22 #include <freerdp/config.h>
24 #include "../settings.h"
26 #include <winpr/assert.h>
27 #include <winpr/cast.h>
29 #include <winpr/crt.h>
30 #include <winpr/synch.h>
31 #include <winpr/print.h>
32 #include <winpr/stream.h>
33 #include <winpr/winsock.h>
34 #include <winpr/cred.h>
36 #include <freerdp/log.h>
37 #include <freerdp/error.h>
38 #include <freerdp/utils/ringbuffer.h>
39 #include <freerdp/utils/smartcardlogon.h>
42 #include "websocket.h"
43 #include "../credssp_auth.h"
46 #include "../../crypto/opensslcompat.h"
47 #include "rpc_fault.h"
50 #define TAG FREERDP_TAG("core.gateway.rdg")
52 #define AUTH_PKG NEGO_SSP_NAME
55 #define HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID 0x1
56 #define HTTP_CHANNEL_RESPONSE_OPTIONAL 0x2
57 #define HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT 0x4
60 #define HTTP_EXTENDED_AUTH_NONE 0x0
61 #define HTTP_EXTENDED_AUTH_SC 0x1
62 #define HTTP_EXTENDED_AUTH_PAA 0x02
63 #define HTTP_EXTENDED_AUTH_SSPI_NTLM 0x04
64 #define HTTP_EXTENDED_AUTH_BEARER 0x08
67 #define PKT_TYPE_HANDSHAKE_REQUEST 0x1
68 #define PKT_TYPE_HANDSHAKE_RESPONSE 0x2
69 #define PKT_TYPE_EXTENDED_AUTH_MSG 0x3
70 #define PKT_TYPE_TUNNEL_CREATE 0x4
71 #define PKT_TYPE_TUNNEL_RESPONSE 0x5
72 #define PKT_TYPE_TUNNEL_AUTH 0x6
73 #define PKT_TYPE_TUNNEL_AUTH_RESPONSE 0x7
74 #define PKT_TYPE_CHANNEL_CREATE 0x8
75 #define PKT_TYPE_CHANNEL_RESPONSE 0x9
76 #define PKT_TYPE_DATA 0xA
77 #define PKT_TYPE_SERVICE_MESSAGE 0xB
78 #define PKT_TYPE_REAUTH_MESSAGE 0xC
79 #define PKT_TYPE_KEEPALIVE 0xD
80 #define PKT_TYPE_CLOSE_CHANNEL 0x10
81 #define PKT_TYPE_CLOSE_CHANNEL_RESPONSE 0x11
87 #define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS 0x1
88 #define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT 0x2
89 #define HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE 0x4
92 #define HTTP_TUNNEL_PACKET_FIELD_PAA_COOKIE 0x1
96 #define HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID 0x1
97 #define HTTP_TUNNEL_RESPONSE_FIELD_CAPS 0x2
98 #define HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ 0x4
99 #define HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG 0x10
102 #define HTTP_CAPABILITY_TYPE_QUAR_SOH 0x1
103 #define HTTP_CAPABILITY_IDLE_TIMEOUT 0x2
104 #define HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN 0x4
105 #define HTTP_CAPABILITY_MESSAGING_SERVICE_MSG 0x8
106 #define HTTP_CAPABILITY_REAUTH 0x10
107 #define HTTP_CAPABILITY_UDP_TRANSPORT 0x20
111 TRANSFER_ENCODING httpTransferEncoding;
112 BOOL isWebsocketTransport;
116 websocket_context* websocket;
118 } rdg_http_encoding_context;
127 rdpCredsspAuth* auth;
134 UINT16 packetRemainingCount;
139 rdg_http_encoding_context transferEncoding;
147 RDG_CLIENT_STATE_INITIAL,
148 RDG_CLIENT_STATE_HANDSHAKE,
149 RDG_CLIENT_STATE_TUNNEL_CREATE,
150 RDG_CLIENT_STATE_TUNNEL_AUTHORIZE,
151 RDG_CLIENT_STATE_CHANNEL_CREATE,
152 RDG_CLIENT_STATE_OPENED,
155 #pragma pack(push, 1)
157 typedef struct rdg_packet_header
172 static const t_flag_mapping tunnel_response_fields_present[] = {
173 { HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID,
"HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID" },
174 { HTTP_TUNNEL_RESPONSE_FIELD_CAPS,
"HTTP_TUNNEL_RESPONSE_FIELD_CAPS" },
175 { HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ,
"HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ" },
176 { HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG,
"HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG" }
179 static const t_flag_mapping channel_response_fields_present[] = {
180 { HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID,
"HTTP_CHANNEL_RESPONSE_FIELD_CHANNELID" },
181 { HTTP_CHANNEL_RESPONSE_OPTIONAL,
"HTTP_CHANNEL_RESPONSE_OPTIONAL" },
182 { HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT,
"HTTP_CHANNEL_RESPONSE_FIELD_UDPPORT" }
185 static const t_flag_mapping tunnel_authorization_response_fields_present[] = {
186 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS,
"HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS" },
187 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT,
188 "HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT" },
189 { HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE,
190 "HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE" }
193 static const t_flag_mapping extended_auth[] = {
194 { HTTP_EXTENDED_AUTH_NONE,
"HTTP_EXTENDED_AUTH_NONE" },
195 { HTTP_EXTENDED_AUTH_SC,
"HTTP_EXTENDED_AUTH_SC" },
196 { HTTP_EXTENDED_AUTH_PAA,
"HTTP_EXTENDED_AUTH_PAA" },
197 { HTTP_EXTENDED_AUTH_SSPI_NTLM,
"HTTP_EXTENDED_AUTH_SSPI_NTLM" }
200 static const t_flag_mapping capabilities_enum[] = {
201 { HTTP_CAPABILITY_TYPE_QUAR_SOH,
"HTTP_CAPABILITY_TYPE_QUAR_SOH" },
202 { HTTP_CAPABILITY_IDLE_TIMEOUT,
"HTTP_CAPABILITY_IDLE_TIMEOUT" },
203 { HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN,
"HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN" },
204 { HTTP_CAPABILITY_MESSAGING_SERVICE_MSG,
"HTTP_CAPABILITY_MESSAGING_SERVICE_MSG" },
205 { HTTP_CAPABILITY_REAUTH,
"HTTP_CAPABILITY_REAUTH" },
206 { HTTP_CAPABILITY_UDP_TRANSPORT,
"HTTP_CAPABILITY_UDP_TRANSPORT" }
209 static const char* flags_to_string(UINT32 flags,
const t_flag_mapping* map,
size_t elements)
211 static char buffer[1024] = { 0 };
212 char fields[12] = { 0 };
214 for (
size_t x = 0; x < elements; x++)
216 const t_flag_mapping* cur = &map[x];
218 if ((cur->code & flags) != 0)
219 winpr_str_append(cur->name, buffer,
sizeof(buffer),
"|");
222 (void)sprintf_s(fields, ARRAYSIZE(fields),
" [%04" PRIx32
"]", flags);
223 winpr_str_append(fields, buffer,
sizeof(buffer), NULL);
227 static const char* channel_response_fields_present_to_string(UINT16 fieldsPresent)
229 return flags_to_string(fieldsPresent, channel_response_fields_present,
230 ARRAYSIZE(channel_response_fields_present));
233 static const char* tunnel_response_fields_present_to_string(UINT16 fieldsPresent)
235 return flags_to_string(fieldsPresent, tunnel_response_fields_present,
236 ARRAYSIZE(tunnel_response_fields_present));
239 static const char* tunnel_authorization_response_fields_present_to_string(UINT16 fieldsPresent)
241 return flags_to_string(fieldsPresent, tunnel_authorization_response_fields_present,
242 ARRAYSIZE(tunnel_authorization_response_fields_present));
245 static const char* extended_auth_to_string(UINT16 auth)
247 if (auth == HTTP_EXTENDED_AUTH_NONE)
248 return "HTTP_EXTENDED_AUTH_NONE [0x0000]";
250 return flags_to_string(auth, extended_auth, ARRAYSIZE(extended_auth));
253 static const char* capabilities_enum_to_string(UINT32 capabilities)
255 return flags_to_string(capabilities, capabilities_enum, ARRAYSIZE(capabilities_enum));
258 static BOOL rdg_read_http_unicode_string(wLog* log,
wStream* s,
const WCHAR**
string,
259 UINT16* lengthInBytes)
261 UINT16 strLenBytes = 0;
262 size_t rem = Stream_GetRemainingLength(s);
265 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
267 WLog_Print(log, WLOG_ERROR,
"Could not read stream length, only have %" PRIuz
" bytes",
271 Stream_Read_UINT16(s, strLenBytes);
274 const WCHAR* str = Stream_ConstPointer(s);
277 if (!Stream_SafeSeek(s, strLenBytes))
279 WLog_Print(log, WLOG_ERROR,
280 "Could not read stream data, only have %" PRIuz
" bytes, expected %" PRIu16,
281 rem - 4, strLenBytes);
289 *lengthInBytes = strLenBytes;
294 static BOOL rdg_write_chunked(BIO* bio,
wStream* sPacket)
300 (void)sprintf_s(chunkSize,
sizeof(chunkSize),
"%" PRIXz
"\r\n", Stream_Length(sPacket));
301 sChunk = Stream_New(NULL, strnlen(chunkSize,
sizeof(chunkSize)) + Stream_Length(sPacket) + 2);
306 Stream_Write(sChunk, chunkSize, strnlen(chunkSize,
sizeof(chunkSize)));
307 Stream_Write(sChunk, Stream_Buffer(sPacket), Stream_Length(sPacket));
308 Stream_Write(sChunk,
"\r\n", 2);
309 Stream_SealLength(sChunk);
310 len = Stream_Length(sChunk);
314 Stream_Free(sChunk, TRUE);
319 status = BIO_write(bio, Stream_Buffer(sChunk), (
int)len);
320 Stream_Free(sChunk, TRUE);
322 if (status != (SSIZE_T)len)
328 static BOOL rdg_write_packet(rdpRdg* rdg,
wStream* sPacket)
330 if (rdg->transferEncoding.isWebsocketTransport)
331 return websocket_context_write_wstream(rdg->transferEncoding.context.websocket,
332 rdg->tlsOut->bio, sPacket, WebsocketBinaryOpcode);
334 return rdg_write_chunked(rdg->tlsIn->bio, sPacket);
337 static int rdg_socket_read(BIO* bio, BYTE* pBuffer,
size_t size,
338 rdg_http_encoding_context* encodingContext)
340 WINPR_ASSERT(encodingContext != NULL);
341 if (size > INT32_MAX)
344 if (encodingContext->isWebsocketTransport)
345 return websocket_context_read(encodingContext->context.websocket, bio, pBuffer, size);
347 switch (encodingContext->httpTransferEncoding)
349 case TransferEncodingIdentity:
351 return BIO_read(bio, pBuffer, (
int)size);
352 case TransferEncodingChunked:
353 return http_chuncked_read(bio, pBuffer, size, &encodingContext->context.chunked);
359 static BOOL rdg_shall_abort(rdpRdg* rdg)
362 return freerdp_shall_disconnect_context(rdg->context);
365 static BOOL rdg_read_all(rdpContext* context, rdpTls* tls, BYTE* buffer,
size_t size,
366 rdg_http_encoding_context* transferEncoding)
368 size_t readCount = 0;
369 BYTE* pBuffer = buffer;
371 while (readCount < size)
373 if (freerdp_shall_disconnect_context(context))
376 int status = rdg_socket_read(tls->bio, pBuffer, size - readCount, transferEncoding);
379 if (!BIO_should_retry(tls->bio))
386 readCount += WINPR_ASSERTING_INT_CAST(uint32_t, status);
387 pBuffer += WINPR_ASSERTING_INT_CAST(uint32_t, status);
393 static wStream* rdg_receive_packet(rdpRdg* rdg)
395 const size_t header =
sizeof(RdgPacketHeader);
396 size_t packetLength = 0;
397 wStream* s = Stream_New(NULL, 1024);
402 if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s), header, &rdg->transferEncoding))
404 Stream_Free(s, TRUE);
409 Stream_Read_UINT32(s, packetLength);
411 if ((packetLength > INT_MAX) || !Stream_EnsureCapacity(s, packetLength) ||
412 (packetLength < header))
414 Stream_Free(s, TRUE);
418 if (!rdg_read_all(rdg->context, rdg->tlsOut, Stream_Buffer(s) + header, packetLength - header,
419 &rdg->transferEncoding))
421 Stream_Free(s, TRUE);
425 Stream_SetLength(s, packetLength);
429 static BOOL rdg_send_handshake(rdpRdg* rdg)
432 wStream* s = Stream_New(NULL, 14);
437 Stream_Write_UINT16(s, PKT_TYPE_HANDSHAKE_REQUEST);
438 Stream_Write_UINT16(s, 0);
439 Stream_Write_UINT32(s, 14);
440 Stream_Write_UINT8(s, 1);
441 Stream_Write_UINT8(s, 0);
442 Stream_Write_UINT16(s, 0);
443 Stream_Write_UINT16(s, rdg->extAuth);
444 Stream_SealLength(s);
445 status = rdg_write_packet(rdg, s);
446 Stream_Free(s, TRUE);
450 rdg->state = RDG_CLIENT_STATE_HANDSHAKE;
456 static BOOL rdg_send_extauth_sspi(rdpRdg* rdg)
460 UINT32 packetSize = 8 + 4 + 2;
464 const SecBuffer* authToken = credssp_auth_get_output_buffer(rdg->auth);
467 packetSize += authToken->cbBuffer;
469 s = Stream_New(NULL, packetSize);
474 Stream_Write_UINT16(s, PKT_TYPE_EXTENDED_AUTH_MSG);
475 Stream_Write_UINT16(s, 0);
476 Stream_Write_UINT32(s, packetSize);
477 Stream_Write_UINT32(s, ERROR_SUCCESS);
478 Stream_Write_UINT16(s, (UINT16)authToken->cbBuffer);
479 Stream_Write(s, authToken->pvBuffer, authToken->cbBuffer);
481 Stream_SealLength(s);
482 status = rdg_write_packet(rdg, s);
483 Stream_Free(s, TRUE);
488 static BOOL rdg_send_tunnel_request(rdpRdg* rdg)
492 UINT32 packetSize = 16;
493 UINT16 fieldsPresent = 0;
494 WCHAR* PAACookie = NULL;
495 size_t PAACookieLen = 0;
496 const UINT32 capabilities = HTTP_CAPABILITY_TYPE_QUAR_SOH |
497 HTTP_CAPABILITY_MESSAGING_CONSENT_SIGN |
498 HTTP_CAPABILITY_MESSAGING_SERVICE_MSG;
500 if (rdg->extAuth == HTTP_EXTENDED_AUTH_PAA)
503 ConvertUtf8ToWCharAlloc(rdg->context->settings->GatewayAccessToken, &PAACookieLen);
505 if (!PAACookie || (PAACookieLen > UINT16_MAX /
sizeof(WCHAR)))
512 packetSize += 2 + (UINT32)(PAACookieLen) *
sizeof(WCHAR);
513 fieldsPresent = HTTP_TUNNEL_PACKET_FIELD_PAA_COOKIE;
516 s = Stream_New(NULL, packetSize);
524 Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_CREATE);
525 Stream_Write_UINT16(s, 0);
526 Stream_Write_UINT32(s, packetSize);
527 Stream_Write_UINT32(s, capabilities);
528 Stream_Write_UINT16(s, fieldsPresent);
529 Stream_Write_UINT16(s, 0);
533 Stream_Write_UINT16(s, (UINT16)PAACookieLen *
sizeof(WCHAR));
534 Stream_Write_UTF16_String(s, PAACookie, PAACookieLen);
537 Stream_SealLength(s);
538 status = rdg_write_packet(rdg, s);
539 Stream_Free(s, TRUE);
544 rdg->state = RDG_CLIENT_STATE_TUNNEL_CREATE;
550 static BOOL rdg_send_tunnel_authorization(rdpRdg* rdg)
555 size_t clientNameLen = 0;
557 rdg->context->settings, FreeRDP_ClientHostname, &clientNameLen);
561 const size_t packetSize = 12ull + clientNameLen *
sizeof(WCHAR);
562 if (!clientName || (clientNameLen >= UINT16_MAX /
sizeof(WCHAR)) || (packetSize > UINT32_MAX))
568 s = Stream_New(NULL, packetSize);
576 Stream_Write_UINT16(s, PKT_TYPE_TUNNEL_AUTH);
577 Stream_Write_UINT16(s, 0);
578 Stream_Write_UINT32(s, (UINT32)packetSize);
579 Stream_Write_UINT16(s, 0);
580 Stream_Write_UINT16(s, (UINT16)clientNameLen *
sizeof(WCHAR));
581 Stream_Write_UTF16_String(s, clientName, clientNameLen);
582 Stream_SealLength(s);
583 status = rdg_write_packet(rdg, s);
584 Stream_Free(s, TRUE);
589 rdg->state = RDG_CLIENT_STATE_TUNNEL_AUTHORIZE;
595 static BOOL rdg_send_channel_create(rdpRdg* rdg)
599 WCHAR* serverName = NULL;
600 size_t serverNameLen = 0;
604 FreeRDP_ServerHostname, &serverNameLen);
607 const size_t packetSize = 16ull + serverNameLen *
sizeof(WCHAR);
608 if (!serverName || (serverNameLen >= UINT16_MAX /
sizeof(WCHAR)) || (packetSize > UINT32_MAX))
611 s = Stream_New(NULL, packetSize);
616 Stream_Write_UINT16(s, PKT_TYPE_CHANNEL_CREATE);
617 Stream_Write_UINT16(s, 0);
618 Stream_Write_UINT32(s, (UINT32)packetSize);
619 Stream_Write_UINT8(s, 1);
620 Stream_Write_UINT8(s, 0);
621 Stream_Write_UINT16(s,
622 (UINT16)rdg->context->settings->ServerPort);
623 Stream_Write_UINT16(s, 3);
624 Stream_Write_UINT16(s, (UINT16)serverNameLen *
sizeof(WCHAR));
625 Stream_Write_UTF16_String(s, serverName, serverNameLen);
626 Stream_SealLength(s);
627 status = rdg_write_packet(rdg, s);
630 Stream_Free(s, TRUE);
633 rdg->state = RDG_CLIENT_STATE_CHANNEL_CREATE;
638 static BOOL rdg_set_auth_header(rdpCredsspAuth* auth, HttpRequest* request)
640 const SecBuffer* authToken = credssp_auth_get_output_buffer(auth);
641 char* base64AuthToken = NULL;
645 if (authToken->cbBuffer > INT_MAX)
648 base64AuthToken = crypto_base64_encode(authToken->pvBuffer, authToken->cbBuffer);
653 BOOL rc = http_request_set_auth_scheme(request, credssp_auth_pkg_name(auth)) &&
654 http_request_set_auth_param(request, base64AuthToken);
655 free(base64AuthToken);
664 static wStream* rdg_build_http_request(rdpRdg* rdg,
const char* method,
665 TRANSFER_ENCODING transferEncoding)
668 HttpRequest* request = NULL;
669 const char* uri = NULL;
674 uri = http_context_get_uri(rdg->http);
675 request = http_request_new();
680 if (!http_request_set_method(request, method) || !http_request_set_uri(request, uri))
685 if (!rdg_set_auth_header(rdg->auth, request))
689 else if (rdg->extAuth == HTTP_EXTENDED_AUTH_BEARER)
691 http_request_set_auth_scheme(request,
"Bearer");
692 http_request_set_auth_param(request, rdg->context->settings->GatewayHttpExtAuthBearer);
695 http_request_set_transfer_encoding(request, transferEncoding);
697 s = http_request_write(rdg->http, request);
699 http_request_free(request);
702 Stream_SealLength(s);
707 static BOOL rdg_recv_auth_token(wLog* log, rdpCredsspAuth* auth, HttpResponse* response)
710 const char* token64 = NULL;
711 size_t authTokenLength = 0;
712 BYTE* authTokenData = NULL;
717 if (!auth || !response)
720 StatusCode = http_response_get_status_code(response);
723 case HTTP_STATUS_DENIED:
725 case HTTP_STATUS_SWITCH_PROTOCOLS:
728 http_response_log_error_status(log, WLOG_WARN, response);
732 token64 = http_response_get_auth_token(response, credssp_auth_pkg_name(auth));
737 len = strlen(token64);
739 crypto_base64_decode(token64, len, &authTokenData, &authTokenLength);
741 if (authTokenLength && authTokenData && (authTokenLength <= UINT32_MAX))
743 authToken.pvBuffer = authTokenData;
744 authToken.cbBuffer = (UINT32)authTokenLength;
745 credssp_auth_take_input_buffer(auth, &authToken);
750 rc = credssp_auth_authenticate(auth);
757 static BOOL rdg_skip_seed_payload(rdpContext* context, rdpTls* tls,
size_t lastResponseLength,
758 rdg_http_encoding_context* transferEncoding)
760 BYTE seed_payload[10] = { 0 };
761 const size_t size =
sizeof(seed_payload);
766 if (lastResponseLength < size)
768 if (!rdg_read_all(context, tls, seed_payload, size - lastResponseLength, transferEncoding))
777 static BOOL rdg_process_handshake_response(rdpRdg* rdg,
wStream* s)
779 UINT32 errorCode = 0;
780 UINT16 serverVersion = 0;
781 UINT16 extendedAuth = 0;
784 const char* error = NULL;
785 WLog_Print(rdg->log, WLOG_DEBUG,
"Handshake response received");
787 if (rdg->state != RDG_CLIENT_STATE_HANDSHAKE)
792 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 10))
795 Stream_Read_UINT32(s, errorCode);
796 Stream_Read_UINT8(s, verMajor);
797 Stream_Read_UINT8(s, verMinor);
798 Stream_Read_UINT16(s, serverVersion);
799 Stream_Read_UINT16(s, extendedAuth);
800 error = rpc_error_to_string(errorCode);
801 WLog_Print(rdg->log, WLOG_DEBUG,
802 "errorCode=%s, verMajor=%" PRId8
", verMinor=%" PRId8
", serverVersion=%" PRId16
804 error, verMajor, verMinor, serverVersion, extended_auth_to_string(extendedAuth));
806 if (FAILED((HRESULT)errorCode))
808 WLog_Print(rdg->log, WLOG_ERROR,
"Handshake error %s", error);
809 freerdp_set_last_error_log(rdg->context, errorCode);
813 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
814 return rdg_send_extauth_sspi(rdg);
816 return rdg_send_tunnel_request(rdg);
819 static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg,
wStream* s, UINT16 fieldsPresent)
821 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_TUNNEL_ID)
824 if (!Stream_SafeSeek(s, 4))
826 WLog_Print(rdg->log, WLOG_ERROR,
"Short tunnelId, got %" PRIuz
", expected 4",
827 Stream_GetRemainingLength(s));
832 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CAPS)
835 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 4))
838 Stream_Read_UINT32(s, caps);
839 WLog_Print(rdg->log, WLOG_DEBUG,
"capabilities=%s", capabilities_enum_to_string(caps));
842 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ)
845 if (!Stream_SafeSeek(s, 20))
847 WLog_Print(rdg->log, WLOG_ERROR,
"Short nonce, got %" PRIuz
", expected 20",
848 Stream_GetRemainingLength(s));
853 if (!rdg_read_http_unicode_string(rdg->log, s, NULL, NULL))
855 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read server certificate");
860 if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG)
862 const WCHAR* msg = NULL;
863 UINT16 msgLenBytes = 0;
864 rdpContext* context = rdg->context;
866 WINPR_ASSERT(context);
867 WINPR_ASSERT(context->instance);
870 if (!rdg_read_http_unicode_string(rdg->log, s, &msg, &msgLenBytes))
872 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read consent message");
876 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
877 GATEWAY_MESSAGE_CONSENT, TRUE, TRUE, msgLenBytes, msg);
883 static BOOL rdg_process_tunnel_response(rdpRdg* rdg,
wStream* s)
885 UINT16 serverVersion = 0;
886 UINT16 fieldsPresent = 0;
887 UINT32 errorCode = 0;
888 const char* error = NULL;
889 WLog_Print(rdg->log, WLOG_DEBUG,
"Tunnel response received");
891 if (rdg->state != RDG_CLIENT_STATE_TUNNEL_CREATE)
896 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 10))
899 Stream_Read_UINT16(s, serverVersion);
900 Stream_Read_UINT32(s, errorCode);
901 Stream_Read_UINT16(s, fieldsPresent);
902 Stream_Seek_UINT16(s);
903 error = rpc_error_to_string(errorCode);
904 WLog_Print(rdg->log, WLOG_DEBUG,
"serverVersion=%" PRId16
", errorCode=%s, fieldsPresent=%s",
905 serverVersion, error, tunnel_response_fields_present_to_string(fieldsPresent));
907 if (FAILED((HRESULT)errorCode))
909 WLog_Print(rdg->log, WLOG_ERROR,
"Tunnel creation error %s", error);
910 freerdp_set_last_error_log(rdg->context, errorCode);
914 if (!rdg_process_tunnel_response_optional(rdg, s, fieldsPresent))
917 return rdg_send_tunnel_authorization(rdg);
920 static BOOL rdg_process_tunnel_authorization_response(rdpRdg* rdg,
wStream* s)
922 UINT32 errorCode = 0;
923 UINT16 fieldsPresent = 0;
924 const char* error = NULL;
925 WLog_Print(rdg->log, WLOG_DEBUG,
"Tunnel authorization received");
927 if (rdg->state != RDG_CLIENT_STATE_TUNNEL_AUTHORIZE)
932 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
935 Stream_Read_UINT32(s, errorCode);
936 Stream_Read_UINT16(s, fieldsPresent);
937 Stream_Seek_UINT16(s);
938 error = rpc_error_to_string(errorCode);
939 WLog_Print(rdg->log, WLOG_DEBUG,
"errorCode=%s, fieldsPresent=%s", error,
940 tunnel_authorization_response_fields_present_to_string(fieldsPresent));
943 if (errorCode != S_OK && errorCode != E_PROXY_QUARANTINE_ACCESSDENIED)
945 WLog_Print(rdg->log, WLOG_ERROR,
"Tunnel authorization error %s", error);
946 freerdp_set_last_error_log(rdg->context, errorCode);
950 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_REDIR_FLAGS)
952 UINT32 redirFlags = 0;
953 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 4))
955 Stream_Read_UINT32(s, redirFlags);
957 rdpContext* context = rdg->context;
958 if (!utils_apply_gateway_policy(rdg->log, context, redirFlags,
"RDG"))
962 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_IDLE_TIMEOUT)
964 UINT32 idleTimeout = 0;
965 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 4))
967 Stream_Read_UINT32(s, idleTimeout);
968 WLog_Print(rdg->log, WLOG_DEBUG,
"[IDLE_TIMEOUT] idleTimeout=%" PRIu32
": TODO: unused",
972 if (fieldsPresent & HTTP_TUNNEL_AUTH_RESPONSE_FIELD_SOH_RESPONSE)
975 if (!Stream_CheckAndLogRequiredCapacityWLog(rdg->log, s, 2))
977 Stream_Read_UINT16(s, cbLen);
979 WLog_Print(rdg->log, WLOG_DEBUG,
"[SOH_RESPONSE] cbLen=%" PRIu16
": TODO: unused", cbLen);
980 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, cbLen))
982 Stream_Seek(s, cbLen);
985 return rdg_send_channel_create(rdg);
988 static BOOL rdg_process_extauth_sspi(rdpRdg* rdg,
wStream* s)
991 UINT16 authBlobLen = 0;
993 BYTE* authTokenData = NULL;
997 Stream_Read_INT32(s, errorCode);
998 Stream_Read_UINT16(s, authBlobLen);
1000 if (errorCode != ERROR_SUCCESS)
1002 WLog_Print(rdg->log, WLOG_ERROR,
"EXTAUTH_SSPI_NTLM failed with error %s [0x%08X]",
1003 GetSecurityStatusString(errorCode), errorCode);
1007 if (authBlobLen == 0)
1009 if (credssp_auth_is_complete(rdg->auth))
1011 credssp_auth_free(rdg->auth);
1013 return rdg_send_tunnel_request(rdg);
1018 authTokenData = malloc(authBlobLen);
1019 if (authTokenData == NULL)
1021 Stream_Read(s, authTokenData, authBlobLen);
1023 authToken.pvBuffer = authTokenData;
1024 authToken.cbBuffer = authBlobLen;
1026 credssp_auth_take_input_buffer(rdg->auth, &authToken);
1028 if (credssp_auth_authenticate(rdg->auth) < 0)
1031 if (credssp_auth_have_output_token(rdg->auth))
1032 return rdg_send_extauth_sspi(rdg);
1037 static BOOL rdg_process_channel_response(rdpRdg* rdg,
wStream* s)
1039 UINT16 fieldsPresent = 0;
1040 UINT32 errorCode = 0;
1041 const char* error = NULL;
1042 WLog_Print(rdg->log, WLOG_DEBUG,
"Channel response received");
1044 if (rdg->state != RDG_CLIENT_STATE_CHANNEL_CREATE)
1049 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
1052 Stream_Read_UINT32(s, errorCode);
1053 Stream_Read_UINT16(s, fieldsPresent);
1054 Stream_Seek_UINT16(s);
1055 error = rpc_error_to_string(errorCode);
1056 WLog_Print(rdg->log, WLOG_DEBUG,
"channel response errorCode=%s, fieldsPresent=%s", error,
1057 channel_response_fields_present_to_string(fieldsPresent));
1059 if (FAILED((HRESULT)errorCode))
1061 WLog_Print(rdg->log, WLOG_ERROR,
"channel response errorCode=%s, fieldsPresent=%s", error,
1062 channel_response_fields_present_to_string(fieldsPresent));
1063 freerdp_set_last_error_log(rdg->context, errorCode);
1067 rdg->state = RDG_CLIENT_STATE_OPENED;
1071 static BOOL rdg_process_packet(rdpRdg* rdg,
wStream* s)
1075 UINT32 packetLength = 0;
1076 Stream_SetPosition(s, 0);
1078 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 8))
1081 Stream_Read_UINT16(s, type);
1082 Stream_Seek_UINT16(s);
1083 Stream_Read_UINT32(s, packetLength);
1085 if (Stream_Length(s) < packetLength)
1087 WLog_Print(rdg->log, WLOG_ERROR,
"Short packet %" PRIuz
", expected %" PRIuz,
1088 Stream_Length(s), packetLength);
1094 case PKT_TYPE_HANDSHAKE_RESPONSE:
1095 status = rdg_process_handshake_response(rdg, s);
1098 case PKT_TYPE_TUNNEL_RESPONSE:
1099 status = rdg_process_tunnel_response(rdg, s);
1102 case PKT_TYPE_TUNNEL_AUTH_RESPONSE:
1103 status = rdg_process_tunnel_authorization_response(rdg, s);
1106 case PKT_TYPE_CHANNEL_RESPONSE:
1107 status = rdg_process_channel_response(rdg, s);
1111 WLog_Print(rdg->log, WLOG_ERROR,
"Unexpected packet type DATA");
1114 case PKT_TYPE_EXTENDED_AUTH_MSG:
1115 status = rdg_process_extauth_sspi(rdg, s);
1119 WLog_Print(rdg->log, WLOG_ERROR,
"PKG TYPE 0x%x not implemented", type);
1126 DWORD rdg_get_event_handles(rdpRdg* rdg, HANDLE* events, DWORD count)
1129 WINPR_ASSERT(rdg != NULL);
1131 if (rdg->tlsOut && rdg->tlsOut->bio)
1133 if (events && (nCount < count))
1135 BIO_get_event(rdg->tlsOut->bio, &events[nCount]);
1147 static BOOL rdg_get_gateway_credentials(rdpContext* context, rdp_auth_reason reason)
1149 freerdp* instance = context->instance;
1151 auth_status rc = utils_authenticate_gateway(instance, reason);
1157 case AUTH_CANCELLED:
1158 freerdp_set_last_error_log(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
1160 case AUTH_NO_CREDENTIALS:
1161 WLog_INFO(TAG,
"No credentials provided - using NULL identity");
1169 static BOOL rdg_auth_init(rdpRdg* rdg, rdpTls* tls, TCHAR* authPkg)
1171 rdpContext* context = rdg->context;
1172 rdpSettings* settings = context->settings;
1173 SEC_WINNT_AUTH_IDENTITY identity = { 0 };
1176 rdg->auth = credssp_auth_new(context);
1180 if (!credssp_auth_init(rdg->auth, authPkg, tls->Bindings))
1186 if (!smartcard_getCert(context, &rdg->smartcard, TRUE))
1189 if (!rdg_get_gateway_credentials(context, AUTH_SMARTCARD_PIN))
1194 if (!rdg_get_gateway_credentials(context, GW_AUTH_RDG))
1199 if (doSCLogon && !smartcard_getCert(context, &rdg->smartcard, TRUE))
1203 SEC_WINNT_AUTH_IDENTITY* identityArg = &identity;
1206 if (!identity_set_from_smartcard_hash(&identity, settings, FreeRDP_GatewayUsername,
1207 FreeRDP_GatewayDomain, FreeRDP_GatewayPassword,
1208 rdg->smartcard->sha1Hash,
1209 sizeof(rdg->smartcard->sha1Hash)))
1214 if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername,
1215 FreeRDP_GatewayDomain, FreeRDP_GatewayPassword))
1218 if (!settings->GatewayUsername)
1222 if (!credssp_auth_setup_client(rdg->auth,
"HTTP", settings->GatewayHostname, identityArg,
1223 rdg->smartcard ? rdg->smartcard->pkinitArgs : NULL))
1225 sspi_FreeAuthIdentity(&identity);
1228 sspi_FreeAuthIdentity(&identity);
1230 credssp_auth_set_flags(rdg->auth, ISC_REQ_CONFIDENTIALITY | ISC_REQ_MUTUAL_AUTH);
1232 rc = credssp_auth_authenticate(rdg->auth);
1239 static BOOL rdg_send_http_request(rdpRdg* rdg, rdpTls* tls,
const char* method,
1240 TRANSFER_ENCODING transferEncoding)
1243 wStream* s = rdg_build_http_request(rdg, method, transferEncoding);
1248 const size_t sz = Stream_Length(s);
1249 status = freerdp_tls_write_all(tls, Stream_Buffer(s), sz);
1251 Stream_Free(s, TRUE);
1252 return (status >= 0);
1255 static BOOL rdg_tls_connect(rdpRdg* rdg, rdpTls* tls,
const char* peerAddress, UINT32 timeout)
1258 BIO* layerBio = NULL;
1259 BIO* bufferedBio = NULL;
1261 rdpSettings* settings = rdg->context->settings;
1262 rdpTransport* transport = freerdp_get_transport(rdg->context);
1263 const char* peerHostname = settings->GatewayHostname;
1264 UINT16 peerPort = (UINT16)settings->GatewayPort;
1265 const char* proxyUsername = NULL;
1266 const char* proxyPassword = NULL;
1267 BOOL isProxyConnection =
1268 proxy_prepare(settings, &peerHostname, &peerPort, &proxyUsername, &proxyPassword);
1270 if (settings->GatewayPort > UINT16_MAX)
1273 layer = transport_connect_layer(transport, peerAddress ? peerAddress : peerHostname, peerPort,
1281 layerBio = BIO_new(BIO_s_transport_layer());
1284 transport_layer_free(layer);
1287 BIO_set_data(layerBio, layer);
1289 bufferedBio = BIO_new(BIO_s_buffered_socket());
1292 BIO_free_all(layerBio);
1296 bufferedBio = BIO_push(bufferedBio, layerBio);
1297 status = BIO_set_nonblock(bufferedBio, TRUE);
1299 if (isProxyConnection)
1301 if (!proxy_connect(rdg->context, bufferedBio, proxyUsername, proxyPassword,
1302 settings->GatewayHostname, (UINT16)settings->GatewayPort))
1304 BIO_free_all(bufferedBio);
1311 BIO_free_all(bufferedBio);
1315 tls->hostname = settings->GatewayHostname;
1316 tls->port = WINPR_ASSERTING_INT_CAST(int32_t, MIN(UINT16_MAX, settings->GatewayPort));
1317 tls->isGatewayTransport = TRUE;
1318 status = freerdp_tls_connect(tls, bufferedBio);
1321 rdpContext* context = rdg->context;
1324 freerdp_set_last_error_if_not(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
1328 freerdp_set_last_error_if_not(context, FREERDP_ERROR_CONNECT_CANCELLED);
1333 return (status >= 1);
1336 static BOOL rdg_establish_data_connection(rdpRdg* rdg, rdpTls* tls,
const char* method,
1337 const char* peerAddress, UINT32 timeout,
1340 char buffer[64] = { 0 };
1341 HttpResponse* response = NULL;
1343 if (!rdg_tls_connect(rdg, tls, peerAddress, timeout))
1346 WINPR_ASSERT(rpcFallback);
1347 if (rdg->context->settings->GatewayHttpExtAuthBearer && rdg->extAuth == HTTP_EXTENDED_AUTH_NONE)
1348 rdg->extAuth = HTTP_EXTENDED_AUTH_BEARER;
1349 if (rdg->extAuth == HTTP_EXTENDED_AUTH_NONE)
1351 if (!rdg_auth_init(rdg, tls, AUTH_PKG))
1354 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1357 response = http_response_recv(tls, TRUE);
1362 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1363 *rpcFallback = TRUE;
1367 const long StatusCode = http_response_get_status_code(response);
1371 case HTTP_STATUS_NOT_FOUND:
1373 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway does not support HTTP transport.");
1374 *rpcFallback = TRUE;
1376 http_response_free(response);
1379 case HTTP_STATUS_OK:
1382 http_response_log_error_status(rdg->log, WLOG_WARN, response);
1386 while (!credssp_auth_is_complete(rdg->auth))
1388 if (!rdg_recv_auth_token(rdg->log, rdg->auth, response))
1390 http_response_free(response);
1394 if (credssp_auth_have_output_token(rdg->auth))
1396 http_response_free(response);
1398 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1401 response = http_response_recv(tls, TRUE);
1404 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1405 *rpcFallback = TRUE;
1410 credssp_auth_free(rdg->auth);
1415 credssp_auth_free(rdg->auth);
1418 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingIdentity))
1421 response = http_response_recv(tls, TRUE);
1425 WLog_Print(rdg->log, WLOG_INFO,
"RD Gateway HTTP transport broken.");
1426 *rpcFallback = TRUE;
1431 const long statusCode = http_response_get_status_code(response);
1432 const size_t bodyLength = http_response_get_body_length(response);
1433 const TRANSFER_ENCODING encoding = http_response_get_transfer_encoding(response);
1434 const BOOL isWebsocket = http_response_is_websocket(rdg->http, response);
1436 WLog_Print(rdg->log, WLOG_DEBUG,
"%s authorization result: %s", method,
1437 freerdp_http_status_string_format(statusCode, buffer, ARRAYSIZE(buffer)));
1441 case HTTP_STATUS_OK:
1444 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1445 http_response_free(response);
1447 case HTTP_STATUS_DENIED:
1448 freerdp_set_last_error_log(rdg->context, FREERDP_ERROR_CONNECT_ACCESS_DENIED);
1449 http_response_free(response);
1451 case HTTP_STATUS_SWITCH_PROTOCOLS:
1452 http_response_free(response);
1459 if (http_context_is_websocket_upgrade_enabled(rdg->http))
1461 long fd = BIO_get_fd(tls->bio, NULL);
1463 closesocket((SOCKET)fd);
1464 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1465 return rdg_establish_data_connection(rdg, tls, method, peerAddress, timeout,
1471 rdg->transferEncoding.isWebsocketTransport = TRUE;
1472 if (!websocket_context_reset(rdg->transferEncoding.context.websocket))
1475 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
1479 if (!rdg_auth_init(rdg, tls, NTLM_SSP_NAME))
1484 http_response_log_error_status(rdg->log, WLOG_WARN, response);
1485 http_response_free(response);
1489 if (strcmp(method,
"RDG_OUT_DATA") == 0)
1491 if (encoding == TransferEncodingChunked)
1493 rdg->transferEncoding.httpTransferEncoding = TransferEncodingChunked;
1494 rdg->transferEncoding.context.chunked.nextOffset = 0;
1495 rdg->transferEncoding.context.chunked.headerFooterPos = 0;
1496 rdg->transferEncoding.context.chunked.state = ChunkStateLenghHeader;
1498 if (!rdg_skip_seed_payload(rdg->context, tls, bodyLength, &rdg->transferEncoding))
1505 if (!rdg_send_http_request(rdg, tls, method, TransferEncodingChunked))
1508 if (rdg->extAuth == HTTP_EXTENDED_AUTH_SSPI_NTLM)
1512 if (!rdg_auth_init(rdg, tls, NTLM_SSP_NAME))
1520 static BOOL rdg_tunnel_connect(rdpRdg* rdg)
1524 rdg_send_handshake(rdg);
1526 while (rdg->state < RDG_CLIENT_STATE_OPENED)
1529 s = rdg_receive_packet(rdg);
1533 status = rdg_process_packet(rdg, s);
1534 Stream_Free(s, TRUE);
1540 WINPR_ASSERT(rdg->context);
1541 WINPR_ASSERT(rdg->context->rdp);
1542 transport_set_layer(rdg->context->rdp->transport, TRANSPORT_LAYER_CLOSED);
1550 BOOL rdg_connect(rdpRdg* rdg, DWORD timeout, BOOL* rpcFallback)
1553 SOCKET outConnSocket = 0;
1554 char* peerAddress = NULL;
1555 BOOL rpcFallbackLocal = FALSE;
1557 WINPR_ASSERT(rdg != NULL);
1558 status = rdg_establish_data_connection(rdg, rdg->tlsOut,
"RDG_OUT_DATA", NULL, timeout,
1563 if (rdg->transferEncoding.isWebsocketTransport)
1565 WLog_Print(rdg->log, WLOG_DEBUG,
"Upgraded to websocket. RDG_IN_DATA not required");
1572 BIO_get_socket(rdg->tlsOut->underlying, &outConnSocket);
1573 peerAddress = freerdp_tcp_get_peer_address(outConnSocket);
1574 status = rdg_establish_data_connection(rdg, rdg->tlsIn,
"RDG_IN_DATA", peerAddress,
1575 timeout, &rpcFallbackLocal);
1581 *rpcFallback = rpcFallbackLocal;
1586 WINPR_ASSERT(rdg->context);
1587 WINPR_ASSERT(rdg->context->rdp);
1588 if (rpcFallbackLocal)
1590 http_context_enable_websocket_upgrade(rdg->http, FALSE);
1591 credssp_auth_free(rdg->auth);
1595 transport_set_layer(rdg->context->rdp->transport, TRANSPORT_LAYER_CLOSED);
1599 status = rdg_tunnel_connect(rdg);
1607 static int rdg_write_websocket_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1613 const size_t payloadSize = (size_t)isize + 10;
1621 websocket_context_packet_new(payloadSize, WebsocketBinaryOpcode, &maskingKey.u32);
1625 Stream_Write_UINT16(
1626 sWS, WINPR_ASSERTING_INT_CAST(
1627 uint16_t, PKT_TYPE_DATA ^ (maskingKey.u8[0] | maskingKey.u8[1] << 8)));
1628 Stream_Write_UINT16(
1629 sWS, WINPR_ASSERTING_INT_CAST(
1630 uint16_t, 0 ^ (maskingKey.u8[2] | maskingKey.u8[3] << 8)));
1631 Stream_Write_UINT32(
1632 sWS, WINPR_ASSERTING_INT_CAST(uint32_t, payloadSize ^ maskingKey.u32));
1633 Stream_Write_UINT16(
1634 sWS, WINPR_ASSERTING_INT_CAST(
1635 uint16_t, isize ^ (maskingKey.u8[0] | maskingKey.u8[1] << 8)));
1638 maskingKey.u32 = (maskingKey.u32 & 0xffff) << 16 | (maskingKey.u32 >> 16);
1640 WINPR_ASSERT(rdg->tlsOut);
1642 Stream_StaticConstInit(&sPacket, buf, (
size_t)isize);
1643 if (!websocket_context_mask_and_send(rdg->tlsOut->bio, sWS, &sPacket, maskingKey.u32))
1649 static int rdg_write_chunked_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1655 if (isize > UINT16_MAX)
1658 const size_t size = (size_t)isize;
1662 const size_t packetSize = size + 10;
1663 char chunkSize[11] = { 0 };
1664 (void)sprintf_s(chunkSize,
sizeof(chunkSize),
"%" PRIxz
"\r\n", packetSize);
1665 sChunk = Stream_New(NULL, strnlen(chunkSize,
sizeof(chunkSize)) + packetSize + 2);
1670 Stream_Write(sChunk, chunkSize, strnlen(chunkSize,
sizeof(chunkSize)));
1671 Stream_Write_UINT16(sChunk, PKT_TYPE_DATA);
1672 Stream_Write_UINT16(sChunk, 0);
1673 Stream_Write_UINT32(sChunk, (UINT32)packetSize);
1674 Stream_Write_UINT16(sChunk, (UINT16)size);
1675 Stream_Write(sChunk, buf, size);
1676 Stream_Write(sChunk,
"\r\n", 2);
1677 Stream_SealLength(sChunk);
1678 len = Stream_Length(sChunk);
1680 status = freerdp_tls_write_all(rdg->tlsIn, Stream_Buffer(sChunk), len);
1681 Stream_Free(sChunk, TRUE);
1689 static int rdg_write_data_packet(rdpRdg* rdg,
const BYTE* buf,
int isize)
1692 if (rdg->transferEncoding.isWebsocketTransport)
1693 return rdg_write_websocket_data_packet(rdg, buf, isize);
1695 return rdg_write_chunked_data_packet(rdg, buf, isize);
1698 static BOOL rdg_process_close_packet(rdpRdg* rdg,
wStream* s)
1702 UINT32 errorCode = 0;
1703 UINT32 packetSize = 12;
1706 if (!Stream_CheckAndLogRequiredLengthWLog(rdg->log, s, 4))
1708 Stream_Read_UINT32(s, errorCode);
1711 freerdp_set_last_error_log(rdg->context, errorCode);
1713 sClose = Stream_New(NULL, packetSize);
1717 Stream_Write_UINT16(sClose, PKT_TYPE_CLOSE_CHANNEL_RESPONSE);
1718 Stream_Write_UINT16(sClose, 0);
1719 Stream_Write_UINT32(sClose, packetSize);
1720 Stream_Write_UINT32(sClose, 0);
1721 Stream_SealLength(sClose);
1722 status = rdg_write_packet(rdg, sClose);
1723 Stream_Free(sClose, TRUE);
1725 return (status < 0 ? FALSE : TRUE);
1728 static BOOL rdg_process_keep_alive_packet(rdpRdg* rdg)
1732 size_t packetSize = 8;
1734 sKeepAlive = Stream_New(NULL, packetSize);
1739 Stream_Write_UINT16(sKeepAlive, PKT_TYPE_KEEPALIVE);
1740 Stream_Write_UINT16(sKeepAlive, 0);
1741 Stream_Write_UINT32(sKeepAlive, (UINT32)packetSize);
1742 Stream_SealLength(sKeepAlive);
1743 status = rdg_write_packet(rdg, sKeepAlive);
1744 Stream_Free(sKeepAlive, TRUE);
1746 return (status < 0 ? FALSE : TRUE);
1749 static BOOL rdg_process_service_message(rdpRdg* rdg,
wStream* s)
1751 const WCHAR* msg = NULL;
1752 UINT16 msgLenBytes = 0;
1753 rdpContext* context = rdg->context;
1754 WINPR_ASSERT(context);
1755 WINPR_ASSERT(context->instance);
1758 if (!rdg_read_http_unicode_string(rdg->log, s, &msg, &msgLenBytes))
1760 WLog_Print(rdg->log, WLOG_ERROR,
"Failed to read string");
1764 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1765 GATEWAY_MESSAGE_SERVICE, TRUE, FALSE, msgLenBytes, msg);
1768 static BOOL rdg_process_unknown_packet(rdpRdg* rdg,
int type)
1772 WLog_Print(rdg->log, WLOG_WARN,
"Unknown Control Packet received: %X", type);
1776 static BOOL rdg_process_control_packet(rdpRdg* rdg,
int type,
size_t packetLength)
1779 size_t readCount = 0;
1781 size_t payloadSize = packetLength -
sizeof(RdgPacketHeader);
1783 if (packetLength <
sizeof(RdgPacketHeader))
1787 WINPR_ASSERT(
sizeof(RdgPacketHeader) < INT_MAX);
1791 s = Stream_New(NULL, payloadSize);
1796 while (readCount < payloadSize)
1798 if (rdg_shall_abort(rdg))
1800 Stream_Free(s, TRUE);
1803 status = rdg_socket_read(rdg->tlsOut->bio, Stream_Pointer(s), payloadSize - readCount,
1804 &rdg->transferEncoding);
1808 if (!BIO_should_retry(rdg->tlsOut->bio))
1810 Stream_Free(s, TRUE);
1817 Stream_Seek(s, (
size_t)status);
1818 readCount += (size_t)status;
1820 if (readCount > INT_MAX)
1822 Stream_Free(s, TRUE);
1827 Stream_SetPosition(s, 0);
1832 case PKT_TYPE_CLOSE_CHANNEL:
1833 EnterCriticalSection(&rdg->writeSection);
1834 status = rdg_process_close_packet(rdg, s);
1835 LeaveCriticalSection(&rdg->writeSection);
1838 case PKT_TYPE_KEEPALIVE:
1839 EnterCriticalSection(&rdg->writeSection);
1840 status = rdg_process_keep_alive_packet(rdg);
1841 LeaveCriticalSection(&rdg->writeSection);
1844 case PKT_TYPE_SERVICE_MESSAGE:
1847 WLog_Print(rdg->log, WLOG_ERROR,
1848 "PKT_TYPE_SERVICE_MESSAGE requires payload but none was sent");
1851 status = rdg_process_service_message(rdg, s);
1854 case PKT_TYPE_REAUTH_MESSAGE:
1856 status = rdg_process_unknown_packet(rdg, type);
1860 Stream_Free(s, TRUE);
1864 static int rdg_read_data_packet(rdpRdg* rdg, BYTE* buffer,
size_t size)
1866 RdgPacketHeader header = { 0 };
1867 size_t readCount = 0;
1868 size_t readSize = 0;
1871 if (!rdg->packetRemainingCount)
1874 WINPR_ASSERT(
sizeof(RdgPacketHeader) < INT_MAX);
1876 while (readCount <
sizeof(RdgPacketHeader))
1878 if (rdg_shall_abort(rdg))
1881 status = rdg_socket_read(rdg->tlsOut->bio, (BYTE*)(&header) + readCount,
1882 sizeof(RdgPacketHeader) - readCount, &rdg->transferEncoding);
1886 if (!BIO_should_retry(rdg->tlsOut->bio))
1892 BIO_wait_read(rdg->tlsOut->bio, 50);
1896 readCount += (size_t)status;
1898 if (readCount > INT_MAX)
1902 if (header.type != PKT_TYPE_DATA)
1904 status = rdg_process_control_packet(rdg, header.type, header.packetLength);
1914 while (readCount < 2)
1916 if (rdg_shall_abort(rdg))
1919 rdg_socket_read(rdg->tlsOut->bio, (BYTE*)(&rdg->packetRemainingCount) + readCount,
1920 2 - readCount, &rdg->transferEncoding);
1924 if (!BIO_should_retry(rdg->tlsOut->bio))
1927 BIO_wait_read(rdg->tlsOut->bio, 50);
1931 readCount += (size_t)status;
1935 readSize = (rdg->packetRemainingCount < size) ? rdg->packetRemainingCount : size;
1936 status = rdg_socket_read(rdg->tlsOut->bio, buffer, readSize, &rdg->transferEncoding);
1940 if (!BIO_should_retry(rdg->tlsOut->bio))
1948 rdg->packetRemainingCount -= status;
1952 static int rdg_bio_write(BIO* bio,
const char* buf,
int num)
1955 rdpRdg* rdg = (rdpRdg*)BIO_get_data(bio);
1959 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
1960 EnterCriticalSection(&rdg->writeSection);
1961 status = rdg_write_data_packet(rdg, (
const BYTE*)buf, num);
1962 LeaveCriticalSection(&rdg->writeSection);
1966 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
1969 else if (status < num)
1971 BIO_set_flags(bio, BIO_FLAGS_WRITE);
1972 WSASetLastError(WSAEWOULDBLOCK);
1976 BIO_set_flags(bio, BIO_FLAGS_WRITE);
1982 static int rdg_bio_read(BIO* bio,
char* buf,
int size)
1985 rdpRdg* rdg = (rdpRdg*)BIO_get_data(bio);
1988 status = rdg_read_data_packet(rdg, (BYTE*)buf, (
size_t)size);
1992 BIO_clear_retry_flags(bio);
1995 else if (status == 0)
1997 BIO_set_retry_read(bio);
1998 WSASetLastError(WSAEWOULDBLOCK);
2003 BIO_set_flags(bio, BIO_FLAGS_READ);
2009 static int rdg_bio_puts(BIO* bio,
const char* str)
2017 static int rdg_bio_gets(BIO* bio,
char* str,
int size)
2025 static long rdg_bio_ctrl(BIO* in_bio,
int cmd,
long arg1,
void* arg2)
2028 rdpRdg* rdg = (rdpRdg*)BIO_get_data(in_bio);
2029 rdpTls* tlsOut = rdg->tlsOut;
2030 rdpTls* tlsIn = rdg->tlsIn;
2032 if (cmd == BIO_CTRL_FLUSH)
2034 (void)BIO_flush(tlsOut->bio);
2035 if (!rdg->transferEncoding.isWebsocketTransport)
2036 (void)BIO_flush(tlsIn->bio);
2039 else if (cmd == BIO_C_SET_NONBLOCK)
2043 else if (cmd == BIO_C_READ_BLOCKED)
2045 BIO* cbio = tlsOut->bio;
2046 status = BIO_read_blocked(cbio);
2048 else if (cmd == BIO_C_WRITE_BLOCKED)
2050 BIO* cbio = tlsIn->bio;
2052 if (rdg->transferEncoding.isWebsocketTransport)
2055 status = BIO_write_blocked(cbio);
2057 else if (cmd == BIO_C_WAIT_READ)
2059 int timeout = (int)arg1;
2060 BIO* cbio = tlsOut->bio;
2062 if (BIO_read_blocked(cbio))
2063 return BIO_wait_read(cbio, timeout);
2064 else if (BIO_write_blocked(cbio))
2065 return BIO_wait_write(cbio, timeout);
2069 else if (cmd == BIO_C_WAIT_WRITE)
2071 int timeout = (int)arg1;
2072 BIO* cbio = tlsIn->bio;
2074 if (rdg->transferEncoding.isWebsocketTransport)
2077 if (BIO_write_blocked(cbio))
2078 status = BIO_wait_write(cbio, timeout);
2079 else if (BIO_read_blocked(cbio))
2080 status = BIO_wait_read(cbio, timeout);
2084 else if (cmd == BIO_C_GET_EVENT || cmd == BIO_C_GET_FD)
2094 status = BIO_ctrl(tlsOut->bio, cmd, arg1, arg2);
2096 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
2097 else if (cmd == BIO_CTRL_GET_KTLS_SEND)
2105 else if (cmd == BIO_CTRL_GET_KTLS_RECV)
2116 static int rdg_bio_new(BIO* bio)
2118 BIO_set_init(bio, 1);
2119 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2123 static int rdg_bio_free(BIO* bio)
2129 static BIO_METHOD* BIO_s_rdg(
void)
2131 static BIO_METHOD* bio_methods = NULL;
2133 if (bio_methods == NULL)
2135 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG,
"RDGateway")))
2138 BIO_meth_set_write(bio_methods, rdg_bio_write);
2139 BIO_meth_set_read(bio_methods, rdg_bio_read);
2140 BIO_meth_set_puts(bio_methods, rdg_bio_puts);
2141 BIO_meth_set_gets(bio_methods, rdg_bio_gets);
2142 BIO_meth_set_ctrl(bio_methods, rdg_bio_ctrl);
2143 BIO_meth_set_create(bio_methods, rdg_bio_new);
2144 BIO_meth_set_destroy(bio_methods, rdg_bio_free);
2150 rdpRdg* rdg_new(rdpContext* context)
2155 rdpRdg* rdg = (rdpRdg*)calloc(1,
sizeof(rdpRdg));
2159 rdg->log = WLog_Get(TAG);
2160 rdg->state = RDG_CLIENT_STATE_INITIAL;
2161 rdg->context = context;
2163 (rdg->context->settings->GatewayHttpExtAuthSspiNtlm ? HTTP_EXTENDED_AUTH_SSPI_NTLM
2164 : HTTP_EXTENDED_AUTH_NONE);
2166 if (rdg->context->settings->GatewayAccessToken)
2167 rdg->extAuth = HTTP_EXTENDED_AUTH_PAA;
2169 UuidCreate(&rdg->guid);
2171 rdg->tlsOut = freerdp_tls_new(rdg->context);
2174 goto rdg_alloc_error;
2176 rdg->tlsIn = freerdp_tls_new(rdg->context);
2179 goto rdg_alloc_error;
2181 rdg->http = http_context_new();
2184 goto rdg_alloc_error;
2186 if (!http_context_set_uri(rdg->http,
"/remoteDesktopGateway/") ||
2187 !http_context_set_accept(rdg->http,
"*/*") ||
2188 !http_context_set_cache_control(rdg->http,
"no-cache") ||
2189 !http_context_set_pragma(rdg->http,
"no-cache") ||
2190 !http_context_set_connection(rdg->http,
"Keep-Alive") ||
2191 !http_context_set_user_agent(rdg->http,
"MS-RDGateway/1.0") ||
2192 !http_context_set_host(rdg->http, rdg->context->settings->GatewayHostname) ||
2193 !http_context_set_rdg_connection_id(rdg->http, &rdg->guid) ||
2194 !http_context_set_rdg_correlation_id(rdg->http, &rdg->guid) ||
2195 !http_context_enable_websocket_upgrade(
2199 goto rdg_alloc_error;
2202 if (rdg->extAuth != HTTP_EXTENDED_AUTH_NONE)
2204 switch (rdg->extAuth)
2206 case HTTP_EXTENDED_AUTH_PAA:
2207 if (!http_context_set_rdg_auth_scheme(rdg->http,
"PAA"))
2208 goto rdg_alloc_error;
2212 case HTTP_EXTENDED_AUTH_SSPI_NTLM:
2213 if (!http_context_set_rdg_auth_scheme(rdg->http,
"SSPI_NTLM"))
2214 goto rdg_alloc_error;
2219 WLog_Print(rdg->log, WLOG_DEBUG,
2220 "RDG extended authentication method %d not supported", rdg->extAuth);
2224 rdg->frontBio = BIO_new(BIO_s_rdg());
2227 goto rdg_alloc_error;
2229 BIO_set_data(rdg->frontBio, rdg);
2230 InitializeCriticalSection(&rdg->writeSection);
2232 rdg->transferEncoding.httpTransferEncoding = TransferEncodingIdentity;
2233 rdg->transferEncoding.isWebsocketTransport = FALSE;
2235 rdg->transferEncoding.context.websocket = websocket_context_new();
2236 if (!rdg->transferEncoding.context.websocket)
2237 goto rdg_alloc_error;
2241 WINPR_PRAGMA_DIAG_PUSH
2242 WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC
2244 WINPR_PRAGMA_DIAG_POP
2248 void rdg_free(rdpRdg* rdg)
2253 freerdp_tls_free(rdg->tlsOut);
2254 freerdp_tls_free(rdg->tlsIn);
2255 http_context_free(rdg->http);
2256 credssp_auth_free(rdg->auth);
2259 BIO_free_all(rdg->frontBio);
2261 DeleteCriticalSection(&rdg->writeSection);
2263 smartcardCertInfo_Free(rdg->smartcard);
2265 websocket_context_free(rdg->transferEncoding.context.websocket);
2270 BIO* rdg_get_front_bio_and_take_ownership(rdpRdg* rdg)
2275 rdg->attached = TRUE;
2276 return rdg->frontBio;
FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
FREERDP_API WCHAR * freerdp_settings_get_string_as_utf16(const rdpSettings *settings, FreeRDP_Settings_Keys_String id, size_t *pCharLen)
Return an allocated UTF16 string.
1.9.1