22#include <freerdp/config.h>
24#include "../settings.h"
26#include <winpr/assert.h>
27#include <winpr/cast.h>
30#include <winpr/synch.h>
31#include <winpr/print.h>
32#include <winpr/stream.h>
33#include <winpr/winsock.h>
34#include <winpr/cred.h>
36#include <freerdp/log.h>
37#include <freerdp/error.h>
38#include <freerdp/utils/ringbuffer.h>
39#include <freerdp/utils/smartcardlogon.h>
43#include "../credssp_auth.h"
46#include "../../crypto/opensslcompat.h"
50#define TAG FREERDP_TAG("core.gateway.rdg")
52#define AUTH_PKG NEGO_SSP_NAME
55#define HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID 0x1
56#define HTTP_CHANNEL_RESPONSE_OPTIONAL 0x2
57#define HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT 0x4
60#define HTTP_EXTENDED_AUTH_NONE 0x0
61#define HTTP_EXTENDED_AUTH_SC 0x1
62#define HTTP_EXTENDED_AUTH_PAA 0x02
63#define HTTP_EXTENDED_AUTH_SSPI_NTLM 0x04
64#define HTTP_EXTENDED_AUTH_BEARER 0x08
69 PKT_TYPE_HANDSHAKE_REQUEST = 0x1,
70 PKT_TYPE_HANDSHAKE_RESPONSE = 0x2,
71 PKT_TYPE_EXTENDED_AUTH_MSG = 0x3,
72 PKT_TYPE_TUNNEL_CREATE = 0x4,
73 PKT_TYPE_TUNNEL_RESPONSE = 0x5,
74 PKT_TYPE_TUNNEL_AUTH = 0x6,
75 PKT_TYPE_TUNNEL_AUTH_RESPONSE = 0x7,
76 PKT_TYPE_CHANNEL_CREATE = 0x8,
77 PKT_TYPE_CHANNEL_RESPONSE = 0x9,
79 PKT_TYPE_SERVICE_MESSAGE = 0xB,
80 PKT_TYPE_REAUTH_MESSAGE = 0xC,
81 PKT_TYPE_KEEPALIVE = 0xD,
82 PKT_TYPE_CLOSE_CHANNEL = 0x10,
83 PKT_TYPE_CLOSE_CHANNEL_RESPONSE = 0x11
90#define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS 0x1
91#define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT 0x2
92#define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE 0x4
95#define HTTP_TUNNEL_PACKET_FIELD_PAA_COOKIE 0x1
99#define HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID 0x1
100#define HTTP_TUNNEL_RESPONSE_FIELD_CAPS 0x2
101#define HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ 0x4
102#define HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG 0x10
105#define HTTP_CAPABILITY_TYPE_QUAR_SOH 0x1
106#define HTTP_CAPABILITY_IDLE_TIMEOUT 0x2
107#define HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN 0x4
108#define HTTP_CAPABILITY_MESSAGING_SERVICE_MSG 0x8
109#define HTTP_CAPABILITY_REAUTH 0x10
110#define HTTP_CAPABILITY_UDP_TRANSPORT 0x20
114 TRANSFER_ENCODING httpTransferEncoding;
115 BOOL isWebsocketTransport;
119 websocket_context* websocket;
121} rdg_http_encoding_context;
130 rdpCredsspAuth* auth;
137 UINT16 packetRemainingCount;
142 rdg_http_encoding_context transferEncoding;
150 RDG_CLIENT_STATE_INITIAL,
151 RDG_CLIENT_STATE_HANDSHAKE,
152 RDG_CLIENT_STATE_TUNNEL_CREATE,
153 RDG_CLIENT_STATE_TUNNEL_AUTHORIZE,
154 RDG_CLIENT_STATE_CHANNEL_CREATE,
155 RDG_CLIENT_STATE_OPENED,
160typedef struct rdg_packet_header
175static const t_flag_mapping tunnel_response_fields_present[] = {
176 { HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID,
"HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID" },
177 { HTTP_TUNNEL_RESPONSE_FIELD_CAPS,
"HTTP_TUNNEL_RESPONSE_FIELD_CAPS" },
178 { HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ,
"HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ" },
179 { HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG,
"HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG" }
182static const t_flag_mapping channel_response_fields_present[] = {
183 { HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID,
"HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID" },
184 { HTTP_CHANNEL_RESPONSE_OPTIONAL,
"HTTP_CHANNEL_RESPONSE_OPTIONAL" },
185 { HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT,
"HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT" }
188static const t_flag_mapping tunnel_authorization_response_fields_present[] = {
189 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS,
"HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS" },
190 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT,
191 "HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT" },
192 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE,
193 "HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE" }
196static const t_flag_mapping extended_auth[] = {
197 { HTTP_EXTENDED_AUTH_NONE,
"HTTP_EXTENDED_AUTH_NONE" },
198 { HTTP_EXTENDED_AUTH_SC,
"HTTP_EXTENDED_AUTH_SC" },
199 { HTTP_EXTENDED_AUTH_PAA,
"HTTP_EXTENDED_AUTH_PAA" },
200 { HTTP_EXTENDED_AUTH_SSPI_NTLM,
"HTTP_EXTENDED_AUTH_SSPI_NTLM" }
203static const t_flag_mapping capabilities_enum[] = {
204 { HTTP_CAPABILITY_TYPE_QUAR_SOH,
"HTTP_CAPABILITY_TYPE_QUAR_SOH" },
205 { HTTP_CAPABILITY_IDLE_TIMEOUT,
"HTTP_CAPABILITY_IDLE_TIMEOUT" },
206 { HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN,
"HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN" },
207 { HTTP_CAPABILITY_MESSAGING_SERVICE_MSG,
"HTTP_CAPABILITY_MESSAGING_SERVICE_MSG" },
208 { HTTP_CAPABILITY_REAUTH,
"HTTP_CAPABILITY_REAUTH" },
209 { HTTP_CAPABILITY_UDP_TRANSPORT,
"HTTP_CAPABILITY_UDP_TRANSPORT" }
212static const char* rdg_pkt_type_to_string(
int type)
220 ENTRY(PKT_TYPE_HANDSHAKE_REQUEST);
221 ENTRY(PKT_TYPE_HANDSHAKE_RESPONSE);
222 ENTRY(PKT_TYPE_EXTENDED_AUTH_MSG);
223 ENTRY(PKT_TYPE_TUNNEL_CREATE);
224 ENTRY(PKT_TYPE_TUNNEL_RESPONSE);
225 ENTRY(PKT_TYPE_TUNNEL_AUTH);
226 ENTRY(PKT_TYPE_TUNNEL_AUTH_RESPONSE);
227 ENTRY(PKT_TYPE_CHANNEL_CREATE);
228 ENTRY(PKT_TYPE_CHANNEL_RESPONSE);
229 ENTRY(PKT_TYPE_DATA);
230 ENTRY(PKT_TYPE_SERVICE_MESSAGE);
231 ENTRY(PKT_TYPE_REAUTH_MESSAGE);
232 ENTRY(PKT_TYPE_KEEPALIVE);
233 ENTRY(PKT_TYPE_CLOSE_CHANNEL);
234 ENTRY(PKT_TYPE_CLOSE_CHANNEL_RESPONSE);
236 return "PKT_TYPE_UNKNOWN";
241static const char* flags_to_string(UINT32 flags,
const t_flag_mapping* map,
size_t elements)
243 static char buffer[1024] = { 0 };
244 char fields[12] = { 0 };
246 for (
size_t x = 0; x < elements; x++)
248 const t_flag_mapping* cur = &map[x];
250 if ((cur->code & flags) != 0)
251 winpr_str_append(cur->name, buffer,
sizeof(buffer),
"|");
254 (void)sprintf_s(fields, ARRAYSIZE(fields),
" [%04" PRIx32
"]", flags);
255 winpr_str_append(fields, buffer,
sizeof(buffer), NULL);
259static const char* channel_response_fields_present_to_string(UINT16 fieldsPresent)
261 return flags_to_string(fieldsPresent, channel_response_fields_present,
262 ARRAYSIZE(channel_response_fields_present));
265static const char* tunnel_response_fields_present_to_string(UINT16 fieldsPresent)
267 return flags_to_string(fieldsPresent, tunnel_response_fields_present,
268 ARRAYSIZE(tunnel_response_fields_present));
271static const char* tunnel_authorization_response_fields_present_to_string(UINT16 fieldsPresent)
273 return flags_to_string(fieldsPresent, tunnel_authorization_response_fields_present,
274 ARRAYSIZE(tunnel_authorization_response_fields_present));
277static const char* extended_auth_to_string(UINT16 auth)
279 if (auth == HTTP_EXTENDED_AUTH_NONE)
280 return "HTTP_EXTENDED_AUTH_NONE [0x0000]";
282 return flags_to_string(auth, extended_auth, ARRAYSIZE(extended_auth));
285static const char* capabilities_enum_to_string(UINT32 capabilities)
287 return flags_to_string(capabilities, capabilities_enum, ARRAYSIZE(capabilities_enum));
290static BOOL rdg_read_http_unicode_string(wLog* log,
wStream* s,
const WCHAR**
string,
291 UINT16* lengthInBytes)
293 UINT16 strLenBytes = 0;
294 size_t rem = Stream_GetRemainingLength(s);
297 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
299 WLog_Print(log, WLOG_ERROR,
"Could not read stream length, only have %" PRIuz
" bytes",
303 Stream_Read_UINT16(s, strLenBytes);
306 const WCHAR* str = Stream_ConstPointer(s);
309 if (!Stream_SafeSeek(s, strLenBytes))
311 WLog_Print(log, WLOG_ERROR,
312 "Could not read stream data, only have %" PRIuz
" bytes, expected %" PRIu16,
313 rem - 4, strLenBytes);
321 *lengthInBytes = strLenBytes;
326static BOOL rdg_write_chunked(BIO* bio,
wStream* sPacket)
332 (void)sprintf_s(chunkSize,
sizeof(chunkSize),
"%" PRIXz
"\r\n", Stream_Length(sPacket));
333 sChunk = Stream_New(NULL, strnlen(chunkSize,
sizeof(chunkSize)) + Stream_Length(sPacket) + 2);
338 Stream_Write(sChunk, chunkSize, strnlen(chunkSize,
sizeof(chunkSize)));
339 Stream_Write(sChunk, Stream_Buffer(sPacket), Stream_Length(sPacket));
340 Stream_Write(sChunk,
"\r\n", 2);
341 Stream_SealLength(sChunk);
342 len = Stream_Length(sChunk);
346 Stream_Free(sChunk, TRUE);
351 status = BIO_write(bio, Stream_Buffer(sChunk), (
int)len);
352 Stream_Free(sChunk, TRUE);
354 if (status != (SSIZE_T)len)
360static BOOL rdg_write_packet(rdpRdg* rdg,
wStream* sPacket)
362 if (rdg->transferEncoding.isWebsocketTransport)
363 return websocket_context_write_wstream(rdg->transferEncoding.context.websocket,
364 rdg->tlsOut->bio, sPacket, WebsocketBinaryOpcode);
366 return rdg_write_chunked(rdg->tlsIn->bio, sPacket);
369static int rdg_socket_read(BIO* bio, BYTE* pBuffer,
size_t size,
370 rdg_http_encoding_context* encodingContext)
372 WINPR_ASSERT(encodingContext != NULL);
373 if (size > INT32_MAX)
376 if (encodingContext->isWebsocketTransport)
377 return websocket_context_read(encodingContext->context.websocket, bio, pBuffer, size);
379 switch (encodingContext->httpTransferEncoding)
381 case TransferEncodingIdentity:
383 return BIO_read(bio, pBuffer, (
int)size);
384 case TransferEncodingChunked:
385 return http_chuncked_read(bio, pBuffer, size, &encodingContext->context.chunked);
391static BOOL rdg_shall_abort(rdpRdg* rdg)
394 return freerdp_shall_disconnect_context(rdg->context);
397static BOOL rdg_read_all(rdpContext* context, rdpTls* tls, BYTE* buffer,
size_t size,
398 rdg_http_encoding_context* transferEncoding)
400 size_t readCount = 0;
401 BYTE* pBuffer = buffer;
403 while (readCount < size)
405 if (freerdp_shall_disconnect_context(context))
408 int status = rdg_socket_read(tls->bio, pBuffer, size - readCount, transferEncoding);
411 if (!BIO_should_retry(tls->bio))
418 readCount += WINPR_ASSERTING_INT_CAST(uint32_t, status);
419 pBuffer += WINPR_ASSERTING_INT_CAST(uint32_t, status);
425static wStream* rdg_receive_packet(rdpRdg* rdg)
427 const size_t header =
sizeof(RdgPacketHeader);
428 size_t packetLength = 0;
429 wStream* s = Stream_New(NULL, 1024);
434 if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s), header, &rdg->transferEncoding))
436 Stream_Free(s, TRUE);
441 Stream_Read_UINT32(s, packetLength);
443 if ((packetLength > INT_MAX) || !Stream_EnsureCapacity(s, packetLength) ||
444 (packetLength < header))
446 Stream_Free(s, TRUE);
450 if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s) + header, packetLength - header,
451 &rdg->transferEncoding))
453 Stream_Free(s, TRUE);
457 Stream_SetLength(s, packetLength);
461static BOOL rdg_send_handshake(rdpRdg* rdg)
464 wStream* s = Stream_New(NULL, 14);
469 Stream_Write_UINT16(s, PKT_TYPE_HANDSHAKE_REQUEST);
470 Stream_Write_UINT16(s, 0);
471 Stream_Write_UINT32(s, 14);
472 Stream_Write_UINT8(s, 1);
473 Stream_Write_UINT8(s, 0);
474 Stream_Write_UINT16(s, 0);
475 Stream_Write_UINT16(s, rdg->extAuth);
476 Stream_SealLength(s);
477 status = rdg_write_packet(rdg, s);
478 Stream_Free(s, TRUE);
482 rdg->state = RDG_CLIENT_STATE_HANDSHAKE;
488static BOOL rdg_send_extauth_sspi(rdpRdg* rdg)
492 UINT32 packetSize = 8 + 4 + 2;
496 const SecBuffer* authToken = credssp_auth_get_output_buffer(rdg->auth);
499 packetSize += authToken->cbBuffer;
501 s = Stream_New(NULL, packetSize);
506 Stream_Write_UINT16(s, PKT_TYPE_EXTENDED_AUTH_MSG);
507 Stream_Write_UINT16(s, 0);
508 Stream_Write_UINT32(s, packetSize);
509 Stream_Write_UINT32(s, ERROR_SUCCESS);
510 Stream_Write_UINT16(s, (UINT16)authToken->cbBuffer);
511 Stream_Write(s, authToken->pvBuffer, authToken->cbBuffer);
513 Stream_SealLength(s);
514 status = rdg_write_packet(rdg, s);
515 Stream_Free(s, TRUE);
520static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
524 UINT32 packetSize = 16;
525 UINT16 fieldsPresent = 0;
526 WCHAR* PAACookie = NULL;
527 size_t PAACookieLen = 0;
528 const UINT32 capabilities = HTTP_CAPABILITY_TYPE_QUAR_SOH |
529 HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN |
530 HTTP_CAPABILITY_MESSAGING_SERVICE_MSG;
532 if (rdg->extAuth == HTTP_EXTENDED_AUTH_PAA)
535 ConvertUtf8ToWCharAlloc(rdg->context->settings->GatewayAccessToken, &PAACookieLen);
537 if (!PAACookie || (PAACookieLen > UINT16_MAX /
sizeof(WCHAR)))
544 packetSize += 2 + (UINT32)(PAACookieLen) *
sizeof(WCHAR);
545 fieldsPresent = HTTP_TUNNEL_PACKET_FIELD_PAA_COOKIE;
548 s = Stream_New(NULL, packetSize);
556 Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_CREATE);
557 Stream_Write_UINT16(s, 0);
558 Stream_Write_UINT32(s, packetSize);
559 Stream_Write_UINT32(s, capabilities);
560 Stream_Write_UINT16(s, fieldsPresent);
561 Stream_Write_UINT16(s, 0);
565 Stream_Write_UINT16(s, (UINT16)PAACookieLen *
sizeof(WCHAR));
566 Stream_Write_UTF16_String(s, PAACookie, PAACookieLen);
569 Stream_SealLength(s);
570 status = rdg_write_packet(rdg, s);
571 Stream_Free(s, TRUE);
576 rdg->state = RDG_CLIENT_STATE_TUNNEL_CREATE;
582static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg)
587 size_t clientNameLen = 0;
589 rdg->context->settings, FreeRDP_ClientHostname, &clientNameLen);
593 const size_t packetSize = 12ull + clientNameLen *
sizeof(WCHAR);
594 if (!clientName || (clientNameLen >= UINT16_MAX /
sizeof(WCHAR)) || (packetSize > UINT32_MAX))
600 s = Stream_New(NULL, packetSize);
608 Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_AUTH);
609 Stream_Write_UINT16(s, 0);
610 Stream_Write_UINT32(s, (UINT32)packetSize);
611 Stream_Write_UINT16(s, 0);
612 Stream_Write_UINT16(s, (UINT16)clientNameLen *
sizeof(WCHAR));
613 Stream_Write_UTF16_String(s, clientName, clientNameLen);
614 Stream_SealLength(s);
615 status = rdg_write_packet(rdg, s);
616 Stream_Free(s, TRUE);
621 rdg->state = RDG_CLIENT_STATE_TUNNEL_AUTHORIZE;
627static BOOL rdg_send_channel_create(rdpRdg* rdg)
631 WCHAR* serverName = NULL;
632 size_t serverNameLen = 0;
636 FreeRDP_ServerHostname, &serverNameLen);
639 const size_t packetSize = 16ull + serverNameLen *
sizeof(WCHAR);
640 if (!serverName || (serverNameLen >= UINT16_MAX /
sizeof(WCHAR)) || (packetSize > UINT32_MAX))
643 s = Stream_New(NULL, packetSize);
648 Stream_Write_UINT16(s, PKT_TYPE_CHANNEL_CREATE);
649 Stream_Write_UINT16(s, 0);
650 Stream_Write_UINT32(s, (UINT32)packetSize);
651 Stream_Write_UINT8(s, 1);
652 Stream_Write_UINT8(s, 0);
653 Stream_Write_UINT16(s,
654 (UINT16)rdg->context->settings->ServerPort);
655 Stream_Write_UINT16(s, 3);
656 Stream_Write_UINT16(s, (UINT16)serverNameLen *
sizeof(WCHAR));
657 Stream_Write_UTF16_String(s, serverName, serverNameLen);
658 Stream_SealLength(s);
659 status = rdg_write_packet(rdg, s);
662 Stream_Free(s, TRUE);
665 rdg->state = RDG_CLIENT_STATE_CHANNEL_CREATE;
670static BOOL rdg_set_auth_header(rdpCredsspAuth* auth, HttpRequest* request)
672 const SecBuffer* authToken = credssp_auth_get_output_buffer(auth);
673 char* base64AuthToken = NULL;
677 if (authToken->cbBuffer > INT_MAX)
680 base64AuthToken = crypto_base64_encode(authToken->pvBuffer, authToken->cbBuffer);
685 BOOL rc = http_request_set_auth_scheme(request, credssp_auth_pkg_name(auth)) &&
686 http_request_set_auth_param(request, base64AuthToken);
687 free(base64AuthToken);
696static wStream* rdg_build_http_request(rdpRdg* rdg,
const char* method,
697 TRANSFER_ENCODING transferEncoding)
700 HttpRequest* request = NULL;
701 const char* uri = NULL;
706 uri = http_context_get_uri(rdg->http);
707 request = http_request_new();
712 if (!http_request_set_method(request, method) || !http_request_set_uri(request, uri))
717 if (!rdg_set_auth_header(rdg->auth, request))
721 else if (rdg->extAuth == HTTP_EXTENDED_AUTH_BEARER)
723 http_request_set_auth_scheme(request,
"Bearer");
724 http_request_set_auth_param(request, rdg->context->settings->GatewayHttpExtAuthBearer);
727 http_request_set_transfer_encoding(request, transferEncoding);
729 s = http_request_write(rdg->http, request);
731 http_request_free(request);
734 Stream_SealLength(s);
739static BOOL rdg_recv_auth_token(wLog* log, rdpCredsspAuth* auth, HttpResponse* response)
742 size_t authTokenLength = 0;
743 BYTE* authTokenData = NULL;
747 if (!auth || !response)
750 const UINT16 StatusCode = http_response_get_status_code(response);
753 case HTTP_STATUS_DENIED:
755 case HTTP_STATUS_SWITCH_PROTOCOLS:
758 http_response_log_error_status(log, WLOG_WARN, response);
762 const char* token64 = http_response_get_auth_token(response, credssp_auth_pkg_name(auth));
766 len = strlen(token64);
768 crypto_base64_decode(token64, len, &authTokenData, &authTokenLength);
770 if (authTokenLength && authTokenData && (authTokenLength <= UINT32_MAX))
772 authToken.pvBuffer = authTokenData;
773 authToken.cbBuffer = (UINT32)authTokenLength;
774 credssp_auth_take_input_buffer(auth, &authToken);
779 rc = credssp_auth_authenticate(auth);
786static BOOL rdg_skip_seed_payload(rdpContext* context, rdpTls* tls,
size_t lastResponseLength,
787 rdg_http_encoding_context* transferEncoding)
789 BYTE seed_payload[10] = { 0 };
790 const size_t size =
sizeof(seed_payload);
795 if (lastResponseLength < size)
797 if (!rdg_read_all(context, tls, seed_payload, size - lastResponseLength, transferEncoding))
806static BOOL rdg_process_handshake_response(rdpRdg* rdg,
wStream* s)
808 UINT32 errorCode = 0;
809 UINT16 serverVersion = 0;
810 UINT16 extendedAuth = 0;
813 const char* error = NULL;
814 WLog_Print(rdg->log, WLOG_DEBUG,
"Handshake response received");
816 if (rdg->state != RDG_CLIENT_STATE_HANDSHAKE)
821 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 10))
824 Stream_Read_UINT32(s, errorCode);
825 Stream_Read_UINT8(s, verMajor);
826 Stream_Read_UINT8(s, verMinor);
827 Stream_Read_UINT16(s, serverVersion);
828 Stream_Read_UINT16(s, extendedAuth);
829 error = rpc_error_to_string(errorCode);
830 WLog_Print(rdg->log, WLOG_DEBUG,
831 "errorCode=%s, verMajor=%" PRId8
", verMinor=%" PRId8
", serverVersion=%" PRId16
833 error, verMajor, verMinor, serverVersion, extended_auth_to_string(extendedAuth));
835 if (FAILED((HRESULT)errorCode))
837 WLog_Print(rdg->log, WLOG_ERROR,
"Handshake error %s", error);
838 freerdp_set_last_error_log(rdg->context, errorCode);
842 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
843 return rdg_send_extauth_sspi(rdg);
845 return rdg_send_tunnel_request(rdg);
848static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg,
wStream* s, UINT16 fieldsPresent)
850 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID)
853 if (!Stream_SafeSeek(s, 4))
855 WLog_Print(rdg->log, WLOG_ERROR,
"Short tunnelId, got %" PRIuz
", expected 4",
856 Stream_GetRemainingLength(s));
861 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CAPS)
864 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 4))
867 Stream_Read_UINT32(s, caps);
868 WLog_Print(rdg->log, WLOG_DEBUG,
"capabilities=%s", capabilities_enum_to_string(caps));
871 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ)
874 if (!Stream_SafeSeek(s, 20))
876 WLog_Print(rdg->log, WLOG_ERROR,
"Short nonce, got %" PRIuz
", expected 20",
877 Stream_GetRemainingLength(s));
882 if (!rdg_read_http_unicode_string(rdg->log, s, NULL, NULL))
884 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read server certificate");
889 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG)
891 const WCHAR* msg = NULL;
892 UINT16 msgLenBytes = 0;
893 rdpContext* context = rdg->context;
895 WINPR_ASSERT(context);
896 WINPR_ASSERT(context->instance);
899 if (!rdg_read_http_unicode_string(rdg->log, s, &msg, &msgLenBytes))
901 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read consent message");
905 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
906 GATEWAY_MESSAGE_CONSENT, TRUE, TRUE, msgLenBytes, msg);
912static BOOL rdg_process_tunnel_response(rdpRdg* rdg,
wStream* s)
914 UINT16 serverVersion = 0;
915 UINT16 fieldsPresent = 0;
916 UINT32 errorCode = 0;
917 const char* error = NULL;
918 WLog_Print(rdg->log, WLOG_DEBUG,
"Tunnel response received");
920 if (rdg->state != RDG_CLIENT_STATE_TUNNEL_CREATE)
925 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 10))
928 Stream_Read_UINT16(s, serverVersion);
929 Stream_Read_UINT32(s, errorCode);
930 Stream_Read_UINT16(s, fieldsPresent);
931 Stream_Seek_UINT16(s);
932 error = rpc_error_to_string(errorCode);
933 WLog_Print(rdg->log, WLOG_DEBUG,
"serverVersion=%" PRId16
", errorCode=%s, fieldsPresent=%s",
934 serverVersion, error, tunnel_response_fields_present_to_string(fieldsPresent));
936 if (FAILED((HRESULT)errorCode))
938 WLog_Print(rdg->log, WLOG_ERROR,
"Tunnel creation error %s", error);
939 freerdp_set_last_error_log(rdg->context, errorCode);
943 if (!rdg_process_tunnel_response_optional(rdg, s, fieldsPresent))
946 return rdg_send_tunnel_authorization(rdg);
949static BOOL rdg_process_tunnel_authorization_response(rdpRdg* rdg,
wStream* s)
951 UINT32 errorCode = 0;
952 UINT16 fieldsPresent = 0;
953 const char* error = NULL;
954 WLog_Print(rdg->log, WLOG_DEBUG,
"Tunnel authorization received");
956 if (rdg->state != RDG_CLIENT_STATE_TUNNEL_AUTHORIZE)
961 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
964 Stream_Read_UINT32(s, errorCode);
965 Stream_Read_UINT16(s, fieldsPresent);
966 Stream_Seek_UINT16(s);
967 error = rpc_error_to_string(errorCode);
968 WLog_Print(rdg->log, WLOG_DEBUG,
"errorCode=%s, fieldsPresent=%s", error,
969 tunnel_authorization_response_fields_present_to_string(fieldsPresent));
972 if (errorCode != S_OK && errorCode != E_PROXY_QUARANTINE_ACCESSDENIED)
974 WLog_Print(rdg->log, WLOG_ERROR,
"Tunnel authorization error %s", error);
975 freerdp_set_last_error_log(rdg->context, errorCode);
979 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS)
981 UINT32 redirFlags = 0;
982 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 4))
984 Stream_Read_UINT32(s, redirFlags);
986 rdpContext* context = rdg->context;
987 if (!utils_apply_gateway_policy(rdg->log, context, redirFlags,
"RDG"))
991 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT)
993 UINT32 idleTimeout = 0;
994 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 4))
996 Stream_Read_UINT32(s, idleTimeout);
997 WLog_Print(rdg->log, WLOG_DEBUG,
"[IDLE_TIMEOUT] idleTimeout=%" PRIu32
": TODO: unused",
1001 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE)
1004 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 2))
1006 Stream_Read_UINT16(s, cbLen);
1008 WLog_Print(rdg->log, WLOG_DEBUG,
"[SOH_RESPONSE] cbLen=%" PRIu16
": TODO: unused", cbLen);
1009 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, cbLen))
1011 Stream_Seek(s, cbLen);
1014 return rdg_send_channel_create(rdg);
1017static BOOL rdg_process_extauth_sspi(rdpRdg* rdg,
wStream* s)
1019 INT32 errorCode = 0;
1020 UINT16 authBlobLen = 0;
1022 BYTE* authTokenData = NULL;
1026 Stream_Read_INT32(s, errorCode);
1027 Stream_Read_UINT16(s, authBlobLen);
1029 if (errorCode != ERROR_SUCCESS)
1031 WLog_Print(rdg->log, WLOG_ERROR,
"EXTAUTH_SSPI_NTLM failed with error %s [0x%08X]",
1032 GetSecurityStatusString(errorCode), WINPR_CXX_COMPAT_CAST(UINT32, errorCode));
1036 if (authBlobLen == 0)
1038 if (credssp_auth_is_complete(rdg->auth))
1040 credssp_auth_free(rdg->auth);
1042 return rdg_send_tunnel_request(rdg);
1047 authTokenData = malloc(authBlobLen);
1048 if (authTokenData == NULL)
1050 Stream_Read(s, authTokenData, authBlobLen);
1052 authToken.pvBuffer = authTokenData;
1053 authToken.cbBuffer = authBlobLen;
1055 credssp_auth_take_input_buffer(rdg->auth, &authToken);
1057 if (credssp_auth_authenticate(rdg->auth) < 0)
1060 if (credssp_auth_have_output_token(rdg->auth))
1061 return rdg_send_extauth_sspi(rdg);
1066static BOOL rdg_process_channel_response(rdpRdg* rdg,
wStream* s)
1068 UINT16 fieldsPresent = 0;
1069 UINT32 errorCode = 0;
1070 const char* error = NULL;
1071 WLog_Print(rdg->log, WLOG_DEBUG,
"Channel response received");
1073 if (rdg->state != RDG_CLIENT_STATE_CHANNEL_CREATE)
1078 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
1081 Stream_Read_UINT32(s, errorCode);
1082 Stream_Read_UINT16(s, fieldsPresent);
1083 Stream_Seek_UINT16(s);
1084 error = rpc_error_to_string(errorCode);
1085 WLog_Print(rdg->log, WLOG_DEBUG,
"channel response errorCode=%s, fieldsPresent=%s", error,
1086 channel_response_fields_present_to_string(fieldsPresent));
1088 if (FAILED((HRESULT)errorCode))
1090 WLog_Print(rdg->log, WLOG_ERROR,
"channel response errorCode=%s, fieldsPresent=%s", error,
1091 channel_response_fields_present_to_string(fieldsPresent));
1092 freerdp_set_last_error_log(rdg->context, errorCode);
1096 rdg->state = RDG_CLIENT_STATE_OPENED;
1100static BOOL rdg_process_packet(rdpRdg* rdg,
wStream* s)
1104 UINT32 packetLength = 0;
1105 Stream_SetPosition(s, 0);
1107 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
1110 Stream_Read_UINT16(s, type);
1111 Stream_Seek_UINT16(s);
1112 Stream_Read_UINT32(s, packetLength);
1114 if (Stream_Length(s) < packetLength)
1116 WLog_Print(rdg->log, WLOG_ERROR,
"Short packet %" PRIuz
", expected %" PRIu32,
1117 Stream_Length(s), packetLength);
1123 case PKT_TYPE_HANDSHAKE_RESPONSE:
1124 status = rdg_process_handshake_response(rdg, s);
1127 case PKT_TYPE_TUNNEL_RESPONSE:
1128 status = rdg_process_tunnel_response(rdg, s);
1131 case PKT_TYPE_TUNNEL_AUTH_RESPONSE:
1132 status = rdg_process_tunnel_authorization_response(rdg, s);
1135 case PKT_TYPE_CHANNEL_RESPONSE:
1136 status = rdg_process_channel_response(rdg, s);
1140 WLog_Print(rdg->log, WLOG_ERROR,
"Unexpected packet type DATA");
1144 case PKT_TYPE_EXTENDED_AUTH_MSG:
1145 status = rdg_process_extauth_sspi(rdg, s);
1149 WLog_Print(rdg->log, WLOG_ERROR,
"PKG TYPE 0x%x not implemented", type);
1156 const size_t rem = Stream_GetRemainingLength(s);
1158 WLog_Print(rdg->log, WLOG_WARN,
"[%s] unparsed data detected: %" PRIuz
" bytes",
1159 rdg_pkt_type_to_string(type), rem);
1164DWORD rdg_get_event_handles(rdpRdg* rdg, HANDLE* events, DWORD count)
1167 WINPR_ASSERT(rdg != NULL);
1169 if (rdg->tlsOut && rdg->tlsOut->bio)
1171 if (events && (nCount < count))
1173 BIO_get_event(rdg->tlsOut->bio, &events[nCount]);
1185static BOOL rdg_get_gateway_credentials(rdpContext* context, rdp_auth_reason reason)
1187 freerdp* instance = context->instance;
1189 auth_status rc = utils_authenticate_gateway(instance, reason);
1195 case AUTH_CANCELLED:
1196 freerdp_set_last_error_log(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
1198 case AUTH_NO_CREDENTIALS:
1199 WLog_INFO(TAG,
"No credentials provided - using NULL identity");
1207static BOOL rdg_auth_init(rdpRdg* rdg, rdpTls* tls, TCHAR* authPkg)
1209 rdpContext* context = rdg->context;
1210 rdpSettings* settings = context->settings;
1211 SEC_WINNT_AUTH_IDENTITY identity = { 0 };
1214 rdg->auth = credssp_auth_new(context);
1218 if (!credssp_auth_init(rdg->auth, authPkg, tls->Bindings))
1224 if (!smartcard_getCert(context, &rdg->smartcard, TRUE))
1227 if (!rdg_get_gateway_credentials(context, AUTH_SMARTCARD_PIN))
1232 if (!rdg_get_gateway_credentials(context, GW_AUTH_RDG))
1237 if (doSCLogon && !smartcard_getCert(context, &rdg->smartcard, TRUE))
1241 SEC_WINNT_AUTH_IDENTITY* identityArg = &identity;
1244 if (!identity_set_from_smartcard_hash(&identity, settings, FreeRDP_GatewayUsername,
1245 FreeRDP_GatewayDomain, FreeRDP_GatewayPassword,
1246 rdg->smartcard->sha1Hash,
1247 sizeof(rdg->smartcard->sha1Hash)))
1252 if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername,
1253 FreeRDP_GatewayDomain, FreeRDP_GatewayPassword))
1256 if (!settings->GatewayUsername)
1260 if (!credssp_auth_setup_client(rdg->auth,
"HTTP", settings->GatewayHostname, identityArg,
1261 rdg->smartcard ? rdg->smartcard->pkinitArgs : NULL))
1263 sspi_FreeAuthIdentity(&identity);
1266 sspi_FreeAuthIdentity(&identity);
1268 credssp_auth_set_flags(rdg->auth, ISC_REQ_CONFIDENTIALITY | ISC_REQ_MUTUAL_AUTH);
1270 rc = credssp_auth_authenticate(rdg->auth);
1277static BOOL rdg_send_http_request(rdpRdg* rdg, rdpTls* tls,
const char* method,
1278 TRANSFER_ENCODING transferEncoding)
1281 wStream* s = rdg_build_http_request(rdg, method, transferEncoding);
1286 const size_t sz = Stream_Length(s);
1287 status = freerdp_tls_write_all(tls, Stream_Buffer(s), sz);
1289 Stream_Free(s, TRUE);
1290 return (status >= 0);
1293static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls,
const char* peerAddress, UINT32 timeout)
1296 BIO* layerBio = NULL;
1297 BIO* bufferedBio = NULL;
1299 rdpSettings* settings = rdg->context->settings;
1300 rdpTransport* transport = freerdp_get_transport(rdg->context);
1301 const char* peerHostname = settings->GatewayHostname;
1302 UINT16 peerPort = (UINT16)settings->GatewayPort;
1303 const char* proxyUsername = NULL;
1304 const char* proxyPassword = NULL;
1305 BOOL isProxyConnection =
1306 proxy_prepare(settings, &peerHostname, &peerPort, &proxyUsername, &proxyPassword);
1308 if (settings->GatewayPort > UINT16_MAX)
1311 layer = transport_connect_layer(transport, peerAddress ? peerAddress : peerHostname, peerPort,
1319 layerBio = BIO_new(BIO_s_transport_layer());
1322 transport_layer_free(layer);
1325 BIO_set_data(layerBio, layer);
1327 bufferedBio = BIO_new(BIO_s_buffered_socket());
1330 BIO_free_all(layerBio);
1334 bufferedBio = BIO_push(bufferedBio, layerBio);
1335 status = BIO_set_nonblock(bufferedBio, TRUE);
1337 if (isProxyConnection)
1339 if (!proxy_connect(rdg->context, bufferedBio, proxyUsername, proxyPassword,
1340 settings->GatewayHostname, (UINT16)settings->GatewayPort))
1342 BIO_free_all(bufferedBio);
1349 BIO_free_all(bufferedBio);
1353 tls->hostname = settings->GatewayHostname;
1354 tls->port = WINPR_ASSERTING_INT_CAST(int32_t, MIN(UINT16_MAX, settings->GatewayPort));
1355 tls->isGatewayTransport = TRUE;
1356 status = freerdp_tls_connect(tls, bufferedBio);
1359 rdpContext* context = rdg->context;
1362 freerdp_set_last_error_if_not(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
1366 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
1371 return (status >= 1);
1374static BOOL rdg_establish_data_connection(rdpRdg* rdg, rdpTls* tls,
const char* method,
1375 const char* peerAddress, UINT32 timeout,
1378 char buffer[64] = { 0 };
1379 HttpResponse* response = NULL;
1381 if (!rdg_tls_connect(rdg, tls, peerAddress, timeout))
1384 WINPR_ASSERT(rpcFallback);
1385 if (rdg->context->settings->GatewayHttpExtAuthBearer && rdg->extAuth == HTTP_EXTENDED_AUTH_NONE)
1386 rdg->extAuth = HTTP_EXTENDED_AUTH_BEARER;
1387 if (rdg->extAuth == HTTP_EXTENDED_AUTH_NONE)
1389 if (!rdg_auth_init(rdg, tls, AUTH_PKG))
1392 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1395 response = http_response_recv(tls, TRUE);
1400 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1401 *rpcFallback = TRUE;
1405 (void)http_response_extract_cookies(response, rdg->http);
1407 const UINT16 StatusCode = http_response_get_status_code(response);
1410 case HTTP_STATUS_GONE:
1411 case HTTP_STATUS_FORBIDDEN:
1412 case HTTP_STATUS_NOT_FOUND:
1414 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway does not support HTTP transport.");
1415 http_response_log_error_status(rdg->log, WLOG_DEBUG, response);
1416 *rpcFallback = TRUE;
1418 http_response_free(response);
1421 case HTTP_STATUS_OK:
1424 case HTTP_STATUS_DENIED:
1425 http_response_log_error_status(rdg->log, WLOG_DEBUG, response);
1429 http_response_log_error_status(rdg->log, WLOG_WARN, response);
1433 while (!credssp_auth_is_complete(rdg->auth))
1435 if (!rdg_recv_auth_token(rdg->log, rdg->auth, response))
1437 http_response_free(response);
1441 if (credssp_auth_have_output_token(rdg->auth))
1443 http_response_free(response);
1445 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1448 response = http_response_recv(tls, TRUE);
1451 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1452 *rpcFallback = TRUE;
1455 (void)http_response_extract_cookies(response, rdg->http);
1458 credssp_auth_free(rdg->auth);
1463 credssp_auth_free(rdg->auth);
1466 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1469 response = http_response_recv(tls, TRUE);
1473 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1474 *rpcFallback = TRUE;
1477 (void)http_response_extract_cookies(response, rdg->http);
1480 const UINT16 statusCode = http_response_get_status_code(response);
1481 const size_t bodyLength = http_response_get_body_length(response);
1482 const TRANSFER_ENCODING encoding = http_response_get_transfer_encoding(response);
1483 const BOOL isWebsocket = http_response_is_websocket(rdg->http, response);
1485 WLog_Print(rdg->log, WLOG_DEBUG,
"%s authorization result: %s", method,
1486 freerdp_http_status_string_format(statusCode, buffer, ARRAYSIZE(buffer)));
1490 case HTTP_STATUS_OK:
1493 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1494 http_response_free(response);
1496 case HTTP_STATUS_DENIED:
1497 freerdp_set_last_error_log(rdg->context, FREERDP_ERROR_CONNECT_ACCESS_DENIED);
1498 http_response_free(response);
1500 case HTTP_STATUS_SWITCH_PROTOCOLS:
1501 http_response_free(response);
1508 if (http_context_is_websocket_upgrade_enabled(rdg->http))
1510 long fd = BIO_get_fd(tls->bio, NULL);
1512 closesocket((SOCKET)fd);
1513 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1514 return rdg_establish_data_connection(rdg, tls, method, peerAddress, timeout,
1520 rdg->transferEncoding.isWebsocketTransport = TRUE;
1521 if (!websocket_context_reset(rdg->transferEncoding.context.websocket))
1524 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
1528 if (!rdg_auth_init(rdg, tls, NTLM_SSP_NAME))
1533 http_response_log_error_status(rdg->log, WLOG_WARN, response);
1534 http_response_free(response);
1538 if (strcmp(method,
"RDG_OUT_DATA") == 0)
1540 if (encoding == TransferEncodingChunked)
1542 rdg->transferEncoding.httpTransferEncoding = TransferEncodingChunked;
1543 rdg->transferEncoding.context.chunked.nextOffset = 0;
1544 rdg->transferEncoding.context.chunked.headerFooterPos = 0;
1545 rdg->transferEncoding.context.chunked.state = ChunkStateLenghHeader;
1547 if (!rdg_skip_seed_payload(rdg->context, tls, bodyLength, &rdg->transferEncoding))
1554 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingChunked))
1557 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
1561 if (!rdg_auth_init(rdg, tls, NTLM_SSP_NAME))
1569static BOOL rdg_tunnel_connect(rdpRdg* rdg)
1573 rdg_send_handshake(rdg);
1575 while (rdg->state < RDG_CLIENT_STATE_OPENED)
1578 s = rdg_receive_packet(rdg);
1582 status = rdg_process_packet(rdg, s);
1583 Stream_Free(s, TRUE);
1589 WINPR_ASSERT(rdg->context);
1590 WINPR_ASSERT(rdg->context->rdp);
1591 transport_set_layer(rdg->context->rdp->transport, TRANSPORT_LAYER_CLOSED);
1599BOOL rdg_connect(rdpRdg* rdg, DWORD timeout, BOOL* rpcFallback)
1602 SOCKET outConnSocket = 0;
1603 char* peerAddress = NULL;
1604 BOOL rpcFallbackLocal = FALSE;
1606 WINPR_ASSERT(rdg != NULL);
1607 freerdp_set_last_error(rdg->context, ERROR_SUCCESS);
1608 status = rdg_establish_data_connection(rdg, rdg->tlsOut,
"RDG_OUT_DATA", NULL, timeout,
1613 if (rdg->transferEncoding.isWebsocketTransport)
1615 WLog_Print(rdg->log, WLOG_DEBUG,
"Upgraded to websocket. RDG_IN_DATA not required");
1622 BIO_get_socket(rdg->tlsOut->underlying, &outConnSocket);
1623 peerAddress = freerdp_tcp_get_peer_address(outConnSocket);
1624 status = rdg_establish_data_connection(rdg, rdg->tlsIn,
"RDG_IN_DATA", peerAddress,
1625 timeout, &rpcFallbackLocal);
1631 *rpcFallback = rpcFallbackLocal;
1636 WINPR_ASSERT(rdg->context);
1637 WINPR_ASSERT(rdg->context->rdp);
1638 if (rpcFallbackLocal)
1640 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1641 credssp_auth_free(rdg->auth);
1645 transport_set_layer(rdg->context->rdp->transport, TRANSPORT_LAYER_CLOSED);
1649 status = rdg_tunnel_connect(rdg);
1657static int rdg_write_websocket_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1663 const size_t payloadSize = (size_t)isize + 10;
1671 websocket_context_packet_new(payloadSize, WebsocketBinaryOpcode, &maskingKey.u32);
1675 Stream_Write_UINT16(
1676 sWS, WINPR_ASSERTING_INT_CAST(
1677 uint16_t, PKT_TYPE_DATA ^ (maskingKey.u8[0] | maskingKey.u8[1] << 8)));
1678 Stream_Write_UINT16(
1679 sWS, WINPR_ASSERTING_INT_CAST(
1680 uint16_t, 0 ^ (maskingKey.u8[2] | maskingKey.u8[3] << 8)));
1681 Stream_Write_UINT32(
1682 sWS, WINPR_ASSERTING_INT_CAST(uint32_t, payloadSize ^ maskingKey.u32));
1683 Stream_Write_UINT16(
1684 sWS, WINPR_ASSERTING_INT_CAST(
1685 uint16_t, isize ^ (maskingKey.u8[0] | maskingKey.u8[1] << 8)));
1688 maskingKey.u32 = (maskingKey.u32 & 0xffff) << 16 | (maskingKey.u32 >> 16);
1690 WINPR_ASSERT(rdg->tlsOut);
1692 Stream_StaticConstInit(&sPacket, buf, (
size_t)isize);
1693 if (!websocket_context_mask_and_send(rdg->tlsOut->bio, sWS, &sPacket, maskingKey.u32))
1699static int rdg_write_chunked_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1705 if (isize > UINT16_MAX)
1708 const size_t size = (size_t)isize;
1712 const size_t packetSize = size + 10;
1713 char chunkSize[11] = { 0 };
1714 (void)sprintf_s(chunkSize,
sizeof(chunkSize),
"%" PRIxz
"\r\n", packetSize);
1715 sChunk = Stream_New(NULL, strnlen(chunkSize,
sizeof(chunkSize)) + packetSize + 2);
1720 Stream_Write(sChunk, chunkSize, strnlen(chunkSize,
sizeof(chunkSize)));
1721 Stream_Write_UINT16(sChunk, PKT_TYPE_DATA);
1722 Stream_Write_UINT16(sChunk, 0);
1723 Stream_Write_UINT32(sChunk, (UINT32)packetSize);
1724 Stream_Write_UINT16(sChunk, (UINT16)size);
1725 Stream_Write(sChunk, buf, size);
1726 Stream_Write(sChunk,
"\r\n", 2);
1727 Stream_SealLength(sChunk);
1728 len = Stream_Length(sChunk);
1730 status = freerdp_tls_write_all(rdg->tlsIn, Stream_Buffer(sChunk), len);
1731 Stream_Free(sChunk, TRUE);
1739static int rdg_write_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1742 if (rdg->transferEncoding.isWebsocketTransport)
1743 return rdg_write_websocket_data_packet(rdg, buf, isize);
1745 return rdg_write_chunked_data_packet(rdg, buf, isize);
1748static BOOL rdg_process_close_packet(rdpRdg* rdg,
wStream* s)
1752 UINT32 errorCode = 0;
1753 UINT32 packetSize = 12;
1756 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 4))
1758 Stream_Read_UINT32(s, errorCode);
1761 freerdp_set_last_error_log(rdg->context, errorCode);
1763 sClose = Stream_New(NULL, packetSize);
1767 Stream_Write_UINT16(sClose, PKT_TYPE_CLOSE_CHANNEL_RESPONSE);
1768 Stream_Write_UINT16(sClose, 0);
1769 Stream_Write_UINT32(sClose, packetSize);
1770 Stream_Write_UINT32(sClose, 0);
1771 Stream_SealLength(sClose);
1772 status = rdg_write_packet(rdg, sClose);
1773 Stream_Free(sClose, TRUE);
1775 return (status < 0 ? FALSE : TRUE);
1778static BOOL rdg_process_keep_alive_packet(rdpRdg* rdg)
1782 size_t packetSize = 8;
1784 sKeepAlive = Stream_New(NULL, packetSize);
1789 Stream_Write_UINT16(sKeepAlive, PKT_TYPE_KEEPALIVE);
1790 Stream_Write_UINT16(sKeepAlive, 0);
1791 Stream_Write_UINT32(sKeepAlive, (UINT32)packetSize);
1792 Stream_SealLength(sKeepAlive);
1793 status = rdg_write_packet(rdg, sKeepAlive);
1794 Stream_Free(sKeepAlive, TRUE);
1796 return (status < 0 ? FALSE : TRUE);
1799static BOOL rdg_process_service_message(rdpRdg* rdg,
wStream* s)
1801 const WCHAR* msg = NULL;
1802 UINT16 msgLenBytes = 0;
1803 rdpContext* context = rdg->context;
1804 WINPR_ASSERT(context);
1805 WINPR_ASSERT(context->instance);
1808 if (!rdg_read_http_unicode_string(rdg->log, s, &msg, &msgLenBytes))
1810 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read string");
1814 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1815 GATEWAY_MESSAGE_SERVICE, TRUE, FALSE, msgLenBytes, msg);
1818static BOOL rdg_process_unknown_packet(rdpRdg* rdg,
int type)
1822 WLog_Print(rdg->log, WLOG_WARN,
"Unknown Control Packet received: %" PRIX32,
1823 WINPR_CXX_COMPAT_CAST(UINT32, type));
1827static BOOL rdg_process_control_packet(rdpRdg* rdg,
int type,
size_t packetLength)
1830 size_t readCount = 0;
1832 size_t payloadSize = packetLength -
sizeof(RdgPacketHeader);
1834 if (packetLength <
sizeof(RdgPacketHeader))
1838 WINPR_ASSERT(
sizeof(RdgPacketHeader) < INT_MAX);
1842 s = Stream_New(NULL, payloadSize);
1847 while (readCount < payloadSize)
1849 if (rdg_shall_abort(rdg))
1851 Stream_Free(s, TRUE);
1854 status = rdg_socket_read(rdg->tlsOut->bio, Stream_Pointer(s), payloadSize - readCount,
1855 &rdg->transferEncoding);
1859 if (!BIO_should_retry(rdg->tlsOut->bio))
1861 Stream_Free(s, TRUE);
1868 Stream_Seek(s, (
size_t)status);
1869 readCount += (size_t)status;
1871 if (readCount > INT_MAX)
1873 Stream_Free(s, TRUE);
1878 Stream_SetPosition(s, 0);
1883 case PKT_TYPE_CLOSE_CHANNEL:
1884 EnterCriticalSection(&rdg->writeSection);
1885 status = rdg_process_close_packet(rdg, s);
1886 LeaveCriticalSection(&rdg->writeSection);
1889 case PKT_TYPE_KEEPALIVE:
1890 EnterCriticalSection(&rdg->writeSection);
1891 status = rdg_process_keep_alive_packet(rdg);
1892 LeaveCriticalSection(&rdg->writeSection);
1895 case PKT_TYPE_SERVICE_MESSAGE:
1898 WLog_Print(rdg->log, WLOG_ERROR,
1899 "PKT_TYPE_SERVICE_MESSAGE requires payload but none was sent");
1902 status = rdg_process_service_message(rdg, s);
1905 case PKT_TYPE_REAUTH_MESSAGE:
1907 status = rdg_process_unknown_packet(rdg, type);
1911 Stream_Free(s, TRUE);
1915static int rdg_read_data_packet(rdpRdg* rdg, BYTE* buffer,
size_t size)
1917 RdgPacketHeader header = { 0 };
1918 size_t readCount = 0;
1919 size_t readSize = 0;
1922 if (!rdg->packetRemainingCount)
1925 WINPR_ASSERT(
sizeof(RdgPacketHeader) < INT_MAX);
1927 while (readCount <
sizeof(RdgPacketHeader))
1929 if (rdg_shall_abort(rdg))
1932 status = rdg_socket_read(rdg->tlsOut->bio, (BYTE*)(&header) + readCount,
1933 sizeof(RdgPacketHeader) - readCount, &rdg->transferEncoding);
1937 if (!BIO_should_retry(rdg->tlsOut->bio))
1943 BIO_wait_read(rdg->tlsOut->bio, 50);
1947 readCount += (size_t)status;
1949 if (readCount > INT_MAX)
1953 if (header.type != PKT_TYPE_DATA)
1955 status = rdg_process_control_packet(rdg, header.type, header.packetLength);
1965 while (readCount < 2)
1967 if (rdg_shall_abort(rdg))
1970 rdg_socket_read(rdg->tlsOut->bio, (BYTE*)(&rdg->packetRemainingCount) + readCount,
1971 2 - readCount, &rdg->transferEncoding);
1975 if (!BIO_should_retry(rdg->tlsOut->bio))
1978 BIO_wait_read(rdg->tlsOut->bio, 50);
1982 readCount += (size_t)status;
1986 readSize = (rdg->packetRemainingCount < size) ? rdg->packetRemainingCount : size;
1987 status = rdg_socket_read(rdg->tlsOut->bio, buffer, readSize, &rdg->transferEncoding);
1991 if (!BIO_should_retry(rdg->tlsOut->bio))
1999 rdg->packetRemainingCount -= status;
2003static int rdg_bio_write(BIO* bio,
const char* buf,
int num)
2006 rdpRdg* rdg = (rdpRdg*)BIO_get_data(bio);
2010 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
2011 EnterCriticalSection(&rdg->writeSection);
2012 status = rdg_write_data_packet(rdg, (
const BYTE*)buf, num);
2013 LeaveCriticalSection(&rdg->writeSection);
2017 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2020 else if (status < num)
2022 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2023 WSASetLastError(WSAEWOULDBLOCK);
2027 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2033static int rdg_bio_read(BIO* bio,
char* buf,
int size)
2036 rdpRdg* rdg = (rdpRdg*)BIO_get_data(bio);
2039 status = rdg_read_data_packet(rdg, (BYTE*)buf, (
size_t)size);
2043 BIO_clear_retry_flags(bio);
2046 else if (status == 0)
2048 BIO_set_retry_read(bio);
2049 WSASetLastError(WSAEWOULDBLOCK);
2054 BIO_set_flags(bio, BIO_FLAGS_READ);
2060static int rdg_bio_puts(BIO* bio,
const char* str)
2068static int rdg_bio_gets(BIO* bio,
char* str,
int size)
2076static long rdg_bio_ctrl(BIO* in_bio,
int cmd,
long arg1,
void* arg2)
2079 rdpRdg* rdg = (rdpRdg*)BIO_get_data(in_bio);
2080 rdpTls* tlsOut = rdg->tlsOut;
2081 rdpTls* tlsIn = rdg->tlsIn;
2083 if (cmd == BIO_CTRL_FLUSH)
2085 (void)BIO_flush(tlsOut->bio);
2086 if (!rdg->transferEncoding.isWebsocketTransport)
2087 (void)BIO_flush(tlsIn->bio);
2090 else if (cmd == BIO_C_SET_NONBLOCK)
2094 else if (cmd == BIO_C_READ_BLOCKED)
2096 BIO* cbio = tlsOut->bio;
2097 status = BIO_read_blocked(cbio);
2099 else if (cmd == BIO_C_WRITE_BLOCKED)
2101 BIO* cbio = tlsIn->bio;
2103 if (rdg->transferEncoding.isWebsocketTransport)
2106 status = BIO_write_blocked(cbio);
2108 else if (cmd == BIO_C_WAIT_READ)
2110 int timeout = (int)arg1;
2111 BIO* cbio = tlsOut->bio;
2113 if (BIO_read_blocked(cbio))
2114 return BIO_wait_read(cbio, timeout);
2115 else if (BIO_write_blocked(cbio))
2116 return BIO_wait_write(cbio, timeout);
2120 else if (cmd == BIO_C_WAIT_WRITE)
2122 int timeout = (int)arg1;
2123 BIO* cbio = tlsIn->bio;
2125 if (rdg->transferEncoding.isWebsocketTransport)
2128 if (BIO_write_blocked(cbio))
2129 status = BIO_wait_write(cbio, timeout);
2130 else if (BIO_read_blocked(cbio))
2131 status = BIO_wait_read(cbio, timeout);
2135 else if (cmd == BIO_C_GET_EVENT || cmd == BIO_C_GET_FD)
2145 status = BIO_ctrl(tlsOut->bio, cmd, arg1, arg2);
2147#if OPENSSL_VERSION_NUMBER >= 0x30000000L
2148 else if (cmd == BIO_CTRL_GET_KTLS_SEND)
2156 else if (cmd == BIO_CTRL_GET_KTLS_RECV)
2167static int rdg_bio_new(BIO* bio)
2169 BIO_set_init(bio, 1);
2170 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2174static int rdg_bio_free(BIO* bio)
2180static BIO_METHOD* BIO_s_rdg(
void)
2182 static BIO_METHOD* bio_methods = NULL;
2184 if (bio_methods == NULL)
2186 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG,
"RDGateway")))
2189 BIO_meth_set_write(bio_methods, rdg_bio_write);
2190 BIO_meth_set_read(bio_methods, rdg_bio_read);
2191 BIO_meth_set_puts(bio_methods, rdg_bio_puts);
2192 BIO_meth_set_gets(bio_methods, rdg_bio_gets);
2193 BIO_meth_set_ctrl(bio_methods, rdg_bio_ctrl);
2194 BIO_meth_set_create(bio_methods, rdg_bio_new);
2195 BIO_meth_set_destroy(bio_methods, rdg_bio_free);
2201rdpRdg* rdg_new(rdpContext* context)
2206 rdpRdg* rdg = (rdpRdg*)calloc(1,
sizeof(rdpRdg));
2210 rdg->log = WLog_Get(TAG);
2211 rdg->state = RDG_CLIENT_STATE_INITIAL;
2212 rdg->context = context;
2214 (rdg->context->settings->GatewayHttpExtAuthSspiNtlm ? HTTP_EXTENDED_AUTH_SSPI_NTLM
2215 : HTTP_EXTENDED_AUTH_NONE);
2217 if (rdg->context->settings->GatewayAccessToken)
2218 rdg->extAuth = HTTP_EXTENDED_AUTH_PAA;
2220 UuidCreate(&rdg->guid);
2222 rdg->tlsOut = freerdp_tls_new(rdg->context);
2225 goto rdg_alloc_error;
2227 rdg->tlsIn = freerdp_tls_new(rdg->context);
2230 goto rdg_alloc_error;
2232 rdg->http = http_context_new();
2235 goto rdg_alloc_error;
2237 if (!http_context_set_uri(rdg->http,
"/remoteDesktopGateway/") ||
2238 !http_context_set_accept(rdg->http,
"*/*") ||
2239 !http_context_set_cache_control(rdg->http,
"no-cache") ||
2240 !http_context_set_pragma(rdg->http,
"no-cache") ||
2241 !http_context_set_connection(rdg->http,
"Keep-Alive") ||
2242 !http_context_set_user_agent(rdg->http,
"MS-RDGateway/1.0") ||
2243 !http_context_set_host(rdg->http, rdg->context->settings->GatewayHostname) ||
2244 !http_context_set_rdg_connection_id(rdg->http, &rdg->guid) ||
2245 !http_context_set_rdg_correlation_id(rdg->http, &rdg->guid) ||
2246 !http_context_enable_websocket_upgrade(
2250 goto rdg_alloc_error;
2253 if (rdg->extAuth != HTTP_EXTENDED_AUTH_NONE)
2255 switch (rdg->extAuth)
2257 case HTTP_EXTENDED_AUTH_PAA:
2258 if (!http_context_set_rdg_auth_scheme(rdg->http,
"PAA"))
2259 goto rdg_alloc_error;
2263 case HTTP_EXTENDED_AUTH_SSPI_NTLM:
2264 if (!http_context_set_rdg_auth_scheme(rdg->http,
"SSPI_NTLM"))
2265 goto rdg_alloc_error;
2270 WLog_Print(rdg->log, WLOG_DEBUG,
2271 "RDG extended authentication method %d not supported", rdg->extAuth);
2275 rdg->frontBio = BIO_new(BIO_s_rdg());
2278 goto rdg_alloc_error;
2280 BIO_set_data(rdg->frontBio, rdg);
2281 InitializeCriticalSection(&rdg->writeSection);
2283 rdg->transferEncoding.httpTransferEncoding = TransferEncodingIdentity;
2284 rdg->transferEncoding.isWebsocketTransport = FALSE;
2286 rdg->transferEncoding.context.websocket = websocket_context_new();
2287 if (!rdg->transferEncoding.context.websocket)
2288 goto rdg_alloc_error;
2292 WINPR_PRAGMA_DIAG_PUSH
2293 WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC
2295 WINPR_PRAGMA_DIAG_POP
2299void rdg_free(rdpRdg* rdg)
2304 freerdp_tls_free(rdg->tlsOut);
2305 freerdp_tls_free(rdg->tlsIn);
2306 http_context_free(rdg->http);
2307 credssp_auth_free(rdg->auth);
2310 BIO_free_all(rdg->frontBio);
2312 DeleteCriticalSection(&rdg->writeSection);
2314 smartcardCertInfo_Free(rdg->smartcard);
2316 websocket_context_free(rdg->transferEncoding.context.websocket);
2321BIO* rdg_get_front_bio_and_take_ownership(rdpRdg* rdg)
2326 rdg->attached = TRUE;
2327 return rdg->frontBio;
FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
FREERDP_API WCHAR * freerdp_settings_get_string_as_utf16(const rdpSettings *settings, FreeRDP_Settings_Keys_String id, size_t *pCharLen)
Return an allocated UTF16 string.
1.9.8