CONSENT, TRUE, TRUE, msgLenBytes, msg);
887 static BOOL rdg_process_tunnel_response(rdpRdg* rdg,
wStream* s)
889 UINT16 serverVersion = 0;
890 UINT16 fieldsPresent = 0;
891 UINT32 errorCode = 0;
892 const char* error = NULL;
893 WLog_Print(rdg->log, WLOG_DEBUG,
"Tunnel response received");
895 if (rdg->state != RDG_CLIENT_STATE_TUNNEL_CREATE)
900 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 10))
903 Stream_Read_UINT16(s, serverVersion);
904 Stream_Read_UINT32(s, errorCode);
905 Stream_Read_UINT16(s, fieldsPresent);
906 Stream_Seek_UINT16(s);
907 error = rpc_error_to_string(errorCode);
908 WLog_Print(rdg->log, WLOG_DEBUG,
"serverVersion=%" PRId16
", errorCode=%s, fieldsPresent=%s",
909 serverVersion, error, tunnel_response_fields_present_to_string(fieldsPresent));
911 if (FAILED((HRESULT)errorCode))
913 WLog_Print(rdg->log, WLOG_ERROR,
"Tunnel creation error %s", error);
914 freerdp_set_last_error_log(rdg->context, errorCode);
918 if (!rdg_process_tunnel_response_optional(rdg, s, fieldsPresent))
921 return rdg_send_tunnel_authorization(rdg);
924 static BOOL rdg_process_tunnel_authorization_response(rdpRdg* rdg,
wStream* s)
926 UINT32 errorCode = 0;
927 UINT16 fieldsPresent = 0;
928 const char* error = NULL;
929 WLog_Print(rdg->log, WLOG_DEBUG,
"Tunnel authorization received");
931 if (rdg->state != RDG_CLIENT_STATE_TUNNEL_AUTHORIZE)
936 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
939 Stream_Read_UINT32(s, errorCode);
940 Stream_Read_UINT16(s, fieldsPresent);
941 Stream_Seek_UINT16(s);
942 error = rpc_error_to_string(errorCode);
943 WLog_Print(rdg->log, WLOG_DEBUG,
"errorCode=%s, fieldsPresent=%s", error,
944 tunnel_authorization_response_fields_present_to_string(fieldsPresent));
947 if (errorCode != S_OK && errorCode != E_PROXY_QUARANTINE_ACCESSDENIED)
949 WLog_Print(rdg->log, WLOG_ERROR,
"Tunnel authorization error %s", error);
950 freerdp_set_last_error_log(rdg->context, errorCode);
954 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS)
956 UINT32 redirFlags = 0;
957 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 4))
959 Stream_Read_UINT32(s, redirFlags);
961 rdpContext* context = rdg->context;
962 if (!utils_apply_gateway_policy(rdg->log, context, redirFlags,
"RDG"))
966 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT)
968 UINT32 idleTimeout = 0;
969 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 4))
971 Stream_Read_UINT32(s, idleTimeout);
972 WLog_Print(rdg->log, WLOG_DEBUG,
"[IDLE_TIMEOUT] idleTimeout=%" PRIu32
": TODO: unused",
976 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE)
979 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 2))
981 Stream_Read_UINT16(s, cbLen);
983 WLog_Print(rdg->log, WLOG_DEBUG,
"[SOH_RESPONSE] cbLen=%" PRIu16
": TODO: unused", cbLen);
984 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, cbLen))
986 Stream_Seek(s, cbLen);
989 return rdg_send_channel_create(rdg);
992 static BOOL rdg_process_extauth_sspi(rdpRdg* rdg,
wStream* s)
994 UINT32 errorCode = 0;
995 UINT16 authBlobLen = 0;
997 BYTE* authTokenData = NULL;
1001 Stream_Read_UINT32(s, errorCode);
1002 Stream_Read_UINT16(s, authBlobLen);
1004 if (errorCode != ERROR_SUCCESS)
1006 WLog_Print(rdg->log, WLOG_ERROR,
"EXTAUTH_SSPI_NTLM failed with error %s [0x%08X]",
1007 GetSecurityStatusString(errorCode), errorCode);
1011 if (authBlobLen == 0)
1013 if (credssp_auth_is_complete(rdg->auth))
1015 credssp_auth_free(rdg->auth);
1017 return rdg_send_tunnel_request(rdg);
1022 authTokenData = malloc(authBlobLen);
1023 if (authTokenData == NULL)
1025 Stream_Read(s, authTokenData, authBlobLen);
1027 authToken.pvBuffer = authTokenData;
1028 authToken.cbBuffer = authBlobLen;
1030 credssp_auth_take_input_buffer(rdg->auth, &authToken);
1032 if (credssp_auth_authenticate(rdg->auth) < 0)
1035 if (credssp_auth_have_output_token(rdg->auth))
1036 return rdg_send_extauth_sspi(rdg);
1041 static BOOL rdg_process_channel_response(rdpRdg* rdg,
wStream* s)
1043 UINT16 fieldsPresent = 0;
1044 UINT32 errorCode = 0;
1045 const char* error = NULL;
1046 WLog_Print(rdg->log, WLOG_DEBUG,
"Channel response received");
1048 if (rdg->state != RDG_CLIENT_STATE_CHANNEL_CREATE)
1053 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
1056 Stream_Read_UINT32(s, errorCode);
1057 Stream_Read_UINT16(s, fieldsPresent);
1058 Stream_Seek_UINT16(s);
1059 error = rpc_error_to_string(errorCode);
1060 WLog_Print(rdg->log, WLOG_DEBUG,
"channel response errorCode=%s, fieldsPresent=%s", error,
1061 channel_response_fields_present_to_string(fieldsPresent));
1063 if (FAILED((HRESULT)errorCode))
1065 WLog_Print(rdg->log, WLOG_ERROR,
"channel response errorCode=%s, fieldsPresent=%s", error,
1066 channel_response_fields_present_to_string(fieldsPresent));
1067 freerdp_set_last_error_log(rdg->context, errorCode);
1071 rdg->state = RDG_CLIENT_STATE_OPENED;
1075 static BOOL rdg_process_packet(rdpRdg* rdg,
wStream* s)
1079 UINT32 packetLength = 0;
1080 Stream_SetPosition(s, 0);
1082 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
1085 Stream_Read_UINT16(s, type);
1086 Stream_Seek_UINT16(s);
1087 Stream_Read_UINT32(s, packetLength);
1089 if (Stream_Length(s) < packetLength)
1091 WLog_Print(rdg->log, WLOG_ERROR,
"Short packet %" PRIuz
", expected %" PRIuz,
1092 Stream_Length(s), packetLength);
1098 case PKT_TYPE_HANDSHAKE_RESPONSE:
1099 status = rdg_process_handshake_response(rdg, s);
1102 case PKT_TYPE_TUNNEL_RESPONSE:
1103 status = rdg_process_tunnel_response(rdg, s);
1106 case PKT_TYPE_TUNNEL_AUTH_RESPONSE:
1107 status = rdg_process_tunnel_authorization_response(rdg, s);
1110 case PKT_TYPE_CHANNEL_RESPONSE:
1111 status = rdg_process_channel_response(rdg, s);
1115 WLog_Print(rdg->log, WLOG_ERROR,
"Unexpected packet type DATA");
1118 case PKT_TYPE_EXTENDED_AUTH_MSG:
1119 status = rdg_process_extauth_sspi(rdg, s);
1123 WLog_Print(rdg->log, WLOG_ERROR,
"PKG TYPE 0x%x not implemented", type);
1130 DWORD rdg_get_event_handles(rdpRdg* rdg, HANDLE* events, DWORD count)
1133 WINPR_ASSERT(rdg != NULL);
1135 if (rdg->tlsOut && rdg->tlsOut->bio)
1137 if (events && (nCount < count))
1139 BIO_get_event(rdg->tlsOut->bio, &events[nCount]);
1151 static BOOL rdg_get_gateway_credentials(rdpContext* context, rdp_auth_reason reason)
1153 freerdp* instance = context->instance;
1155 auth_status rc = utils_authenticate_gateway(instance, reason);
1161 case AUTH_CANCELLED:
1162 freerdp_set_last_error_log(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
1164 case AUTH_NO_CREDENTIALS:
1165 WLog_INFO(TAG,
"No credentials provided - using NULL identity");
1173 static BOOL rdg_auth_init(rdpRdg* rdg, rdpTls* tls, TCHAR* authPkg)
1175 rdpContext* context = rdg->context;
1176 rdpSettings* settings = context->settings;
1177 SEC_WINNT_AUTH_IDENTITY identity = { 0 };
1180 rdg->auth = credssp_auth_new(context);
1184 if (!credssp_auth_init(rdg->auth, authPkg, tls->Bindings))
1190 if (!smartcard_getCert(context, &rdg->smartcard, TRUE))
1193 if (!rdg_get_gateway_credentials(context, AUTH_SMARTCARD_PIN))
1198 if (!rdg_get_gateway_credentials(context, GW_AUTH_RDG))
1203 if (doSCLogon && !smartcard_getCert(context, &rdg->smartcard, TRUE))
1207 SEC_WINNT_AUTH_IDENTITY* identityArg = &identity;
1210 if (!identity_set_from_smartcard_hash(&identity, settings, FreeRDP_GatewayUsername,
1211 FreeRDP_GatewayDomain, FreeRDP_GatewayPassword,
1212 rdg->smartcard->sha1Hash,
1213 sizeof(rdg->smartcard->sha1Hash)))
1218 if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername,
1219 FreeRDP_GatewayDomain, FreeRDP_GatewayPassword))
1222 if (!settings->GatewayUsername)
1226 if (!credssp_auth_setup_client(rdg->auth,
"HTTP", settings->GatewayHostname, identityArg,
1227 rdg->smartcard ? rdg->smartcard->pkinitArgs : NULL))
1229 sspi_FreeAuthIdentity(&identity);
1232 sspi_FreeAuthIdentity(&identity);
1234 credssp_auth_set_flags(rdg->auth, ISC_REQ_CONFIDENTIALITY | ISC_REQ_MUTUAL_AUTH);
1236 rc = credssp_auth_authenticate(rdg->auth);
1243 static BOOL rdg_send_http_request(rdpRdg* rdg, rdpTls* tls,
const char* method,
1244 TRANSFER_ENCODING transferEncoding)
1247 wStream* s = rdg_build_http_request(rdg, method, transferEncoding);
1252 const size_t sz = Stream_Length(s);
1253 status = freerdp_tls_write_all(tls, Stream_Buffer(s), sz);
1255 Stream_Free(s, TRUE);
1256 return (status >= 0);
1259 static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls,
const char* peerAddress,
int timeout)
1262 BIO* layerBio = NULL;
1263 BIO* bufferedBio = NULL;
1265 rdpSettings* settings = rdg->context->settings;
1266 rdpTransport* transport = freerdp_get_transport(rdg->context);
1267 const char* peerHostname = settings->GatewayHostname;
1268 UINT16 peerPort = (UINT16)settings->GatewayPort;
1269 const char* proxyUsername = NULL;
1270 const char* proxyPassword = NULL;
1271 BOOL isProxyConnection =
1272 proxy_prepare(settings, &peerHostname, &peerPort, &proxyUsername, &proxyPassword);
1274 if (settings->GatewayPort > UINT16_MAX)
1277 layer = transport_connect_layer(transport, peerAddress ? peerAddress : peerHostname, peerPort,
1285 layerBio = BIO_new(BIO_s_transport_layer());
1288 transport_layer_free(layer);
1291 BIO_set_data(layerBio, layer);
1293 bufferedBio = BIO_new(BIO_s_buffered_socket());
1296 BIO_free_all(layerBio);
1300 bufferedBio = BIO_push(bufferedBio, layerBio);
1301 status = BIO_set_nonblock(bufferedBio, TRUE);
1303 if (isProxyConnection)
1305 if (!proxy_connect(rdg->context, bufferedBio, proxyUsername, proxyPassword,
1306 settings->GatewayHostname, (UINT16)settings->GatewayPort))
1308 BIO_free_all(bufferedBio);
1315 BIO_free_all(bufferedBio);
1319 tls->hostname = settings->GatewayHostname;
1320 tls->port = MIN(UINT16_MAX, settings->GatewayPort);
1321 tls->isGatewayTransport = TRUE;
1322 status = freerdp_tls_connect(tls, bufferedBio);
1325 rdpContext* context = rdg->context;
1328 freerdp_set_last_error_if_not(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
1332 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
1337 return (status >= 1);
1340 static BOOL rdg_establish_data_connection(rdpRdg* rdg, rdpTls* tls,
const char* method,
1341 const char* peerAddress,
int timeout, BOOL* rpcFallback)
1343 char buffer[64] = { 0 };
1344 HttpResponse* response = NULL;
1346 if (!rdg_tls_connect(rdg, tls, peerAddress, timeout))
1349 WINPR_ASSERT(rpcFallback);
1350 if (rdg->context->settings->GatewayHttpExtAuthBearer && rdg->extAuth == HTTP_EXTENDED_AUTH_NONE)
1351 rdg->extAuth = HTTP_EXTENDED_AUTH_BEARER;
1352 if (rdg->extAuth == HTTP_EXTENDED_AUTH_NONE)
1354 if (!rdg_auth_init(rdg, tls, AUTH_PKG))
1357 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1360 response = http_response_recv(tls, TRUE);
1365 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1366 *rpcFallback = TRUE;
1370 const long StatusCode = http_response_get_status_code(response);
1374 case HTTP_STATUS_NOT_FOUND:
1376 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway does not support HTTP transport.");
1377 *rpcFallback = TRUE;
1379 http_response_free(response);
1382 case HTTP_STATUS_OK:
1385 http_response_log_error_status(rdg->log, WLOG_WARN, response);
1389 while (!credssp_auth_is_complete(rdg->auth))
1391 if (!rdg_recv_auth_token(rdg->log, rdg->auth, response))
1393 http_response_free(response);
1397 if (credssp_auth_have_output_token(rdg->auth))
1399 http_response_free(response);
1401 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1404 response = http_response_recv(tls, TRUE);
1407 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1408 *rpcFallback = TRUE;
1413 credssp_auth_free(rdg->auth);
1418 credssp_auth_free(rdg->auth);
1421 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1424 response = http_response_recv(tls, TRUE);
1428 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1429 *rpcFallback = TRUE;
1434 const long statusCode = http_response_get_status_code(response);
1435 const size_t bodyLength = http_response_get_body_length(response);
1436 const TRANSFER_ENCODING encoding = http_response_get_transfer_encoding(response);
1437 const BOOL isWebsocket = http_response_is_websocket(rdg->http, response);
1439 WLog_Print(rdg->log, WLOG_DEBUG,
"%s authorization result: %s", method,
1440 freerdp_http_status_string_format(statusCode, buffer, ARRAYSIZE(buffer)));
1444 case HTTP_STATUS_OK:
1447 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1448 http_response_free(response);
1450 case HTTP_STATUS_DENIED:
1451 freerdp_set_last_error_log(rdg->context, FREERDP_ERROR_CONNECT_ACCESS_DENIED);
1452 http_response_free(response);
1454 case HTTP_STATUS_SWITCH_PROTOCOLS:
1455 http_response_free(response);
1462 if (http_context_is_websocket_upgrade_enabled(rdg->http))
1464 long fd = BIO_get_fd(tls->bio, NULL);
1466 closesocket((SOCKET)fd);
1467 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1468 return rdg_establish_data_connection(rdg, tls, method, peerAddress, timeout,
1473 rdg->transferEncoding.isWebsocketTransport = TRUE;
1474 rdg->transferEncoding.context.websocket.state = WebsocketStateOpcodeAndFin;
1475 rdg->transferEncoding.context.websocket.responseStreamBuffer = NULL;
1476 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
1480 if (!rdg_auth_init(rdg, tls, NTLM_SSP_NAME))
1485 http_response_log_error_status(rdg->log, WLOG_WARN, response);
1486 http_response_free(response);
1490 if (strcmp(method,
"RDG_OUT_DATA") == 0)
1492 if (encoding == TransferEncodingChunked)
1494 rdg->transferEncoding.httpTransferEncoding = TransferEncodingChunked;
1495 rdg->transferEncoding.context.chunked.nextOffset = 0;
1496 rdg->transferEncoding.context.chunked.headerFooterPos = 0;
1497 rdg->transferEncoding.context.chunked.state = ChunkStateLenghHeader;
1499 if (!rdg_skip_seed_payload(rdg->context, tls, bodyLength, &rdg->transferEncoding))
1506 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingChunked))
1509 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
1513 if (!rdg_auth_init(rdg, tls, NTLM_SSP_NAME))
1521 static BOOL rdg_tunnel_connect(rdpRdg* rdg)
1525 rdg_send_handshake(rdg);
1527 while (rdg->state < RDG_CLIENT_STATE_OPENED)
1530 s = rdg_receive_packet(rdg);
1534 status = rdg_process_packet(rdg, s);
1535 Stream_Free(s, TRUE);
1541 WINPR_ASSERT(rdg->context);
1542 WINPR_ASSERT(rdg->context->rdp);
1543 transport_set_layer(rdg->context->rdp->transport, TRANSPORT_LAYER_CLOSED);
1551 BOOL rdg_connect(rdpRdg* rdg, DWORD timeout, BOOL* rpcFallback)
1554 SOCKET outConnSocket = 0;
1555 char* peerAddress = NULL;
1556 BOOL rpcFallbackLocal = FALSE;
1558 WINPR_ASSERT(rdg != NULL);
1559 status = rdg_establish_data_connection(rdg, rdg->tlsOut,
"RDG_OUT_DATA", NULL, timeout,
1564 if (rdg->transferEncoding.isWebsocketTransport)
1566 WLog_Print(rdg->log, WLOG_DEBUG,
"Upgraded to websocket. RDG_IN_DATA not required");
1573 BIO_get_socket(rdg->tlsOut->underlying, &outConnSocket);
1574 peerAddress = freerdp_tcp_get_peer_address(outConnSocket);
1575 status = rdg_establish_data_connection(rdg, rdg->tlsIn,
"RDG_IN_DATA", peerAddress,
1576 timeout, &rpcFallbackLocal);
1582 *rpcFallback = rpcFallbackLocal;
1587 WINPR_ASSERT(rdg->context);
1588 WINPR_ASSERT(rdg->context->rdp);
1589 if (rpcFallbackLocal)
1591 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1592 credssp_auth_free(rdg->auth);
1596 transport_set_layer(rdg->context->rdp->transport, TRANSPORT_LAYER_CLOSED);
1600 status = rdg_tunnel_connect(rdg);
1608 static int rdg_write_websocket_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1614 uint32_t maskingKey = 0;
1615 BYTE* maskingKeyByte1 = (BYTE*)&maskingKey;
1616 BYTE* maskingKeyByte2 = maskingKeyByte1 + 1;
1617 BYTE* maskingKeyByte3 = maskingKeyByte1 + 2;
1618 BYTE* maskingKeyByte4 = maskingKeyByte1 + 3;
1620 winpr_RAND(&maskingKey, 4);
1625 const size_t payloadSize = (size_t)isize + 10;
1627 if (payloadSize < 1)
1630 if (payloadSize < 126)
1631 fullLen = payloadSize + 6;
1632 else if (payloadSize < 0x10000)
1633 fullLen = payloadSize + 8;
1635 fullLen = payloadSize + 14;
1637 sWS = Stream_New(NULL, fullLen);
1641 Stream_Write_UINT8(sWS, WEBSOCKET_FIN_BIT | WebsocketBinaryOpcode);
1642 if (payloadSize < 126)
1643 Stream_Write_UINT8(sWS, (UINT8)payloadSize | WEBSOCKET_MASK_BIT);
1644 else if (payloadSize < 0x10000)
1646 Stream_Write_UINT8(sWS, 126 | WEBSOCKET_MASK_BIT);
1647 Stream_Write_UINT16_BE(sWS, (UINT16)payloadSize);
1651 Stream_Write_UINT8(sWS, 127 | WEBSOCKET_MASK_BIT);
1653 Stream_Write_UINT32_BE(sWS, 0);
1654 Stream_Write_UINT32_BE(sWS, (UINT32)payloadSize);
1656 Stream_Write_UINT32(sWS, maskingKey);
1658 Stream_Write_UINT16(sWS, PKT_TYPE_DATA ^ (*maskingKeyByte1 | *maskingKeyByte2 << 8));
1659 Stream_Write_UINT16(sWS, 0 ^ (*maskingKeyByte3 | *maskingKeyByte4 << 8));
1660 Stream_Write_UINT32(sWS, (UINT32)payloadSize ^ maskingKey);
1661 Stream_Write_UINT16(sWS,
1662 (UINT16)isize ^ (*maskingKeyByte1 | *maskingKeyByte2 << 8));
1665 maskingKey = (maskingKey & 0xffff) << 16 | (maskingKey >> 16);
1668 size_t streamPos = 0;
1669 for (; streamPos + 4 <= (size_t)isize; streamPos += 4)
1671 uint32_t masked = *((
const uint32_t*)(buf + streamPos)) ^ maskingKey;
1672 Stream_Write_UINT32(sWS, masked);
1676 for (; streamPos < (size_t)isize; streamPos++)
1678 BYTE* partialMask = (BYTE*)(&maskingKey) + streamPos % 4;
1679 BYTE masked = *((buf + streamPos)) ^ *partialMask;
1680 Stream_Write_UINT8(sWS, masked);
1683 Stream_SealLength(sWS);
1685 status = freerdp_tls_write_all(rdg->tlsOut, Stream_Buffer(sWS), Stream_Length(sWS));
1686 Stream_Free(sWS, TRUE);
1694 static int rdg_write_chunked_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1700 if (isize > UINT16_MAX)
1703 const size_t size = (size_t)isize;
1707 const size_t packetSize = size + 10;
1708 char chunkSize[11] = { 0 };
1709 (void)sprintf_s(chunkSize,
sizeof(chunkSize),
"%" PRIxz
"\r\n", packetSize);
1710 sChunk = Stream_New(NULL, strnlen(chunkSize,
sizeof(chunkSize)) + packetSize + 2);
1715 Stream_Write(sChunk, chunkSize, strnlen(chunkSize,
sizeof(chunkSize)));
1716 Stream_Write_UINT16(sChunk, PKT_TYPE_DATA);
1717 Stream_Write_UINT16(sChunk, 0);
1718 Stream_Write_UINT32(sChunk, (UINT32)packetSize);
1719 Stream_Write_UINT16(sChunk, (UINT16)size);
1720 Stream_Write(sChunk, buf, size);
1721 Stream_Write(sChunk,
"\r\n", 2);
1722 Stream_SealLength(sChunk);
1723 len = Stream_Length(sChunk);
1725 status = freerdp_tls_write_all(rdg->tlsIn, Stream_Buffer(sChunk), len);
1726 Stream_Free(sChunk, TRUE);
1734 static int rdg_write_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1736 if (rdg->transferEncoding.isWebsocketTransport)
1738 if (rdg->transferEncoding.context.websocket.closeSent == TRUE)
1740 return rdg_write_websocket_data_packet(rdg, buf, isize);
1743 return rdg_write_chunked_data_packet(rdg, buf, isize);
1746 static BOOL rdg_process_close_packet(rdpRdg* rdg,
wStream* s)
1750 UINT32 errorCode = 0;
1751 UINT32 packetSize = 12;
1754 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 4))
1756 Stream_Read_UINT32(s, errorCode);
1759 freerdp_set_last_error_log(rdg->context, errorCode);
1761 sClose = Stream_New(NULL, packetSize);
1765 Stream_Write_UINT16(sClose, PKT_TYPE_CLOSE_CHANNEL_RESPONSE);
1766 Stream_Write_UINT16(sClose, 0);
1767 Stream_Write_UINT32(sClose, packetSize);
1768 Stream_Write_UINT32(sClose, 0);
1769 Stream_SealLength(sClose);
1770 status = rdg_write_packet(rdg, sClose);
1771 Stream_Free(sClose, TRUE);
1773 return (status < 0 ? FALSE : TRUE);
1776 static BOOL rdg_process_keep_alive_packet(rdpRdg* rdg)
1780 size_t packetSize = 8;
1782 sKeepAlive = Stream_New(NULL, packetSize);
1787 Stream_Write_UINT16(sKeepAlive, PKT_TYPE_KEEPALIVE);
1788 Stream_Write_UINT16(sKeepAlive, 0);
1789 Stream_Write_UINT32(sKeepAlive, (UINT32)packetSize);
1790 Stream_SealLength(sKeepAlive);
1791 status = rdg_write_packet(rdg, sKeepAlive);
1792 Stream_Free(sKeepAlive, TRUE);
1794 return (status < 0 ? FALSE : TRUE);
1797 static BOOL rdg_process_service_message(rdpRdg* rdg,
wStream* s)
1799 const WCHAR* msg = NULL;
1800 UINT16 msgLenBytes = 0;
1801 rdpContext* context = rdg->context;
1802 WINPR_ASSERT(context);
1803 WINPR_ASSERT(context->instance);
1806 if (!rdg_read_http_unicode_string(rdg->log, s, &msg, &msgLenBytes))
1808 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read string");
1812 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1813 GATEWAY_MESSAGE_SERVICE, TRUE, FALSE, msgLenBytes, msg);
1816 static BOOL rdg_process_unknown_packet(rdpRdg* rdg,
int type)
1820 WLog_Print(rdg->log, WLOG_WARN,
"Unknown Control Packet received: %X", type);
1824 static BOOL rdg_process_control_packet(rdpRdg* rdg,
int type,
size_t packetLength)
1827 size_t readCount = 0;
1829 size_t payloadSize = packetLength -
sizeof(RdgPacketHeader);
1831 if (packetLength <
sizeof(RdgPacketHeader))
1835 WINPR_ASSERT(
sizeof(RdgPacketHeader) < INT_MAX);
1839 s = Stream_New(NULL, payloadSize);
1844 while (readCount < payloadSize)
1846 if (rdg_shall_abort(rdg))
1848 Stream_Free(s, TRUE);
1851 status = rdg_socket_read(rdg->tlsOut->bio, Stream_Pointer(s), payloadSize - readCount,
1852 &rdg->transferEncoding);
1856 if (!BIO_should_retry(rdg->tlsOut->bio))
1858 Stream_Free(s, TRUE);
1865 Stream_Seek(s, (
size_t)status);
1866 readCount += (size_t)status;
1868 if (readCount > INT_MAX)
1870 Stream_Free(s, TRUE);
1875 Stream_SetPosition(s, 0);
1880 case PKT_TYPE_CLOSE_CHANNEL:
1881 EnterCriticalSection(&rdg->writeSection);
1882 status = rdg_process_close_packet(rdg, s);
1883 LeaveCriticalSection(&rdg->writeSection);
1886 case PKT_TYPE_KEEPALIVE:
1887 EnterCriticalSection(&rdg->writeSection);
1888 status = rdg_process_keep_alive_packet(rdg);
1889 LeaveCriticalSection(&rdg->writeSection);
1892 case PKT_TYPE_SERVICE_MESSAGE:
1895 WLog_Print(rdg->log, WLOG_ERROR,
1896 "PKT_TYPE_SERVICE_MESSAGE requires payload but none was sent");
1899 status = rdg_process_service_message(rdg, s);
1902 case PKT_TYPE_REAUTH_MESSAGE:
1904 status = rdg_process_unknown_packet(rdg, type);
1908 Stream_Free(s, TRUE);
1912 static int rdg_read_data_packet(rdpRdg* rdg, BYTE* buffer,
size_t size)
1914 RdgPacketHeader header = { 0 };
1915 size_t readCount = 0;
1916 size_t readSize = 0;
1919 if (!rdg->packetRemainingCount)
1922 WINPR_ASSERT(
sizeof(RdgPacketHeader) < INT_MAX);
1924 while (readCount <
sizeof(RdgPacketHeader))
1926 if (rdg_shall_abort(rdg))
1929 status = rdg_socket_read(rdg->tlsOut->bio, (BYTE*)(&header) + readCount,
1930 (
int)
sizeof(RdgPacketHeader) - (
int)readCount,
1931 &rdg->transferEncoding);
1935 if (!BIO_should_retry(rdg->tlsOut->bio))
1941 BIO_wait_read(rdg->tlsOut->bio, 50);
1945 readCount += (size_t)status;
1947 if (readCount > INT_MAX)
1951 if (header.type != PKT_TYPE_DATA)
1953 status = rdg_process_control_packet(rdg, header.type, header.packetLength);
1963 while (readCount < 2)
1965 if (rdg_shall_abort(rdg))
1968 rdg_socket_read(rdg->tlsOut->bio, (BYTE*)(&rdg->packetRemainingCount) + readCount,
1969 2 - (
int)readCount, &rdg->transferEncoding);
1973 if (!BIO_should_retry(rdg->tlsOut->bio))
1976 BIO_wait_read(rdg->tlsOut->bio, 50);
1980 readCount += (size_t)status;
1984 readSize = (rdg->packetRemainingCount < size) ? rdg->packetRemainingCount : size;
1985 status = rdg_socket_read(rdg->tlsOut->bio, buffer, readSize, &rdg->transferEncoding);
1989 if (!BIO_should_retry(rdg->tlsOut->bio))
1997 rdg->packetRemainingCount -= status;
2001 static int rdg_bio_write(BIO* bio,
const char* buf,
int num)
2004 rdpRdg* rdg = (rdpRdg*)BIO_get_data(bio);
2008 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
2009 EnterCriticalSection(&rdg->writeSection);
2010 status = rdg_write_data_packet(rdg, (
const BYTE*)buf, num);
2011 LeaveCriticalSection(&rdg->writeSection);
2015 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2018 else if (status < num)
2020 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2021 WSASetLastError(WSAEWOULDBLOCK);
2025 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2031 static int rdg_bio_read(BIO* bio,
char* buf,
int size)
2034 rdpRdg* rdg = (rdpRdg*)BIO_get_data(bio);
2037 status = rdg_read_data_packet(rdg, (BYTE*)buf, (
size_t)size);
2041 BIO_clear_retry_flags(bio);
2044 else if (status == 0)
2046 BIO_set_retry_read(bio);
2047 WSASetLastError(WSAEWOULDBLOCK);
2052 BIO_set_flags(bio, BIO_FLAGS_READ);
2058 static int rdg_bio_puts(BIO* bio,
const char* str)
2066 static int rdg_bio_gets(BIO* bio,
char* str,
int size)
2074 static long rdg_bio_ctrl(BIO* in_bio,
int cmd,
long arg1,
void* arg2)
2077 rdpRdg* rdg = (rdpRdg*)BIO_get_data(in_bio);
2078 rdpTls* tlsOut = rdg->tlsOut;
2079 rdpTls* tlsIn = rdg->tlsIn;
2081 if (cmd == BIO_CTRL_FLUSH)
2083 (void)BIO_flush(tlsOut->bio);
2084 if (!rdg->transferEncoding.isWebsocketTransport)
2085 (void)BIO_flush(tlsIn->bio);
2088 else if (cmd == BIO_C_SET_NONBLOCK)
2092 else if (cmd == BIO_C_READ_BLOCKED)
2094 BIO* cbio = tlsOut->bio;
2095 status = BIO_read_blocked(cbio);
2097 else if (cmd == BIO_C_WRITE_BLOCKED)
2099 BIO* cbio = tlsIn->bio;
2101 if (rdg->transferEncoding.isWebsocketTransport)
2104 status = BIO_write_blocked(cbio);
2106 else if (cmd == BIO_C_WAIT_READ)
2108 int timeout = (int)arg1;
2109 BIO* cbio = tlsOut->bio;
2111 if (BIO_read_blocked(cbio))
2112 return BIO_wait_read(cbio, timeout);
2113 else if (BIO_write_blocked(cbio))
2114 return BIO_wait_write(cbio, timeout);
2118 else if (cmd == BIO_C_WAIT_WRITE)
2120 int timeout = (int)arg1;
2121 BIO* cbio = tlsIn->bio;
2123 if (rdg->transferEncoding.isWebsocketTransport)
2126 if (BIO_write_blocked(cbio))
2127 status = BIO_wait_write(cbio, timeout);
2128 else if (BIO_read_blocked(cbio))
2129 status = BIO_wait_read(cbio, timeout);
2133 else if (cmd == BIO_C_GET_EVENT || cmd == BIO_C_GET_FD)
2143 status = BIO_ctrl(tlsOut->bio, cmd, arg1, arg2);
2145 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
2146 else if (cmd == BIO_CTRL_GET_KTLS_SEND)
2154 else if (cmd == BIO_CTRL_GET_KTLS_RECV)
2165 static int rdg_bio_new(BIO* bio)
2167 BIO_set_init(bio, 1);
2168 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2172 static int rdg_bio_free(BIO* bio)
2178 static BIO_METHOD* BIO_s_rdg(
void)
2180 static BIO_METHOD* bio_methods = NULL;
2182 if (bio_methods == NULL)
2184 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG,
"RDGateway")))
2187 BIO_meth_set_write(bio_methods, rdg_bio_write);
2188 BIO_meth_set_read(bio_methods, rdg_bio_read);
2189 BIO_meth_set_puts(bio_methods, rdg_bio_puts);
2190 BIO_meth_set_gets(bio_methods, rdg_bio_gets);
2191 BIO_meth_set_ctrl(bio_methods, rdg_bio_ctrl);
2192 BIO_meth_set_create(bio_methods, rdg_bio_new);
2193 BIO_meth_set_destroy(bio_methods, rdg_bio_free);
2199 rdpRdg* rdg_new(rdpContext* context)
2206 rdg = (rdpRdg*)calloc(1,
sizeof(rdpRdg));
2210 rdg->log = WLog_Get(TAG);
2211 rdg->state = RDG_CLIENT_STATE_INITIAL;
2212 rdg->context = context;
2214 (rdg->context->settings->GatewayHttpExtAuthSspiNtlm ? HTTP_EXTENDED_AUTH_SSPI_NTLM
2215 : HTTP_EXTENDED_AUTH_NONE);
2217 if (rdg->context->settings->GatewayAccessToken)
2218 rdg->extAuth = HTTP_EXTENDED_AUTH_PAA;
2220 UuidCreate(&rdg->guid);
2222 rdg->tlsOut = freerdp_tls_new(rdg->context);
2225 goto rdg_alloc_error;
2227 rdg->tlsIn = freerdp_tls_new(rdg->context);
2230 goto rdg_alloc_error;
2232 rdg->http = http_context_new();
2235 goto rdg_alloc_error;
2237 if (!http_context_set_uri(rdg->http,
"/remoteDesktopGateway/") ||
2238 !http_context_set_accept(rdg->http,
"*/*") ||
2239 !http_context_set_cache_control(rdg->http,
"no-cache") ||
2240 !http_context_set_pragma(rdg->http,
"no-cache") ||
2241 !http_context_set_connection(rdg->http,
"Keep-Alive") ||
2242 !http_context_set_user_agent(rdg->http,
"MS-RDGateway/1.0") ||
2243 !http_context_set_host(rdg->http, rdg->context->settings->GatewayHostname) ||
2244 !http_context_set_rdg_connection_id(rdg->http, &rdg->guid) ||
2245 !http_context_set_rdg_correlation_id(rdg->http, &rdg->guid) ||
2246 !http_context_enable_websocket_upgrade(
2248 FreeRDP_GatewayHttpUseWebsockets)))
2250 goto rdg_alloc_error;
2253 if (rdg->extAuth != HTTP_EXTENDED_AUTH_NONE)
2255 switch (rdg->extAuth)
2257 case HTTP_EXTENDED_AUTH_PAA:
2258 if (!http_context_set_rdg_auth_scheme(rdg->http,
"PAA"))
2259 goto rdg_alloc_error;
2263 case HTTP_EXTENDED_AUTH_SSPI_NTLM:
2264 if (!http_context_set_rdg_auth_scheme(rdg->http,
"SSPI_NTLM"))
2265 goto rdg_alloc_error;
2270 WLog_Print(rdg->log, WLOG_DEBUG,
2271 "RDG extended authentication method %d not supported", rdg->extAuth);
2275 rdg->frontBio = BIO_new(BIO_s_rdg());
2278 goto rdg_alloc_error;
2280 BIO_set_data(rdg->frontBio, rdg);
2281 InitializeCriticalSection(&rdg->writeSection);
2283 rdg->transferEncoding.httpTransferEncoding = TransferEncodingIdentity;
2284 rdg->transferEncoding.isWebsocketTransport = FALSE;
2289 WINPR_PRAGMA_DIAG_PUSH
2290 WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC
2292 WINPR_PRAGMA_DIAG_POP
2296 void rdg_free(rdpRdg* rdg)
2301 freerdp_tls_free(rdg->tlsOut);
2302 freerdp_tls_free(rdg->tlsIn);
2303 http_context_free(rdg->http);
2304 credssp_auth_free(rdg->auth);
2307 BIO_free_all(rdg->frontBio);
2309 DeleteCriticalSection(&rdg->writeSection);
2311 if (rdg->transferEncoding.isWebsocketTransport)
2313 if (rdg->transferEncoding.context.websocket.responseStreamBuffer != NULL)
2314 Stream_Free(rdg->transferEncoding.context.websocket.responseStreamBuffer, TRUE);
2317 smartcardCertInfo_Free(rdg->smartcard);
2322 BIO* rdg_get_front_bio_and_take_ownership(rdpRdg* rdg)
2327 rdg->attached = TRUE;
2328 return rdg->frontBio;
FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
FREERDP_API WCHAR * freerdp_settings_get_string_as_utf16(const rdpSettings *settings, FreeRDP_Settings_Keys_String id, size_t *pCharLen)
Return an allocated UTF16 string.
1.9.1