FreeRDP
Loading...
Searching...
No Matches
tsg.c
1
23#include <freerdp/config.h>
24
25#include "../settings.h"
26
27#include <winpr/assert.h>
28#include <winpr/crt.h>
29#include <winpr/error.h>
30#include <winpr/print.h>
31#include <winpr/stream.h>
32
33#include <freerdp/log.h>
34
35#include "rpc_bind.h"
36#include "rpc_client.h"
37#include "tsg.h"
38#include "../utils.h"
39#include "../../crypto/opensslcompat.h"
40
41#define TAG FREERDP_TAG("core.gateway.tsg")
42
43#define TSG_CAPABILITY_TYPE_NAP 0x00000001
44
45#define TSG_PACKET_TYPE_HEADER 0x00004844
46#define TSG_PACKET_TYPE_VERSIONCAPS 0x00005643
47#define TSG_PACKET_TYPE_QUARCONFIGREQUEST 0x00005143
48#define TSG_PACKET_TYPE_QUARREQUEST 0x00005152
49#define TSG_PACKET_TYPE_RESPONSE 0x00005052
50#define TSG_PACKET_TYPE_QUARENC_RESPONSE 0x00004552
51#define TSG_PACKET_TYPE_CAPS_RESPONSE 0x00004350
52#define TSG_PACKET_TYPE_MSGREQUEST_PACKET 0x00004752
53#define TSG_PACKET_TYPE_MESSAGE_PACKET 0x00004750
54#define TSG_PACKET_TYPE_AUTH 0x00004054
55#define TSG_PACKET_TYPE_REAUTH 0x00005250
56
57typedef WCHAR* RESOURCENAME;
58
59typedef struct
60{
61 RESOURCENAME* resourceName;
62 UINT32 numResourceNames;
63 RESOURCENAME* alternateResourceNames;
64 UINT16 numAlternateResourceNames;
65 UINT32 Port;
66} TSENDPOINTINFO;
67
68typedef struct
69{
70 UINT16 ComponentId;
71 UINT16 PacketId;
72} TSG_PACKET_HEADER;
73
74typedef struct
75{
76 UINT32 capabilities;
77} TSG_CAPABILITY_NAP;
78
79typedef union
80{
81 TSG_CAPABILITY_NAP tsgCapNap;
82} TSG_CAPABILITIES_UNION;
83
84typedef struct
85{
86 UINT32 capabilityType;
87 TSG_CAPABILITIES_UNION tsgPacket;
88} TSG_PACKET_CAPABILITIES;
89
90typedef struct
91{
92 TSG_PACKET_HEADER tsgHeader;
93 TSG_PACKET_CAPABILITIES tsgCaps;
94 UINT32 numCapabilities;
95 UINT16 majorVersion;
96 UINT16 minorVersion;
97 UINT16 quarantineCapabilities;
98} TSG_PACKET_VERSIONCAPS;
99
100typedef struct
101{
102 UINT32 flags;
103} TSG_PACKET_QUARCONFIGREQUEST;
104
105typedef struct
106{
107 UINT32 flags;
108 WCHAR* machineName;
109 UINT32 nameLength;
110 BYTE* data;
111 UINT32 dataLen;
112} TSG_PACKET_QUARREQUEST;
113
114typedef struct
115{
116 BOOL enableAllRedirections;
117 BOOL disableAllRedirections;
118 BOOL driveRedirectionDisabled;
119 BOOL printerRedirectionDisabled;
120 BOOL portRedirectionDisabled;
121 BOOL reserved;
122 BOOL clipboardRedirectionDisabled;
123 BOOL pnpRedirectionDisabled;
124} TSG_REDIRECTION_FLAGS;
125
126typedef struct
127{
128 UINT32 flags;
129 UINT32 reserved;
130 BYTE* responseData;
131 UINT32 responseDataLen;
132 TSG_REDIRECTION_FLAGS redirectionFlags;
133} TSG_PACKET_RESPONSE;
134
135typedef struct
136{
137 UINT32 flags;
138 UINT32 certChainLen;
139 WCHAR* certChainData;
140 GUID nonce;
141 TSG_PACKET_VERSIONCAPS versionCaps;
142} TSG_PACKET_QUARENC_RESPONSE;
143
144typedef struct
145{
146 INT32 isDisplayMandatory;
147 INT32 isConsentMandatory;
148 UINT32 msgBytes;
149 WCHAR* msgBuffer;
150} TSG_PACKET_STRING_MESSAGE;
151
152typedef struct
153{
154 UINT64 tunnelContext;
155} TSG_PACKET_REAUTH_MESSAGE;
156
157typedef struct
158{
159 UINT32 msgID;
160 UINT32 msgType;
161 INT32 isMsgPresent;
162} TSG_PACKET_MSG_RESPONSE;
163
164typedef struct
165{
166 TSG_PACKET_QUARENC_RESPONSE pktQuarEncResponse;
167 TSG_PACKET_MSG_RESPONSE pktConsentMessage;
168} TSG_PACKET_CAPS_RESPONSE;
169
170typedef struct
171{
172 UINT32 maxMessagesPerBatch;
173} TSG_PACKET_MSG_REQUEST;
174
175typedef struct
176{
177 TSG_PACKET_VERSIONCAPS tsgVersionCaps;
178 UINT32 cookieLen;
179 BYTE* cookie;
180} TSG_PACKET_AUTH;
181
182typedef union
183{
184 TSG_PACKET_VERSIONCAPS packetVersionCaps;
185 TSG_PACKET_AUTH packetAuth;
186} TSG_INITIAL_PACKET_TYPE_UNION;
187
188typedef struct
189{
190 UINT64 tunnelContext;
191 UINT32 packetId;
192 TSG_INITIAL_PACKET_TYPE_UNION tsgInitialPacket;
193} TSG_PACKET_REAUTH;
194
195typedef union
196{
197 TSG_PACKET_HEADER packetHeader;
198 TSG_PACKET_VERSIONCAPS packetVersionCaps;
199 TSG_PACKET_QUARCONFIGREQUEST packetQuarConfigRequest;
200 TSG_PACKET_QUARREQUEST packetQuarRequest;
201 TSG_PACKET_RESPONSE packetResponse;
202 TSG_PACKET_QUARENC_RESPONSE packetQuarEncResponse;
203 TSG_PACKET_CAPS_RESPONSE packetCapsResponse;
204 TSG_PACKET_MSG_REQUEST packetMsgRequest;
205 TSG_PACKET_MSG_RESPONSE packetMsgResponse;
206 TSG_PACKET_AUTH packetAuth;
207 TSG_PACKET_REAUTH packetReauth;
208} TSG_PACKET_TYPE_UNION;
209
210typedef struct
211{
212 UINT32 packetId;
213 TSG_PACKET_TYPE_UNION tsgPacket;
214} TSG_PACKET;
215
216struct rdp_tsg
217{
218 BIO* bio;
219 rdpRpc* rpc;
220 UINT16 Port;
221 LPWSTR Hostname;
222 LPWSTR MachineName;
223 TSG_STATE state;
224 UINT32 TunnelId;
225 UINT32 ChannelId;
226 BOOL reauthSequence;
227 rdpTransport* transport;
228 UINT64 ReauthTunnelContext;
229 CONTEXT_HANDLE TunnelContext;
230 CONTEXT_HANDLE ChannelContext;
231 CONTEXT_HANDLE NewTunnelContext;
232 CONTEXT_HANDLE NewChannelContext;
233 wLog* log;
234};
235
236static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
237 TSG_PACKET_STRING_MESSAGE* msg);
238static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align);
239
240static const char* tsg_packet_id_to_string(UINT32 packetId)
241{
242 switch (packetId)
243 {
244 case TSG_PACKET_TYPE_HEADER:
245 return "TSG_PACKET_TYPE_HEADER";
246 case TSG_PACKET_TYPE_VERSIONCAPS:
247 return "TSG_PACKET_TYPE_VERSIONCAPS";
248 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
249 return "TSG_PACKET_TYPE_QUARCONFIGREQUEST";
250 case TSG_PACKET_TYPE_QUARREQUEST:
251 return "TSG_PACKET_TYPE_QUARREQUEST";
252 case TSG_PACKET_TYPE_RESPONSE:
253 return "TSG_PACKET_TYPE_RESPONSE";
254 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
255 return "TSG_PACKET_TYPE_QUARENC_RESPONSE";
256 case TSG_CAPABILITY_TYPE_NAP:
257 return "TSG_CAPABILITY_TYPE_NAP";
258 case TSG_PACKET_TYPE_CAPS_RESPONSE:
259 return "TSG_PACKET_TYPE_CAPS_RESPONSE";
260 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
261 return "TSG_PACKET_TYPE_MSGREQUEST_PACKET";
262 case TSG_PACKET_TYPE_MESSAGE_PACKET:
263 return "TSG_PACKET_TYPE_MESSAGE_PACKET";
264 case TSG_PACKET_TYPE_AUTH:
265 return "TSG_PACKET_TYPE_AUTH";
266 case TSG_PACKET_TYPE_REAUTH:
267 return "TSG_PACKET_TYPE_REAUTH";
268 default:
269 return "UNKNOWN";
270 }
271}
272
273static const char* tsg_component_id_to_string(UINT16 ComponentId, char* buffer, size_t bytelen)
274{
275 const char* str = NULL;
276
277#define ENTRY(x) \
278 case x: \
279 str = #x; \
280 break
281 switch (ComponentId)
282 {
283 ENTRY(TS_GATEWAY_TRANSPORT);
284 default:
285 str = "TS_UNKNOWN";
286 break;
287 }
288#undef ENTRY
289
290 (void)_snprintf(buffer, bytelen, "%s [0x%04" PRIx16 "]", str, ComponentId);
291 return buffer;
292}
293
294static const char* tsg_state_to_string(TSG_STATE state)
295{
296 switch (state)
297 {
298 case TSG_STATE_INITIAL:
299 return "TSG_STATE_INITIAL";
300 case TSG_STATE_CONNECTED:
301 return "TSG_STATE_CONNECTED";
302 case TSG_STATE_AUTHORIZED:
303 return "TSG_STATE_AUTHORIZED";
304 case TSG_STATE_CHANNEL_CREATED:
305 return "TSG_STATE_CHANNEL_CREATED";
306 case TSG_STATE_PIPE_CREATED:
307 return "TSG_STATE_PIPE_CREATED";
308 case TSG_STATE_TUNNEL_CLOSE_PENDING:
309 return "TSG_STATE_TUNNEL_CLOSE_PENDING";
310 case TSG_STATE_CHANNEL_CLOSE_PENDING:
311 return "TSG_STATE_CHANNEL_CLOSE_PENDING";
312 case TSG_STATE_FINAL:
313 return "TSG_STATE_FINAL";
314 default:
315 return "TSG_STATE_UNKNOWN";
316 }
317}
318
319static BOOL TsProxyReadTunnelContext(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext)
320{
321 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 20))
322 return FALSE;
323
324 WINPR_ASSERT(tunnelContext);
325 Stream_Read_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
326 Stream_Read(s, &tunnelContext->ContextUuid,
327 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
328 return TRUE;
329}
330
331static BOOL TsProxyWriteTunnelContext(WINPR_ATTR_UNUSED wLog* log, wStream* s,
332 const CONTEXT_HANDLE* tunnelContext)
333{
334 if (!Stream_EnsureRemainingCapacity(s, 20))
335 return FALSE;
336
337 Stream_Write_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
338 Stream_Write(s, &tunnelContext->ContextUuid,
339 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
340 return TRUE;
341}
342
343static BOOL tsg_ndr_pointer_write(WINPR_ATTR_UNUSED wLog* log, wStream* s, UINT32* index,
344 DWORD length)
345{
346 WINPR_ASSERT(index);
347 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
348
349 if (!s)
350 return FALSE;
351 if (!Stream_EnsureRemainingCapacity(s, 4))
352 return FALSE;
353
354 if (length > 0)
355 {
356 Stream_Write_UINT32(s, ndrPtr); /* mszGroupsNdrPtr (4 bytes) */
357 (*index) = (*index) + 1;
358 }
359 else
360 Stream_Write_UINT32(s, 0);
361 return TRUE;
362}
363
364static BOOL tsg_ndr_pointer_read(wLog* log, wStream* s, UINT32* index, UINT32* ptrval,
365 BOOL required)
366{
367 WINPR_ASSERT(index);
368 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
369
370 if (!s)
371 return FALSE;
372 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
373 return FALSE;
374
375 DWORD val = 0;
376 Stream_Read_UINT32(s, val);
377 if (ptrval)
378 *ptrval = val;
379
380 if (val != 0)
381 {
382 if (val != ndrPtr)
383 {
384 WLog_Print(log, WLOG_WARN, "Read NDR pointer 0x%04" PRIx32 " but expected 0x%04" PRIx32,
385 val, ndrPtr);
386 if ((val & 0xFFFF0000) != (ndrPtr & 0xFFFF0000))
387 return FALSE;
388 }
389 (*index)++;
390 }
391 else if (required)
392 {
393 WLog_Print(log, WLOG_ERROR, "NDR pointer == 0, but the field is required");
394 return FALSE;
395 }
396
397 return TRUE;
398}
399
400static BOOL tsg_ndr_write_string(WINPR_ATTR_UNUSED wLog* log, wStream* s, const WCHAR* str,
401 size_t length)
402{
403 if (!Stream_EnsureRemainingCapacity(s, 12 + length) || (length > UINT32_MAX))
404 return FALSE;
405
406 Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */
407 Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */
408 Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */
409 Stream_Write_UTF16_String(s, str, length); /* Array */
410 return TRUE;
411}
412
413static BOOL tsg_ndr_read_string(wLog* log, wStream* s, WCHAR** str, UINT32 lengthInBytes)
414{
415 UINT32 MaxCount = 0;
416 UINT32 Offset = 0;
417 UINT32 ActualCount = 0;
418
419 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
420 return FALSE;
421
422 Stream_Read_UINT32(s, MaxCount); /* MaxCount (4 bytes) */
423 Stream_Read_UINT32(s, Offset); /* Offset (4 bytes) */
424 Stream_Read_UINT32(s, ActualCount); /* ActualCount (4 bytes) */
425 if (ActualCount > MaxCount)
426 {
427 WLog_Print(log, WLOG_ERROR,
428 "failed to read string, ActualCount (%" PRIu32 ") > MaxCount (%" PRIu32 ")",
429 ActualCount, MaxCount);
430 return FALSE;
431 }
432 if (Offset != 0)
433 {
434 WLog_Print(log, WLOG_ERROR, "Unsupported Offset (%" PRIu32 "), expected 0", Offset);
435 return FALSE;
436 }
437 if (ActualCount > lengthInBytes / sizeof(WCHAR))
438 {
439 WLog_Print(log, WLOG_ERROR,
440 "failed to read string, ActualCount (%" PRIu32
441 ") * sizeof(WCHAR) > lengthInBytes (%" PRIu32 ")",
442 ActualCount, lengthInBytes);
443 return FALSE;
444 }
445 if (str)
446 *str = Stream_PointerAs(s, WCHAR);
447
448 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, ActualCount * sizeof(WCHAR)))
449 return FALSE;
450 Stream_Seek(s, ActualCount * sizeof(WCHAR));
451 return TRUE;
452}
453
454static BOOL tsg_ndr_read_packet_header(wLog* log, wStream* s, TSG_PACKET_HEADER* header)
455{
456 const UINT32 ComponentId = TS_GATEWAY_TRANSPORT;
457
458 WINPR_ASSERT(header);
459 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2, sizeof(UINT16)))
460 return FALSE;
461 Stream_Read_UINT16(s, header->ComponentId);
462 Stream_Read_UINT16(s, header->PacketId);
463
464 if (ComponentId != header->ComponentId)
465 {
466 char buffer[64] = { 0 };
467 char buffer2[64] = { 0 };
468 WLog_Print(log, WLOG_ERROR, "Unexpected ComponentId: %s, Expected %s",
469 tsg_component_id_to_string(header->ComponentId, buffer, sizeof(buffer)),
470 tsg_component_id_to_string(ComponentId, buffer2, sizeof(buffer2)));
471 return FALSE;
472 }
473
474 return TRUE;
475}
476
477static BOOL tsg_ndr_write_packet_header(WINPR_ATTR_UNUSED wLog* log, wStream* s,
478 const TSG_PACKET_HEADER* header)
479{
480 WINPR_ASSERT(header);
481 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT16)))
482 return FALSE;
483 Stream_Write_UINT16(s, header->ComponentId);
484 Stream_Write_UINT16(s, header->PacketId);
485 return TRUE;
486}
487
488static BOOL tsg_ndr_read_nap(wLog* log, wStream* s, TSG_CAPABILITY_NAP* nap)
489{
490 WINPR_ASSERT(nap);
491
492 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
493 return FALSE;
494 Stream_Read_UINT32(s, nap->capabilities);
495 return TRUE;
496}
497
498static BOOL tsg_ndr_write_nap(WINPR_ATTR_UNUSED wLog* log, wStream* s,
499 const TSG_CAPABILITY_NAP* nap)
500{
501 WINPR_ASSERT(nap);
502
503 if (!Stream_EnsureRemainingCapacity(s, 1 * sizeof(UINT32)))
504 return FALSE;
505 Stream_Write_UINT32(s, nap->capabilities);
506 return TRUE;
507}
508
509static BOOL tsg_ndr_read_tsg_caps(wLog* log, wStream* s, TSG_PACKET_CAPABILITIES* caps)
510{
511 UINT32 capabilityType = 0;
512 UINT32 count = 0;
513 WINPR_ASSERT(caps);
514
515 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 3, sizeof(UINT32)))
516 return FALSE;
517 Stream_Read_UINT32(s, count);
518 Stream_Read_UINT32(s, capabilityType);
519 Stream_Read_UINT32(s, caps->capabilityType);
520 if (capabilityType != caps->capabilityType)
521 {
522 WLog_Print(log, WLOG_ERROR, "Inconsistent data, capabilityType %s != %s",
523 tsg_packet_id_to_string(capabilityType),
524 tsg_packet_id_to_string(caps->capabilityType));
525 return FALSE;
526 }
527 switch (caps->capabilityType)
528 {
529 case TSG_CAPABILITY_TYPE_NAP:
530 if (count < 1)
531 {
532 WLog_Print(log, WLOG_ERROR, "Inconsistent data, capabilityType %s count=%" PRIu32,
533 tsg_packet_id_to_string(capabilityType), count);
534 return FALSE;
535 }
536 return tsg_ndr_read_nap(log, s, &caps->tsgPacket.tsgCapNap);
537 default:
538 WLog_Print(log, WLOG_ERROR,
539 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32
540 " [count=%" PRIu32 "]",
541 caps->capabilityType, count);
542 return FALSE;
543 }
544}
545
546static BOOL tsg_ndr_write_tsg_caps(wLog* log, wStream* s, const TSG_PACKET_CAPABILITIES* caps)
547{
548 WINPR_ASSERT(caps);
549
550 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT32)))
551 return FALSE;
552 Stream_Write_UINT32(s, caps->capabilityType);
553 Stream_Write_UINT32(s, caps->capabilityType);
554
555 switch (caps->capabilityType)
556 {
557 case TSG_CAPABILITY_TYPE_NAP:
558 return tsg_ndr_write_nap(log, s, &caps->tsgPacket.tsgCapNap);
559 default:
560 WLog_Print(log, WLOG_ERROR,
561 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32,
562 caps->capabilityType);
563 return FALSE;
564 }
565}
566
567static BOOL tsg_ndr_read_version_caps(wLog* log, wStream* s, UINT32* index,
568 TSG_PACKET_VERSIONCAPS* caps)
569{
570 WINPR_ASSERT(caps);
571 if (!tsg_ndr_read_packet_header(log, s, &caps->tsgHeader))
572 return FALSE;
573
574 UINT32 TSGCapsPtr = 0;
575 if (!tsg_ndr_pointer_read(log, s, index, &TSGCapsPtr, TRUE))
576 return FALSE;
577
578 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 10))
579 return FALSE;
580 Stream_Read_UINT32(s, caps->numCapabilities);
581 Stream_Read_UINT16(s, caps->majorVersion);
582 Stream_Read_UINT16(s, caps->minorVersion);
583 Stream_Read_UINT16(s, caps->quarantineCapabilities);
584 /* 4-byte alignment */
585 if (!tsg_stream_align(log, s, 4))
586 return FALSE;
587
588 if (caps->numCapabilities > 1)
589 {
590 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
591 caps->numCapabilities);
592 return FALSE;
593 }
594
595 return tsg_ndr_read_tsg_caps(log, s, &caps->tsgCaps);
596}
597
598static BOOL tsg_ndr_write_version_caps(wLog* log, wStream* s, UINT32* index,
599 const TSG_PACKET_VERSIONCAPS* caps)
600{
601 WINPR_ASSERT(caps);
602 if (!tsg_ndr_write_packet_header(log, s, &caps->tsgHeader))
603 return FALSE;
604
605 if (!tsg_ndr_pointer_write(log, s, index, 1)) /* TsgCapsPtr (4 bytes) */
606 return FALSE;
607
608 if (!Stream_EnsureRemainingCapacity(s, 10))
609 return FALSE;
610
611 if (caps->numCapabilities > 1)
612 {
613 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
614 caps->numCapabilities);
615 return FALSE;
616 }
617 Stream_Write_UINT32(s, caps->numCapabilities);
618 Stream_Write_UINT16(s, caps->majorVersion);
619 Stream_Write_UINT16(s, caps->minorVersion);
620 Stream_Write_UINT16(s, caps->quarantineCapabilities);
621
622 /* 4-byte alignment (30 + 2) */
623 Stream_Write_UINT16(s, 0x0000); /* pad (2 bytes) */
624 Stream_Write_UINT32(s, caps->numCapabilities); /* MaxCount (4 bytes) */
625 return tsg_ndr_write_tsg_caps(log, s, &caps->tsgCaps);
626}
627
628static BOOL tsg_ndr_read_quarenc_response(wLog* log, wStream* s, UINT32* index,
629 TSG_PACKET_QUARENC_RESPONSE* quarenc)
630{
631 WINPR_ASSERT(quarenc);
632 UINT32 CertChainDataPtr = 0;
633 UINT32 VersionCapsPtr = 0;
634
635 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
636 return FALSE;
637 Stream_Read_UINT32(s, quarenc->flags);
638 Stream_Read_UINT32(s, quarenc->certChainLen);
639
640 if (!tsg_ndr_pointer_read(log, s, index, &CertChainDataPtr, quarenc->certChainLen != 0))
641 return FALSE;
642
643 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(quarenc->nonce)))
644 return FALSE;
645 Stream_Read(s, &quarenc->nonce, sizeof(quarenc->nonce));
646
647 if (!tsg_ndr_pointer_read(log, s, index, &VersionCapsPtr, TRUE))
648 return FALSE;
649
650 return TRUE;
651}
652
653static BOOL tsg_ndr_read_quarenc_data(wLog* log, wStream* s, UINT32* index,
654 TSG_PACKET_QUARENC_RESPONSE* quarenc)
655{
656 WINPR_ASSERT(quarenc);
657
658 if (quarenc->certChainLen > 0)
659 {
660 /* [MS-TSGU] 2.2.9.2.1.6 TSG_PACKET_QUARENC_RESPONSE::certChainLen number of WCHAR */
661 if (!tsg_ndr_read_string(log, s, &quarenc->certChainData,
662 quarenc->certChainLen * sizeof(WCHAR)))
663 return FALSE;
664 /* 4-byte alignment */
665 if (!tsg_stream_align(log, s, 4))
666 return FALSE;
667 }
668
669 return tsg_ndr_read_version_caps(log, s, index, &quarenc->versionCaps);
670}
671
672static BOOL tsg_ndr_write_auth(wLog* log, wStream* s, UINT32* index, const TSG_PACKET_AUTH* auth)
673{
674 WINPR_ASSERT(auth);
675
676 if (!tsg_ndr_write_version_caps(log, s, index, &auth->tsgVersionCaps))
677 return FALSE;
678
679 if (!Stream_EnsureRemainingCapacity(s, 4))
680 return FALSE;
681
682 Stream_Write_UINT32(s, auth->cookieLen);
683 if (!tsg_ndr_pointer_write(log, s, index, auth->cookieLen))
684 return FALSE;
685
686 if (!Stream_EnsureRemainingCapacity(s, auth->cookieLen))
687 return FALSE;
688 Stream_Write(s, auth->cookie, auth->cookieLen);
689 return TRUE;
690}
691
692static BOOL tsg_ndr_write_reauth(wLog* log, wStream* s, UINT32* index,
693 const TSG_PACKET_REAUTH* auth)
694{
695 WINPR_ASSERT(auth);
696
697 if (!Stream_EnsureRemainingCapacity(s, 12))
698 return FALSE;
699
700 Stream_Write_UINT64(s, auth->tunnelContext); /* TunnelContext (8 bytes) */
701 Stream_Write_UINT32(s, auth->packetId); /* PacketId (4 bytes) */
702
703 switch (auth->packetId)
704 {
705 case TSG_PACKET_TYPE_VERSIONCAPS:
706 return tsg_ndr_write_version_caps(log, s, index,
707 &auth->tsgInitialPacket.packetVersionCaps);
708 case TSG_PACKET_TYPE_AUTH:
709 return tsg_ndr_write_auth(log, s, index, &auth->tsgInitialPacket.packetAuth);
710 default:
711 WLog_Print(log, WLOG_ERROR, "unexpected packetId %s",
712 tsg_packet_id_to_string(auth->packetId));
713 return FALSE;
714 }
715}
716
717static BOOL tsg_ndr_read_packet_response(wLog* log, wStream* s, UINT32* index,
718 TSG_PACKET_RESPONSE* response)
719{
720 UINT32 ResponseDataPtr = 0;
721
722 WINPR_ASSERT(response);
723
724 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2, sizeof(UINT32)))
725 return FALSE;
726 Stream_Read_UINT32(s, response->flags); /* Flags (4 bytes) */
727 Stream_Seek_UINT32(s); /* Reserved (4 bytes) */
728
729 if (response->flags != TSG_PACKET_TYPE_QUARREQUEST)
730 {
731 WLog_Print(log, WLOG_ERROR,
732 "Unexpected Packet Response Flags: 0x%08" PRIX32
733 ", Expected TSG_PACKET_TYPE_QUARREQUEST",
734 response->flags);
735 return FALSE;
736 }
737
738 if (!tsg_ndr_pointer_read(log, s, index, &ResponseDataPtr, TRUE))
739 return FALSE;
740
741 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 10, sizeof(UINT32)))
742 return FALSE;
743
744 Stream_Read_UINT32(s, response->responseDataLen); /* ResponseDataLength (4 bytes) */
745 Stream_Read_INT32(
746 s, response->redirectionFlags.enableAllRedirections); /* EnableAllRedirections (4 bytes) */
747 Stream_Read_INT32(
748 s,
749 response->redirectionFlags.disableAllRedirections); /* DisableAllRedirections (4 bytes) */
750 Stream_Read_INT32(s, response->redirectionFlags
751 .driveRedirectionDisabled); /* DriveRedirectionDisabled (4 bytes) */
752 Stream_Read_INT32(s,
753 response->redirectionFlags
754 .printerRedirectionDisabled); /* PrinterRedirectionDisabled (4 bytes) */
755 Stream_Read_INT32(
756 s,
757 response->redirectionFlags.portRedirectionDisabled); /* PortRedirectionDisabled (4 bytes) */
758 Stream_Read_INT32(s, response->redirectionFlags.reserved); /* Reserved (4 bytes) */
759 Stream_Read_INT32(
760 s, response->redirectionFlags
761 .clipboardRedirectionDisabled); /* ClipboardRedirectionDisabled (4 bytes) */
762 Stream_Read_INT32(
763 s,
764 response->redirectionFlags.pnpRedirectionDisabled); /* PnpRedirectionDisabled (4 bytes) */
765
766 const UINT32 MaxSizeValue = Stream_Get_UINT32(s); /* (4 bytes) */
767 const UINT32 MaxOffsetValue = Stream_Get_UINT32(s); /* (4 bytes) */
768
769 if (MaxSizeValue != response->responseDataLen)
770 {
771 WLog_Print(log, WLOG_ERROR, "Unexpected size value: %" PRIu32 ", expected: %" PRIu32 "",
772 MaxSizeValue, response->responseDataLen);
773 return FALSE;
774 }
775
776 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, MaxSizeValue))
777 return FALSE;
778
779 if (MaxSizeValue >= 4)
780 {
781 const UINT32 idleTimeout = Stream_Get_UINT32(s);
782 WLog_Print(log, WLOG_DEBUG, "[IDLE_TIMEOUT] idleTimeout=%" PRIu32 ": TODO: unused",
783 idleTimeout);
784 Stream_Seek(s, MaxSizeValue - 4);
785 }
786 else
787 Stream_Seek(s, MaxSizeValue); /* ResponseData */
788 return TRUE;
789}
790
791WINPR_ATTR_FORMAT_ARG(3, 4)
792static BOOL tsg_print(char** buffer, size_t* len, WINPR_FORMAT_ARG const char* fmt, ...)
793{
794 int rc = 0;
795 va_list ap = { 0 };
796 if (!buffer || !len || !fmt)
797 return FALSE;
798 va_start(ap, fmt);
799 rc = vsnprintf(*buffer, *len, fmt, ap);
800 va_end(ap);
801 if ((rc < 0) || ((size_t)rc > *len))
802 return FALSE;
803 *len -= (size_t)rc;
804 *buffer += (size_t)rc;
805 return TRUE;
806}
807
808static BOOL tsg_packet_header_to_string(char** buffer, size_t* length,
809 const TSG_PACKET_HEADER* header)
810{
811 WINPR_ASSERT(buffer);
812 WINPR_ASSERT(length);
813 WINPR_ASSERT(header);
814
815 return tsg_print(buffer, length,
816 "header { ComponentId=0x%04" PRIx16 ", PacketId=0x%04" PRIx16 " }",
817 header->ComponentId, header->PacketId);
818}
819
820static BOOL tsg_type_capability_nap_to_string(char** buffer, size_t* length,
821 const TSG_CAPABILITY_NAP* cur)
822{
823 WINPR_ASSERT(buffer);
824 WINPR_ASSERT(length);
825 WINPR_ASSERT(cur);
826
827 return tsg_print(buffer, length, "%s { capabilities=0x%08" PRIx32 " }",
828 tsg_packet_id_to_string(TSG_CAPABILITY_TYPE_NAP), cur->capabilities);
829}
830
831static BOOL tsg_packet_capabilities_to_string(char** buffer, size_t* length,
832 const TSG_PACKET_CAPABILITIES* caps, UINT32 numCaps)
833{
834 WINPR_ASSERT(buffer);
835 WINPR_ASSERT(length);
836 WINPR_ASSERT(caps);
837
838 if (!tsg_print(buffer, length, "capabilities { "))
839 return FALSE;
840
841 for (UINT32 x = 0; x < numCaps; x++)
842 {
843 const TSG_PACKET_CAPABILITIES* cur = &caps[x];
844 switch (cur->capabilityType)
845 {
846 case TSG_CAPABILITY_TYPE_NAP:
847 if (!tsg_type_capability_nap_to_string(buffer, length, &cur->tsgPacket.tsgCapNap))
848 return FALSE;
849 break;
850 default:
851 if (!tsg_print(buffer, length, "TSG_UNKNOWN_CAPABILITY"))
852 return FALSE;
853 break;
854 }
855 }
856 return tsg_print(buffer, length, " }");
857}
858
859static BOOL tsg_packet_versioncaps_to_string(char** buffer, size_t* length,
860 const TSG_PACKET_VERSIONCAPS* caps)
861{
862 WINPR_ASSERT(buffer);
863 WINPR_ASSERT(length);
864 WINPR_ASSERT(caps);
865
866 if (!tsg_print(buffer, length, "versioncaps { "))
867 return FALSE;
868 if (!tsg_packet_header_to_string(buffer, length, &caps->tsgHeader))
869 return FALSE;
870
871 if (!tsg_print(buffer, length, " "))
872 return FALSE;
873
874 if (caps->numCapabilities > 1)
875 {
876 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
877 caps->numCapabilities);
878 return FALSE;
879 }
880
881 if (!tsg_packet_capabilities_to_string(buffer, length, &caps->tsgCaps, caps->numCapabilities))
882 return FALSE;
883
884 if (!tsg_print(buffer, length,
885 " numCapabilities=0x%08" PRIx32 ", majorVersion=0x%04" PRIx16
886 ", minorVersion=0x%04" PRIx16 ", quarantineCapabilities=0x%04" PRIx16,
887 caps->numCapabilities, caps->majorVersion, caps->minorVersion,
888 caps->quarantineCapabilities))
889 return FALSE;
890
891 return tsg_print(buffer, length, " }");
892}
893
894static BOOL tsg_packet_quarconfigrequest_to_string(char** buffer, size_t* length,
895 const TSG_PACKET_QUARCONFIGREQUEST* caps)
896{
897 WINPR_ASSERT(buffer);
898 WINPR_ASSERT(length);
899 WINPR_ASSERT(caps);
900
901 if (!tsg_print(buffer, length, "quarconfigrequest { "))
902 return FALSE;
903
904 if (!tsg_print(buffer, length, " "))
905 return FALSE;
906
907 if (!tsg_print(buffer, length, " flags=0x%08" PRIx32, caps->flags))
908 return FALSE;
909
910 return tsg_print(buffer, length, " }");
911}
912
913static BOOL tsg_packet_quarrequest_to_string(char** buffer, size_t* length,
914 const TSG_PACKET_QUARREQUEST* caps)
915{
916 BOOL rc = FALSE;
917 char* name = NULL;
918 char* strdata = NULL;
919
920 WINPR_ASSERT(buffer);
921 WINPR_ASSERT(length);
922 WINPR_ASSERT(caps);
923
924 if (!tsg_print(buffer, length, "quarrequest { "))
925 return FALSE;
926
927 if (!tsg_print(buffer, length, " "))
928 return FALSE;
929
930 if (caps->nameLength > 0)
931 {
932 if (caps->nameLength > INT_MAX)
933 return FALSE;
934 name = ConvertWCharNToUtf8Alloc(caps->machineName, caps->nameLength, NULL);
935 if (!name)
936 return FALSE;
937 }
938
939 strdata = winpr_BinToHexString(caps->data, caps->dataLen, TRUE);
940 if (strdata || (caps->dataLen == 0))
941 rc = tsg_print(buffer, length,
942 " flags=0x%08" PRIx32 ", machineName=%s [%" PRIu32 "], data[%" PRIu32 "]=%s",
943 caps->flags, name, caps->nameLength, caps->dataLen, strdata);
944 free(name);
945 free(strdata);
946 if (!rc)
947 return FALSE;
948
949 return tsg_print(buffer, length, " }");
950}
951
952static const char* tsg_bool_to_string(BOOL val)
953{
954 if (val)
955 return "true";
956 return "false";
957}
958
959static const char* tsg_redirection_flags_to_string(char* buffer, size_t size,
960 const TSG_REDIRECTION_FLAGS* flags)
961{
962 WINPR_ASSERT(buffer || (size == 0));
963 WINPR_ASSERT(flags);
964
965 (void)_snprintf(
966 buffer, size,
967 "enableAllRedirections=%s, disableAllRedirections=%s, driveRedirectionDisabled=%s, "
968 "printerRedirectionDisabled=%s, portRedirectionDisabled=%s, reserved=%s, "
969 "clipboardRedirectionDisabled=%s, pnpRedirectionDisabled=%s",
970 tsg_bool_to_string(flags->enableAllRedirections),
971 tsg_bool_to_string(flags->disableAllRedirections),
972 tsg_bool_to_string(flags->driveRedirectionDisabled),
973 tsg_bool_to_string(flags->printerRedirectionDisabled),
974 tsg_bool_to_string(flags->portRedirectionDisabled), tsg_bool_to_string(flags->reserved),
975 tsg_bool_to_string(flags->clipboardRedirectionDisabled),
976 tsg_bool_to_string(flags->pnpRedirectionDisabled));
977 return buffer;
978}
979
980static BOOL tsg_packet_response_to_string(char** buffer, size_t* length,
981 const TSG_PACKET_RESPONSE* caps)
982{
983 BOOL rc = FALSE;
984 char* strdata = NULL;
985 char tbuffer[8192] = { 0 };
986
987 WINPR_ASSERT(buffer);
988 WINPR_ASSERT(length);
989 WINPR_ASSERT(caps);
990
991 if (!tsg_print(buffer, length, "response { "))
992 return FALSE;
993
994 if (!tsg_print(buffer, length, " "))
995 return FALSE;
996
997 strdata = winpr_BinToHexString(caps->responseData, caps->responseDataLen, TRUE);
998 if (strdata || (caps->responseDataLen == 0))
999 rc = tsg_print(
1000 buffer, length,
1001 " flags=0x%08" PRIx32 ", reserved=0x%08" PRIx32 ", responseData[%" PRIu32
1002 "]=%s, redirectionFlags={ %s }",
1003 caps->flags, caps->reserved, caps->responseDataLen, strdata,
1004 tsg_redirection_flags_to_string(tbuffer, ARRAYSIZE(tbuffer), &caps->redirectionFlags));
1005 free(strdata);
1006 if (!rc)
1007 return FALSE;
1008
1009 return tsg_print(buffer, length, " }");
1010}
1011
1012static BOOL tsg_packet_quarenc_response_to_string(char** buffer, size_t* length,
1013 const TSG_PACKET_QUARENC_RESPONSE* caps)
1014{
1015 BOOL rc = FALSE;
1016 char* strdata = NULL;
1017 RPC_CSTR uuid = NULL;
1018 char tbuffer[8192] = { 0 };
1019 size_t size = ARRAYSIZE(tbuffer);
1020 char* ptbuffer = tbuffer;
1021
1022 WINPR_ASSERT(buffer);
1023 WINPR_ASSERT(length);
1024 WINPR_ASSERT(caps);
1025
1026 if (!tsg_print(buffer, length, "quarenc_response { "))
1027 return FALSE;
1028
1029 if (!tsg_print(buffer, length, " "))
1030 return FALSE;
1031
1032 if (caps->certChainLen > 0)
1033 {
1034 if (caps->certChainLen > INT_MAX)
1035 return FALSE;
1036 strdata = ConvertWCharNToUtf8Alloc(caps->certChainData, caps->certChainLen, NULL);
1037 if (!strdata)
1038 return FALSE;
1039 }
1040
1041 tsg_packet_versioncaps_to_string(&ptbuffer, &size, &caps->versionCaps);
1042 UuidToStringA(&caps->nonce, &uuid);
1043 if (strdata || (caps->certChainLen == 0))
1044 rc =
1045 tsg_print(buffer, length,
1046 " flags=0x%08" PRIx32 ", certChain[%" PRIu32 "]=%s, nonce=%s, versionCaps=%s",
1047 caps->flags, caps->certChainLen, strdata, uuid, tbuffer);
1048 free(strdata);
1049 RpcStringFreeA(&uuid);
1050 if (!rc)
1051 return FALSE;
1052
1053 return tsg_print(buffer, length, " }");
1054}
1055
1056static BOOL tsg_packet_message_response_to_string(char** buffer, size_t* length,
1057 const TSG_PACKET_MSG_RESPONSE* caps)
1058{
1059 WINPR_ASSERT(buffer);
1060 WINPR_ASSERT(length);
1061 WINPR_ASSERT(caps);
1062
1063 if (!tsg_print(buffer, length, "msg_response { "))
1064 return FALSE;
1065
1066 if (!tsg_print(buffer, length,
1067 " msgID=0x%08" PRIx32 ", msgType=0x%08" PRIx32 ", isMsgPresent=%" PRId32,
1068 caps->msgID, caps->msgType, caps->isMsgPresent))
1069 return FALSE;
1070
1071 return tsg_print(buffer, length, " }");
1072}
1073
1074static BOOL tsg_packet_caps_response_to_string(char** buffer, size_t* length,
1075 const TSG_PACKET_CAPS_RESPONSE* caps)
1076{
1077 WINPR_ASSERT(buffer);
1078 WINPR_ASSERT(length);
1079 WINPR_ASSERT(caps);
1080
1081 if (!tsg_print(buffer, length, "caps_response { "))
1082 return FALSE;
1083
1084 if (!tsg_packet_quarenc_response_to_string(buffer, length, &caps->pktQuarEncResponse))
1085 return FALSE;
1086
1087 if (!tsg_packet_message_response_to_string(buffer, length, &caps->pktConsentMessage))
1088 return FALSE;
1089
1090 return tsg_print(buffer, length, " }");
1091}
1092
1093static BOOL tsg_packet_message_request_to_string(char** buffer, size_t* length,
1094 const TSG_PACKET_MSG_REQUEST* caps)
1095{
1096 WINPR_ASSERT(buffer);
1097 WINPR_ASSERT(length);
1098 WINPR_ASSERT(caps);
1099
1100 if (!tsg_print(buffer, length, "caps_message_request { "))
1101 return FALSE;
1102
1103 if (!tsg_print(buffer, length, " maxMessagesPerBatch=%" PRIu32, caps->maxMessagesPerBatch))
1104 return FALSE;
1105
1106 return tsg_print(buffer, length, " }");
1107}
1108
1109static BOOL tsg_packet_auth_to_string(char** buffer, size_t* length, const TSG_PACKET_AUTH* caps)
1110{
1111 BOOL rc = FALSE;
1112 char* strdata = NULL;
1113 WINPR_ASSERT(buffer);
1114 WINPR_ASSERT(length);
1115 WINPR_ASSERT(caps);
1116
1117 if (!tsg_print(buffer, length, "caps_message_request { "))
1118 return FALSE;
1119
1120 if (!tsg_packet_versioncaps_to_string(buffer, length, &caps->tsgVersionCaps))
1121 return FALSE;
1122
1123 strdata = winpr_BinToHexString(caps->cookie, caps->cookieLen, TRUE);
1124 if (strdata || (caps->cookieLen == 0))
1125 rc = tsg_print(buffer, length, " cookie[%" PRIu32 "]=%s", caps->cookieLen, strdata);
1126 free(strdata);
1127 if (!rc)
1128 return FALSE;
1129
1130 return tsg_print(buffer, length, " }");
1131}
1132
1133static BOOL tsg_packet_reauth_to_string(char** buffer, size_t* length,
1134 const TSG_PACKET_REAUTH* caps)
1135{
1136 BOOL rc = FALSE;
1137 WINPR_ASSERT(buffer);
1138 WINPR_ASSERT(length);
1139 WINPR_ASSERT(caps);
1140
1141 if (!tsg_print(buffer, length, "caps_message_request { "))
1142 return FALSE;
1143
1144 if (!tsg_print(buffer, length, " tunnelContext=0x%016" PRIx64 ", packetId=%s [0x%08" PRIx32 "]",
1145 caps->tunnelContext, tsg_packet_id_to_string(caps->packetId), caps->packetId))
1146 return FALSE;
1147
1148 switch (caps->packetId)
1149 {
1150 case TSG_PACKET_TYPE_VERSIONCAPS:
1151 rc = tsg_packet_versioncaps_to_string(buffer, length,
1152 &caps->tsgInitialPacket.packetVersionCaps);
1153 break;
1154 case TSG_PACKET_TYPE_AUTH:
1155 rc = tsg_packet_auth_to_string(buffer, length, &caps->tsgInitialPacket.packetAuth);
1156 break;
1157 default:
1158 rc = tsg_print(buffer, length, "TODO: Unhandled packet type %s [0x%08" PRIx32 "]",
1159 tsg_packet_id_to_string(caps->packetId), caps->packetId);
1160 break;
1161 }
1162
1163 if (!rc)
1164 return FALSE;
1165
1166 return tsg_print(buffer, length, " }");
1167}
1168
1169static const char* tsg_packet_to_string(const TSG_PACKET* packet)
1170{
1171 size_t len = 8192;
1172 static char sbuffer[8193] = { 0 };
1173 char* buffer = sbuffer;
1174
1175 if (!tsg_print(&buffer, &len, "TSG_PACKET { packetId=%s [0x%08" PRIx32 "], ",
1176 tsg_packet_id_to_string(packet->packetId), packet->packetId))
1177 goto fail;
1178
1179 switch (packet->packetId)
1180 {
1181 case TSG_PACKET_TYPE_HEADER:
1182 if (!tsg_packet_header_to_string(&buffer, &len, &packet->tsgPacket.packetHeader))
1183 goto fail;
1184 break;
1185 case TSG_PACKET_TYPE_VERSIONCAPS:
1186 if (!tsg_packet_versioncaps_to_string(&buffer, &len,
1187 &packet->tsgPacket.packetVersionCaps))
1188 goto fail;
1189 break;
1190 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
1191 if (!tsg_packet_quarconfigrequest_to_string(&buffer, &len,
1192 &packet->tsgPacket.packetQuarConfigRequest))
1193 goto fail;
1194 break;
1195 case TSG_PACKET_TYPE_QUARREQUEST:
1196 if (!tsg_packet_quarrequest_to_string(&buffer, &len,
1197 &packet->tsgPacket.packetQuarRequest))
1198 goto fail;
1199 break;
1200 case TSG_PACKET_TYPE_RESPONSE:
1201 if (!tsg_packet_response_to_string(&buffer, &len, &packet->tsgPacket.packetResponse))
1202 goto fail;
1203 break;
1204 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
1205 if (!tsg_packet_quarenc_response_to_string(&buffer, &len,
1206 &packet->tsgPacket.packetQuarEncResponse))
1207 goto fail;
1208 break;
1209 case TSG_PACKET_TYPE_CAPS_RESPONSE:
1210 if (!tsg_packet_caps_response_to_string(&buffer, &len,
1211 &packet->tsgPacket.packetCapsResponse))
1212 goto fail;
1213 break;
1214 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
1215 if (!tsg_packet_message_request_to_string(&buffer, &len,
1216 &packet->tsgPacket.packetMsgRequest))
1217 goto fail;
1218 break;
1219 case TSG_PACKET_TYPE_MESSAGE_PACKET:
1220 if (!tsg_packet_message_response_to_string(&buffer, &len,
1221 &packet->tsgPacket.packetMsgResponse))
1222 goto fail;
1223 break;
1224 case TSG_PACKET_TYPE_AUTH:
1225 if (!tsg_packet_auth_to_string(&buffer, &len, &packet->tsgPacket.packetAuth))
1226 goto fail;
1227 break;
1228 case TSG_PACKET_TYPE_REAUTH:
1229 if (!tsg_packet_reauth_to_string(&buffer, &len, &packet->tsgPacket.packetReauth))
1230 goto fail;
1231 break;
1232 default:
1233 if (!tsg_print(&buffer, &len, "INVALID"))
1234 goto fail;
1235 break;
1236 }
1237
1238 if (!tsg_print(&buffer, &len, " }"))
1239 goto fail;
1240
1241fail:
1242 return sbuffer;
1243}
1244
1245static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align)
1246{
1247 size_t pos = 0;
1248 size_t offset = 0;
1249
1250 if (!s)
1251 return FALSE;
1252
1253 pos = Stream_GetPosition(s);
1254
1255 if ((pos % align) != 0)
1256 offset = align - pos % align;
1257
1258 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, offset))
1259 return FALSE;
1260 Stream_Seek(s, offset);
1261 return TRUE;
1262}
1263
1264static BIO_METHOD* BIO_s_tsg(void);
1301static int TsProxySendToServer(handle_t IDL_handle, const byte pRpcMessage[], UINT32 count,
1302 const UINT32* lengths)
1303{
1304 wStream* s = NULL;
1305 rdpTsg* tsg = NULL;
1306 size_t length = 0;
1307 const byte* buffer1 = NULL;
1308 const byte* buffer2 = NULL;
1309 const byte* buffer3 = NULL;
1310 UINT32 buffer1Length = 0;
1311 UINT32 buffer2Length = 0;
1312 UINT32 buffer3Length = 0;
1313 UINT32 numBuffers = 0;
1314 UINT32 totalDataBytes = 0;
1315 tsg = (rdpTsg*)IDL_handle;
1316 buffer1Length = buffer2Length = buffer3Length = 0;
1317
1318 if (count > 0)
1319 {
1320 numBuffers++;
1321 buffer1 = &pRpcMessage[0];
1322 buffer1Length = lengths[0];
1323 totalDataBytes += lengths[0] + 4;
1324 }
1325
1326 if (count > 1)
1327 {
1328 numBuffers++;
1329 buffer2 = &pRpcMessage[1];
1330 buffer2Length = lengths[1];
1331 totalDataBytes += lengths[1] + 4;
1332 }
1333
1334 if (count > 2)
1335 {
1336 numBuffers++;
1337 buffer3 = &pRpcMessage[2];
1338 buffer3Length = lengths[2];
1339 totalDataBytes += lengths[2] + 4;
1340 }
1341
1342 length = 28ull + totalDataBytes;
1343 if (length > INT_MAX)
1344 return -1;
1345 s = Stream_New(NULL, length);
1346
1347 if (!s)
1348 {
1349 WLog_Print(tsg->log, WLOG_ERROR, "Stream_New failed!");
1350 return -1;
1351 }
1352
1353 /* PCHANNEL_CONTEXT_HANDLE_NOSERIALIZE_NR (20 bytes) */
1354 if (!TsProxyWriteTunnelContext(tsg->log, s, &tsg->ChannelContext))
1355 goto fail;
1356 Stream_Write_UINT32_BE(s, totalDataBytes); /* totalDataBytes (4 bytes) */
1357 Stream_Write_UINT32_BE(s, numBuffers); /* numBuffers (4 bytes) */
1358
1359 if (buffer1Length > 0)
1360 Stream_Write_UINT32_BE(s, buffer1Length); /* buffer1Length (4 bytes) */
1361
1362 if (buffer2Length > 0)
1363 Stream_Write_UINT32_BE(s, buffer2Length); /* buffer2Length (4 bytes) */
1364
1365 if (buffer3Length > 0)
1366 Stream_Write_UINT32_BE(s, buffer3Length); /* buffer3Length (4 bytes) */
1367
1368 if (buffer1Length > 0)
1369 Stream_Write(s, buffer1, buffer1Length); /* buffer1 (variable) */
1370
1371 if (buffer2Length > 0)
1372 Stream_Write(s, buffer2, buffer2Length); /* buffer2 (variable) */
1373
1374 if (buffer3Length > 0)
1375 Stream_Write(s, buffer3, buffer3Length); /* buffer3 (variable) */
1376
1377 if (!rpc_client_write_call(tsg->rpc, s, TsProxySendToServerOpnum))
1378 return -1;
1379
1380 return (int)length;
1381fail:
1382 Stream_Free(s, TRUE);
1383 return -1;
1384}
1385
1397static BOOL TsProxyCreateTunnelWriteRequest(rdpTsg* tsg, const TSG_PACKET* tsgPacket)
1398{
1399 BOOL rc = FALSE;
1400 BOOL write = TRUE;
1401 UINT16 opnum = 0;
1402 wStream* s = NULL;
1403 rdpRpc* rpc = NULL;
1404
1405 if (!tsg || !tsg->rpc)
1406 return FALSE;
1407
1408 rpc = tsg->rpc;
1409 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_to_string(tsgPacket));
1410 s = Stream_New(NULL, 108);
1411
1412 if (!s)
1413 return FALSE;
1414
1415 switch (tsgPacket->packetId)
1416 {
1417 case TSG_PACKET_TYPE_VERSIONCAPS:
1418 {
1419 UINT32 index = 0;
1420 const TSG_PACKET_VERSIONCAPS* packetVersionCaps =
1421 &tsgPacket->tsgPacket.packetVersionCaps;
1422
1423 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1424 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1425 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketVersionCapsPtr (4 bytes) */
1426 goto fail;
1427
1428 if (!tsg_ndr_write_version_caps(tsg->log, s, &index, packetVersionCaps))
1429 goto fail;
1434 /*
1435 * 8-byte constant (8A E3 13 71 02 F4 36 71) also observed here:
1436 * http://lists.samba.org/archive/cifs-protocol/2010-July/001543.html
1437 */
1438 Stream_Write_UINT8(s, 0x8A);
1439 Stream_Write_UINT8(s, 0xE3);
1440 Stream_Write_UINT8(s, 0x13);
1441 Stream_Write_UINT8(s, 0x71);
1442 Stream_Write_UINT8(s, 0x02);
1443 Stream_Write_UINT8(s, 0xF4);
1444 Stream_Write_UINT8(s, 0x36);
1445 Stream_Write_UINT8(s, 0x71);
1446 Stream_Write_UINT32(s, 0x00040001); /* 1.4 (version?) */
1447 Stream_Write_UINT32(s, 0x00000001); /* 1 (element count?) */
1448 /* p_cont_list_t */
1449 Stream_Write_UINT8(s, 2); /* ncontext_elem */
1450 Stream_Write_UINT8(s, 0x40); /* reserved1 */
1451 Stream_Write_UINT16(s, 0x0028); /* reserved2 */
1452 /* p_syntax_id_t */
1453 Stream_Write(s, &TSGU_UUID, sizeof(p_uuid_t));
1454 Stream_Write_UINT32(s, TSGU_SYNTAX_IF_VERSION);
1455 /* p_syntax_id_t */
1456 Stream_Write(s, &NDR_UUID, sizeof(p_uuid_t));
1457 Stream_Write_UINT32(s, NDR_SYNTAX_IF_VERSION);
1458 opnum = TsProxyCreateTunnelOpnum;
1459 }
1460 break;
1461
1462 case TSG_PACKET_TYPE_REAUTH:
1463 {
1464 const TSG_PACKET_REAUTH* packetReauth = &tsgPacket->tsgPacket.packetReauth;
1465 UINT32 index = 0;
1466 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1467 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1468 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketReauthPtr (4 bytes) */
1469 goto fail;
1470 if (!tsg_ndr_write_reauth(tsg->log, s, &index, packetReauth))
1471 goto fail;
1472 opnum = TsProxyCreateTunnelOpnum;
1473 }
1474 break;
1475
1476 default:
1477 WLog_Print(tsg->log, WLOG_WARN, "unexpected packetId %s",
1478 tsg_packet_id_to_string(tsgPacket->packetId));
1479 write = FALSE;
1480 break;
1481 }
1482
1483 rc = TRUE;
1484
1485 if (write)
1486 return rpc_client_write_call(rpc, s, opnum);
1487fail:
1488 Stream_Free(s, TRUE);
1489 return rc;
1490}
1491
1492static BOOL tsg_ndr_read_consent_message(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1493 BOOL isMessagePresent)
1494{
1495 TSG_PACKET_STRING_MESSAGE packetStringMessage = { 0 };
1496
1497 WINPR_ASSERT(context);
1498 WINPR_ASSERT(index);
1499
1500 if (!TsProxyReadPacketSTringMessage(log, s, index, &packetStringMessage))
1501 return FALSE;
1502
1503 if (context->instance && isMessagePresent)
1504 {
1505 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1506 TSG_ASYNC_MESSAGE_CONSENT_MESSAGE ? GATEWAY_MESSAGE_CONSENT
1507 : TSG_ASYNC_MESSAGE_SERVICE_MESSAGE,
1508 packetStringMessage.isDisplayMandatory != 0,
1509 packetStringMessage.isConsentMandatory != 0,
1510 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1511 }
1512
1513 return TRUE;
1514}
1515
1516static BOOL tsg_ndr_read_tunnel_context(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext,
1517 UINT32* tunnelId)
1518{
1519 if (!tsg_stream_align(log, s, 4))
1520 return FALSE;
1521
1522 /* TunnelContext (20 bytes) */
1523 if (!TsProxyReadTunnelContext(log, s, tunnelContext))
1524 return FALSE;
1525
1526 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1527 return FALSE;
1528
1529 WINPR_ASSERT(tunnelId);
1530 Stream_Read_UINT32(s, *tunnelId); /* TunnelId (4 bytes) */
1531
1532 INT32 ReturnValue = 0;
1533 Stream_Read_INT32(s, ReturnValue); /* ReturnValue (4 bytes) */
1534 if (ReturnValue != NO_ERROR)
1535 WLog_WARN(TAG, "ReturnValue=%s", NtStatus2Tag(ReturnValue));
1536 return TRUE;
1537}
1538
1539static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(wLog* log, wStream* s,
1540 TSG_PACKET_MSG_RESPONSE* pkt)
1541{
1542
1543 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 16))
1544 return FALSE;
1545
1546 Stream_Read_UINT32(s, pkt->msgID); /* MsgId (4 bytes) */
1547 Stream_Read_UINT32(s, pkt->msgType); /* MsgType (4 bytes) */
1548 Stream_Read_INT32(s, pkt->isMsgPresent); /* IsMsgPresent (4 bytes) */
1549 const uint32_t SwitchValue = Stream_Get_UINT32(s); /* SwitchValue (4 bytes) */
1550
1551 if (pkt->msgType != SwitchValue)
1552 {
1553 WLog_ERR(TAG,
1554 "[MS-TSGU] 2.2.9.2.1.9 TSG_PACKET_MSG_RESPONSE MsgType[0x%08" PRIx32
1555 "] != MessageSwitchValue [0x%08" PRIx32 "]",
1556 pkt->msgType, SwitchValue);
1557 return FALSE;
1558 }
1559
1560 return TRUE;
1561}
1562
1563static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(wLog* log, rdpContext* context, wStream* s,
1564 uint32_t* index, uint32_t MsgPtr,
1565 const TSG_PACKET_MSG_RESPONSE* pkg,
1566 uint64_t* reauthContext)
1567{
1568 WINPR_ASSERT(pkg);
1569
1570 if (MsgPtr == 0)
1571 {
1572 WLog_Print(log, WLOG_DEBUG,
1573 "Message {0x%08" PRIx32 "} [%s]::isMsgPresent=%" PRId32 ", MsgPtr=0x%08" PRIx32,
1574 pkg->msgType, tsg_packet_id_to_string(pkg->msgType), pkg->isMsgPresent, MsgPtr);
1575 return TRUE;
1576 }
1577
1578 switch (pkg->msgType)
1579 {
1580 case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
1581 case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
1582 return tsg_ndr_read_consent_message(log, context, s, index, pkg->isMsgPresent);
1583
1584 case TSG_ASYNC_MESSAGE_REAUTH:
1585 {
1586 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1587 return FALSE;
1588
1589 WINPR_ASSERT(reauthContext);
1590 const uint64_t val = Stream_Get_UINT64(s); /* TunnelContext (8 bytes) */
1591 if (pkg->isMsgPresent != 0)
1592 *reauthContext = val;
1593 return TRUE;
1594 }
1595
1596 default:
1597 WLog_Print(log, WLOG_ERROR, "Unexpected Message Type: 0x%" PRIx32 "", pkg->msgType);
1598 return FALSE;
1599 }
1600}
1601
1602static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1603 UINT32 PacketPtr, TSG_PACKET_CAPS_RESPONSE* caps,
1604 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId,
1605 uint64_t* reauthContext)
1606{
1607 UINT32 PacketQuarResponsePtr = 0;
1608
1609 WINPR_ASSERT(context);
1610 WINPR_ASSERT(index);
1611 WINPR_ASSERT(caps);
1612 WINPR_ASSERT(reauthContext);
1613
1614 if (!tsg_ndr_pointer_read(log, s, index, &PacketQuarResponsePtr, TRUE))
1615 goto fail;
1616
1617 if (!tsg_ndr_read_quarenc_response(log, s, index, &caps->pktQuarEncResponse))
1618 goto fail;
1619
1620 if (PacketPtr)
1621 {
1622 TSG_PACKET_MSG_RESPONSE pkg = { 0 };
1623 UINT32 MsgPtr = 0;
1624
1625 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(log, s, &pkg))
1626 goto fail;
1627
1628 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, TRUE))
1629 return FALSE;
1630
1631 if (!tsg_ndr_read_quarenc_data(log, s, index, &caps->pktQuarEncResponse))
1632 goto fail;
1633
1634 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(log, context, s, index, MsgPtr, &pkg,
1635 reauthContext))
1636 goto fail;
1637 }
1638
1639 return tsg_ndr_read_tunnel_context(log, s, tunnelContext, tunnelId);
1640fail:
1641 return FALSE;
1642}
1643
1644static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu,
1645 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId)
1646{
1647 BOOL rc = FALSE;
1648 UINT32 index = 0;
1649 TSG_PACKET packet = { 0 };
1650 UINT32 SwitchValue = 0;
1651 rdpContext* context = NULL;
1652 UINT32 PacketPtr = 0;
1653
1654 WINPR_ASSERT(tsg);
1655 WINPR_ASSERT(tsg->rpc);
1656 WINPR_ASSERT(tsg->rpc->transport);
1657
1658 context = transport_get_context(tsg->rpc->transport);
1659 WINPR_ASSERT(context);
1660
1661 if (!pdu)
1662 return FALSE;
1663
1664 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1665 goto fail;
1666
1667 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 8))
1668 goto fail;
1669 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1670 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1671
1672 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1673
1674 if ((packet.packetId == TSG_PACKET_TYPE_CAPS_RESPONSE) &&
1675 (SwitchValue == TSG_PACKET_TYPE_CAPS_RESPONSE))
1676 {
1677 if (!tsg_ndr_read_caps_response(tsg->log, context, pdu->s, &index, PacketPtr,
1678 &packet.tsgPacket.packetCapsResponse, tunnelContext,
1679 tunnelId, &tsg->ReauthTunnelContext))
1680 goto fail;
1681 }
1682 else if ((packet.packetId == TSG_PACKET_TYPE_QUARENC_RESPONSE) &&
1683 (SwitchValue == TSG_PACKET_TYPE_QUARENC_RESPONSE))
1684 {
1685 UINT32 PacketQuarResponsePtr = 0;
1686
1687 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketQuarResponsePtr, TRUE))
1688 goto fail;
1689
1690 if (!tsg_ndr_read_quarenc_response(tsg->log, pdu->s, &index,
1691 &packet.tsgPacket.packetQuarEncResponse))
1692 goto fail;
1693
1694 if (!tsg_ndr_read_quarenc_data(tsg->log, pdu->s, &index,
1695 &packet.tsgPacket.packetQuarEncResponse))
1696 goto fail;
1697
1698 if (!tsg_ndr_read_tunnel_context(tsg->log, pdu->s, tunnelContext, tunnelId))
1699 goto fail;
1700 }
1701 else
1702 {
1703 WLog_Print(tsg->log, WLOG_ERROR,
1704 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_CAPS_RESPONSE "
1705 "or TSG_PACKET_TYPE_QUARENC_RESPONSE",
1706 packet.packetId);
1707 goto fail;
1708 }
1709
1710 const size_t rem = Stream_GetRemainingLength(pdu->s);
1711 if (rem != 0)
1712 {
1713 WLog_Print(tsg->log, WLOG_WARN, "Partially parsed %s, %" PRIuz " bytes remain",
1714 tsg_packet_id_to_string(packet.packetId), rem);
1715 }
1716 rc = TRUE;
1717fail:
1718 return rc;
1719}
1720
1732static BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
1733{
1734 size_t pad = 0;
1735 wStream* s = NULL;
1736 size_t count = 0;
1737 size_t offset = 0;
1738 rdpRpc* rpc = NULL;
1739
1740 if (!tsg || !tsg->rpc || !tunnelContext || !tsg->MachineName)
1741 return FALSE;
1742
1743 count = _wcslen(tsg->MachineName) + 1;
1744 if (count > UINT32_MAX)
1745 return FALSE;
1746
1747 rpc = tsg->rpc;
1748 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyAuthorizeTunnelWriteRequest");
1749 s = Stream_New(NULL, 1024 + count * 2);
1750
1751 if (!s)
1752 return FALSE;
1753
1754 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1755 {
1756 Stream_Free(s, TRUE);
1757 return FALSE;
1758 }
1759
1760 /* 4-byte alignment */
1761 UINT32 index = 0;
1762 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* PacketId (4 bytes) */
1763 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* SwitchValue (4 bytes) */
1764 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketQuarRequestPtr (4 bytes) */
1765 goto fail;
1766 Stream_Write_UINT32(s, 0x00000000); /* Flags (4 bytes) */
1767 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* MachineNamePtr (4 bytes) */
1768 goto fail;
1769 Stream_Write_UINT32(s, (UINT32)count); /* NameLength (4 bytes) */
1770 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* DataPtr (4 bytes) */
1771 goto fail;
1772 Stream_Write_UINT32(s, 0); /* DataLength (4 bytes) */
1773 /* MachineName */
1774 if (!tsg_ndr_write_string(tsg->log, s, tsg->MachineName, count))
1775 goto fail;
1776 /* 4-byte alignment */
1777 offset = Stream_GetPosition(s);
1778 pad = rpc_offset_align(&offset, 4);
1779 Stream_Zero(s, pad);
1780 Stream_Write_UINT32(s, 0x00000000); /* MaxCount (4 bytes) */
1781 Stream_SealLength(s);
1782 return rpc_client_write_call(rpc, s, TsProxyAuthorizeTunnelOpnum);
1783fail:
1784 Stream_Free(s, TRUE);
1785 return FALSE;
1786}
1787
1788static UINT32 tsg_redir_to_flags(const TSG_REDIRECTION_FLAGS* redirect)
1789{
1790 UINT32 flags = 0;
1791 if (redirect->enableAllRedirections)
1792 flags |= HTTP_TUNNEL_REDIR_ENABLE_ALL;
1793 if (redirect->disableAllRedirections)
1794 flags |= HTTP_TUNNEL_REDIR_DISABLE_ALL;
1795
1796 if (redirect->driveRedirectionDisabled)
1797 flags |= HTTP_TUNNEL_REDIR_DISABLE_DRIVE;
1798 if (redirect->printerRedirectionDisabled)
1799 flags |= HTTP_TUNNEL_REDIR_DISABLE_PRINTER;
1800 if (redirect->portRedirectionDisabled)
1801 flags |= HTTP_TUNNEL_REDIR_DISABLE_PORT;
1802 if (redirect->clipboardRedirectionDisabled)
1803 flags |= HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD;
1804 if (redirect->pnpRedirectionDisabled)
1805 flags |= HTTP_TUNNEL_REDIR_DISABLE_PNP;
1806 return flags;
1807}
1808
1809static BOOL tsg_redirect_apply(rdpTsg* tsg, const TSG_REDIRECTION_FLAGS* redirect)
1810{
1811 WINPR_ASSERT(tsg);
1812 WINPR_ASSERT(redirect);
1813
1814 rdpTransport* transport = tsg->transport;
1815 WINPR_ASSERT(transport);
1816
1817 rdpContext* context = transport_get_context(transport);
1818 UINT32 redirFlags = tsg_redir_to_flags(redirect);
1819 return utils_apply_gateway_policy(tsg->log, context, redirFlags, "TSG");
1820}
1821
1822static BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
1823{
1824 BOOL rc = FALSE;
1825 UINT32 SwitchValue = 0;
1826 UINT32 index = 0;
1827 TSG_PACKET packet = { 0 };
1828 UINT32 PacketPtr = 0;
1829 UINT32 PacketResponsePtr = 0;
1830
1831 WINPR_ASSERT(tsg);
1832 WINPR_ASSERT(pdu);
1833
1834 wLog* log = tsg->log;
1835 WINPR_ASSERT(log);
1836
1837 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketPtr, TRUE))
1838 goto fail;
1839
1840 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
1841 goto fail;
1842 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1843 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1844
1845 WLog_Print(log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1846
1847 if (packet.packetId == E_PROXY_NAP_ACCESSDENIED)
1848 {
1849 WLog_Print(log, WLOG_ERROR, "status: E_PROXY_NAP_ACCESSDENIED (0x%08X)",
1850 E_PROXY_NAP_ACCESSDENIED);
1851 WLog_Print(log, WLOG_ERROR,
1852 "Ensure that the Gateway Connection Authorization Policy is correct");
1853 goto fail;
1854 }
1855
1856 if ((packet.packetId != TSG_PACKET_TYPE_RESPONSE) || (SwitchValue != TSG_PACKET_TYPE_RESPONSE))
1857 {
1858 WLog_Print(log, WLOG_ERROR,
1859 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_RESPONSE",
1860 packet.packetId);
1861 goto fail;
1862 }
1863
1864 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketResponsePtr, TRUE))
1865 goto fail;
1866
1867 if (!tsg_ndr_read_packet_response(log, pdu->s, &index, &packet.tsgPacket.packetResponse))
1868 goto fail;
1869
1870 rc = TRUE;
1871
1872 if (packet.tsgPacket.packetResponse.flags & TSG_PACKET_TYPE_QUARREQUEST)
1873 rc = tsg_redirect_apply(tsg, &packet.tsgPacket.packetResponse.redirectionFlags);
1874fail:
1875 return rc;
1876}
1877
1889static BOOL TsProxyMakeTunnelCallWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext,
1890 UINT32 procId)
1891{
1892 wStream* s = NULL;
1893 rdpRpc* rpc = NULL;
1894
1895 if (!tsg || !tsg->rpc || !tunnelContext)
1896 return FALSE;
1897
1898 rpc = tsg->rpc;
1899 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyMakeTunnelCallWriteRequest");
1900 s = Stream_New(NULL, 40);
1901
1902 if (!s)
1903 return FALSE;
1904
1905 /* TunnelContext (20 bytes) */
1906 UINT32 index = 0;
1907 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1908 goto fail;
1909 Stream_Write_UINT32(s, procId); /* ProcId (4 bytes) */
1910 /* 4-byte alignment */
1911 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* PacketId (4 bytes) */
1912 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* SwitchValue (4 bytes) */
1913 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketMsgRequestPtr (4 bytes) */
1914 goto fail;
1915 Stream_Write_UINT32(s, 0x00000001); /* MaxMessagesPerBatch (4 bytes) */
1916 return rpc_client_write_call(rpc, s, TsProxyMakeTunnelCallOpnum);
1917fail:
1918 Stream_Free(s, TRUE);
1919 return FALSE;
1920}
1921
1922static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
1923 TSG_PACKET_STRING_MESSAGE* msg)
1924{
1925 UINT32 MsgPtr = 0;
1926
1927 WINPR_ASSERT(msg);
1928
1929 const TSG_PACKET_STRING_MESSAGE empty = { 0 };
1930 *msg = empty;
1931
1932 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
1933 return FALSE;
1934
1935 Stream_Read_INT32(s, msg->isDisplayMandatory); /* IsDisplayMandatory (4 bytes) */
1936 Stream_Read_INT32(s, msg->isConsentMandatory); /* IsConsentMandatory (4 bytes) */
1937 Stream_Read_UINT32(s, msg->msgBytes); /* MsgBytes (4 bytes) */
1938
1939 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, msg->msgBytes != 0))
1940 return FALSE;
1941
1942 if (msg->msgBytes > TSG_MESSAGING_MAX_MESSAGE_LENGTH)
1943 {
1944 WLog_Print(log, WLOG_ERROR, "Out of Spec Message Length %" PRIu32 "", msg->msgBytes);
1945 return FALSE;
1946 }
1947
1948 if (msg->msgBytes == 0)
1949 {
1950 WLog_Print(log, WLOG_DEBUG, "Empty message, skipping string read");
1951 return TRUE;
1952 }
1953
1954 return tsg_ndr_read_string(log, s, &msg->msgBuffer, msg->msgBytes);
1955}
1956
1957static BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
1958{
1959 BOOL rc = FALSE;
1960 UINT32 index = 0;
1961 TSG_PACKET packet = { 0 };
1962 rdpContext* context = NULL;
1963 TSG_PACKET_MSG_RESPONSE packetMsgResponse = { 0 };
1964 UINT32 PacketPtr = 0;
1965 UINT32 PacketMsgResponsePtr = 0;
1966
1967 WINPR_ASSERT(tsg);
1968 WINPR_ASSERT(tsg->rpc);
1969
1970 context = transport_get_context(tsg->rpc->transport);
1971 WINPR_ASSERT(context);
1972
1973 /* This is an asynchronous response */
1974
1975 if (!pdu)
1976 return FALSE;
1977
1978 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 28))
1979 goto fail;
1980
1981 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1982 goto fail;
1983
1984 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1985 const uint32_t SwitchValue = Stream_Get_UINT32(pdu->s); /* SwitchValue (4 bytes) */
1986
1987 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1988
1989 if ((packet.packetId != TSG_PACKET_TYPE_MESSAGE_PACKET) || (packet.packetId != SwitchValue))
1990 {
1991 WLog_Print(tsg->log, WLOG_ERROR,
1992 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_MESSAGE_PACKET",
1993 packet.packetId);
1994 goto fail;
1995 }
1996
1997 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketMsgResponsePtr, TRUE))
1998 goto fail;
1999
2000 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(tsg->log, pdu->s, &packetMsgResponse))
2001 goto fail;
2002
2003 UINT32 MessagePtr = 0;
2004 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &MessagePtr, TRUE))
2005 goto fail;
2006
2007 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(tsg->log, context, pdu->s, &index, MessagePtr,
2008 &packetMsgResponse, &tsg->ReauthTunnelContext))
2009 goto fail;
2010
2011 rc = TRUE;
2012fail:
2013 return rc;
2014}
2015
2027static BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
2028{
2029 WINPR_ASSERT(tsg);
2030 WINPR_ASSERT(tunnelContext);
2031
2032 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCreateChannelWriteRequest");
2033
2034 if (!tsg->rpc || !tsg->Hostname)
2035 return FALSE;
2036
2037 rdpRpc* rpc = tsg->rpc;
2038 const size_t count = _wcslen(tsg->Hostname) + 1;
2039 if (count > UINT32_MAX)
2040 return FALSE;
2041
2042 wStream* s = Stream_New(NULL, 60 + count * 2);
2043 if (!s)
2044 return FALSE;
2045
2046 /* TunnelContext (20 bytes) */
2047 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2048 goto fail;
2049
2050 /* TSENDPOINTINFO */
2051 UINT32 index = 0;
2052 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2053 goto fail;
2054 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2055 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 0))
2056 goto fail;
2057 Stream_Write_UINT16(s, 0x0000); /* NumAlternateResourceNames (2 bytes) */
2058 Stream_Write_UINT16(s, 0x0000); /* Pad (2 bytes) */
2059 /* Port (4 bytes) */
2060 Stream_Write_UINT16(s, 0x0003); /* ProtocolId (RDP = 3) (2 bytes) */
2061 Stream_Write_UINT16(s, tsg->Port); /* PortNumber (0xD3D = 3389) (2 bytes) */
2062 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2063 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2064 goto fail;
2065 if (!tsg_ndr_write_string(tsg->log, s, tsg->Hostname, (UINT32)count))
2066 goto fail;
2067 return rpc_client_write_call(rpc, s, TsProxyCreateChannelOpnum);
2068
2069fail:
2070 Stream_Free(s, TRUE);
2071 return FALSE;
2072}
2073
2074static BOOL TsProxyCreateChannelReadResponse(wLog* log, const RPC_PDU* pdu,
2075 CONTEXT_HANDLE* channelContext, UINT32* channelId)
2076{
2077 BOOL rc = FALSE;
2078
2079 WINPR_ASSERT(log);
2080 WINPR_ASSERT(pdu);
2081 WINPR_ASSERT(channelId);
2082
2083 WLog_Print(log, WLOG_DEBUG, "TsProxyCreateChannelReadResponse");
2084
2085 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 28))
2086 goto fail;
2087
2088 /* ChannelContext (20 bytes) */
2089 if (!TsProxyReadTunnelContext(log, pdu->s, channelContext))
2090 goto fail;
2091 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, pdu->s, 2, sizeof(UINT32)))
2092 goto fail;
2093 Stream_Read_UINT32(pdu->s, *channelId); /* ChannelId (4 bytes) */
2094 Stream_Seek_UINT32(pdu->s); /* ReturnValue (4 bytes) */
2095 rc = TRUE;
2096fail:
2097 return rc;
2098}
2099
2106static BOOL TsProxyCloseChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* context)
2107{
2108 WINPR_ASSERT(tsg);
2109 WINPR_ASSERT(context);
2110
2111 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseChannelWriteRequest");
2112
2113 rdpRpc* rpc = tsg->rpc;
2114 WINPR_ASSERT(rpc);
2115
2116 wStream* s = Stream_New(NULL, 20);
2117
2118 if (!s)
2119 return FALSE;
2120
2121 /* ChannelContext (20 bytes) */
2122 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2123 goto fail;
2124 return rpc_client_write_call(rpc, s, TsProxyCloseChannelOpnum);
2125fail:
2126 Stream_Free(s, TRUE);
2127 return FALSE;
2128}
2129
2130static BOOL TsProxyCloseChannelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2131{
2132 BOOL rc = FALSE;
2133 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseChannelReadResponse");
2134
2135 if (!pdu)
2136 return FALSE;
2137
2138 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2139 goto fail;
2140
2141 /* ChannelContext (20 bytes) */
2142 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2143 goto fail;
2144
2145 {
2146 const size_t len = sizeof(UINT32);
2147 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2148 goto fail;
2149 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2150 rc = TRUE;
2151 }
2152fail:
2153 return rc;
2154}
2155
2162static BOOL TsProxyCloseTunnelWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* context)
2163{
2164 WINPR_ASSERT(tsg);
2165 WINPR_ASSERT(context);
2166
2167 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseTunnelWriteRequest");
2168
2169 rdpRpc* rpc = tsg->rpc;
2170 WINPR_ASSERT(rpc);
2171
2172 wStream* s = Stream_New(NULL, 20);
2173
2174 if (!s)
2175 return FALSE;
2176
2177 /* TunnelContext (20 bytes) */
2178 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2179 goto fail;
2180 return rpc_client_write_call(rpc, s, TsProxyCloseTunnelOpnum);
2181fail:
2182 Stream_Free(s, TRUE);
2183 return FALSE;
2184}
2185
2186static BOOL TsProxyCloseTunnelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2187{
2188 BOOL rc = FALSE;
2189
2190 WINPR_ASSERT(log);
2191 WINPR_ASSERT(pdu);
2192 WINPR_ASSERT(context);
2193
2194 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseTunnelReadResponse");
2195
2196 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2197 goto fail;
2198
2199 /* TunnelContext (20 bytes) */
2200 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2201 goto fail;
2202 {
2203 const size_t len = sizeof(UINT32);
2204 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2205 goto fail;
2206 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2207 rc = TRUE;
2208 }
2209fail:
2210 return rc;
2211}
2212
2221static BOOL TsProxySetupReceivePipeWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* channelContext)
2222{
2223 wStream* s = NULL;
2224 rdpRpc* rpc = NULL;
2225 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxySetupReceivePipeWriteRequest");
2226
2227 WINPR_ASSERT(tsg);
2228 WINPR_ASSERT(tsg->rpc);
2229
2230 if (!channelContext)
2231 return FALSE;
2232
2233 rpc = tsg->rpc;
2234 s = Stream_New(NULL, 20);
2235
2236 if (!s)
2237 return FALSE;
2238
2239 /* ChannelContext (20 bytes) */
2240 if (!TsProxyWriteTunnelContext(tsg->log, s, channelContext))
2241 goto fail;
2242 return rpc_client_write_call(rpc, s, TsProxySetupReceivePipeOpnum);
2243fail:
2244 Stream_Free(s, TRUE);
2245 return FALSE;
2246}
2247
2248static BOOL tsg_transition_to_state(rdpTsg* tsg, TSG_STATE state)
2249{
2250 WINPR_ASSERT(tsg);
2251 const char* oldState = tsg_state_to_string(tsg->state);
2252 const char* newState = tsg_state_to_string(state);
2253
2254 WLog_Print(tsg->log, WLOG_DEBUG, "%s -> %s", oldState, newState);
2255 return tsg_set_state(tsg, state);
2256}
2257
2258static BOOL tsg_initialize_version_caps(TSG_PACKET_VERSIONCAPS* packetVersionCaps)
2259{
2260 WINPR_ASSERT(packetVersionCaps);
2261
2262 packetVersionCaps->tsgHeader.ComponentId = TS_GATEWAY_TRANSPORT;
2263 packetVersionCaps->tsgHeader.PacketId = TSG_PACKET_TYPE_VERSIONCAPS;
2264 packetVersionCaps->numCapabilities = 1;
2265 packetVersionCaps->majorVersion = 1;
2266 packetVersionCaps->minorVersion = 1;
2267 packetVersionCaps->quarantineCapabilities = 0;
2268 packetVersionCaps->tsgCaps.capabilityType = TSG_CAPABILITY_TYPE_NAP;
2269 /*
2270 * Using reduced capabilities appears to trigger
2271 * TSG_PACKET_TYPE_QUARENC_RESPONSE instead of TSG_PACKET_TYPE_CAPS_RESPONSE
2272 *
2273 * However, reduced capabilities may break connectivity with servers enforcing features, such as
2274 * "Only allow connections from Remote Desktop Services clients that support RD Gateway
2275 * messaging"
2276 */
2277
2278 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities =
2279 TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT |
2280 TSG_MESSAGING_CAP_CONSENT_SIGN | TSG_MESSAGING_CAP_SERVICE_MSG | TSG_MESSAGING_CAP_REAUTH;
2281 return TRUE;
2282}
2283
2284BOOL tsg_proxy_begin(rdpTsg* tsg)
2285{
2286 TSG_PACKET tsgPacket = { 0 };
2287
2288 WINPR_ASSERT(tsg);
2289
2290 tsgPacket.packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2291 if (!tsg_initialize_version_caps(&tsgPacket.tsgPacket.packetVersionCaps) ||
2292 !TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2293 {
2294 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2295 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2296 return FALSE;
2297 }
2298
2299 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2300}
2301
2302static BOOL tsg_proxy_reauth(rdpTsg* tsg)
2303{
2304 TSG_PACKET tsgPacket = { 0 };
2305
2306 WINPR_ASSERT(tsg);
2307
2308 tsg->reauthSequence = TRUE;
2309 TSG_PACKET_REAUTH* packetReauth = &tsgPacket.tsgPacket.packetReauth;
2310
2311 tsgPacket.packetId = TSG_PACKET_TYPE_REAUTH;
2312 packetReauth->tunnelContext = tsg->ReauthTunnelContext;
2313 packetReauth->packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2314
2315 if (!tsg_initialize_version_caps(&packetReauth->tsgInitialPacket.packetVersionCaps))
2316 return FALSE;
2317
2318 if (!TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2319 {
2320 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2321 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2322 return FALSE;
2323 }
2324
2325 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2326 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2327 {
2328 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2329 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2330 return FALSE;
2331 }
2332
2333 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2334}
2335
2336BOOL tsg_recv_pdu(rdpTsg* tsg, const RPC_PDU* pdu)
2337{
2338 BOOL rc = FALSE;
2339 RpcClientCall* call = NULL;
2340 rdpRpc* rpc = NULL;
2341
2342 WINPR_ASSERT(tsg);
2343 WINPR_ASSERT(pdu);
2344 WINPR_ASSERT(tsg->rpc);
2345
2346 rpc = tsg->rpc;
2347
2348 if (!(pdu->Flags & RPC_PDU_FLAG_STUB))
2349 {
2350 const size_t len = 24;
2351 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, len))
2352 return FALSE;
2353 Stream_Seek(pdu->s, len);
2354 }
2355
2356 switch (tsg->state)
2357 {
2358 case TSG_STATE_INITIAL:
2359 {
2360 CONTEXT_HANDLE* TunnelContext = NULL;
2361 TunnelContext = (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2362
2363 if (!TsProxyCreateTunnelReadResponse(tsg, pdu, TunnelContext, &tsg->TunnelId))
2364 {
2365 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnelReadResponse failure");
2366 return FALSE;
2367 }
2368
2369 if (!tsg_transition_to_state(tsg, TSG_STATE_CONNECTED))
2370 return FALSE;
2371
2372 if (!TsProxyAuthorizeTunnelWriteRequest(tsg, TunnelContext))
2373 {
2374 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnel failure");
2375 return FALSE;
2376 }
2377
2378 rc = TRUE;
2379 }
2380 break;
2381
2382 case TSG_STATE_CONNECTED:
2383 {
2384 CONTEXT_HANDLE* TunnelContext =
2385 (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2386
2387 if (!TsProxyAuthorizeTunnelReadResponse(tsg, pdu))
2388 {
2389 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnelReadResponse failure");
2390 return FALSE;
2391 }
2392
2393 if (!tsg_transition_to_state(tsg, TSG_STATE_AUTHORIZED))
2394 return FALSE;
2395
2396 if (!tsg->reauthSequence)
2397 {
2398 if (!TsProxyMakeTunnelCallWriteRequest(tsg, TunnelContext,
2399 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2400 {
2401 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2402 return FALSE;
2403 }
2404 }
2405
2406 if (!TsProxyCreateChannelWriteRequest(tsg, TunnelContext))
2407 {
2408 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannel failure");
2409 return FALSE;
2410 }
2411
2412 rc = TRUE;
2413 }
2414 break;
2415
2416 case TSG_STATE_AUTHORIZED:
2417 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2418
2419 if (!call)
2420 return FALSE;
2421
2422 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2423 {
2424 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2425 {
2426 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2427 return FALSE;
2428 }
2429
2430 rc = TRUE;
2431 }
2432 else if (call->OpNum == TsProxyCreateChannelOpnum)
2433 {
2434 CONTEXT_HANDLE ChannelContext;
2435
2436 if (!TsProxyCreateChannelReadResponse(tsg->log, pdu, &ChannelContext,
2437 &tsg->ChannelId))
2438 {
2439 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannelReadResponse failure");
2440 return FALSE;
2441 }
2442
2443 if (!tsg->reauthSequence)
2444 CopyMemory(&tsg->ChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2445 else
2446 CopyMemory(&tsg->NewChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2447
2448 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CREATED))
2449 return FALSE;
2450
2451 if (!tsg->reauthSequence)
2452 {
2453 if (!TsProxySetupReceivePipeWriteRequest(tsg, &tsg->ChannelContext))
2454 {
2455 WLog_Print(tsg->log, WLOG_ERROR, "TsProxySetupReceivePipe failure");
2456 return FALSE;
2457 }
2458 }
2459 else
2460 {
2461 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->NewChannelContext))
2462 {
2463 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2464 return FALSE;
2465 }
2466
2467 if (!TsProxyCloseTunnelWriteRequest(tsg, &tsg->NewTunnelContext))
2468 {
2469 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelWriteRequest failure");
2470 return FALSE;
2471 }
2472 }
2473
2474 rc = tsg_transition_to_state(tsg, TSG_STATE_PIPE_CREATED);
2475 tsg->reauthSequence = FALSE;
2476 }
2477 else
2478 {
2479 WLog_Print(tsg->log, WLOG_ERROR,
2480 "TSG_STATE_AUTHORIZED unexpected OpNum: %" PRIu32 "\n", call->OpNum);
2481 }
2482
2483 break;
2484
2485 case TSG_STATE_CHANNEL_CREATED:
2486 break;
2487
2488 case TSG_STATE_PIPE_CREATED:
2489 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2490
2491 if (!call)
2492 return FALSE;
2493
2494 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2495 {
2496 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2497 {
2498 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2499 return FALSE;
2500 }
2501
2502 rc = TRUE;
2503
2504 if (tsg->ReauthTunnelContext)
2505 rc = tsg_proxy_reauth(tsg);
2506 }
2507 else if (call->OpNum == TsProxyCloseChannelOpnum)
2508 {
2509 CONTEXT_HANDLE ChannelContext;
2510
2511 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2512 {
2513 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2514 return FALSE;
2515 }
2516
2517 rc = TRUE;
2518 }
2519 else if (call->OpNum == TsProxyCloseTunnelOpnum)
2520 {
2521 CONTEXT_HANDLE TunnelContext;
2522
2523 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2524 {
2525 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2526 return FALSE;
2527 }
2528
2529 rc = TRUE;
2530 }
2531
2532 break;
2533
2534 case TSG_STATE_TUNNEL_CLOSE_PENDING:
2535 {
2536 CONTEXT_HANDLE ChannelContext;
2537
2538 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2539 {
2540 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2541 return FALSE;
2542 }
2543
2544 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING))
2545 return FALSE;
2546
2547 if (!TsProxyCloseChannelWriteRequest(tsg, NULL))
2548 {
2549 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2550 return FALSE;
2551 }
2552
2553 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2554 TSG_TUNNEL_CANCEL_ASYNC_MSG_REQUEST))
2555 {
2556 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2557 return FALSE;
2558 }
2559
2560 rc = TRUE;
2561 }
2562 break;
2563
2564 case TSG_STATE_CHANNEL_CLOSE_PENDING:
2565 {
2566 CONTEXT_HANDLE TunnelContext;
2567
2568 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2569 {
2570 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2571 return FALSE;
2572 }
2573
2574 rc = tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2575 }
2576 break;
2577
2578 case TSG_STATE_FINAL:
2579 break;
2580 default:
2581 break;
2582 }
2583
2584 return rc;
2585}
2586
2587BOOL tsg_check_event_handles(rdpTsg* tsg)
2588{
2589 WINPR_ASSERT(tsg);
2590 if (rpc_client_in_channel_recv(tsg->rpc) < 0)
2591 return FALSE;
2592
2593 if (rpc_client_out_channel_recv(tsg->rpc) < 0)
2594 return FALSE;
2595
2596 return TRUE;
2597}
2598
2599DWORD tsg_get_event_handles(rdpTsg* tsg, HANDLE* events, DWORD count)
2600{
2601 UINT32 nCount = 0;
2602 rdpRpc* rpc = tsg->rpc;
2603 RpcVirtualConnection* connection = rpc->VirtualConnection;
2604
2605 if (events && (nCount < count))
2606 {
2607 events[nCount] = rpc->client->PipeEvent;
2608 nCount++;
2609 }
2610 else
2611 return 0;
2612
2613 if (connection->DefaultInChannel && connection->DefaultInChannel->common.tls)
2614 {
2615 if (events && (nCount < count))
2616 {
2617 BIO_get_event(connection->DefaultInChannel->common.tls->bio, &events[nCount]);
2618 nCount++;
2619 }
2620 else
2621 return 0;
2622 }
2623
2624 if (connection->NonDefaultInChannel && connection->NonDefaultInChannel->common.tls)
2625 {
2626 if (events && (nCount < count))
2627 {
2628 BIO_get_event(connection->NonDefaultInChannel->common.tls->bio, &events[nCount]);
2629 nCount++;
2630 }
2631 else
2632 return 0;
2633 }
2634
2635 if (connection->DefaultOutChannel && connection->DefaultOutChannel->common.tls)
2636 {
2637 if (events && (nCount < count))
2638 {
2639 BIO_get_event(connection->DefaultOutChannel->common.tls->bio, &events[nCount]);
2640 nCount++;
2641 }
2642 else
2643 return 0;
2644 }
2645
2646 if (connection->NonDefaultOutChannel && connection->NonDefaultOutChannel->common.tls)
2647 {
2648 if (events && (nCount < count))
2649 {
2650 BIO_get_event(connection->NonDefaultOutChannel->common.tls->bio, &events[nCount]);
2651 nCount++;
2652 }
2653 else
2654 return 0;
2655 }
2656
2657 return nCount;
2658}
2659
2660static BOOL tsg_set_hostname(rdpTsg* tsg, const char* hostname)
2661{
2662 WINPR_ASSERT(tsg);
2663 free(tsg->Hostname);
2664 tsg->Hostname = ConvertUtf8ToWCharAlloc(hostname, NULL);
2665 return tsg->Hostname != NULL;
2666}
2667
2668static BOOL tsg_set_machine_name(rdpTsg* tsg, const char* machineName)
2669{
2670 WINPR_ASSERT(tsg);
2671 free(tsg->MachineName);
2672 tsg->MachineName = ConvertUtf8ToWCharAlloc(machineName, NULL);
2673 return tsg->MachineName != NULL;
2674}
2675
2676BOOL tsg_connect(rdpTsg* tsg, const char* hostname, UINT16 port, DWORD timeout)
2677{
2678 UINT64 looptimeout = timeout * 1000ULL;
2679 DWORD nCount = 0;
2680 HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 };
2681
2682 WINPR_ASSERT(tsg);
2683
2684 rdpRpc* rpc = tsg->rpc;
2685 WINPR_ASSERT(rpc);
2686
2687 rdpTransport* transport = rpc->transport;
2688 rdpContext* context = transport_get_context(transport);
2689 WINPR_ASSERT(context);
2690
2691 rdpSettings* settings = context->settings;
2692
2693 freerdp_set_last_error(context, ERROR_SUCCESS);
2694
2695 tsg->Port = port;
2696 tsg->transport = transport;
2697
2698 if (!settings->GatewayPort)
2699 settings->GatewayPort = 443;
2700
2701 if (!tsg_set_hostname(tsg, hostname))
2702 return FALSE;
2703
2704 if (!tsg_set_machine_name(tsg, settings->ComputerName))
2705 return FALSE;
2706
2707 if (!rpc_connect(rpc, timeout))
2708 {
2709 WLog_Print(tsg->log, WLOG_ERROR, "rpc_connect error!");
2710 return FALSE;
2711 }
2712
2713 nCount = tsg_get_event_handles(tsg, events, ARRAYSIZE(events));
2714
2715 if (nCount == 0)
2716 return FALSE;
2717
2718 while (tsg->state != TSG_STATE_PIPE_CREATED)
2719 {
2720 const DWORD polltimeout = 250;
2721 DWORD status = WaitForMultipleObjects(nCount, events, FALSE, polltimeout);
2722 if (status == WAIT_TIMEOUT)
2723 {
2724 if (timeout > 0)
2725 {
2726 if (looptimeout < polltimeout)
2727 return FALSE;
2728 looptimeout -= polltimeout;
2729 }
2730 }
2731 else
2732 looptimeout = timeout * 1000ULL;
2733
2734 if (!tsg_check_event_handles(tsg))
2735 {
2736 WLog_Print(tsg->log, WLOG_ERROR, "tsg_check failure");
2737 transport_set_layer(transport, TRANSPORT_LAYER_CLOSED);
2738 return FALSE;
2739 }
2740 }
2741
2742 WLog_Print(tsg->log, WLOG_INFO, "TS Gateway Connection Success");
2743 tsg->bio = BIO_new(BIO_s_tsg());
2744
2745 if (!tsg->bio)
2746 return FALSE;
2747
2748 BIO_set_data(tsg->bio, (void*)tsg);
2749 return TRUE;
2750}
2751
2752BOOL tsg_disconnect(rdpTsg* tsg)
2753{
2773 if (!tsg)
2774 return FALSE;
2775
2776 if (tsg->state != TSG_STATE_TUNNEL_CLOSE_PENDING)
2777 {
2778 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->ChannelContext))
2779 return FALSE;
2780
2781 return tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING);
2782 }
2783
2784 return TRUE;
2785}
2786
2797static int tsg_read(rdpTsg* tsg, BYTE* data, size_t length)
2798{
2799 rdpRpc* rpc = NULL;
2800 int status = 0;
2801
2802 if (!tsg || !data)
2803 return -1;
2804
2805 rpc = tsg->rpc;
2806
2807 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
2808 {
2809 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
2810 return -1;
2811 }
2812
2813 do
2814 {
2815 status = rpc_client_receive_pipe_read(rpc->client, data, length);
2816
2817 if (status < 0)
2818 return -1;
2819
2820 if (!status && !transport_get_blocking(rpc->transport))
2821 return 0;
2822
2823 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
2824 {
2825 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
2826 return -1;
2827 }
2828
2829 if (status > 0)
2830 break;
2831
2832 if (transport_get_blocking(rpc->transport))
2833 {
2834 while (WaitForSingleObject(rpc->client->PipeEvent, 0) != WAIT_OBJECT_0)
2835 {
2836 if (!tsg_check_event_handles(tsg))
2837 return -1;
2838
2839 (void)WaitForSingleObject(rpc->client->PipeEvent, 100);
2840 }
2841 }
2842 } while (transport_get_blocking(rpc->transport));
2843
2844 return status;
2845}
2846
2847static int tsg_write(rdpTsg* tsg, const BYTE* data, UINT32 length)
2848{
2849 int status = 0;
2850
2851 if (!tsg || !data || !tsg->rpc || !tsg->rpc->transport)
2852 return -1;
2853
2854 if (transport_get_layer(tsg->rpc->transport) == TRANSPORT_LAYER_CLOSED)
2855 {
2856 WLog_Print(tsg->log, WLOG_ERROR, "error, connection lost");
2857 return -1;
2858 }
2859
2860 status = TsProxySendToServer((handle_t)tsg, data, 1, &length);
2861
2862 if (status < 0)
2863 return -1;
2864
2865 return (int)length;
2866}
2867
2868rdpTsg* tsg_new(rdpTransport* transport)
2869{
2870 rdpTsg* tsg = (rdpTsg*)calloc(1, sizeof(rdpTsg));
2871
2872 if (!tsg)
2873 return NULL;
2874 tsg->log = WLog_Get(TAG);
2875 tsg->transport = transport;
2876 tsg->rpc = rpc_new(tsg->transport);
2877
2878 if (!tsg->rpc)
2879 goto out_free;
2880
2881 return tsg;
2882out_free:
2883 free(tsg);
2884 return NULL;
2885}
2886
2887void tsg_free(rdpTsg* tsg)
2888{
2889 if (tsg)
2890 {
2891 rpc_free(tsg->rpc);
2892 free(tsg->Hostname);
2893 free(tsg->MachineName);
2894 free(tsg);
2895 }
2896}
2897
2898static int transport_bio_tsg_write(BIO* bio, const char* buf, int num)
2899{
2900 int status = 0;
2901 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2902 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
2903
2904 if (num < 0)
2905 return -1;
2906 status = tsg_write(tsg, (const BYTE*)buf, (UINT32)num);
2907
2908 if (status < 0)
2909 {
2910 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2911 return -1;
2912 }
2913 else if (status == 0)
2914 {
2915 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2916 WSASetLastError(WSAEWOULDBLOCK);
2917 }
2918 else
2919 {
2920 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2921 }
2922
2923 return status >= 0 ? status : -1;
2924}
2925
2926static int transport_bio_tsg_read(BIO* bio, char* buf, int size)
2927{
2928 int status = 0;
2929 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2930
2931 if (!tsg || (size < 0))
2932 {
2933 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2934 return -1;
2935 }
2936
2937 BIO_clear_flags(bio, BIO_FLAGS_READ);
2938 status = tsg_read(tsg, (BYTE*)buf, (size_t)size);
2939
2940 if (status < 0)
2941 {
2942 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2943 return -1;
2944 }
2945 else if (status == 0)
2946 {
2947 BIO_set_flags(bio, BIO_FLAGS_READ);
2948 WSASetLastError(WSAEWOULDBLOCK);
2949 }
2950 else
2951 {
2952 BIO_set_flags(bio, BIO_FLAGS_READ);
2953 }
2954
2955 return status > 0 ? status : -1;
2956}
2957
2958static int transport_bio_tsg_puts(BIO* bio, const char* str)
2959{
2960 WINPR_UNUSED(bio);
2961 WINPR_UNUSED(str);
2962 return -2;
2963}
2964
2965// NOLINTNEXTLINE(readability-non-const-parameter)
2966static int transport_bio_tsg_gets(BIO* bio, char* str, int size)
2967{
2968 WINPR_UNUSED(bio);
2969 WINPR_UNUSED(str);
2970 WINPR_UNUSED(size);
2971 return 1;
2972}
2973
2974static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
2975{
2976 long status = -1;
2977 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2978 RpcVirtualConnection* connection = tsg->rpc->VirtualConnection;
2979 RpcInChannel* inChannel = connection->DefaultInChannel;
2980 RpcOutChannel* outChannel = connection->DefaultOutChannel;
2981
2982 switch (cmd)
2983 {
2984 case BIO_CTRL_FLUSH:
2985 (void)BIO_flush(inChannel->common.tls->bio);
2986 (void)BIO_flush(outChannel->common.tls->bio);
2987 status = 1;
2988 break;
2989
2990 case BIO_C_GET_EVENT:
2991 if (arg2)
2992 {
2993 *((HANDLE*)arg2) = tsg->rpc->client->PipeEvent;
2994 status = 1;
2995 }
2996
2997 break;
2998
2999 case BIO_C_SET_NONBLOCK:
3000 status = 1;
3001 break;
3002
3003 case BIO_C_READ_BLOCKED:
3004 {
3005 BIO* cbio = outChannel->common.bio;
3006 status = BIO_read_blocked(cbio);
3007 }
3008 break;
3009
3010 case BIO_C_WRITE_BLOCKED:
3011 {
3012 BIO* cbio = inChannel->common.bio;
3013 status = BIO_write_blocked(cbio);
3014 }
3015 break;
3016
3017 case BIO_C_WAIT_READ:
3018 {
3019 int timeout = (int)arg1;
3020 BIO* cbio = outChannel->common.bio;
3021
3022 if (BIO_read_blocked(cbio))
3023 return BIO_wait_read(cbio, timeout);
3024 else if (BIO_write_blocked(cbio))
3025 return BIO_wait_write(cbio, timeout);
3026 else
3027 status = 1;
3028 }
3029 break;
3030
3031 case BIO_C_WAIT_WRITE:
3032 {
3033 int timeout = (int)arg1;
3034 BIO* cbio = inChannel->common.bio;
3035
3036 if (BIO_write_blocked(cbio))
3037 status = BIO_wait_write(cbio, timeout);
3038 else if (BIO_read_blocked(cbio))
3039 status = BIO_wait_read(cbio, timeout);
3040 else
3041 status = 1;
3042 }
3043 break;
3044#if OPENSSL_VERSION_NUMBER >= 0x30000000L
3045 case BIO_CTRL_GET_KTLS_SEND:
3046 status = 0;
3047 break;
3048 case BIO_CTRL_GET_KTLS_RECV:
3049 status = 0;
3050 break;
3051#endif
3052 default:
3053 break;
3054 }
3055
3056 return status;
3057}
3058
3059static int transport_bio_tsg_new(BIO* bio)
3060{
3061 WINPR_ASSERT(bio);
3062 BIO_set_init(bio, 1);
3063 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3064 return 1;
3065}
3066
3067static int transport_bio_tsg_free(BIO* bio)
3068{
3069 WINPR_ASSERT(bio);
3070 WINPR_UNUSED(bio);
3071 return 1;
3072}
3073
3074BIO_METHOD* BIO_s_tsg(void)
3075{
3076 static BIO_METHOD* bio_methods = NULL;
3077
3078 if (bio_methods == NULL)
3079 {
3080 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway")))
3081 return NULL;
3082
3083 BIO_meth_set_write(bio_methods, transport_bio_tsg_write);
3084 BIO_meth_set_read(bio_methods, transport_bio_tsg_read);
3085 BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts);
3086 BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets);
3087 BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl);
3088 BIO_meth_set_create(bio_methods, transport_bio_tsg_new);
3089 BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free);
3090 }
3091
3092 return bio_methods;
3093}
3094
3095TSG_STATE tsg_get_state(rdpTsg* tsg)
3096{
3097 if (!tsg)
3098 return TSG_STATE_INITIAL;
3099
3100 return tsg->state;
3101}
3102
3103BIO* tsg_get_bio(rdpTsg* tsg)
3104{
3105 if (!tsg)
3106 return NULL;
3107
3108 return tsg->bio;
3109}
3110
3111BOOL tsg_set_state(rdpTsg* tsg, TSG_STATE state)
3112{
3113 if (!tsg)
3114 return FALSE;
3115
3116 tsg->state = state;
3117 return TRUE;
3118}
CONTEXT_HANDLE
Definition winpr/include/winpr/rpc.h:26
RPC_PDU
Definition libfreerdp/core/gateway/rpc.h:66
p_uuid_t
Definition libfreerdp/core/gateway/rpc.h:150