FreeRDP
Loading...
Searching...
No Matches
rpc_bind.c
1
20#include <freerdp/config.h>
21
22#include "../settings.h"
23
24#include <winpr/crt.h>
25#include <winpr/assert.h>
26#include <winpr/cast.h>
27
28#include <freerdp/log.h>
29
30#include "rpc_client.h"
31
32#include "rts.h"
33
34#include "rpc_bind.h"
35#include "../utils.h"
36
37#define TAG FREERDP_TAG("core.gateway.rpc")
38
39#define AUTH_PKG NTLM_SSP_NAME
40
46/* Syntax UUIDs */
47
48const p_uuid_t TSGU_UUID = {
49 0x44E265DD, /* time_low */
50 0x7DAF, /* time_mid */
51 0x42CD, /* time_hi_and_version */
52 0x85, /* clock_seq_hi_and_reserved */
53 0x60, /* clock_seq_low */
54 { 0x3C, 0xDB, 0x6E, 0x7A, 0x27, 0x29 } /* node[6] */
55};
56
57const p_uuid_t NDR_UUID = {
58 0x8A885D04, /* time_low */
59 0x1CEB, /* time_mid */
60 0x11C9, /* time_hi_and_version */
61 0x9F, /* clock_seq_hi_and_reserved */
62 0xE8, /* clock_seq_low */
63 { 0x08, 0x00, 0x2B, 0x10, 0x48, 0x60 } /* node[6] */
64};
65
66const p_uuid_t BTFN_UUID = {
67 0x6CB71C2C, /* time_low */
68 0x9812, /* time_mid */
69 0x4540, /* time_hi_and_version */
70 0x03, /* clock_seq_hi_and_reserved */
71 0x00, /* clock_seq_low */
72 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } /* node[6] */
73};
74
112static int rpc_bind_setup(rdpRpc* rpc)
113{
114 SEC_WINNT_AUTH_IDENTITY identity = { 0 };
115
116 WINPR_ASSERT(rpc);
117
118 rdpContext* context = transport_get_context(rpc->transport);
119 WINPR_ASSERT(context);
120
121 rdpSettings* settings = context->settings;
122 WINPR_ASSERT(settings);
123
124 freerdp* instance = context->instance;
125 WINPR_ASSERT(instance);
126
127 credssp_auth_free(rpc->auth);
128 rpc->auth = credssp_auth_new(context);
129 if (!rpc->auth)
130 return -1;
131
132 auth_status rc = utils_authenticate_gateway(instance, GW_AUTH_RPC);
133 switch (rc)
134 {
135 case AUTH_SUCCESS:
136 case AUTH_SKIP:
137 break;
138 case AUTH_CANCELLED:
139 freerdp_set_last_error_log(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
140 return -1;
141 case AUTH_NO_CREDENTIALS:
142 WLog_INFO(TAG, "No credentials provided - using NULL identity");
143 break;
144 case AUTH_FAILED:
145 default:
146 return -1;
147 }
148
149 if (!credssp_auth_init(rpc->auth, AUTH_PKG, NULL))
150 return -1;
151
152 if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername,
153 FreeRDP_GatewayDomain, FreeRDP_GatewayPassword))
154 return -1;
155
156 SEC_WINNT_AUTH_IDENTITY* identityArg = (settings->GatewayUsername ? &identity : NULL);
157 if (!credssp_auth_setup_client(rpc->auth, NULL, settings->GatewayHostname, identityArg, NULL))
158 {
159 sspi_FreeAuthIdentity(&identity);
160 return -1;
161 }
162 sspi_FreeAuthIdentity(&identity);
163
164 credssp_auth_set_flags(rpc->auth, ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE |
165 ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT);
166
167 if (credssp_auth_authenticate(rpc->auth) < 0)
168 return -1;
169
170 return 1;
171}
172
173int rpc_send_bind_pdu(rdpRpc* rpc, BOOL initial)
174{
175 int status = -1;
176 wStream* buffer = NULL;
177 UINT32 offset = 0;
178 RpcClientCall* clientCall = NULL;
179 p_cont_elem_t* p_cont_elem = NULL;
180 rpcconn_bind_hdr_t bind_pdu = { 0 };
181 RpcVirtualConnection* connection = NULL;
182 RpcInChannel* inChannel = NULL;
183 const SecBuffer* sbuffer = NULL;
184
185 WINPR_ASSERT(rpc);
186
187 connection = rpc->VirtualConnection;
188
189 WINPR_ASSERT(connection);
190
191 inChannel = connection->DefaultInChannel;
192
193 if (initial && rpc_bind_setup(rpc) < 0)
194 return -1;
195
196 WLog_DBG(TAG, initial ? "Sending Bind PDU" : "Sending Alter Context PDU");
197
198 sbuffer = credssp_auth_get_output_buffer(rpc->auth);
199
200 if (!sbuffer)
201 goto fail;
202
203 bind_pdu.header = rpc_pdu_header_init(rpc);
204 bind_pdu.header.auth_length = (UINT16)sbuffer->cbBuffer;
205 bind_pdu.auth_verifier.auth_value = sbuffer->pvBuffer;
206 bind_pdu.header.ptype = initial ? PTYPE_BIND : PTYPE_ALTER_CONTEXT;
207 bind_pdu.header.pfc_flags =
208 PFC_FIRST_FRAG | PFC_LAST_FRAG | PFC_SUPPORT_HEADER_SIGN | PFC_CONC_MPX;
209 bind_pdu.header.call_id = 2;
210 bind_pdu.max_xmit_frag = rpc->max_xmit_frag;
211 bind_pdu.max_recv_frag = rpc->max_recv_frag;
212 bind_pdu.assoc_group_id = 0;
213 bind_pdu.p_context_elem.n_context_elem = 2;
214 bind_pdu.p_context_elem.reserved = 0;
215 bind_pdu.p_context_elem.reserved2 = 0;
216 bind_pdu.p_context_elem.p_cont_elem =
217 calloc(bind_pdu.p_context_elem.n_context_elem, sizeof(p_cont_elem_t));
218
219 if (!bind_pdu.p_context_elem.p_cont_elem)
220 goto fail;
221
222 p_cont_elem = &bind_pdu.p_context_elem.p_cont_elem[0];
223 p_cont_elem->p_cont_id = 0;
224 p_cont_elem->n_transfer_syn = 1;
225 p_cont_elem->reserved = 0;
226 CopyMemory(&(p_cont_elem->abstract_syntax.if_uuid), &TSGU_UUID, sizeof(p_uuid_t));
227 p_cont_elem->abstract_syntax.if_version = TSGU_SYNTAX_IF_VERSION;
228 p_cont_elem->transfer_syntaxes = malloc(sizeof(p_syntax_id_t));
229
230 if (!p_cont_elem->transfer_syntaxes)
231 goto fail;
232
233 CopyMemory(&(p_cont_elem->transfer_syntaxes[0].if_uuid), &NDR_UUID, sizeof(p_uuid_t));
234 p_cont_elem->transfer_syntaxes[0].if_version = NDR_SYNTAX_IF_VERSION;
235 p_cont_elem = &bind_pdu.p_context_elem.p_cont_elem[1];
236 p_cont_elem->p_cont_id = 1;
237 p_cont_elem->n_transfer_syn = 1;
238 p_cont_elem->reserved = 0;
239 CopyMemory(&(p_cont_elem->abstract_syntax.if_uuid), &TSGU_UUID, sizeof(p_uuid_t));
240 p_cont_elem->abstract_syntax.if_version = TSGU_SYNTAX_IF_VERSION;
241 p_cont_elem->transfer_syntaxes = malloc(sizeof(p_syntax_id_t));
242
243 if (!p_cont_elem->transfer_syntaxes)
244 goto fail;
245
246 CopyMemory(&(p_cont_elem->transfer_syntaxes[0].if_uuid), &BTFN_UUID, sizeof(p_uuid_t));
247 p_cont_elem->transfer_syntaxes[0].if_version = BTFN_SYNTAX_IF_VERSION;
248 offset = 116;
249
250 bind_pdu.auth_verifier.auth_type =
251 rpc_auth_pkg_to_security_provider(credssp_auth_pkg_name(rpc->auth));
252 bind_pdu.auth_verifier.auth_level = RPC_C_AUTHN_LEVEL_PKT_INTEGRITY;
253 bind_pdu.auth_verifier.auth_reserved = 0x00;
254 bind_pdu.auth_verifier.auth_context_id = 0x00000000;
255 offset += (8 + bind_pdu.header.auth_length);
256
257 WINPR_ASSERT(offset <= UINT16_MAX);
258 bind_pdu.header.frag_length = (UINT16)offset;
259
260 buffer = Stream_New(NULL, bind_pdu.header.frag_length);
261
262 if (!buffer)
263 goto fail;
264
265 if (!rts_write_pdu_bind(buffer, &bind_pdu))
266 goto fail;
267
268 clientCall = rpc_client_call_new(bind_pdu.header.call_id, 0);
269
270 if (!clientCall)
271 goto fail;
272
273 if (!ArrayList_Append(rpc->client->ClientCallList, clientCall))
274 {
275 rpc_client_call_free(clientCall);
276 goto fail;
277 }
278
279 Stream_SealLength(buffer);
280 status = rpc_in_channel_send_pdu(inChannel, Stream_Buffer(buffer), Stream_Length(buffer));
281fail:
282
283 if (bind_pdu.p_context_elem.p_cont_elem)
284 {
285 free(bind_pdu.p_context_elem.p_cont_elem[0].transfer_syntaxes);
286 free(bind_pdu.p_context_elem.p_cont_elem[1].transfer_syntaxes);
287 }
288
289 free(bind_pdu.p_context_elem.p_cont_elem);
290 bind_pdu.p_context_elem.p_cont_elem = NULL;
291
292 Stream_Free(buffer, TRUE);
293 return (status > 0) ? 1 : -1;
294}
295
322BOOL rpc_recv_bind_ack_pdu(rdpRpc* rpc, wStream* s)
323{
324 BOOL rc = FALSE;
325 const BYTE* auth_data = NULL;
326 size_t pos = 0;
327 size_t end = 0;
328 rpcconn_hdr_t header = { 0 };
329 SecBuffer buffer = { 0 };
330
331 WINPR_ASSERT(rpc);
332 WINPR_ASSERT(rpc->auth);
333 WINPR_ASSERT(s);
334
335 pos = Stream_GetPosition(s);
336 if (!rts_read_pdu_header(s, &header))
337 goto fail;
338
339 WLog_DBG(TAG, header.common.ptype == PTYPE_BIND_ACK ? "Receiving BindAck PDU"
340 : "Receiving AlterContextResp PDU");
341
342 rpc->max_recv_frag = header.bind_ack.max_xmit_frag;
343 rpc->max_xmit_frag = header.bind_ack.max_recv_frag;
344
345 /* Get the correct offset in the input data and pass that on as input buffer.
346 * rts_read_pdu_header did already do consistency checks */
347 end = Stream_GetPosition(s);
348 Stream_SetPosition(s, pos + header.common.frag_length - header.common.auth_length);
349 auth_data = Stream_ConstPointer(s);
350 Stream_SetPosition(s, end);
351
352 buffer.cbBuffer = header.common.auth_length;
353 buffer.pvBuffer = malloc(buffer.cbBuffer);
354 if (!buffer.pvBuffer)
355 goto fail;
356 memcpy(buffer.pvBuffer, auth_data, buffer.cbBuffer);
357 credssp_auth_take_input_buffer(rpc->auth, &buffer);
358
359 if (credssp_auth_authenticate(rpc->auth) < 0)
360 goto fail;
361
362 rc = TRUE;
363fail:
364 rts_free_pdu_header(&header, FALSE);
365 return rc;
366}
367
375int rpc_send_rpc_auth_3_pdu(rdpRpc* rpc)
376{
377 int status = -1;
378 wStream* buffer = NULL;
379 size_t offset = 0;
380 const SecBuffer* sbuffer = NULL;
381 RpcClientCall* clientCall = NULL;
382 rpcconn_rpc_auth_3_hdr_t auth_3_pdu = { 0 };
383 RpcVirtualConnection* connection = NULL;
384 RpcInChannel* inChannel = NULL;
385
386 WINPR_ASSERT(rpc);
387
388 connection = rpc->VirtualConnection;
389 WINPR_ASSERT(connection);
390
391 inChannel = connection->DefaultInChannel;
392 WINPR_ASSERT(inChannel);
393
394 WLog_DBG(TAG, "Sending RpcAuth3 PDU");
395
396 sbuffer = credssp_auth_get_output_buffer(rpc->auth);
397
398 if (!sbuffer)
399 return -1;
400
401 auth_3_pdu.header = rpc_pdu_header_init(rpc);
402 auth_3_pdu.header.auth_length = (UINT16)sbuffer->cbBuffer;
403 auth_3_pdu.auth_verifier.auth_value = sbuffer->pvBuffer;
404 auth_3_pdu.header.ptype = PTYPE_RPC_AUTH_3;
405 auth_3_pdu.header.pfc_flags = PFC_FIRST_FRAG | PFC_LAST_FRAG | PFC_CONC_MPX;
406 auth_3_pdu.header.call_id = 2;
407 auth_3_pdu.max_xmit_frag = rpc->max_xmit_frag;
408 auth_3_pdu.max_recv_frag = rpc->max_recv_frag;
409 offset = 20;
410
411 const size_t align = rpc_offset_align(&offset, 4);
412 WINPR_ASSERT(align <= UINT8_MAX);
413 auth_3_pdu.auth_verifier.auth_pad_length = (BYTE)align;
414 auth_3_pdu.auth_verifier.auth_type =
415 rpc_auth_pkg_to_security_provider(credssp_auth_pkg_name(rpc->auth));
416 auth_3_pdu.auth_verifier.auth_level = RPC_C_AUTHN_LEVEL_PKT_INTEGRITY;
417 auth_3_pdu.auth_verifier.auth_reserved = 0x00;
418 auth_3_pdu.auth_verifier.auth_context_id = 0x00000000;
419 offset += (8 + auth_3_pdu.header.auth_length);
420
421 WINPR_ASSERT(offset <= UINT16_MAX);
422 auth_3_pdu.header.frag_length = (UINT16)offset;
423
424 buffer = Stream_New(NULL, auth_3_pdu.header.frag_length);
425
426 if (!buffer)
427 return -1;
428
429 if (!rts_write_pdu_auth3(buffer, &auth_3_pdu))
430 goto fail;
431
432 clientCall = rpc_client_call_new(auth_3_pdu.header.call_id, 0);
433
434 if (ArrayList_Append(rpc->client->ClientCallList, clientCall))
435 {
436 Stream_SealLength(buffer);
437 status = rpc_in_channel_send_pdu(inChannel, Stream_Buffer(buffer), Stream_Length(buffer));
438 }
439
440fail:
441 Stream_Free(buffer, TRUE);
442 return (status > 0) ? 1 : -1;
443}
444
445enum RPC_BIND_STATE rpc_bind_state(rdpRpc* rpc)
446{
447 BOOL complete = 0;
448 BOOL have_token = 0;
449 WINPR_ASSERT(rpc);
450
451 complete = credssp_auth_is_complete(rpc->auth);
452 have_token = credssp_auth_have_output_token(rpc->auth);
453
454 return complete ? (have_token ? RPC_BIND_STATE_LAST_LEG : RPC_BIND_STATE_COMPLETE)
455 : RPC_BIND_STATE_INCOMPLETE;
456}
457
458BYTE rpc_auth_pkg_to_security_provider(const char* name)
459{
460 if (strcmp(name, CREDSSP_AUTH_PKG_SPNEGO) == 0)
461 return RPC_C_AUTHN_GSS_NEGOTIATE;
462 else if (strcmp(name, CREDSSP_AUTH_PKG_NTLM) == 0)
463 return RPC_C_AUTHN_WINNT;
464 else if (strcmp(name, CREDSSP_AUTH_PKG_KERBEROS) == 0)
465 return RPC_C_AUTHN_GSS_KERBEROS;
466 else if (strcmp(name, CREDSSP_AUTH_PKG_SCHANNEL) == 0)
467 return RPC_C_AUTHN_GSS_SCHANNEL;
468 else
469 return RPC_C_AUTHN_NONE;
470}
p_cont_elem_t
Definition libfreerdp/core/gateway/rpc.h:189
p_syntax_id_t
Definition libfreerdp/core/gateway/rpc.h:183
p_uuid_t
Definition libfreerdp/core/gateway/rpc.h:150
rpcconn_bind_hdr_t
Definition libfreerdp/core/gateway/rpc.h:344
rpcconn_rpc_auth_3_hdr_t
Definition libfreerdp/core/gateway/rpc.h:374
rpcconn_hdr_t
Definition libfreerdp/core/gateway/rpc.h:532