FreeRDP
Loading...
Searching...
No Matches
tsg.c
1
23#include <freerdp/config.h>
24
25#include "../settings.h"
26
27#include <winpr/assert.h>
28#include <winpr/crt.h>
29#include <winpr/error.h>
30#include <winpr/print.h>
31#include <winpr/stream.h>
32
33#include <freerdp/log.h>
34
35#include "rpc_bind.h"
36#include "rpc_client.h"
37#include "tsg.h"
38#include "../utils.h"
39#include "../../crypto/opensslcompat.h"
40
41#define TAG FREERDP_TAG("core.gateway.tsg")
42
43#define TSG_CAPABILITY_TYPE_NAP 0x00000001
44
45#define TSG_PACKET_TYPE_HEADER 0x00004844
46#define TSG_PACKET_TYPE_VERSIONCAPS 0x00005643
47#define TSG_PACKET_TYPE_QUARCONFIGREQUEST 0x00005143
48#define TSG_PACKET_TYPE_QUARREQUEST 0x00005152
49#define TSG_PACKET_TYPE_RESPONSE 0x00005052
50#define TSG_PACKET_TYPE_QUARENC_RESPONSE 0x00004552
51#define TSG_PACKET_TYPE_CAPS_RESPONSE 0x00004350
52#define TSG_PACKET_TYPE_MSGREQUEST_PACKET 0x00004752
53#define TSG_PACKET_TYPE_MESSAGE_PACKET 0x00004750
54#define TSG_PACKET_TYPE_AUTH 0x00004054
55#define TSG_PACKET_TYPE_REAUTH 0x00005250
56
57typedef WCHAR* RESOURCENAME;
58
59typedef struct
60{
61 RESOURCENAME* resourceName;
62 UINT32 numResourceNames;
63 RESOURCENAME* alternateResourceNames;
64 UINT16 numAlternateResourceNames;
65 UINT32 Port;
66} TSENDPOINTINFO;
67
68typedef struct
69{
70 UINT16 ComponentId;
71 UINT16 PacketId;
72} TSG_PACKET_HEADER;
73
74typedef struct
75{
76 UINT32 capabilities;
77} TSG_CAPABILITY_NAP;
78
79typedef union
80{
81 TSG_CAPABILITY_NAP tsgCapNap;
82} TSG_CAPABILITIES_UNION;
83
84typedef struct
85{
86 UINT32 capabilityType;
87 TSG_CAPABILITIES_UNION tsgPacket;
88} TSG_PACKET_CAPABILITIES;
89
90typedef struct
91{
92 TSG_PACKET_HEADER tsgHeader;
93 TSG_PACKET_CAPABILITIES tsgCaps;
94 UINT32 numCapabilities;
95 UINT16 majorVersion;
96 UINT16 minorVersion;
97 UINT16 quarantineCapabilities;
98} TSG_PACKET_VERSIONCAPS;
99
100typedef struct
101{
102 UINT32 flags;
103} TSG_PACKET_QUARCONFIGREQUEST;
104
105typedef struct
106{
107 UINT32 flags;
108 WCHAR* machineName;
109 UINT32 nameLength;
110 BYTE* data;
111 UINT32 dataLen;
112} TSG_PACKET_QUARREQUEST;
113
114typedef struct
115{
116 BOOL enableAllRedirections;
117 BOOL disableAllRedirections;
118 BOOL driveRedirectionDisabled;
119 BOOL printerRedirectionDisabled;
120 BOOL portRedirectionDisabled;
121 BOOL reserved;
122 BOOL clipboardRedirectionDisabled;
123 BOOL pnpRedirectionDisabled;
124} TSG_REDIRECTION_FLAGS;
125
126typedef struct
127{
128 UINT32 flags;
129 UINT32 reserved;
130 const BYTE* responseData;
131 UINT32 responseDataLen;
132 TSG_REDIRECTION_FLAGS redirectionFlags;
133} TSG_PACKET_RESPONSE;
134
135typedef struct
136{
137 UINT32 flags;
138 UINT32 certChainLen;
139 WCHAR* certChainData;
140 GUID nonce;
141 TSG_PACKET_VERSIONCAPS versionCaps;
142} TSG_PACKET_QUARENC_RESPONSE;
143
144typedef struct
145{
146 INT32 isDisplayMandatory;
147 INT32 isConsentMandatory;
148 UINT32 msgBytes;
149 WCHAR* msgBuffer;
150} TSG_PACKET_STRING_MESSAGE;
151
152typedef struct
153{
154 UINT64 tunnelContext;
155} TSG_PACKET_REAUTH_MESSAGE;
156
157typedef struct
158{
159 UINT32 msgID;
160 UINT32 msgType;
161 INT32 isMsgPresent;
162} TSG_PACKET_MSG_RESPONSE;
163
164typedef struct
165{
166 TSG_PACKET_QUARENC_RESPONSE pktQuarEncResponse;
167 TSG_PACKET_MSG_RESPONSE pktConsentMessage;
168} TSG_PACKET_CAPS_RESPONSE;
169
170typedef struct
171{
172 UINT32 maxMessagesPerBatch;
173} TSG_PACKET_MSG_REQUEST;
174
175typedef struct
176{
177 TSG_PACKET_VERSIONCAPS tsgVersionCaps;
178 UINT32 cookieLen;
179 BYTE* cookie;
180} TSG_PACKET_AUTH;
181
182typedef union
183{
184 TSG_PACKET_VERSIONCAPS packetVersionCaps;
185 TSG_PACKET_AUTH packetAuth;
186} TSG_INITIAL_PACKET_TYPE_UNION;
187
188typedef struct
189{
190 UINT64 tunnelContext;
191 UINT32 packetId;
192 TSG_INITIAL_PACKET_TYPE_UNION tsgInitialPacket;
193} TSG_PACKET_REAUTH;
194
195typedef union
196{
197 TSG_PACKET_HEADER packetHeader;
198 TSG_PACKET_VERSIONCAPS packetVersionCaps;
199 TSG_PACKET_QUARCONFIGREQUEST packetQuarConfigRequest;
200 TSG_PACKET_QUARREQUEST packetQuarRequest;
201 TSG_PACKET_RESPONSE packetResponse;
202 TSG_PACKET_QUARENC_RESPONSE packetQuarEncResponse;
203 TSG_PACKET_CAPS_RESPONSE packetCapsResponse;
204 TSG_PACKET_MSG_REQUEST packetMsgRequest;
205 TSG_PACKET_MSG_RESPONSE packetMsgResponse;
206 TSG_PACKET_AUTH packetAuth;
207 TSG_PACKET_REAUTH packetReauth;
208} TSG_PACKET_TYPE_UNION;
209
210typedef struct
211{
212 UINT32 packetId;
213 TSG_PACKET_TYPE_UNION tsgPacket;
214} TSG_PACKET;
215
216struct rdp_tsg
217{
218 BIO* bio;
219 rdpRpc* rpc;
220 UINT16 Port;
221 LPWSTR Hostname;
222 TSG_STATE state;
223 UINT32 TunnelId;
224 UINT32 ChannelId;
225 BOOL reauthSequence;
226 rdpTransport* transport;
227 UINT64 ReauthTunnelContext;
228 CONTEXT_HANDLE TunnelContext;
229 CONTEXT_HANDLE ChannelContext;
230 CONTEXT_HANDLE NewTunnelContext;
231 CONTEXT_HANDLE NewChannelContext;
232 wLog* log;
233 TSG_PACKET_QUARENC_RESPONSE CapsResponse;
234 TSG_PACKET_QUARREQUEST QuarreQuest;
235};
236
237static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
238 TSG_PACKET_STRING_MESSAGE* msg);
239static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align);
240
241static const char* tsg_packet_id_to_string(UINT32 packetId)
242{
243 switch (packetId)
244 {
245 case TSG_PACKET_TYPE_HEADER:
246 return "TSG_PACKET_TYPE_HEADER";
247 case TSG_PACKET_TYPE_VERSIONCAPS:
248 return "TSG_PACKET_TYPE_VERSIONCAPS";
249 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
250 return "TSG_PACKET_TYPE_QUARCONFIGREQUEST";
251 case TSG_PACKET_TYPE_QUARREQUEST:
252 return "TSG_PACKET_TYPE_QUARREQUEST";
253 case TSG_PACKET_TYPE_RESPONSE:
254 return "TSG_PACKET_TYPE_RESPONSE";
255 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
256 return "TSG_PACKET_TYPE_QUARENC_RESPONSE";
257 case TSG_CAPABILITY_TYPE_NAP:
258 return "TSG_CAPABILITY_TYPE_NAP";
259 case TSG_PACKET_TYPE_CAPS_RESPONSE:
260 return "TSG_PACKET_TYPE_CAPS_RESPONSE";
261 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
262 return "TSG_PACKET_TYPE_MSGREQUEST_PACKET";
263 case TSG_PACKET_TYPE_MESSAGE_PACKET:
264 return "TSG_PACKET_TYPE_MESSAGE_PACKET";
265 case TSG_PACKET_TYPE_AUTH:
266 return "TSG_PACKET_TYPE_AUTH";
267 case TSG_PACKET_TYPE_REAUTH:
268 return "TSG_PACKET_TYPE_REAUTH";
269 default:
270 return "UNKNOWN";
271 }
272}
273
274static const char* tsg_component_id_to_string(UINT16 ComponentId, char* buffer, size_t bytelen)
275{
276 const char* str = NULL;
277
278#define ENTRY(x) \
279 case x: \
280 str = #x; \
281 break
282 switch (ComponentId)
283 {
284 ENTRY(TS_GATEWAY_TRANSPORT);
285 default:
286 str = "TS_UNKNOWN";
287 break;
288 }
289#undef ENTRY
290
291 (void)_snprintf(buffer, bytelen, "%s [0x%04" PRIx16 "]", str, ComponentId);
292 return buffer;
293}
294
295static const char* tsg_state_to_string(TSG_STATE state)
296{
297 switch (state)
298 {
299 case TSG_STATE_INITIAL:
300 return "TSG_STATE_INITIAL";
301 case TSG_STATE_CONNECTED:
302 return "TSG_STATE_CONNECTED";
303 case TSG_STATE_AUTHORIZED:
304 return "TSG_STATE_AUTHORIZED";
305 case TSG_STATE_CHANNEL_CREATED:
306 return "TSG_STATE_CHANNEL_CREATED";
307 case TSG_STATE_PIPE_CREATED:
308 return "TSG_STATE_PIPE_CREATED";
309 case TSG_STATE_TUNNEL_CLOSE_PENDING:
310 return "TSG_STATE_TUNNEL_CLOSE_PENDING";
311 case TSG_STATE_CHANNEL_CLOSE_PENDING:
312 return "TSG_STATE_CHANNEL_CLOSE_PENDING";
313 case TSG_STATE_FINAL:
314 return "TSG_STATE_FINAL";
315 default:
316 return "TSG_STATE_UNKNOWN";
317 }
318}
319
320static BOOL TsProxyReadTunnelContext(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext)
321{
322 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 20))
323 return FALSE;
324
325 WINPR_ASSERT(tunnelContext);
326 Stream_Read_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
327 Stream_Read(s, &tunnelContext->ContextUuid,
328 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
329 return TRUE;
330}
331
332static BOOL TsProxyWriteTunnelContext(WINPR_ATTR_UNUSED wLog* log, wStream* s,
333 const CONTEXT_HANDLE* tunnelContext)
334{
335 if (!Stream_EnsureRemainingCapacity(s, 20))
336 return FALSE;
337
338 Stream_Write_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
339 Stream_Write(s, &tunnelContext->ContextUuid,
340 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
341 return TRUE;
342}
343
344static BOOL tsg_ndr_pointer_write(WINPR_ATTR_UNUSED wLog* log, wStream* s, UINT32* index,
345 DWORD length)
346{
347 WINPR_ASSERT(index);
348 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
349
350 if (!s)
351 return FALSE;
352 if (!Stream_EnsureRemainingCapacity(s, 4))
353 return FALSE;
354
355 if (length > 0)
356 {
357 Stream_Write_UINT32(s, ndrPtr); /* mszGroupsNdrPtr (4 bytes) */
358 (*index) = (*index) + 1;
359 }
360 else
361 Stream_Write_UINT32(s, 0);
362 return TRUE;
363}
364
365static BOOL tsg_ndr_pointer_read(wLog* log, wStream* s, UINT32* index, UINT32* ptrval,
366 BOOL required)
367{
368 WINPR_ASSERT(index);
369 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
370
371 if (!s)
372 return FALSE;
373 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
374 return FALSE;
375
376 const DWORD val = Stream_Get_UINT32(s);
377 if (ptrval)
378 *ptrval = val;
379
380 if (val != 0)
381 {
382 if (val != ndrPtr)
383 {
384 WLog_Print(log, WLOG_WARN, "Read NDR pointer 0x%04" PRIx32 " but expected 0x%04" PRIx32,
385 val, ndrPtr);
386 if ((val & 0xFFFF0000) != (ndrPtr & 0xFFFF0000))
387 return FALSE;
388 }
389 (*index)++;
390 }
391 else if (required)
392 {
393 WLog_Print(log, WLOG_ERROR, "NDR pointer == 0, but the field is required");
394 return FALSE;
395 }
396
397 return TRUE;
398}
399
400static BOOL tsg_ndr_write_conformant_array(WINPR_ATTR_UNUSED wLog* log, wStream* s,
401 const void* data, size_t length)
402{
403 const size_t pad = length % 4;
404 if ((length > UINT32_MAX) || !Stream_EnsureRemainingCapacity(s, 4ull + length))
405 return FALSE;
406
407 Stream_Write_UINT32(s, WINPR_ASSERTING_INT_CAST(uint32_t, length)); /* MaxCount (4 bytes) */
408 Stream_Write(s, data, length);
409 if (pad != 0)
410 Stream_Zero(s, 4 - pad);
411
412 return TRUE;
413}
414
415static BOOL tsg_ndr_write_string(WINPR_ATTR_UNUSED wLog* log, wStream* s, const WCHAR* str,
416 size_t length)
417{
418 const size_t pad = (length % 2) * sizeof(WCHAR);
419 if ((length > UINT32_MAX) ||
420 !Stream_EnsureRemainingCapacity(s, 12ull + length * sizeof(WCHAR) + pad))
421 return FALSE;
422
423 Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */
424 Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */
425 Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */
426 Stream_Write_UTF16_String(s, str, length); /* Array */
427 Stream_Zero(s, pad);
428 return TRUE;
429}
430
431static BOOL tsg_ndr_read_string(wLog* log, wStream* s, WCHAR** str, UINT32 lengthInBytes)
432{
433 UINT32 MaxCount = 0;
434 UINT32 Offset = 0;
435 UINT32 ActualCount = 0;
436
437 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
438 return FALSE;
439
440 Stream_Read_UINT32(s, MaxCount); /* MaxCount (4 bytes) */
441 Stream_Read_UINT32(s, Offset); /* Offset (4 bytes) */
442 Stream_Read_UINT32(s, ActualCount); /* ActualCount (4 bytes) */
443 if (ActualCount > MaxCount)
444 {
445 WLog_Print(log, WLOG_ERROR,
446 "failed to read string, ActualCount (%" PRIu32 ") > MaxCount (%" PRIu32 ")",
447 ActualCount, MaxCount);
448 return FALSE;
449 }
450 if (Offset != 0)
451 {
452 WLog_Print(log, WLOG_ERROR, "Unsupported Offset (%" PRIu32 "), expected 0", Offset);
453 return FALSE;
454 }
455 if (ActualCount > lengthInBytes / sizeof(WCHAR))
456 {
457 WLog_Print(log, WLOG_ERROR,
458 "failed to read string, ActualCount (%" PRIu32
459 ") * sizeof(WCHAR) > lengthInBytes (%" PRIu32 ")",
460 ActualCount, lengthInBytes);
461 return FALSE;
462 }
463 if (str)
464 *str = Stream_PointerAs(s, WCHAR);
465
466 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, ActualCount * sizeof(WCHAR)))
467 return FALSE;
468 Stream_Seek(s, ActualCount * sizeof(WCHAR));
469
470 const size_t pad = (ActualCount % 2);
471 return Stream_SafeSeek(s, pad * sizeof(WCHAR));
472}
473
474static BOOL tsg_ndr_read_packet_header(wLog* log, wStream* s, TSG_PACKET_HEADER* header)
475{
476 const UINT32 ComponentId = TS_GATEWAY_TRANSPORT;
477
478 WINPR_ASSERT(header);
479 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2, sizeof(UINT16)))
480 return FALSE;
481 Stream_Read_UINT16(s, header->ComponentId);
482 Stream_Read_UINT16(s, header->PacketId);
483
484 if (ComponentId != header->ComponentId)
485 {
486 char buffer[64] = { 0 };
487 char buffer2[64] = { 0 };
488 WLog_Print(log, WLOG_ERROR, "Unexpected ComponentId: %s, Expected %s",
489 tsg_component_id_to_string(header->ComponentId, buffer, sizeof(buffer)),
490 tsg_component_id_to_string(ComponentId, buffer2, sizeof(buffer2)));
491 return FALSE;
492 }
493
494 return TRUE;
495}
496
497static BOOL tsg_ndr_write_packet_header(WINPR_ATTR_UNUSED wLog* log, wStream* s,
498 const TSG_PACKET_HEADER* header)
499{
500 WINPR_ASSERT(header);
501 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT16)))
502 return FALSE;
503 Stream_Write_UINT16(s, header->ComponentId);
504 Stream_Write_UINT16(s, header->PacketId);
505 return TRUE;
506}
507
508static BOOL tsg_ndr_read_nap(wLog* log, wStream* s, TSG_CAPABILITY_NAP* nap)
509{
510 WINPR_ASSERT(nap);
511
512 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
513 return FALSE;
514 Stream_Read_UINT32(s, nap->capabilities);
515 return TRUE;
516}
517
518static BOOL tsg_ndr_write_nap(WINPR_ATTR_UNUSED wLog* log, wStream* s,
519 const TSG_CAPABILITY_NAP* nap)
520{
521 WINPR_ASSERT(nap);
522
523 if (!Stream_EnsureRemainingCapacity(s, 1 * sizeof(UINT32)))
524 return FALSE;
525 Stream_Write_UINT32(s, nap->capabilities);
526 return TRUE;
527}
528
529static BOOL tsg_ndr_read_tsg_caps(wLog* log, wStream* s, TSG_PACKET_CAPABILITIES* caps)
530{
531 UINT32 capabilityType = 0;
532 UINT32 count = 0;
533 WINPR_ASSERT(caps);
534
535 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 3, sizeof(UINT32)))
536 return FALSE;
537 Stream_Read_UINT32(s, count);
538 Stream_Read_UINT32(s, capabilityType);
539 Stream_Read_UINT32(s, caps->capabilityType);
540 if (capabilityType != caps->capabilityType)
541 {
542 WLog_Print(log, WLOG_ERROR,
543 "Inconsistent data, capabilityType 0x%08" PRIx32 " != 0x%08" PRIx32,
544 capabilityType, caps->capabilityType);
545 return FALSE;
546 }
547 switch (caps->capabilityType)
548 {
549 case TSG_CAPABILITY_TYPE_NAP:
550 if (count < 1)
551 {
552 WLog_Print(log, WLOG_ERROR, "Inconsistent data, capabilityType %s count=%" PRIu32,
553 tsg_packet_id_to_string(capabilityType), count);
554 return FALSE;
555 }
556 return tsg_ndr_read_nap(log, s, &caps->tsgPacket.tsgCapNap);
557 default:
558 WLog_Print(log, WLOG_ERROR,
559 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32
560 " [count=%" PRIu32 "]",
561 caps->capabilityType, count);
562 return FALSE;
563 }
564}
565
566static BOOL tsg_ndr_write_tsg_caps(wLog* log, wStream* s, const TSG_PACKET_CAPABILITIES* caps)
567{
568 WINPR_ASSERT(caps);
569
570 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT32)))
571 return FALSE;
572 Stream_Write_UINT32(s, caps->capabilityType);
573 Stream_Write_UINT32(s, caps->capabilityType);
574
575 switch (caps->capabilityType)
576 {
577 case TSG_CAPABILITY_TYPE_NAP:
578 return tsg_ndr_write_nap(log, s, &caps->tsgPacket.tsgCapNap);
579 default:
580 WLog_Print(log, WLOG_ERROR,
581 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32,
582 caps->capabilityType);
583 return FALSE;
584 }
585}
586
587static BOOL tsg_ndr_read_version_caps(wLog* log, wStream* s, UINT32* index,
588 TSG_PACKET_VERSIONCAPS* caps)
589{
590 WINPR_ASSERT(caps);
591 if (!tsg_ndr_read_packet_header(log, s, &caps->tsgHeader))
592 return FALSE;
593
594 UINT32 TSGCapsPtr = 0;
595 if (!tsg_ndr_pointer_read(log, s, index, &TSGCapsPtr, TRUE))
596 return FALSE;
597
598 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 10))
599 return FALSE;
600 Stream_Read_UINT32(s, caps->numCapabilities);
601 Stream_Read_UINT16(s, caps->majorVersion);
602 Stream_Read_UINT16(s, caps->minorVersion);
603 Stream_Read_UINT16(s, caps->quarantineCapabilities);
604 /* 4-byte alignment */
605 if (!tsg_stream_align(log, s, 4))
606 return FALSE;
607
608 if (caps->numCapabilities > 1)
609 {
610 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
611 caps->numCapabilities);
612 return FALSE;
613 }
614
615 return tsg_ndr_read_tsg_caps(log, s, &caps->tsgCaps);
616}
617
618static BOOL tsg_ndr_write_version_caps(wLog* log, wStream* s, UINT32* index,
619 const TSG_PACKET_VERSIONCAPS* caps)
620{
621 WINPR_ASSERT(caps);
622 if (!tsg_ndr_write_packet_header(log, s, &caps->tsgHeader))
623 return FALSE;
624
625 if (!tsg_ndr_pointer_write(log, s, index, 1)) /* TsgCapsPtr (4 bytes) */
626 return FALSE;
627
628 if (!Stream_EnsureRemainingCapacity(s, 10))
629 return FALSE;
630
631 if (caps->numCapabilities > 1)
632 {
633 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
634 caps->numCapabilities);
635 return FALSE;
636 }
637 Stream_Write_UINT32(s, caps->numCapabilities);
638 Stream_Write_UINT16(s, caps->majorVersion);
639 Stream_Write_UINT16(s, caps->minorVersion);
640 Stream_Write_UINT16(s, caps->quarantineCapabilities);
641
642 /* 4-byte alignment (30 + 2) */
643 Stream_Write_UINT16(s, 0x0000); /* pad (2 bytes) */
644 Stream_Write_UINT32(s, caps->numCapabilities); /* MaxCount (4 bytes) */
645 return tsg_ndr_write_tsg_caps(log, s, &caps->tsgCaps);
646}
647
648static BOOL tsg_ndr_read_quarenc_response(wLog* log, wStream* s, UINT32* index,
649 TSG_PACKET_QUARENC_RESPONSE* quarenc)
650{
651 WINPR_ASSERT(quarenc);
652 UINT32 CertChainDataPtr = 0;
653 UINT32 VersionCapsPtr = 0;
654
655 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
656 return FALSE;
657 Stream_Read_UINT32(s, quarenc->flags);
658 Stream_Read_UINT32(s, quarenc->certChainLen);
659
660 if (!tsg_ndr_pointer_read(log, s, index, &CertChainDataPtr, quarenc->certChainLen != 0))
661 return FALSE;
662
663 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(quarenc->nonce)))
664 return FALSE;
665 Stream_Read(s, &quarenc->nonce, sizeof(quarenc->nonce));
666
667 if (!tsg_ndr_pointer_read(log, s, index, &VersionCapsPtr, TRUE))
668 return FALSE;
669
670 return TRUE;
671}
672
673static BOOL tsg_ndr_read_quarenc_data(wLog* log, wStream* s, UINT32* index,
674 TSG_PACKET_QUARENC_RESPONSE* quarenc)
675{
676 WINPR_ASSERT(quarenc);
677
678 if (quarenc->certChainLen > 0)
679 {
680 /* [MS-TSGU] 2.2.9.2.1.6 TSG_PACKET_QUARENC_RESPONSE::certChainLen number of WCHAR */
681 if (!tsg_ndr_read_string(log, s, &quarenc->certChainData,
682 quarenc->certChainLen * sizeof(WCHAR)))
683 return FALSE;
684 /* 4-byte alignment */
685 if (!tsg_stream_align(log, s, 4))
686 return FALSE;
687 }
688
689 return tsg_ndr_read_version_caps(log, s, index, &quarenc->versionCaps);
690}
691
692static BOOL tsg_ndr_write_auth(wLog* log, wStream* s, UINT32* index, const TSG_PACKET_AUTH* auth)
693{
694 WINPR_ASSERT(auth);
695
696 if (!tsg_ndr_write_version_caps(log, s, index, &auth->tsgVersionCaps))
697 return FALSE;
698
699 if (!Stream_EnsureRemainingCapacity(s, 4))
700 return FALSE;
701
702 Stream_Write_UINT32(s, auth->cookieLen);
703 if (!tsg_ndr_pointer_write(log, s, index, auth->cookieLen))
704 return FALSE;
705
706 if (!Stream_EnsureRemainingCapacity(s, auth->cookieLen))
707 return FALSE;
708 Stream_Write(s, auth->cookie, auth->cookieLen);
709 return TRUE;
710}
711
712static BOOL tsg_ndr_write_reauth(wLog* log, wStream* s, UINT32* index,
713 const TSG_PACKET_REAUTH* auth)
714{
715 WINPR_ASSERT(auth);
716
717 if (!Stream_EnsureRemainingCapacity(s, 12))
718 return FALSE;
719
720 Stream_Write_UINT64(s, auth->tunnelContext); /* TunnelContext (8 bytes) */
721 Stream_Write_UINT32(s, auth->packetId); /* PacketId (4 bytes) */
722
723 switch (auth->packetId)
724 {
725 case TSG_PACKET_TYPE_VERSIONCAPS:
726 return tsg_ndr_write_version_caps(log, s, index,
727 &auth->tsgInitialPacket.packetVersionCaps);
728 case TSG_PACKET_TYPE_AUTH:
729 return tsg_ndr_write_auth(log, s, index, &auth->tsgInitialPacket.packetAuth);
730 default:
731 WLog_Print(log, WLOG_ERROR, "unexpected packetId %s",
732 tsg_packet_id_to_string(auth->packetId));
733 return FALSE;
734 }
735}
736
737static BOOL tsg_ndr_read_packet_redirection_flags(wLog* log, wStream* s,
738 TSG_REDIRECTION_FLAGS* redirectionFlags)
739{
740 WINPR_ASSERT(redirectionFlags);
741
742 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 8, sizeof(UINT32)))
743 return FALSE;
744
745 redirectionFlags->enableAllRedirections =
746 Stream_Get_INT32(s); /* EnableAllRedirections (4 bytes) */
747 redirectionFlags->disableAllRedirections =
748 Stream_Get_INT32(s); /* DisableAllRedirections (4 bytes) */
749 redirectionFlags->driveRedirectionDisabled =
750 Stream_Get_INT32(s); /* DriveRedirectionDisabled (4 bytes) */
751 redirectionFlags->printerRedirectionDisabled =
752 Stream_Get_INT32(s); /* PrinterRedirectionDisabled (4 bytes) */
753 redirectionFlags->portRedirectionDisabled =
754 Stream_Get_INT32(s); /* PortRedirectionDisabled (4 bytes) */
755 redirectionFlags->reserved = Stream_Get_INT32(s); /* Reserved (4 bytes) */
756 redirectionFlags->clipboardRedirectionDisabled =
757 Stream_Get_INT32(s); /* ClipboardRedirectionDisabled (4 bytes) */
758 redirectionFlags->pnpRedirectionDisabled =
759 Stream_Get_INT32(s); /* PnpRedirectionDisabled (4 bytes) */
760 return TRUE;
761}
762
763WINPR_ATTR_FORMAT_ARG(3, 4)
764static BOOL tsg_print(char** buffer, size_t* len, WINPR_FORMAT_ARG const char* fmt, ...)
765{
766 int rc = 0;
767 va_list ap = { 0 };
768 if (!buffer || !len || !fmt)
769 return FALSE;
770 va_start(ap, fmt);
771 rc = vsnprintf(*buffer, *len, fmt, ap);
772 va_end(ap);
773 if ((rc < 0) || ((size_t)rc > *len))
774 return FALSE;
775 *len -= (size_t)rc;
776 *buffer += (size_t)rc;
777 return TRUE;
778}
779
780static BOOL tsg_packet_header_to_string(char** buffer, size_t* length,
781 const TSG_PACKET_HEADER* header)
782{
783 WINPR_ASSERT(buffer);
784 WINPR_ASSERT(length);
785 WINPR_ASSERT(header);
786
787 return tsg_print(buffer, length,
788 "header { ComponentId=0x%04" PRIx16 ", PacketId=0x%04" PRIx16 " }",
789 header->ComponentId, header->PacketId);
790}
791
792static BOOL tsg_type_capability_nap_to_string(char** buffer, size_t* length,
793 const TSG_CAPABILITY_NAP* cur)
794{
795 WINPR_ASSERT(buffer);
796 WINPR_ASSERT(length);
797 WINPR_ASSERT(cur);
798
799 return tsg_print(buffer, length, "%s { capabilities=0x%08" PRIx32 " }",
800 tsg_packet_id_to_string(TSG_CAPABILITY_TYPE_NAP), cur->capabilities);
801}
802
803static BOOL tsg_packet_capabilities_to_string(char** buffer, size_t* length,
804 const TSG_PACKET_CAPABILITIES* caps, UINT32 numCaps)
805{
806 WINPR_ASSERT(buffer);
807 WINPR_ASSERT(length);
808 WINPR_ASSERT(caps);
809
810 if (!tsg_print(buffer, length, "capabilities { "))
811 return FALSE;
812
813 for (UINT32 x = 0; x < numCaps; x++)
814 {
815 const TSG_PACKET_CAPABILITIES* cur = &caps[x];
816 switch (cur->capabilityType)
817 {
818 case TSG_CAPABILITY_TYPE_NAP:
819 if (!tsg_type_capability_nap_to_string(buffer, length, &cur->tsgPacket.tsgCapNap))
820 return FALSE;
821 break;
822 default:
823 if (!tsg_print(buffer, length, "TSG_UNKNOWN_CAPABILITY"))
824 return FALSE;
825 break;
826 }
827 }
828 return tsg_print(buffer, length, " }");
829}
830
831static BOOL tsg_packet_versioncaps_to_string(char** buffer, size_t* length,
832 const TSG_PACKET_VERSIONCAPS* caps)
833{
834 WINPR_ASSERT(buffer);
835 WINPR_ASSERT(length);
836 WINPR_ASSERT(caps);
837
838 if (!tsg_print(buffer, length, "versioncaps { "))
839 return FALSE;
840 if (!tsg_packet_header_to_string(buffer, length, &caps->tsgHeader))
841 return FALSE;
842
843 if (!tsg_print(buffer, length, " "))
844 return FALSE;
845
846 if (caps->numCapabilities > 1)
847 {
848 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
849 caps->numCapabilities);
850 return FALSE;
851 }
852
853 if (!tsg_packet_capabilities_to_string(buffer, length, &caps->tsgCaps, caps->numCapabilities))
854 return FALSE;
855
856 if (!tsg_print(buffer, length,
857 " numCapabilities=0x%08" PRIx32 ", majorVersion=0x%04" PRIx16
858 ", minorVersion=0x%04" PRIx16 ", quarantineCapabilities=0x%04" PRIx16,
859 caps->numCapabilities, caps->majorVersion, caps->minorVersion,
860 caps->quarantineCapabilities))
861 return FALSE;
862
863 return tsg_print(buffer, length, " }");
864}
865
866static BOOL tsg_packet_quarconfigrequest_to_string(char** buffer, size_t* length,
867 const TSG_PACKET_QUARCONFIGREQUEST* caps)
868{
869 WINPR_ASSERT(buffer);
870 WINPR_ASSERT(length);
871 WINPR_ASSERT(caps);
872
873 if (!tsg_print(buffer, length, "quarconfigrequest { "))
874 return FALSE;
875
876 if (!tsg_print(buffer, length, " "))
877 return FALSE;
878
879 if (!tsg_print(buffer, length, " flags=0x%08" PRIx32, caps->flags))
880 return FALSE;
881
882 return tsg_print(buffer, length, " }");
883}
884
885static BOOL tsg_packet_quarrequest_to_string(char** buffer, size_t* length,
886 const TSG_PACKET_QUARREQUEST* caps)
887{
888 BOOL rc = FALSE;
889 char* name = NULL;
890 char* strdata = NULL;
891
892 WINPR_ASSERT(buffer);
893 WINPR_ASSERT(length);
894 WINPR_ASSERT(caps);
895
896 if (!tsg_print(buffer, length, "quarrequest { "))
897 return FALSE;
898
899 if (!tsg_print(buffer, length, " "))
900 return FALSE;
901
902 if (caps->nameLength > 0)
903 {
904 if (caps->nameLength > INT_MAX)
905 return FALSE;
906 name = ConvertWCharNToUtf8Alloc(caps->machineName, caps->nameLength, NULL);
907 if (!name)
908 return FALSE;
909 }
910
911 strdata = winpr_BinToHexString(caps->data, caps->dataLen, TRUE);
912 if (strdata || (caps->dataLen == 0))
913 rc = tsg_print(buffer, length,
914 " flags=0x%08" PRIx32 ", machineName=%s [%" PRIu32 "], data[%" PRIu32 "]=%s",
915 caps->flags, name, caps->nameLength, caps->dataLen, strdata);
916 free(name);
917 free(strdata);
918 if (!rc)
919 return FALSE;
920
921 return tsg_print(buffer, length, " }");
922}
923
924static const char* tsg_bool_to_string(BOOL val)
925{
926 if (val)
927 return "true";
928 return "false";
929}
930
931static const char* tsg_redirection_flags_to_string(char* buffer, size_t size,
932 const TSG_REDIRECTION_FLAGS* flags)
933{
934 WINPR_ASSERT(buffer || (size == 0));
935 WINPR_ASSERT(flags);
936
937 (void)_snprintf(
938 buffer, size,
939 "enableAllRedirections=%s, disableAllRedirections=%s, driveRedirectionDisabled=%s, "
940 "printerRedirectionDisabled=%s, portRedirectionDisabled=%s, reserved=%s, "
941 "clipboardRedirectionDisabled=%s, pnpRedirectionDisabled=%s",
942 tsg_bool_to_string(flags->enableAllRedirections),
943 tsg_bool_to_string(flags->disableAllRedirections),
944 tsg_bool_to_string(flags->driveRedirectionDisabled),
945 tsg_bool_to_string(flags->printerRedirectionDisabled),
946 tsg_bool_to_string(flags->portRedirectionDisabled), tsg_bool_to_string(flags->reserved),
947 tsg_bool_to_string(flags->clipboardRedirectionDisabled),
948 tsg_bool_to_string(flags->pnpRedirectionDisabled));
949 return buffer;
950}
951
952static BOOL tsg_packet_response_to_string(char** buffer, size_t* length,
953 const TSG_PACKET_RESPONSE* caps)
954{
955 BOOL rc = FALSE;
956 char* strdata = NULL;
957 char tbuffer[8192] = { 0 };
958
959 WINPR_ASSERT(buffer);
960 WINPR_ASSERT(length);
961 WINPR_ASSERT(caps);
962
963 if (!tsg_print(buffer, length, "response { "))
964 return FALSE;
965
966 if (!tsg_print(buffer, length, " "))
967 return FALSE;
968
969 strdata = winpr_BinToHexString(caps->responseData, caps->responseDataLen, TRUE);
970 if (strdata || (caps->responseDataLen == 0))
971 rc = tsg_print(
972 buffer, length,
973 " flags=0x%08" PRIx32 ", reserved=0x%08" PRIx32 ", responseData[%" PRIu32
974 "]=%s, redirectionFlags={ %s }",
975 caps->flags, caps->reserved, caps->responseDataLen, strdata,
976 tsg_redirection_flags_to_string(tbuffer, ARRAYSIZE(tbuffer), &caps->redirectionFlags));
977 free(strdata);
978 if (!rc)
979 return FALSE;
980
981 return tsg_print(buffer, length, " }");
982}
983
984static BOOL tsg_packet_quarenc_response_to_string(char** buffer, size_t* length,
985 const TSG_PACKET_QUARENC_RESPONSE* caps)
986{
987 BOOL rc = FALSE;
988 char* strdata = NULL;
989 RPC_CSTR uuid = NULL;
990 char tbuffer[8192] = { 0 };
991 size_t size = ARRAYSIZE(tbuffer);
992 char* ptbuffer = tbuffer;
993
994 WINPR_ASSERT(buffer);
995 WINPR_ASSERT(length);
996 WINPR_ASSERT(caps);
997
998 if (!tsg_print(buffer, length, "quarenc_response { "))
999 return FALSE;
1000
1001 if (!tsg_print(buffer, length, " "))
1002 return FALSE;
1003
1004 if (caps->certChainLen > 0)
1005 {
1006 if (caps->certChainLen > INT_MAX)
1007 return FALSE;
1008 strdata = ConvertWCharNToUtf8Alloc(caps->certChainData, caps->certChainLen, NULL);
1009 if (!strdata)
1010 return FALSE;
1011 }
1012
1013 tsg_packet_versioncaps_to_string(&ptbuffer, &size, &caps->versionCaps);
1014 UuidToStringA(&caps->nonce, &uuid);
1015 if (strdata || (caps->certChainLen == 0))
1016 rc =
1017 tsg_print(buffer, length,
1018 " flags=0x%08" PRIx32 ", certChain[%" PRIu32 "]=%s, nonce=%s, versionCaps=%s",
1019 caps->flags, caps->certChainLen, strdata, uuid, tbuffer);
1020 free(strdata);
1021 RpcStringFreeA(&uuid);
1022 if (!rc)
1023 return FALSE;
1024
1025 return tsg_print(buffer, length, " }");
1026}
1027
1028static BOOL tsg_packet_message_response_to_string(char** buffer, size_t* length,
1029 const TSG_PACKET_MSG_RESPONSE* caps)
1030{
1031 WINPR_ASSERT(buffer);
1032 WINPR_ASSERT(length);
1033 WINPR_ASSERT(caps);
1034
1035 if (!tsg_print(buffer, length, "msg_response { "))
1036 return FALSE;
1037
1038 if (!tsg_print(buffer, length,
1039 " msgID=0x%08" PRIx32 ", msgType=0x%08" PRIx32 ", isMsgPresent=%" PRId32,
1040 caps->msgID, caps->msgType, caps->isMsgPresent))
1041 return FALSE;
1042
1043 return tsg_print(buffer, length, " }");
1044}
1045
1046static BOOL tsg_packet_caps_response_to_string(char** buffer, size_t* length,
1047 const TSG_PACKET_CAPS_RESPONSE* caps)
1048{
1049 WINPR_ASSERT(buffer);
1050 WINPR_ASSERT(length);
1051 WINPR_ASSERT(caps);
1052
1053 if (!tsg_print(buffer, length, "caps_response { "))
1054 return FALSE;
1055
1056 if (!tsg_packet_quarenc_response_to_string(buffer, length, &caps->pktQuarEncResponse))
1057 return FALSE;
1058
1059 if (!tsg_packet_message_response_to_string(buffer, length, &caps->pktConsentMessage))
1060 return FALSE;
1061
1062 return tsg_print(buffer, length, " }");
1063}
1064
1065static BOOL tsg_packet_message_request_to_string(char** buffer, size_t* length,
1066 const TSG_PACKET_MSG_REQUEST* caps)
1067{
1068 WINPR_ASSERT(buffer);
1069 WINPR_ASSERT(length);
1070 WINPR_ASSERT(caps);
1071
1072 if (!tsg_print(buffer, length, "caps_message_request { "))
1073 return FALSE;
1074
1075 if (!tsg_print(buffer, length, " maxMessagesPerBatch=%" PRIu32, caps->maxMessagesPerBatch))
1076 return FALSE;
1077
1078 return tsg_print(buffer, length, " }");
1079}
1080
1081static BOOL tsg_packet_auth_to_string(char** buffer, size_t* length, const TSG_PACKET_AUTH* caps)
1082{
1083 BOOL rc = FALSE;
1084 char* strdata = NULL;
1085 WINPR_ASSERT(buffer);
1086 WINPR_ASSERT(length);
1087 WINPR_ASSERT(caps);
1088
1089 if (!tsg_print(buffer, length, "caps_message_request { "))
1090 return FALSE;
1091
1092 if (!tsg_packet_versioncaps_to_string(buffer, length, &caps->tsgVersionCaps))
1093 return FALSE;
1094
1095 strdata = winpr_BinToHexString(caps->cookie, caps->cookieLen, TRUE);
1096 if (strdata || (caps->cookieLen == 0))
1097 rc = tsg_print(buffer, length, " cookie[%" PRIu32 "]=%s", caps->cookieLen, strdata);
1098 free(strdata);
1099 if (!rc)
1100 return FALSE;
1101
1102 return tsg_print(buffer, length, " }");
1103}
1104
1105static BOOL tsg_packet_reauth_to_string(char** buffer, size_t* length,
1106 const TSG_PACKET_REAUTH* caps)
1107{
1108 BOOL rc = FALSE;
1109 WINPR_ASSERT(buffer);
1110 WINPR_ASSERT(length);
1111 WINPR_ASSERT(caps);
1112
1113 if (!tsg_print(buffer, length, "caps_message_request { "))
1114 return FALSE;
1115
1116 if (!tsg_print(buffer, length, " tunnelContext=0x%016" PRIx64 ", packetId=%s [0x%08" PRIx32 "]",
1117 caps->tunnelContext, tsg_packet_id_to_string(caps->packetId), caps->packetId))
1118 return FALSE;
1119
1120 switch (caps->packetId)
1121 {
1122 case TSG_PACKET_TYPE_VERSIONCAPS:
1123 rc = tsg_packet_versioncaps_to_string(buffer, length,
1124 &caps->tsgInitialPacket.packetVersionCaps);
1125 break;
1126 case TSG_PACKET_TYPE_AUTH:
1127 rc = tsg_packet_auth_to_string(buffer, length, &caps->tsgInitialPacket.packetAuth);
1128 break;
1129 default:
1130 rc = tsg_print(buffer, length, "TODO: Unhandled packet type %s [0x%08" PRIx32 "]",
1131 tsg_packet_id_to_string(caps->packetId), caps->packetId);
1132 break;
1133 }
1134
1135 if (!rc)
1136 return FALSE;
1137
1138 return tsg_print(buffer, length, " }");
1139}
1140
1141static const char* tsg_packet_to_string(const TSG_PACKET* packet)
1142{
1143 size_t len = 8192;
1144 static char sbuffer[8193] = { 0 };
1145 char* buffer = sbuffer;
1146
1147 if (!tsg_print(&buffer, &len, "TSG_PACKET { packetId=%s [0x%08" PRIx32 "], ",
1148 tsg_packet_id_to_string(packet->packetId), packet->packetId))
1149 goto fail;
1150
1151 switch (packet->packetId)
1152 {
1153 case TSG_PACKET_TYPE_HEADER:
1154 if (!tsg_packet_header_to_string(&buffer, &len, &packet->tsgPacket.packetHeader))
1155 goto fail;
1156 break;
1157 case TSG_PACKET_TYPE_VERSIONCAPS:
1158 if (!tsg_packet_versioncaps_to_string(&buffer, &len,
1159 &packet->tsgPacket.packetVersionCaps))
1160 goto fail;
1161 break;
1162 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
1163 if (!tsg_packet_quarconfigrequest_to_string(&buffer, &len,
1164 &packet->tsgPacket.packetQuarConfigRequest))
1165 goto fail;
1166 break;
1167 case TSG_PACKET_TYPE_QUARREQUEST:
1168 if (!tsg_packet_quarrequest_to_string(&buffer, &len,
1169 &packet->tsgPacket.packetQuarRequest))
1170 goto fail;
1171 break;
1172 case TSG_PACKET_TYPE_RESPONSE:
1173 if (!tsg_packet_response_to_string(&buffer, &len, &packet->tsgPacket.packetResponse))
1174 goto fail;
1175 break;
1176 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
1177 if (!tsg_packet_quarenc_response_to_string(&buffer, &len,
1178 &packet->tsgPacket.packetQuarEncResponse))
1179 goto fail;
1180 break;
1181 case TSG_PACKET_TYPE_CAPS_RESPONSE:
1182 if (!tsg_packet_caps_response_to_string(&buffer, &len,
1183 &packet->tsgPacket.packetCapsResponse))
1184 goto fail;
1185 break;
1186 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
1187 if (!tsg_packet_message_request_to_string(&buffer, &len,
1188 &packet->tsgPacket.packetMsgRequest))
1189 goto fail;
1190 break;
1191 case TSG_PACKET_TYPE_MESSAGE_PACKET:
1192 if (!tsg_packet_message_response_to_string(&buffer, &len,
1193 &packet->tsgPacket.packetMsgResponse))
1194 goto fail;
1195 break;
1196 case TSG_PACKET_TYPE_AUTH:
1197 if (!tsg_packet_auth_to_string(&buffer, &len, &packet->tsgPacket.packetAuth))
1198 goto fail;
1199 break;
1200 case TSG_PACKET_TYPE_REAUTH:
1201 if (!tsg_packet_reauth_to_string(&buffer, &len, &packet->tsgPacket.packetReauth))
1202 goto fail;
1203 break;
1204 default:
1205 if (!tsg_print(&buffer, &len, "INVALID"))
1206 goto fail;
1207 break;
1208 }
1209
1210 if (!tsg_print(&buffer, &len, " }"))
1211 goto fail;
1212
1213fail:
1214 return sbuffer;
1215}
1216
1217static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align)
1218{
1219 size_t pos = 0;
1220 size_t offset = 0;
1221
1222 if (!s)
1223 return FALSE;
1224
1225 pos = Stream_GetPosition(s);
1226
1227 if ((pos % align) != 0)
1228 offset = align - pos % align;
1229
1230 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, offset))
1231 return FALSE;
1232 Stream_Seek(s, offset);
1233 return TRUE;
1234}
1235
1236static BIO_METHOD* BIO_s_tsg(void);
1273static int TsProxySendToServer(handle_t IDL_handle, const byte pRpcMessage[], UINT32 count,
1274 const UINT32* lengths)
1275{
1276 wStream* s = NULL;
1277 rdpTsg* tsg = NULL;
1278 size_t length = 0;
1279 const byte* buffer1 = NULL;
1280 const byte* buffer2 = NULL;
1281 const byte* buffer3 = NULL;
1282 UINT32 buffer1Length = 0;
1283 UINT32 buffer2Length = 0;
1284 UINT32 buffer3Length = 0;
1285 UINT32 numBuffers = 0;
1286 UINT32 totalDataBytes = 0;
1287 tsg = (rdpTsg*)IDL_handle;
1288 buffer1Length = buffer2Length = buffer3Length = 0;
1289
1290 if (count > 0)
1291 {
1292 numBuffers++;
1293 buffer1 = &pRpcMessage[0];
1294 buffer1Length = lengths[0];
1295 totalDataBytes += lengths[0] + 4;
1296 }
1297
1298 if (count > 1)
1299 {
1300 numBuffers++;
1301 buffer2 = &pRpcMessage[1];
1302 buffer2Length = lengths[1];
1303 totalDataBytes += lengths[1] + 4;
1304 }
1305
1306 if (count > 2)
1307 {
1308 numBuffers++;
1309 buffer3 = &pRpcMessage[2];
1310 buffer3Length = lengths[2];
1311 totalDataBytes += lengths[2] + 4;
1312 }
1313
1314 length = 28ull + totalDataBytes;
1315 if (length > INT_MAX)
1316 return -1;
1317 s = Stream_New(NULL, length);
1318
1319 if (!s)
1320 {
1321 WLog_Print(tsg->log, WLOG_ERROR, "Stream_New failed!");
1322 return -1;
1323 }
1324
1325 /* PCHANNEL_CONTEXT_HANDLE_NOSERIALIZE_NR (20 bytes) */
1326 if (!TsProxyWriteTunnelContext(tsg->log, s, &tsg->ChannelContext))
1327 goto fail;
1328 Stream_Write_UINT32_BE(s, totalDataBytes); /* totalDataBytes (4 bytes) */
1329 Stream_Write_UINT32_BE(s, numBuffers); /* numBuffers (4 bytes) */
1330
1331 if (buffer1Length > 0)
1332 Stream_Write_UINT32_BE(s, buffer1Length); /* buffer1Length (4 bytes) */
1333
1334 if (buffer2Length > 0)
1335 Stream_Write_UINT32_BE(s, buffer2Length); /* buffer2Length (4 bytes) */
1336
1337 if (buffer3Length > 0)
1338 Stream_Write_UINT32_BE(s, buffer3Length); /* buffer3Length (4 bytes) */
1339
1340 if (buffer1Length > 0)
1341 Stream_Write(s, buffer1, buffer1Length); /* buffer1 (variable) */
1342
1343 if (buffer2Length > 0)
1344 Stream_Write(s, buffer2, buffer2Length); /* buffer2 (variable) */
1345
1346 if (buffer3Length > 0)
1347 Stream_Write(s, buffer3, buffer3Length); /* buffer3 (variable) */
1348
1349 if (!rpc_client_write_call(tsg->rpc, s, TsProxySendToServerOpnum))
1350 return -1;
1351
1352 return (int)length;
1353fail:
1354 Stream_Free(s, TRUE);
1355 return -1;
1356}
1357
1369static BOOL TsProxyCreateTunnelWriteRequest(rdpTsg* tsg, const TSG_PACKET* tsgPacket)
1370{
1371 BOOL rc = FALSE;
1372 BOOL write = TRUE;
1373 UINT16 opnum = 0;
1374 wStream* s = NULL;
1375 rdpRpc* rpc = NULL;
1376
1377 if (!tsg || !tsg->rpc)
1378 return FALSE;
1379
1380 rpc = tsg->rpc;
1381 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_to_string(tsgPacket));
1382 s = Stream_New(NULL, 108);
1383
1384 if (!s)
1385 return FALSE;
1386
1387 switch (tsgPacket->packetId)
1388 {
1389 case TSG_PACKET_TYPE_VERSIONCAPS:
1390 {
1391 UINT32 index = 0;
1392 const TSG_PACKET_VERSIONCAPS* packetVersionCaps =
1393 &tsgPacket->tsgPacket.packetVersionCaps;
1394
1395 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1396 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1397 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketVersionCapsPtr (4 bytes) */
1398 goto fail;
1399
1400 if (!tsg_ndr_write_version_caps(tsg->log, s, &index, packetVersionCaps))
1401 goto fail;
1406 /*
1407 * 8-byte constant (8A E3 13 71 02 F4 36 71) also observed here:
1408 * http://lists.samba.org/archive/cifs-protocol/2010-July/001543.html
1409 */
1410 Stream_Write_UINT8(s, 0x8A);
1411 Stream_Write_UINT8(s, 0xE3);
1412 Stream_Write_UINT8(s, 0x13);
1413 Stream_Write_UINT8(s, 0x71);
1414 Stream_Write_UINT8(s, 0x02);
1415 Stream_Write_UINT8(s, 0xF4);
1416 Stream_Write_UINT8(s, 0x36);
1417 Stream_Write_UINT8(s, 0x71);
1418 Stream_Write_UINT32(s, 0x00040001); /* 1.4 (version?) */
1419 Stream_Write_UINT32(s, 0x00000001); /* 1 (element count?) */
1420 /* p_cont_list_t */
1421 Stream_Write_UINT8(s, 2); /* ncontext_elem */
1422 Stream_Write_UINT8(s, 0x40); /* reserved1 */
1423 Stream_Write_UINT16(s, 0x0028); /* reserved2 */
1424 /* p_syntax_id_t */
1425 Stream_Write(s, &TSGU_UUID, sizeof(p_uuid_t));
1426 Stream_Write_UINT32(s, TSGU_SYNTAX_IF_VERSION);
1427 /* p_syntax_id_t */
1428 Stream_Write(s, &NDR_UUID, sizeof(p_uuid_t));
1429 Stream_Write_UINT32(s, NDR_SYNTAX_IF_VERSION);
1430 opnum = TsProxyCreateTunnelOpnum;
1431 }
1432 break;
1433
1434 case TSG_PACKET_TYPE_REAUTH:
1435 {
1436 const TSG_PACKET_REAUTH* packetReauth = &tsgPacket->tsgPacket.packetReauth;
1437 UINT32 index = 0;
1438 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1439 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1440 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketReauthPtr (4 bytes) */
1441 goto fail;
1442 if (!tsg_ndr_write_reauth(tsg->log, s, &index, packetReauth))
1443 goto fail;
1444 opnum = TsProxyCreateTunnelOpnum;
1445 }
1446 break;
1447
1448 default:
1449 WLog_Print(tsg->log, WLOG_WARN, "unexpected packetId %s",
1450 tsg_packet_id_to_string(tsgPacket->packetId));
1451 write = FALSE;
1452 break;
1453 }
1454
1455 rc = TRUE;
1456
1457 if (write)
1458 return rpc_client_write_call(rpc, s, opnum);
1459fail:
1460 Stream_Free(s, TRUE);
1461 return rc;
1462}
1463
1464static BOOL tsg_ndr_read_consent_message(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1465 BOOL isMessagePresent)
1466{
1467 TSG_PACKET_STRING_MESSAGE packetStringMessage = { 0 };
1468
1469 WINPR_ASSERT(context);
1470 WINPR_ASSERT(index);
1471
1472 if (!TsProxyReadPacketSTringMessage(log, s, index, &packetStringMessage))
1473 return FALSE;
1474
1475 if (context->instance && isMessagePresent)
1476 {
1477 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1478 TSG_ASYNC_MESSAGE_CONSENT_MESSAGE ? GATEWAY_MESSAGE_CONSENT
1479 : TSG_ASYNC_MESSAGE_SERVICE_MESSAGE,
1480 packetStringMessage.isDisplayMandatory != 0,
1481 packetStringMessage.isConsentMandatory != 0,
1482 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1483 }
1484
1485 return TRUE;
1486}
1487
1488static BOOL tsg_ndr_read_tunnel_context(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext,
1489 UINT32* tunnelId)
1490{
1491 if (!tsg_stream_align(log, s, 4))
1492 return FALSE;
1493
1494 /* TunnelContext (20 bytes) */
1495 if (!TsProxyReadTunnelContext(log, s, tunnelContext))
1496 return FALSE;
1497
1498 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1499 return FALSE;
1500
1501 WINPR_ASSERT(tunnelId);
1502 Stream_Read_UINT32(s, *tunnelId); /* TunnelId (4 bytes) */
1503
1504 INT32 ReturnValue = 0;
1505 Stream_Read_INT32(s, ReturnValue); /* ReturnValue (4 bytes) */
1506 if (ReturnValue != NO_ERROR)
1507 WLog_WARN(TAG, "ReturnValue=%s", NtStatus2Tag(ReturnValue));
1508 return TRUE;
1509}
1510
1511static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(wLog* log, wStream* s,
1512 TSG_PACKET_MSG_RESPONSE* pkt)
1513{
1514
1515 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 16))
1516 return FALSE;
1517
1518 Stream_Read_UINT32(s, pkt->msgID); /* MsgId (4 bytes) */
1519 Stream_Read_UINT32(s, pkt->msgType); /* MsgType (4 bytes) */
1520 Stream_Read_INT32(s, pkt->isMsgPresent); /* IsMsgPresent (4 bytes) */
1521 const uint32_t SwitchValue = Stream_Get_UINT32(s); /* SwitchValue (4 bytes) */
1522
1523 if (pkt->msgType != SwitchValue)
1524 {
1525 WLog_ERR(TAG,
1526 "[MS-TSGU] 2.2.9.2.1.9 TSG_PACKET_MSG_RESPONSE MsgType[0x%08" PRIx32
1527 "] != MessageSwitchValue [0x%08" PRIx32 "]",
1528 pkt->msgType, SwitchValue);
1529 return FALSE;
1530 }
1531
1532 return TRUE;
1533}
1534
1535static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(wLog* log, rdpContext* context, wStream* s,
1536 uint32_t* index, uint32_t MsgPtr,
1537 const TSG_PACKET_MSG_RESPONSE* pkg,
1538 uint64_t* reauthContext)
1539{
1540 WINPR_ASSERT(pkg);
1541
1542 if (MsgPtr == 0)
1543 {
1544 WLog_Print(log, WLOG_DEBUG,
1545 "Message {0x%08" PRIx32 "} [%s]::isMsgPresent=%" PRId32 ", MsgPtr=0x%08" PRIx32,
1546 pkg->msgType, tsg_packet_id_to_string(pkg->msgType), pkg->isMsgPresent, MsgPtr);
1547 return TRUE;
1548 }
1549
1550 switch (pkg->msgType)
1551 {
1552 case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
1553 case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
1554 return tsg_ndr_read_consent_message(log, context, s, index, pkg->isMsgPresent);
1555
1556 case TSG_ASYNC_MESSAGE_REAUTH:
1557 {
1558 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1559 return FALSE;
1560
1561 WINPR_ASSERT(reauthContext);
1562 const uint64_t val = Stream_Get_UINT64(s); /* TunnelContext (8 bytes) */
1563 if (pkg->isMsgPresent != 0)
1564 *reauthContext = val;
1565 return TRUE;
1566 }
1567
1568 default:
1569 WLog_Print(log, WLOG_ERROR, "Unexpected Message Type: 0x%" PRIx32 "", pkg->msgType);
1570 return FALSE;
1571 }
1572}
1573
1574static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1575 UINT32 PacketPtr, TSG_PACKET_CAPS_RESPONSE* caps,
1576 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId,
1577 uint64_t* reauthContext)
1578{
1579 UINT32 PacketQuarResponsePtr = 0;
1580
1581 WINPR_ASSERT(context);
1582 WINPR_ASSERT(index);
1583 WINPR_ASSERT(caps);
1584 WINPR_ASSERT(reauthContext);
1585
1586 if (!tsg_ndr_pointer_read(log, s, index, &PacketQuarResponsePtr, TRUE))
1587 goto fail;
1588
1589 if (!tsg_ndr_read_quarenc_response(log, s, index, &caps->pktQuarEncResponse))
1590 goto fail;
1591
1592 if (PacketPtr)
1593 {
1594 TSG_PACKET_MSG_RESPONSE pkg = { 0 };
1595 UINT32 MsgPtr = 0;
1596
1597 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(log, s, &pkg))
1598 goto fail;
1599
1600 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, TRUE))
1601 return FALSE;
1602
1603 if (!tsg_ndr_read_quarenc_data(log, s, index, &caps->pktQuarEncResponse))
1604 goto fail;
1605
1606 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(log, context, s, index, MsgPtr, &pkg,
1607 reauthContext))
1608 goto fail;
1609 }
1610
1611 return tsg_ndr_read_tunnel_context(log, s, tunnelContext, tunnelId);
1612fail:
1613 return FALSE;
1614}
1615
1616static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu,
1617 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId)
1618{
1619 BOOL rc = FALSE;
1620 UINT32 index = 0;
1621 TSG_PACKET packet = { 0 };
1622 UINT32 SwitchValue = 0;
1623 rdpContext* context = NULL;
1624 UINT32 PacketPtr = 0;
1625
1626 WINPR_ASSERT(tsg);
1627 WINPR_ASSERT(tsg->rpc);
1628 WINPR_ASSERT(tsg->rpc->transport);
1629
1630 context = transport_get_context(tsg->rpc->transport);
1631 WINPR_ASSERT(context);
1632
1633 if (!pdu)
1634 return FALSE;
1635
1636 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1637 goto fail;
1638
1639 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 8))
1640 goto fail;
1641 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1642 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1643
1644 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1645
1646 if ((packet.packetId == TSG_PACKET_TYPE_CAPS_RESPONSE) &&
1647 (SwitchValue == TSG_PACKET_TYPE_CAPS_RESPONSE))
1648 {
1649 if (!tsg_ndr_read_caps_response(tsg->log, context, pdu->s, &index, PacketPtr,
1650 &packet.tsgPacket.packetCapsResponse, tunnelContext,
1651 tunnelId, &tsg->ReauthTunnelContext))
1652 goto fail;
1653 tsg->CapsResponse = packet.tsgPacket.packetCapsResponse.pktQuarEncResponse;
1654 }
1655 else if ((packet.packetId == TSG_PACKET_TYPE_QUARENC_RESPONSE) &&
1656 (SwitchValue == TSG_PACKET_TYPE_QUARENC_RESPONSE))
1657 {
1658 UINT32 PacketQuarResponsePtr = 0;
1659
1660 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketQuarResponsePtr, TRUE))
1661 goto fail;
1662
1663 if (!tsg_ndr_read_quarenc_response(tsg->log, pdu->s, &index,
1664 &packet.tsgPacket.packetQuarEncResponse))
1665 goto fail;
1666
1667 if (!tsg_ndr_read_quarenc_data(tsg->log, pdu->s, &index,
1668 &packet.tsgPacket.packetQuarEncResponse))
1669 goto fail;
1670
1671 if (!tsg_ndr_read_tunnel_context(tsg->log, pdu->s, tunnelContext, tunnelId))
1672 goto fail;
1673
1674 tsg->CapsResponse = packet.tsgPacket.packetQuarEncResponse;
1675 }
1676 else
1677 {
1678 WLog_Print(tsg->log, WLOG_ERROR,
1679 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_CAPS_RESPONSE "
1680 "or TSG_PACKET_TYPE_QUARENC_RESPONSE",
1681 packet.packetId);
1682 goto fail;
1683 }
1684
1685 {
1686 const size_t rem = Stream_GetRemainingLength(pdu->s);
1687 if (rem != 0)
1688 {
1689 WLog_Print(tsg->log, WLOG_WARN, "Partially parsed %s, %" PRIuz " bytes remain",
1690 tsg_packet_id_to_string(packet.packetId), rem);
1691 }
1692 }
1693
1694 rc = TRUE;
1695fail:
1696 return rc;
1697}
1698
1710static BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
1711{
1712 if (!tsg || !tsg->rpc || !tunnelContext)
1713 return FALSE;
1714
1715 rdpRpc* rpc = tsg->rpc;
1716
1717 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyAuthorizeTunnelWriteRequest");
1718 wStream* s = Stream_New(NULL, 1024 + sizeof(WCHAR) * tsg->QuarreQuest.nameLength +
1719 tsg->QuarreQuest.dataLen);
1720
1721 if (!s)
1722 return FALSE;
1723
1724 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1725 {
1726 Stream_Free(s, TRUE);
1727 return FALSE;
1728 }
1729
1730 /* 4-byte alignment */
1731 UINT32 index = 0;
1732 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* PacketId (4 bytes) */
1733 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* SwitchValue (4 bytes) */
1734 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketQuarRequestPtr (4 bytes) */
1735 goto fail;
1736 Stream_Write_UINT32(s, tsg->QuarreQuest.flags); /* Flags (4 bytes) */
1737 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* MachineNamePtr (4 bytes) */
1738 goto fail;
1739 Stream_Write_UINT32(s, tsg->QuarreQuest.nameLength); /* NameLength (4 bytes) */
1740 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* DataPtr (4 bytes) */
1741 goto fail;
1742 Stream_Write_UINT32(s, tsg->QuarreQuest.dataLen); /* DataLength (4 bytes) */
1743 /* MachineName */
1744 if (!tsg_ndr_write_string(tsg->log, s, tsg->QuarreQuest.machineName,
1745 tsg->QuarreQuest.nameLength))
1746 goto fail;
1747 /* data */
1748 if (!tsg_ndr_write_conformant_array(tsg->log, s, tsg->QuarreQuest.data,
1749 tsg->QuarreQuest.dataLen))
1750 goto fail;
1751
1752 Stream_SealLength(s);
1753 return rpc_client_write_call(rpc, s, TsProxyAuthorizeTunnelOpnum);
1754fail:
1755 Stream_Free(s, TRUE);
1756 return FALSE;
1757}
1758
1759static UINT32 tsg_redir_to_flags(const TSG_REDIRECTION_FLAGS* redirect)
1760{
1761 UINT32 flags = 0;
1762 if (redirect->enableAllRedirections)
1763 flags |= HTTP_TUNNEL_REDIR_ENABLE_ALL;
1764 if (redirect->disableAllRedirections)
1765 flags |= HTTP_TUNNEL_REDIR_DISABLE_ALL;
1766
1767 if (redirect->driveRedirectionDisabled)
1768 flags |= HTTP_TUNNEL_REDIR_DISABLE_DRIVE;
1769 if (redirect->printerRedirectionDisabled)
1770 flags |= HTTP_TUNNEL_REDIR_DISABLE_PRINTER;
1771 if (redirect->portRedirectionDisabled)
1772 flags |= HTTP_TUNNEL_REDIR_DISABLE_PORT;
1773 if (redirect->clipboardRedirectionDisabled)
1774 flags |= HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD;
1775 if (redirect->pnpRedirectionDisabled)
1776 flags |= HTTP_TUNNEL_REDIR_DISABLE_PNP;
1777 return flags;
1778}
1779
1780static BOOL tsg_redirect_apply(rdpTsg* tsg, const TSG_REDIRECTION_FLAGS* redirect)
1781{
1782 WINPR_ASSERT(tsg);
1783 WINPR_ASSERT(redirect);
1784
1785 rdpTransport* transport = tsg->transport;
1786 WINPR_ASSERT(transport);
1787
1788 rdpContext* context = transport_get_context(transport);
1789 UINT32 redirFlags = tsg_redir_to_flags(redirect);
1790 return utils_apply_gateway_policy(tsg->log, context, redirFlags, "TSG");
1791}
1792
1793static BOOL tsg_ndr_read_timeout(wLog* log, wStream* s, size_t tlen)
1794{
1795 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
1796 return FALSE;
1797
1798 if (tlen < sizeof(UINT32))
1799 {
1800 WLog_Print(log, WLOG_ERROR, "[IDLE_TIMEOUT] array element length %" PRIuz ", expected 4",
1801 tlen);
1802 return FALSE;
1803 }
1804
1805 const UINT32 idleTimeout = Stream_Get_UINT32(s);
1806 WLog_Print(log, WLOG_DEBUG, "[IDLE_TIMEOUT] idleTimeout=%" PRIu32 ": TODO: unused",
1807 idleTimeout);
1808 return TRUE;
1809}
1810
1811static BOOL tsg_ndr_read_sohr(wLog* log, wStream* s, BOOL expected)
1812{
1813 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
1814 return FALSE;
1815
1816 const UINT32 len = Stream_Get_UINT32(s);
1817 if (!expected)
1818 {
1819 if (len != 0)
1820 {
1821 WLog_Print(log, WLOG_DEBUG, "[SOH] len=%" PRIu32 ": skipping", len);
1822 return FALSE;
1823 }
1824 return TRUE;
1825 }
1826 else if (len == 0)
1827 {
1828 WLog_Print(log, WLOG_WARN, "[SOH] len=%" PRIu32 ": expected length > 0", len);
1829 }
1830
1831 WLog_Print(log, WLOG_DEBUG, "[SOH] len=%" PRIu32 ": TODO: unused", len);
1832 if (!Stream_SafeSeek(s, len))
1833 return FALSE;
1834
1835 winpr_HexLogDump(log, WLOG_DEBUG, Stream_Pointer(s), len);
1836 return TRUE;
1837}
1838
1839static BOOL tsg_ndr_read_packet_response_data(rdpTsg* tsg, wStream* s,
1840 const TSG_PACKET_RESPONSE* response)
1841{
1842 WINPR_ASSERT(tsg);
1843
1844 if (!Stream_CheckAndLogRequiredCapacityOfSizeWLog(tsg->log, s, 1, 4))
1845 return FALSE;
1846
1847 const uint32_t arrayMaxLen = Stream_Get_UINT32(s);
1848 const size_t rem = Stream_GetRemainingLength(s);
1849 if (arrayMaxLen != response->responseDataLen)
1850 {
1851 WLog_Print(tsg->log, WLOG_ERROR,
1852 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1853 " != NDR array len %" PRIu32,
1854 response->responseDataLen, arrayMaxLen);
1855 }
1856 if (response->responseDataLen > 0)
1857 {
1858 if (!Stream_CheckAndLogRequiredCapacityOfSizeWLog(tsg->log, s, 1, 4))
1859 return FALSE;
1860
1861 if (tsg->CapsResponse.versionCaps.tsgCaps.capabilityType != TSG_CAPABILITY_TYPE_NAP)
1862 {
1863 WLog_Print(
1864 tsg->log, WLOG_ERROR,
1865 "2.2.9.2.1.5 TSG_PACKET_RESPONSE Negotiated Capabilities type is 0x%08" PRIx32
1866 ", expected TSG_CAPABILITY_TYPE_NAP[0x00000001]",
1867 tsg->CapsResponse.versionCaps.tsgCaps.capabilityType);
1868 return FALSE;
1869 }
1870 const UINT32 mask = (TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT);
1871 const UINT32 val =
1872 (tsg->CapsResponse.versionCaps.tsgCaps.tsgPacket.tsgCapNap.capabilities & mask);
1873 if ((val == mask) && (tsg->QuarreQuest.dataLen > 0))
1874 {
1875 if (!tsg_ndr_read_timeout(tsg->log, s, arrayMaxLen))
1876 return FALSE;
1877 if (!tsg_ndr_read_sohr(tsg->log, s, TRUE))
1878 return FALSE;
1879 }
1880 else if ((val == TSG_NAP_CAPABILITY_QUAR_SOH) && (tsg->QuarreQuest.dataLen > 0))
1881 {
1882 if (!tsg_ndr_read_sohr(tsg->log, s, TRUE))
1883 return FALSE;
1884 }
1885 else if ((val & TSG_NAP_CAPABILITY_IDLE_TIMEOUT) != 0)
1886 {
1887 if (!tsg_ndr_read_timeout(tsg->log, s, arrayMaxLen))
1888 return FALSE;
1889 if (!tsg_ndr_read_sohr(tsg->log, s, FALSE))
1890 return FALSE;
1891 }
1892 else
1893 {
1894 WLog_Print(
1895 tsg->log, WLOG_ERROR,
1896 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1897 ", but neither TSG_NAP_CAPABILITY_QUAR_SOH nor "
1898 "TSG_NAP_CAPABILITY_IDLE_TIMEOUT are set, so expecting 0 (actually got %" PRIuz ")",
1899 response->responseDataLen, rem);
1900 return FALSE;
1901 }
1902 }
1903 else if (rem > 0)
1904 {
1905 WLog_Print(tsg->log, WLOG_ERROR,
1906 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1907 ", but actually got %" PRIuz,
1908 response->responseDataLen, rem);
1909 return FALSE;
1910 }
1911
1912 {
1913 const size_t trem = Stream_GetRemainingLength(s);
1914 if (trem > 0)
1915 {
1916 WLog_Print(tsg->log, WLOG_WARN,
1917 "2.2.9.2.1.5 TSG_PACKET_RESPONSE %" PRIuz " unhandled bytes remain", trem);
1918 }
1919 }
1920 return TRUE;
1921}
1922
1923static BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
1924{
1925 BOOL rc = FALSE;
1926 UINT32 SwitchValue = 0;
1927 UINT32 index = 0;
1928 TSG_PACKET packet = { 0 };
1929 UINT32 PacketPtr = 0;
1930 UINT32 PacketResponseDataPtr = 0;
1931
1932 WINPR_ASSERT(tsg);
1933 WINPR_ASSERT(pdu);
1934
1935 wLog* log = tsg->log;
1936 WINPR_ASSERT(log);
1937
1938 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketPtr, TRUE))
1939 goto fail;
1940
1941 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
1942 goto fail;
1943 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1944 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1945
1946 WLog_Print(log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1947
1948 if (packet.packetId == E_PROXY_NAP_ACCESSDENIED)
1949 {
1950 WLog_Print(log, WLOG_ERROR, "status: E_PROXY_NAP_ACCESSDENIED (0x%08X)",
1951 E_PROXY_NAP_ACCESSDENIED);
1952 WLog_Print(log, WLOG_ERROR,
1953 "Ensure that the Gateway Connection Authorization Policy is correct");
1954 goto fail;
1955 }
1956
1957 if ((packet.packetId != TSG_PACKET_TYPE_RESPONSE) || (SwitchValue != TSG_PACKET_TYPE_RESPONSE))
1958 {
1959 WLog_Print(log, WLOG_ERROR,
1960 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_RESPONSE",
1961 packet.packetId);
1962 goto fail;
1963 }
1964
1965 if (!tsg_ndr_pointer_read(log, pdu->s, &index, NULL, TRUE))
1966 goto fail;
1967
1968 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
1969 goto fail;
1970
1971 packet.tsgPacket.packetResponse.flags = Stream_Get_UINT32(pdu->s);
1972 if (packet.tsgPacket.packetResponse.flags != TSG_PACKET_TYPE_QUARREQUEST)
1973 {
1974 WLog_Print(log, WLOG_ERROR,
1975 "Unexpected Packet Response flags: 0x%08" PRIX32
1976 ", Expected TSG_PACKET_TYPE_QUARREQUEST",
1977 packet.tsgPacket.packetResponse.flags);
1978 goto fail;
1979 }
1980
1981 packet.tsgPacket.packetResponse.reserved = Stream_Get_UINT32(pdu->s);
1982
1983 packet.tsgPacket.packetResponse.responseData = NULL;
1984 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketResponseDataPtr, FALSE))
1985 goto fail;
1986
1987 packet.tsgPacket.packetResponse.responseDataLen = Stream_Get_UINT32(pdu->s);
1988 if (packet.tsgPacket.packetResponse.responseDataLen > 24000)
1989 {
1990 WLog_Print(log, WLOG_ERROR,
1991 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen %" PRIu32 " > maximum(24000)",
1992 packet.tsgPacket.packetResponse.responseDataLen);
1993 goto fail;
1994 }
1995 if ((PacketResponseDataPtr == 0) && (packet.tsgPacket.packetResponse.responseDataLen != 0))
1996 {
1997 WLog_Print(log, WLOG_ERROR,
1998 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen %" PRIu32
1999 " but responseData = NULL",
2000 packet.tsgPacket.packetResponse.responseDataLen);
2001 goto fail;
2002 }
2003
2004 if (!tsg_ndr_read_packet_redirection_flags(log, pdu->s,
2005 &packet.tsgPacket.packetResponse.redirectionFlags))
2006 goto fail;
2007
2008 packet.tsgPacket.packetResponse.responseData = Stream_Pointer(pdu->s);
2009 if (!tsg_ndr_read_packet_response_data(tsg, pdu->s, &packet.tsgPacket.packetResponse))
2010 goto fail;
2011
2012 rc = tsg_redirect_apply(tsg, &packet.tsgPacket.packetResponse.redirectionFlags);
2013
2014fail:
2015 return rc;
2016}
2017
2029static BOOL TsProxyMakeTunnelCallWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext,
2030 UINT32 procId)
2031{
2032 wStream* s = NULL;
2033 rdpRpc* rpc = NULL;
2034
2035 if (!tsg || !tsg->rpc || !tunnelContext)
2036 return FALSE;
2037
2038 rpc = tsg->rpc;
2039 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyMakeTunnelCallWriteRequest");
2040 s = Stream_New(NULL, 40);
2041
2042 if (!s)
2043 return FALSE;
2044
2045 /* TunnelContext (20 bytes) */
2046 UINT32 index = 0;
2047 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2048 goto fail;
2049 Stream_Write_UINT32(s, procId); /* ProcId (4 bytes) */
2050 /* 4-byte alignment */
2051 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* PacketId (4 bytes) */
2052 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* SwitchValue (4 bytes) */
2053 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketMsgRequestPtr (4 bytes) */
2054 goto fail;
2055 Stream_Write_UINT32(s, 0x00000001); /* MaxMessagesPerBatch (4 bytes) */
2056 return rpc_client_write_call(rpc, s, TsProxyMakeTunnelCallOpnum);
2057fail:
2058 Stream_Free(s, TRUE);
2059 return FALSE;
2060}
2061
2062static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
2063 TSG_PACKET_STRING_MESSAGE* msg)
2064{
2065 UINT32 MsgPtr = 0;
2066
2067 WINPR_ASSERT(msg);
2068
2069 const TSG_PACKET_STRING_MESSAGE empty = { 0 };
2070 *msg = empty;
2071
2072 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
2073 return FALSE;
2074
2075 Stream_Read_INT32(s, msg->isDisplayMandatory); /* IsDisplayMandatory (4 bytes) */
2076 Stream_Read_INT32(s, msg->isConsentMandatory); /* IsConsentMandatory (4 bytes) */
2077 Stream_Read_UINT32(s, msg->msgBytes); /* MsgBytes (4 bytes) */
2078
2079 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, msg->msgBytes != 0))
2080 return FALSE;
2081
2082 if (msg->msgBytes > TSG_MESSAGING_MAX_MESSAGE_LENGTH)
2083 {
2084 WLog_Print(log, WLOG_ERROR, "Out of Spec Message Length %" PRIu32 "", msg->msgBytes);
2085 return FALSE;
2086 }
2087
2088 if (msg->msgBytes == 0)
2089 {
2090 WLog_Print(log, WLOG_DEBUG, "Empty message, skipping string read");
2091 return TRUE;
2092 }
2093
2094 return tsg_ndr_read_string(log, s, &msg->msgBuffer, msg->msgBytes);
2095}
2096
2097static BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
2098{
2099 BOOL rc = FALSE;
2100 UINT32 index = 0;
2101 TSG_PACKET packet = { 0 };
2102 rdpContext* context = NULL;
2103 TSG_PACKET_MSG_RESPONSE packetMsgResponse = { 0 };
2104 UINT32 PacketPtr = 0;
2105 UINT32 PacketMsgResponsePtr = 0;
2106
2107 WINPR_ASSERT(tsg);
2108 WINPR_ASSERT(tsg->rpc);
2109
2110 context = transport_get_context(tsg->rpc->transport);
2111 WINPR_ASSERT(context);
2112
2113 /* This is an asynchronous response */
2114
2115 if (!pdu)
2116 return FALSE;
2117
2118 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 28))
2119 goto fail;
2120
2121 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
2122 goto fail;
2123
2124 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
2125
2126 {
2127 const uint32_t SwitchValue = Stream_Get_UINT32(pdu->s); /* SwitchValue (4 bytes) */
2128 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
2129
2130 if ((packet.packetId != TSG_PACKET_TYPE_MESSAGE_PACKET) || (packet.packetId != SwitchValue))
2131 {
2132 WLog_Print(tsg->log, WLOG_ERROR,
2133 "Unexpected PacketId: 0x%08" PRIX32
2134 ", Expected TSG_PACKET_TYPE_MESSAGE_PACKET",
2135 packet.packetId);
2136 goto fail;
2137 }
2138 }
2139
2140 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketMsgResponsePtr, TRUE))
2141 goto fail;
2142
2143 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(tsg->log, pdu->s, &packetMsgResponse))
2144 goto fail;
2145
2146 {
2147 UINT32 MessagePtr = 0;
2148 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &MessagePtr, TRUE))
2149 goto fail;
2150
2151 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(tsg->log, context, pdu->s, &index, MessagePtr,
2152 &packetMsgResponse, &tsg->ReauthTunnelContext))
2153 goto fail;
2154 }
2155
2156 rc = TRUE;
2157fail:
2158 return rc;
2159}
2160
2172static BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
2173{
2174 WINPR_ASSERT(tsg);
2175 WINPR_ASSERT(tunnelContext);
2176
2177 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCreateChannelWriteRequest");
2178
2179 if (!tsg->rpc || !tsg->Hostname)
2180 return FALSE;
2181
2182 rdpRpc* rpc = tsg->rpc;
2183 const size_t count = _wcslen(tsg->Hostname) + 1;
2184 if (count > UINT32_MAX)
2185 return FALSE;
2186
2187 wStream* s = Stream_New(NULL, 60 + count * 2);
2188 if (!s)
2189 return FALSE;
2190
2191 /* TunnelContext (20 bytes) */
2192 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2193 goto fail;
2194
2195 /* TSENDPOINTINFO */
2196 {
2197 UINT32 index = 0;
2198 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2199 goto fail;
2200 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2201 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 0))
2202 goto fail;
2203 }
2204
2205 Stream_Write_UINT16(s, 0x0000); /* NumAlternateResourceNames (2 bytes) */
2206 Stream_Write_UINT16(s, 0x0000); /* Pad (2 bytes) */
2207 /* Port (4 bytes) */
2208 Stream_Write_UINT16(s, 0x0003); /* ProtocolId (RDP = 3) (2 bytes) */
2209 Stream_Write_UINT16(s, tsg->Port); /* PortNumber (0xD3D = 3389) (2 bytes) */
2210 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2211 {
2212 UINT32 index = 0;
2213 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2214 goto fail;
2215 }
2216 if (!tsg_ndr_write_string(tsg->log, s, tsg->Hostname, count))
2217 goto fail;
2218 return rpc_client_write_call(rpc, s, TsProxyCreateChannelOpnum);
2219
2220fail:
2221 Stream_Free(s, TRUE);
2222 return FALSE;
2223}
2224
2225static BOOL TsProxyCreateChannelReadResponse(wLog* log, const RPC_PDU* pdu,
2226 CONTEXT_HANDLE* channelContext, UINT32* channelId)
2227{
2228 BOOL rc = FALSE;
2229
2230 WINPR_ASSERT(log);
2231 WINPR_ASSERT(pdu);
2232 WINPR_ASSERT(channelId);
2233
2234 WLog_Print(log, WLOG_DEBUG, "TsProxyCreateChannelReadResponse");
2235
2236 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 28))
2237 goto fail;
2238
2239 /* ChannelContext (20 bytes) */
2240 if (!TsProxyReadTunnelContext(log, pdu->s, channelContext))
2241 goto fail;
2242 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, pdu->s, 2, sizeof(UINT32)))
2243 goto fail;
2244 Stream_Read_UINT32(pdu->s, *channelId); /* ChannelId (4 bytes) */
2245 Stream_Seek_UINT32(pdu->s); /* ReturnValue (4 bytes) */
2246 rc = TRUE;
2247fail:
2248 return rc;
2249}
2250
2257static BOOL TsProxyCloseChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* context)
2258{
2259 WINPR_ASSERT(tsg);
2260 WINPR_ASSERT(context);
2261
2262 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseChannelWriteRequest");
2263
2264 rdpRpc* rpc = tsg->rpc;
2265 WINPR_ASSERT(rpc);
2266
2267 wStream* s = Stream_New(NULL, 20);
2268
2269 if (!s)
2270 return FALSE;
2271
2272 /* ChannelContext (20 bytes) */
2273 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2274 goto fail;
2275 return rpc_client_write_call(rpc, s, TsProxyCloseChannelOpnum);
2276fail:
2277 Stream_Free(s, TRUE);
2278 return FALSE;
2279}
2280
2281static BOOL TsProxyCloseChannelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2282{
2283 BOOL rc = FALSE;
2284 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseChannelReadResponse");
2285
2286 if (!pdu)
2287 return FALSE;
2288
2289 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2290 goto fail;
2291
2292 /* ChannelContext (20 bytes) */
2293 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2294 goto fail;
2295
2296 {
2297 const size_t len = sizeof(UINT32);
2298 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2299 goto fail;
2300 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2301 rc = TRUE;
2302 }
2303fail:
2304 return rc;
2305}
2306
2313static BOOL TsProxyCloseTunnelWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* context)
2314{
2315 WINPR_ASSERT(tsg);
2316 WINPR_ASSERT(context);
2317
2318 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseTunnelWriteRequest");
2319
2320 rdpRpc* rpc = tsg->rpc;
2321 WINPR_ASSERT(rpc);
2322
2323 wStream* s = Stream_New(NULL, 20);
2324
2325 if (!s)
2326 return FALSE;
2327
2328 /* TunnelContext (20 bytes) */
2329 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2330 goto fail;
2331 return rpc_client_write_call(rpc, s, TsProxyCloseTunnelOpnum);
2332fail:
2333 Stream_Free(s, TRUE);
2334 return FALSE;
2335}
2336
2337static BOOL TsProxyCloseTunnelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2338{
2339 BOOL rc = FALSE;
2340
2341 WINPR_ASSERT(log);
2342 WINPR_ASSERT(pdu);
2343 WINPR_ASSERT(context);
2344
2345 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseTunnelReadResponse");
2346
2347 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2348 goto fail;
2349
2350 /* TunnelContext (20 bytes) */
2351 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2352 goto fail;
2353 {
2354 const size_t len = sizeof(UINT32);
2355 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2356 goto fail;
2357 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2358 rc = TRUE;
2359 }
2360fail:
2361 return rc;
2362}
2363
2372static BOOL TsProxySetupReceivePipeWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* channelContext)
2373{
2374 wStream* s = NULL;
2375 rdpRpc* rpc = NULL;
2376 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxySetupReceivePipeWriteRequest");
2377
2378 WINPR_ASSERT(tsg);
2379 WINPR_ASSERT(tsg->rpc);
2380
2381 if (!channelContext)
2382 return FALSE;
2383
2384 rpc = tsg->rpc;
2385 s = Stream_New(NULL, 20);
2386
2387 if (!s)
2388 return FALSE;
2389
2390 /* ChannelContext (20 bytes) */
2391 if (!TsProxyWriteTunnelContext(tsg->log, s, channelContext))
2392 goto fail;
2393 return rpc_client_write_call(rpc, s, TsProxySetupReceivePipeOpnum);
2394fail:
2395 Stream_Free(s, TRUE);
2396 return FALSE;
2397}
2398
2399static BOOL tsg_transition_to_state(rdpTsg* tsg, TSG_STATE state)
2400{
2401 WINPR_ASSERT(tsg);
2402 const char* oldState = tsg_state_to_string(tsg->state);
2403 const char* newState = tsg_state_to_string(state);
2404
2405 WLog_Print(tsg->log, WLOG_DEBUG, "%s -> %s", oldState, newState);
2406 return tsg_set_state(tsg, state);
2407}
2408
2409static BOOL tsg_initialize_version_caps(const rdpTsg* tsg,
2410 TSG_PACKET_VERSIONCAPS* packetVersionCaps)
2411{
2412 WINPR_ASSERT(tsg);
2413 WINPR_ASSERT(packetVersionCaps);
2414
2415 packetVersionCaps->tsgHeader.ComponentId = TS_GATEWAY_TRANSPORT;
2416 packetVersionCaps->tsgHeader.PacketId = TSG_PACKET_TYPE_VERSIONCAPS;
2417 packetVersionCaps->numCapabilities = 1;
2418 packetVersionCaps->majorVersion = 1;
2419 packetVersionCaps->minorVersion = 1;
2420 packetVersionCaps->quarantineCapabilities = 0;
2421 packetVersionCaps->tsgCaps.capabilityType = TSG_CAPABILITY_TYPE_NAP;
2422 /*
2423 * Using reduced capabilities appears to trigger
2424 * TSG_PACKET_TYPE_QUARENC_RESPONSE instead of TSG_PACKET_TYPE_CAPS_RESPONSE
2425 *
2426 * However, reduced capabilities may break connectivity with servers enforcing features,
2427 * such as "Only allow connections from Remote Desktop Services clients that support RD
2428 * Gateway messaging"
2429 */
2430
2431 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities =
2432 TSG_NAP_CAPABILITY_IDLE_TIMEOUT | TSG_MESSAGING_CAP_CONSENT_SIGN |
2433 TSG_MESSAGING_CAP_SERVICE_MSG | TSG_MESSAGING_CAP_REAUTH;
2434 if (tsg->QuarreQuest.dataLen > 0)
2435 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities |= TSG_NAP_CAPABILITY_QUAR_SOH;
2436
2437 return TRUE;
2438}
2439
2440static void resetCaps(rdpTsg* tsg)
2441{
2442 WINPR_ASSERT(tsg);
2443 const TSG_PACKET_QUARENC_RESPONSE empty = { 0 };
2444 tsg->CapsResponse = empty;
2445}
2446
2447BOOL tsg_proxy_begin(rdpTsg* tsg)
2448{
2449 TSG_PACKET tsgPacket = { 0 };
2450
2451 WINPR_ASSERT(tsg);
2452
2453 tsgPacket.packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2454 if (!tsg_initialize_version_caps(tsg, &tsgPacket.tsgPacket.packetVersionCaps) ||
2455 !TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2456 {
2457 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2458 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2459 return FALSE;
2460 }
2461
2462 resetCaps(tsg);
2463
2464 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2465}
2466
2467static BOOL tsg_proxy_reauth(rdpTsg* tsg)
2468{
2469 TSG_PACKET tsgPacket = { 0 };
2470
2471 WINPR_ASSERT(tsg);
2472
2473 tsg->reauthSequence = TRUE;
2474 TSG_PACKET_REAUTH* packetReauth = &tsgPacket.tsgPacket.packetReauth;
2475
2476 tsgPacket.packetId = TSG_PACKET_TYPE_REAUTH;
2477 packetReauth->tunnelContext = tsg->ReauthTunnelContext;
2478 packetReauth->packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2479
2480 if (!tsg_initialize_version_caps(tsg, &packetReauth->tsgInitialPacket.packetVersionCaps))
2481 return FALSE;
2482
2483 if (!TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2484 {
2485 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2486 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2487 return FALSE;
2488 }
2489
2490 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2491 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2492 {
2493 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2494 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2495 return FALSE;
2496 }
2497
2498 resetCaps(tsg);
2499 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2500}
2501
2502BOOL tsg_recv_pdu(rdpTsg* tsg, const RPC_PDU* pdu)
2503{
2504 BOOL rc = FALSE;
2505 RpcClientCall* call = NULL;
2506 rdpRpc* rpc = NULL;
2507
2508 WINPR_ASSERT(tsg);
2509 WINPR_ASSERT(pdu);
2510 WINPR_ASSERT(tsg->rpc);
2511
2512 rpc = tsg->rpc;
2513
2514 if (!(pdu->Flags & RPC_PDU_FLAG_STUB))
2515 {
2516 const size_t len = 24;
2517 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, len))
2518 return FALSE;
2519 Stream_Seek(pdu->s, len);
2520 }
2521
2522 const TSG_STATE oldState = tsg->state;
2523 switch (tsg->state)
2524 {
2525 case TSG_STATE_INITIAL:
2526 {
2527 CONTEXT_HANDLE* TunnelContext = NULL;
2528 TunnelContext = (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2529
2530 if (!TsProxyCreateTunnelReadResponse(tsg, pdu, TunnelContext, &tsg->TunnelId))
2531 {
2532 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnelReadResponse failure");
2533 return FALSE;
2534 }
2535
2536 if (!tsg_transition_to_state(tsg, TSG_STATE_CONNECTED))
2537 return FALSE;
2538
2539 if (!TsProxyAuthorizeTunnelWriteRequest(tsg, TunnelContext))
2540 {
2541 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnel failure");
2542 return FALSE;
2543 }
2544
2545 rc = TRUE;
2546 }
2547 break;
2548
2549 case TSG_STATE_CONNECTED:
2550 {
2551 CONTEXT_HANDLE* TunnelContext =
2552 (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2553
2554 if (!TsProxyAuthorizeTunnelReadResponse(tsg, pdu))
2555 {
2556 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnelReadResponse failure");
2557 return FALSE;
2558 }
2559
2560 if (!tsg_transition_to_state(tsg, TSG_STATE_AUTHORIZED))
2561 return FALSE;
2562
2563 if (!tsg->reauthSequence)
2564 {
2565 if (!TsProxyMakeTunnelCallWriteRequest(tsg, TunnelContext,
2566 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2567 {
2568 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2569 return FALSE;
2570 }
2571 }
2572
2573 if (!TsProxyCreateChannelWriteRequest(tsg, TunnelContext))
2574 {
2575 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannel failure");
2576 return FALSE;
2577 }
2578
2579 rc = TRUE;
2580 }
2581 break;
2582
2583 case TSG_STATE_AUTHORIZED:
2584 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2585
2586 if (!call)
2587 return FALSE;
2588
2589 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2590 {
2591 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2592 {
2593 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2594 return FALSE;
2595 }
2596
2597 rc = TRUE;
2598 }
2599 else if (call->OpNum == TsProxyCreateChannelOpnum)
2600 {
2601 CONTEXT_HANDLE ChannelContext;
2602
2603 if (!TsProxyCreateChannelReadResponse(tsg->log, pdu, &ChannelContext,
2604 &tsg->ChannelId))
2605 {
2606 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannelReadResponse failure");
2607 return FALSE;
2608 }
2609
2610 if (!tsg->reauthSequence)
2611 CopyMemory(&tsg->ChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2612 else
2613 CopyMemory(&tsg->NewChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2614
2615 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CREATED))
2616 return FALSE;
2617
2618 if (!tsg->reauthSequence)
2619 {
2620 if (!TsProxySetupReceivePipeWriteRequest(tsg, &tsg->ChannelContext))
2621 {
2622 WLog_Print(tsg->log, WLOG_ERROR, "TsProxySetupReceivePipe failure");
2623 return FALSE;
2624 }
2625 }
2626 else
2627 {
2628 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->NewChannelContext))
2629 {
2630 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2631 return FALSE;
2632 }
2633
2634 if (!TsProxyCloseTunnelWriteRequest(tsg, &tsg->NewTunnelContext))
2635 {
2636 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelWriteRequest failure");
2637 return FALSE;
2638 }
2639 }
2640
2641 rc = tsg_transition_to_state(tsg, TSG_STATE_PIPE_CREATED);
2642 tsg->reauthSequence = FALSE;
2643 }
2644 else
2645 {
2646 WLog_Print(tsg->log, WLOG_ERROR,
2647 "TSG_STATE_AUTHORIZED unexpected OpNum: %" PRIu32 "\n", call->OpNum);
2648 }
2649
2650 break;
2651
2652 case TSG_STATE_CHANNEL_CREATED:
2653 break;
2654
2655 case TSG_STATE_PIPE_CREATED:
2656 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2657
2658 if (!call)
2659 return FALSE;
2660
2661 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2662 {
2663 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2664 {
2665 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2666 return FALSE;
2667 }
2668
2669 rc = TRUE;
2670
2671 if (tsg->ReauthTunnelContext)
2672 rc = tsg_proxy_reauth(tsg);
2673 }
2674 else if (call->OpNum == TsProxyCloseChannelOpnum)
2675 {
2676 CONTEXT_HANDLE ChannelContext;
2677
2678 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2679 {
2680 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2681 return FALSE;
2682 }
2683
2684 rc = TRUE;
2685 }
2686 else if (call->OpNum == TsProxyCloseTunnelOpnum)
2687 {
2688 CONTEXT_HANDLE TunnelContext;
2689
2690 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2691 {
2692 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2693 return FALSE;
2694 }
2695
2696 rc = TRUE;
2697 }
2698
2699 break;
2700
2701 case TSG_STATE_TUNNEL_CLOSE_PENDING:
2702 {
2703 CONTEXT_HANDLE ChannelContext;
2704
2705 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2706 {
2707 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2708 return FALSE;
2709 }
2710
2711 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING))
2712 return FALSE;
2713
2714 if (!TsProxyCloseChannelWriteRequest(tsg, NULL))
2715 {
2716 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2717 return FALSE;
2718 }
2719
2720 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2721 TSG_TUNNEL_CANCEL_ASYNC_MSG_REQUEST))
2722 {
2723 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2724 return FALSE;
2725 }
2726
2727 rc = TRUE;
2728 }
2729 break;
2730
2731 case TSG_STATE_CHANNEL_CLOSE_PENDING:
2732 {
2733 CONTEXT_HANDLE TunnelContext;
2734
2735 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2736 {
2737 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2738 return FALSE;
2739 }
2740
2741 rc = tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2742 }
2743 break;
2744
2745 case TSG_STATE_FINAL:
2746 break;
2747 default:
2748 break;
2749 }
2750
2751 {
2752 const size_t rem = Stream_GetRemainingLength(pdu->s);
2753 if (rem > 0)
2754 {
2755 WLog_Print(tsg->log, WLOG_WARN, "[%s] unparsed bytes: %" PRIuz,
2756 tsg_state_to_string(oldState), rem);
2757 }
2758 }
2759 return rc;
2760}
2761
2762BOOL tsg_check_event_handles(rdpTsg* tsg)
2763{
2764 WINPR_ASSERT(tsg);
2765 if (rpc_client_in_channel_recv(tsg->rpc) < 0)
2766 return FALSE;
2767
2768 if (rpc_client_out_channel_recv(tsg->rpc) < 0)
2769 return FALSE;
2770
2771 return TRUE;
2772}
2773
2774DWORD tsg_get_event_handles(rdpTsg* tsg, HANDLE* events, DWORD count)
2775{
2776 UINT32 nCount = 0;
2777 rdpRpc* rpc = tsg->rpc;
2778 RpcVirtualConnection* connection = rpc->VirtualConnection;
2779
2780 if (events && (nCount < count))
2781 {
2782 events[nCount] = rpc->client->PipeEvent;
2783 nCount++;
2784 }
2785 else
2786 return 0;
2787
2788 if (connection->DefaultInChannel && connection->DefaultInChannel->common.tls)
2789 {
2790 if (events && (nCount < count))
2791 {
2792 BIO_get_event(connection->DefaultInChannel->common.tls->bio, &events[nCount]);
2793 nCount++;
2794 }
2795 else
2796 return 0;
2797 }
2798
2799 if (connection->NonDefaultInChannel && connection->NonDefaultInChannel->common.tls)
2800 {
2801 if (events && (nCount < count))
2802 {
2803 BIO_get_event(connection->NonDefaultInChannel->common.tls->bio, &events[nCount]);
2804 nCount++;
2805 }
2806 else
2807 return 0;
2808 }
2809
2810 if (connection->DefaultOutChannel && connection->DefaultOutChannel->common.tls)
2811 {
2812 if (events && (nCount < count))
2813 {
2814 BIO_get_event(connection->DefaultOutChannel->common.tls->bio, &events[nCount]);
2815 nCount++;
2816 }
2817 else
2818 return 0;
2819 }
2820
2821 if (connection->NonDefaultOutChannel && connection->NonDefaultOutChannel->common.tls)
2822 {
2823 if (events && (nCount < count))
2824 {
2825 BIO_get_event(connection->NonDefaultOutChannel->common.tls->bio, &events[nCount]);
2826 nCount++;
2827 }
2828 else
2829 return 0;
2830 }
2831
2832 return nCount;
2833}
2834
2835static BOOL tsg_set_hostname(rdpTsg* tsg, const char* hostname)
2836{
2837 WINPR_ASSERT(tsg);
2838 free(tsg->Hostname);
2839 tsg->Hostname = ConvertUtf8ToWCharAlloc(hostname, NULL);
2840 return tsg->Hostname != NULL;
2841}
2842
2843static BOOL tsg_set_machine_name(rdpTsg* tsg, const char* machineName)
2844{
2845 WINPR_ASSERT(tsg);
2846
2847 free(tsg->QuarreQuest.machineName);
2848 tsg->QuarreQuest.machineName = NULL;
2849 tsg->QuarreQuest.nameLength = 0;
2850 if (!machineName)
2851 return FALSE;
2852
2853 size_t size = 0;
2854 tsg->QuarreQuest.machineName = ConvertUtf8ToWCharAlloc(machineName, &size);
2855 tsg->QuarreQuest.nameLength = WINPR_ASSERTING_INT_CAST(uint32_t, size + 1ull);
2856 return tsg->QuarreQuest.machineName && (size > 0);
2857}
2858
2859BOOL tsg_connect(rdpTsg* tsg, const char* hostname, UINT16 port, DWORD timeout)
2860{
2861 UINT64 looptimeout = timeout * 1000ULL;
2862 DWORD nCount = 0;
2863 HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 };
2864
2865 WINPR_ASSERT(tsg);
2866
2867 rdpRpc* rpc = tsg->rpc;
2868 WINPR_ASSERT(rpc);
2869
2870 rdpTransport* transport = rpc->transport;
2871 rdpContext* context = transport_get_context(transport);
2872 WINPR_ASSERT(context);
2873
2874 rdpSettings* settings = context->settings;
2875
2876 freerdp_set_last_error(context, ERROR_SUCCESS);
2877
2878 tsg->Port = port;
2879 tsg->transport = transport;
2880
2881 if (!settings->GatewayPort)
2882 settings->GatewayPort = 443;
2883
2884 if (!tsg_set_hostname(tsg, hostname))
2885 return FALSE;
2886
2887 if (!tsg_set_machine_name(tsg, settings->ComputerName))
2888 return FALSE;
2889
2890 if (!rpc_connect(rpc, timeout))
2891 {
2892 WLog_Print(tsg->log, WLOG_ERROR, "rpc_connect error!");
2893 return FALSE;
2894 }
2895
2896 nCount = tsg_get_event_handles(tsg, events, ARRAYSIZE(events));
2897
2898 if (nCount == 0)
2899 return FALSE;
2900
2901 while (tsg->state != TSG_STATE_PIPE_CREATED)
2902 {
2903 const DWORD polltimeout = 250;
2904 DWORD status = WaitForMultipleObjects(nCount, events, FALSE, polltimeout);
2905 if (status == WAIT_TIMEOUT)
2906 {
2907 if (timeout > 0)
2908 {
2909 if (looptimeout < polltimeout)
2910 return FALSE;
2911 looptimeout -= polltimeout;
2912 }
2913 }
2914 else
2915 looptimeout = timeout * 1000ULL;
2916
2917 if (!tsg_check_event_handles(tsg))
2918 {
2919 WLog_Print(tsg->log, WLOG_ERROR, "tsg_check failure");
2920 transport_set_layer(transport, TRANSPORT_LAYER_CLOSED);
2921 return FALSE;
2922 }
2923 }
2924
2925 WLog_Print(tsg->log, WLOG_INFO, "TS Gateway Connection Success");
2926 tsg->bio = BIO_new(BIO_s_tsg());
2927
2928 if (!tsg->bio)
2929 return FALSE;
2930
2931 BIO_set_data(tsg->bio, (void*)tsg);
2932 return TRUE;
2933}
2934
2935BOOL tsg_disconnect(rdpTsg* tsg)
2936{
2956 if (!tsg)
2957 return FALSE;
2958
2959 if (tsg->state != TSG_STATE_TUNNEL_CLOSE_PENDING)
2960 {
2961 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->ChannelContext))
2962 return FALSE;
2963
2964 return tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING);
2965 }
2966
2967 return TRUE;
2968}
2969
2981static int tsg_read(rdpTsg* tsg, BYTE* data, size_t length)
2982{
2983 rdpRpc* rpc = NULL;
2984 int status = 0;
2985
2986 if (!tsg || !data)
2987 return -1;
2988
2989 rpc = tsg->rpc;
2990
2991 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
2992 {
2993 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
2994 return -1;
2995 }
2996
2997 do
2998 {
2999 status = rpc_client_receive_pipe_read(rpc->client, data, length);
3000
3001 if (status < 0)
3002 return -1;
3003
3004 if (!status && !transport_get_blocking(rpc->transport))
3005 return 0;
3006
3007 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
3008 {
3009 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
3010 return -1;
3011 }
3012
3013 if (status > 0)
3014 break;
3015
3016 if (transport_get_blocking(rpc->transport))
3017 {
3018 while (WaitForSingleObject(rpc->client->PipeEvent, 0) != WAIT_OBJECT_0)
3019 {
3020 if (!tsg_check_event_handles(tsg))
3021 return -1;
3022
3023 (void)WaitForSingleObject(rpc->client->PipeEvent, 100);
3024 }
3025 }
3026 } while (transport_get_blocking(rpc->transport));
3027
3028 return status;
3029}
3030
3031static int tsg_write(rdpTsg* tsg, const BYTE* data, UINT32 length)
3032{
3033 int status = 0;
3034
3035 if (!tsg || !data || !tsg->rpc || !tsg->rpc->transport)
3036 return -1;
3037
3038 if (transport_get_layer(tsg->rpc->transport) == TRANSPORT_LAYER_CLOSED)
3039 {
3040 WLog_Print(tsg->log, WLOG_ERROR, "error, connection lost");
3041 return -1;
3042 }
3043
3044 status = TsProxySendToServer((handle_t)tsg, data, 1, &length);
3045
3046 if (status < 0)
3047 return -1;
3048
3049 return (int)length;
3050}
3051
3052rdpTsg* tsg_new(rdpTransport* transport)
3053{
3054 rdpTsg* tsg = (rdpTsg*)calloc(1, sizeof(rdpTsg));
3055
3056 if (!tsg)
3057 return NULL;
3058 tsg->log = WLog_Get(TAG);
3059 tsg->transport = transport;
3060 tsg->rpc = rpc_new(tsg->transport);
3061
3062 if (!tsg->rpc)
3063 goto out_free;
3064
3065 return tsg;
3066out_free:
3067 free(tsg);
3068 return NULL;
3069}
3070
3071void tsg_free(rdpTsg* tsg)
3072{
3073 if (tsg)
3074 {
3075 rpc_free(tsg->rpc);
3076 free(tsg->Hostname);
3077 free(tsg->QuarreQuest.machineName);
3078 free(tsg->QuarreQuest.data);
3079 free(tsg);
3080 }
3081}
3082
3083static int transport_bio_tsg_write(BIO* bio, const char* buf, int num)
3084{
3085 int status = 0;
3086 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3087 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
3088
3089 if (num < 0)
3090 return -1;
3091 status = tsg_write(tsg, (const BYTE*)buf, (UINT32)num);
3092
3093 if (status < 0)
3094 {
3095 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3096 return -1;
3097 }
3098 else if (status == 0)
3099 {
3100 BIO_set_flags(bio, BIO_FLAGS_WRITE);
3101 WSASetLastError(WSAEWOULDBLOCK);
3102 }
3103 else
3104 {
3105 BIO_set_flags(bio, BIO_FLAGS_WRITE);
3106 }
3107
3108 return status >= 0 ? status : -1;
3109}
3110
3111static int transport_bio_tsg_read(BIO* bio, char* buf, int size)
3112{
3113 int status = 0;
3114 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3115
3116 if (!tsg || (size < 0))
3117 {
3118 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3119 return -1;
3120 }
3121
3122 BIO_clear_flags(bio, BIO_FLAGS_READ);
3123 status = tsg_read(tsg, (BYTE*)buf, (size_t)size);
3124
3125 if (status < 0)
3126 {
3127 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3128 return -1;
3129 }
3130 else if (status == 0)
3131 {
3132 BIO_set_flags(bio, BIO_FLAGS_READ);
3133 WSASetLastError(WSAEWOULDBLOCK);
3134 }
3135 else
3136 {
3137 BIO_set_flags(bio, BIO_FLAGS_READ);
3138 }
3139
3140 return status > 0 ? status : -1;
3141}
3142
3143static int transport_bio_tsg_puts(BIO* bio, const char* str)
3144{
3145 WINPR_UNUSED(bio);
3146 WINPR_UNUSED(str);
3147 return -2;
3148}
3149
3150// NOLINTNEXTLINE(readability-non-const-parameter)
3151static int transport_bio_tsg_gets(BIO* bio, char* str, int size)
3152{
3153 WINPR_UNUSED(bio);
3154 WINPR_UNUSED(str);
3155 WINPR_UNUSED(size);
3156 return 1;
3157}
3158
3159static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
3160{
3161 long status = -1;
3162 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3163 RpcVirtualConnection* connection = tsg->rpc->VirtualConnection;
3164 RpcInChannel* inChannel = connection->DefaultInChannel;
3165 RpcOutChannel* outChannel = connection->DefaultOutChannel;
3166
3167 switch (cmd)
3168 {
3169 case BIO_CTRL_FLUSH:
3170 (void)BIO_flush(inChannel->common.tls->bio);
3171 (void)BIO_flush(outChannel->common.tls->bio);
3172 status = 1;
3173 break;
3174
3175 case BIO_C_GET_EVENT:
3176 if (arg2)
3177 {
3178 *((HANDLE*)arg2) = tsg->rpc->client->PipeEvent;
3179 status = 1;
3180 }
3181
3182 break;
3183
3184 case BIO_C_SET_NONBLOCK:
3185 status = 1;
3186 break;
3187
3188 case BIO_C_READ_BLOCKED:
3189 {
3190 BIO* cbio = outChannel->common.bio;
3191 status = BIO_read_blocked(cbio);
3192 }
3193 break;
3194
3195 case BIO_C_WRITE_BLOCKED:
3196 {
3197 BIO* cbio = inChannel->common.bio;
3198 status = BIO_write_blocked(cbio);
3199 }
3200 break;
3201
3202 case BIO_C_WAIT_READ:
3203 {
3204 int timeout = (int)arg1;
3205 BIO* cbio = outChannel->common.bio;
3206
3207 if (BIO_read_blocked(cbio))
3208 return BIO_wait_read(cbio, timeout);
3209 else if (BIO_write_blocked(cbio))
3210 return BIO_wait_write(cbio, timeout);
3211 else
3212 status = 1;
3213 }
3214 break;
3215
3216 case BIO_C_WAIT_WRITE:
3217 {
3218 int timeout = (int)arg1;
3219 BIO* cbio = inChannel->common.bio;
3220
3221 if (BIO_write_blocked(cbio))
3222 status = BIO_wait_write(cbio, timeout);
3223 else if (BIO_read_blocked(cbio))
3224 status = BIO_wait_read(cbio, timeout);
3225 else
3226 status = 1;
3227 }
3228 break;
3229#if OPENSSL_VERSION_NUMBER >= 0x30000000L
3230 case BIO_CTRL_GET_KTLS_SEND:
3231 status = 0;
3232 break;
3233 case BIO_CTRL_GET_KTLS_RECV:
3234 status = 0;
3235 break;
3236#endif
3237 default:
3238 break;
3239 }
3240
3241 return status;
3242}
3243
3244static int transport_bio_tsg_new(BIO* bio)
3245{
3246 WINPR_ASSERT(bio);
3247 BIO_set_init(bio, 1);
3248 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3249 return 1;
3250}
3251
3252static int transport_bio_tsg_free(BIO* bio)
3253{
3254 WINPR_ASSERT(bio);
3255 WINPR_UNUSED(bio);
3256 return 1;
3257}
3258
3259BIO_METHOD* BIO_s_tsg(void)
3260{
3261 static BIO_METHOD* bio_methods = NULL;
3262
3263 if (bio_methods == NULL)
3264 {
3265 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway")))
3266 return NULL;
3267
3268 BIO_meth_set_write(bio_methods, transport_bio_tsg_write);
3269 BIO_meth_set_read(bio_methods, transport_bio_tsg_read);
3270 BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts);
3271 BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets);
3272 BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl);
3273 BIO_meth_set_create(bio_methods, transport_bio_tsg_new);
3274 BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free);
3275 }
3276
3277 return bio_methods;
3278}
3279
3280TSG_STATE tsg_get_state(rdpTsg* tsg)
3281{
3282 if (!tsg)
3283 return TSG_STATE_INITIAL;
3284
3285 return tsg->state;
3286}
3287
3288BIO* tsg_get_bio(rdpTsg* tsg)
3289{
3290 if (!tsg)
3291 return NULL;
3292
3293 return tsg->bio;
3294}
3295
3296BOOL tsg_set_state(rdpTsg* tsg, TSG_STATE state)
3297{
3298 if (!tsg)
3299 return FALSE;
3300
3301 tsg->state = state;
3302 return TRUE;
3303}
CONTEXT_HANDLE
Definition winpr/include/winpr/rpc.h:26
RPC_PDU
Definition libfreerdp/core/gateway/rpc.h:66
p_uuid_t
Definition libfreerdp/core/gateway/rpc.h:150