23 #include <freerdp/config.h>
25 #include "../settings.h"
27 #include <winpr/assert.h>
28 #include <winpr/crt.h>
29 #include <winpr/error.h>
30 #include <winpr/print.h>
31 #include <winpr/stream.h>
33 #include <freerdp/log.h>
36 #include "rpc_client.h"
39 #include "../../crypto/opensslcompat.h"
41 #define TAG FREERDP_TAG("core.gateway.tsg")
43 #define TSG_CAPABILITY_TYPE_NAP 0x00000001
45 #define TSG_PACKET_TYPE_HEADER 0x00004844
46 #define TSG_PACKET_TYPE_VERSIONCAPS 0x00005643
47 #define TSG_PACKET_TYPE_QUARCONFIGREQUEST 0x00005143
48 #define TSG_PACKET_TYPE_QUARREQUEST 0x00005152
49 #define TSG_PACKET_TYPE_RESPONSE 0x00005052
50 #define TSG_PACKET_TYPE_QUARENC_RESPONSE 0x00004552
51 #define TSG_PACKET_TYPE_CAPS_RESPONSE 0x00004350
52 #define TSG_PACKET_TYPE_MSGREQUEST_PACKET 0x00004752
53 #define TSG_PACKET_TYPE_MESSAGE_PACKET 0x00004750
54 #define TSG_PACKET_TYPE_AUTH 0x00004054
55 #define TSG_PACKET_TYPE_REAUTH 0x00005250
57 typedef WCHAR* RESOURCENAME;
61 RESOURCENAME* resourceName;
62 UINT32 numResourceNames;
63 RESOURCENAME* alternateResourceNames;
64 UINT16 numAlternateResourceNames;
81 TSG_CAPABILITY_NAP tsgCapNap;
82 } TSG_CAPABILITIES_UNION;
86 UINT32 capabilityType;
87 TSG_CAPABILITIES_UNION tsgPacket;
88 } TSG_PACKET_CAPABILITIES;
92 TSG_PACKET_HEADER tsgHeader;
93 TSG_PACKET_CAPABILITIES tsgCaps;
94 UINT32 numCapabilities;
97 UINT16 quarantineCapabilities;
98 } TSG_PACKET_VERSIONCAPS;
103 } TSG_PACKET_QUARCONFIGREQUEST;
112 } TSG_PACKET_QUARREQUEST;
116 BOOL enableAllRedirections;
117 BOOL disableAllRedirections;
118 BOOL driveRedirectionDisabled;
119 BOOL printerRedirectionDisabled;
120 BOOL portRedirectionDisabled;
122 BOOL clipboardRedirectionDisabled;
123 BOOL pnpRedirectionDisabled;
124 } TSG_REDIRECTION_FLAGS;
131 UINT32 responseDataLen;
132 TSG_REDIRECTION_FLAGS redirectionFlags;
133 } TSG_PACKET_RESPONSE;
139 WCHAR* certChainData;
141 TSG_PACKET_VERSIONCAPS versionCaps;
142 } TSG_PACKET_QUARENC_RESPONSE;
146 INT32 isDisplayMandatory;
147 INT32 isConsentMandatory;
150 } TSG_PACKET_STRING_MESSAGE;
154 UINT64 tunnelContext;
155 } TSG_PACKET_REAUTH_MESSAGE;
162 } TSG_PACKET_MSG_RESPONSE;
166 TSG_PACKET_QUARENC_RESPONSE pktQuarEncResponse;
167 TSG_PACKET_MSG_RESPONSE pktConsentMessage;
168 } TSG_PACKET_CAPS_RESPONSE;
172 UINT32 maxMessagesPerBatch;
173 } TSG_PACKET_MSG_REQUEST;
177 TSG_PACKET_VERSIONCAPS tsgVersionCaps;
184 TSG_PACKET_VERSIONCAPS packetVersionCaps;
185 TSG_PACKET_AUTH packetAuth;
186 } TSG_INITIAL_PACKET_TYPE_UNION;
190 UINT64 tunnelContext;
192 TSG_INITIAL_PACKET_TYPE_UNION tsgInitialPacket;
197 TSG_PACKET_HEADER packetHeader;
198 TSG_PACKET_VERSIONCAPS packetVersionCaps;
199 TSG_PACKET_QUARCONFIGREQUEST packetQuarConfigRequest;
200 TSG_PACKET_QUARREQUEST packetQuarRequest;
201 TSG_PACKET_RESPONSE packetResponse;
202 TSG_PACKET_QUARENC_RESPONSE packetQuarEncResponse;
203 TSG_PACKET_CAPS_RESPONSE packetCapsResponse;
204 TSG_PACKET_MSG_REQUEST packetMsgRequest;
205 TSG_PACKET_MSG_RESPONSE packetMsgResponse;
206 TSG_PACKET_AUTH packetAuth;
207 TSG_PACKET_REAUTH packetReauth;
208 } TSG_PACKET_TYPE_UNION;
213 TSG_PACKET_TYPE_UNION tsgPacket;
227 rdpTransport* transport;
228 UINT64 ReauthTunnelContext;
236 static BOOL tsg_stream_align(wLog* log,
wStream* s,
size_t align);
238 static const char* tsg_packet_id_to_string(UINT32 packetId)
242 case TSG_PACKET_TYPE_HEADER:
243 return "TSG_PACKET_TYPE_HEADER";
244 case TSG_PACKET_TYPE_VERSIONCAPS:
245 return "TSG_PACKET_TYPE_VERSIONCAPS";
246 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
247 return "TSG_PACKET_TYPE_QUARCONFIGREQUEST";
248 case TSG_PACKET_TYPE_QUARREQUEST:
249 return "TSG_PACKET_TYPE_QUARREQUEST";
250 case TSG_PACKET_TYPE_RESPONSE:
251 return "TSG_PACKET_TYPE_RESPONSE";
252 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
253 return "TSG_PACKET_TYPE_QUARENC_RESPONSE";
254 case TSG_CAPABILITY_TYPE_NAP:
255 return "TSG_CAPABILITY_TYPE_NAP";
256 case TSG_PACKET_TYPE_CAPS_RESPONSE:
257 return "TSG_PACKET_TYPE_CAPS_RESPONSE";
258 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
259 return "TSG_PACKET_TYPE_MSGREQUEST_PACKET";
260 case TSG_PACKET_TYPE_MESSAGE_PACKET:
261 return "TSG_PACKET_TYPE_MESSAGE_PACKET";
262 case TSG_PACKET_TYPE_AUTH:
263 return "TSG_PACKET_TYPE_AUTH";
264 case TSG_PACKET_TYPE_REAUTH:
265 return "TSG_PACKET_TYPE_REAUTH";
271 static const char* tsg_component_id_to_string(UINT16 ComponentId,
char* buffer,
size_t bytelen)
273 const char* str = NULL;
281 ENTRY(TS_GATEWAY_TRANSPORT);
288 (void)_snprintf(buffer, bytelen,
"%s [0x%04" PRIx16
"]", str, ComponentId);
292 static const char* tsg_state_to_string(TSG_STATE state)
296 case TSG_STATE_INITIAL:
297 return "TSG_STATE_INITIAL";
298 case TSG_STATE_CONNECTED:
299 return "TSG_STATE_CONNECTED";
300 case TSG_STATE_AUTHORIZED:
301 return "TSG_STATE_AUTHORIZED";
302 case TSG_STATE_CHANNEL_CREATED:
303 return "TSG_STATE_CHANNEL_CREATED";
304 case TSG_STATE_PIPE_CREATED:
305 return "TSG_STATE_PIPE_CREATED";
306 case TSG_STATE_TUNNEL_CLOSE_PENDING:
307 return "TSG_STATE_TUNNEL_CLOSE_PENDING";
308 case TSG_STATE_CHANNEL_CLOSE_PENDING:
309 return "TSG_STATE_CHANNEL_CLOSE_PENDING";
310 case TSG_STATE_FINAL:
311 return "TSG_STATE_FINAL";
313 return "TSG_STATE_UNKNOWN";
319 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 20))
322 WINPR_ASSERT(tunnelContext);
323 Stream_Read_UINT32(s, tunnelContext->ContextType);
324 Stream_Read(s, &tunnelContext->ContextUuid,
325 sizeof(tunnelContext->ContextUuid));
331 if (!Stream_EnsureRemainingCapacity(s, 20))
334 Stream_Write_UINT32(s, tunnelContext->ContextType);
335 Stream_Write(s, &tunnelContext->ContextUuid,
336 sizeof(tunnelContext->ContextUuid));
340 static BOOL tsg_ndr_pointer_write(wLog* log,
wStream* s, UINT32* index, DWORD length)
343 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
347 if (!Stream_EnsureRemainingCapacity(s, 4))
352 Stream_Write_UINT32(s, ndrPtr);
353 (*index) = (*index) + 1;
356 Stream_Write_UINT32(s, 0);
360 static BOOL tsg_ndr_pointer_read(wLog* log,
wStream* s, UINT32* index, UINT32* ptrval,
364 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
368 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
372 Stream_Read_UINT32(s, val);
380 WLog_Print(log, WLOG_WARN,
"Read NDR pointer 0x%04" PRIx32
" but expected 0x%04" PRIx32,
382 if ((val & 0xFFFF0000) != (ndrPtr & 0xFFFF0000))
389 WLog_Print(log, WLOG_ERROR,
"NDR pointer == 0, but the field is required");
396 static BOOL tsg_ndr_write_string(wLog* log,
wStream* s,
const WCHAR* str,
size_t length)
398 if (!Stream_EnsureRemainingCapacity(s, 12 + length) || (length > UINT32_MAX))
401 Stream_Write_UINT32(s, (UINT32)length);
402 Stream_Write_UINT32(s, 0);
403 Stream_Write_UINT32(s, (UINT32)length);
404 Stream_Write_UTF16_String(s, str, length);
408 static BOOL tsg_ndr_read_string(wLog* log,
wStream* s, WCHAR** str, UINT32 lengthInBytes)
412 UINT32 ActualCount = 0;
414 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
417 Stream_Read_UINT32(s, MaxCount);
418 Stream_Read_UINT32(s, Offset);
419 Stream_Read_UINT32(s, ActualCount);
420 if (ActualCount > MaxCount)
422 WLog_Print(log, WLOG_ERROR,
423 "failed to read string, ActualCount (%" PRIu32
") > MaxCount (%" PRIu32
")",
424 ActualCount, MaxCount);
429 WLog_Print(log, WLOG_ERROR,
"Unsupported Offset (%" PRIu32
"), expected 0", Offset);
432 if (ActualCount > lengthInBytes /
sizeof(WCHAR))
434 WLog_Print(log, WLOG_ERROR,
435 "failed to read string, ActualCount (%" PRIu32
436 ") * sizeof(WCHAR) > lengthInBytes (%" PRIu32
")",
437 ActualCount, lengthInBytes);
441 *str = Stream_PointerAs(s, WCHAR);
443 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, MaxCount))
445 Stream_Seek(s, MaxCount);
449 static BOOL tsg_ndr_read_packet_header(wLog* log,
wStream* s, TSG_PACKET_HEADER* header)
451 const UINT32 ComponentId = TS_GATEWAY_TRANSPORT;
453 WINPR_ASSERT(header);
454 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2,
sizeof(UINT16)))
456 Stream_Read_UINT16(s, header->ComponentId);
457 Stream_Read_UINT16(s, header->PacketId);
459 if (ComponentId != header->ComponentId)
461 char buffer[64] = { 0 };
462 char buffer2[64] = { 0 };
463 WLog_Print(log, WLOG_ERROR,
"Unexpected ComponentId: %s, Expected %s",
464 tsg_component_id_to_string(header->ComponentId, buffer,
sizeof(buffer)),
465 tsg_component_id_to_string(ComponentId, buffer2,
sizeof(buffer2)));
472 static BOOL tsg_ndr_write_packet_header(wLog* log,
wStream* s,
const TSG_PACKET_HEADER* header)
474 WINPR_ASSERT(header);
475 if (!Stream_EnsureRemainingCapacity(s, 2 *
sizeof(UINT16)))
477 Stream_Write_UINT16(s, header->ComponentId);
478 Stream_Write_UINT16(s, header->PacketId);
482 static BOOL tsg_ndr_read_nap(wLog* log,
wStream* s, TSG_CAPABILITY_NAP* nap)
486 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1,
sizeof(UINT32)))
488 Stream_Read_UINT32(s, nap->capabilities);
492 static BOOL tsg_ndr_write_nap(wLog* log,
wStream* s,
const TSG_CAPABILITY_NAP* nap)
496 if (!Stream_EnsureRemainingCapacity(s, 1 *
sizeof(UINT32)))
498 Stream_Write_UINT32(s, nap->capabilities);
502 static BOOL tsg_ndr_read_tsg_caps(wLog* log,
wStream* s, TSG_PACKET_CAPABILITIES* caps)
504 UINT32 capabilityType = 0;
508 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 3,
sizeof(UINT32)))
510 Stream_Read_UINT32(s, count);
511 Stream_Read_UINT32(s, capabilityType);
512 Stream_Read_UINT32(s, caps->capabilityType);
513 if (capabilityType != caps->capabilityType)
515 WLog_Print(log, WLOG_ERROR,
"Inconsistent data, capabilityType %s != %s",
516 tsg_packet_id_to_string(capabilityType),
517 tsg_packet_id_to_string(caps->capabilityType));
520 switch (caps->capabilityType)
522 case TSG_CAPABILITY_TYPE_NAP:
523 return tsg_ndr_read_nap(log, s, &caps->tsgPacket.tsgCapNap);
525 WLog_Print(log, WLOG_ERROR,
526 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32,
527 caps->capabilityType);
532 static BOOL tsg_ndr_write_tsg_caps(wLog* log,
wStream* s,
const TSG_PACKET_CAPABILITIES* caps)
536 if (!Stream_EnsureRemainingCapacity(s, 2 *
sizeof(UINT32)))
538 Stream_Write_UINT32(s, caps->capabilityType);
539 Stream_Write_UINT32(s, caps->capabilityType);
541 switch (caps->capabilityType)
543 case TSG_CAPABILITY_TYPE_NAP:
544 return tsg_ndr_write_nap(log, s, &caps->tsgPacket.tsgCapNap);
546 WLog_Print(log, WLOG_ERROR,
547 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32,
548 caps->capabilityType);
553 static BOOL tsg_ndr_read_version_caps(wLog* log,
wStream* s, UINT32* index,
554 TSG_PACKET_VERSIONCAPS* caps)
557 if (!tsg_ndr_read_packet_header(log, s, &caps->tsgHeader))
560 UINT32 TSGCapsPtr = 0;
561 if (!tsg_ndr_pointer_read(log, s, index, &TSGCapsPtr, TRUE))
564 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 10))
566 Stream_Read_UINT32(s, caps->numCapabilities);
567 Stream_Read_UINT16(s, caps->majorVersion);
568 Stream_Read_UINT16(s, caps->minorVersion);
569 Stream_Read_UINT16(s, caps->quarantineCapabilities);
571 if (!tsg_stream_align(log, s, 4))
574 return tsg_ndr_read_tsg_caps(log, s, &caps->tsgCaps);
577 static BOOL tsg_ndr_write_version_caps(wLog* log,
wStream* s, UINT32* index,
578 const TSG_PACKET_VERSIONCAPS* caps)
581 if (!tsg_ndr_write_packet_header(log, s, &caps->tsgHeader))
584 if (!tsg_ndr_pointer_write(log, s, index, 1))
587 if (!Stream_EnsureRemainingCapacity(s, 10))
589 Stream_Write_UINT32(s, caps->numCapabilities);
590 Stream_Write_UINT16(s, caps->majorVersion);
591 Stream_Write_UINT16(s, caps->minorVersion);
592 Stream_Write_UINT16(s, caps->quarantineCapabilities);
595 Stream_Write_UINT16(s, 0x0000);
596 Stream_Write_UINT32(s, caps->numCapabilities);
597 return tsg_ndr_write_tsg_caps(log, s, &caps->tsgCaps);
600 static BOOL tsg_ndr_read_quarenc_response(wLog* log,
wStream* s, UINT32* index,
601 TSG_PACKET_QUARENC_RESPONSE* quarenc)
603 WINPR_ASSERT(quarenc);
604 UINT32 CertChainDataPtr = 0;
605 UINT32 VersionCapsPtr = 0;
607 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
609 Stream_Read_UINT32(s, quarenc->flags);
610 Stream_Read_UINT32(s, quarenc->certChainLen);
612 if (!tsg_ndr_pointer_read(log, s, index, &CertChainDataPtr, quarenc->certChainLen != 0))
615 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1,
sizeof(quarenc->nonce)))
617 Stream_Read(s, &quarenc->nonce,
sizeof(quarenc->nonce));
619 if (!tsg_ndr_pointer_read(log, s, index, &VersionCapsPtr, TRUE))
625 static BOOL tsg_ndr_read_quarenc_data(wLog* log,
wStream* s, UINT32* index,
626 TSG_PACKET_QUARENC_RESPONSE* quarenc)
628 WINPR_ASSERT(quarenc);
630 if (quarenc->certChainLen > 0)
633 if (!tsg_ndr_read_string(log, s, &quarenc->certChainData,
634 quarenc->certChainLen *
sizeof(WCHAR)))
637 if (!tsg_stream_align(log, s, 4))
641 return tsg_ndr_read_version_caps(log, s, index, &quarenc->versionCaps);
644 static BOOL tsg_ndr_write_auth(wLog* log,
wStream* s, UINT32* index,
const TSG_PACKET_AUTH* auth)
648 if (!tsg_ndr_write_version_caps(log, s, index, &auth->tsgVersionCaps))
651 if (!Stream_EnsureRemainingCapacity(s, 4))
654 Stream_Write_UINT32(s, auth->cookieLen);
655 if (!tsg_ndr_pointer_write(log, s, index, auth->cookieLen))
658 if (!Stream_EnsureRemainingCapacity(s, auth->cookieLen))
660 Stream_Write(s, auth->cookie, auth->cookieLen);
664 static BOOL tsg_ndr_write_reauth(wLog* log,
wStream* s, UINT32* index,
665 const TSG_PACKET_REAUTH* auth)
669 if (!Stream_EnsureRemainingCapacity(s, 12))
672 Stream_Write_UINT64(s, auth->tunnelContext);
673 Stream_Write_UINT32(s, auth->packetId);
675 switch (auth->packetId)
677 case TSG_PACKET_TYPE_VERSIONCAPS:
678 return tsg_ndr_write_version_caps(log, s, index,
679 &auth->tsgInitialPacket.packetVersionCaps);
680 case TSG_PACKET_TYPE_AUTH:
681 return tsg_ndr_write_auth(log, s, index, &auth->tsgInitialPacket.packetAuth);
683 WLog_Print(log, WLOG_ERROR,
"unexpected packetId %s",
684 tsg_packet_id_to_string(auth->packetId));
689 static BOOL tsg_ndr_read_packet_response(wLog* log,
wStream* s, UINT32* index,
690 TSG_PACKET_RESPONSE* response)
692 UINT32 ResponseDataPtr = 0;
693 UINT32 MaxSizeValue = 0;
694 UINT32 MaxOffsetValue = 0;
695 UINT32 idleTimeout = 0;
697 WINPR_ASSERT(response);
699 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2,
sizeof(UINT32)))
701 Stream_Read_UINT32(s, response->flags);
702 Stream_Seek_UINT32(s);
704 if (response->flags != TSG_PACKET_TYPE_QUARREQUEST)
706 WLog_Print(log, WLOG_ERROR,
707 "Unexpected Packet Response Flags: 0x%08" PRIX32
708 ", Expected TSG_PACKET_TYPE_QUARREQUEST",
713 if (!tsg_ndr_pointer_read(log, s, index, &ResponseDataPtr, TRUE))
716 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 10,
sizeof(UINT32)))
719 Stream_Read_UINT32(s, response->responseDataLen);
721 s, response->redirectionFlags.enableAllRedirections);
724 response->redirectionFlags.disableAllRedirections);
725 Stream_Read_INT32(s, response->redirectionFlags
726 .driveRedirectionDisabled);
728 response->redirectionFlags
729 .printerRedirectionDisabled);
732 response->redirectionFlags.portRedirectionDisabled);
733 Stream_Read_INT32(s, response->redirectionFlags.reserved);
735 s, response->redirectionFlags
736 .clipboardRedirectionDisabled);
739 response->redirectionFlags.pnpRedirectionDisabled);
741 Stream_Read_UINT32(s, MaxSizeValue);
742 Stream_Read_UINT32(s, MaxOffsetValue);
744 if (MaxSizeValue != response->responseDataLen)
746 WLog_Print(log, WLOG_ERROR,
"Unexpected size value: %" PRIu32
", expected: %" PRIu32
"",
747 MaxSizeValue, response->responseDataLen);
751 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, MaxSizeValue))
754 if (MaxSizeValue == 4)
755 Stream_Read_UINT32(s, idleTimeout);
757 Stream_Seek(s, MaxSizeValue);
761 WINPR_ATTR_FORMAT_ARG(3, 4)
762 static BOOL tsg_print(
char** buffer,
size_t* len, WINPR_FORMAT_ARG const
char* fmt, ...)
766 if (!buffer || !len || !fmt)
769 rc = vsnprintf(*buffer, *len, fmt, ap);
771 if ((rc < 0) || ((
size_t)rc > *len))
774 *buffer += (size_t)rc;
778 static BOOL tsg_packet_header_to_string(
char** buffer,
size_t* length,
779 const TSG_PACKET_HEADER* header)
781 WINPR_ASSERT(buffer);
782 WINPR_ASSERT(length);
783 WINPR_ASSERT(header);
785 return tsg_print(buffer, length,
786 "header { ComponentId=0x%04" PRIx16
", PacketId=0x%04" PRIx16
" }",
787 header->ComponentId, header->PacketId);
790 static BOOL tsg_type_capability_nap_to_string(
char** buffer,
size_t* length,
791 const TSG_CAPABILITY_NAP* cur)
793 WINPR_ASSERT(buffer);
794 WINPR_ASSERT(length);
797 return tsg_print(buffer, length,
"%s { capabilities=0x%08" PRIx32
" }",
798 tsg_packet_id_to_string(TSG_CAPABILITY_TYPE_NAP), cur->capabilities);
801 static BOOL tsg_packet_capabilities_to_string(
char** buffer,
size_t* length,
802 const TSG_PACKET_CAPABILITIES* caps, UINT32 numCaps)
804 WINPR_ASSERT(buffer);
805 WINPR_ASSERT(length);
808 if (!tsg_print(buffer, length,
"capabilities { "))
811 for (UINT32 x = 0; x < numCaps; x++)
813 const TSG_PACKET_CAPABILITIES* cur = &caps[x];
814 switch (cur->capabilityType)
816 case TSG_CAPABILITY_TYPE_NAP:
817 if (!tsg_type_capability_nap_to_string(buffer, length, &cur->tsgPacket.tsgCapNap))
821 if (!tsg_print(buffer, length,
"TSG_UNKNOWN_CAPABILITY"))
826 return tsg_print(buffer, length,
" }");
829 static BOOL tsg_packet_versioncaps_to_string(
char** buffer,
size_t* length,
830 const TSG_PACKET_VERSIONCAPS* caps)
832 WINPR_ASSERT(buffer);
833 WINPR_ASSERT(length);
836 if (!tsg_print(buffer, length,
"versioncaps { "))
838 if (!tsg_packet_header_to_string(buffer, length, &caps->tsgHeader))
841 if (!tsg_print(buffer, length,
" "))
844 if (!tsg_packet_capabilities_to_string(buffer, length, &caps->tsgCaps, caps->numCapabilities))
847 if (!tsg_print(buffer, length,
848 " numCapabilities=0x%08" PRIx32
", majorVersion=0x%04" PRIx16
849 ", minorVersion=0x%04" PRIx16
", quarantineCapabilities=0x%04" PRIx16,
850 caps->numCapabilities, caps->majorVersion, caps->minorVersion,
851 caps->quarantineCapabilities))
854 return tsg_print(buffer, length,
" }");
857 static BOOL tsg_packet_quarconfigrequest_to_string(
char** buffer,
size_t* length,
858 const TSG_PACKET_QUARCONFIGREQUEST* caps)
860 WINPR_ASSERT(buffer);
861 WINPR_ASSERT(length);
864 if (!tsg_print(buffer, length,
"quarconfigrequest { "))
867 if (!tsg_print(buffer, length,
" "))
870 if (!tsg_print(buffer, length,
" flags=0x%08" PRIx32, caps->flags))
873 return tsg_print(buffer, length,
" }");
876 static BOOL tsg_packet_quarrequest_to_string(
char** buffer,
size_t* length,
877 const TSG_PACKET_QUARREQUEST* caps)
881 char* strdata = NULL;
883 WINPR_ASSERT(buffer);
884 WINPR_ASSERT(length);
887 if (!tsg_print(buffer, length,
"quarrequest { "))
890 if (!tsg_print(buffer, length,
" "))
893 if (caps->nameLength > 0)
895 if (caps->nameLength > INT_MAX)
897 name = ConvertWCharNToUtf8Alloc(caps->machineName, caps->nameLength, NULL);
902 strdata = winpr_BinToHexString(caps->data, caps->dataLen, TRUE);
903 if (strdata || (caps->dataLen == 0))
904 rc = tsg_print(buffer, length,
905 " flags=0x%08" PRIx32
", machineName=%s [%" PRIu32
"], data[%" PRIu32
"]=%s",
906 caps->flags, name, caps->nameLength, caps->dataLen, strdata);
912 return tsg_print(buffer, length,
" }");
915 static const char* tsg_bool_to_string(BOOL val)
922 static const char* tsg_redirection_flags_to_string(
char* buffer,
size_t size,
923 const TSG_REDIRECTION_FLAGS* flags)
925 WINPR_ASSERT(buffer || (size == 0));
930 "enableAllRedirections=%s, disableAllRedirections=%s, driveRedirectionDisabled=%s, "
931 "printerRedirectionDisabled=%s, portRedirectionDisabled=%s, reserved=%s, "
932 "clipboardRedirectionDisabled=%s, pnpRedirectionDisabled=%s",
933 tsg_bool_to_string(flags->enableAllRedirections),
934 tsg_bool_to_string(flags->disableAllRedirections),
935 tsg_bool_to_string(flags->driveRedirectionDisabled),
936 tsg_bool_to_string(flags->printerRedirectionDisabled),
937 tsg_bool_to_string(flags->portRedirectionDisabled), tsg_bool_to_string(flags->reserved),
938 tsg_bool_to_string(flags->clipboardRedirectionDisabled),
939 tsg_bool_to_string(flags->pnpRedirectionDisabled));
943 static BOOL tsg_packet_response_to_string(
char** buffer,
size_t* length,
944 const TSG_PACKET_RESPONSE* caps)
947 char* strdata = NULL;
948 char tbuffer[8192] = { 0 };
950 WINPR_ASSERT(buffer);
951 WINPR_ASSERT(length);
954 if (!tsg_print(buffer, length,
"response { "))
957 if (!tsg_print(buffer, length,
" "))
960 strdata = winpr_BinToHexString(caps->responseData, caps->responseDataLen, TRUE);
961 if (strdata || (caps->responseDataLen == 0))
964 " flags=0x%08" PRIx32
", reserved=0x%08" PRIx32
", responseData[%" PRIu32
965 "]=%s, redirectionFlags={ %s }",
966 caps->flags, caps->reserved, caps->responseDataLen, strdata,
967 tsg_redirection_flags_to_string(tbuffer, ARRAYSIZE(tbuffer), &caps->redirectionFlags));
972 return tsg_print(buffer, length,
" }");
975 static BOOL tsg_packet_quarenc_response_to_string(
char** buffer,
size_t* length,
976 const TSG_PACKET_QUARENC_RESPONSE* caps)
979 char* strdata = NULL;
980 RPC_CSTR uuid = NULL;
981 char tbuffer[8192] = { 0 };
982 size_t size = ARRAYSIZE(tbuffer);
983 char* ptbuffer = tbuffer;
985 WINPR_ASSERT(buffer);
986 WINPR_ASSERT(length);
989 if (!tsg_print(buffer, length,
"quarenc_response { "))
992 if (!tsg_print(buffer, length,
" "))
995 if (caps->certChainLen > 0)
997 if (caps->certChainLen > INT_MAX)
999 strdata = ConvertWCharNToUtf8Alloc(caps->certChainData, caps->certChainLen, NULL);
1004 tsg_packet_versioncaps_to_string(&ptbuffer, &size, &caps->versionCaps);
1005 UuidToStringA(&caps->nonce, &uuid);
1006 if (strdata || (caps->certChainLen == 0))
1008 tsg_print(buffer, length,
1009 " flags=0x%08" PRIx32
", certChain[%" PRIu32
"]=%s, nonce=%s, versionCaps=%s",
1010 caps->flags, caps->certChainLen, strdata, uuid, tbuffer);
1012 RpcStringFreeA(&uuid);
1016 return tsg_print(buffer, length,
" }");
1019 static BOOL tsg_packet_message_response_to_string(
char** buffer,
size_t* length,
1020 const TSG_PACKET_MSG_RESPONSE* caps)
1022 WINPR_ASSERT(buffer);
1023 WINPR_ASSERT(length);
1026 if (!tsg_print(buffer, length,
"msg_response { "))
1029 if (!tsg_print(buffer, length,
1030 " msgID=0x%08" PRIx32
", msgType=0x%08" PRIx32
", isMsgPresent=%" PRId32,
1031 caps->msgID, caps->msgType, caps->isMsgPresent))
1034 return tsg_print(buffer, length,
" }");
1037 static BOOL tsg_packet_caps_response_to_string(
char** buffer,
size_t* length,
1038 const TSG_PACKET_CAPS_RESPONSE* caps)
1040 WINPR_ASSERT(buffer);
1041 WINPR_ASSERT(length);
1044 if (!tsg_print(buffer, length,
"caps_response { "))
1047 if (!tsg_packet_quarenc_response_to_string(buffer, length, &caps->pktQuarEncResponse))
1050 if (!tsg_packet_message_response_to_string(buffer, length, &caps->pktConsentMessage))
1053 return tsg_print(buffer, length,
" }");
1056 static BOOL tsg_packet_message_request_to_string(
char** buffer,
size_t* length,
1057 const TSG_PACKET_MSG_REQUEST* caps)
1059 WINPR_ASSERT(buffer);
1060 WINPR_ASSERT(length);
1063 if (!tsg_print(buffer, length,
"caps_message_request { "))
1066 if (!tsg_print(buffer, length,
" maxMessagesPerBatch=%" PRIu32, caps->maxMessagesPerBatch))
1069 return tsg_print(buffer, length,
" }");
1072 static BOOL tsg_packet_auth_to_string(
char** buffer,
size_t* length,
const TSG_PACKET_AUTH* caps)
1075 char* strdata = NULL;
1076 WINPR_ASSERT(buffer);
1077 WINPR_ASSERT(length);
1080 if (!tsg_print(buffer, length,
"caps_message_request { "))
1083 if (!tsg_packet_versioncaps_to_string(buffer, length, &caps->tsgVersionCaps))
1086 strdata = winpr_BinToHexString(caps->cookie, caps->cookieLen, TRUE);
1087 if (strdata || (caps->cookieLen == 0))
1088 rc = tsg_print(buffer, length,
" cookie[%" PRIu32
"]=%s", caps->cookieLen, strdata);
1093 return tsg_print(buffer, length,
" }");
1096 static BOOL tsg_packet_reauth_to_string(
char** buffer,
size_t* length,
1097 const TSG_PACKET_REAUTH* caps)
1100 WINPR_ASSERT(buffer);
1101 WINPR_ASSERT(length);
1104 if (!tsg_print(buffer, length,
"caps_message_request { "))
1107 if (!tsg_print(buffer, length,
" tunnelContext=0x%016" PRIx64
", packetId=%s [0x%08" PRIx32
"]",
1108 caps->tunnelContext, tsg_packet_id_to_string(caps->packetId), caps->packetId))
1111 switch (caps->packetId)
1113 case TSG_PACKET_TYPE_VERSIONCAPS:
1114 rc = tsg_packet_versioncaps_to_string(buffer, length,
1115 &caps->tsgInitialPacket.packetVersionCaps);
1117 case TSG_PACKET_TYPE_AUTH:
1118 rc = tsg_packet_auth_to_string(buffer, length, &caps->tsgInitialPacket.packetAuth);
1121 rc = tsg_print(buffer, length,
"TODO: Unhandled packet type %s [0x%08" PRIx32
"]",
1122 tsg_packet_id_to_string(caps->packetId), caps->packetId);
1129 return tsg_print(buffer, length,
" }");
1132 static const char* tsg_packet_to_string(
const TSG_PACKET* packet)
1135 static char sbuffer[8193] = { 0 };
1136 char* buffer = sbuffer;
1138 if (!tsg_print(&buffer, &len,
"TSG_PACKET { packetId=%s [0x%08" PRIx32
"], ",
1139 tsg_packet_id_to_string(packet->packetId), packet->packetId))
1142 switch (packet->packetId)
1144 case TSG_PACKET_TYPE_HEADER:
1145 if (!tsg_packet_header_to_string(&buffer, &len, &packet->tsgPacket.packetHeader))
1148 case TSG_PACKET_TYPE_VERSIONCAPS:
1149 if (!tsg_packet_versioncaps_to_string(&buffer, &len,
1150 &packet->tsgPacket.packetVersionCaps))
1153 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
1154 if (!tsg_packet_quarconfigrequest_to_string(&buffer, &len,
1155 &packet->tsgPacket.packetQuarConfigRequest))
1158 case TSG_PACKET_TYPE_QUARREQUEST:
1159 if (!tsg_packet_quarrequest_to_string(&buffer, &len,
1160 &packet->tsgPacket.packetQuarRequest))
1163 case TSG_PACKET_TYPE_RESPONSE:
1164 if (!tsg_packet_response_to_string(&buffer, &len, &packet->tsgPacket.packetResponse))
1167 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
1168 if (!tsg_packet_quarenc_response_to_string(&buffer, &len,
1169 &packet->tsgPacket.packetQuarEncResponse))
1172 case TSG_PACKET_TYPE_CAPS_RESPONSE:
1173 if (!tsg_packet_caps_response_to_string(&buffer, &len,
1174 &packet->tsgPacket.packetCapsResponse))
1177 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
1178 if (!tsg_packet_message_request_to_string(&buffer, &len,
1179 &packet->tsgPacket.packetMsgRequest))
1182 case TSG_PACKET_TYPE_MESSAGE_PACKET:
1183 if (!tsg_packet_message_response_to_string(&buffer, &len,
1184 &packet->tsgPacket.packetMsgResponse))
1187 case TSG_PACKET_TYPE_AUTH:
1188 if (!tsg_packet_auth_to_string(&buffer, &len, &packet->tsgPacket.packetAuth))
1191 case TSG_PACKET_TYPE_REAUTH:
1192 if (!tsg_packet_reauth_to_string(&buffer, &len, &packet->tsgPacket.packetReauth))
1196 if (!tsg_print(&buffer, &len,
"INVALID"))
1201 if (!tsg_print(&buffer, &len,
" }"))
1208 static BOOL tsg_stream_align(wLog* log,
wStream* s,
size_t align)
1216 pos = Stream_GetPosition(s);
1218 if ((pos % align) != 0)
1219 offset = align - pos % align;
1221 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, offset))
1223 Stream_Seek(s, offset);
1227 static BIO_METHOD* BIO_s_tsg(
void);
1264 static int TsProxySendToServer(handle_t IDL_handle,
const byte pRpcMessage[], UINT32 count,
1265 const UINT32* lengths)
1270 const byte* buffer1 = NULL;
1271 const byte* buffer2 = NULL;
1272 const byte* buffer3 = NULL;
1273 UINT32 buffer1Length = 0;
1274 UINT32 buffer2Length = 0;
1275 UINT32 buffer3Length = 0;
1276 UINT32 numBuffers = 0;
1277 UINT32 totalDataBytes = 0;
1278 tsg = (rdpTsg*)IDL_handle;
1279 buffer1Length = buffer2Length = buffer3Length = 0;
1284 buffer1 = &pRpcMessage[0];
1285 buffer1Length = lengths[0];
1286 totalDataBytes += lengths[0] + 4;
1292 buffer2 = &pRpcMessage[1];
1293 buffer2Length = lengths[1];
1294 totalDataBytes += lengths[1] + 4;
1300 buffer3 = &pRpcMessage[2];
1301 buffer3Length = lengths[2];
1302 totalDataBytes += lengths[2] + 4;
1305 length = 28ull + totalDataBytes;
1306 if (length > INT_MAX)
1308 s = Stream_New(NULL, length);
1312 WLog_Print(tsg->log, WLOG_ERROR,
"Stream_New failed!");
1317 if (!TsProxyWriteTunnelContext(tsg->log, s, &tsg->ChannelContext))
1319 Stream_Write_UINT32_BE(s, totalDataBytes);
1320 Stream_Write_UINT32_BE(s, numBuffers);
1322 if (buffer1Length > 0)
1323 Stream_Write_UINT32_BE(s, buffer1Length);
1325 if (buffer2Length > 0)
1326 Stream_Write_UINT32_BE(s, buffer2Length);
1328 if (buffer3Length > 0)
1329 Stream_Write_UINT32_BE(s, buffer3Length);
1331 if (buffer1Length > 0)
1332 Stream_Write(s, buffer1, buffer1Length);
1334 if (buffer2Length > 0)
1335 Stream_Write(s, buffer2, buffer2Length);
1337 if (buffer3Length > 0)
1338 Stream_Write(s, buffer3, buffer3Length);
1340 if (!rpc_client_write_call(tsg->rpc, s, TsProxySendToServerOpnum))
1345 Stream_Free(s, TRUE);
1360 static BOOL TsProxyCreateTunnelWriteRequest(rdpTsg* tsg,
const TSG_PACKET* tsgPacket)
1368 if (!tsg || !tsg->rpc)
1372 WLog_Print(tsg->log, WLOG_DEBUG,
"%s", tsg_packet_to_string(tsgPacket));
1373 s = Stream_New(NULL, 108);
1378 switch (tsgPacket->packetId)
1380 case TSG_PACKET_TYPE_VERSIONCAPS:
1383 const TSG_PACKET_VERSIONCAPS* packetVersionCaps =
1384 &tsgPacket->tsgPacket.packetVersionCaps;
1386 Stream_Write_UINT32(s, tsgPacket->packetId);
1387 Stream_Write_UINT32(s, tsgPacket->packetId);
1388 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
1391 if (!tsg_ndr_write_version_caps(tsg->log, s, &index, packetVersionCaps))
1401 Stream_Write_UINT8(s, 0x8A);
1402 Stream_Write_UINT8(s, 0xE3);
1403 Stream_Write_UINT8(s, 0x13);
1404 Stream_Write_UINT8(s, 0x71);
1405 Stream_Write_UINT8(s, 0x02);
1406 Stream_Write_UINT8(s, 0xF4);
1407 Stream_Write_UINT8(s, 0x36);
1408 Stream_Write_UINT8(s, 0x71);
1409 Stream_Write_UINT32(s, 0x00040001);
1410 Stream_Write_UINT32(s, 0x00000001);
1412 Stream_Write_UINT8(s, 2);
1413 Stream_Write_UINT8(s, 0x40);
1414 Stream_Write_UINT16(s, 0x0028);
1416 Stream_Write(s, &TSGU_UUID,
sizeof(
p_uuid_t));
1417 Stream_Write_UINT32(s, TSGU_SYNTAX_IF_VERSION);
1419 Stream_Write(s, &NDR_UUID,
sizeof(
p_uuid_t));
1420 Stream_Write_UINT32(s, NDR_SYNTAX_IF_VERSION);
1421 opnum = TsProxyCreateTunnelOpnum;
1425 case TSG_PACKET_TYPE_REAUTH:
1427 const TSG_PACKET_REAUTH* packetReauth = &tsgPacket->tsgPacket.packetReauth;
1429 Stream_Write_UINT32(s, tsgPacket->packetId);
1430 Stream_Write_UINT32(s, tsgPacket->packetId);
1431 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
1433 if (!tsg_ndr_write_reauth(tsg->log, s, &index, packetReauth))
1435 opnum = TsProxyCreateTunnelOpnum;
1440 WLog_Print(tsg->log, WLOG_WARN,
"unexpected packetId %s",
1441 tsg_packet_id_to_string(tsgPacket->packetId));
1449 return rpc_client_write_call(rpc, s, opnum);
1451 Stream_Free(s, TRUE);
1455 static BOOL tsg_ndr_read_consent_message(wLog* log, rdpContext* context,
wStream* s, UINT32* index)
1457 TSG_PACKET_STRING_MESSAGE packetStringMessage = { 0 };
1460 WINPR_ASSERT(context);
1461 WINPR_ASSERT(index);
1463 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
1466 Stream_Read_INT32(s, packetStringMessage.isDisplayMandatory);
1467 Stream_Read_INT32(s, packetStringMessage.isConsentMandatory);
1468 Stream_Read_UINT32(s, packetStringMessage.msgBytes);
1470 if (!tsg_ndr_pointer_read(log, s, index, &Pointer, FALSE))
1475 if (packetStringMessage.msgBytes > TSG_MESSAGING_MAX_MESSAGE_LENGTH)
1477 WLog_Print(log, WLOG_ERROR,
"Out of Spec Message Length %" PRIu32
"",
1478 packetStringMessage.msgBytes);
1481 if (!tsg_ndr_read_string(log, s, &packetStringMessage.msgBuffer,
1482 packetStringMessage.msgBytes))
1485 if (context->instance)
1487 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1488 TSG_ASYNC_MESSAGE_CONSENT_MESSAGE
1489 ? GATEWAY_MESSAGE_CONSENT
1490 : TSG_ASYNC_MESSAGE_SERVICE_MESSAGE,
1491 packetStringMessage.isDisplayMandatory != 0,
1492 packetStringMessage.isConsentMandatory != 0,
1493 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1503 if (!tsg_stream_align(log, s, 4))
1507 if (!TsProxyReadTunnelContext(log, s, tunnelContext))
1510 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1513 WINPR_ASSERT(tunnelId);
1514 Stream_Read_UINT32(s, *tunnelId);
1516 UINT32 ReturnValue = 0;
1517 Stream_Read_UINT32(s, ReturnValue);
1518 if (ReturnValue != NO_ERROR)
1519 WLog_WARN(TAG,
"ReturnValue=%s", NtStatus2Tag(ReturnValue));
1523 static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context,
wStream* s, UINT32* index,
1524 UINT32 PacketPtr, TSG_PACKET_CAPS_RESPONSE* caps,
1527 UINT32 PacketQuarResponsePtr = 0;
1528 UINT32 MessageSwitchValue = 0;
1531 UINT32 IsMessagePresent = 0;
1533 WINPR_ASSERT(context);
1534 WINPR_ASSERT(index);
1537 if (!tsg_ndr_pointer_read(log, s, index, &PacketQuarResponsePtr, TRUE))
1540 if (!tsg_ndr_read_quarenc_response(log, s, index, &caps->pktQuarEncResponse))
1545 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 16))
1548 Stream_Read_UINT32(s, MsgId);
1549 Stream_Read_UINT32(s, MsgType);
1550 Stream_Read_UINT32(s, IsMessagePresent);
1551 Stream_Read_UINT32(s, MessageSwitchValue);
1556 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, TRUE))
1559 if (!tsg_ndr_read_quarenc_data(log, s, index, &caps->pktQuarEncResponse))
1562 switch (MessageSwitchValue)
1564 case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
1565 case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
1567 if (!tsg_ndr_read_consent_message(log, context, s, index))
1572 case TSG_ASYNC_MESSAGE_REAUTH:
1574 if (!tsg_stream_align(log, s, 8))
1577 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1580 Stream_Seek_UINT64(s);
1585 WLog_Print(log, WLOG_ERROR,
"Unexpected Message Type: 0x%" PRIX32
"",
1586 MessageSwitchValue);
1590 return tsg_ndr_read_tunnel_context(log, s, tunnelContext, tunnelId);
1595 static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg,
const RPC_PDU* pdu,
1600 TSG_PACKET packet = { 0 };
1601 UINT32 SwitchValue = 0;
1602 rdpContext* context = NULL;
1603 UINT32 PacketPtr = 0;
1606 WINPR_ASSERT(tsg->rpc);
1607 WINPR_ASSERT(tsg->rpc->transport);
1609 context = transport_get_context(tsg->rpc->transport);
1610 WINPR_ASSERT(context);
1615 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1618 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 8))
1620 Stream_Read_UINT32(pdu->s, packet.packetId);
1621 Stream_Read_UINT32(pdu->s, SwitchValue);
1623 WLog_Print(tsg->log, WLOG_DEBUG,
"%s", tsg_packet_id_to_string(packet.packetId));
1625 if ((packet.packetId == TSG_PACKET_TYPE_CAPS_RESPONSE) &&
1626 (SwitchValue == TSG_PACKET_TYPE_CAPS_RESPONSE))
1628 if (!tsg_ndr_read_caps_response(tsg->log, context, pdu->s, &index, PacketPtr,
1629 &packet.tsgPacket.packetCapsResponse, tunnelContext,
1633 else if ((packet.packetId == TSG_PACKET_TYPE_QUARENC_RESPONSE) &&
1634 (SwitchValue == TSG_PACKET_TYPE_QUARENC_RESPONSE))
1636 UINT32 PacketQuarResponsePtr = 0;
1638 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketQuarResponsePtr, TRUE))
1641 if (!tsg_ndr_read_quarenc_response(tsg->log, pdu->s, &index,
1642 &packet.tsgPacket.packetQuarEncResponse))
1645 if (!tsg_ndr_read_quarenc_data(tsg->log, pdu->s, &index,
1646 &packet.tsgPacket.packetQuarEncResponse))
1649 if (!tsg_ndr_read_tunnel_context(tsg->log, pdu->s, tunnelContext, tunnelId))
1654 WLog_Print(tsg->log, WLOG_ERROR,
1655 "Unexpected PacketId: 0x%08" PRIX32
", Expected TSG_PACKET_TYPE_CAPS_RESPONSE "
1656 "or TSG_PACKET_TYPE_QUARENC_RESPONSE",
1677 static BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg,
CONTEXT_HANDLE* tunnelContext)
1685 if (!tsg || !tsg->rpc || !tunnelContext || !tsg->MachineName)
1688 count = _wcslen(tsg->MachineName) + 1;
1689 if (count > UINT32_MAX)
1693 WLog_Print(tsg->log, WLOG_DEBUG,
"TsProxyAuthorizeTunnelWriteRequest");
1694 s = Stream_New(NULL, 1024 + count * 2);
1699 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1701 Stream_Free(s, TRUE);
1707 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST);
1708 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST);
1709 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
1711 Stream_Write_UINT32(s, 0x00000000);
1712 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
1714 Stream_Write_UINT32(s, (UINT32)count);
1715 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
1717 Stream_Write_UINT32(s, 0);
1719 if (!tsg_ndr_write_string(tsg->log, s, tsg->MachineName, count))
1722 offset = Stream_GetPosition(s);
1723 pad = rpc_offset_align(&offset, 4);
1724 Stream_Zero(s, pad);
1725 Stream_Write_UINT32(s, 0x00000000);
1726 Stream_SealLength(s);
1727 return rpc_client_write_call(rpc, s, TsProxyAuthorizeTunnelOpnum);
1729 Stream_Free(s, TRUE);
1733 static UINT32 tsg_redir_to_flags(
const TSG_REDIRECTION_FLAGS* redirect)
1736 if (redirect->enableAllRedirections)
1737 flags |= HTTP_TUNNEL_REDIR_ENABLE_ALL;
1738 if (redirect->disableAllRedirections)
1739 flags |= HTTP_TUNNEL_REDIR_DISABLE_ALL;
1741 if (redirect->driveRedirectionDisabled)
1742 flags |= HTTP_TUNNEL_REDIR_DISABLE_DRIVE;
1743 if (redirect->printerRedirectionDisabled)
1744 flags |= HTTP_TUNNEL_REDIR_DISABLE_PRINTER;
1745 if (redirect->portRedirectionDisabled)
1746 flags |= HTTP_TUNNEL_REDIR_DISABLE_PORT;
1747 if (redirect->clipboardRedirectionDisabled)
1748 flags |= HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD;
1749 if (redirect->pnpRedirectionDisabled)
1750 flags |= HTTP_TUNNEL_REDIR_DISABLE_PNP;
1754 static BOOL tsg_redirect_apply(rdpTsg* tsg,
const TSG_REDIRECTION_FLAGS* redirect)
1757 WINPR_ASSERT(redirect);
1759 rdpTransport* transport = tsg->transport;
1760 WINPR_ASSERT(transport);
1762 rdpContext* context = transport_get_context(transport);
1763 UINT32 redirFlags = tsg_redir_to_flags(redirect);
1764 return utils_apply_gateway_policy(tsg->log, context, redirFlags,
"TSG");
1767 static BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg,
const RPC_PDU* pdu)
1770 UINT32 SwitchValue = 0;
1772 TSG_PACKET packet = { 0 };
1773 UINT32 PacketPtr = 0;
1774 UINT32 PacketResponsePtr = 0;
1779 wLog* log = tsg->log;
1782 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketPtr, TRUE))
1785 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
1787 Stream_Read_UINT32(pdu->s, packet.packetId);
1788 Stream_Read_UINT32(pdu->s, SwitchValue);
1790 WLog_Print(log, WLOG_DEBUG,
"%s", tsg_packet_id_to_string(packet.packetId));
1792 if (packet.packetId == E_PROXY_NAP_ACCESSDENIED)
1794 WLog_Print(log, WLOG_ERROR,
"status: E_PROXY_NAP_ACCESSDENIED (0x%08X)",
1795 E_PROXY_NAP_ACCESSDENIED);
1796 WLog_Print(log, WLOG_ERROR,
1797 "Ensure that the Gateway Connection Authorization Policy is correct");
1801 if ((packet.packetId != TSG_PACKET_TYPE_RESPONSE) || (SwitchValue != TSG_PACKET_TYPE_RESPONSE))
1803 WLog_Print(log, WLOG_ERROR,
1804 "Unexpected PacketId: 0x%08" PRIX32
", Expected TSG_PACKET_TYPE_RESPONSE",
1809 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketResponsePtr, TRUE))
1812 if (!tsg_ndr_read_packet_response(log, pdu->s, &index, &packet.tsgPacket.packetResponse))
1817 if (packet.tsgPacket.packetResponse.flags & TSG_PACKET_TYPE_QUARREQUEST)
1818 rc = tsg_redirect_apply(tsg, &packet.tsgPacket.packetResponse.redirectionFlags);
1834 static BOOL TsProxyMakeTunnelCallWriteRequest(rdpTsg* tsg,
CONTEXT_HANDLE* tunnelContext,
1840 if (!tsg || !tsg->rpc || !tunnelContext)
1844 WLog_Print(tsg->log, WLOG_DEBUG,
"TsProxyMakeTunnelCallWriteRequest");
1845 s = Stream_New(NULL, 40);
1852 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1854 Stream_Write_UINT32(s, procId);
1856 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET);
1857 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET);
1858 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
1860 Stream_Write_UINT32(s, 0x00000001);
1861 return rpc_client_write_call(rpc, s, TsProxyMakeTunnelCallOpnum);
1863 Stream_Free(s, TRUE);
1867 static BOOL TsProxyReadPacketSTringMessage(rdpTsg* tsg,
wStream* s, TSG_PACKET_STRING_MESSAGE* msg)
1869 UINT32 ConsentMessagePtr = 0;
1873 if (!tsg || !s || !msg)
1876 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, s, 32))
1879 if (!tsg_ndr_pointer_read(tsg->log, s, &index, &ConsentMessagePtr, TRUE))
1882 Stream_Read_INT32(s, msg->isDisplayMandatory);
1883 Stream_Read_INT32(s, msg->isConsentMandatory);
1884 Stream_Read_UINT32(s, msg->msgBytes);
1886 if (!tsg_ndr_pointer_read(tsg->log, s, &index, &MsgPtr, TRUE))
1889 return tsg_ndr_read_string(tsg->log, s, &msg->msgBuffer, msg->msgBytes);
1892 static BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg,
const RPC_PDU* pdu)
1896 UINT32 SwitchValue = 0;
1898 rdpContext* context = NULL;
1899 char* messageText = NULL;
1900 TSG_PACKET_MSG_RESPONSE packetMsgResponse = { 0 };
1901 TSG_PACKET_STRING_MESSAGE packetStringMessage = { 0 };
1902 TSG_PACKET_REAUTH_MESSAGE packetReauthMessage = { 0 };
1903 UINT32 PacketPtr = 0;
1904 UINT32 PacketMsgResponsePtr = 0;
1907 WINPR_ASSERT(tsg->rpc);
1909 context = transport_get_context(tsg->rpc->transport);
1910 WINPR_ASSERT(context);
1917 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 28))
1920 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1923 Stream_Read_UINT32(pdu->s, packet.packetId);
1924 Stream_Read_UINT32(pdu->s, SwitchValue);
1926 WLog_Print(tsg->log, WLOG_DEBUG,
"%s", tsg_packet_id_to_string(packet.packetId));
1928 if ((packet.packetId != TSG_PACKET_TYPE_MESSAGE_PACKET) ||
1929 (SwitchValue != TSG_PACKET_TYPE_MESSAGE_PACKET))
1931 WLog_Print(tsg->log, WLOG_ERROR,
1932 "Unexpected PacketId: 0x%08" PRIX32
", Expected TSG_PACKET_TYPE_MESSAGE_PACKET",
1937 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketMsgResponsePtr, TRUE))
1940 Stream_Read_UINT32(pdu->s, packetMsgResponse.msgID);
1941 Stream_Read_UINT32(pdu->s, packetMsgResponse.msgType);
1942 Stream_Read_INT32(pdu->s, packetMsgResponse.isMsgPresent);
1945 if (!packetMsgResponse.isMsgPresent)
1951 Stream_Read_UINT32(pdu->s, SwitchValue);
1953 switch (SwitchValue)
1955 case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
1956 if (!TsProxyReadPacketSTringMessage(tsg, pdu->s, &packetStringMessage))
1959 messageText = ConvertWCharNToUtf8Alloc(
1960 packetStringMessage.msgBuffer, packetStringMessage.msgBytes /
sizeof(WCHAR), NULL);
1961 WLog_Print(tsg->log, WLOG_INFO,
"Consent Message: %s", messageText);
1964 if (context->instance)
1966 rc = IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1967 GATEWAY_MESSAGE_CONSENT,
1968 packetStringMessage.isDisplayMandatory != 0,
1969 packetStringMessage.isConsentMandatory != 0,
1970 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1977 case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
1978 if (!TsProxyReadPacketSTringMessage(tsg, pdu->s, &packetStringMessage))
1981 messageText = ConvertWCharNToUtf8Alloc(
1982 packetStringMessage.msgBuffer, packetStringMessage.msgBytes /
sizeof(WCHAR), NULL);
1983 WLog_Print(tsg->log, WLOG_INFO,
"Service Message: %s", messageText);
1986 if (context->instance)
1988 rc = IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1989 GATEWAY_MESSAGE_SERVICE,
1990 packetStringMessage.isDisplayMandatory != 0,
1991 packetStringMessage.isConsentMandatory != 0,
1992 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1998 case TSG_ASYNC_MESSAGE_REAUTH:
2000 UINT32 ReauthMessagePtr = 0;
2001 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 20))
2004 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &ReauthMessagePtr, TRUE))
2006 Stream_Seek_UINT32(pdu->s);
2007 Stream_Read_UINT64(pdu->s,
2008 packetReauthMessage.tunnelContext);
2009 Stream_Seek_UINT32(pdu->s);
2010 tsg->ReauthTunnelContext = packetReauthMessage.tunnelContext;
2015 WLog_Print(tsg->log, WLOG_ERROR,
"unexpected message type: %" PRIu32
"", SwitchValue);
2035 static BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg,
CONTEXT_HANDLE* tunnelContext)
2038 WINPR_ASSERT(tunnelContext);
2040 WLog_Print(tsg->log, WLOG_DEBUG,
"TsProxyCreateChannelWriteRequest");
2042 if (!tsg->rpc || !tsg->Hostname)
2045 rdpRpc* rpc = tsg->rpc;
2046 const size_t count = _wcslen(tsg->Hostname) + 1;
2047 if (count > UINT32_MAX)
2050 wStream* s = Stream_New(NULL, 60 + count * 2);
2055 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2060 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2062 Stream_Write_UINT32(s, 0x00000001);
2063 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 0))
2065 Stream_Write_UINT16(s, 0x0000);
2066 Stream_Write_UINT16(s, 0x0000);
2068 Stream_Write_UINT16(s, 0x0003);
2069 Stream_Write_UINT16(s, tsg->Port);
2070 Stream_Write_UINT32(s, 0x00000001);
2071 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2073 if (!tsg_ndr_write_string(tsg->log, s, tsg->Hostname, (UINT32)count))
2075 return rpc_client_write_call(rpc, s, TsProxyCreateChannelOpnum);
2078 Stream_Free(s, TRUE);
2082 static BOOL TsProxyCreateChannelReadResponse(wLog* log,
const RPC_PDU* pdu,
2089 WINPR_ASSERT(channelId);
2091 WLog_Print(log, WLOG_DEBUG,
"TsProxyCreateChannelReadResponse");
2093 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 28))
2097 if (!TsProxyReadTunnelContext(log, pdu->s, channelContext))
2099 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, pdu->s, 2,
sizeof(UINT32)))
2101 Stream_Read_UINT32(pdu->s, *channelId);
2102 Stream_Seek_UINT32(pdu->s);
2114 static BOOL TsProxyCloseChannelWriteRequest(rdpTsg* tsg,
CONTEXT_HANDLE* context)
2117 WINPR_ASSERT(context);
2119 WLog_Print(tsg->log, WLOG_DEBUG,
"TsProxyCloseChannelWriteRequest");
2121 rdpRpc* rpc = tsg->rpc;
2124 wStream* s = Stream_New(NULL, 20);
2130 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2132 return rpc_client_write_call(rpc, s, TsProxyCloseChannelOpnum);
2134 Stream_Free(s, TRUE);
2141 WLog_Print(log, WLOG_DEBUG,
"TsProxyCloseChannelReadResponse");
2146 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2150 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2154 const size_t len =
sizeof(UINT32);
2155 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2157 Stream_Seek(pdu->s, len);
2170 static BOOL TsProxyCloseTunnelWriteRequest(rdpTsg* tsg,
const CONTEXT_HANDLE* context)
2173 WINPR_ASSERT(context);
2175 WLog_Print(tsg->log, WLOG_DEBUG,
"TsProxyCloseTunnelWriteRequest");
2177 rdpRpc* rpc = tsg->rpc;
2180 wStream* s = Stream_New(NULL, 20);
2186 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2188 return rpc_client_write_call(rpc, s, TsProxyCloseTunnelOpnum);
2190 Stream_Free(s, TRUE);
2200 WINPR_ASSERT(context);
2202 WLog_Print(log, WLOG_DEBUG,
"TsProxyCloseTunnelReadResponse");
2204 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2208 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2211 const size_t len =
sizeof(UINT32);
2212 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2214 Stream_Seek(pdu->s, len);
2229 static BOOL TsProxySetupReceivePipeWriteRequest(rdpTsg* tsg,
const CONTEXT_HANDLE* channelContext)
2233 WLog_Print(tsg->log, WLOG_DEBUG,
"TsProxySetupReceivePipeWriteRequest");
2236 WINPR_ASSERT(tsg->rpc);
2238 if (!channelContext)
2242 s = Stream_New(NULL, 20);
2248 if (!TsProxyWriteTunnelContext(tsg->log, s, channelContext))
2250 return rpc_client_write_call(rpc, s, TsProxySetupReceivePipeOpnum);
2252 Stream_Free(s, TRUE);
2256 static BOOL tsg_transition_to_state(rdpTsg* tsg, TSG_STATE state)
2259 const char* oldState = tsg_state_to_string(tsg->state);
2260 const char* newState = tsg_state_to_string(state);
2262 WLog_Print(tsg->log, WLOG_DEBUG,
"%s -> %s", oldState, newState);
2263 return tsg_set_state(tsg, state);
2266 static BOOL tsg_initialize_version_caps(TSG_PACKET_VERSIONCAPS* packetVersionCaps)
2268 WINPR_ASSERT(packetVersionCaps);
2270 packetVersionCaps->tsgHeader.ComponentId = TS_GATEWAY_TRANSPORT;
2271 packetVersionCaps->tsgHeader.PacketId = TSG_PACKET_TYPE_VERSIONCAPS;
2272 packetVersionCaps->numCapabilities = 1;
2273 packetVersionCaps->majorVersion = 1;
2274 packetVersionCaps->minorVersion = 1;
2275 packetVersionCaps->quarantineCapabilities = 0;
2276 packetVersionCaps->tsgCaps.capabilityType = TSG_CAPABILITY_TYPE_NAP;
2286 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities =
2287 TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT |
2288 TSG_MESSAGING_CAP_CONSENT_SIGN | TSG_MESSAGING_CAP_SERVICE_MSG | TSG_MESSAGING_CAP_REAUTH;
2292 BOOL tsg_proxy_begin(rdpTsg* tsg)
2294 TSG_PACKET tsgPacket = { 0 };
2298 tsgPacket.packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2299 if (!tsg_initialize_version_caps(&tsgPacket.tsgPacket.packetVersionCaps) ||
2300 !TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2302 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCreateTunnel failure");
2303 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2307 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2310 static BOOL tsg_proxy_reauth(rdpTsg* tsg)
2312 TSG_PACKET tsgPacket = { 0 };
2316 tsg->reauthSequence = TRUE;
2317 TSG_PACKET_REAUTH* packetReauth = &tsgPacket.tsgPacket.packetReauth;
2319 tsgPacket.packetId = TSG_PACKET_TYPE_REAUTH;
2320 packetReauth->tunnelContext = tsg->ReauthTunnelContext;
2321 packetReauth->packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2323 if (!tsg_initialize_version_caps(&packetReauth->tsgInitialPacket.packetVersionCaps))
2326 if (!TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2328 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCreateTunnel failure");
2329 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2333 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2334 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2336 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyMakeTunnelCall failure");
2337 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2341 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2344 BOOL tsg_recv_pdu(rdpTsg* tsg,
const RPC_PDU* pdu)
2352 WINPR_ASSERT(tsg->rpc);
2356 if (!(pdu->Flags & RPC_PDU_FLAG_STUB))
2358 const size_t len = 24;
2359 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, len))
2361 Stream_Seek(pdu->s, len);
2366 case TSG_STATE_INITIAL:
2369 TunnelContext = (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2371 if (!TsProxyCreateTunnelReadResponse(tsg, pdu, TunnelContext, &tsg->TunnelId))
2373 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCreateTunnelReadResponse failure");
2377 if (!tsg_transition_to_state(tsg, TSG_STATE_CONNECTED))
2380 if (!TsProxyAuthorizeTunnelWriteRequest(tsg, TunnelContext))
2382 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyAuthorizeTunnel failure");
2390 case TSG_STATE_CONNECTED:
2393 (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2395 if (!TsProxyAuthorizeTunnelReadResponse(tsg, pdu))
2397 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyAuthorizeTunnelReadResponse failure");
2401 if (!tsg_transition_to_state(tsg, TSG_STATE_AUTHORIZED))
2404 if (!tsg->reauthSequence)
2406 if (!TsProxyMakeTunnelCallWriteRequest(tsg, TunnelContext,
2407 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2409 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyMakeTunnelCall failure");
2414 if (!TsProxyCreateChannelWriteRequest(tsg, TunnelContext))
2416 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCreateChannel failure");
2424 case TSG_STATE_AUTHORIZED:
2425 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2430 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2432 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2434 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyMakeTunnelCallReadResponse failure");
2440 else if (call->OpNum == TsProxyCreateChannelOpnum)
2444 if (!TsProxyCreateChannelReadResponse(tsg->log, pdu, &ChannelContext,
2447 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCreateChannelReadResponse failure");
2451 if (!tsg->reauthSequence)
2452 CopyMemory(&tsg->ChannelContext, &ChannelContext,
sizeof(
CONTEXT_HANDLE));
2454 CopyMemory(&tsg->NewChannelContext, &ChannelContext,
sizeof(
CONTEXT_HANDLE));
2456 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CREATED))
2459 if (!tsg->reauthSequence)
2461 if (!TsProxySetupReceivePipeWriteRequest(tsg, &tsg->ChannelContext))
2463 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxySetupReceivePipe failure");
2469 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->NewChannelContext))
2471 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCloseChannelWriteRequest failure");
2475 if (!TsProxyCloseTunnelWriteRequest(tsg, &tsg->NewTunnelContext))
2477 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCloseTunnelWriteRequest failure");
2482 rc = tsg_transition_to_state(tsg, TSG_STATE_PIPE_CREATED);
2483 tsg->reauthSequence = FALSE;
2487 WLog_Print(tsg->log, WLOG_ERROR,
2488 "TSG_STATE_AUTHORIZED unexpected OpNum: %" PRIu32
"\n", call->OpNum);
2493 case TSG_STATE_CHANNEL_CREATED:
2496 case TSG_STATE_PIPE_CREATED:
2497 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2502 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2504 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2506 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyMakeTunnelCallReadResponse failure");
2512 if (tsg->ReauthTunnelContext)
2513 rc = tsg_proxy_reauth(tsg);
2515 else if (call->OpNum == TsProxyCloseChannelOpnum)
2519 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2521 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCloseChannelReadResponse failure");
2527 else if (call->OpNum == TsProxyCloseTunnelOpnum)
2531 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2533 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCloseTunnelReadResponse failure");
2542 case TSG_STATE_TUNNEL_CLOSE_PENDING:
2546 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2548 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCloseChannelReadResponse failure");
2552 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING))
2555 if (!TsProxyCloseChannelWriteRequest(tsg, NULL))
2557 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCloseChannelWriteRequest failure");
2561 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2562 TSG_TUNNEL_CANCEL_ASYNC_MSG_REQUEST))
2564 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyMakeTunnelCall failure");
2572 case TSG_STATE_CHANNEL_CLOSE_PENDING:
2576 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2578 WLog_Print(tsg->log, WLOG_ERROR,
"TsProxyCloseTunnelReadResponse failure");
2582 rc = tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2586 case TSG_STATE_FINAL:
2595 BOOL tsg_check_event_handles(rdpTsg* tsg)
2598 if (rpc_client_in_channel_recv(tsg->rpc) < 0)
2601 if (rpc_client_out_channel_recv(tsg->rpc) < 0)
2607 DWORD tsg_get_event_handles(rdpTsg* tsg, HANDLE* events, DWORD count)
2610 rdpRpc* rpc = tsg->rpc;
2613 if (events && (nCount < count))
2615 events[nCount] = rpc->client->PipeEvent;
2621 if (connection->DefaultInChannel && connection->DefaultInChannel->common.tls)
2623 if (events && (nCount < count))
2625 BIO_get_event(connection->DefaultInChannel->common.tls->bio, &events[nCount]);
2632 if (connection->NonDefaultInChannel && connection->NonDefaultInChannel->common.tls)
2634 if (events && (nCount < count))
2636 BIO_get_event(connection->NonDefaultInChannel->common.tls->bio, &events[nCount]);
2643 if (connection->DefaultOutChannel && connection->DefaultOutChannel->common.tls)
2645 if (events && (nCount < count))
2647 BIO_get_event(connection->DefaultOutChannel->common.tls->bio, &events[nCount]);
2654 if (connection->NonDefaultOutChannel && connection->NonDefaultOutChannel->common.tls)
2656 if (events && (nCount < count))
2658 BIO_get_event(connection->NonDefaultOutChannel->common.tls->bio, &events[nCount]);
2668 static BOOL tsg_set_hostname(rdpTsg* tsg,
const char* hostname)
2671 free(tsg->Hostname);
2672 tsg->Hostname = ConvertUtf8ToWCharAlloc(hostname, NULL);
2673 return tsg->Hostname != NULL;
2676 static BOOL tsg_set_machine_name(rdpTsg* tsg,
const char* machineName)
2679 free(tsg->MachineName);
2680 tsg->MachineName = ConvertUtf8ToWCharAlloc(machineName, NULL);
2681 return tsg->MachineName != NULL;
2684 BOOL tsg_connect(rdpTsg* tsg,
const char* hostname, UINT16 port, DWORD timeout)
2686 UINT64 looptimeout = timeout * 1000ULL;
2688 HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 };
2690 rdpContext* context = NULL;
2691 rdpSettings* settings = NULL;
2692 rdpTransport* transport = NULL;
2699 transport = rpc->transport;
2700 context = transport_get_context(transport);
2701 WINPR_ASSERT(context);
2703 settings = context->settings;
2706 tsg->transport = transport;
2708 if (!settings->GatewayPort)
2709 settings->GatewayPort = 443;
2711 if (!tsg_set_hostname(tsg, hostname))
2714 if (!tsg_set_machine_name(tsg, settings->ComputerName))
2717 if (!rpc_connect(rpc, timeout))
2719 WLog_Print(tsg->log, WLOG_ERROR,
"rpc_connect error!");
2723 nCount = tsg_get_event_handles(tsg, events, ARRAYSIZE(events));
2728 while (tsg->state != TSG_STATE_PIPE_CREATED)
2730 const DWORD polltimeout = 250;
2731 DWORD status = WaitForMultipleObjects(nCount, events, FALSE, polltimeout);
2732 if (status == WAIT_TIMEOUT)
2736 if (looptimeout < polltimeout)
2738 looptimeout -= polltimeout;
2742 looptimeout = timeout * 1000ULL;
2744 if (!tsg_check_event_handles(tsg))
2746 WLog_Print(tsg->log, WLOG_ERROR,
"tsg_check failure");
2747 transport_set_layer(transport, TRANSPORT_LAYER_CLOSED);
2752 WLog_Print(tsg->log, WLOG_INFO,
"TS Gateway Connection Success");
2753 tsg->bio = BIO_new(BIO_s_tsg());
2758 BIO_set_data(tsg->bio, (
void*)tsg);
2762 BOOL tsg_disconnect(rdpTsg* tsg)
2786 if (tsg->state != TSG_STATE_TUNNEL_CLOSE_PENDING)
2788 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->ChannelContext))
2791 return tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING);
2807 static int tsg_read(rdpTsg* tsg, BYTE* data,
size_t length)
2817 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
2819 WLog_Print(tsg->log, WLOG_ERROR,
"tsg_read error: connection lost");
2825 status = rpc_client_receive_pipe_read(rpc->client, data, length);
2830 if (!status && !transport_get_blocking(rpc->transport))
2833 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
2835 WLog_Print(tsg->log, WLOG_ERROR,
"tsg_read error: connection lost");
2842 if (transport_get_blocking(rpc->transport))
2844 while (WaitForSingleObject(rpc->client->PipeEvent, 0) != WAIT_OBJECT_0)
2846 if (!tsg_check_event_handles(tsg))
2849 (void)WaitForSingleObject(rpc->client->PipeEvent, 100);
2852 }
while (transport_get_blocking(rpc->transport));
2857 static int tsg_write(rdpTsg* tsg,
const BYTE* data, UINT32 length)
2861 if (!tsg || !data || !tsg->rpc || !tsg->rpc->transport)
2864 if (transport_get_layer(tsg->rpc->transport) == TRANSPORT_LAYER_CLOSED)
2866 WLog_Print(tsg->log, WLOG_ERROR,
"error, connection lost");
2870 status = TsProxySendToServer((handle_t)tsg, data, 1, &length);
2878 rdpTsg* tsg_new(rdpTransport* transport)
2880 rdpTsg* tsg = (rdpTsg*)calloc(1,
sizeof(rdpTsg));
2884 tsg->log = WLog_Get(TAG);
2885 tsg->transport = transport;
2886 tsg->rpc = rpc_new(tsg->transport);
2897 void tsg_free(rdpTsg* tsg)
2902 free(tsg->Hostname);
2903 free(tsg->MachineName);
2908 static int transport_bio_tsg_write(BIO* bio,
const char* buf,
int num)
2911 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2912 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
2916 status = tsg_write(tsg, (
const BYTE*)buf, (UINT32)num);
2920 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2923 else if (status == 0)
2925 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2926 WSASetLastError(WSAEWOULDBLOCK);
2930 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2933 return status >= 0 ? status : -1;
2936 static int transport_bio_tsg_read(BIO* bio,
char* buf,
int size)
2939 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2941 if (!tsg || (size < 0))
2943 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2947 BIO_clear_flags(bio, BIO_FLAGS_READ);
2948 status = tsg_read(tsg, (BYTE*)buf, (
size_t)size);
2952 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2955 else if (status == 0)
2957 BIO_set_flags(bio, BIO_FLAGS_READ);
2958 WSASetLastError(WSAEWOULDBLOCK);
2962 BIO_set_flags(bio, BIO_FLAGS_READ);
2965 return status > 0 ? status : -1;
2968 static int transport_bio_tsg_puts(BIO* bio,
const char* str)
2976 static int transport_bio_tsg_gets(BIO* bio,
char* str,
int size)
2984 static long transport_bio_tsg_ctrl(BIO* bio,
int cmd,
long arg1,
void* arg2)
2987 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2989 RpcInChannel* inChannel = connection->DefaultInChannel;
2994 case BIO_CTRL_FLUSH:
2995 (void)BIO_flush(inChannel->common.tls->bio);
2996 (void)BIO_flush(outChannel->common.tls->bio);
3000 case BIO_C_GET_EVENT:
3003 *((HANDLE*)arg2) = tsg->rpc->client->PipeEvent;
3009 case BIO_C_SET_NONBLOCK:
3013 case BIO_C_READ_BLOCKED:
3015 BIO* cbio = outChannel->common.bio;
3016 status = BIO_read_blocked(cbio);
3020 case BIO_C_WRITE_BLOCKED:
3022 BIO* cbio = inChannel->common.bio;
3023 status = BIO_write_blocked(cbio);
3027 case BIO_C_WAIT_READ:
3029 int timeout = (int)arg1;
3030 BIO* cbio = outChannel->common.bio;
3032 if (BIO_read_blocked(cbio))
3033 return BIO_wait_read(cbio, timeout);
3034 else if (BIO_write_blocked(cbio))
3035 return BIO_wait_write(cbio, timeout);
3041 case BIO_C_WAIT_WRITE:
3043 int timeout = (int)arg1;
3044 BIO* cbio = inChannel->common.bio;
3046 if (BIO_write_blocked(cbio))
3047 status = BIO_wait_write(cbio, timeout);
3048 else if (BIO_read_blocked(cbio))
3049 status = BIO_wait_read(cbio, timeout);
3054 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
3055 case BIO_CTRL_GET_KTLS_SEND:
3058 case BIO_CTRL_GET_KTLS_RECV:
3069 static int transport_bio_tsg_new(BIO* bio)
3072 BIO_set_init(bio, 1);
3073 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3077 static int transport_bio_tsg_free(BIO* bio)
3084 BIO_METHOD* BIO_s_tsg(
void)
3086 static BIO_METHOD* bio_methods = NULL;
3088 if (bio_methods == NULL)
3090 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG,
"TSGateway")))
3093 BIO_meth_set_write(bio_methods, transport_bio_tsg_write);
3094 BIO_meth_set_read(bio_methods, transport_bio_tsg_read);
3095 BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts);
3096 BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets);
3097 BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl);
3098 BIO_meth_set_create(bio_methods, transport_bio_tsg_new);
3099 BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free);
3105 TSG_STATE tsg_get_state(rdpTsg* tsg)
3108 return TSG_STATE_INITIAL;
3113 BIO* tsg_get_bio(rdpTsg* tsg)
3121 BOOL tsg_set_state(rdpTsg* tsg, TSG_STATE state)
1.9.1