FreeRDP
Loading...
Searching...
No Matches
tsg.c
1
23#include <freerdp/config.h>
24
25#include "../settings.h"
26
27#include <winpr/assert.h>
28#include <winpr/crt.h>
29#include <winpr/error.h>
30#include <winpr/print.h>
31#include <winpr/stream.h>
32
33#include <freerdp/log.h>
34
35#include "rpc_bind.h"
36#include "rpc_client.h"
37#include "tsg.h"
38#include "../utils.h"
39#include "../../crypto/opensslcompat.h"
40
41#define TAG FREERDP_TAG("core.gateway.tsg")
42
43#define TSG_CAPABILITY_TYPE_NAP 0x00000001
44
45#define TSG_PACKET_TYPE_HEADER 0x00004844
46#define TSG_PACKET_TYPE_VERSIONCAPS 0x00005643
47#define TSG_PACKET_TYPE_QUARCONFIGREQUEST 0x00005143
48#define TSG_PACKET_TYPE_QUARREQUEST 0x00005152
49#define TSG_PACKET_TYPE_RESPONSE 0x00005052
50#define TSG_PACKET_TYPE_QUARENC_RESPONSE 0x00004552
51#define TSG_PACKET_TYPE_CAPS_RESPONSE 0x00004350
52#define TSG_PACKET_TYPE_MSGREQUEST_PACKET 0x00004752
53#define TSG_PACKET_TYPE_MESSAGE_PACKET 0x00004750
54#define TSG_PACKET_TYPE_AUTH 0x00004054
55#define TSG_PACKET_TYPE_REAUTH 0x00005250
56
57typedef WCHAR* RESOURCENAME;
58
59typedef struct
60{
61 RESOURCENAME* resourceName;
62 UINT32 numResourceNames;
63 RESOURCENAME* alternateResourceNames;
64 UINT16 numAlternateResourceNames;
65 UINT32 Port;
66} TSENDPOINTINFO;
67
68typedef struct
69{
70 UINT16 ComponentId;
71 UINT16 PacketId;
72} TSG_PACKET_HEADER;
73
74typedef struct
75{
76 UINT32 capabilities;
77} TSG_CAPABILITY_NAP;
78
79typedef union
80{
81 TSG_CAPABILITY_NAP tsgCapNap;
82} TSG_CAPABILITIES_UNION;
83
84typedef struct
85{
86 UINT32 capabilityType;
87 TSG_CAPABILITIES_UNION tsgPacket;
88} TSG_PACKET_CAPABILITIES;
89
90typedef struct
91{
92 TSG_PACKET_HEADER tsgHeader;
93 TSG_PACKET_CAPABILITIES tsgCaps;
94 UINT32 numCapabilities;
95 UINT16 majorVersion;
96 UINT16 minorVersion;
97 UINT16 quarantineCapabilities;
98} TSG_PACKET_VERSIONCAPS;
99
100typedef struct
101{
102 UINT32 flags;
103} TSG_PACKET_QUARCONFIGREQUEST;
104
105typedef struct
106{
107 UINT32 flags;
108 WCHAR* machineName;
109 UINT32 nameLength;
110 BYTE* data;
111 UINT32 dataLen;
112} TSG_PACKET_QUARREQUEST;
113
114typedef struct
115{
116 BOOL enableAllRedirections;
117 BOOL disableAllRedirections;
118 BOOL driveRedirectionDisabled;
119 BOOL printerRedirectionDisabled;
120 BOOL portRedirectionDisabled;
121 BOOL reserved;
122 BOOL clipboardRedirectionDisabled;
123 BOOL pnpRedirectionDisabled;
124} TSG_REDIRECTION_FLAGS;
125
126typedef struct
127{
128 UINT32 flags;
129 UINT32 reserved;
130 const BYTE* responseData;
131 UINT32 responseDataLen;
132 TSG_REDIRECTION_FLAGS redirectionFlags;
133} TSG_PACKET_RESPONSE;
134
135typedef struct
136{
137 UINT32 flags;
138 UINT32 certChainLen;
139 WCHAR* certChainData;
140 GUID nonce;
141 TSG_PACKET_VERSIONCAPS versionCaps;
142} TSG_PACKET_QUARENC_RESPONSE;
143
144typedef struct
145{
146 INT32 isDisplayMandatory;
147 INT32 isConsentMandatory;
148 UINT32 msgBytes;
149 WCHAR* msgBuffer;
150} TSG_PACKET_STRING_MESSAGE;
151
152typedef struct
153{
154 UINT64 tunnelContext;
155} TSG_PACKET_REAUTH_MESSAGE;
156
157typedef struct
158{
159 UINT32 msgID;
160 UINT32 msgType;
161 INT32 isMsgPresent;
162} TSG_PACKET_MSG_RESPONSE;
163
164typedef struct
165{
166 TSG_PACKET_QUARENC_RESPONSE pktQuarEncResponse;
167 TSG_PACKET_MSG_RESPONSE pktConsentMessage;
168} TSG_PACKET_CAPS_RESPONSE;
169
170typedef struct
171{
172 UINT32 maxMessagesPerBatch;
173} TSG_PACKET_MSG_REQUEST;
174
175typedef struct
176{
177 TSG_PACKET_VERSIONCAPS tsgVersionCaps;
178 UINT32 cookieLen;
179 BYTE* cookie;
180} TSG_PACKET_AUTH;
181
182typedef union
183{
184 TSG_PACKET_VERSIONCAPS packetVersionCaps;
185 TSG_PACKET_AUTH packetAuth;
186} TSG_INITIAL_PACKET_TYPE_UNION;
187
188typedef struct
189{
190 UINT64 tunnelContext;
191 UINT32 packetId;
192 TSG_INITIAL_PACKET_TYPE_UNION tsgInitialPacket;
193} TSG_PACKET_REAUTH;
194
195typedef union
196{
197 TSG_PACKET_HEADER packetHeader;
198 TSG_PACKET_VERSIONCAPS packetVersionCaps;
199 TSG_PACKET_QUARCONFIGREQUEST packetQuarConfigRequest;
200 TSG_PACKET_QUARREQUEST packetQuarRequest;
201 TSG_PACKET_RESPONSE packetResponse;
202 TSG_PACKET_QUARENC_RESPONSE packetQuarEncResponse;
203 TSG_PACKET_CAPS_RESPONSE packetCapsResponse;
204 TSG_PACKET_MSG_REQUEST packetMsgRequest;
205 TSG_PACKET_MSG_RESPONSE packetMsgResponse;
206 TSG_PACKET_AUTH packetAuth;
207 TSG_PACKET_REAUTH packetReauth;
208} TSG_PACKET_TYPE_UNION;
209
210typedef struct
211{
212 UINT32 packetId;
213 TSG_PACKET_TYPE_UNION tsgPacket;
214} TSG_PACKET;
215
216struct rdp_tsg
217{
218 BIO* bio;
219 rdpRpc* rpc;
220 UINT16 Port;
221 LPWSTR Hostname;
222 TSG_STATE state;
223 UINT32 TunnelId;
224 UINT32 ChannelId;
225 BOOL reauthSequence;
226 rdpTransport* transport;
227 UINT64 ReauthTunnelContext;
228 CONTEXT_HANDLE TunnelContext;
229 CONTEXT_HANDLE ChannelContext;
230 CONTEXT_HANDLE NewTunnelContext;
231 CONTEXT_HANDLE NewChannelContext;
232 wLog* log;
233 TSG_PACKET_QUARENC_RESPONSE CapsResponse;
234 TSG_PACKET_QUARREQUEST QuarreQuest;
235};
236
237static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
238 TSG_PACKET_STRING_MESSAGE* msg);
239static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align);
240
241static const char* tsg_caps_to_string(UINT32 caps, char* buffer, size_t len)
242{
243 const UINT32 mask = ~(TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT |
244 TSG_MESSAGING_CAP_CONSENT_SIGN | TSG_MESSAGING_CAP_SERVICE_MSG |
245 TSG_MESSAGING_CAP_REAUTH);
246 const UINT32 val = caps & mask;
247
248 if ((caps & TSG_NAP_CAPABILITY_QUAR_SOH) != 0)
249 (void)winpr_str_append("TSG_NAP_CAPABILITY_QUAR_SOH", buffer, len, "|");
250 if ((caps & TSG_NAP_CAPABILITY_IDLE_TIMEOUT) != 0)
251 (void)winpr_str_append("TSG_NAP_CAPABILITY_IDLE_TIMEOUT", buffer, len, "|");
252 if ((caps & TSG_MESSAGING_CAP_CONSENT_SIGN) != 0)
253 (void)winpr_str_append("TSG_MESSAGING_CAP_CONSENT_SIGN", buffer, len, "|");
254 if ((caps & TSG_MESSAGING_CAP_SERVICE_MSG) != 0)
255 (void)winpr_str_append("TSG_MESSAGING_CAP_SERVICE_MSG", buffer, len, "|");
256 if ((caps & TSG_MESSAGING_CAP_REAUTH) != 0)
257 (void)winpr_str_append("TSG_MESSAGING_CAP_REAUTH", buffer, len, "|");
258
259 if (val != 0)
260 {
261 char number[32] = { 0 };
262 (void)_snprintf(number, sizeof(number), "TSG_UNKNOWN{0x%08" PRIx32 "}", val);
263 (void)winpr_str_append(number, buffer, len, "|");
264 }
265
266 return buffer;
267}
268
269static const char* tsg_packet_id_to_string(UINT32 packetId)
270{
271 switch (packetId)
272 {
273 case TSG_PACKET_TYPE_HEADER:
274 return "TSG_PACKET_TYPE_HEADER";
275 case TSG_PACKET_TYPE_VERSIONCAPS:
276 return "TSG_PACKET_TYPE_VERSIONCAPS";
277 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
278 return "TSG_PACKET_TYPE_QUARCONFIGREQUEST";
279 case TSG_PACKET_TYPE_QUARREQUEST:
280 return "TSG_PACKET_TYPE_QUARREQUEST";
281 case TSG_PACKET_TYPE_RESPONSE:
282 return "TSG_PACKET_TYPE_RESPONSE";
283 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
284 return "TSG_PACKET_TYPE_QUARENC_RESPONSE";
285 case TSG_CAPABILITY_TYPE_NAP:
286 return "TSG_CAPABILITY_TYPE_NAP";
287 case TSG_PACKET_TYPE_CAPS_RESPONSE:
288 return "TSG_PACKET_TYPE_CAPS_RESPONSE";
289 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
290 return "TSG_PACKET_TYPE_MSGREQUEST_PACKET";
291 case TSG_PACKET_TYPE_MESSAGE_PACKET:
292 return "TSG_PACKET_TYPE_MESSAGE_PACKET";
293 case TSG_PACKET_TYPE_AUTH:
294 return "TSG_PACKET_TYPE_AUTH";
295 case TSG_PACKET_TYPE_REAUTH:
296 return "TSG_PACKET_TYPE_REAUTH";
297 default:
298 return "UNKNOWN";
299 }
300}
301
302static const char* tsg_component_id_to_string(UINT16 ComponentId, char* buffer, size_t bytelen)
303{
304 const char* str = NULL;
305
306#define ENTRY(x) \
307 case x: \
308 str = #x; \
309 break
310 switch (ComponentId)
311 {
312 ENTRY(TS_GATEWAY_TRANSPORT);
313 default:
314 str = "TS_UNKNOWN";
315 break;
316 }
317#undef ENTRY
318
319 (void)_snprintf(buffer, bytelen, "%s [0x%04" PRIx16 "]", str, ComponentId);
320 return buffer;
321}
322
323static const char* tsg_state_to_string(TSG_STATE state)
324{
325 switch (state)
326 {
327 case TSG_STATE_INITIAL:
328 return "TSG_STATE_INITIAL";
329 case TSG_STATE_CONNECTED:
330 return "TSG_STATE_CONNECTED";
331 case TSG_STATE_AUTHORIZED:
332 return "TSG_STATE_AUTHORIZED";
333 case TSG_STATE_CHANNEL_CREATED:
334 return "TSG_STATE_CHANNEL_CREATED";
335 case TSG_STATE_PIPE_CREATED:
336 return "TSG_STATE_PIPE_CREATED";
337 case TSG_STATE_TUNNEL_CLOSE_PENDING:
338 return "TSG_STATE_TUNNEL_CLOSE_PENDING";
339 case TSG_STATE_CHANNEL_CLOSE_PENDING:
340 return "TSG_STATE_CHANNEL_CLOSE_PENDING";
341 case TSG_STATE_FINAL:
342 return "TSG_STATE_FINAL";
343 default:
344 return "TSG_STATE_UNKNOWN";
345 }
346}
347
348static BOOL TsProxyReadTunnelContext(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext)
349{
350 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 20))
351 return FALSE;
352
353 WINPR_ASSERT(tunnelContext);
354 Stream_Read_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
355 Stream_Read(s, &tunnelContext->ContextUuid,
356 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
357 return TRUE;
358}
359
360static BOOL TsProxyWriteTunnelContext(WINPR_ATTR_UNUSED wLog* log, wStream* s,
361 const CONTEXT_HANDLE* tunnelContext)
362{
363 if (!Stream_EnsureRemainingCapacity(s, 20))
364 return FALSE;
365
366 Stream_Write_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
367 Stream_Write(s, &tunnelContext->ContextUuid,
368 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
369 return TRUE;
370}
371
372static BOOL tsg_ndr_pointer_write(WINPR_ATTR_UNUSED wLog* log, wStream* s, UINT32* index,
373 DWORD length)
374{
375 WINPR_ASSERT(index);
376 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
377
378 if (!s)
379 return FALSE;
380 if (!Stream_EnsureRemainingCapacity(s, 4))
381 return FALSE;
382
383 if (length > 0)
384 {
385 Stream_Write_UINT32(s, ndrPtr); /* mszGroupsNdrPtr (4 bytes) */
386 (*index) = (*index) + 1;
387 }
388 else
389 Stream_Write_UINT32(s, 0);
390 return TRUE;
391}
392
393static BOOL tsg_ndr_pointer_read(wLog* log, wStream* s, UINT32* index, UINT32* ptrval,
394 BOOL required)
395{
396 WINPR_ASSERT(index);
397 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
398
399 if (!s)
400 return FALSE;
401 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
402 return FALSE;
403
404 const DWORD val = Stream_Get_UINT32(s);
405 if (ptrval)
406 *ptrval = val;
407
408 if (val != 0)
409 {
410 if (val != ndrPtr)
411 {
412 WLog_Print(log, WLOG_WARN, "Read NDR pointer 0x%04" PRIx32 " but expected 0x%04" PRIx32,
413 val, ndrPtr);
414 if ((val & 0xFFFF0000) != (ndrPtr & 0xFFFF0000))
415 return FALSE;
416 }
417 (*index)++;
418 }
419 else if (required)
420 {
421 WLog_Print(log, WLOG_ERROR, "NDR pointer == 0, but the field is required");
422 return FALSE;
423 }
424
425 return TRUE;
426}
427
428static BOOL tsg_ndr_write_conformant_array(WINPR_ATTR_UNUSED wLog* log, wStream* s,
429 const void* data, size_t length)
430{
431 const size_t pad = length % 4;
432 if ((length > UINT32_MAX) || !Stream_EnsureRemainingCapacity(s, 4ull + length))
433 return FALSE;
434
435 Stream_Write_UINT32(s, WINPR_ASSERTING_INT_CAST(uint32_t, length)); /* MaxCount (4 bytes) */
436 Stream_Write(s, data, length);
437 if (pad != 0)
438 Stream_Zero(s, 4 - pad);
439
440 return TRUE;
441}
442
443static BOOL tsg_ndr_write_string(WINPR_ATTR_UNUSED wLog* log, wStream* s, const WCHAR* str,
444 size_t length)
445{
446 const size_t pad = (length % 2) * sizeof(WCHAR);
447 if ((length > UINT32_MAX) ||
448 !Stream_EnsureRemainingCapacity(s, 12ull + length * sizeof(WCHAR) + pad))
449 return FALSE;
450
451 Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */
452 Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */
453 Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */
454 Stream_Write_UTF16_String(s, str, length); /* Array */
455 Stream_Zero(s, pad);
456 return TRUE;
457}
458
459static BOOL tsg_ndr_read_string(wLog* log, wStream* s, WCHAR** str, UINT32 lengthInBytes)
460{
461 UINT32 MaxCount = 0;
462 UINT32 Offset = 0;
463 UINT32 ActualCount = 0;
464
465 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
466 return FALSE;
467
468 Stream_Read_UINT32(s, MaxCount); /* MaxCount (4 bytes) */
469 Stream_Read_UINT32(s, Offset); /* Offset (4 bytes) */
470 Stream_Read_UINT32(s, ActualCount); /* ActualCount (4 bytes) */
471 if (ActualCount > MaxCount)
472 {
473 WLog_Print(log, WLOG_ERROR,
474 "failed to read string, ActualCount (%" PRIu32 ") > MaxCount (%" PRIu32 ")",
475 ActualCount, MaxCount);
476 return FALSE;
477 }
478 if (Offset != 0)
479 {
480 WLog_Print(log, WLOG_ERROR, "Unsupported Offset (%" PRIu32 "), expected 0", Offset);
481 return FALSE;
482 }
483 if (ActualCount > lengthInBytes / sizeof(WCHAR))
484 {
485 WLog_Print(log, WLOG_ERROR,
486 "failed to read string, ActualCount (%" PRIu32
487 ") * sizeof(WCHAR) > lengthInBytes (%" PRIu32 ")",
488 ActualCount, lengthInBytes);
489 return FALSE;
490 }
491 if (str)
492 *str = Stream_PointerAs(s, WCHAR);
493
494 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, ActualCount * sizeof(WCHAR)))
495 return FALSE;
496 Stream_Seek(s, ActualCount * sizeof(WCHAR));
497
498 const size_t pad = (ActualCount % 2);
499 return Stream_SafeSeek(s, pad * sizeof(WCHAR));
500}
501
502static BOOL tsg_ndr_read_packet_header(wLog* log, wStream* s, TSG_PACKET_HEADER* header)
503{
504 const UINT32 ComponentId = TS_GATEWAY_TRANSPORT;
505
506 WINPR_ASSERT(header);
507 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2, sizeof(UINT16)))
508 return FALSE;
509 Stream_Read_UINT16(s, header->ComponentId);
510 Stream_Read_UINT16(s, header->PacketId);
511
512 if (ComponentId != header->ComponentId)
513 {
514 char buffer[64] = { 0 };
515 char buffer2[64] = { 0 };
516 WLog_Print(log, WLOG_ERROR, "Unexpected ComponentId: %s, Expected %s",
517 tsg_component_id_to_string(header->ComponentId, buffer, sizeof(buffer)),
518 tsg_component_id_to_string(ComponentId, buffer2, sizeof(buffer2)));
519 return FALSE;
520 }
521
522 return TRUE;
523}
524
525static BOOL tsg_ndr_write_packet_header(WINPR_ATTR_UNUSED wLog* log, wStream* s,
526 const TSG_PACKET_HEADER* header)
527{
528 WINPR_ASSERT(header);
529 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT16)))
530 return FALSE;
531 Stream_Write_UINT16(s, header->ComponentId);
532 Stream_Write_UINT16(s, header->PacketId);
533 return TRUE;
534}
535
536static BOOL tsg_ndr_read_nap(wLog* log, wStream* s, TSG_CAPABILITY_NAP* nap)
537{
538 WINPR_ASSERT(nap);
539
540 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
541 return FALSE;
542 Stream_Read_UINT32(s, nap->capabilities);
543 {
544 char buffer[256] = { 0 };
545 WLog_Print(log, WLOG_DEBUG, "Received version caps %s",
546 tsg_caps_to_string(nap->capabilities, buffer, sizeof(buffer)));
547 }
548 return TRUE;
549}
550
551static BOOL tsg_ndr_write_nap(wLog* log, wStream* s, const TSG_CAPABILITY_NAP* nap)
552{
553 WINPR_ASSERT(nap);
554
555 if (!Stream_EnsureRemainingCapacity(s, 1 * sizeof(UINT32)))
556 return FALSE;
557
558 {
559 char buffer[256] = { 0 };
560 WLog_Print(log, WLOG_DEBUG, "Sending version caps %s",
561 tsg_caps_to_string(nap->capabilities, buffer, sizeof(buffer)));
562 }
563 Stream_Write_UINT32(s, nap->capabilities);
564 return TRUE;
565}
566
567static BOOL tsg_ndr_read_tsg_caps(wLog* log, wStream* s, TSG_PACKET_CAPABILITIES* caps)
568{
569 UINT32 capabilityType = 0;
570 UINT32 count = 0;
571 WINPR_ASSERT(caps);
572
573 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 3, sizeof(UINT32)))
574 return FALSE;
575 Stream_Read_UINT32(s, count);
576 Stream_Read_UINT32(s, capabilityType);
577 Stream_Read_UINT32(s, caps->capabilityType);
578 if (capabilityType != caps->capabilityType)
579 {
580 WLog_Print(log, WLOG_ERROR,
581 "Inconsistent data, capabilityType 0x%08" PRIx32 " != 0x%08" PRIx32,
582 capabilityType, caps->capabilityType);
583 return FALSE;
584 }
585 switch (caps->capabilityType)
586 {
587 case TSG_CAPABILITY_TYPE_NAP:
588 if (count < 1)
589 {
590 WLog_Print(log, WLOG_ERROR, "Inconsistent data, capabilityType %s count=%" PRIu32,
591 tsg_packet_id_to_string(capabilityType), count);
592 return FALSE;
593 }
594 return tsg_ndr_read_nap(log, s, &caps->tsgPacket.tsgCapNap);
595 default:
596 WLog_Print(log, WLOG_ERROR,
597 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32
598 " [count=%" PRIu32 "]",
599 caps->capabilityType, count);
600 return FALSE;
601 }
602}
603
604static BOOL tsg_ndr_write_tsg_caps(wLog* log, wStream* s, const TSG_PACKET_CAPABILITIES* caps)
605{
606 WINPR_ASSERT(caps);
607
608 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT32)))
609 return FALSE;
610 Stream_Write_UINT32(s, caps->capabilityType);
611 Stream_Write_UINT32(s, caps->capabilityType);
612
613 switch (caps->capabilityType)
614 {
615 case TSG_CAPABILITY_TYPE_NAP:
616 return tsg_ndr_write_nap(log, s, &caps->tsgPacket.tsgCapNap);
617 default:
618 WLog_Print(log, WLOG_ERROR,
619 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32,
620 caps->capabilityType);
621 return FALSE;
622 }
623}
624
625static BOOL tsg_ndr_read_version_caps(wLog* log, wStream* s, UINT32* index,
626 TSG_PACKET_VERSIONCAPS* caps)
627{
628 WINPR_ASSERT(caps);
629 if (!tsg_ndr_read_packet_header(log, s, &caps->tsgHeader))
630 return FALSE;
631
632 UINT32 TSGCapsPtr = 0;
633 if (!tsg_ndr_pointer_read(log, s, index, &TSGCapsPtr, TRUE))
634 return FALSE;
635
636 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 10))
637 return FALSE;
638 Stream_Read_UINT32(s, caps->numCapabilities);
639 Stream_Read_UINT16(s, caps->majorVersion);
640 Stream_Read_UINT16(s, caps->minorVersion);
641 Stream_Read_UINT16(s, caps->quarantineCapabilities);
642 /* 4-byte alignment */
643 if (!tsg_stream_align(log, s, 4))
644 return FALSE;
645
646 if (caps->numCapabilities > 1)
647 {
648 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
649 caps->numCapabilities);
650 return FALSE;
651 }
652
653 return tsg_ndr_read_tsg_caps(log, s, &caps->tsgCaps);
654}
655
656static BOOL tsg_ndr_write_version_caps(wLog* log, wStream* s, UINT32* index,
657 const TSG_PACKET_VERSIONCAPS* caps)
658{
659 WINPR_ASSERT(caps);
660 if (!tsg_ndr_write_packet_header(log, s, &caps->tsgHeader))
661 return FALSE;
662
663 if (!tsg_ndr_pointer_write(log, s, index, 1)) /* TsgCapsPtr (4 bytes) */
664 return FALSE;
665
666 if (!Stream_EnsureRemainingCapacity(s, 10))
667 return FALSE;
668
669 if (caps->numCapabilities > 1)
670 {
671 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
672 caps->numCapabilities);
673 return FALSE;
674 }
675 Stream_Write_UINT32(s, caps->numCapabilities);
676 Stream_Write_UINT16(s, caps->majorVersion);
677 Stream_Write_UINT16(s, caps->minorVersion);
678 Stream_Write_UINT16(s, caps->quarantineCapabilities);
679
680 /* 4-byte alignment (30 + 2) */
681 Stream_Write_UINT16(s, 0x0000); /* pad (2 bytes) */
682 Stream_Write_UINT32(s, caps->numCapabilities); /* MaxCount (4 bytes) */
683 return tsg_ndr_write_tsg_caps(log, s, &caps->tsgCaps);
684}
685
686static BOOL tsg_ndr_read_quarenc_response(wLog* log, wStream* s, UINT32* index,
687 TSG_PACKET_QUARENC_RESPONSE* quarenc)
688{
689 WINPR_ASSERT(quarenc);
690 UINT32 CertChainDataPtr = 0;
691 UINT32 VersionCapsPtr = 0;
692
693 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
694 return FALSE;
695 Stream_Read_UINT32(s, quarenc->flags);
696 Stream_Read_UINT32(s, quarenc->certChainLen);
697
698 if (!tsg_ndr_pointer_read(log, s, index, &CertChainDataPtr, quarenc->certChainLen != 0))
699 return FALSE;
700
701 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(quarenc->nonce)))
702 return FALSE;
703 Stream_Read(s, &quarenc->nonce, sizeof(quarenc->nonce));
704
705 if (!tsg_ndr_pointer_read(log, s, index, &VersionCapsPtr, TRUE))
706 return FALSE;
707
708 return TRUE;
709}
710
711static BOOL tsg_ndr_read_quarenc_data(wLog* log, wStream* s, UINT32* index,
712 TSG_PACKET_QUARENC_RESPONSE* quarenc)
713{
714 WINPR_ASSERT(quarenc);
715
716 if (quarenc->certChainLen > 0)
717 {
718 /* [MS-TSGU] 2.2.9.2.1.6 TSG_PACKET_QUARENC_RESPONSE::certChainLen number of WCHAR */
719 if (!tsg_ndr_read_string(log, s, &quarenc->certChainData,
720 quarenc->certChainLen * sizeof(WCHAR)))
721 return FALSE;
722 /* 4-byte alignment */
723 if (!tsg_stream_align(log, s, 4))
724 return FALSE;
725 }
726
727 return tsg_ndr_read_version_caps(log, s, index, &quarenc->versionCaps);
728}
729
730static BOOL tsg_ndr_write_auth(wLog* log, wStream* s, UINT32* index, const TSG_PACKET_AUTH* auth)
731{
732 WINPR_ASSERT(auth);
733
734 if (!tsg_ndr_write_version_caps(log, s, index, &auth->tsgVersionCaps))
735 return FALSE;
736
737 if (!Stream_EnsureRemainingCapacity(s, 4))
738 return FALSE;
739
740 Stream_Write_UINT32(s, auth->cookieLen);
741 if (!tsg_ndr_pointer_write(log, s, index, auth->cookieLen))
742 return FALSE;
743
744 if (!Stream_EnsureRemainingCapacity(s, auth->cookieLen))
745 return FALSE;
746 Stream_Write(s, auth->cookie, auth->cookieLen);
747 return TRUE;
748}
749
750static BOOL tsg_ndr_write_reauth(wLog* log, wStream* s, UINT32* index,
751 const TSG_PACKET_REAUTH* auth)
752{
753 WINPR_ASSERT(auth);
754
755 if (!Stream_EnsureRemainingCapacity(s, 12))
756 return FALSE;
757
758 Stream_Write_UINT64(s, auth->tunnelContext); /* TunnelContext (8 bytes) */
759 Stream_Write_UINT32(s, auth->packetId); /* PacketId (4 bytes) */
760
761 switch (auth->packetId)
762 {
763 case TSG_PACKET_TYPE_VERSIONCAPS:
764 return tsg_ndr_write_version_caps(log, s, index,
765 &auth->tsgInitialPacket.packetVersionCaps);
766 case TSG_PACKET_TYPE_AUTH:
767 return tsg_ndr_write_auth(log, s, index, &auth->tsgInitialPacket.packetAuth);
768 default:
769 WLog_Print(log, WLOG_ERROR, "unexpected packetId %s",
770 tsg_packet_id_to_string(auth->packetId));
771 return FALSE;
772 }
773}
774
775static BOOL tsg_ndr_read_packet_redirection_flags(wLog* log, wStream* s,
776 TSG_REDIRECTION_FLAGS* redirectionFlags)
777{
778 WINPR_ASSERT(redirectionFlags);
779
780 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 8, sizeof(UINT32)))
781 return FALSE;
782
783 redirectionFlags->enableAllRedirections =
784 Stream_Get_INT32(s); /* EnableAllRedirections (4 bytes) */
785 redirectionFlags->disableAllRedirections =
786 Stream_Get_INT32(s); /* DisableAllRedirections (4 bytes) */
787 redirectionFlags->driveRedirectionDisabled =
788 Stream_Get_INT32(s); /* DriveRedirectionDisabled (4 bytes) */
789 redirectionFlags->printerRedirectionDisabled =
790 Stream_Get_INT32(s); /* PrinterRedirectionDisabled (4 bytes) */
791 redirectionFlags->portRedirectionDisabled =
792 Stream_Get_INT32(s); /* PortRedirectionDisabled (4 bytes) */
793 redirectionFlags->reserved = Stream_Get_INT32(s); /* Reserved (4 bytes) */
794 redirectionFlags->clipboardRedirectionDisabled =
795 Stream_Get_INT32(s); /* ClipboardRedirectionDisabled (4 bytes) */
796 redirectionFlags->pnpRedirectionDisabled =
797 Stream_Get_INT32(s); /* PnpRedirectionDisabled (4 bytes) */
798 return TRUE;
799}
800
801WINPR_ATTR_FORMAT_ARG(3, 4)
802static BOOL tsg_print(char** buffer, size_t* len, WINPR_FORMAT_ARG const char* fmt, ...)
803{
804 int rc = 0;
805 va_list ap = { 0 };
806 if (!buffer || !len || !fmt)
807 return FALSE;
808 va_start(ap, fmt);
809 rc = vsnprintf(*buffer, *len, fmt, ap);
810 va_end(ap);
811 if ((rc < 0) || ((size_t)rc > *len))
812 return FALSE;
813 *len -= (size_t)rc;
814 *buffer += (size_t)rc;
815 return TRUE;
816}
817
818static BOOL tsg_packet_header_to_string(char** buffer, size_t* length,
819 const TSG_PACKET_HEADER* header)
820{
821 WINPR_ASSERT(buffer);
822 WINPR_ASSERT(length);
823 WINPR_ASSERT(header);
824
825 return tsg_print(buffer, length,
826 "header { ComponentId=0x%04" PRIx16 ", PacketId=0x%04" PRIx16 " }",
827 header->ComponentId, header->PacketId);
828}
829
830static BOOL tsg_type_capability_nap_to_string(char** buffer, size_t* length,
831 const TSG_CAPABILITY_NAP* cur)
832{
833 WINPR_ASSERT(buffer);
834 WINPR_ASSERT(length);
835 WINPR_ASSERT(cur);
836
837 return tsg_print(buffer, length, "%s { capabilities=0x%08" PRIx32 " }",
838 tsg_packet_id_to_string(TSG_CAPABILITY_TYPE_NAP), cur->capabilities);
839}
840
841static BOOL tsg_packet_capabilities_to_string(char** buffer, size_t* length,
842 const TSG_PACKET_CAPABILITIES* caps, UINT32 numCaps)
843{
844 WINPR_ASSERT(buffer);
845 WINPR_ASSERT(length);
846 WINPR_ASSERT(caps);
847
848 if (!tsg_print(buffer, length, "capabilities { "))
849 return FALSE;
850
851 for (UINT32 x = 0; x < numCaps; x++)
852 {
853 const TSG_PACKET_CAPABILITIES* cur = &caps[x];
854 switch (cur->capabilityType)
855 {
856 case TSG_CAPABILITY_TYPE_NAP:
857 if (!tsg_type_capability_nap_to_string(buffer, length, &cur->tsgPacket.tsgCapNap))
858 return FALSE;
859 break;
860 default:
861 if (!tsg_print(buffer, length, "TSG_UNKNOWN_CAPABILITY"))
862 return FALSE;
863 break;
864 }
865 }
866 return tsg_print(buffer, length, " }");
867}
868
869static BOOL tsg_packet_versioncaps_to_string(char** buffer, size_t* length,
870 const TSG_PACKET_VERSIONCAPS* caps)
871{
872 WINPR_ASSERT(buffer);
873 WINPR_ASSERT(length);
874 WINPR_ASSERT(caps);
875
876 if (!tsg_print(buffer, length, "versioncaps { "))
877 return FALSE;
878 if (!tsg_packet_header_to_string(buffer, length, &caps->tsgHeader))
879 return FALSE;
880
881 if (!tsg_print(buffer, length, " "))
882 return FALSE;
883
884 if (caps->numCapabilities > 1)
885 {
886 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
887 caps->numCapabilities);
888 return FALSE;
889 }
890
891 if (!tsg_packet_capabilities_to_string(buffer, length, &caps->tsgCaps, caps->numCapabilities))
892 return FALSE;
893
894 if (!tsg_print(buffer, length,
895 " numCapabilities=0x%08" PRIx32 ", majorVersion=0x%04" PRIx16
896 ", minorVersion=0x%04" PRIx16 ", quarantineCapabilities=0x%04" PRIx16,
897 caps->numCapabilities, caps->majorVersion, caps->minorVersion,
898 caps->quarantineCapabilities))
899 return FALSE;
900
901 return tsg_print(buffer, length, " }");
902}
903
904static BOOL tsg_packet_quarconfigrequest_to_string(char** buffer, size_t* length,
905 const TSG_PACKET_QUARCONFIGREQUEST* caps)
906{
907 WINPR_ASSERT(buffer);
908 WINPR_ASSERT(length);
909 WINPR_ASSERT(caps);
910
911 if (!tsg_print(buffer, length, "quarconfigrequest { "))
912 return FALSE;
913
914 if (!tsg_print(buffer, length, " "))
915 return FALSE;
916
917 if (!tsg_print(buffer, length, " flags=0x%08" PRIx32, caps->flags))
918 return FALSE;
919
920 return tsg_print(buffer, length, " }");
921}
922
923static BOOL tsg_packet_quarrequest_to_string(char** buffer, size_t* length,
924 const TSG_PACKET_QUARREQUEST* caps)
925{
926 BOOL rc = FALSE;
927 char* name = NULL;
928 char* strdata = NULL;
929
930 WINPR_ASSERT(buffer);
931 WINPR_ASSERT(length);
932 WINPR_ASSERT(caps);
933
934 if (!tsg_print(buffer, length, "quarrequest { "))
935 return FALSE;
936
937 if (!tsg_print(buffer, length, " "))
938 return FALSE;
939
940 if (caps->nameLength > 0)
941 {
942 if (caps->nameLength > INT_MAX)
943 return FALSE;
944 name = ConvertWCharNToUtf8Alloc(caps->machineName, caps->nameLength, NULL);
945 if (!name)
946 return FALSE;
947 }
948
949 strdata = winpr_BinToHexString(caps->data, caps->dataLen, TRUE);
950 if (strdata || (caps->dataLen == 0))
951 rc = tsg_print(buffer, length,
952 " flags=0x%08" PRIx32 ", machineName=%s [%" PRIu32 "], data[%" PRIu32 "]=%s",
953 caps->flags, name, caps->nameLength, caps->dataLen, strdata);
954 free(name);
955 free(strdata);
956 if (!rc)
957 return FALSE;
958
959 return tsg_print(buffer, length, " }");
960}
961
962static const char* tsg_bool_to_string(BOOL val)
963{
964 if (val)
965 return "true";
966 return "false";
967}
968
969static const char* tsg_redirection_flags_to_string(char* buffer, size_t size,
970 const TSG_REDIRECTION_FLAGS* flags)
971{
972 WINPR_ASSERT(buffer || (size == 0));
973 WINPR_ASSERT(flags);
974
975 (void)_snprintf(
976 buffer, size,
977 "enableAllRedirections=%s, disableAllRedirections=%s, driveRedirectionDisabled=%s, "
978 "printerRedirectionDisabled=%s, portRedirectionDisabled=%s, reserved=%s, "
979 "clipboardRedirectionDisabled=%s, pnpRedirectionDisabled=%s",
980 tsg_bool_to_string(flags->enableAllRedirections),
981 tsg_bool_to_string(flags->disableAllRedirections),
982 tsg_bool_to_string(flags->driveRedirectionDisabled),
983 tsg_bool_to_string(flags->printerRedirectionDisabled),
984 tsg_bool_to_string(flags->portRedirectionDisabled), tsg_bool_to_string(flags->reserved),
985 tsg_bool_to_string(flags->clipboardRedirectionDisabled),
986 tsg_bool_to_string(flags->pnpRedirectionDisabled));
987 return buffer;
988}
989
990static BOOL tsg_packet_response_to_string(char** buffer, size_t* length,
991 const TSG_PACKET_RESPONSE* caps)
992{
993 BOOL rc = FALSE;
994 char* strdata = NULL;
995 char tbuffer[8192] = { 0 };
996
997 WINPR_ASSERT(buffer);
998 WINPR_ASSERT(length);
999 WINPR_ASSERT(caps);
1000
1001 if (!tsg_print(buffer, length, "response { "))
1002 return FALSE;
1003
1004 if (!tsg_print(buffer, length, " "))
1005 return FALSE;
1006
1007 strdata = winpr_BinToHexString(caps->responseData, caps->responseDataLen, TRUE);
1008 if (strdata || (caps->responseDataLen == 0))
1009 rc = tsg_print(
1010 buffer, length,
1011 " flags=0x%08" PRIx32 ", reserved=0x%08" PRIx32 ", responseData[%" PRIu32
1012 "]=%s, redirectionFlags={ %s }",
1013 caps->flags, caps->reserved, caps->responseDataLen, strdata,
1014 tsg_redirection_flags_to_string(tbuffer, ARRAYSIZE(tbuffer), &caps->redirectionFlags));
1015 free(strdata);
1016 if (!rc)
1017 return FALSE;
1018
1019 return tsg_print(buffer, length, " }");
1020}
1021
1022static BOOL tsg_packet_quarenc_response_to_string(char** buffer, size_t* length,
1023 const TSG_PACKET_QUARENC_RESPONSE* caps)
1024{
1025 BOOL rc = FALSE;
1026 char* strdata = NULL;
1027 RPC_CSTR uuid = NULL;
1028 char tbuffer[8192] = { 0 };
1029 size_t size = ARRAYSIZE(tbuffer);
1030 char* ptbuffer = tbuffer;
1031
1032 WINPR_ASSERT(buffer);
1033 WINPR_ASSERT(length);
1034 WINPR_ASSERT(caps);
1035
1036 if (!tsg_print(buffer, length, "quarenc_response { "))
1037 return FALSE;
1038
1039 if (!tsg_print(buffer, length, " "))
1040 return FALSE;
1041
1042 if (caps->certChainLen > 0)
1043 {
1044 if (caps->certChainLen > INT_MAX)
1045 return FALSE;
1046 strdata = ConvertWCharNToUtf8Alloc(caps->certChainData, caps->certChainLen, NULL);
1047 if (!strdata)
1048 return FALSE;
1049 }
1050
1051 tsg_packet_versioncaps_to_string(&ptbuffer, &size, &caps->versionCaps);
1052 UuidToStringA(&caps->nonce, &uuid);
1053 if (strdata || (caps->certChainLen == 0))
1054 rc =
1055 tsg_print(buffer, length,
1056 " flags=0x%08" PRIx32 ", certChain[%" PRIu32 "]=%s, nonce=%s, versionCaps=%s",
1057 caps->flags, caps->certChainLen, strdata, uuid, tbuffer);
1058 free(strdata);
1059 RpcStringFreeA(&uuid);
1060 if (!rc)
1061 return FALSE;
1062
1063 return tsg_print(buffer, length, " }");
1064}
1065
1066static BOOL tsg_packet_message_response_to_string(char** buffer, size_t* length,
1067 const TSG_PACKET_MSG_RESPONSE* caps)
1068{
1069 WINPR_ASSERT(buffer);
1070 WINPR_ASSERT(length);
1071 WINPR_ASSERT(caps);
1072
1073 if (!tsg_print(buffer, length, "msg_response { "))
1074 return FALSE;
1075
1076 if (!tsg_print(buffer, length,
1077 " msgID=0x%08" PRIx32 ", msgType=0x%08" PRIx32 ", isMsgPresent=%" PRId32,
1078 caps->msgID, caps->msgType, caps->isMsgPresent))
1079 return FALSE;
1080
1081 return tsg_print(buffer, length, " }");
1082}
1083
1084static BOOL tsg_packet_caps_response_to_string(char** buffer, size_t* length,
1085 const TSG_PACKET_CAPS_RESPONSE* caps)
1086{
1087 WINPR_ASSERT(buffer);
1088 WINPR_ASSERT(length);
1089 WINPR_ASSERT(caps);
1090
1091 if (!tsg_print(buffer, length, "caps_response { "))
1092 return FALSE;
1093
1094 if (!tsg_packet_quarenc_response_to_string(buffer, length, &caps->pktQuarEncResponse))
1095 return FALSE;
1096
1097 if (!tsg_packet_message_response_to_string(buffer, length, &caps->pktConsentMessage))
1098 return FALSE;
1099
1100 return tsg_print(buffer, length, " }");
1101}
1102
1103static BOOL tsg_packet_message_request_to_string(char** buffer, size_t* length,
1104 const TSG_PACKET_MSG_REQUEST* caps)
1105{
1106 WINPR_ASSERT(buffer);
1107 WINPR_ASSERT(length);
1108 WINPR_ASSERT(caps);
1109
1110 if (!tsg_print(buffer, length, "caps_message_request { "))
1111 return FALSE;
1112
1113 if (!tsg_print(buffer, length, " maxMessagesPerBatch=%" PRIu32, caps->maxMessagesPerBatch))
1114 return FALSE;
1115
1116 return tsg_print(buffer, length, " }");
1117}
1118
1119static BOOL tsg_packet_auth_to_string(char** buffer, size_t* length, const TSG_PACKET_AUTH* caps)
1120{
1121 BOOL rc = FALSE;
1122 char* strdata = NULL;
1123 WINPR_ASSERT(buffer);
1124 WINPR_ASSERT(length);
1125 WINPR_ASSERT(caps);
1126
1127 if (!tsg_print(buffer, length, "caps_message_request { "))
1128 return FALSE;
1129
1130 if (!tsg_packet_versioncaps_to_string(buffer, length, &caps->tsgVersionCaps))
1131 return FALSE;
1132
1133 strdata = winpr_BinToHexString(caps->cookie, caps->cookieLen, TRUE);
1134 if (strdata || (caps->cookieLen == 0))
1135 rc = tsg_print(buffer, length, " cookie[%" PRIu32 "]=%s", caps->cookieLen, strdata);
1136 free(strdata);
1137 if (!rc)
1138 return FALSE;
1139
1140 return tsg_print(buffer, length, " }");
1141}
1142
1143static BOOL tsg_packet_reauth_to_string(char** buffer, size_t* length,
1144 const TSG_PACKET_REAUTH* caps)
1145{
1146 BOOL rc = FALSE;
1147 WINPR_ASSERT(buffer);
1148 WINPR_ASSERT(length);
1149 WINPR_ASSERT(caps);
1150
1151 if (!tsg_print(buffer, length, "caps_message_request { "))
1152 return FALSE;
1153
1154 if (!tsg_print(buffer, length, " tunnelContext=0x%016" PRIx64 ", packetId=%s [0x%08" PRIx32 "]",
1155 caps->tunnelContext, tsg_packet_id_to_string(caps->packetId), caps->packetId))
1156 return FALSE;
1157
1158 switch (caps->packetId)
1159 {
1160 case TSG_PACKET_TYPE_VERSIONCAPS:
1161 rc = tsg_packet_versioncaps_to_string(buffer, length,
1162 &caps->tsgInitialPacket.packetVersionCaps);
1163 break;
1164 case TSG_PACKET_TYPE_AUTH:
1165 rc = tsg_packet_auth_to_string(buffer, length, &caps->tsgInitialPacket.packetAuth);
1166 break;
1167 default:
1168 rc = tsg_print(buffer, length, "TODO: Unhandled packet type %s [0x%08" PRIx32 "]",
1169 tsg_packet_id_to_string(caps->packetId), caps->packetId);
1170 break;
1171 }
1172
1173 if (!rc)
1174 return FALSE;
1175
1176 return tsg_print(buffer, length, " }");
1177}
1178
1179static const char* tsg_packet_to_string(const TSG_PACKET* packet)
1180{
1181 size_t len = 8192;
1182 static char sbuffer[8193] = { 0 };
1183 char* buffer = sbuffer;
1184
1185 if (!tsg_print(&buffer, &len, "TSG_PACKET { packetId=%s [0x%08" PRIx32 "], ",
1186 tsg_packet_id_to_string(packet->packetId), packet->packetId))
1187 goto fail;
1188
1189 switch (packet->packetId)
1190 {
1191 case TSG_PACKET_TYPE_HEADER:
1192 if (!tsg_packet_header_to_string(&buffer, &len, &packet->tsgPacket.packetHeader))
1193 goto fail;
1194 break;
1195 case TSG_PACKET_TYPE_VERSIONCAPS:
1196 if (!tsg_packet_versioncaps_to_string(&buffer, &len,
1197 &packet->tsgPacket.packetVersionCaps))
1198 goto fail;
1199 break;
1200 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
1201 if (!tsg_packet_quarconfigrequest_to_string(&buffer, &len,
1202 &packet->tsgPacket.packetQuarConfigRequest))
1203 goto fail;
1204 break;
1205 case TSG_PACKET_TYPE_QUARREQUEST:
1206 if (!tsg_packet_quarrequest_to_string(&buffer, &len,
1207 &packet->tsgPacket.packetQuarRequest))
1208 goto fail;
1209 break;
1210 case TSG_PACKET_TYPE_RESPONSE:
1211 if (!tsg_packet_response_to_string(&buffer, &len, &packet->tsgPacket.packetResponse))
1212 goto fail;
1213 break;
1214 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
1215 if (!tsg_packet_quarenc_response_to_string(&buffer, &len,
1216 &packet->tsgPacket.packetQuarEncResponse))
1217 goto fail;
1218 break;
1219 case TSG_PACKET_TYPE_CAPS_RESPONSE:
1220 if (!tsg_packet_caps_response_to_string(&buffer, &len,
1221 &packet->tsgPacket.packetCapsResponse))
1222 goto fail;
1223 break;
1224 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
1225 if (!tsg_packet_message_request_to_string(&buffer, &len,
1226 &packet->tsgPacket.packetMsgRequest))
1227 goto fail;
1228 break;
1229 case TSG_PACKET_TYPE_MESSAGE_PACKET:
1230 if (!tsg_packet_message_response_to_string(&buffer, &len,
1231 &packet->tsgPacket.packetMsgResponse))
1232 goto fail;
1233 break;
1234 case TSG_PACKET_TYPE_AUTH:
1235 if (!tsg_packet_auth_to_string(&buffer, &len, &packet->tsgPacket.packetAuth))
1236 goto fail;
1237 break;
1238 case TSG_PACKET_TYPE_REAUTH:
1239 if (!tsg_packet_reauth_to_string(&buffer, &len, &packet->tsgPacket.packetReauth))
1240 goto fail;
1241 break;
1242 default:
1243 if (!tsg_print(&buffer, &len, "INVALID"))
1244 goto fail;
1245 break;
1246 }
1247
1248 if (!tsg_print(&buffer, &len, " }"))
1249 goto fail;
1250
1251fail:
1252 return sbuffer;
1253}
1254
1255static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align)
1256{
1257 size_t pos = 0;
1258 size_t offset = 0;
1259
1260 if (!s)
1261 return FALSE;
1262
1263 pos = Stream_GetPosition(s);
1264
1265 if ((pos % align) != 0)
1266 offset = align - pos % align;
1267
1268 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, offset))
1269 return FALSE;
1270 Stream_Seek(s, offset);
1271 return TRUE;
1272}
1273
1274static BIO_METHOD* BIO_s_tsg(void);
1311static int TsProxySendToServer(handle_t IDL_handle, const byte pRpcMessage[], UINT32 count,
1312 const UINT32* lengths)
1313{
1314 wStream* s = NULL;
1315 rdpTsg* tsg = NULL;
1316 size_t length = 0;
1317 const byte* buffer1 = NULL;
1318 const byte* buffer2 = NULL;
1319 const byte* buffer3 = NULL;
1320 UINT32 buffer1Length = 0;
1321 UINT32 buffer2Length = 0;
1322 UINT32 buffer3Length = 0;
1323 UINT32 numBuffers = 0;
1324 UINT32 totalDataBytes = 0;
1325 tsg = (rdpTsg*)IDL_handle;
1326 buffer1Length = buffer2Length = buffer3Length = 0;
1327
1328 if (count > 0)
1329 {
1330 numBuffers++;
1331 buffer1 = &pRpcMessage[0];
1332 buffer1Length = lengths[0];
1333 totalDataBytes += lengths[0] + 4;
1334 }
1335
1336 if (count > 1)
1337 {
1338 numBuffers++;
1339 buffer2 = &pRpcMessage[1];
1340 buffer2Length = lengths[1];
1341 totalDataBytes += lengths[1] + 4;
1342 }
1343
1344 if (count > 2)
1345 {
1346 numBuffers++;
1347 buffer3 = &pRpcMessage[2];
1348 buffer3Length = lengths[2];
1349 totalDataBytes += lengths[2] + 4;
1350 }
1351
1352 length = 28ull + totalDataBytes;
1353 if (length > INT_MAX)
1354 return -1;
1355 s = Stream_New(NULL, length);
1356
1357 if (!s)
1358 {
1359 WLog_Print(tsg->log, WLOG_ERROR, "Stream_New failed!");
1360 return -1;
1361 }
1362
1363 /* PCHANNEL_CONTEXT_HANDLE_NOSERIALIZE_NR (20 bytes) */
1364 if (!TsProxyWriteTunnelContext(tsg->log, s, &tsg->ChannelContext))
1365 goto fail;
1366 Stream_Write_UINT32_BE(s, totalDataBytes); /* totalDataBytes (4 bytes) */
1367 Stream_Write_UINT32_BE(s, numBuffers); /* numBuffers (4 bytes) */
1368
1369 if (buffer1Length > 0)
1370 Stream_Write_UINT32_BE(s, buffer1Length); /* buffer1Length (4 bytes) */
1371
1372 if (buffer2Length > 0)
1373 Stream_Write_UINT32_BE(s, buffer2Length); /* buffer2Length (4 bytes) */
1374
1375 if (buffer3Length > 0)
1376 Stream_Write_UINT32_BE(s, buffer3Length); /* buffer3Length (4 bytes) */
1377
1378 if (buffer1Length > 0)
1379 Stream_Write(s, buffer1, buffer1Length); /* buffer1 (variable) */
1380
1381 if (buffer2Length > 0)
1382 Stream_Write(s, buffer2, buffer2Length); /* buffer2 (variable) */
1383
1384 if (buffer3Length > 0)
1385 Stream_Write(s, buffer3, buffer3Length); /* buffer3 (variable) */
1386
1387 if (!rpc_client_write_call(tsg->rpc, s, TsProxySendToServerOpnum))
1388 return -1;
1389
1390 return (int)length;
1391fail:
1392 Stream_Free(s, TRUE);
1393 return -1;
1394}
1395
1407static BOOL TsProxyCreateTunnelWriteRequest(rdpTsg* tsg, const TSG_PACKET* tsgPacket)
1408{
1409 BOOL rc = FALSE;
1410 BOOL write = TRUE;
1411 UINT16 opnum = 0;
1412 wStream* s = NULL;
1413 rdpRpc* rpc = NULL;
1414
1415 if (!tsg || !tsg->rpc)
1416 return FALSE;
1417
1418 rpc = tsg->rpc;
1419 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_to_string(tsgPacket));
1420 s = Stream_New(NULL, 108);
1421
1422 if (!s)
1423 return FALSE;
1424
1425 switch (tsgPacket->packetId)
1426 {
1427 case TSG_PACKET_TYPE_VERSIONCAPS:
1428 {
1429 UINT32 index = 0;
1430 const TSG_PACKET_VERSIONCAPS* packetVersionCaps =
1431 &tsgPacket->tsgPacket.packetVersionCaps;
1432
1433 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1434 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1435 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketVersionCapsPtr (4 bytes) */
1436 goto fail;
1437
1438 if (!tsg_ndr_write_version_caps(tsg->log, s, &index, packetVersionCaps))
1439 goto fail;
1444 /*
1445 * 8-byte constant (8A E3 13 71 02 F4 36 71) also observed here:
1446 * http://lists.samba.org/archive/cifs-protocol/2010-July/001543.html
1447 */
1448 Stream_Write_UINT8(s, 0x8A);
1449 Stream_Write_UINT8(s, 0xE3);
1450 Stream_Write_UINT8(s, 0x13);
1451 Stream_Write_UINT8(s, 0x71);
1452 Stream_Write_UINT8(s, 0x02);
1453 Stream_Write_UINT8(s, 0xF4);
1454 Stream_Write_UINT8(s, 0x36);
1455 Stream_Write_UINT8(s, 0x71);
1456 Stream_Write_UINT32(s, 0x00040001); /* 1.4 (version?) */
1457 Stream_Write_UINT32(s, 0x00000001); /* 1 (element count?) */
1458 /* p_cont_list_t */
1459 Stream_Write_UINT8(s, 2); /* ncontext_elem */
1460 Stream_Write_UINT8(s, 0x40); /* reserved1 */
1461 Stream_Write_UINT16(s, 0x0028); /* reserved2 */
1462 /* p_syntax_id_t */
1463 Stream_Write(s, &TSGU_UUID, sizeof(p_uuid_t));
1464 Stream_Write_UINT32(s, TSGU_SYNTAX_IF_VERSION);
1465 /* p_syntax_id_t */
1466 Stream_Write(s, &NDR_UUID, sizeof(p_uuid_t));
1467 Stream_Write_UINT32(s, NDR_SYNTAX_IF_VERSION);
1468 opnum = TsProxyCreateTunnelOpnum;
1469 }
1470 break;
1471
1472 case TSG_PACKET_TYPE_REAUTH:
1473 {
1474 const TSG_PACKET_REAUTH* packetReauth = &tsgPacket->tsgPacket.packetReauth;
1475 UINT32 index = 0;
1476 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1477 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1478 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketReauthPtr (4 bytes) */
1479 goto fail;
1480 if (!tsg_ndr_write_reauth(tsg->log, s, &index, packetReauth))
1481 goto fail;
1482 opnum = TsProxyCreateTunnelOpnum;
1483 }
1484 break;
1485
1486 default:
1487 WLog_Print(tsg->log, WLOG_WARN, "unexpected packetId %s",
1488 tsg_packet_id_to_string(tsgPacket->packetId));
1489 write = FALSE;
1490 break;
1491 }
1492
1493 rc = TRUE;
1494
1495 if (write)
1496 return rpc_client_write_call(rpc, s, opnum);
1497fail:
1498 Stream_Free(s, TRUE);
1499 return rc;
1500}
1501
1502static BOOL tsg_ndr_read_consent_message(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1503 BOOL isMessagePresent)
1504{
1505 TSG_PACKET_STRING_MESSAGE packetStringMessage = { 0 };
1506
1507 WINPR_ASSERT(context);
1508 WINPR_ASSERT(index);
1509
1510 if (!TsProxyReadPacketSTringMessage(log, s, index, &packetStringMessage))
1511 return FALSE;
1512
1513 if (context->instance && isMessagePresent)
1514 {
1515 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1516 TSG_ASYNC_MESSAGE_CONSENT_MESSAGE ? GATEWAY_MESSAGE_CONSENT
1517 : TSG_ASYNC_MESSAGE_SERVICE_MESSAGE,
1518 packetStringMessage.isDisplayMandatory != 0,
1519 packetStringMessage.isConsentMandatory != 0,
1520 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1521 }
1522
1523 return TRUE;
1524}
1525
1526static BOOL tsg_ndr_read_tunnel_context(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext,
1527 UINT32* tunnelId)
1528{
1529 if (!tsg_stream_align(log, s, 4))
1530 return FALSE;
1531
1532 /* TunnelContext (20 bytes) */
1533 if (!TsProxyReadTunnelContext(log, s, tunnelContext))
1534 return FALSE;
1535
1536 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1537 return FALSE;
1538
1539 WINPR_ASSERT(tunnelId);
1540 Stream_Read_UINT32(s, *tunnelId); /* TunnelId (4 bytes) */
1541
1542 INT32 ReturnValue = 0;
1543 Stream_Read_INT32(s, ReturnValue); /* ReturnValue (4 bytes) */
1544 if (ReturnValue != NO_ERROR)
1545 WLog_WARN(TAG, "ReturnValue=%s", NtStatus2Tag(ReturnValue));
1546 return TRUE;
1547}
1548
1549static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(wLog* log, wStream* s,
1550 TSG_PACKET_MSG_RESPONSE* pkt)
1551{
1552
1553 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 16))
1554 return FALSE;
1555
1556 Stream_Read_UINT32(s, pkt->msgID); /* MsgId (4 bytes) */
1557 Stream_Read_UINT32(s, pkt->msgType); /* MsgType (4 bytes) */
1558 Stream_Read_INT32(s, pkt->isMsgPresent); /* IsMsgPresent (4 bytes) */
1559 const uint32_t SwitchValue = Stream_Get_UINT32(s); /* SwitchValue (4 bytes) */
1560
1561 if (pkt->msgType != SwitchValue)
1562 {
1563 WLog_ERR(TAG,
1564 "[MS-TSGU] 2.2.9.2.1.9 TSG_PACKET_MSG_RESPONSE MsgType[0x%08" PRIx32
1565 "] != MessageSwitchValue [0x%08" PRIx32 "]",
1566 pkt->msgType, SwitchValue);
1567 return FALSE;
1568 }
1569
1570 return TRUE;
1571}
1572
1573static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(wLog* log, rdpContext* context, wStream* s,
1574 uint32_t* index, uint32_t MsgPtr,
1575 const TSG_PACKET_MSG_RESPONSE* pkg,
1576 uint64_t* reauthContext)
1577{
1578 WINPR_ASSERT(pkg);
1579
1580 if (MsgPtr == 0)
1581 {
1582 WLog_Print(log, WLOG_DEBUG,
1583 "Message {0x%08" PRIx32 "} [%s]::isMsgPresent=%" PRId32 ", MsgPtr=0x%08" PRIx32,
1584 pkg->msgType, tsg_packet_id_to_string(pkg->msgType), pkg->isMsgPresent, MsgPtr);
1585 return TRUE;
1586 }
1587
1588 switch (pkg->msgType)
1589 {
1590 case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
1591 case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
1592 return tsg_ndr_read_consent_message(log, context, s, index, pkg->isMsgPresent);
1593
1594 case TSG_ASYNC_MESSAGE_REAUTH:
1595 {
1596 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1597 return FALSE;
1598
1599 WINPR_ASSERT(reauthContext);
1600 const uint64_t val = Stream_Get_UINT64(s); /* TunnelContext (8 bytes) */
1601 if (pkg->isMsgPresent != 0)
1602 *reauthContext = val;
1603 return TRUE;
1604 }
1605
1606 default:
1607 WLog_Print(log, WLOG_ERROR, "Unexpected Message Type: 0x%" PRIx32 "", pkg->msgType);
1608 return FALSE;
1609 }
1610}
1611
1612static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1613 UINT32 PacketPtr, TSG_PACKET_CAPS_RESPONSE* caps,
1614 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId,
1615 uint64_t* reauthContext)
1616{
1617 UINT32 PacketQuarResponsePtr = 0;
1618
1619 WINPR_ASSERT(context);
1620 WINPR_ASSERT(index);
1621 WINPR_ASSERT(caps);
1622 WINPR_ASSERT(reauthContext);
1623
1624 if (!tsg_ndr_pointer_read(log, s, index, &PacketQuarResponsePtr, TRUE))
1625 goto fail;
1626
1627 if (!tsg_ndr_read_quarenc_response(log, s, index, &caps->pktQuarEncResponse))
1628 goto fail;
1629
1630 if (PacketPtr)
1631 {
1632 TSG_PACKET_MSG_RESPONSE pkg = { 0 };
1633 UINT32 MsgPtr = 0;
1634
1635 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(log, s, &pkg))
1636 goto fail;
1637
1638 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, TRUE))
1639 return FALSE;
1640
1641 if (!tsg_ndr_read_quarenc_data(log, s, index, &caps->pktQuarEncResponse))
1642 goto fail;
1643
1644 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(log, context, s, index, MsgPtr, &pkg,
1645 reauthContext))
1646 goto fail;
1647 }
1648
1649 return tsg_ndr_read_tunnel_context(log, s, tunnelContext, tunnelId);
1650fail:
1651 return FALSE;
1652}
1653
1654static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu,
1655 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId)
1656{
1657 BOOL rc = FALSE;
1658 UINT32 index = 0;
1659 TSG_PACKET packet = { 0 };
1660 UINT32 SwitchValue = 0;
1661 rdpContext* context = NULL;
1662 UINT32 PacketPtr = 0;
1663
1664 WINPR_ASSERT(tsg);
1665 WINPR_ASSERT(tsg->rpc);
1666 WINPR_ASSERT(tsg->rpc->transport);
1667
1668 context = transport_get_context(tsg->rpc->transport);
1669 WINPR_ASSERT(context);
1670
1671 if (!pdu)
1672 return FALSE;
1673
1674 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1675 goto fail;
1676
1677 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 8))
1678 goto fail;
1679 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1680 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1681
1682 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1683
1684 if ((packet.packetId == TSG_PACKET_TYPE_CAPS_RESPONSE) &&
1685 (SwitchValue == TSG_PACKET_TYPE_CAPS_RESPONSE))
1686 {
1687 if (!tsg_ndr_read_caps_response(tsg->log, context, pdu->s, &index, PacketPtr,
1688 &packet.tsgPacket.packetCapsResponse, tunnelContext,
1689 tunnelId, &tsg->ReauthTunnelContext))
1690 goto fail;
1691 tsg->CapsResponse = packet.tsgPacket.packetCapsResponse.pktQuarEncResponse;
1692 }
1693 else if ((packet.packetId == TSG_PACKET_TYPE_QUARENC_RESPONSE) &&
1694 (SwitchValue == TSG_PACKET_TYPE_QUARENC_RESPONSE))
1695 {
1696 UINT32 PacketQuarResponsePtr = 0;
1697
1698 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketQuarResponsePtr, TRUE))
1699 goto fail;
1700
1701 if (!tsg_ndr_read_quarenc_response(tsg->log, pdu->s, &index,
1702 &packet.tsgPacket.packetQuarEncResponse))
1703 goto fail;
1704
1705 if (!tsg_ndr_read_quarenc_data(tsg->log, pdu->s, &index,
1706 &packet.tsgPacket.packetQuarEncResponse))
1707 goto fail;
1708
1709 if (!tsg_ndr_read_tunnel_context(tsg->log, pdu->s, tunnelContext, tunnelId))
1710 goto fail;
1711
1712 tsg->CapsResponse = packet.tsgPacket.packetQuarEncResponse;
1713 }
1714 else
1715 {
1716 WLog_Print(tsg->log, WLOG_ERROR,
1717 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_CAPS_RESPONSE "
1718 "or TSG_PACKET_TYPE_QUARENC_RESPONSE",
1719 packet.packetId);
1720 goto fail;
1721 }
1722
1723 {
1724 const size_t rem = Stream_GetRemainingLength(pdu->s);
1725 if (rem != 0)
1726 {
1727 WLog_Print(tsg->log, WLOG_WARN, "Partially parsed %s, %" PRIuz " bytes remain",
1728 tsg_packet_id_to_string(packet.packetId), rem);
1729 }
1730 }
1731
1732 rc = TRUE;
1733fail:
1734 return rc;
1735}
1736
1748static BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
1749{
1750 if (!tsg || !tsg->rpc || !tunnelContext)
1751 return FALSE;
1752
1753 rdpRpc* rpc = tsg->rpc;
1754
1755 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyAuthorizeTunnelWriteRequest");
1756 wStream* s = Stream_New(NULL, 1024 + sizeof(WCHAR) * tsg->QuarreQuest.nameLength +
1757 tsg->QuarreQuest.dataLen);
1758
1759 if (!s)
1760 return FALSE;
1761
1762 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1763 {
1764 Stream_Free(s, TRUE);
1765 return FALSE;
1766 }
1767
1768 /* 4-byte alignment */
1769 UINT32 index = 0;
1770 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* PacketId (4 bytes) */
1771 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* SwitchValue (4 bytes) */
1772 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketQuarRequestPtr (4 bytes) */
1773 goto fail;
1774 Stream_Write_UINT32(s, tsg->QuarreQuest.flags); /* Flags (4 bytes) */
1775 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* MachineNamePtr (4 bytes) */
1776 goto fail;
1777 Stream_Write_UINT32(s, tsg->QuarreQuest.nameLength); /* NameLength (4 bytes) */
1778 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* DataPtr (4 bytes) */
1779 goto fail;
1780 Stream_Write_UINT32(s, tsg->QuarreQuest.dataLen); /* DataLength (4 bytes) */
1781 /* MachineName */
1782 if (!tsg_ndr_write_string(tsg->log, s, tsg->QuarreQuest.machineName,
1783 tsg->QuarreQuest.nameLength))
1784 goto fail;
1785 /* data */
1786 if (!tsg_ndr_write_conformant_array(tsg->log, s, tsg->QuarreQuest.data,
1787 tsg->QuarreQuest.dataLen))
1788 goto fail;
1789
1790 Stream_SealLength(s);
1791 return rpc_client_write_call(rpc, s, TsProxyAuthorizeTunnelOpnum);
1792fail:
1793 Stream_Free(s, TRUE);
1794 return FALSE;
1795}
1796
1797static UINT32 tsg_redir_to_flags(const TSG_REDIRECTION_FLAGS* redirect)
1798{
1799 UINT32 flags = 0;
1800 if (redirect->enableAllRedirections)
1801 flags |= HTTP_TUNNEL_REDIR_ENABLE_ALL;
1802 if (redirect->disableAllRedirections)
1803 flags |= HTTP_TUNNEL_REDIR_DISABLE_ALL;
1804
1805 if (redirect->driveRedirectionDisabled)
1806 flags |= HTTP_TUNNEL_REDIR_DISABLE_DRIVE;
1807 if (redirect->printerRedirectionDisabled)
1808 flags |= HTTP_TUNNEL_REDIR_DISABLE_PRINTER;
1809 if (redirect->portRedirectionDisabled)
1810 flags |= HTTP_TUNNEL_REDIR_DISABLE_PORT;
1811 if (redirect->clipboardRedirectionDisabled)
1812 flags |= HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD;
1813 if (redirect->pnpRedirectionDisabled)
1814 flags |= HTTP_TUNNEL_REDIR_DISABLE_PNP;
1815 return flags;
1816}
1817
1818static BOOL tsg_redirect_apply(rdpTsg* tsg, const TSG_REDIRECTION_FLAGS* redirect)
1819{
1820 WINPR_ASSERT(tsg);
1821 WINPR_ASSERT(redirect);
1822
1823 rdpTransport* transport = tsg->transport;
1824 WINPR_ASSERT(transport);
1825
1826 rdpContext* context = transport_get_context(transport);
1827 UINT32 redirFlags = tsg_redir_to_flags(redirect);
1828 return utils_apply_gateway_policy(tsg->log, context, redirFlags, "TSG");
1829}
1830
1831static BOOL tsg_ndr_read_timeout(wLog* log, wStream* s, size_t tlen)
1832{
1833 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
1834 return FALSE;
1835
1836 if (tlen < sizeof(UINT32))
1837 {
1838 WLog_Print(log, WLOG_ERROR, "[IDLE_TIMEOUT] array element length %" PRIuz ", expected 4",
1839 tlen);
1840 return FALSE;
1841 }
1842
1843 const UINT32 idleTimeout = Stream_Get_UINT32(s);
1844 WLog_Print(log, WLOG_DEBUG, "[IDLE_TIMEOUT] idleTimeout=%" PRIu32 ": TODO: unused",
1845 idleTimeout);
1846 return TRUE;
1847}
1848
1849static BOOL tsg_ndr_read_sohr(wLog* log, wStream* s, BOOL expected)
1850{
1851 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
1852 return FALSE;
1853
1854 const UINT32 len = Stream_Get_UINT32(s);
1855 if (!expected)
1856 {
1857 if (len != 0)
1858 {
1859 WLog_Print(log, WLOG_DEBUG, "[SOH] len=%" PRIu32 ": skipping", len);
1860 return FALSE;
1861 }
1862 return TRUE;
1863 }
1864 else if (len == 0)
1865 {
1866 WLog_Print(log, WLOG_WARN, "[SOH] len=%" PRIu32 ": expected length > 0", len);
1867 }
1868
1869 WLog_Print(log, WLOG_DEBUG, "[SOH] len=%" PRIu32 ": TODO: unused", len);
1870 if (!Stream_SafeSeek(s, len))
1871 return FALSE;
1872
1873 winpr_HexLogDump(log, WLOG_DEBUG, Stream_Pointer(s), len);
1874 return TRUE;
1875}
1876
1877static BOOL tsg_ndr_read_packet_response_data(rdpTsg* tsg, wStream* s,
1878 const TSG_PACKET_RESPONSE* response)
1879{
1880 WINPR_ASSERT(tsg);
1881
1882 if (!Stream_CheckAndLogRequiredCapacityOfSizeWLog(tsg->log, s, 1, 4))
1883 return FALSE;
1884
1885 const uint32_t arrayMaxLen = Stream_Get_UINT32(s);
1886 const size_t rem = Stream_GetRemainingLength(s);
1887 if (arrayMaxLen != response->responseDataLen)
1888 {
1889 WLog_Print(tsg->log, WLOG_ERROR,
1890 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1891 " != NDR array len %" PRIu32,
1892 response->responseDataLen, arrayMaxLen);
1893 }
1894 if (response->responseDataLen > 0)
1895 {
1896 if (!Stream_CheckAndLogRequiredCapacityOfSizeWLog(tsg->log, s, 1, 4))
1897 return FALSE;
1898
1899 if (tsg->CapsResponse.versionCaps.tsgCaps.capabilityType != TSG_CAPABILITY_TYPE_NAP)
1900 {
1901 WLog_Print(
1902 tsg->log, WLOG_ERROR,
1903 "2.2.9.2.1.5 TSG_PACKET_RESPONSE Negotiated Capabilities type is 0x%08" PRIx32
1904 ", expected TSG_CAPABILITY_TYPE_NAP[0x00000001]",
1905 tsg->CapsResponse.versionCaps.tsgCaps.capabilityType);
1906 return FALSE;
1907 }
1908 const UINT32 mask = (TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT);
1909 const UINT32 val =
1910 (tsg->CapsResponse.versionCaps.tsgCaps.tsgPacket.tsgCapNap.capabilities & mask);
1911 if ((val == mask) && (tsg->QuarreQuest.dataLen > 0))
1912 {
1913 if (!tsg_ndr_read_timeout(tsg->log, s, arrayMaxLen))
1914 return FALSE;
1915 if (!tsg_ndr_read_sohr(tsg->log, s, TRUE))
1916 return FALSE;
1917 }
1918 else if ((val == TSG_NAP_CAPABILITY_QUAR_SOH) && (tsg->QuarreQuest.dataLen > 0))
1919 {
1920 if (!tsg_ndr_read_sohr(tsg->log, s, TRUE))
1921 return FALSE;
1922 }
1923 else if ((val & TSG_NAP_CAPABILITY_IDLE_TIMEOUT) != 0)
1924 {
1925 if (!tsg_ndr_read_timeout(tsg->log, s, arrayMaxLen))
1926 return FALSE;
1927 if (!tsg_ndr_read_sohr(tsg->log, s, FALSE))
1928 return FALSE;
1929 }
1930 else
1931 {
1932 WLog_Print(
1933 tsg->log, WLOG_ERROR,
1934 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1935 ", but neither TSG_NAP_CAPABILITY_QUAR_SOH nor "
1936 "TSG_NAP_CAPABILITY_IDLE_TIMEOUT are set, so expecting 0 (actually got %" PRIuz ")",
1937 response->responseDataLen, rem);
1938 return FALSE;
1939 }
1940 }
1941 else if (rem > 0)
1942 {
1943 char buffer[256] = { 0 };
1944 WLog_Print(tsg->log, WLOG_WARN,
1945 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1946 ", but actually got %" PRIuz " [flags=%s], ignoring.",
1947 response->responseDataLen, rem,
1948 tsg_caps_to_string(
1949 tsg->CapsResponse.versionCaps.tsgCaps.tsgPacket.tsgCapNap.capabilities,
1950 buffer, sizeof(buffer)));
1951 if (!Stream_SafeSeek(s, rem))
1952 return FALSE;
1953 }
1954
1955 {
1956 const size_t trem = Stream_GetRemainingLength(s);
1957 if (trem > 0)
1958 {
1959 WLog_Print(tsg->log, WLOG_WARN,
1960 "2.2.9.2.1.5 TSG_PACKET_RESPONSE %" PRIuz " unhandled bytes remain", trem);
1961 }
1962 }
1963 return TRUE;
1964}
1965
1966static BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
1967{
1968 BOOL rc = FALSE;
1969 UINT32 SwitchValue = 0;
1970 UINT32 index = 0;
1971 TSG_PACKET packet = { 0 };
1972 UINT32 PacketPtr = 0;
1973 UINT32 PacketResponseDataPtr = 0;
1974
1975 WINPR_ASSERT(tsg);
1976 WINPR_ASSERT(pdu);
1977
1978 wLog* log = tsg->log;
1979 WINPR_ASSERT(log);
1980
1981 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketPtr, TRUE))
1982 goto fail;
1983
1984 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
1985 goto fail;
1986 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1987 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1988
1989 WLog_Print(log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1990
1991 if (packet.packetId == E_PROXY_NAP_ACCESSDENIED)
1992 {
1993 WLog_Print(log, WLOG_ERROR, "status: E_PROXY_NAP_ACCESSDENIED (0x%08X)",
1994 E_PROXY_NAP_ACCESSDENIED);
1995 WLog_Print(log, WLOG_ERROR,
1996 "Ensure that the Gateway Connection Authorization Policy is correct");
1997 goto fail;
1998 }
1999
2000 if ((packet.packetId != TSG_PACKET_TYPE_RESPONSE) || (SwitchValue != TSG_PACKET_TYPE_RESPONSE))
2001 {
2002 WLog_Print(log, WLOG_ERROR,
2003 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_RESPONSE",
2004 packet.packetId);
2005 goto fail;
2006 }
2007
2008 if (!tsg_ndr_pointer_read(log, pdu->s, &index, NULL, TRUE))
2009 goto fail;
2010
2011 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
2012 goto fail;
2013
2014 packet.tsgPacket.packetResponse.flags = Stream_Get_UINT32(pdu->s);
2015 if (packet.tsgPacket.packetResponse.flags != TSG_PACKET_TYPE_QUARREQUEST)
2016 {
2017 WLog_Print(log, WLOG_ERROR,
2018 "Unexpected Packet Response flags: 0x%08" PRIX32
2019 ", Expected TSG_PACKET_TYPE_QUARREQUEST",
2020 packet.tsgPacket.packetResponse.flags);
2021 goto fail;
2022 }
2023
2024 packet.tsgPacket.packetResponse.reserved = Stream_Get_UINT32(pdu->s);
2025
2026 packet.tsgPacket.packetResponse.responseData = NULL;
2027 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketResponseDataPtr, FALSE))
2028 goto fail;
2029
2030 packet.tsgPacket.packetResponse.responseDataLen = Stream_Get_UINT32(pdu->s);
2031 if (packet.tsgPacket.packetResponse.responseDataLen > 24000)
2032 {
2033 WLog_Print(log, WLOG_ERROR,
2034 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen %" PRIu32 " > maximum(24000)",
2035 packet.tsgPacket.packetResponse.responseDataLen);
2036 goto fail;
2037 }
2038 if ((PacketResponseDataPtr == 0) && (packet.tsgPacket.packetResponse.responseDataLen != 0))
2039 {
2040 WLog_Print(log, WLOG_ERROR,
2041 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen %" PRIu32
2042 " but responseData = NULL",
2043 packet.tsgPacket.packetResponse.responseDataLen);
2044 goto fail;
2045 }
2046
2047 if (!tsg_ndr_read_packet_redirection_flags(log, pdu->s,
2048 &packet.tsgPacket.packetResponse.redirectionFlags))
2049 goto fail;
2050
2051 packet.tsgPacket.packetResponse.responseData = Stream_Pointer(pdu->s);
2052 if (!tsg_ndr_read_packet_response_data(tsg, pdu->s, &packet.tsgPacket.packetResponse))
2053 goto fail;
2054
2055 rc = tsg_redirect_apply(tsg, &packet.tsgPacket.packetResponse.redirectionFlags);
2056
2057fail:
2058 return rc;
2059}
2060
2072static BOOL TsProxyMakeTunnelCallWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext,
2073 UINT32 procId)
2074{
2075 wStream* s = NULL;
2076 rdpRpc* rpc = NULL;
2077
2078 if (!tsg || !tsg->rpc || !tunnelContext)
2079 return FALSE;
2080
2081 rpc = tsg->rpc;
2082 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyMakeTunnelCallWriteRequest");
2083 s = Stream_New(NULL, 40);
2084
2085 if (!s)
2086 return FALSE;
2087
2088 /* TunnelContext (20 bytes) */
2089 UINT32 index = 0;
2090 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2091 goto fail;
2092 Stream_Write_UINT32(s, procId); /* ProcId (4 bytes) */
2093 /* 4-byte alignment */
2094 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* PacketId (4 bytes) */
2095 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* SwitchValue (4 bytes) */
2096 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketMsgRequestPtr (4 bytes) */
2097 goto fail;
2098 Stream_Write_UINT32(s, 0x00000001); /* MaxMessagesPerBatch (4 bytes) */
2099 return rpc_client_write_call(rpc, s, TsProxyMakeTunnelCallOpnum);
2100fail:
2101 Stream_Free(s, TRUE);
2102 return FALSE;
2103}
2104
2105static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
2106 TSG_PACKET_STRING_MESSAGE* msg)
2107{
2108 UINT32 MsgPtr = 0;
2109
2110 WINPR_ASSERT(msg);
2111
2112 const TSG_PACKET_STRING_MESSAGE empty = { 0 };
2113 *msg = empty;
2114
2115 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
2116 return FALSE;
2117
2118 Stream_Read_INT32(s, msg->isDisplayMandatory); /* IsDisplayMandatory (4 bytes) */
2119 Stream_Read_INT32(s, msg->isConsentMandatory); /* IsConsentMandatory (4 bytes) */
2120 Stream_Read_UINT32(s, msg->msgBytes); /* MsgBytes (4 bytes) */
2121
2122 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, msg->msgBytes != 0))
2123 return FALSE;
2124
2125 if (msg->msgBytes > TSG_MESSAGING_MAX_MESSAGE_LENGTH)
2126 {
2127 WLog_Print(log, WLOG_ERROR, "Out of Spec Message Length %" PRIu32 "", msg->msgBytes);
2128 return FALSE;
2129 }
2130
2131 if (msg->msgBytes == 0)
2132 {
2133 WLog_Print(log, WLOG_DEBUG, "Empty message, skipping string read");
2134 return TRUE;
2135 }
2136
2137 return tsg_ndr_read_string(log, s, &msg->msgBuffer, msg->msgBytes);
2138}
2139
2140static BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
2141{
2142 BOOL rc = FALSE;
2143 UINT32 index = 0;
2144 TSG_PACKET packet = { 0 };
2145 rdpContext* context = NULL;
2146 TSG_PACKET_MSG_RESPONSE packetMsgResponse = { 0 };
2147 UINT32 PacketPtr = 0;
2148 UINT32 PacketMsgResponsePtr = 0;
2149
2150 WINPR_ASSERT(tsg);
2151 WINPR_ASSERT(tsg->rpc);
2152
2153 context = transport_get_context(tsg->rpc->transport);
2154 WINPR_ASSERT(context);
2155
2156 /* This is an asynchronous response */
2157
2158 if (!pdu)
2159 return FALSE;
2160
2161 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 28))
2162 goto fail;
2163
2164 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
2165 goto fail;
2166
2167 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
2168
2169 {
2170 const uint32_t SwitchValue = Stream_Get_UINT32(pdu->s); /* SwitchValue (4 bytes) */
2171 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
2172
2173 if ((packet.packetId != TSG_PACKET_TYPE_MESSAGE_PACKET) || (packet.packetId != SwitchValue))
2174 {
2175 WLog_Print(tsg->log, WLOG_ERROR,
2176 "Unexpected PacketId: 0x%08" PRIX32
2177 ", Expected TSG_PACKET_TYPE_MESSAGE_PACKET",
2178 packet.packetId);
2179 goto fail;
2180 }
2181 }
2182
2183 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketMsgResponsePtr, TRUE))
2184 goto fail;
2185
2186 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(tsg->log, pdu->s, &packetMsgResponse))
2187 goto fail;
2188
2189 {
2190 UINT32 MessagePtr = 0;
2191 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &MessagePtr, TRUE))
2192 goto fail;
2193
2194 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(tsg->log, context, pdu->s, &index, MessagePtr,
2195 &packetMsgResponse, &tsg->ReauthTunnelContext))
2196 goto fail;
2197 }
2198
2199 rc = TRUE;
2200fail:
2201 return rc;
2202}
2203
2215static BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
2216{
2217 WINPR_ASSERT(tsg);
2218 WINPR_ASSERT(tunnelContext);
2219
2220 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCreateChannelWriteRequest");
2221
2222 if (!tsg->rpc || !tsg->Hostname)
2223 return FALSE;
2224
2225 rdpRpc* rpc = tsg->rpc;
2226 const size_t count = _wcslen(tsg->Hostname) + 1;
2227 if (count > UINT32_MAX)
2228 return FALSE;
2229
2230 wStream* s = Stream_New(NULL, 60 + count * 2);
2231 if (!s)
2232 return FALSE;
2233
2234 /* TunnelContext (20 bytes) */
2235 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2236 goto fail;
2237
2238 /* TSENDPOINTINFO */
2239 {
2240 UINT32 index = 0;
2241 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2242 goto fail;
2243 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2244 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 0))
2245 goto fail;
2246 }
2247
2248 Stream_Write_UINT16(s, 0x0000); /* NumAlternateResourceNames (2 bytes) */
2249 Stream_Write_UINT16(s, 0x0000); /* Pad (2 bytes) */
2250 /* Port (4 bytes) */
2251 Stream_Write_UINT16(s, 0x0003); /* ProtocolId (RDP = 3) (2 bytes) */
2252 Stream_Write_UINT16(s, tsg->Port); /* PortNumber (0xD3D = 3389) (2 bytes) */
2253 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2254 {
2255 UINT32 index = 0;
2256 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2257 goto fail;
2258 }
2259 if (!tsg_ndr_write_string(tsg->log, s, tsg->Hostname, count))
2260 goto fail;
2261 return rpc_client_write_call(rpc, s, TsProxyCreateChannelOpnum);
2262
2263fail:
2264 Stream_Free(s, TRUE);
2265 return FALSE;
2266}
2267
2268static BOOL TsProxyCreateChannelReadResponse(wLog* log, const RPC_PDU* pdu,
2269 CONTEXT_HANDLE* channelContext, UINT32* channelId)
2270{
2271 BOOL rc = FALSE;
2272
2273 WINPR_ASSERT(log);
2274 WINPR_ASSERT(pdu);
2275 WINPR_ASSERT(channelId);
2276
2277 WLog_Print(log, WLOG_DEBUG, "TsProxyCreateChannelReadResponse");
2278
2279 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 28))
2280 goto fail;
2281
2282 /* ChannelContext (20 bytes) */
2283 if (!TsProxyReadTunnelContext(log, pdu->s, channelContext))
2284 goto fail;
2285 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, pdu->s, 2, sizeof(UINT32)))
2286 goto fail;
2287 Stream_Read_UINT32(pdu->s, *channelId); /* ChannelId (4 bytes) */
2288 Stream_Seek_UINT32(pdu->s); /* ReturnValue (4 bytes) */
2289 rc = TRUE;
2290fail:
2291 return rc;
2292}
2293
2300static BOOL TsProxyCloseChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* context)
2301{
2302 WINPR_ASSERT(tsg);
2303 WINPR_ASSERT(context);
2304
2305 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseChannelWriteRequest");
2306
2307 rdpRpc* rpc = tsg->rpc;
2308 WINPR_ASSERT(rpc);
2309
2310 wStream* s = Stream_New(NULL, 20);
2311
2312 if (!s)
2313 return FALSE;
2314
2315 /* ChannelContext (20 bytes) */
2316 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2317 goto fail;
2318 return rpc_client_write_call(rpc, s, TsProxyCloseChannelOpnum);
2319fail:
2320 Stream_Free(s, TRUE);
2321 return FALSE;
2322}
2323
2324static BOOL TsProxyCloseChannelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2325{
2326 BOOL rc = FALSE;
2327 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseChannelReadResponse");
2328
2329 if (!pdu)
2330 return FALSE;
2331
2332 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2333 goto fail;
2334
2335 /* ChannelContext (20 bytes) */
2336 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2337 goto fail;
2338
2339 {
2340 const size_t len = sizeof(UINT32);
2341 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2342 goto fail;
2343 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2344 rc = TRUE;
2345 }
2346fail:
2347 return rc;
2348}
2349
2356static BOOL TsProxyCloseTunnelWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* context)
2357{
2358 WINPR_ASSERT(tsg);
2359 WINPR_ASSERT(context);
2360
2361 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseTunnelWriteRequest");
2362
2363 rdpRpc* rpc = tsg->rpc;
2364 WINPR_ASSERT(rpc);
2365
2366 wStream* s = Stream_New(NULL, 20);
2367
2368 if (!s)
2369 return FALSE;
2370
2371 /* TunnelContext (20 bytes) */
2372 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2373 goto fail;
2374 return rpc_client_write_call(rpc, s, TsProxyCloseTunnelOpnum);
2375fail:
2376 Stream_Free(s, TRUE);
2377 return FALSE;
2378}
2379
2380static BOOL TsProxyCloseTunnelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2381{
2382 BOOL rc = FALSE;
2383
2384 WINPR_ASSERT(log);
2385 WINPR_ASSERT(pdu);
2386 WINPR_ASSERT(context);
2387
2388 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseTunnelReadResponse");
2389
2390 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2391 goto fail;
2392
2393 /* TunnelContext (20 bytes) */
2394 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2395 goto fail;
2396 {
2397 const size_t len = sizeof(UINT32);
2398 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2399 goto fail;
2400 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2401 rc = TRUE;
2402 }
2403fail:
2404 return rc;
2405}
2406
2415static BOOL TsProxySetupReceivePipeWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* channelContext)
2416{
2417 wStream* s = NULL;
2418 rdpRpc* rpc = NULL;
2419 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxySetupReceivePipeWriteRequest");
2420
2421 WINPR_ASSERT(tsg);
2422 WINPR_ASSERT(tsg->rpc);
2423
2424 if (!channelContext)
2425 return FALSE;
2426
2427 rpc = tsg->rpc;
2428 s = Stream_New(NULL, 20);
2429
2430 if (!s)
2431 return FALSE;
2432
2433 /* ChannelContext (20 bytes) */
2434 if (!TsProxyWriteTunnelContext(tsg->log, s, channelContext))
2435 goto fail;
2436 return rpc_client_write_call(rpc, s, TsProxySetupReceivePipeOpnum);
2437fail:
2438 Stream_Free(s, TRUE);
2439 return FALSE;
2440}
2441
2442static BOOL tsg_transition_to_state(rdpTsg* tsg, TSG_STATE state)
2443{
2444 WINPR_ASSERT(tsg);
2445 const char* oldState = tsg_state_to_string(tsg->state);
2446 const char* newState = tsg_state_to_string(state);
2447
2448 WLog_Print(tsg->log, WLOG_DEBUG, "%s -> %s", oldState, newState);
2449 return tsg_set_state(tsg, state);
2450}
2451
2452static BOOL tsg_initialize_version_caps(const rdpTsg* tsg,
2453 TSG_PACKET_VERSIONCAPS* packetVersionCaps)
2454{
2455 WINPR_ASSERT(tsg);
2456 WINPR_ASSERT(packetVersionCaps);
2457
2458 packetVersionCaps->tsgHeader.ComponentId = TS_GATEWAY_TRANSPORT;
2459 packetVersionCaps->tsgHeader.PacketId = TSG_PACKET_TYPE_VERSIONCAPS;
2460 packetVersionCaps->numCapabilities = 1;
2461 packetVersionCaps->majorVersion = 1;
2462 packetVersionCaps->minorVersion = 1;
2463 packetVersionCaps->quarantineCapabilities = 0;
2464 packetVersionCaps->tsgCaps.capabilityType = TSG_CAPABILITY_TYPE_NAP;
2465 /*
2466 * Using reduced capabilities appears to trigger
2467 * TSG_PACKET_TYPE_QUARENC_RESPONSE instead of TSG_PACKET_TYPE_CAPS_RESPONSE
2468 *
2469 * However, reduced capabilities may break connectivity with servers enforcing features,
2470 * such as "Only allow connections from Remote Desktop Services clients that support RD
2471 * Gateway messaging"
2472 */
2473
2474 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities =
2475 TSG_NAP_CAPABILITY_IDLE_TIMEOUT | TSG_MESSAGING_CAP_CONSENT_SIGN |
2476 TSG_MESSAGING_CAP_SERVICE_MSG | TSG_MESSAGING_CAP_REAUTH;
2477 if (tsg->QuarreQuest.dataLen > 0)
2478 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities |= TSG_NAP_CAPABILITY_QUAR_SOH;
2479
2480 return TRUE;
2481}
2482
2483static void resetCaps(rdpTsg* tsg)
2484{
2485 WINPR_ASSERT(tsg);
2486 const TSG_PACKET_QUARENC_RESPONSE empty = { 0 };
2487 tsg->CapsResponse = empty;
2488}
2489
2490BOOL tsg_proxy_begin(rdpTsg* tsg)
2491{
2492 TSG_PACKET tsgPacket = { 0 };
2493
2494 WINPR_ASSERT(tsg);
2495
2496 tsgPacket.packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2497 if (!tsg_initialize_version_caps(tsg, &tsgPacket.tsgPacket.packetVersionCaps) ||
2498 !TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2499 {
2500 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2501 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2502 return FALSE;
2503 }
2504
2505 resetCaps(tsg);
2506
2507 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2508}
2509
2510static BOOL tsg_proxy_reauth(rdpTsg* tsg)
2511{
2512 TSG_PACKET tsgPacket = { 0 };
2513
2514 WINPR_ASSERT(tsg);
2515
2516 tsg->reauthSequence = TRUE;
2517 TSG_PACKET_REAUTH* packetReauth = &tsgPacket.tsgPacket.packetReauth;
2518
2519 tsgPacket.packetId = TSG_PACKET_TYPE_REAUTH;
2520 packetReauth->tunnelContext = tsg->ReauthTunnelContext;
2521 packetReauth->packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2522
2523 if (!tsg_initialize_version_caps(tsg, &packetReauth->tsgInitialPacket.packetVersionCaps))
2524 return FALSE;
2525
2526 if (!TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2527 {
2528 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2529 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2530 return FALSE;
2531 }
2532
2533 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2534 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2535 {
2536 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2537 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2538 return FALSE;
2539 }
2540
2541 resetCaps(tsg);
2542 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2543}
2544
2545BOOL tsg_recv_pdu(rdpTsg* tsg, const RPC_PDU* pdu)
2546{
2547 BOOL rc = FALSE;
2548 RpcClientCall* call = NULL;
2549 rdpRpc* rpc = NULL;
2550
2551 WINPR_ASSERT(tsg);
2552 WINPR_ASSERT(pdu);
2553 WINPR_ASSERT(tsg->rpc);
2554
2555 rpc = tsg->rpc;
2556
2557 if (!(pdu->Flags & RPC_PDU_FLAG_STUB))
2558 {
2559 const size_t len = 24;
2560 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, len))
2561 return FALSE;
2562 Stream_Seek(pdu->s, len);
2563 }
2564
2565 const TSG_STATE oldState = tsg->state;
2566 switch (tsg->state)
2567 {
2568 case TSG_STATE_INITIAL:
2569 {
2570 CONTEXT_HANDLE* TunnelContext = NULL;
2571 TunnelContext = (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2572
2573 if (!TsProxyCreateTunnelReadResponse(tsg, pdu, TunnelContext, &tsg->TunnelId))
2574 {
2575 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnelReadResponse failure");
2576 return FALSE;
2577 }
2578
2579 if (!tsg_transition_to_state(tsg, TSG_STATE_CONNECTED))
2580 return FALSE;
2581
2582 if (!TsProxyAuthorizeTunnelWriteRequest(tsg, TunnelContext))
2583 {
2584 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnel failure");
2585 return FALSE;
2586 }
2587
2588 rc = TRUE;
2589 }
2590 break;
2591
2592 case TSG_STATE_CONNECTED:
2593 {
2594 CONTEXT_HANDLE* TunnelContext =
2595 (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2596
2597 if (!TsProxyAuthorizeTunnelReadResponse(tsg, pdu))
2598 {
2599 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnelReadResponse failure");
2600 return FALSE;
2601 }
2602
2603 if (!tsg_transition_to_state(tsg, TSG_STATE_AUTHORIZED))
2604 return FALSE;
2605
2606 if (!tsg->reauthSequence)
2607 {
2608 if (!TsProxyMakeTunnelCallWriteRequest(tsg, TunnelContext,
2609 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2610 {
2611 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2612 return FALSE;
2613 }
2614 }
2615
2616 if (!TsProxyCreateChannelWriteRequest(tsg, TunnelContext))
2617 {
2618 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannel failure");
2619 return FALSE;
2620 }
2621
2622 rc = TRUE;
2623 }
2624 break;
2625
2626 case TSG_STATE_AUTHORIZED:
2627 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2628
2629 if (!call)
2630 return FALSE;
2631
2632 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2633 {
2634 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2635 {
2636 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2637 return FALSE;
2638 }
2639
2640 rc = TRUE;
2641 }
2642 else if (call->OpNum == TsProxyCreateChannelOpnum)
2643 {
2644 CONTEXT_HANDLE ChannelContext;
2645
2646 if (!TsProxyCreateChannelReadResponse(tsg->log, pdu, &ChannelContext,
2647 &tsg->ChannelId))
2648 {
2649 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannelReadResponse failure");
2650 return FALSE;
2651 }
2652
2653 if (!tsg->reauthSequence)
2654 CopyMemory(&tsg->ChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2655 else
2656 CopyMemory(&tsg->NewChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2657
2658 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CREATED))
2659 return FALSE;
2660
2661 if (!tsg->reauthSequence)
2662 {
2663 if (!TsProxySetupReceivePipeWriteRequest(tsg, &tsg->ChannelContext))
2664 {
2665 WLog_Print(tsg->log, WLOG_ERROR, "TsProxySetupReceivePipe failure");
2666 return FALSE;
2667 }
2668 }
2669 else
2670 {
2671 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->NewChannelContext))
2672 {
2673 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2674 return FALSE;
2675 }
2676
2677 if (!TsProxyCloseTunnelWriteRequest(tsg, &tsg->NewTunnelContext))
2678 {
2679 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelWriteRequest failure");
2680 return FALSE;
2681 }
2682 }
2683
2684 rc = tsg_transition_to_state(tsg, TSG_STATE_PIPE_CREATED);
2685 tsg->reauthSequence = FALSE;
2686 }
2687 else
2688 {
2689 WLog_Print(tsg->log, WLOG_ERROR,
2690 "TSG_STATE_AUTHORIZED unexpected OpNum: %" PRIu32 "\n", call->OpNum);
2691 }
2692
2693 break;
2694
2695 case TSG_STATE_CHANNEL_CREATED:
2696 break;
2697
2698 case TSG_STATE_PIPE_CREATED:
2699 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2700
2701 if (!call)
2702 return FALSE;
2703
2704 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2705 {
2706 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2707 {
2708 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2709 return FALSE;
2710 }
2711
2712 rc = TRUE;
2713
2714 if (tsg->ReauthTunnelContext)
2715 rc = tsg_proxy_reauth(tsg);
2716 }
2717 else if (call->OpNum == TsProxyCloseChannelOpnum)
2718 {
2719 CONTEXT_HANDLE ChannelContext;
2720
2721 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2722 {
2723 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2724 return FALSE;
2725 }
2726
2727 rc = TRUE;
2728 }
2729 else if (call->OpNum == TsProxyCloseTunnelOpnum)
2730 {
2731 CONTEXT_HANDLE TunnelContext;
2732
2733 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2734 {
2735 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2736 return FALSE;
2737 }
2738
2739 rc = TRUE;
2740 }
2741
2742 break;
2743
2744 case TSG_STATE_TUNNEL_CLOSE_PENDING:
2745 {
2746 CONTEXT_HANDLE ChannelContext;
2747
2748 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2749 {
2750 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2751 return FALSE;
2752 }
2753
2754 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING))
2755 return FALSE;
2756
2757 if (!TsProxyCloseChannelWriteRequest(tsg, NULL))
2758 {
2759 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2760 return FALSE;
2761 }
2762
2763 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2764 TSG_TUNNEL_CANCEL_ASYNC_MSG_REQUEST))
2765 {
2766 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2767 return FALSE;
2768 }
2769
2770 rc = TRUE;
2771 }
2772 break;
2773
2774 case TSG_STATE_CHANNEL_CLOSE_PENDING:
2775 {
2776 CONTEXT_HANDLE TunnelContext;
2777
2778 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2779 {
2780 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2781 return FALSE;
2782 }
2783
2784 rc = tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2785 }
2786 break;
2787
2788 case TSG_STATE_FINAL:
2789 break;
2790 default:
2791 break;
2792 }
2793
2794 {
2795 const size_t rem = Stream_GetRemainingLength(pdu->s);
2796 if (rem > 0)
2797 {
2798 WLog_Print(tsg->log, WLOG_WARN, "[%s] unparsed bytes: %" PRIuz,
2799 tsg_state_to_string(oldState), rem);
2800 }
2801 }
2802 return rc;
2803}
2804
2805BOOL tsg_check_event_handles(rdpTsg* tsg)
2806{
2807 WINPR_ASSERT(tsg);
2808 if (rpc_client_in_channel_recv(tsg->rpc) < 0)
2809 return FALSE;
2810
2811 if (rpc_client_out_channel_recv(tsg->rpc) < 0)
2812 return FALSE;
2813
2814 return TRUE;
2815}
2816
2817DWORD tsg_get_event_handles(rdpTsg* tsg, HANDLE* events, DWORD count)
2818{
2819 UINT32 nCount = 0;
2820 rdpRpc* rpc = tsg->rpc;
2821 RpcVirtualConnection* connection = rpc->VirtualConnection;
2822
2823 if (events && (nCount < count))
2824 {
2825 events[nCount] = rpc->client->PipeEvent;
2826 nCount++;
2827 }
2828 else
2829 return 0;
2830
2831 if (connection->DefaultInChannel && connection->DefaultInChannel->common.tls)
2832 {
2833 if (events && (nCount < count))
2834 {
2835 BIO_get_event(connection->DefaultInChannel->common.tls->bio, &events[nCount]);
2836 nCount++;
2837 }
2838 else
2839 return 0;
2840 }
2841
2842 if (connection->NonDefaultInChannel && connection->NonDefaultInChannel->common.tls)
2843 {
2844 if (events && (nCount < count))
2845 {
2846 BIO_get_event(connection->NonDefaultInChannel->common.tls->bio, &events[nCount]);
2847 nCount++;
2848 }
2849 else
2850 return 0;
2851 }
2852
2853 if (connection->DefaultOutChannel && connection->DefaultOutChannel->common.tls)
2854 {
2855 if (events && (nCount < count))
2856 {
2857 BIO_get_event(connection->DefaultOutChannel->common.tls->bio, &events[nCount]);
2858 nCount++;
2859 }
2860 else
2861 return 0;
2862 }
2863
2864 if (connection->NonDefaultOutChannel && connection->NonDefaultOutChannel->common.tls)
2865 {
2866 if (events && (nCount < count))
2867 {
2868 BIO_get_event(connection->NonDefaultOutChannel->common.tls->bio, &events[nCount]);
2869 nCount++;
2870 }
2871 else
2872 return 0;
2873 }
2874
2875 return nCount;
2876}
2877
2878static BOOL tsg_set_hostname(rdpTsg* tsg, const char* hostname)
2879{
2880 WINPR_ASSERT(tsg);
2881 free(tsg->Hostname);
2882 tsg->Hostname = ConvertUtf8ToWCharAlloc(hostname, NULL);
2883 return tsg->Hostname != NULL;
2884}
2885
2886static BOOL tsg_set_machine_name(rdpTsg* tsg, const char* machineName)
2887{
2888 WINPR_ASSERT(tsg);
2889
2890 free(tsg->QuarreQuest.machineName);
2891 tsg->QuarreQuest.machineName = NULL;
2892 tsg->QuarreQuest.nameLength = 0;
2893 if (!machineName)
2894 return FALSE;
2895
2896 size_t size = 0;
2897 tsg->QuarreQuest.machineName = ConvertUtf8ToWCharAlloc(machineName, &size);
2898 tsg->QuarreQuest.nameLength = WINPR_ASSERTING_INT_CAST(uint32_t, size + 1ull);
2899 return tsg->QuarreQuest.machineName && (size > 0);
2900}
2901
2902BOOL tsg_connect(rdpTsg* tsg, const char* hostname, UINT16 port, DWORD timeout)
2903{
2904 UINT64 looptimeout = timeout * 1000ULL;
2905 DWORD nCount = 0;
2906 HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 };
2907
2908 WINPR_ASSERT(tsg);
2909
2910 rdpRpc* rpc = tsg->rpc;
2911 WINPR_ASSERT(rpc);
2912
2913 rdpTransport* transport = rpc->transport;
2914 rdpContext* context = transport_get_context(transport);
2915 WINPR_ASSERT(context);
2916
2917 rdpSettings* settings = context->settings;
2918
2919 freerdp_set_last_error(context, ERROR_SUCCESS);
2920
2921 tsg->Port = port;
2922 tsg->transport = transport;
2923
2924 if (!settings->GatewayPort)
2925 settings->GatewayPort = 443;
2926
2927 if (!tsg_set_hostname(tsg, hostname))
2928 return FALSE;
2929
2930 if (!tsg_set_machine_name(tsg, settings->ComputerName))
2931 return FALSE;
2932
2933 if (!rpc_connect(rpc, timeout))
2934 {
2935 WLog_Print(tsg->log, WLOG_ERROR, "rpc_connect error!");
2936 return FALSE;
2937 }
2938
2939 nCount = tsg_get_event_handles(tsg, events, ARRAYSIZE(events));
2940
2941 if (nCount == 0)
2942 return FALSE;
2943
2944 while (tsg->state != TSG_STATE_PIPE_CREATED)
2945 {
2946 const DWORD polltimeout = 250;
2947 DWORD status = WaitForMultipleObjects(nCount, events, FALSE, polltimeout);
2948 if (status == WAIT_TIMEOUT)
2949 {
2950 if (timeout > 0)
2951 {
2952 if (looptimeout < polltimeout)
2953 return FALSE;
2954 looptimeout -= polltimeout;
2955 }
2956 }
2957 else
2958 looptimeout = timeout * 1000ULL;
2959
2960 if (!tsg_check_event_handles(tsg))
2961 {
2962 WLog_Print(tsg->log, WLOG_ERROR, "tsg_check failure");
2963 transport_set_layer(transport, TRANSPORT_LAYER_CLOSED);
2964 return FALSE;
2965 }
2966 }
2967
2968 WLog_Print(tsg->log, WLOG_INFO, "TS Gateway Connection Success");
2969 tsg->bio = BIO_new(BIO_s_tsg());
2970
2971 if (!tsg->bio)
2972 return FALSE;
2973
2974 BIO_set_data(tsg->bio, (void*)tsg);
2975 return TRUE;
2976}
2977
2978BOOL tsg_disconnect(rdpTsg* tsg)
2979{
2999 if (!tsg)
3000 return FALSE;
3001
3002 if (tsg->state != TSG_STATE_TUNNEL_CLOSE_PENDING)
3003 {
3004 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->ChannelContext))
3005 return FALSE;
3006
3007 return tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING);
3008 }
3009
3010 return TRUE;
3011}
3012
3024static int tsg_read(rdpTsg* tsg, BYTE* data, size_t length)
3025{
3026 rdpRpc* rpc = NULL;
3027 int status = 0;
3028
3029 if (!tsg || !data)
3030 return -1;
3031
3032 rpc = tsg->rpc;
3033
3034 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
3035 {
3036 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
3037 return -1;
3038 }
3039
3040 do
3041 {
3042 status = rpc_client_receive_pipe_read(rpc->client, data, length);
3043
3044 if (status < 0)
3045 return -1;
3046
3047 if (!status && !transport_get_blocking(rpc->transport))
3048 return 0;
3049
3050 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
3051 {
3052 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
3053 return -1;
3054 }
3055
3056 if (status > 0)
3057 break;
3058
3059 if (transport_get_blocking(rpc->transport))
3060 {
3061 while (WaitForSingleObject(rpc->client->PipeEvent, 0) != WAIT_OBJECT_0)
3062 {
3063 if (!tsg_check_event_handles(tsg))
3064 return -1;
3065
3066 (void)WaitForSingleObject(rpc->client->PipeEvent, 100);
3067 }
3068 }
3069 } while (transport_get_blocking(rpc->transport));
3070
3071 return status;
3072}
3073
3074static int tsg_write(rdpTsg* tsg, const BYTE* data, UINT32 length)
3075{
3076 int status = 0;
3077
3078 if (!tsg || !data || !tsg->rpc || !tsg->rpc->transport)
3079 return -1;
3080
3081 if (transport_get_layer(tsg->rpc->transport) == TRANSPORT_LAYER_CLOSED)
3082 {
3083 WLog_Print(tsg->log, WLOG_ERROR, "error, connection lost");
3084 return -1;
3085 }
3086
3087 status = TsProxySendToServer((handle_t)tsg, data, 1, &length);
3088
3089 if (status < 0)
3090 return -1;
3091
3092 return (int)length;
3093}
3094
3095rdpTsg* tsg_new(rdpTransport* transport)
3096{
3097 rdpTsg* tsg = (rdpTsg*)calloc(1, sizeof(rdpTsg));
3098
3099 if (!tsg)
3100 return NULL;
3101 tsg->log = WLog_Get(TAG);
3102 tsg->transport = transport;
3103 tsg->rpc = rpc_new(tsg->transport);
3104
3105 if (!tsg->rpc)
3106 goto out_free;
3107
3108 return tsg;
3109out_free:
3110 free(tsg);
3111 return NULL;
3112}
3113
3114void tsg_free(rdpTsg* tsg)
3115{
3116 if (tsg)
3117 {
3118 rpc_free(tsg->rpc);
3119 free(tsg->Hostname);
3120 free(tsg->QuarreQuest.machineName);
3121 free(tsg->QuarreQuest.data);
3122 free(tsg);
3123 }
3124}
3125
3126static int transport_bio_tsg_write(BIO* bio, const char* buf, int num)
3127{
3128 int status = 0;
3129 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3130 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
3131
3132 if (num < 0)
3133 return -1;
3134 status = tsg_write(tsg, (const BYTE*)buf, (UINT32)num);
3135
3136 if (status < 0)
3137 {
3138 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3139 return -1;
3140 }
3141 else if (status == 0)
3142 {
3143 BIO_set_flags(bio, BIO_FLAGS_WRITE);
3144 WSASetLastError(WSAEWOULDBLOCK);
3145 }
3146 else
3147 {
3148 BIO_set_flags(bio, BIO_FLAGS_WRITE);
3149 }
3150
3151 return status >= 0 ? status : -1;
3152}
3153
3154static int transport_bio_tsg_read(BIO* bio, char* buf, int size)
3155{
3156 int status = 0;
3157 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3158
3159 if (!tsg || (size < 0))
3160 {
3161 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3162 return -1;
3163 }
3164
3165 BIO_clear_flags(bio, BIO_FLAGS_READ);
3166 status = tsg_read(tsg, (BYTE*)buf, (size_t)size);
3167
3168 if (status < 0)
3169 {
3170 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3171 return -1;
3172 }
3173 else if (status == 0)
3174 {
3175 BIO_set_flags(bio, BIO_FLAGS_READ);
3176 WSASetLastError(WSAEWOULDBLOCK);
3177 }
3178 else
3179 {
3180 BIO_set_flags(bio, BIO_FLAGS_READ);
3181 }
3182
3183 return status > 0 ? status : -1;
3184}
3185
3186static int transport_bio_tsg_puts(BIO* bio, const char* str)
3187{
3188 WINPR_UNUSED(bio);
3189 WINPR_UNUSED(str);
3190 return -2;
3191}
3192
3193// NOLINTNEXTLINE(readability-non-const-parameter)
3194static int transport_bio_tsg_gets(BIO* bio, char* str, int size)
3195{
3196 WINPR_UNUSED(bio);
3197 WINPR_UNUSED(str);
3198 WINPR_UNUSED(size);
3199 return 1;
3200}
3201
3202static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
3203{
3204 long status = -1;
3205 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3206 RpcVirtualConnection* connection = tsg->rpc->VirtualConnection;
3207 RpcInChannel* inChannel = connection->DefaultInChannel;
3208 RpcOutChannel* outChannel = connection->DefaultOutChannel;
3209
3210 switch (cmd)
3211 {
3212 case BIO_CTRL_FLUSH:
3213 (void)BIO_flush(inChannel->common.tls->bio);
3214 (void)BIO_flush(outChannel->common.tls->bio);
3215 status = 1;
3216 break;
3217
3218 case BIO_C_GET_EVENT:
3219 if (arg2)
3220 {
3221 *((HANDLE*)arg2) = tsg->rpc->client->PipeEvent;
3222 status = 1;
3223 }
3224
3225 break;
3226
3227 case BIO_C_SET_NONBLOCK:
3228 status = 1;
3229 break;
3230
3231 case BIO_C_READ_BLOCKED:
3232 {
3233 BIO* cbio = outChannel->common.bio;
3234 status = BIO_read_blocked(cbio);
3235 }
3236 break;
3237
3238 case BIO_C_WRITE_BLOCKED:
3239 {
3240 BIO* cbio = inChannel->common.bio;
3241 status = BIO_write_blocked(cbio);
3242 }
3243 break;
3244
3245 case BIO_C_WAIT_READ:
3246 {
3247 int timeout = (int)arg1;
3248 BIO* cbio = outChannel->common.bio;
3249
3250 if (BIO_read_blocked(cbio))
3251 return BIO_wait_read(cbio, timeout);
3252 else if (BIO_write_blocked(cbio))
3253 return BIO_wait_write(cbio, timeout);
3254 else
3255 status = 1;
3256 }
3257 break;
3258
3259 case BIO_C_WAIT_WRITE:
3260 {
3261 int timeout = (int)arg1;
3262 BIO* cbio = inChannel->common.bio;
3263
3264 if (BIO_write_blocked(cbio))
3265 status = BIO_wait_write(cbio, timeout);
3266 else if (BIO_read_blocked(cbio))
3267 status = BIO_wait_read(cbio, timeout);
3268 else
3269 status = 1;
3270 }
3271 break;
3272#if OPENSSL_VERSION_NUMBER >= 0x30000000L
3273 case BIO_CTRL_GET_KTLS_SEND:
3274 status = 0;
3275 break;
3276 case BIO_CTRL_GET_KTLS_RECV:
3277 status = 0;
3278 break;
3279#endif
3280 default:
3281 break;
3282 }
3283
3284 return status;
3285}
3286
3287static int transport_bio_tsg_new(BIO* bio)
3288{
3289 WINPR_ASSERT(bio);
3290 BIO_set_init(bio, 1);
3291 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3292 return 1;
3293}
3294
3295static int transport_bio_tsg_free(BIO* bio)
3296{
3297 WINPR_ASSERT(bio);
3298 WINPR_UNUSED(bio);
3299 return 1;
3300}
3301
3302BIO_METHOD* BIO_s_tsg(void)
3303{
3304 static BIO_METHOD* bio_methods = NULL;
3305
3306 if (bio_methods == NULL)
3307 {
3308 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway")))
3309 return NULL;
3310
3311 BIO_meth_set_write(bio_methods, transport_bio_tsg_write);
3312 BIO_meth_set_read(bio_methods, transport_bio_tsg_read);
3313 BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts);
3314 BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets);
3315 BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl);
3316 BIO_meth_set_create(bio_methods, transport_bio_tsg_new);
3317 BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free);
3318 }
3319
3320 return bio_methods;
3321}
3322
3323TSG_STATE tsg_get_state(rdpTsg* tsg)
3324{
3325 if (!tsg)
3326 return TSG_STATE_INITIAL;
3327
3328 return tsg->state;
3329}
3330
3331BIO* tsg_get_bio(rdpTsg* tsg)
3332{
3333 if (!tsg)
3334 return NULL;
3335
3336 return tsg->bio;
3337}
3338
3339BOOL tsg_set_state(rdpTsg* tsg, TSG_STATE state)
3340{
3341 if (!tsg)
3342 return FALSE;
3343
3344 tsg->state = state;
3345 return TRUE;
3346}
CONTEXT_HANDLE
Definition winpr/include/winpr/rpc.h:26
RPC_PDU
Definition libfreerdp/core/gateway/rpc.h:66
p_uuid_t
Definition libfreerdp/core/gateway/rpc.h:150