FreeRDP
Loading...
Searching...
No Matches
tsg.c
1
23#include <freerdp/config.h>
24
25#include "../settings.h"
26
27#include <winpr/assert.h>
28#include <winpr/crt.h>
29#include <winpr/error.h>
30#include <winpr/print.h>
31#include <winpr/stream.h>
32
33#include <freerdp/log.h>
34
35#include "rpc_bind.h"
36#include "rpc_client.h"
37#include "tsg.h"
38#include "../utils.h"
39#include "../../crypto/opensslcompat.h"
40
41#define TAG FREERDP_TAG("core.gateway.tsg")
42
43#define TSG_CAPABILITY_TYPE_NAP 0x00000001
44
45#define TSG_PACKET_TYPE_HEADER 0x00004844
46#define TSG_PACKET_TYPE_VERSIONCAPS 0x00005643
47#define TSG_PACKET_TYPE_QUARCONFIGREQUEST 0x00005143
48#define TSG_PACKET_TYPE_QUARREQUEST 0x00005152
49#define TSG_PACKET_TYPE_RESPONSE 0x00005052
50#define TSG_PACKET_TYPE_QUARENC_RESPONSE 0x00004552
51#define TSG_PACKET_TYPE_CAPS_RESPONSE 0x00004350
52#define TSG_PACKET_TYPE_MSGREQUEST_PACKET 0x00004752
53#define TSG_PACKET_TYPE_MESSAGE_PACKET 0x00004750
54#define TSG_PACKET_TYPE_AUTH 0x00004054
55#define TSG_PACKET_TYPE_REAUTH 0x00005250
56
57typedef WCHAR* RESOURCENAME;
58
59typedef struct
60{
61 RESOURCENAME* resourceName;
62 UINT32 numResourceNames;
63 RESOURCENAME* alternateResourceNames;
64 UINT16 numAlternateResourceNames;
65 UINT32 Port;
66} TSENDPOINTINFO;
67
68typedef struct
69{
70 UINT16 ComponentId;
71 UINT16 PacketId;
72} TSG_PACKET_HEADER;
73
74typedef struct
75{
76 UINT32 capabilities;
77} TSG_CAPABILITY_NAP;
78
79typedef union
80{
81 TSG_CAPABILITY_NAP tsgCapNap;
82} TSG_CAPABILITIES_UNION;
83
84typedef struct
85{
86 UINT32 capabilityType;
87 TSG_CAPABILITIES_UNION tsgPacket;
88} TSG_PACKET_CAPABILITIES;
89
90typedef struct
91{
92 TSG_PACKET_HEADER tsgHeader;
93 TSG_PACKET_CAPABILITIES tsgCaps;
94 UINT32 numCapabilities;
95 UINT16 majorVersion;
96 UINT16 minorVersion;
97 UINT16 quarantineCapabilities;
98} TSG_PACKET_VERSIONCAPS;
99
100typedef struct
101{
102 UINT32 flags;
103} TSG_PACKET_QUARCONFIGREQUEST;
104
105typedef struct
106{
107 UINT32 flags;
108 WCHAR* machineName;
109 UINT32 nameLength;
110 BYTE* data;
111 UINT32 dataLen;
112} TSG_PACKET_QUARREQUEST;
113
114typedef struct
115{
116 BOOL enableAllRedirections;
117 BOOL disableAllRedirections;
118 BOOL driveRedirectionDisabled;
119 BOOL printerRedirectionDisabled;
120 BOOL portRedirectionDisabled;
121 BOOL reserved;
122 BOOL clipboardRedirectionDisabled;
123 BOOL pnpRedirectionDisabled;
124} TSG_REDIRECTION_FLAGS;
125
126typedef struct
127{
128 UINT32 flags;
129 UINT32 reserved;
130 const BYTE* responseData;
131 UINT32 responseDataLen;
132 TSG_REDIRECTION_FLAGS redirectionFlags;
133} TSG_PACKET_RESPONSE;
134
135typedef struct
136{
137 UINT32 flags;
138 UINT32 certChainLen;
139 WCHAR* certChainData;
140 GUID nonce;
141 TSG_PACKET_VERSIONCAPS versionCaps;
142} TSG_PACKET_QUARENC_RESPONSE;
143
144typedef struct
145{
146 INT32 isDisplayMandatory;
147 INT32 isConsentMandatory;
148 UINT32 msgBytes;
149 WCHAR* msgBuffer;
150} TSG_PACKET_STRING_MESSAGE;
151
152typedef struct
153{
154 UINT64 tunnelContext;
155} TSG_PACKET_REAUTH_MESSAGE;
156
157typedef struct
158{
159 UINT32 msgID;
160 UINT32 msgType;
161 INT32 isMsgPresent;
162} TSG_PACKET_MSG_RESPONSE;
163
164typedef struct
165{
166 TSG_PACKET_QUARENC_RESPONSE pktQuarEncResponse;
167 TSG_PACKET_MSG_RESPONSE pktConsentMessage;
168} TSG_PACKET_CAPS_RESPONSE;
169
170typedef struct
171{
172 UINT32 maxMessagesPerBatch;
173} TSG_PACKET_MSG_REQUEST;
174
175typedef struct
176{
177 TSG_PACKET_VERSIONCAPS tsgVersionCaps;
178 UINT32 cookieLen;
179 BYTE* cookie;
180} TSG_PACKET_AUTH;
181
182typedef union
183{
184 TSG_PACKET_VERSIONCAPS packetVersionCaps;
185 TSG_PACKET_AUTH packetAuth;
186} TSG_INITIAL_PACKET_TYPE_UNION;
187
188typedef struct
189{
190 UINT64 tunnelContext;
191 UINT32 packetId;
192 TSG_INITIAL_PACKET_TYPE_UNION tsgInitialPacket;
193} TSG_PACKET_REAUTH;
194
195typedef union
196{
197 TSG_PACKET_HEADER packetHeader;
198 TSG_PACKET_VERSIONCAPS packetVersionCaps;
199 TSG_PACKET_QUARCONFIGREQUEST packetQuarConfigRequest;
200 TSG_PACKET_QUARREQUEST packetQuarRequest;
201 TSG_PACKET_RESPONSE packetResponse;
202 TSG_PACKET_QUARENC_RESPONSE packetQuarEncResponse;
203 TSG_PACKET_CAPS_RESPONSE packetCapsResponse;
204 TSG_PACKET_MSG_REQUEST packetMsgRequest;
205 TSG_PACKET_MSG_RESPONSE packetMsgResponse;
206 TSG_PACKET_AUTH packetAuth;
207 TSG_PACKET_REAUTH packetReauth;
208} TSG_PACKET_TYPE_UNION;
209
210typedef struct
211{
212 UINT32 packetId;
213 TSG_PACKET_TYPE_UNION tsgPacket;
214} TSG_PACKET;
215
216struct rdp_tsg
217{
218 BIO* bio;
219 rdpRpc* rpc;
220 UINT16 Port;
221 LPWSTR Hostname;
222 TSG_STATE state;
223 UINT32 TunnelId;
224 UINT32 ChannelId;
225 BOOL reauthSequence;
226 rdpTransport* transport;
227 UINT64 ReauthTunnelContext;
228 CONTEXT_HANDLE TunnelContext;
229 CONTEXT_HANDLE ChannelContext;
230 CONTEXT_HANDLE NewTunnelContext;
231 CONTEXT_HANDLE NewChannelContext;
232 wLog* log;
233 TSG_PACKET_QUARENC_RESPONSE CapsResponse;
234 TSG_PACKET_QUARREQUEST QuarreQuest;
235};
236
237static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
238 TSG_PACKET_STRING_MESSAGE* msg);
239static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align);
240
241static const char* tsg_caps_to_string(UINT32 caps, char* buffer, size_t len)
242{
243 const UINT32 mask = ~(TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT |
244 TSG_MESSAGING_CAP_CONSENT_SIGN | TSG_MESSAGING_CAP_SERVICE_MSG |
245 TSG_MESSAGING_CAP_REAUTH);
246 const UINT32 val = caps & mask;
247
248 if ((caps & TSG_NAP_CAPABILITY_QUAR_SOH) != 0)
249 (void)winpr_str_append("TSG_NAP_CAPABILITY_QUAR_SOH", buffer, len, "|");
250 if ((caps & TSG_NAP_CAPABILITY_IDLE_TIMEOUT) != 0)
251 (void)winpr_str_append("TSG_NAP_CAPABILITY_IDLE_TIMEOUT", buffer, len, "|");
252 if ((caps & TSG_MESSAGING_CAP_CONSENT_SIGN) != 0)
253 (void)winpr_str_append("TSG_MESSAGING_CAP_CONSENT_SIGN", buffer, len, "|");
254 if ((caps & TSG_MESSAGING_CAP_SERVICE_MSG) != 0)
255 (void)winpr_str_append("TSG_MESSAGING_CAP_SERVICE_MSG", buffer, len, "|");
256 if ((caps & TSG_MESSAGING_CAP_REAUTH) != 0)
257 (void)winpr_str_append("TSG_MESSAGING_CAP_REAUTH", buffer, len, "|");
258
259 if (val != 0)
260 {
261 char number[32] = WINPR_C_ARRAY_INIT;
262 (void)_snprintf(number, sizeof(number), "TSG_UNKNOWN{0x%08" PRIx32 "}", val);
263 (void)winpr_str_append(number, buffer, len, "|");
264 }
265
266 return buffer;
267}
268
269static const char* tsg_packet_id_to_string(UINT32 packetId)
270{
271 switch (packetId)
272 {
273 case TSG_PACKET_TYPE_HEADER:
274 return "TSG_PACKET_TYPE_HEADER";
275 case TSG_PACKET_TYPE_VERSIONCAPS:
276 return "TSG_PACKET_TYPE_VERSIONCAPS";
277 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
278 return "TSG_PACKET_TYPE_QUARCONFIGREQUEST";
279 case TSG_PACKET_TYPE_QUARREQUEST:
280 return "TSG_PACKET_TYPE_QUARREQUEST";
281 case TSG_PACKET_TYPE_RESPONSE:
282 return "TSG_PACKET_TYPE_RESPONSE";
283 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
284 return "TSG_PACKET_TYPE_QUARENC_RESPONSE";
285 case TSG_CAPABILITY_TYPE_NAP:
286 return "TSG_CAPABILITY_TYPE_NAP";
287 case TSG_PACKET_TYPE_CAPS_RESPONSE:
288 return "TSG_PACKET_TYPE_CAPS_RESPONSE";
289 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
290 return "TSG_PACKET_TYPE_MSGREQUEST_PACKET";
291 case TSG_PACKET_TYPE_MESSAGE_PACKET:
292 return "TSG_PACKET_TYPE_MESSAGE_PACKET";
293 case TSG_PACKET_TYPE_AUTH:
294 return "TSG_PACKET_TYPE_AUTH";
295 case TSG_PACKET_TYPE_REAUTH:
296 return "TSG_PACKET_TYPE_REAUTH";
297 default:
298 return "UNKNOWN";
299 }
300}
301
302static const char* tsg_component_id_to_string(UINT16 ComponentId, char* buffer, size_t bytelen)
303{
304 const char* str = nullptr;
305
306#define ENTRY(x) \
307 case x: \
308 str = #x; \
309 break
310 switch (ComponentId)
311 {
312 ENTRY(TS_GATEWAY_TRANSPORT);
313 default:
314 str = "TS_UNKNOWN";
315 break;
316 }
317#undef ENTRY
318
319 (void)_snprintf(buffer, bytelen, "%s [0x%04" PRIx16 "]", str, ComponentId);
320 return buffer;
321}
322
323static const char* tsg_state_to_string(TSG_STATE state)
324{
325 switch (state)
326 {
327 case TSG_STATE_INITIAL:
328 return "TSG_STATE_INITIAL";
329 case TSG_STATE_CONNECTED:
330 return "TSG_STATE_CONNECTED";
331 case TSG_STATE_AUTHORIZED:
332 return "TSG_STATE_AUTHORIZED";
333 case TSG_STATE_CHANNEL_CREATED:
334 return "TSG_STATE_CHANNEL_CREATED";
335 case TSG_STATE_PIPE_CREATED:
336 return "TSG_STATE_PIPE_CREATED";
337 case TSG_STATE_TUNNEL_CLOSE_PENDING:
338 return "TSG_STATE_TUNNEL_CLOSE_PENDING";
339 case TSG_STATE_CHANNEL_CLOSE_PENDING:
340 return "TSG_STATE_CHANNEL_CLOSE_PENDING";
341 case TSG_STATE_FINAL:
342 return "TSG_STATE_FINAL";
343 default:
344 return "TSG_STATE_UNKNOWN";
345 }
346}
347
348static BOOL TsProxyReadTunnelContext(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext)
349{
350 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 20))
351 return FALSE;
352
353 WINPR_ASSERT(tunnelContext);
354 Stream_Read_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
355 Stream_Read(s, &tunnelContext->ContextUuid,
356 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
357 return TRUE;
358}
359
360static BOOL TsProxyWriteTunnelContext(WINPR_ATTR_UNUSED wLog* log, wStream* s,
361 const CONTEXT_HANDLE* tunnelContext)
362{
363 if (!Stream_EnsureRemainingCapacity(s, 20))
364 return FALSE;
365
366 Stream_Write_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
367 Stream_Write(s, &tunnelContext->ContextUuid,
368 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
369 return TRUE;
370}
371
372static BOOL tsg_ndr_pointer_write(WINPR_ATTR_UNUSED wLog* log, wStream* s, UINT32* index,
373 DWORD length)
374{
375 WINPR_ASSERT(index);
376 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
377
378 if (!s)
379 return FALSE;
380 if (!Stream_EnsureRemainingCapacity(s, 4))
381 return FALSE;
382
383 if (length > 0)
384 {
385 Stream_Write_UINT32(s, ndrPtr); /* mszGroupsNdrPtr (4 bytes) */
386 (*index) = (*index) + 1;
387 }
388 else
389 Stream_Write_UINT32(s, 0);
390 return TRUE;
391}
392
393static BOOL tsg_ndr_pointer_read(wLog* log, wStream* s, UINT32* index, UINT32* ptrval,
394 BOOL required)
395{
396 WINPR_ASSERT(index);
397 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
398
399 if (!s)
400 return FALSE;
401 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
402 return FALSE;
403
404 const DWORD val = Stream_Get_UINT32(s);
405 if (ptrval)
406 *ptrval = val;
407
408 if (val != 0)
409 {
410 if (val != ndrPtr)
411 {
412 WLog_Print(log, WLOG_WARN, "Read NDR pointer 0x%04" PRIx32 " but expected 0x%04" PRIx32,
413 val, ndrPtr);
414 if ((val & 0xFFFF0000) != (ndrPtr & 0xFFFF0000))
415 return FALSE;
416 }
417 (*index)++;
418 }
419 else if (required)
420 {
421 WLog_Print(log, WLOG_ERROR, "NDR pointer == 0, but the field is required");
422 return FALSE;
423 }
424
425 return TRUE;
426}
427
428static BOOL tsg_ndr_write_conformant_array(WINPR_ATTR_UNUSED wLog* log, wStream* s,
429 const void* data, size_t length)
430{
431 const size_t pad = length % 4;
432 if ((length > UINT32_MAX) || !Stream_EnsureRemainingCapacity(s, 4ull + length))
433 return FALSE;
434
435 Stream_Write_UINT32(s, WINPR_ASSERTING_INT_CAST(uint32_t, length)); /* MaxCount (4 bytes) */
436 Stream_Write(s, data, length);
437 if (pad != 0)
438 Stream_Zero(s, 4 - pad);
439
440 return TRUE;
441}
442
443static BOOL tsg_ndr_write_string(WINPR_ATTR_UNUSED wLog* log, wStream* s, const WCHAR* str,
444 size_t length)
445{
446 const size_t pad = (length % 2) * sizeof(WCHAR);
447 if ((length > UINT32_MAX) ||
448 !Stream_EnsureRemainingCapacity(s, 12ull + length * sizeof(WCHAR) + pad))
449 return FALSE;
450
451 Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */
452 Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */
453 Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */
454 if (!Stream_Write_UTF16_String(s, str, length)) /* Array */
455 return FALSE;
456 Stream_Zero(s, pad);
457 return TRUE;
458}
459
460static BOOL tsg_ndr_read_string(wLog* log, wStream* s, WCHAR** str, UINT32 lengthInBytes)
461{
462 UINT32 MaxCount = 0;
463 UINT32 Offset = 0;
464 UINT32 ActualCount = 0;
465
466 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
467 return FALSE;
468
469 Stream_Read_UINT32(s, MaxCount); /* MaxCount (4 bytes) */
470 Stream_Read_UINT32(s, Offset); /* Offset (4 bytes) */
471 Stream_Read_UINT32(s, ActualCount); /* ActualCount (4 bytes) */
472 if (ActualCount > MaxCount)
473 {
474 WLog_Print(log, WLOG_ERROR,
475 "failed to read string, ActualCount (%" PRIu32 ") > MaxCount (%" PRIu32 ")",
476 ActualCount, MaxCount);
477 return FALSE;
478 }
479 if (Offset != 0)
480 {
481 WLog_Print(log, WLOG_ERROR, "Unsupported Offset (%" PRIu32 "), expected 0", Offset);
482 return FALSE;
483 }
484 if (ActualCount > lengthInBytes / sizeof(WCHAR))
485 {
486 WLog_Print(log, WLOG_ERROR,
487 "failed to read string, ActualCount (%" PRIu32
488 ") * sizeof(WCHAR) > lengthInBytes (%" PRIu32 ")",
489 ActualCount, lengthInBytes);
490 return FALSE;
491 }
492 if (str)
493 *str = Stream_PointerAs(s, WCHAR);
494
495 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, ActualCount * sizeof(WCHAR)))
496 return FALSE;
497 Stream_Seek(s, ActualCount * sizeof(WCHAR));
498
499 const size_t pad = (ActualCount % 2);
500 return Stream_SafeSeek(s, pad * sizeof(WCHAR));
501}
502
503static BOOL tsg_ndr_read_packet_header(wLog* log, wStream* s, TSG_PACKET_HEADER* header)
504{
505 const UINT32 ComponentId = TS_GATEWAY_TRANSPORT;
506
507 WINPR_ASSERT(header);
508 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2, sizeof(UINT16)))
509 return FALSE;
510 Stream_Read_UINT16(s, header->ComponentId);
511 Stream_Read_UINT16(s, header->PacketId);
512
513 if (ComponentId != header->ComponentId)
514 {
515 char buffer[64] = WINPR_C_ARRAY_INIT;
516 char buffer2[64] = WINPR_C_ARRAY_INIT;
517 WLog_Print(log, WLOG_ERROR, "Unexpected ComponentId: %s, Expected %s",
518 tsg_component_id_to_string(header->ComponentId, buffer, sizeof(buffer)),
519 tsg_component_id_to_string(ComponentId, buffer2, sizeof(buffer2)));
520 return FALSE;
521 }
522
523 return TRUE;
524}
525
526static BOOL tsg_ndr_write_packet_header(WINPR_ATTR_UNUSED wLog* log, wStream* s,
527 const TSG_PACKET_HEADER* header)
528{
529 WINPR_ASSERT(header);
530 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT16)))
531 return FALSE;
532 Stream_Write_UINT16(s, header->ComponentId);
533 Stream_Write_UINT16(s, header->PacketId);
534 return TRUE;
535}
536
537static BOOL tsg_ndr_read_nap(wLog* log, wStream* s, TSG_CAPABILITY_NAP* nap)
538{
539 WINPR_ASSERT(nap);
540
541 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
542 return FALSE;
543 Stream_Read_UINT32(s, nap->capabilities);
544 {
545 char buffer[256] = WINPR_C_ARRAY_INIT;
546 WLog_Print(log, WLOG_DEBUG, "Received version caps %s",
547 tsg_caps_to_string(nap->capabilities, buffer, sizeof(buffer)));
548 }
549 return TRUE;
550}
551
552static BOOL tsg_ndr_write_nap(wLog* log, wStream* s, const TSG_CAPABILITY_NAP* nap)
553{
554 WINPR_ASSERT(nap);
555
556 if (!Stream_EnsureRemainingCapacity(s, 1 * sizeof(UINT32)))
557 return FALSE;
558
559 {
560 char buffer[256] = WINPR_C_ARRAY_INIT;
561 WLog_Print(log, WLOG_DEBUG, "Sending version caps %s",
562 tsg_caps_to_string(nap->capabilities, buffer, sizeof(buffer)));
563 }
564 Stream_Write_UINT32(s, nap->capabilities);
565 return TRUE;
566}
567
568static BOOL tsg_ndr_read_tsg_caps(wLog* log, wStream* s, TSG_PACKET_CAPABILITIES* caps)
569{
570 UINT32 capabilityType = 0;
571 UINT32 count = 0;
572 WINPR_ASSERT(caps);
573
574 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 3, sizeof(UINT32)))
575 return FALSE;
576 Stream_Read_UINT32(s, count);
577 Stream_Read_UINT32(s, capabilityType);
578 Stream_Read_UINT32(s, caps->capabilityType);
579 if (capabilityType != caps->capabilityType)
580 {
581 WLog_Print(log, WLOG_ERROR,
582 "Inconsistent data, capabilityType 0x%08" PRIx32 " != 0x%08" PRIx32,
583 capabilityType, caps->capabilityType);
584 return FALSE;
585 }
586 switch (caps->capabilityType)
587 {
588 case TSG_CAPABILITY_TYPE_NAP:
589 if (count < 1)
590 {
591 WLog_Print(log, WLOG_ERROR, "Inconsistent data, capabilityType %s count=%" PRIu32,
592 tsg_packet_id_to_string(capabilityType), count);
593 return FALSE;
594 }
595 return tsg_ndr_read_nap(log, s, &caps->tsgPacket.tsgCapNap);
596 default:
597 WLog_Print(log, WLOG_ERROR,
598 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32
599 " [count=%" PRIu32 "]",
600 caps->capabilityType, count);
601 return FALSE;
602 }
603}
604
605static BOOL tsg_ndr_write_tsg_caps(wLog* log, wStream* s, const TSG_PACKET_CAPABILITIES* caps)
606{
607 WINPR_ASSERT(caps);
608
609 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT32)))
610 return FALSE;
611 Stream_Write_UINT32(s, caps->capabilityType);
612 Stream_Write_UINT32(s, caps->capabilityType);
613
614 switch (caps->capabilityType)
615 {
616 case TSG_CAPABILITY_TYPE_NAP:
617 return tsg_ndr_write_nap(log, s, &caps->tsgPacket.tsgCapNap);
618 default:
619 WLog_Print(log, WLOG_ERROR,
620 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32,
621 caps->capabilityType);
622 return FALSE;
623 }
624}
625
626static BOOL tsg_ndr_read_version_caps(wLog* log, wStream* s, UINT32* index,
627 TSG_PACKET_VERSIONCAPS* caps)
628{
629 WINPR_ASSERT(caps);
630 if (!tsg_ndr_read_packet_header(log, s, &caps->tsgHeader))
631 return FALSE;
632
633 UINT32 TSGCapsPtr = 0;
634 if (!tsg_ndr_pointer_read(log, s, index, &TSGCapsPtr, TRUE))
635 return FALSE;
636
637 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 10))
638 return FALSE;
639 Stream_Read_UINT32(s, caps->numCapabilities);
640 Stream_Read_UINT16(s, caps->majorVersion);
641 Stream_Read_UINT16(s, caps->minorVersion);
642 Stream_Read_UINT16(s, caps->quarantineCapabilities);
643 /* 4-byte alignment */
644 if (!tsg_stream_align(log, s, 4))
645 return FALSE;
646
647 if (caps->numCapabilities > 1)
648 {
649 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
650 caps->numCapabilities);
651 return FALSE;
652 }
653
654 return tsg_ndr_read_tsg_caps(log, s, &caps->tsgCaps);
655}
656
657static BOOL tsg_ndr_write_version_caps(wLog* log, wStream* s, UINT32* index,
658 const TSG_PACKET_VERSIONCAPS* caps)
659{
660 WINPR_ASSERT(caps);
661 if (!tsg_ndr_write_packet_header(log, s, &caps->tsgHeader))
662 return FALSE;
663
664 if (!tsg_ndr_pointer_write(log, s, index, 1)) /* TsgCapsPtr (4 bytes) */
665 return FALSE;
666
667 if (!Stream_EnsureRemainingCapacity(s, 10))
668 return FALSE;
669
670 if (caps->numCapabilities > 1)
671 {
672 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
673 caps->numCapabilities);
674 return FALSE;
675 }
676 Stream_Write_UINT32(s, caps->numCapabilities);
677 Stream_Write_UINT16(s, caps->majorVersion);
678 Stream_Write_UINT16(s, caps->minorVersion);
679 Stream_Write_UINT16(s, caps->quarantineCapabilities);
680
681 /* 4-byte alignment (30 + 2) */
682 Stream_Write_UINT16(s, 0x0000); /* pad (2 bytes) */
683 Stream_Write_UINT32(s, caps->numCapabilities); /* MaxCount (4 bytes) */
684 return tsg_ndr_write_tsg_caps(log, s, &caps->tsgCaps);
685}
686
687static BOOL tsg_ndr_read_quarenc_response(wLog* log, wStream* s, UINT32* index,
688 TSG_PACKET_QUARENC_RESPONSE* quarenc)
689{
690 WINPR_ASSERT(quarenc);
691 UINT32 CertChainDataPtr = 0;
692 UINT32 VersionCapsPtr = 0;
693
694 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
695 return FALSE;
696 Stream_Read_UINT32(s, quarenc->flags);
697 Stream_Read_UINT32(s, quarenc->certChainLen);
698
699 if (!tsg_ndr_pointer_read(log, s, index, &CertChainDataPtr, quarenc->certChainLen != 0))
700 return FALSE;
701
702 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(quarenc->nonce)))
703 return FALSE;
704 Stream_Read(s, &quarenc->nonce, sizeof(quarenc->nonce));
705
706 return (tsg_ndr_pointer_read(log, s, index, &VersionCapsPtr, TRUE));
707}
708
709static BOOL tsg_ndr_read_quarenc_data(wLog* log, wStream* s, UINT32* index,
710 TSG_PACKET_QUARENC_RESPONSE* quarenc)
711{
712 WINPR_ASSERT(quarenc);
713
714 if (quarenc->certChainLen > 0)
715 {
716 /* [MS-TSGU] 2.2.9.2.1.6 TSG_PACKET_QUARENC_RESPONSE::certChainLen number of WCHAR */
717 if (!tsg_ndr_read_string(log, s, &quarenc->certChainData,
718 quarenc->certChainLen * sizeof(WCHAR)))
719 return FALSE;
720 /* 4-byte alignment */
721 if (!tsg_stream_align(log, s, 4))
722 return FALSE;
723 }
724
725 return tsg_ndr_read_version_caps(log, s, index, &quarenc->versionCaps);
726}
727
728static BOOL tsg_ndr_write_auth(wLog* log, wStream* s, UINT32* index, const TSG_PACKET_AUTH* auth)
729{
730 WINPR_ASSERT(auth);
731
732 if (!tsg_ndr_write_version_caps(log, s, index, &auth->tsgVersionCaps))
733 return FALSE;
734
735 if (!Stream_EnsureRemainingCapacity(s, 4))
736 return FALSE;
737
738 Stream_Write_UINT32(s, auth->cookieLen);
739 if (!tsg_ndr_pointer_write(log, s, index, auth->cookieLen))
740 return FALSE;
741
742 if (!Stream_EnsureRemainingCapacity(s, auth->cookieLen))
743 return FALSE;
744 Stream_Write(s, auth->cookie, auth->cookieLen);
745 return TRUE;
746}
747
748static BOOL tsg_ndr_write_reauth(wLog* log, wStream* s, UINT32* index,
749 const TSG_PACKET_REAUTH* auth)
750{
751 WINPR_ASSERT(auth);
752
753 if (!Stream_EnsureRemainingCapacity(s, 12))
754 return FALSE;
755
756 Stream_Write_UINT64(s, auth->tunnelContext); /* TunnelContext (8 bytes) */
757 Stream_Write_UINT32(s, auth->packetId); /* PacketId (4 bytes) */
758
759 switch (auth->packetId)
760 {
761 case TSG_PACKET_TYPE_VERSIONCAPS:
762 return tsg_ndr_write_version_caps(log, s, index,
763 &auth->tsgInitialPacket.packetVersionCaps);
764 case TSG_PACKET_TYPE_AUTH:
765 return tsg_ndr_write_auth(log, s, index, &auth->tsgInitialPacket.packetAuth);
766 default:
767 WLog_Print(log, WLOG_ERROR, "unexpected packetId %s",
768 tsg_packet_id_to_string(auth->packetId));
769 return FALSE;
770 }
771}
772
773static BOOL tsg_ndr_read_packet_redirection_flags(wLog* log, wStream* s,
774 TSG_REDIRECTION_FLAGS* redirectionFlags)
775{
776 WINPR_ASSERT(redirectionFlags);
777
778 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 8, sizeof(UINT32)))
779 return FALSE;
780
781 redirectionFlags->enableAllRedirections =
782 Stream_Get_INT32(s); /* EnableAllRedirections (4 bytes) */
783 redirectionFlags->disableAllRedirections =
784 Stream_Get_INT32(s); /* DisableAllRedirections (4 bytes) */
785 redirectionFlags->driveRedirectionDisabled =
786 Stream_Get_INT32(s); /* DriveRedirectionDisabled (4 bytes) */
787 redirectionFlags->printerRedirectionDisabled =
788 Stream_Get_INT32(s); /* PrinterRedirectionDisabled (4 bytes) */
789 redirectionFlags->portRedirectionDisabled =
790 Stream_Get_INT32(s); /* PortRedirectionDisabled (4 bytes) */
791 redirectionFlags->reserved = Stream_Get_INT32(s); /* Reserved (4 bytes) */
792 redirectionFlags->clipboardRedirectionDisabled =
793 Stream_Get_INT32(s); /* ClipboardRedirectionDisabled (4 bytes) */
794 redirectionFlags->pnpRedirectionDisabled =
795 Stream_Get_INT32(s); /* PnpRedirectionDisabled (4 bytes) */
796 return TRUE;
797}
798
799WINPR_ATTR_FORMAT_ARG(3, 4)
800static BOOL tsg_print(char** buffer, size_t* len, WINPR_FORMAT_ARG const char* fmt, ...)
801{
802 int rc = 0;
803 va_list ap = WINPR_C_ARRAY_INIT;
804 if (!buffer || !len || !fmt)
805 return FALSE;
806 va_start(ap, fmt);
807 rc = vsnprintf(*buffer, *len, fmt, ap);
808 va_end(ap);
809 if ((rc < 0) || ((size_t)rc > *len))
810 return FALSE;
811 *len -= (size_t)rc;
812 *buffer += (size_t)rc;
813 return TRUE;
814}
815
816static BOOL tsg_packet_header_to_string(char** buffer, size_t* length,
817 const TSG_PACKET_HEADER* header)
818{
819 WINPR_ASSERT(buffer);
820 WINPR_ASSERT(length);
821 WINPR_ASSERT(header);
822
823 return tsg_print(buffer, length,
824 "header { ComponentId=0x%04" PRIx16 ", PacketId=0x%04" PRIx16 " }",
825 header->ComponentId, header->PacketId);
826}
827
828static BOOL tsg_type_capability_nap_to_string(char** buffer, size_t* length,
829 const TSG_CAPABILITY_NAP* cur)
830{
831 WINPR_ASSERT(buffer);
832 WINPR_ASSERT(length);
833 WINPR_ASSERT(cur);
834
835 return tsg_print(buffer, length, "%s { capabilities=0x%08" PRIx32 " }",
836 tsg_packet_id_to_string(TSG_CAPABILITY_TYPE_NAP), cur->capabilities);
837}
838
839static BOOL tsg_packet_capabilities_to_string(char** buffer, size_t* length,
840 const TSG_PACKET_CAPABILITIES* caps, UINT32 numCaps)
841{
842 WINPR_ASSERT(buffer);
843 WINPR_ASSERT(length);
844 WINPR_ASSERT(caps);
845
846 if (!tsg_print(buffer, length, "capabilities { "))
847 return FALSE;
848
849 for (UINT32 x = 0; x < numCaps; x++)
850 {
851 const TSG_PACKET_CAPABILITIES* cur = &caps[x];
852 switch (cur->capabilityType)
853 {
854 case TSG_CAPABILITY_TYPE_NAP:
855 if (!tsg_type_capability_nap_to_string(buffer, length, &cur->tsgPacket.tsgCapNap))
856 return FALSE;
857 break;
858 default:
859 if (!tsg_print(buffer, length, "TSG_UNKNOWN_CAPABILITY"))
860 return FALSE;
861 break;
862 }
863 }
864 return tsg_print(buffer, length, " }");
865}
866
867static BOOL tsg_packet_versioncaps_to_string(char** buffer, size_t* length,
868 const TSG_PACKET_VERSIONCAPS* caps)
869{
870 WINPR_ASSERT(buffer);
871 WINPR_ASSERT(length);
872 WINPR_ASSERT(caps);
873
874 if (!tsg_print(buffer, length, "versioncaps { "))
875 return FALSE;
876 if (!tsg_packet_header_to_string(buffer, length, &caps->tsgHeader))
877 return FALSE;
878
879 if (!tsg_print(buffer, length, " "))
880 return FALSE;
881
882 if (caps->numCapabilities > 1)
883 {
884 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
885 caps->numCapabilities);
886 return FALSE;
887 }
888
889 if (!tsg_packet_capabilities_to_string(buffer, length, &caps->tsgCaps, caps->numCapabilities))
890 return FALSE;
891
892 if (!tsg_print(buffer, length,
893 " numCapabilities=0x%08" PRIx32 ", majorVersion=0x%04" PRIx16
894 ", minorVersion=0x%04" PRIx16 ", quarantineCapabilities=0x%04" PRIx16,
895 caps->numCapabilities, caps->majorVersion, caps->minorVersion,
896 caps->quarantineCapabilities))
897 return FALSE;
898
899 return tsg_print(buffer, length, " }");
900}
901
902static BOOL tsg_packet_quarconfigrequest_to_string(char** buffer, size_t* length,
903 const TSG_PACKET_QUARCONFIGREQUEST* caps)
904{
905 WINPR_ASSERT(buffer);
906 WINPR_ASSERT(length);
907 WINPR_ASSERT(caps);
908
909 if (!tsg_print(buffer, length, "quarconfigrequest { "))
910 return FALSE;
911
912 if (!tsg_print(buffer, length, " "))
913 return FALSE;
914
915 if (!tsg_print(buffer, length, " flags=0x%08" PRIx32, caps->flags))
916 return FALSE;
917
918 return tsg_print(buffer, length, " }");
919}
920
921static BOOL tsg_packet_quarrequest_to_string(char** buffer, size_t* length,
922 const TSG_PACKET_QUARREQUEST* caps)
923{
924 BOOL rc = FALSE;
925 char* name = nullptr;
926 char* strdata = nullptr;
927
928 WINPR_ASSERT(buffer);
929 WINPR_ASSERT(length);
930 WINPR_ASSERT(caps);
931
932 if (!tsg_print(buffer, length, "quarrequest { "))
933 return FALSE;
934
935 if (!tsg_print(buffer, length, " "))
936 return FALSE;
937
938 if (caps->nameLength > 0)
939 {
940 if (caps->nameLength > INT_MAX)
941 return FALSE;
942 name = ConvertWCharNToUtf8Alloc(caps->machineName, caps->nameLength, nullptr);
943 if (!name)
944 return FALSE;
945 }
946
947 strdata = winpr_BinToHexString(caps->data, caps->dataLen, TRUE);
948 if (strdata || (caps->dataLen == 0))
949 rc = tsg_print(buffer, length,
950 " flags=0x%08" PRIx32 ", machineName=%s [%" PRIu32 "], data[%" PRIu32 "]=%s",
951 caps->flags, name, caps->nameLength, caps->dataLen, strdata);
952 free(name);
953 free(strdata);
954 if (!rc)
955 return FALSE;
956
957 return tsg_print(buffer, length, " }");
958}
959
960static const char* tsg_bool_to_string(BOOL val)
961{
962 if (val)
963 return "true";
964 return "false";
965}
966
967static const char* tsg_redirection_flags_to_string(char* buffer, size_t size,
968 const TSG_REDIRECTION_FLAGS* flags)
969{
970 WINPR_ASSERT(buffer || (size == 0));
971 WINPR_ASSERT(flags);
972
973 (void)_snprintf(
974 buffer, size,
975 "enableAllRedirections=%s, disableAllRedirections=%s, driveRedirectionDisabled=%s, "
976 "printerRedirectionDisabled=%s, portRedirectionDisabled=%s, reserved=%s, "
977 "clipboardRedirectionDisabled=%s, pnpRedirectionDisabled=%s",
978 tsg_bool_to_string(flags->enableAllRedirections),
979 tsg_bool_to_string(flags->disableAllRedirections),
980 tsg_bool_to_string(flags->driveRedirectionDisabled),
981 tsg_bool_to_string(flags->printerRedirectionDisabled),
982 tsg_bool_to_string(flags->portRedirectionDisabled), tsg_bool_to_string(flags->reserved),
983 tsg_bool_to_string(flags->clipboardRedirectionDisabled),
984 tsg_bool_to_string(flags->pnpRedirectionDisabled));
985 return buffer;
986}
987
988static BOOL tsg_packet_response_to_string(char** buffer, size_t* length,
989 const TSG_PACKET_RESPONSE* caps)
990{
991 BOOL rc = FALSE;
992 char* strdata = nullptr;
993 char tbuffer[8192] = WINPR_C_ARRAY_INIT;
994
995 WINPR_ASSERT(buffer);
996 WINPR_ASSERT(length);
997 WINPR_ASSERT(caps);
998
999 if (!tsg_print(buffer, length, "response { "))
1000 return FALSE;
1001
1002 if (!tsg_print(buffer, length, " "))
1003 return FALSE;
1004
1005 strdata = winpr_BinToHexString(caps->responseData, caps->responseDataLen, TRUE);
1006 if (strdata || (caps->responseDataLen == 0))
1007 rc = tsg_print(
1008 buffer, length,
1009 " flags=0x%08" PRIx32 ", reserved=0x%08" PRIx32 ", responseData[%" PRIu32
1010 "]=%s, redirectionFlags={ %s }",
1011 caps->flags, caps->reserved, caps->responseDataLen, strdata,
1012 tsg_redirection_flags_to_string(tbuffer, ARRAYSIZE(tbuffer), &caps->redirectionFlags));
1013 free(strdata);
1014 if (!rc)
1015 return FALSE;
1016
1017 return tsg_print(buffer, length, " }");
1018}
1019
1020static BOOL tsg_packet_quarenc_response_to_string(char** buffer, size_t* length,
1021 const TSG_PACKET_QUARENC_RESPONSE* caps)
1022{
1023 BOOL rc = FALSE;
1024 char* strdata = nullptr;
1025 RPC_CSTR uuid = nullptr;
1026 char tbuffer[8192] = WINPR_C_ARRAY_INIT;
1027 size_t size = ARRAYSIZE(tbuffer);
1028 char* ptbuffer = tbuffer;
1029
1030 WINPR_ASSERT(buffer);
1031 WINPR_ASSERT(length);
1032 WINPR_ASSERT(caps);
1033
1034 if (!tsg_print(buffer, length, "quarenc_response { "))
1035 return FALSE;
1036
1037 if (!tsg_print(buffer, length, " "))
1038 return FALSE;
1039
1040 if (UuidToStringA(&caps->nonce, &uuid) != RPC_S_OK)
1041 return FALSE;
1042
1043 if (caps->certChainLen > 0)
1044 {
1045 if (caps->certChainLen > INT_MAX)
1046 goto fail;
1047 strdata = ConvertWCharNToUtf8Alloc(caps->certChainData, caps->certChainLen, nullptr);
1048 if (!strdata)
1049 goto fail;
1050 }
1051
1052 tsg_packet_versioncaps_to_string(&ptbuffer, &size, &caps->versionCaps);
1053 if (strdata || (caps->certChainLen == 0))
1054 rc =
1055 tsg_print(buffer, length,
1056 " flags=0x%08" PRIx32 ", certChain[%" PRIu32 "]=%s, nonce=%s, versionCaps=%s",
1057 caps->flags, caps->certChainLen, strdata, uuid, tbuffer);
1058
1059fail:
1060 free(strdata);
1061 RpcStringFreeA(&uuid);
1062 if (!rc)
1063 return FALSE;
1064
1065 return tsg_print(buffer, length, " }");
1066}
1067
1068static BOOL tsg_packet_message_response_to_string(char** buffer, size_t* length,
1069 const TSG_PACKET_MSG_RESPONSE* caps)
1070{
1071 WINPR_ASSERT(buffer);
1072 WINPR_ASSERT(length);
1073 WINPR_ASSERT(caps);
1074
1075 if (!tsg_print(buffer, length, "msg_response { "))
1076 return FALSE;
1077
1078 if (!tsg_print(buffer, length,
1079 " msgID=0x%08" PRIx32 ", msgType=0x%08" PRIx32 ", isMsgPresent=%" PRId32,
1080 caps->msgID, caps->msgType, caps->isMsgPresent))
1081 return FALSE;
1082
1083 return tsg_print(buffer, length, " }");
1084}
1085
1086static BOOL tsg_packet_caps_response_to_string(char** buffer, size_t* length,
1087 const TSG_PACKET_CAPS_RESPONSE* caps)
1088{
1089 WINPR_ASSERT(buffer);
1090 WINPR_ASSERT(length);
1091 WINPR_ASSERT(caps);
1092
1093 if (!tsg_print(buffer, length, "caps_response { "))
1094 return FALSE;
1095
1096 if (!tsg_packet_quarenc_response_to_string(buffer, length, &caps->pktQuarEncResponse))
1097 return FALSE;
1098
1099 if (!tsg_packet_message_response_to_string(buffer, length, &caps->pktConsentMessage))
1100 return FALSE;
1101
1102 return tsg_print(buffer, length, " }");
1103}
1104
1105static BOOL tsg_packet_message_request_to_string(char** buffer, size_t* length,
1106 const TSG_PACKET_MSG_REQUEST* caps)
1107{
1108 WINPR_ASSERT(buffer);
1109 WINPR_ASSERT(length);
1110 WINPR_ASSERT(caps);
1111
1112 if (!tsg_print(buffer, length, "caps_message_request { "))
1113 return FALSE;
1114
1115 if (!tsg_print(buffer, length, " maxMessagesPerBatch=%" PRIu32, caps->maxMessagesPerBatch))
1116 return FALSE;
1117
1118 return tsg_print(buffer, length, " }");
1119}
1120
1121static BOOL tsg_packet_auth_to_string(char** buffer, size_t* length, const TSG_PACKET_AUTH* caps)
1122{
1123 BOOL rc = FALSE;
1124 char* strdata = nullptr;
1125 WINPR_ASSERT(buffer);
1126 WINPR_ASSERT(length);
1127 WINPR_ASSERT(caps);
1128
1129 if (!tsg_print(buffer, length, "caps_message_request { "))
1130 return FALSE;
1131
1132 if (!tsg_packet_versioncaps_to_string(buffer, length, &caps->tsgVersionCaps))
1133 return FALSE;
1134
1135 strdata = winpr_BinToHexString(caps->cookie, caps->cookieLen, TRUE);
1136 if (strdata || (caps->cookieLen == 0))
1137 rc = tsg_print(buffer, length, " cookie[%" PRIu32 "]=%s", caps->cookieLen, strdata);
1138 free(strdata);
1139 if (!rc)
1140 return FALSE;
1141
1142 return tsg_print(buffer, length, " }");
1143}
1144
1145static BOOL tsg_packet_reauth_to_string(char** buffer, size_t* length,
1146 const TSG_PACKET_REAUTH* caps)
1147{
1148 BOOL rc = FALSE;
1149 WINPR_ASSERT(buffer);
1150 WINPR_ASSERT(length);
1151 WINPR_ASSERT(caps);
1152
1153 if (!tsg_print(buffer, length, "caps_message_request { "))
1154 return FALSE;
1155
1156 if (!tsg_print(buffer, length, " tunnelContext=0x%016" PRIx64 ", packetId=%s [0x%08" PRIx32 "]",
1157 caps->tunnelContext, tsg_packet_id_to_string(caps->packetId), caps->packetId))
1158 return FALSE;
1159
1160 switch (caps->packetId)
1161 {
1162 case TSG_PACKET_TYPE_VERSIONCAPS:
1163 rc = tsg_packet_versioncaps_to_string(buffer, length,
1164 &caps->tsgInitialPacket.packetVersionCaps);
1165 break;
1166 case TSG_PACKET_TYPE_AUTH:
1167 rc = tsg_packet_auth_to_string(buffer, length, &caps->tsgInitialPacket.packetAuth);
1168 break;
1169 default:
1170 rc = tsg_print(buffer, length, "TODO: Unhandled packet type %s [0x%08" PRIx32 "]",
1171 tsg_packet_id_to_string(caps->packetId), caps->packetId);
1172 break;
1173 }
1174
1175 if (!rc)
1176 return FALSE;
1177
1178 return tsg_print(buffer, length, " }");
1179}
1180
1181static const char* tsg_packet_to_string(const TSG_PACKET* packet)
1182{
1183 size_t len = 8192;
1184 static char sbuffer[8193] = WINPR_C_ARRAY_INIT;
1185 char* buffer = sbuffer;
1186
1187 if (!tsg_print(&buffer, &len, "TSG_PACKET { packetId=%s [0x%08" PRIx32 "], ",
1188 tsg_packet_id_to_string(packet->packetId), packet->packetId))
1189 goto fail;
1190
1191 switch (packet->packetId)
1192 {
1193 case TSG_PACKET_TYPE_HEADER:
1194 if (!tsg_packet_header_to_string(&buffer, &len, &packet->tsgPacket.packetHeader))
1195 goto fail;
1196 break;
1197 case TSG_PACKET_TYPE_VERSIONCAPS:
1198 if (!tsg_packet_versioncaps_to_string(&buffer, &len,
1199 &packet->tsgPacket.packetVersionCaps))
1200 goto fail;
1201 break;
1202 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
1203 if (!tsg_packet_quarconfigrequest_to_string(&buffer, &len,
1204 &packet->tsgPacket.packetQuarConfigRequest))
1205 goto fail;
1206 break;
1207 case TSG_PACKET_TYPE_QUARREQUEST:
1208 if (!tsg_packet_quarrequest_to_string(&buffer, &len,
1209 &packet->tsgPacket.packetQuarRequest))
1210 goto fail;
1211 break;
1212 case TSG_PACKET_TYPE_RESPONSE:
1213 if (!tsg_packet_response_to_string(&buffer, &len, &packet->tsgPacket.packetResponse))
1214 goto fail;
1215 break;
1216 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
1217 if (!tsg_packet_quarenc_response_to_string(&buffer, &len,
1218 &packet->tsgPacket.packetQuarEncResponse))
1219 goto fail;
1220 break;
1221 case TSG_PACKET_TYPE_CAPS_RESPONSE:
1222 if (!tsg_packet_caps_response_to_string(&buffer, &len,
1223 &packet->tsgPacket.packetCapsResponse))
1224 goto fail;
1225 break;
1226 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
1227 if (!tsg_packet_message_request_to_string(&buffer, &len,
1228 &packet->tsgPacket.packetMsgRequest))
1229 goto fail;
1230 break;
1231 case TSG_PACKET_TYPE_MESSAGE_PACKET:
1232 if (!tsg_packet_message_response_to_string(&buffer, &len,
1233 &packet->tsgPacket.packetMsgResponse))
1234 goto fail;
1235 break;
1236 case TSG_PACKET_TYPE_AUTH:
1237 if (!tsg_packet_auth_to_string(&buffer, &len, &packet->tsgPacket.packetAuth))
1238 goto fail;
1239 break;
1240 case TSG_PACKET_TYPE_REAUTH:
1241 if (!tsg_packet_reauth_to_string(&buffer, &len, &packet->tsgPacket.packetReauth))
1242 goto fail;
1243 break;
1244 default:
1245 if (!tsg_print(&buffer, &len, "INVALID"))
1246 goto fail;
1247 break;
1248 }
1249
1250 if (!tsg_print(&buffer, &len, " }"))
1251 goto fail;
1252
1253fail:
1254 return sbuffer;
1255}
1256
1257static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align)
1258{
1259 size_t pos = 0;
1260 size_t offset = 0;
1261
1262 if (!s)
1263 return FALSE;
1264
1265 pos = Stream_GetPosition(s);
1266
1267 if ((pos % align) != 0)
1268 offset = align - pos % align;
1269
1270 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, offset))
1271 return FALSE;
1272 Stream_Seek(s, offset);
1273 return TRUE;
1274}
1275
1276static BIO_METHOD* BIO_s_tsg(void);
1313static int TsProxySendToServer(handle_t IDL_handle, const byte pRpcMessage[], UINT32 count,
1314 const UINT32* lengths)
1315{
1316 wStream* s = nullptr;
1317 rdpTsg* tsg = nullptr;
1318 size_t length = 0;
1319 const byte* buffer1 = nullptr;
1320 const byte* buffer2 = nullptr;
1321 const byte* buffer3 = nullptr;
1322 UINT32 buffer1Length = 0;
1323 UINT32 buffer2Length = 0;
1324 UINT32 buffer3Length = 0;
1325 UINT32 numBuffers = 0;
1326 UINT32 totalDataBytes = 0;
1327 tsg = (rdpTsg*)IDL_handle;
1328 buffer1Length = buffer2Length = buffer3Length = 0;
1329
1330 if (count > 0)
1331 {
1332 numBuffers++;
1333 buffer1 = &pRpcMessage[0];
1334 buffer1Length = lengths[0];
1335 totalDataBytes += lengths[0] + 4;
1336 }
1337
1338 if (count > 1)
1339 {
1340 numBuffers++;
1341 buffer2 = &pRpcMessage[1];
1342 buffer2Length = lengths[1];
1343 totalDataBytes += lengths[1] + 4;
1344 }
1345
1346 if (count > 2)
1347 {
1348 numBuffers++;
1349 buffer3 = &pRpcMessage[2];
1350 buffer3Length = lengths[2];
1351 totalDataBytes += lengths[2] + 4;
1352 }
1353
1354 length = 28ull + totalDataBytes;
1355 if (length > INT_MAX)
1356 return -1;
1357 s = Stream_New(nullptr, length);
1358
1359 if (!s)
1360 {
1361 WLog_Print(tsg->log, WLOG_ERROR, "Stream_New failed!");
1362 return -1;
1363 }
1364
1365 /* PCHANNEL_CONTEXT_HANDLE_NOSERIALIZE_NR (20 bytes) */
1366 if (!TsProxyWriteTunnelContext(tsg->log, s, &tsg->ChannelContext))
1367 goto fail;
1368 Stream_Write_UINT32_BE(s, totalDataBytes); /* totalDataBytes (4 bytes) */
1369 Stream_Write_UINT32_BE(s, numBuffers); /* numBuffers (4 bytes) */
1370
1371 if (buffer1Length > 0)
1372 Stream_Write_UINT32_BE(s, buffer1Length); /* buffer1Length (4 bytes) */
1373
1374 if (buffer2Length > 0)
1375 Stream_Write_UINT32_BE(s, buffer2Length); /* buffer2Length (4 bytes) */
1376
1377 if (buffer3Length > 0)
1378 Stream_Write_UINT32_BE(s, buffer3Length); /* buffer3Length (4 bytes) */
1379
1380 if (buffer1Length > 0)
1381 Stream_Write(s, buffer1, buffer1Length); /* buffer1 (variable) */
1382
1383 if (buffer2Length > 0)
1384 Stream_Write(s, buffer2, buffer2Length); /* buffer2 (variable) */
1385
1386 if (buffer3Length > 0)
1387 Stream_Write(s, buffer3, buffer3Length); /* buffer3 (variable) */
1388
1389 if (!rpc_client_write_call(tsg->rpc, s, TsProxySendToServerOpnum))
1390 return -1;
1391
1392 return (int)length;
1393fail:
1394 Stream_Free(s, TRUE);
1395 return -1;
1396}
1397
1409static BOOL TsProxyCreateTunnelWriteRequest(rdpTsg* tsg, const TSG_PACKET* tsgPacket)
1410{
1411 BOOL rc = FALSE;
1412 BOOL write = TRUE;
1413 UINT16 opnum = 0;
1414 wStream* s = nullptr;
1415 rdpRpc* rpc = nullptr;
1416
1417 if (!tsg || !tsg->rpc)
1418 return FALSE;
1419
1420 rpc = tsg->rpc;
1421 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_to_string(tsgPacket));
1422 s = Stream_New(nullptr, 108);
1423
1424 if (!s)
1425 return FALSE;
1426
1427 switch (tsgPacket->packetId)
1428 {
1429 case TSG_PACKET_TYPE_VERSIONCAPS:
1430 {
1431 UINT32 index = 0;
1432 const TSG_PACKET_VERSIONCAPS* packetVersionCaps =
1433 &tsgPacket->tsgPacket.packetVersionCaps;
1434
1435 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1436 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1437 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketVersionCapsPtr (4 bytes) */
1438 goto fail;
1439
1440 if (!tsg_ndr_write_version_caps(tsg->log, s, &index, packetVersionCaps))
1441 goto fail;
1446 /*
1447 * 8-byte constant (8A E3 13 71 02 F4 36 71) also observed here:
1448 * http://lists.samba.org/archive/cifs-protocol/2010-July/001543.html
1449 */
1450 Stream_Write_UINT8(s, 0x8A);
1451 Stream_Write_UINT8(s, 0xE3);
1452 Stream_Write_UINT8(s, 0x13);
1453 Stream_Write_UINT8(s, 0x71);
1454 Stream_Write_UINT8(s, 0x02);
1455 Stream_Write_UINT8(s, 0xF4);
1456 Stream_Write_UINT8(s, 0x36);
1457 Stream_Write_UINT8(s, 0x71);
1458 Stream_Write_UINT32(s, 0x00040001); /* 1.4 (version?) */
1459 Stream_Write_UINT32(s, 0x00000001); /* 1 (element count?) */
1460 /* p_cont_list_t */
1461 Stream_Write_UINT8(s, 2); /* ncontext_elem */
1462 Stream_Write_UINT8(s, 0x40); /* reserved1 */
1463 Stream_Write_UINT16(s, 0x0028); /* reserved2 */
1464 /* p_syntax_id_t */
1465 Stream_Write(s, &TSGU_UUID, sizeof(p_uuid_t));
1466 Stream_Write_UINT32(s, TSGU_SYNTAX_IF_VERSION);
1467 /* p_syntax_id_t */
1468 Stream_Write(s, &NDR_UUID, sizeof(p_uuid_t));
1469 Stream_Write_UINT32(s, NDR_SYNTAX_IF_VERSION);
1470 opnum = TsProxyCreateTunnelOpnum;
1471 }
1472 break;
1473
1474 case TSG_PACKET_TYPE_REAUTH:
1475 {
1476 const TSG_PACKET_REAUTH* packetReauth = &tsgPacket->tsgPacket.packetReauth;
1477 UINT32 index = 0;
1478 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1479 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1480 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketReauthPtr (4 bytes) */
1481 goto fail;
1482 if (!tsg_ndr_write_reauth(tsg->log, s, &index, packetReauth))
1483 goto fail;
1484 opnum = TsProxyCreateTunnelOpnum;
1485 }
1486 break;
1487
1488 default:
1489 WLog_Print(tsg->log, WLOG_WARN, "unexpected packetId %s",
1490 tsg_packet_id_to_string(tsgPacket->packetId));
1491 write = FALSE;
1492 break;
1493 }
1494
1495 rc = TRUE;
1496
1497 if (write)
1498 return rpc_client_write_call(rpc, s, opnum);
1499fail:
1500 Stream_Free(s, TRUE);
1501 return rc;
1502}
1503
1504static BOOL tsg_ndr_read_consent_message(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1505 BOOL isMessagePresent)
1506{
1507 TSG_PACKET_STRING_MESSAGE packetStringMessage = WINPR_C_ARRAY_INIT;
1508
1509 WINPR_ASSERT(context);
1510 WINPR_ASSERT(index);
1511
1512 if (!TsProxyReadPacketSTringMessage(log, s, index, &packetStringMessage))
1513 return FALSE;
1514
1515 if (context->instance && isMessagePresent)
1516 {
1517 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1518 TSG_ASYNC_MESSAGE_CONSENT_MESSAGE ? GATEWAY_MESSAGE_CONSENT
1519 : TSG_ASYNC_MESSAGE_SERVICE_MESSAGE,
1520 packetStringMessage.isDisplayMandatory != 0,
1521 packetStringMessage.isConsentMandatory != 0,
1522 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1523 }
1524
1525 return TRUE;
1526}
1527
1528static BOOL tsg_ndr_read_tunnel_context(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext,
1529 UINT32* tunnelId)
1530{
1531 if (!tsg_stream_align(log, s, 4))
1532 return FALSE;
1533
1534 /* TunnelContext (20 bytes) */
1535 if (!TsProxyReadTunnelContext(log, s, tunnelContext))
1536 return FALSE;
1537
1538 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1539 return FALSE;
1540
1541 WINPR_ASSERT(tunnelId);
1542 Stream_Read_UINT32(s, *tunnelId); /* TunnelId (4 bytes) */
1543
1544 INT32 ReturnValue = 0;
1545 Stream_Read_INT32(s, ReturnValue); /* ReturnValue (4 bytes) */
1546 if (ReturnValue != NO_ERROR)
1547 WLog_WARN(TAG, "ReturnValue=%s", NtStatus2Tag(ReturnValue));
1548 return TRUE;
1549}
1550
1551static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(wLog* log, wStream* s,
1552 TSG_PACKET_MSG_RESPONSE* pkt)
1553{
1554
1555 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 16))
1556 return FALSE;
1557
1558 Stream_Read_UINT32(s, pkt->msgID); /* MsgId (4 bytes) */
1559 Stream_Read_UINT32(s, pkt->msgType); /* MsgType (4 bytes) */
1560 Stream_Read_INT32(s, pkt->isMsgPresent); /* IsMsgPresent (4 bytes) */
1561 const uint32_t SwitchValue = Stream_Get_UINT32(s); /* SwitchValue (4 bytes) */
1562
1563 if (pkt->msgType != SwitchValue)
1564 {
1565 WLog_ERR(TAG,
1566 "[MS-TSGU] 2.2.9.2.1.9 TSG_PACKET_MSG_RESPONSE MsgType[0x%08" PRIx32
1567 "] != MessageSwitchValue [0x%08" PRIx32 "]",
1568 pkt->msgType, SwitchValue);
1569 return FALSE;
1570 }
1571
1572 return TRUE;
1573}
1574
1575static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(wLog* log, rdpContext* context, wStream* s,
1576 uint32_t* index, uint32_t MsgPtr,
1577 const TSG_PACKET_MSG_RESPONSE* pkg,
1578 uint64_t* reauthContext)
1579{
1580 WINPR_ASSERT(pkg);
1581
1582 if (MsgPtr == 0)
1583 {
1584 WLog_Print(log, WLOG_DEBUG,
1585 "Message {0x%08" PRIx32 "} [%s]::isMsgPresent=%" PRId32 ", MsgPtr=0x%08" PRIx32,
1586 pkg->msgType, tsg_packet_id_to_string(pkg->msgType), pkg->isMsgPresent, MsgPtr);
1587 return TRUE;
1588 }
1589
1590 switch (pkg->msgType)
1591 {
1592 case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
1593 case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
1594 return tsg_ndr_read_consent_message(log, context, s, index, pkg->isMsgPresent);
1595
1596 case TSG_ASYNC_MESSAGE_REAUTH:
1597 {
1598 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1599 return FALSE;
1600
1601 WINPR_ASSERT(reauthContext);
1602 const uint64_t val = Stream_Get_UINT64(s); /* TunnelContext (8 bytes) */
1603 if (pkg->isMsgPresent != 0)
1604 *reauthContext = val;
1605 return TRUE;
1606 }
1607
1608 default:
1609 WLog_Print(log, WLOG_ERROR, "Unexpected Message Type: 0x%" PRIx32 "", pkg->msgType);
1610 return FALSE;
1611 }
1612}
1613
1614static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1615 UINT32 PacketPtr, TSG_PACKET_CAPS_RESPONSE* caps,
1616 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId,
1617 uint64_t* reauthContext)
1618{
1619 UINT32 PacketQuarResponsePtr = 0;
1620
1621 WINPR_ASSERT(context);
1622 WINPR_ASSERT(index);
1623 WINPR_ASSERT(caps);
1624 WINPR_ASSERT(reauthContext);
1625
1626 if (!tsg_ndr_pointer_read(log, s, index, &PacketQuarResponsePtr, TRUE))
1627 goto fail;
1628
1629 if (!tsg_ndr_read_quarenc_response(log, s, index, &caps->pktQuarEncResponse))
1630 goto fail;
1631
1632 if (PacketPtr)
1633 {
1634 TSG_PACKET_MSG_RESPONSE pkg = WINPR_C_ARRAY_INIT;
1635 UINT32 MsgPtr = 0;
1636
1637 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(log, s, &pkg))
1638 goto fail;
1639
1640 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, TRUE))
1641 return FALSE;
1642
1643 if (!tsg_ndr_read_quarenc_data(log, s, index, &caps->pktQuarEncResponse))
1644 goto fail;
1645
1646 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(log, context, s, index, MsgPtr, &pkg,
1647 reauthContext))
1648 goto fail;
1649 }
1650
1651 return tsg_ndr_read_tunnel_context(log, s, tunnelContext, tunnelId);
1652fail:
1653 return FALSE;
1654}
1655
1656static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu,
1657 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId)
1658{
1659 BOOL rc = FALSE;
1660 UINT32 index = 0;
1661 TSG_PACKET packet = WINPR_C_ARRAY_INIT;
1662 UINT32 SwitchValue = 0;
1663 rdpContext* context = nullptr;
1664 UINT32 PacketPtr = 0;
1665
1666 WINPR_ASSERT(tsg);
1667 WINPR_ASSERT(tsg->rpc);
1668 WINPR_ASSERT(tsg->rpc->transport);
1669
1670 context = transport_get_context(tsg->rpc->transport);
1671 WINPR_ASSERT(context);
1672
1673 if (!pdu)
1674 return FALSE;
1675
1676 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1677 goto fail;
1678
1679 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 8))
1680 goto fail;
1681 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1682 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1683
1684 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1685
1686 if ((packet.packetId == TSG_PACKET_TYPE_CAPS_RESPONSE) &&
1687 (SwitchValue == TSG_PACKET_TYPE_CAPS_RESPONSE))
1688 {
1689 if (!tsg_ndr_read_caps_response(tsg->log, context, pdu->s, &index, PacketPtr,
1690 &packet.tsgPacket.packetCapsResponse, tunnelContext,
1691 tunnelId, &tsg->ReauthTunnelContext))
1692 goto fail;
1693 tsg->CapsResponse = packet.tsgPacket.packetCapsResponse.pktQuarEncResponse;
1694 }
1695 else if ((packet.packetId == TSG_PACKET_TYPE_QUARENC_RESPONSE) &&
1696 (SwitchValue == TSG_PACKET_TYPE_QUARENC_RESPONSE))
1697 {
1698 UINT32 PacketQuarResponsePtr = 0;
1699
1700 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketQuarResponsePtr, TRUE))
1701 goto fail;
1702
1703 if (!tsg_ndr_read_quarenc_response(tsg->log, pdu->s, &index,
1704 &packet.tsgPacket.packetQuarEncResponse))
1705 goto fail;
1706
1707 if (!tsg_ndr_read_quarenc_data(tsg->log, pdu->s, &index,
1708 &packet.tsgPacket.packetQuarEncResponse))
1709 goto fail;
1710
1711 if (!tsg_ndr_read_tunnel_context(tsg->log, pdu->s, tunnelContext, tunnelId))
1712 goto fail;
1713
1714 tsg->CapsResponse = packet.tsgPacket.packetQuarEncResponse;
1715 }
1716 else
1717 {
1718 WLog_Print(tsg->log, WLOG_ERROR,
1719 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_CAPS_RESPONSE "
1720 "or TSG_PACKET_TYPE_QUARENC_RESPONSE",
1721 packet.packetId);
1722 goto fail;
1723 }
1724
1725 {
1726 const size_t rem = Stream_GetRemainingLength(pdu->s);
1727 if (rem != 0)
1728 {
1729 WLog_Print(tsg->log, WLOG_WARN, "Partially parsed %s, %" PRIuz " bytes remain",
1730 tsg_packet_id_to_string(packet.packetId), rem);
1731 }
1732 }
1733
1734 rc = TRUE;
1735fail:
1736 return rc;
1737}
1738
1750static BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
1751{
1752 if (!tsg || !tsg->rpc || !tunnelContext)
1753 return FALSE;
1754
1755 rdpRpc* rpc = tsg->rpc;
1756
1757 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyAuthorizeTunnelWriteRequest");
1758 wStream* s = Stream_New(nullptr, 1024 + sizeof(WCHAR) * tsg->QuarreQuest.nameLength +
1759 tsg->QuarreQuest.dataLen);
1760
1761 if (!s)
1762 return FALSE;
1763
1764 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1765 {
1766 Stream_Free(s, TRUE);
1767 return FALSE;
1768 }
1769
1770 /* 4-byte alignment */
1771 UINT32 index = 0;
1772 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* PacketId (4 bytes) */
1773 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* SwitchValue (4 bytes) */
1774 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketQuarRequestPtr (4 bytes) */
1775 goto fail;
1776 Stream_Write_UINT32(s, tsg->QuarreQuest.flags); /* Flags (4 bytes) */
1777 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* MachineNamePtr (4 bytes) */
1778 goto fail;
1779 Stream_Write_UINT32(s, tsg->QuarreQuest.nameLength); /* NameLength (4 bytes) */
1780 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* DataPtr (4 bytes) */
1781 goto fail;
1782 Stream_Write_UINT32(s, tsg->QuarreQuest.dataLen); /* DataLength (4 bytes) */
1783 /* MachineName */
1784 if (!tsg_ndr_write_string(tsg->log, s, tsg->QuarreQuest.machineName,
1785 tsg->QuarreQuest.nameLength))
1786 goto fail;
1787 /* data */
1788 if (!tsg_ndr_write_conformant_array(tsg->log, s, tsg->QuarreQuest.data,
1789 tsg->QuarreQuest.dataLen))
1790 goto fail;
1791
1792 Stream_SealLength(s);
1793 return rpc_client_write_call(rpc, s, TsProxyAuthorizeTunnelOpnum);
1794fail:
1795 Stream_Free(s, TRUE);
1796 return FALSE;
1797}
1798
1799static UINT32 tsg_redir_to_flags(const TSG_REDIRECTION_FLAGS* redirect)
1800{
1801 UINT32 flags = 0;
1802 if (redirect->enableAllRedirections)
1803 flags |= HTTP_TUNNEL_REDIR_ENABLE_ALL;
1804 if (redirect->disableAllRedirections)
1805 flags |= HTTP_TUNNEL_REDIR_DISABLE_ALL;
1806
1807 if (redirect->driveRedirectionDisabled)
1808 flags |= HTTP_TUNNEL_REDIR_DISABLE_DRIVE;
1809 if (redirect->printerRedirectionDisabled)
1810 flags |= HTTP_TUNNEL_REDIR_DISABLE_PRINTER;
1811 if (redirect->portRedirectionDisabled)
1812 flags |= HTTP_TUNNEL_REDIR_DISABLE_PORT;
1813 if (redirect->clipboardRedirectionDisabled)
1814 flags |= HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD;
1815 if (redirect->pnpRedirectionDisabled)
1816 flags |= HTTP_TUNNEL_REDIR_DISABLE_PNP;
1817 return flags;
1818}
1819
1820static BOOL tsg_redirect_apply(rdpTsg* tsg, const TSG_REDIRECTION_FLAGS* redirect)
1821{
1822 WINPR_ASSERT(tsg);
1823 WINPR_ASSERT(redirect);
1824
1825 rdpTransport* transport = tsg->transport;
1826 WINPR_ASSERT(transport);
1827
1828 rdpContext* context = transport_get_context(transport);
1829 UINT32 redirFlags = tsg_redir_to_flags(redirect);
1830 return utils_apply_gateway_policy(tsg->log, context, redirFlags, "TSG");
1831}
1832
1833static BOOL tsg_ndr_read_timeout(wLog* log, wStream* s, size_t tlen)
1834{
1835 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
1836 return FALSE;
1837
1838 if (tlen < sizeof(UINT32))
1839 {
1840 WLog_Print(log, WLOG_ERROR, "[IDLE_TIMEOUT] array element length %" PRIuz ", expected 4",
1841 tlen);
1842 return FALSE;
1843 }
1844
1845 const UINT32 idleTimeout = Stream_Get_UINT32(s);
1846 WLog_Print(log, WLOG_DEBUG, "[IDLE_TIMEOUT] idleTimeout=%" PRIu32 ": TODO: unused",
1847 idleTimeout);
1848 return TRUE;
1849}
1850
1851static BOOL tsg_ndr_read_sohr(wLog* log, wStream* s, BOOL expected)
1852{
1853 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
1854 return FALSE;
1855
1856 const UINT32 len = Stream_Get_UINT32(s);
1857 if (!expected)
1858 {
1859 if (len != 0)
1860 {
1861 WLog_Print(log, WLOG_DEBUG, "[SOH] len=%" PRIu32 ": skipping", len);
1862 return FALSE;
1863 }
1864 return TRUE;
1865 }
1866 else if (len == 0)
1867 {
1868 WLog_Print(log, WLOG_WARN, "[SOH] len=%" PRIu32 ": expected length > 0", len);
1869 }
1870
1871 WLog_Print(log, WLOG_DEBUG, "[SOH] len=%" PRIu32 ": TODO: unused", len);
1872 if (!Stream_SafeSeek(s, len))
1873 return FALSE;
1874
1875 winpr_HexLogDump(log, WLOG_DEBUG, Stream_Pointer(s), len);
1876 return TRUE;
1877}
1878
1879static BOOL tsg_ndr_read_packet_response_data(rdpTsg* tsg, wStream* s,
1880 const TSG_PACKET_RESPONSE* response)
1881{
1882 WINPR_ASSERT(tsg);
1883
1884 if (!Stream_CheckAndLogRequiredCapacityOfSizeWLog(tsg->log, s, 1, 4))
1885 return FALSE;
1886
1887 const uint32_t arrayMaxLen = Stream_Get_UINT32(s);
1888 const size_t rem = Stream_GetRemainingLength(s);
1889 if (arrayMaxLen != response->responseDataLen)
1890 {
1891 WLog_Print(tsg->log, WLOG_ERROR,
1892 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1893 " != NDR array len %" PRIu32,
1894 response->responseDataLen, arrayMaxLen);
1895 }
1896 if (response->responseDataLen > 0)
1897 {
1898 if (!Stream_CheckAndLogRequiredCapacityOfSizeWLog(tsg->log, s, 1, 4))
1899 return FALSE;
1900
1901 if (tsg->CapsResponse.versionCaps.tsgCaps.capabilityType != TSG_CAPABILITY_TYPE_NAP)
1902 {
1903 WLog_Print(
1904 tsg->log, WLOG_ERROR,
1905 "2.2.9.2.1.5 TSG_PACKET_RESPONSE Negotiated Capabilities type is 0x%08" PRIx32
1906 ", expected TSG_CAPABILITY_TYPE_NAP[0x00000001]",
1907 tsg->CapsResponse.versionCaps.tsgCaps.capabilityType);
1908 return FALSE;
1909 }
1910 const UINT32 mask = (TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT);
1911 const UINT32 val =
1912 (tsg->CapsResponse.versionCaps.tsgCaps.tsgPacket.tsgCapNap.capabilities & mask);
1913 if ((val == mask) && (tsg->QuarreQuest.dataLen > 0))
1914 {
1915 if (!tsg_ndr_read_timeout(tsg->log, s, arrayMaxLen))
1916 return FALSE;
1917 if (!tsg_ndr_read_sohr(tsg->log, s, TRUE))
1918 return FALSE;
1919 }
1920 else if ((val == TSG_NAP_CAPABILITY_QUAR_SOH) && (tsg->QuarreQuest.dataLen > 0))
1921 {
1922 if (!tsg_ndr_read_sohr(tsg->log, s, TRUE))
1923 return FALSE;
1924 }
1925 else if ((val & TSG_NAP_CAPABILITY_IDLE_TIMEOUT) != 0)
1926 {
1927 if (!tsg_ndr_read_timeout(tsg->log, s, arrayMaxLen))
1928 return FALSE;
1929 if (!tsg_ndr_read_sohr(tsg->log, s, FALSE))
1930 return FALSE;
1931 }
1932 else
1933 {
1934 WLog_Print(
1935 tsg->log, WLOG_ERROR,
1936 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1937 ", but neither TSG_NAP_CAPABILITY_QUAR_SOH nor "
1938 "TSG_NAP_CAPABILITY_IDLE_TIMEOUT are set, so expecting 0 (actually got %" PRIuz ")",
1939 response->responseDataLen, rem);
1940 return FALSE;
1941 }
1942 }
1943 else if (rem > 0)
1944 {
1945 char buffer[256] = WINPR_C_ARRAY_INIT;
1946 WLog_Print(tsg->log, WLOG_WARN,
1947 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1948 ", but actually got %" PRIuz " [flags=%s], ignoring.",
1949 response->responseDataLen, rem,
1950 tsg_caps_to_string(
1951 tsg->CapsResponse.versionCaps.tsgCaps.tsgPacket.tsgCapNap.capabilities,
1952 buffer, sizeof(buffer)));
1953 if (!Stream_SafeSeek(s, rem))
1954 return FALSE;
1955 }
1956
1957 {
1958 const size_t trem = Stream_GetRemainingLength(s);
1959 if (trem > 0)
1960 {
1961 WLog_Print(tsg->log, WLOG_WARN,
1962 "2.2.9.2.1.5 TSG_PACKET_RESPONSE %" PRIuz " unhandled bytes remain", trem);
1963 }
1964 }
1965 return TRUE;
1966}
1967
1968static BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
1969{
1970 BOOL rc = FALSE;
1971 UINT32 SwitchValue = 0;
1972 UINT32 index = 0;
1973 TSG_PACKET packet = WINPR_C_ARRAY_INIT;
1974 UINT32 PacketPtr = 0;
1975 UINT32 PacketResponseDataPtr = 0;
1976
1977 WINPR_ASSERT(tsg);
1978 WINPR_ASSERT(pdu);
1979
1980 wLog* log = tsg->log;
1981 WINPR_ASSERT(log);
1982
1983 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketPtr, TRUE))
1984 goto fail;
1985
1986 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
1987 goto fail;
1988 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1989 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1990
1991 WLog_Print(log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1992
1993 if (packet.packetId == E_PROXY_NAP_ACCESSDENIED)
1994 {
1995 WLog_Print(log, WLOG_ERROR, "status: E_PROXY_NAP_ACCESSDENIED (0x%08X)",
1996 E_PROXY_NAP_ACCESSDENIED);
1997 WLog_Print(log, WLOG_ERROR,
1998 "Ensure that the Gateway Connection Authorization Policy is correct");
1999 goto fail;
2000 }
2001
2002 if ((packet.packetId != TSG_PACKET_TYPE_RESPONSE) || (SwitchValue != TSG_PACKET_TYPE_RESPONSE))
2003 {
2004 WLog_Print(log, WLOG_ERROR,
2005 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_RESPONSE",
2006 packet.packetId);
2007 goto fail;
2008 }
2009
2010 if (!tsg_ndr_pointer_read(log, pdu->s, &index, nullptr, TRUE))
2011 goto fail;
2012
2013 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
2014 goto fail;
2015
2016 packet.tsgPacket.packetResponse.flags = Stream_Get_UINT32(pdu->s);
2017 if (packet.tsgPacket.packetResponse.flags != TSG_PACKET_TYPE_QUARREQUEST)
2018 {
2019 WLog_Print(log, WLOG_ERROR,
2020 "Unexpected Packet Response flags: 0x%08" PRIX32
2021 ", Expected TSG_PACKET_TYPE_QUARREQUEST",
2022 packet.tsgPacket.packetResponse.flags);
2023 goto fail;
2024 }
2025
2026 packet.tsgPacket.packetResponse.reserved = Stream_Get_UINT32(pdu->s);
2027
2028 packet.tsgPacket.packetResponse.responseData = nullptr;
2029 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketResponseDataPtr, FALSE))
2030 goto fail;
2031
2032 packet.tsgPacket.packetResponse.responseDataLen = Stream_Get_UINT32(pdu->s);
2033 if (packet.tsgPacket.packetResponse.responseDataLen > 24000)
2034 {
2035 WLog_Print(log, WLOG_ERROR,
2036 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen %" PRIu32 " > maximum(24000)",
2037 packet.tsgPacket.packetResponse.responseDataLen);
2038 goto fail;
2039 }
2040 if ((PacketResponseDataPtr == 0) && (packet.tsgPacket.packetResponse.responseDataLen != 0))
2041 {
2042 WLog_Print(log, WLOG_ERROR,
2043 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen %" PRIu32
2044 " but responseData = nullptr",
2045 packet.tsgPacket.packetResponse.responseDataLen);
2046 goto fail;
2047 }
2048
2049 if (!tsg_ndr_read_packet_redirection_flags(log, pdu->s,
2050 &packet.tsgPacket.packetResponse.redirectionFlags))
2051 goto fail;
2052
2053 packet.tsgPacket.packetResponse.responseData = Stream_Pointer(pdu->s);
2054 if (!tsg_ndr_read_packet_response_data(tsg, pdu->s, &packet.tsgPacket.packetResponse))
2055 goto fail;
2056
2057 rc = tsg_redirect_apply(tsg, &packet.tsgPacket.packetResponse.redirectionFlags);
2058
2059fail:
2060 return rc;
2061}
2062
2074static BOOL TsProxyMakeTunnelCallWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext,
2075 UINT32 procId)
2076{
2077 wStream* s = nullptr;
2078 rdpRpc* rpc = nullptr;
2079
2080 if (!tsg || !tsg->rpc || !tunnelContext)
2081 return FALSE;
2082
2083 rpc = tsg->rpc;
2084 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyMakeTunnelCallWriteRequest");
2085 s = Stream_New(nullptr, 40);
2086
2087 if (!s)
2088 return FALSE;
2089
2090 /* TunnelContext (20 bytes) */
2091 UINT32 index = 0;
2092 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2093 goto fail;
2094 Stream_Write_UINT32(s, procId); /* ProcId (4 bytes) */
2095 /* 4-byte alignment */
2096 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* PacketId (4 bytes) */
2097 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* SwitchValue (4 bytes) */
2098 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketMsgRequestPtr (4 bytes) */
2099 goto fail;
2100 Stream_Write_UINT32(s, 0x00000001); /* MaxMessagesPerBatch (4 bytes) */
2101 return rpc_client_write_call(rpc, s, TsProxyMakeTunnelCallOpnum);
2102fail:
2103 Stream_Free(s, TRUE);
2104 return FALSE;
2105}
2106
2107static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
2108 TSG_PACKET_STRING_MESSAGE* msg)
2109{
2110 UINT32 MsgPtr = 0;
2111
2112 WINPR_ASSERT(msg);
2113
2114 const TSG_PACKET_STRING_MESSAGE empty = WINPR_C_ARRAY_INIT;
2115 *msg = empty;
2116
2117 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
2118 return FALSE;
2119
2120 Stream_Read_INT32(s, msg->isDisplayMandatory); /* IsDisplayMandatory (4 bytes) */
2121 Stream_Read_INT32(s, msg->isConsentMandatory); /* IsConsentMandatory (4 bytes) */
2122 Stream_Read_UINT32(s, msg->msgBytes); /* MsgBytes (4 bytes) */
2123
2124 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, msg->msgBytes != 0))
2125 return FALSE;
2126
2127 if (msg->msgBytes > TSG_MESSAGING_MAX_MESSAGE_LENGTH)
2128 {
2129 WLog_Print(log, WLOG_ERROR, "Out of Spec Message Length %" PRIu32 "", msg->msgBytes);
2130 return FALSE;
2131 }
2132
2133 if (msg->msgBytes == 0)
2134 {
2135 WLog_Print(log, WLOG_DEBUG, "Empty message, skipping string read");
2136 return TRUE;
2137 }
2138
2139 return tsg_ndr_read_string(log, s, &msg->msgBuffer, msg->msgBytes);
2140}
2141
2142static BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
2143{
2144 BOOL rc = FALSE;
2145 UINT32 index = 0;
2146 TSG_PACKET packet = WINPR_C_ARRAY_INIT;
2147 rdpContext* context = nullptr;
2148 TSG_PACKET_MSG_RESPONSE packetMsgResponse = WINPR_C_ARRAY_INIT;
2149 UINT32 PacketPtr = 0;
2150 UINT32 PacketMsgResponsePtr = 0;
2151
2152 WINPR_ASSERT(tsg);
2153 WINPR_ASSERT(tsg->rpc);
2154
2155 context = transport_get_context(tsg->rpc->transport);
2156 WINPR_ASSERT(context);
2157
2158 /* This is an asynchronous response */
2159
2160 if (!pdu)
2161 return FALSE;
2162
2163 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 28))
2164 goto fail;
2165
2166 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
2167 goto fail;
2168
2169 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
2170
2171 {
2172 const uint32_t SwitchValue = Stream_Get_UINT32(pdu->s); /* SwitchValue (4 bytes) */
2173 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
2174
2175 if ((packet.packetId != TSG_PACKET_TYPE_MESSAGE_PACKET) || (packet.packetId != SwitchValue))
2176 {
2177 WLog_Print(tsg->log, WLOG_ERROR,
2178 "Unexpected PacketId: 0x%08" PRIX32
2179 ", Expected TSG_PACKET_TYPE_MESSAGE_PACKET",
2180 packet.packetId);
2181 goto fail;
2182 }
2183 }
2184
2185 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketMsgResponsePtr, TRUE))
2186 goto fail;
2187
2188 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(tsg->log, pdu->s, &packetMsgResponse))
2189 goto fail;
2190
2191 {
2192 UINT32 MessagePtr = 0;
2193 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &MessagePtr, TRUE))
2194 goto fail;
2195
2196 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(tsg->log, context, pdu->s, &index, MessagePtr,
2197 &packetMsgResponse, &tsg->ReauthTunnelContext))
2198 goto fail;
2199 }
2200
2201 rc = TRUE;
2202fail:
2203 return rc;
2204}
2205
2217static BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
2218{
2219 WINPR_ASSERT(tsg);
2220 WINPR_ASSERT(tunnelContext);
2221
2222 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCreateChannelWriteRequest");
2223
2224 if (!tsg->rpc || !tsg->Hostname)
2225 return FALSE;
2226
2227 rdpRpc* rpc = tsg->rpc;
2228 const size_t count = _wcslen(tsg->Hostname) + 1;
2229 if (count > UINT32_MAX)
2230 return FALSE;
2231
2232 wStream* s = Stream_New(nullptr, 60 + count * 2);
2233 if (!s)
2234 return FALSE;
2235
2236 /* TunnelContext (20 bytes) */
2237 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2238 goto fail;
2239
2240 /* TSENDPOINTINFO */
2241 {
2242 UINT32 index = 0;
2243 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2244 goto fail;
2245 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2246 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 0))
2247 goto fail;
2248 }
2249
2250 Stream_Write_UINT16(s, 0x0000); /* NumAlternateResourceNames (2 bytes) */
2251 Stream_Write_UINT16(s, 0x0000); /* Pad (2 bytes) */
2252 /* Port (4 bytes) */
2253 Stream_Write_UINT16(s, 0x0003); /* ProtocolId (RDP = 3) (2 bytes) */
2254 Stream_Write_UINT16(s, tsg->Port); /* PortNumber (0xD3D = 3389) (2 bytes) */
2255 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2256 {
2257 UINT32 index = 0;
2258 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2259 goto fail;
2260 }
2261 if (!tsg_ndr_write_string(tsg->log, s, tsg->Hostname, count))
2262 goto fail;
2263 return rpc_client_write_call(rpc, s, TsProxyCreateChannelOpnum);
2264
2265fail:
2266 Stream_Free(s, TRUE);
2267 return FALSE;
2268}
2269
2270static BOOL TsProxyCreateChannelReadResponse(wLog* log, const RPC_PDU* pdu,
2271 CONTEXT_HANDLE* channelContext, UINT32* channelId)
2272{
2273 BOOL rc = FALSE;
2274
2275 WINPR_ASSERT(log);
2276 WINPR_ASSERT(pdu);
2277 WINPR_ASSERT(channelId);
2278
2279 WLog_Print(log, WLOG_DEBUG, "TsProxyCreateChannelReadResponse");
2280
2281 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 28))
2282 goto fail;
2283
2284 /* ChannelContext (20 bytes) */
2285 if (!TsProxyReadTunnelContext(log, pdu->s, channelContext))
2286 goto fail;
2287 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, pdu->s, 2, sizeof(UINT32)))
2288 goto fail;
2289 Stream_Read_UINT32(pdu->s, *channelId); /* ChannelId (4 bytes) */
2290 Stream_Seek_UINT32(pdu->s); /* ReturnValue (4 bytes) */
2291 rc = TRUE;
2292fail:
2293 return rc;
2294}
2295
2302static BOOL TsProxyCloseChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* context)
2303{
2304 WINPR_ASSERT(tsg);
2305 WINPR_ASSERT(context);
2306
2307 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseChannelWriteRequest");
2308
2309 rdpRpc* rpc = tsg->rpc;
2310 WINPR_ASSERT(rpc);
2311
2312 wStream* s = Stream_New(nullptr, 20);
2313
2314 if (!s)
2315 return FALSE;
2316
2317 /* ChannelContext (20 bytes) */
2318 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2319 goto fail;
2320 return rpc_client_write_call(rpc, s, TsProxyCloseChannelOpnum);
2321fail:
2322 Stream_Free(s, TRUE);
2323 return FALSE;
2324}
2325
2326static BOOL TsProxyCloseChannelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2327{
2328 BOOL rc = FALSE;
2329 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseChannelReadResponse");
2330
2331 if (!pdu)
2332 return FALSE;
2333
2334 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2335 goto fail;
2336
2337 /* ChannelContext (20 bytes) */
2338 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2339 goto fail;
2340
2341 {
2342 const size_t len = sizeof(UINT32);
2343 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2344 goto fail;
2345 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2346 rc = TRUE;
2347 }
2348fail:
2349 return rc;
2350}
2351
2358static BOOL TsProxyCloseTunnelWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* context)
2359{
2360 WINPR_ASSERT(tsg);
2361 WINPR_ASSERT(context);
2362
2363 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseTunnelWriteRequest");
2364
2365 rdpRpc* rpc = tsg->rpc;
2366 WINPR_ASSERT(rpc);
2367
2368 wStream* s = Stream_New(nullptr, 20);
2369
2370 if (!s)
2371 return FALSE;
2372
2373 /* TunnelContext (20 bytes) */
2374 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2375 goto fail;
2376 return rpc_client_write_call(rpc, s, TsProxyCloseTunnelOpnum);
2377fail:
2378 Stream_Free(s, TRUE);
2379 return FALSE;
2380}
2381
2382static BOOL TsProxyCloseTunnelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2383{
2384 BOOL rc = FALSE;
2385
2386 WINPR_ASSERT(log);
2387 WINPR_ASSERT(pdu);
2388 WINPR_ASSERT(context);
2389
2390 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseTunnelReadResponse");
2391
2392 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2393 goto fail;
2394
2395 /* TunnelContext (20 bytes) */
2396 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2397 goto fail;
2398 {
2399 const size_t len = sizeof(UINT32);
2400 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2401 goto fail;
2402 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2403 rc = TRUE;
2404 }
2405fail:
2406 return rc;
2407}
2408
2417static BOOL TsProxySetupReceivePipeWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* channelContext)
2418{
2419 wStream* s = nullptr;
2420 rdpRpc* rpc = nullptr;
2421 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxySetupReceivePipeWriteRequest");
2422
2423 WINPR_ASSERT(tsg);
2424 WINPR_ASSERT(tsg->rpc);
2425
2426 if (!channelContext)
2427 return FALSE;
2428
2429 rpc = tsg->rpc;
2430 s = Stream_New(nullptr, 20);
2431
2432 if (!s)
2433 return FALSE;
2434
2435 /* ChannelContext (20 bytes) */
2436 if (!TsProxyWriteTunnelContext(tsg->log, s, channelContext))
2437 goto fail;
2438 return rpc_client_write_call(rpc, s, TsProxySetupReceivePipeOpnum);
2439fail:
2440 Stream_Free(s, TRUE);
2441 return FALSE;
2442}
2443
2444static BOOL tsg_transition_to_state(rdpTsg* tsg, TSG_STATE state)
2445{
2446 WINPR_ASSERT(tsg);
2447 const char* oldState = tsg_state_to_string(tsg->state);
2448 const char* newState = tsg_state_to_string(state);
2449
2450 WLog_Print(tsg->log, WLOG_DEBUG, "%s -> %s", oldState, newState);
2451 return tsg_set_state(tsg, state);
2452}
2453
2454static BOOL tsg_initialize_version_caps(const rdpTsg* tsg,
2455 TSG_PACKET_VERSIONCAPS* packetVersionCaps)
2456{
2457 WINPR_ASSERT(tsg);
2458 WINPR_ASSERT(packetVersionCaps);
2459
2460 packetVersionCaps->tsgHeader.ComponentId = TS_GATEWAY_TRANSPORT;
2461 packetVersionCaps->tsgHeader.PacketId = TSG_PACKET_TYPE_VERSIONCAPS;
2462 packetVersionCaps->numCapabilities = 1;
2463 packetVersionCaps->majorVersion = 1;
2464 packetVersionCaps->minorVersion = 1;
2465 packetVersionCaps->quarantineCapabilities = 0;
2466 packetVersionCaps->tsgCaps.capabilityType = TSG_CAPABILITY_TYPE_NAP;
2467 /*
2468 * Using reduced capabilities appears to trigger
2469 * TSG_PACKET_TYPE_QUARENC_RESPONSE instead of TSG_PACKET_TYPE_CAPS_RESPONSE
2470 *
2471 * However, reduced capabilities may break connectivity with servers enforcing features,
2472 * such as "Only allow connections from Remote Desktop Services clients that support RD
2473 * Gateway messaging"
2474 */
2475
2476 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities =
2477 TSG_NAP_CAPABILITY_IDLE_TIMEOUT | TSG_MESSAGING_CAP_CONSENT_SIGN |
2478 TSG_MESSAGING_CAP_SERVICE_MSG | TSG_MESSAGING_CAP_REAUTH;
2479 if (tsg->QuarreQuest.dataLen > 0)
2480 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities |= TSG_NAP_CAPABILITY_QUAR_SOH;
2481
2482 return TRUE;
2483}
2484
2485static void resetCaps(rdpTsg* tsg)
2486{
2487 WINPR_ASSERT(tsg);
2488 const TSG_PACKET_QUARENC_RESPONSE empty = WINPR_C_ARRAY_INIT;
2489 tsg->CapsResponse = empty;
2490}
2491
2492BOOL tsg_proxy_begin(rdpTsg* tsg)
2493{
2494 TSG_PACKET tsgPacket = WINPR_C_ARRAY_INIT;
2495
2496 WINPR_ASSERT(tsg);
2497
2498 tsgPacket.packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2499 if (!tsg_initialize_version_caps(tsg, &tsgPacket.tsgPacket.packetVersionCaps) ||
2500 !TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2501 {
2502 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2503 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2504 return FALSE;
2505 }
2506
2507 resetCaps(tsg);
2508
2509 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2510}
2511
2512static BOOL tsg_proxy_reauth(rdpTsg* tsg)
2513{
2514 TSG_PACKET tsgPacket = WINPR_C_ARRAY_INIT;
2515
2516 WINPR_ASSERT(tsg);
2517
2518 tsg->reauthSequence = TRUE;
2519 TSG_PACKET_REAUTH* packetReauth = &tsgPacket.tsgPacket.packetReauth;
2520
2521 tsgPacket.packetId = TSG_PACKET_TYPE_REAUTH;
2522 packetReauth->tunnelContext = tsg->ReauthTunnelContext;
2523 packetReauth->packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2524
2525 if (!tsg_initialize_version_caps(tsg, &packetReauth->tsgInitialPacket.packetVersionCaps))
2526 return FALSE;
2527
2528 if (!TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2529 {
2530 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2531 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2532 return FALSE;
2533 }
2534
2535 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2536 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2537 {
2538 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2539 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2540 return FALSE;
2541 }
2542
2543 resetCaps(tsg);
2544 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2545}
2546
2547BOOL tsg_recv_pdu(rdpTsg* tsg, const RPC_PDU* pdu)
2548{
2549 BOOL rc = FALSE;
2550 RpcClientCall* call = nullptr;
2551 rdpRpc* rpc = nullptr;
2552
2553 WINPR_ASSERT(tsg);
2554 WINPR_ASSERT(pdu);
2555 WINPR_ASSERT(tsg->rpc);
2556
2557 rpc = tsg->rpc;
2558
2559 if (!(pdu->Flags & RPC_PDU_FLAG_STUB))
2560 {
2561 const size_t len = 24;
2562 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, len))
2563 return FALSE;
2564 Stream_Seek(pdu->s, len);
2565 }
2566
2567 const TSG_STATE oldState = tsg->state;
2568 switch (tsg->state)
2569 {
2570 case TSG_STATE_INITIAL:
2571 {
2572 CONTEXT_HANDLE* TunnelContext = nullptr;
2573 TunnelContext = (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2574
2575 if (!TsProxyCreateTunnelReadResponse(tsg, pdu, TunnelContext, &tsg->TunnelId))
2576 {
2577 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnelReadResponse failure");
2578 return FALSE;
2579 }
2580
2581 if (!tsg_transition_to_state(tsg, TSG_STATE_CONNECTED))
2582 return FALSE;
2583
2584 if (!TsProxyAuthorizeTunnelWriteRequest(tsg, TunnelContext))
2585 {
2586 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnel failure");
2587 return FALSE;
2588 }
2589
2590 rc = TRUE;
2591 }
2592 break;
2593
2594 case TSG_STATE_CONNECTED:
2595 {
2596 CONTEXT_HANDLE* TunnelContext =
2597 (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2598
2599 if (!TsProxyAuthorizeTunnelReadResponse(tsg, pdu))
2600 {
2601 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnelReadResponse failure");
2602 return FALSE;
2603 }
2604
2605 if (!tsg_transition_to_state(tsg, TSG_STATE_AUTHORIZED))
2606 return FALSE;
2607
2608 if (!tsg->reauthSequence)
2609 {
2610 if (!TsProxyMakeTunnelCallWriteRequest(tsg, TunnelContext,
2611 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2612 {
2613 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2614 return FALSE;
2615 }
2616 }
2617
2618 if (!TsProxyCreateChannelWriteRequest(tsg, TunnelContext))
2619 {
2620 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannel failure");
2621 return FALSE;
2622 }
2623
2624 rc = TRUE;
2625 }
2626 break;
2627
2628 case TSG_STATE_AUTHORIZED:
2629 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2630
2631 if (!call)
2632 return FALSE;
2633
2634 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2635 {
2636 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2637 {
2638 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2639 return FALSE;
2640 }
2641
2642 rc = TRUE;
2643 }
2644 else if (call->OpNum == TsProxyCreateChannelOpnum)
2645 {
2646 CONTEXT_HANDLE ChannelContext;
2647
2648 if (!TsProxyCreateChannelReadResponse(tsg->log, pdu, &ChannelContext,
2649 &tsg->ChannelId))
2650 {
2651 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannelReadResponse failure");
2652 return FALSE;
2653 }
2654
2655 if (!tsg->reauthSequence)
2656 CopyMemory(&tsg->ChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2657 else
2658 CopyMemory(&tsg->NewChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2659
2660 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CREATED))
2661 return FALSE;
2662
2663 if (!tsg->reauthSequence)
2664 {
2665 if (!TsProxySetupReceivePipeWriteRequest(tsg, &tsg->ChannelContext))
2666 {
2667 WLog_Print(tsg->log, WLOG_ERROR, "TsProxySetupReceivePipe failure");
2668 return FALSE;
2669 }
2670 }
2671 else
2672 {
2673 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->NewChannelContext))
2674 {
2675 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2676 return FALSE;
2677 }
2678
2679 if (!TsProxyCloseTunnelWriteRequest(tsg, &tsg->NewTunnelContext))
2680 {
2681 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelWriteRequest failure");
2682 return FALSE;
2683 }
2684 }
2685
2686 rc = tsg_transition_to_state(tsg, TSG_STATE_PIPE_CREATED);
2687 tsg->reauthSequence = FALSE;
2688 }
2689 else
2690 {
2691 WLog_Print(tsg->log, WLOG_ERROR,
2692 "TSG_STATE_AUTHORIZED unexpected OpNum: %" PRIu32 "\n", call->OpNum);
2693 }
2694
2695 break;
2696
2697 case TSG_STATE_CHANNEL_CREATED:
2698 break;
2699
2700 case TSG_STATE_PIPE_CREATED:
2701 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2702
2703 if (!call)
2704 return FALSE;
2705
2706 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2707 {
2708 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2709 {
2710 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2711 return FALSE;
2712 }
2713
2714 rc = TRUE;
2715
2716 if (tsg->ReauthTunnelContext)
2717 rc = tsg_proxy_reauth(tsg);
2718 }
2719 else if (call->OpNum == TsProxyCloseChannelOpnum)
2720 {
2721 CONTEXT_HANDLE ChannelContext;
2722
2723 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2724 {
2725 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2726 return FALSE;
2727 }
2728
2729 rc = TRUE;
2730 }
2731 else if (call->OpNum == TsProxyCloseTunnelOpnum)
2732 {
2733 CONTEXT_HANDLE TunnelContext;
2734
2735 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2736 {
2737 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2738 return FALSE;
2739 }
2740
2741 rc = TRUE;
2742 }
2743
2744 break;
2745
2746 case TSG_STATE_TUNNEL_CLOSE_PENDING:
2747 {
2748 CONTEXT_HANDLE ChannelContext;
2749
2750 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2751 {
2752 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2753 return FALSE;
2754 }
2755
2756 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING))
2757 return FALSE;
2758
2759 if (!TsProxyCloseChannelWriteRequest(tsg, nullptr))
2760 {
2761 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2762 return FALSE;
2763 }
2764
2765 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2766 TSG_TUNNEL_CANCEL_ASYNC_MSG_REQUEST))
2767 {
2768 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2769 return FALSE;
2770 }
2771
2772 rc = TRUE;
2773 }
2774 break;
2775
2776 case TSG_STATE_CHANNEL_CLOSE_PENDING:
2777 {
2778 CONTEXT_HANDLE TunnelContext;
2779
2780 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2781 {
2782 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2783 return FALSE;
2784 }
2785
2786 rc = tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2787 }
2788 break;
2789
2790 case TSG_STATE_FINAL:
2791 break;
2792 default:
2793 break;
2794 }
2795
2796 {
2797 const size_t rem = Stream_GetRemainingLength(pdu->s);
2798 if (rem > 0)
2799 {
2800 WLog_Print(tsg->log, WLOG_WARN, "[%s] unparsed bytes: %" PRIuz,
2801 tsg_state_to_string(oldState), rem);
2802 }
2803 }
2804 return rc;
2805}
2806
2807BOOL tsg_check_event_handles(rdpTsg* tsg)
2808{
2809 WINPR_ASSERT(tsg);
2810 if (rpc_client_in_channel_recv(tsg->rpc) < 0)
2811 return FALSE;
2812
2813 if (rpc_client_out_channel_recv(tsg->rpc) < 0)
2814 return FALSE;
2815
2816 return TRUE;
2817}
2818
2819DWORD tsg_get_event_handles(rdpTsg* tsg, HANDLE* events, DWORD count)
2820{
2821 UINT32 nCount = 0;
2822 rdpRpc* rpc = tsg->rpc;
2823 RpcVirtualConnection* connection = rpc->VirtualConnection;
2824
2825 if (events && (nCount < count))
2826 {
2827 events[nCount] = rpc->client->PipeEvent;
2828 nCount++;
2829 }
2830 else
2831 return 0;
2832
2833 if (connection->DefaultInChannel && connection->DefaultInChannel->common.tls)
2834 {
2835 if (events && (nCount < count))
2836 {
2837 BIO_get_event(connection->DefaultInChannel->common.tls->bio, &events[nCount]);
2838 nCount++;
2839 }
2840 else
2841 return 0;
2842 }
2843
2844 if (connection->NonDefaultInChannel && connection->NonDefaultInChannel->common.tls)
2845 {
2846 if (events && (nCount < count))
2847 {
2848 BIO_get_event(connection->NonDefaultInChannel->common.tls->bio, &events[nCount]);
2849 nCount++;
2850 }
2851 else
2852 return 0;
2853 }
2854
2855 if (connection->DefaultOutChannel && connection->DefaultOutChannel->common.tls)
2856 {
2857 if (events && (nCount < count))
2858 {
2859 BIO_get_event(connection->DefaultOutChannel->common.tls->bio, &events[nCount]);
2860 nCount++;
2861 }
2862 else
2863 return 0;
2864 }
2865
2866 if (connection->NonDefaultOutChannel && connection->NonDefaultOutChannel->common.tls)
2867 {
2868 if (events && (nCount < count))
2869 {
2870 BIO_get_event(connection->NonDefaultOutChannel->common.tls->bio, &events[nCount]);
2871 nCount++;
2872 }
2873 else
2874 return 0;
2875 }
2876
2877 return nCount;
2878}
2879
2880static BOOL tsg_set_hostname(rdpTsg* tsg, const char* hostname)
2881{
2882 WINPR_ASSERT(tsg);
2883 free(tsg->Hostname);
2884 tsg->Hostname = ConvertUtf8ToWCharAlloc(hostname, nullptr);
2885 return tsg->Hostname != nullptr;
2886}
2887
2888static BOOL tsg_set_machine_name(rdpTsg* tsg, const char* machineName)
2889{
2890 WINPR_ASSERT(tsg);
2891
2892 free(tsg->QuarreQuest.machineName);
2893 tsg->QuarreQuest.machineName = nullptr;
2894 tsg->QuarreQuest.nameLength = 0;
2895 if (!machineName)
2896 return FALSE;
2897
2898 size_t size = 0;
2899 tsg->QuarreQuest.machineName = ConvertUtf8ToWCharAlloc(machineName, &size);
2900 tsg->QuarreQuest.nameLength = WINPR_ASSERTING_INT_CAST(uint32_t, size + 1ull);
2901 return tsg->QuarreQuest.machineName && (size > 0);
2902}
2903
2904BOOL tsg_connect(rdpTsg* tsg, const char* hostname, UINT16 port, DWORD timeout)
2905{
2906 UINT64 looptimeout = timeout * 1000ULL;
2907 DWORD nCount = 0;
2908 HANDLE events[MAXIMUM_WAIT_OBJECTS] = WINPR_C_ARRAY_INIT;
2909
2910 WINPR_ASSERT(tsg);
2911
2912 rdpRpc* rpc = tsg->rpc;
2913 WINPR_ASSERT(rpc);
2914
2915 rdpTransport* transport = rpc->transport;
2916 rdpContext* context = transport_get_context(transport);
2917 WINPR_ASSERT(context);
2918
2919 rdpSettings* settings = context->settings;
2920
2921 freerdp_set_last_error(context, ERROR_SUCCESS);
2922
2923 tsg->Port = port;
2924 tsg->transport = transport;
2925
2926 if (!settings->GatewayPort)
2927 settings->GatewayPort = 443;
2928
2929 if (!tsg_set_hostname(tsg, hostname))
2930 return FALSE;
2931
2932 if (!tsg_set_machine_name(tsg, settings->ComputerName))
2933 return FALSE;
2934
2935 if (!rpc_connect(rpc, timeout))
2936 {
2937 WLog_Print(tsg->log, WLOG_ERROR, "rpc_connect error!");
2938 return FALSE;
2939 }
2940
2941 nCount = tsg_get_event_handles(tsg, events, ARRAYSIZE(events));
2942
2943 if (nCount == 0)
2944 return FALSE;
2945
2946 while (tsg->state != TSG_STATE_PIPE_CREATED)
2947 {
2948 const DWORD polltimeout = 250;
2949 DWORD status = WaitForMultipleObjects(nCount, events, FALSE, polltimeout);
2950 if (status == WAIT_TIMEOUT)
2951 {
2952 if (timeout > 0)
2953 {
2954 if (looptimeout < polltimeout)
2955 return FALSE;
2956 looptimeout -= polltimeout;
2957 }
2958 }
2959 else
2960 looptimeout = timeout * 1000ULL;
2961
2962 if (!tsg_check_event_handles(tsg))
2963 {
2964 WLog_Print(tsg->log, WLOG_ERROR, "tsg_check failure");
2965 transport_set_layer(transport, TRANSPORT_LAYER_CLOSED);
2966 return FALSE;
2967 }
2968 }
2969
2970 WLog_Print(tsg->log, WLOG_INFO, "TS Gateway Connection Success");
2971 tsg->bio = BIO_new(BIO_s_tsg());
2972
2973 if (!tsg->bio)
2974 return FALSE;
2975
2976 BIO_set_data(tsg->bio, (void*)tsg);
2977 return TRUE;
2978}
2979
2980BOOL tsg_disconnect(rdpTsg* tsg)
2981{
3001 if (!tsg)
3002 return FALSE;
3003
3004 if (tsg->state != TSG_STATE_TUNNEL_CLOSE_PENDING)
3005 {
3006 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->ChannelContext))
3007 return FALSE;
3008
3009 return tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING);
3010 }
3011
3012 return TRUE;
3013}
3014
3026static int tsg_read(rdpTsg* tsg, BYTE* data, size_t length)
3027{
3028 rdpRpc* rpc = nullptr;
3029 int status = 0;
3030
3031 if (!tsg || !data)
3032 return -1;
3033
3034 rpc = tsg->rpc;
3035
3036 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
3037 {
3038 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
3039 return -1;
3040 }
3041
3042 do
3043 {
3044 status = rpc_client_receive_pipe_read(rpc->client, data, length);
3045
3046 if (status < 0)
3047 return -1;
3048
3049 if (!status && !transport_get_blocking(rpc->transport))
3050 return 0;
3051
3052 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
3053 {
3054 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
3055 return -1;
3056 }
3057
3058 if (status > 0)
3059 break;
3060
3061 if (transport_get_blocking(rpc->transport))
3062 {
3063 while (WaitForSingleObject(rpc->client->PipeEvent, 0) != WAIT_OBJECT_0)
3064 {
3065 if (!tsg_check_event_handles(tsg))
3066 return -1;
3067
3068 (void)WaitForSingleObject(rpc->client->PipeEvent, 100);
3069 }
3070 }
3071 } while (transport_get_blocking(rpc->transport));
3072
3073 return status;
3074}
3075
3076static int tsg_write(rdpTsg* tsg, const BYTE* data, UINT32 length)
3077{
3078 int status = 0;
3079
3080 if (!tsg || !data || !tsg->rpc || !tsg->rpc->transport)
3081 return -1;
3082
3083 if (transport_get_layer(tsg->rpc->transport) == TRANSPORT_LAYER_CLOSED)
3084 {
3085 WLog_Print(tsg->log, WLOG_ERROR, "error, connection lost");
3086 return -1;
3087 }
3088
3089 status = TsProxySendToServer((handle_t)tsg, data, 1, &length);
3090
3091 if (status < 0)
3092 return -1;
3093
3094 return (int)length;
3095}
3096
3097rdpTsg* tsg_new(rdpTransport* transport)
3098{
3099 rdpTsg* tsg = (rdpTsg*)calloc(1, sizeof(rdpTsg));
3100
3101 if (!tsg)
3102 return nullptr;
3103 tsg->log = WLog_Get(TAG);
3104 tsg->transport = transport;
3105 tsg->rpc = rpc_new(tsg->transport);
3106
3107 if (!tsg->rpc)
3108 goto out_free;
3109
3110 return tsg;
3111out_free:
3112 free(tsg);
3113 return nullptr;
3114}
3115
3116void tsg_free(rdpTsg* tsg)
3117{
3118 if (tsg)
3119 {
3120 rpc_free(tsg->rpc);
3121 free(tsg->Hostname);
3122 free(tsg->QuarreQuest.machineName);
3123 free(tsg->QuarreQuest.data);
3124 free(tsg);
3125 }
3126}
3127
3128static int transport_bio_tsg_write(BIO* bio, const char* buf, int num)
3129{
3130 int status = 0;
3131 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3132 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
3133
3134 if (num < 0)
3135 return -1;
3136 status = tsg_write(tsg, (const BYTE*)buf, (UINT32)num);
3137
3138 if (status < 0)
3139 {
3140 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3141 return -1;
3142 }
3143 else if (status == 0)
3144 {
3145 BIO_set_flags(bio, BIO_FLAGS_WRITE);
3146 WSASetLastError(WSAEWOULDBLOCK);
3147 }
3148 else
3149 {
3150 BIO_set_flags(bio, BIO_FLAGS_WRITE);
3151 }
3152
3153 return status >= 0 ? status : -1;
3154}
3155
3156static int transport_bio_tsg_read(BIO* bio, char* buf, int size)
3157{
3158 int status = 0;
3159 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3160
3161 if (!tsg || (size < 0))
3162 {
3163 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3164 return -1;
3165 }
3166
3167 BIO_clear_flags(bio, BIO_FLAGS_READ);
3168 status = tsg_read(tsg, (BYTE*)buf, (size_t)size);
3169
3170 if (status < 0)
3171 {
3172 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3173 return -1;
3174 }
3175 else if (status == 0)
3176 {
3177 BIO_set_flags(bio, BIO_FLAGS_READ);
3178 WSASetLastError(WSAEWOULDBLOCK);
3179 }
3180 else
3181 {
3182 BIO_set_flags(bio, BIO_FLAGS_READ);
3183 }
3184
3185 return status > 0 ? status : -1;
3186}
3187
3188static int transport_bio_tsg_puts(BIO* bio, const char* str)
3189{
3190 WINPR_UNUSED(bio);
3191 WINPR_UNUSED(str);
3192 return -2;
3193}
3194
3195// NOLINTNEXTLINE(readability-non-const-parameter)
3196static int transport_bio_tsg_gets(BIO* bio, char* str, int size)
3197{
3198 WINPR_UNUSED(bio);
3199 WINPR_UNUSED(str);
3200 WINPR_UNUSED(size);
3201 return 1;
3202}
3203
3204static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
3205{
3206 long status = -1;
3207 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3208 RpcVirtualConnection* connection = tsg->rpc->VirtualConnection;
3209 RpcInChannel* inChannel = connection->DefaultInChannel;
3210 RpcOutChannel* outChannel = connection->DefaultOutChannel;
3211
3212 switch (cmd)
3213 {
3214 case BIO_CTRL_FLUSH:
3215 (void)BIO_flush(inChannel->common.tls->bio);
3216 (void)BIO_flush(outChannel->common.tls->bio);
3217 status = 1;
3218 break;
3219
3220 case BIO_C_GET_EVENT:
3221 if (arg2)
3222 {
3223 *((HANDLE*)arg2) = tsg->rpc->client->PipeEvent;
3224 status = 1;
3225 }
3226
3227 break;
3228
3229 case BIO_C_SET_NONBLOCK:
3230 status = 1;
3231 break;
3232
3233 case BIO_C_READ_BLOCKED:
3234 {
3235 BIO* cbio = outChannel->common.bio;
3236 status = BIO_read_blocked(cbio);
3237 }
3238 break;
3239
3240 case BIO_C_WRITE_BLOCKED:
3241 {
3242 BIO* cbio = inChannel->common.bio;
3243 status = BIO_write_blocked(cbio);
3244 }
3245 break;
3246
3247 case BIO_C_WAIT_READ:
3248 {
3249 int timeout = (int)arg1;
3250 BIO* cbio = outChannel->common.bio;
3251
3252 if (BIO_read_blocked(cbio))
3253 return BIO_wait_read(cbio, timeout);
3254 else if (BIO_write_blocked(cbio))
3255 return BIO_wait_write(cbio, timeout);
3256 else
3257 status = 1;
3258 }
3259 break;
3260
3261 case BIO_C_WAIT_WRITE:
3262 {
3263 int timeout = (int)arg1;
3264 BIO* cbio = inChannel->common.bio;
3265
3266 if (BIO_write_blocked(cbio))
3267 status = BIO_wait_write(cbio, timeout);
3268 else if (BIO_read_blocked(cbio))
3269 status = BIO_wait_read(cbio, timeout);
3270 else
3271 status = 1;
3272 }
3273 break;
3274#if OPENSSL_VERSION_NUMBER >= 0x30000000L
3275 case BIO_CTRL_GET_KTLS_SEND:
3276 status = 0;
3277 break;
3278 case BIO_CTRL_GET_KTLS_RECV:
3279 status = 0;
3280 break;
3281#endif
3282 default:
3283 break;
3284 }
3285
3286 return status;
3287}
3288
3289static int transport_bio_tsg_new(BIO* bio)
3290{
3291 WINPR_ASSERT(bio);
3292 BIO_set_init(bio, 1);
3293 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3294 return 1;
3295}
3296
3297static int transport_bio_tsg_free(BIO* bio)
3298{
3299 WINPR_ASSERT(bio);
3300 WINPR_UNUSED(bio);
3301 return 1;
3302}
3303
3304BIO_METHOD* BIO_s_tsg(void)
3305{
3306 static BIO_METHOD* bio_methods = nullptr;
3307
3308 if (bio_methods == nullptr)
3309 {
3310 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway")))
3311 return nullptr;
3312
3313 BIO_meth_set_write(bio_methods, transport_bio_tsg_write);
3314 BIO_meth_set_read(bio_methods, transport_bio_tsg_read);
3315 BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts);
3316 BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets);
3317 BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl);
3318 BIO_meth_set_create(bio_methods, transport_bio_tsg_new);
3319 BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free);
3320 }
3321
3322 return bio_methods;
3323}
3324
3325TSG_STATE tsg_get_state(rdpTsg* tsg)
3326{
3327 if (!tsg)
3328 return TSG_STATE_INITIAL;
3329
3330 return tsg->state;
3331}
3332
3333BIO* tsg_get_bio(rdpTsg* tsg)
3334{
3335 if (!tsg)
3336 return nullptr;
3337
3338 return tsg->bio;
3339}
3340
3341BOOL tsg_set_state(rdpTsg* tsg, TSG_STATE state)
3342{
3343 WINPR_ASSERT(tsg);
3344 tsg->state = state;
3345 return TRUE;
3346}
CONTEXT_HANDLE
Definition winpr/include/winpr/rpc.h:26
RPC_PDU
Definition libfreerdp/core/gateway/rpc.h:66
p_uuid_t
Definition libfreerdp/core/gateway/rpc.h:150