FreeRDP
Loading...
Searching...
No Matches
tsg.c
1
23#include <freerdp/config.h>
24
25#include "../settings.h"
26
27#include <winpr/assert.h>
28#include <winpr/crt.h>
29#include <winpr/error.h>
30#include <winpr/print.h>
31#include <winpr/stream.h>
32
33#include <freerdp/log.h>
34
35#include "rpc_bind.h"
36#include "rpc_client.h"
37#include "tsg.h"
38#include "../utils.h"
39#include "../../crypto/opensslcompat.h"
40
41#define TAG FREERDP_TAG("core.gateway.tsg")
42
43#define TSG_CAPABILITY_TYPE_NAP 0x00000001
44
45#define TSG_PACKET_TYPE_HEADER 0x00004844
46#define TSG_PACKET_TYPE_VERSIONCAPS 0x00005643
47#define TSG_PACKET_TYPE_QUARCONFIGREQUEST 0x00005143
48#define TSG_PACKET_TYPE_QUARREQUEST 0x00005152
49#define TSG_PACKET_TYPE_RESPONSE 0x00005052
50#define TSG_PACKET_TYPE_QUARENC_RESPONSE 0x00004552
51#define TSG_PACKET_TYPE_CAPS_RESPONSE 0x00004350
52#define TSG_PACKET_TYPE_MSGREQUEST_PACKET 0x00004752
53#define TSG_PACKET_TYPE_MESSAGE_PACKET 0x00004750
54#define TSG_PACKET_TYPE_AUTH 0x00004054
55#define TSG_PACKET_TYPE_REAUTH 0x00005250
56
57typedef WCHAR* RESOURCENAME;
58
59typedef struct
60{
61 RESOURCENAME* resourceName;
62 UINT32 numResourceNames;
63 RESOURCENAME* alternateResourceNames;
64 UINT16 numAlternateResourceNames;
65 UINT32 Port;
66} TSENDPOINTINFO;
67
68typedef struct
69{
70 UINT16 ComponentId;
71 UINT16 PacketId;
72} TSG_PACKET_HEADER;
73
74typedef struct
75{
76 UINT32 capabilities;
77} TSG_CAPABILITY_NAP;
78
79typedef union
80{
81 TSG_CAPABILITY_NAP tsgCapNap;
82} TSG_CAPABILITIES_UNION;
83
84typedef struct
85{
86 UINT32 capabilityType;
87 TSG_CAPABILITIES_UNION tsgPacket;
88} TSG_PACKET_CAPABILITIES;
89
90typedef struct
91{
92 TSG_PACKET_HEADER tsgHeader;
93 TSG_PACKET_CAPABILITIES tsgCaps;
94 UINT32 numCapabilities;
95 UINT16 majorVersion;
96 UINT16 minorVersion;
97 UINT16 quarantineCapabilities;
98} TSG_PACKET_VERSIONCAPS;
99
100typedef struct
101{
102 UINT32 flags;
103} TSG_PACKET_QUARCONFIGREQUEST;
104
105typedef struct
106{
107 UINT32 flags;
108 WCHAR* machineName;
109 UINT32 nameLength;
110 BYTE* data;
111 UINT32 dataLen;
112} TSG_PACKET_QUARREQUEST;
113
114typedef struct
115{
116 BOOL enableAllRedirections;
117 BOOL disableAllRedirections;
118 BOOL driveRedirectionDisabled;
119 BOOL printerRedirectionDisabled;
120 BOOL portRedirectionDisabled;
121 BOOL reserved;
122 BOOL clipboardRedirectionDisabled;
123 BOOL pnpRedirectionDisabled;
124} TSG_REDIRECTION_FLAGS;
125
126typedef struct
127{
128 UINT32 flags;
129 UINT32 reserved;
130 const BYTE* responseData;
131 UINT32 responseDataLen;
132 TSG_REDIRECTION_FLAGS redirectionFlags;
133} TSG_PACKET_RESPONSE;
134
135typedef struct
136{
137 UINT32 flags;
138 UINT32 certChainLen;
139 WCHAR* certChainData;
140 GUID nonce;
141 TSG_PACKET_VERSIONCAPS versionCaps;
142} TSG_PACKET_QUARENC_RESPONSE;
143
144typedef struct
145{
146 INT32 isDisplayMandatory;
147 INT32 isConsentMandatory;
148 UINT32 msgBytes;
149 WCHAR* msgBuffer;
150} TSG_PACKET_STRING_MESSAGE;
151
152typedef struct
153{
154 UINT64 tunnelContext;
155} TSG_PACKET_REAUTH_MESSAGE;
156
157typedef struct
158{
159 UINT32 msgID;
160 UINT32 msgType;
161 INT32 isMsgPresent;
162} TSG_PACKET_MSG_RESPONSE;
163
164typedef struct
165{
166 TSG_PACKET_QUARENC_RESPONSE pktQuarEncResponse;
167 TSG_PACKET_MSG_RESPONSE pktConsentMessage;
168} TSG_PACKET_CAPS_RESPONSE;
169
170typedef struct
171{
172 UINT32 maxMessagesPerBatch;
173} TSG_PACKET_MSG_REQUEST;
174
175typedef struct
176{
177 TSG_PACKET_VERSIONCAPS tsgVersionCaps;
178 UINT32 cookieLen;
179 BYTE* cookie;
180} TSG_PACKET_AUTH;
181
182typedef union
183{
184 TSG_PACKET_VERSIONCAPS packetVersionCaps;
185 TSG_PACKET_AUTH packetAuth;
186} TSG_INITIAL_PACKET_TYPE_UNION;
187
188typedef struct
189{
190 UINT64 tunnelContext;
191 UINT32 packetId;
192 TSG_INITIAL_PACKET_TYPE_UNION tsgInitialPacket;
193} TSG_PACKET_REAUTH;
194
195typedef union
196{
197 TSG_PACKET_HEADER packetHeader;
198 TSG_PACKET_VERSIONCAPS packetVersionCaps;
199 TSG_PACKET_QUARCONFIGREQUEST packetQuarConfigRequest;
200 TSG_PACKET_QUARREQUEST packetQuarRequest;
201 TSG_PACKET_RESPONSE packetResponse;
202 TSG_PACKET_QUARENC_RESPONSE packetQuarEncResponse;
203 TSG_PACKET_CAPS_RESPONSE packetCapsResponse;
204 TSG_PACKET_MSG_REQUEST packetMsgRequest;
205 TSG_PACKET_MSG_RESPONSE packetMsgResponse;
206 TSG_PACKET_AUTH packetAuth;
207 TSG_PACKET_REAUTH packetReauth;
208} TSG_PACKET_TYPE_UNION;
209
210typedef struct
211{
212 UINT32 packetId;
213 TSG_PACKET_TYPE_UNION tsgPacket;
214} TSG_PACKET;
215
216struct rdp_tsg
217{
218 BIO* bio;
219 rdpRpc* rpc;
220 UINT16 Port;
221 LPWSTR Hostname;
222 TSG_STATE state;
223 UINT32 TunnelId;
224 UINT32 ChannelId;
225 BOOL reauthSequence;
226 rdpTransport* transport;
227 UINT64 ReauthTunnelContext;
228 CONTEXT_HANDLE TunnelContext;
229 CONTEXT_HANDLE ChannelContext;
230 CONTEXT_HANDLE NewTunnelContext;
231 CONTEXT_HANDLE NewChannelContext;
232 wLog* log;
233 TSG_PACKET_QUARENC_RESPONSE CapsResponse;
234 TSG_PACKET_QUARREQUEST QuarreQuest;
235};
236
237static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
238 TSG_PACKET_STRING_MESSAGE* msg);
239static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align);
240
241static const char* tsg_caps_to_string(UINT32 caps, char* buffer, size_t len)
242{
243 const UINT32 mask = ~(TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT |
244 TSG_MESSAGING_CAP_CONSENT_SIGN | TSG_MESSAGING_CAP_SERVICE_MSG |
245 TSG_MESSAGING_CAP_REAUTH);
246 const UINT32 val = caps & mask;
247
248 if ((caps & TSG_NAP_CAPABILITY_QUAR_SOH) != 0)
249 (void)winpr_str_append("TSG_NAP_CAPABILITY_QUAR_SOH", buffer, len, "|");
250 if ((caps & TSG_NAP_CAPABILITY_IDLE_TIMEOUT) != 0)
251 (void)winpr_str_append("TSG_NAP_CAPABILITY_IDLE_TIMEOUT", buffer, len, "|");
252 if ((caps & TSG_MESSAGING_CAP_CONSENT_SIGN) != 0)
253 (void)winpr_str_append("TSG_MESSAGING_CAP_CONSENT_SIGN", buffer, len, "|");
254 if ((caps & TSG_MESSAGING_CAP_SERVICE_MSG) != 0)
255 (void)winpr_str_append("TSG_MESSAGING_CAP_SERVICE_MSG", buffer, len, "|");
256 if ((caps & TSG_MESSAGING_CAP_REAUTH) != 0)
257 (void)winpr_str_append("TSG_MESSAGING_CAP_REAUTH", buffer, len, "|");
258
259 if (val != 0)
260 {
261 char number[32] = WINPR_C_ARRAY_INIT;
262 (void)_snprintf(number, sizeof(number), "TSG_UNKNOWN{0x%08" PRIx32 "}", val);
263 (void)winpr_str_append(number, buffer, len, "|");
264 }
265
266 return buffer;
267}
268
269static const char* tsg_packet_id_to_string(UINT32 packetId)
270{
271 switch (packetId)
272 {
273 case TSG_PACKET_TYPE_HEADER:
274 return "TSG_PACKET_TYPE_HEADER";
275 case TSG_PACKET_TYPE_VERSIONCAPS:
276 return "TSG_PACKET_TYPE_VERSIONCAPS";
277 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
278 return "TSG_PACKET_TYPE_QUARCONFIGREQUEST";
279 case TSG_PACKET_TYPE_QUARREQUEST:
280 return "TSG_PACKET_TYPE_QUARREQUEST";
281 case TSG_PACKET_TYPE_RESPONSE:
282 return "TSG_PACKET_TYPE_RESPONSE";
283 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
284 return "TSG_PACKET_TYPE_QUARENC_RESPONSE";
285 case TSG_CAPABILITY_TYPE_NAP:
286 return "TSG_CAPABILITY_TYPE_NAP";
287 case TSG_PACKET_TYPE_CAPS_RESPONSE:
288 return "TSG_PACKET_TYPE_CAPS_RESPONSE";
289 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
290 return "TSG_PACKET_TYPE_MSGREQUEST_PACKET";
291 case TSG_PACKET_TYPE_MESSAGE_PACKET:
292 return "TSG_PACKET_TYPE_MESSAGE_PACKET";
293 case TSG_PACKET_TYPE_AUTH:
294 return "TSG_PACKET_TYPE_AUTH";
295 case TSG_PACKET_TYPE_REAUTH:
296 return "TSG_PACKET_TYPE_REAUTH";
297 default:
298 return "UNKNOWN";
299 }
300}
301
302static const char* tsg_component_id_to_string(UINT16 ComponentId, char* buffer, size_t bytelen)
303{
304 const char* str = nullptr;
305
306#define ENTRY(x) \
307 case x: \
308 str = #x; \
309 break
310 switch (ComponentId)
311 {
312 ENTRY(TS_GATEWAY_TRANSPORT);
313 default:
314 str = "TS_UNKNOWN";
315 break;
316 }
317#undef ENTRY
318
319 (void)_snprintf(buffer, bytelen, "%s [0x%04" PRIx16 "]", str, ComponentId);
320 return buffer;
321}
322
323static const char* tsg_state_to_string(TSG_STATE state)
324{
325 switch (state)
326 {
327 case TSG_STATE_INITIAL:
328 return "TSG_STATE_INITIAL";
329 case TSG_STATE_CONNECTED:
330 return "TSG_STATE_CONNECTED";
331 case TSG_STATE_AUTHORIZED:
332 return "TSG_STATE_AUTHORIZED";
333 case TSG_STATE_CHANNEL_CREATED:
334 return "TSG_STATE_CHANNEL_CREATED";
335 case TSG_STATE_PIPE_CREATED:
336 return "TSG_STATE_PIPE_CREATED";
337 case TSG_STATE_TUNNEL_CLOSE_PENDING:
338 return "TSG_STATE_TUNNEL_CLOSE_PENDING";
339 case TSG_STATE_CHANNEL_CLOSE_PENDING:
340 return "TSG_STATE_CHANNEL_CLOSE_PENDING";
341 case TSG_STATE_FINAL:
342 return "TSG_STATE_FINAL";
343 default:
344 return "TSG_STATE_UNKNOWN";
345 }
346}
347
348static BOOL TsProxyReadTunnelContext(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext)
349{
350 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 20))
351 return FALSE;
352
353 WINPR_ASSERT(tunnelContext);
354 Stream_Read_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
355 Stream_Read(s, &tunnelContext->ContextUuid,
356 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
357 return TRUE;
358}
359
360static BOOL TsProxyWriteTunnelContext(WINPR_ATTR_UNUSED wLog* log, wStream* s,
361 const CONTEXT_HANDLE* tunnelContext)
362{
363 if (!Stream_EnsureRemainingCapacity(s, 20))
364 return FALSE;
365
366 Stream_Write_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
367 Stream_Write(s, &tunnelContext->ContextUuid,
368 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
369 return TRUE;
370}
371
372static BOOL tsg_ndr_pointer_write(WINPR_ATTR_UNUSED wLog* log, wStream* s, UINT32* index,
373 DWORD length)
374{
375 WINPR_ASSERT(index);
376 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
377
378 if (!s)
379 return FALSE;
380 if (!Stream_EnsureRemainingCapacity(s, 4))
381 return FALSE;
382
383 if (length > 0)
384 {
385 Stream_Write_UINT32(s, ndrPtr); /* mszGroupsNdrPtr (4 bytes) */
386 (*index) = (*index) + 1;
387 }
388 else
389 Stream_Write_UINT32(s, 0);
390 return TRUE;
391}
392
393static BOOL tsg_ndr_pointer_read(wLog* log, wStream* s, UINT32* index, UINT32* ptrval,
394 BOOL required)
395{
396 WINPR_ASSERT(index);
397 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
398
399 if (!s)
400 return FALSE;
401 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
402 return FALSE;
403
404 const DWORD val = Stream_Get_UINT32(s);
405 if (ptrval)
406 *ptrval = val;
407
408 if (val != 0)
409 {
410 if (val != ndrPtr)
411 {
412 WLog_Print(log, WLOG_WARN, "Read NDR pointer 0x%04" PRIx32 " but expected 0x%04" PRIx32,
413 val, ndrPtr);
414 if ((val & 0xFFFF0000) != (ndrPtr & 0xFFFF0000))
415 return FALSE;
416 }
417 (*index)++;
418 }
419 else if (required)
420 {
421 WLog_Print(log, WLOG_ERROR, "NDR pointer == 0, but the field is required");
422 return FALSE;
423 }
424
425 return TRUE;
426}
427
428static BOOL tsg_ndr_write_conformant_array(WINPR_ATTR_UNUSED wLog* log, wStream* s,
429 const void* data, size_t length)
430{
431 const size_t pad = length % 4;
432 if ((length > UINT32_MAX) || !Stream_EnsureRemainingCapacity(s, 4ull + length))
433 return FALSE;
434
435 Stream_Write_UINT32(s, WINPR_ASSERTING_INT_CAST(uint32_t, length)); /* MaxCount (4 bytes) */
436 Stream_Write(s, data, length);
437 if (pad != 0)
438 Stream_Zero(s, 4 - pad);
439
440 return TRUE;
441}
442
443static BOOL tsg_ndr_write_string(WINPR_ATTR_UNUSED wLog* log, wStream* s, const WCHAR* str,
444 size_t length)
445{
446 const size_t pad = (length % 2) * sizeof(WCHAR);
447 if ((length > UINT32_MAX) ||
448 !Stream_EnsureRemainingCapacity(s, 12ull + length * sizeof(WCHAR) + pad))
449 return FALSE;
450
451 Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */
452 Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */
453 Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */
454 Stream_Write_UTF16_String(s, str, length); /* Array */
455 Stream_Zero(s, pad);
456 return TRUE;
457}
458
459static BOOL tsg_ndr_read_string(wLog* log, wStream* s, WCHAR** str, UINT32 lengthInBytes)
460{
461 UINT32 MaxCount = 0;
462 UINT32 Offset = 0;
463 UINT32 ActualCount = 0;
464
465 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
466 return FALSE;
467
468 Stream_Read_UINT32(s, MaxCount); /* MaxCount (4 bytes) */
469 Stream_Read_UINT32(s, Offset); /* Offset (4 bytes) */
470 Stream_Read_UINT32(s, ActualCount); /* ActualCount (4 bytes) */
471 if (ActualCount > MaxCount)
472 {
473 WLog_Print(log, WLOG_ERROR,
474 "failed to read string, ActualCount (%" PRIu32 ") > MaxCount (%" PRIu32 ")",
475 ActualCount, MaxCount);
476 return FALSE;
477 }
478 if (Offset != 0)
479 {
480 WLog_Print(log, WLOG_ERROR, "Unsupported Offset (%" PRIu32 "), expected 0", Offset);
481 return FALSE;
482 }
483 if (ActualCount > lengthInBytes / sizeof(WCHAR))
484 {
485 WLog_Print(log, WLOG_ERROR,
486 "failed to read string, ActualCount (%" PRIu32
487 ") * sizeof(WCHAR) > lengthInBytes (%" PRIu32 ")",
488 ActualCount, lengthInBytes);
489 return FALSE;
490 }
491 if (str)
492 *str = Stream_PointerAs(s, WCHAR);
493
494 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, ActualCount * sizeof(WCHAR)))
495 return FALSE;
496 Stream_Seek(s, ActualCount * sizeof(WCHAR));
497
498 const size_t pad = (ActualCount % 2);
499 return Stream_SafeSeek(s, pad * sizeof(WCHAR));
500}
501
502static BOOL tsg_ndr_read_packet_header(wLog* log, wStream* s, TSG_PACKET_HEADER* header)
503{
504 const UINT32 ComponentId = TS_GATEWAY_TRANSPORT;
505
506 WINPR_ASSERT(header);
507 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2, sizeof(UINT16)))
508 return FALSE;
509 Stream_Read_UINT16(s, header->ComponentId);
510 Stream_Read_UINT16(s, header->PacketId);
511
512 if (ComponentId != header->ComponentId)
513 {
514 char buffer[64] = WINPR_C_ARRAY_INIT;
515 char buffer2[64] = WINPR_C_ARRAY_INIT;
516 WLog_Print(log, WLOG_ERROR, "Unexpected ComponentId: %s, Expected %s",
517 tsg_component_id_to_string(header->ComponentId, buffer, sizeof(buffer)),
518 tsg_component_id_to_string(ComponentId, buffer2, sizeof(buffer2)));
519 return FALSE;
520 }
521
522 return TRUE;
523}
524
525static BOOL tsg_ndr_write_packet_header(WINPR_ATTR_UNUSED wLog* log, wStream* s,
526 const TSG_PACKET_HEADER* header)
527{
528 WINPR_ASSERT(header);
529 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT16)))
530 return FALSE;
531 Stream_Write_UINT16(s, header->ComponentId);
532 Stream_Write_UINT16(s, header->PacketId);
533 return TRUE;
534}
535
536static BOOL tsg_ndr_read_nap(wLog* log, wStream* s, TSG_CAPABILITY_NAP* nap)
537{
538 WINPR_ASSERT(nap);
539
540 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
541 return FALSE;
542 Stream_Read_UINT32(s, nap->capabilities);
543 {
544 char buffer[256] = WINPR_C_ARRAY_INIT;
545 WLog_Print(log, WLOG_DEBUG, "Received version caps %s",
546 tsg_caps_to_string(nap->capabilities, buffer, sizeof(buffer)));
547 }
548 return TRUE;
549}
550
551static BOOL tsg_ndr_write_nap(wLog* log, wStream* s, const TSG_CAPABILITY_NAP* nap)
552{
553 WINPR_ASSERT(nap);
554
555 if (!Stream_EnsureRemainingCapacity(s, 1 * sizeof(UINT32)))
556 return FALSE;
557
558 {
559 char buffer[256] = WINPR_C_ARRAY_INIT;
560 WLog_Print(log, WLOG_DEBUG, "Sending version caps %s",
561 tsg_caps_to_string(nap->capabilities, buffer, sizeof(buffer)));
562 }
563 Stream_Write_UINT32(s, nap->capabilities);
564 return TRUE;
565}
566
567static BOOL tsg_ndr_read_tsg_caps(wLog* log, wStream* s, TSG_PACKET_CAPABILITIES* caps)
568{
569 UINT32 capabilityType = 0;
570 UINT32 count = 0;
571 WINPR_ASSERT(caps);
572
573 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 3, sizeof(UINT32)))
574 return FALSE;
575 Stream_Read_UINT32(s, count);
576 Stream_Read_UINT32(s, capabilityType);
577 Stream_Read_UINT32(s, caps->capabilityType);
578 if (capabilityType != caps->capabilityType)
579 {
580 WLog_Print(log, WLOG_ERROR,
581 "Inconsistent data, capabilityType 0x%08" PRIx32 " != 0x%08" PRIx32,
582 capabilityType, caps->capabilityType);
583 return FALSE;
584 }
585 switch (caps->capabilityType)
586 {
587 case TSG_CAPABILITY_TYPE_NAP:
588 if (count < 1)
589 {
590 WLog_Print(log, WLOG_ERROR, "Inconsistent data, capabilityType %s count=%" PRIu32,
591 tsg_packet_id_to_string(capabilityType), count);
592 return FALSE;
593 }
594 return tsg_ndr_read_nap(log, s, &caps->tsgPacket.tsgCapNap);
595 default:
596 WLog_Print(log, WLOG_ERROR,
597 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32
598 " [count=%" PRIu32 "]",
599 caps->capabilityType, count);
600 return FALSE;
601 }
602}
603
604static BOOL tsg_ndr_write_tsg_caps(wLog* log, wStream* s, const TSG_PACKET_CAPABILITIES* caps)
605{
606 WINPR_ASSERT(caps);
607
608 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT32)))
609 return FALSE;
610 Stream_Write_UINT32(s, caps->capabilityType);
611 Stream_Write_UINT32(s, caps->capabilityType);
612
613 switch (caps->capabilityType)
614 {
615 case TSG_CAPABILITY_TYPE_NAP:
616 return tsg_ndr_write_nap(log, s, &caps->tsgPacket.tsgCapNap);
617 default:
618 WLog_Print(log, WLOG_ERROR,
619 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32,
620 caps->capabilityType);
621 return FALSE;
622 }
623}
624
625static BOOL tsg_ndr_read_version_caps(wLog* log, wStream* s, UINT32* index,
626 TSG_PACKET_VERSIONCAPS* caps)
627{
628 WINPR_ASSERT(caps);
629 if (!tsg_ndr_read_packet_header(log, s, &caps->tsgHeader))
630 return FALSE;
631
632 UINT32 TSGCapsPtr = 0;
633 if (!tsg_ndr_pointer_read(log, s, index, &TSGCapsPtr, TRUE))
634 return FALSE;
635
636 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 10))
637 return FALSE;
638 Stream_Read_UINT32(s, caps->numCapabilities);
639 Stream_Read_UINT16(s, caps->majorVersion);
640 Stream_Read_UINT16(s, caps->minorVersion);
641 Stream_Read_UINT16(s, caps->quarantineCapabilities);
642 /* 4-byte alignment */
643 if (!tsg_stream_align(log, s, 4))
644 return FALSE;
645
646 if (caps->numCapabilities > 1)
647 {
648 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
649 caps->numCapabilities);
650 return FALSE;
651 }
652
653 return tsg_ndr_read_tsg_caps(log, s, &caps->tsgCaps);
654}
655
656static BOOL tsg_ndr_write_version_caps(wLog* log, wStream* s, UINT32* index,
657 const TSG_PACKET_VERSIONCAPS* caps)
658{
659 WINPR_ASSERT(caps);
660 if (!tsg_ndr_write_packet_header(log, s, &caps->tsgHeader))
661 return FALSE;
662
663 if (!tsg_ndr_pointer_write(log, s, index, 1)) /* TsgCapsPtr (4 bytes) */
664 return FALSE;
665
666 if (!Stream_EnsureRemainingCapacity(s, 10))
667 return FALSE;
668
669 if (caps->numCapabilities > 1)
670 {
671 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
672 caps->numCapabilities);
673 return FALSE;
674 }
675 Stream_Write_UINT32(s, caps->numCapabilities);
676 Stream_Write_UINT16(s, caps->majorVersion);
677 Stream_Write_UINT16(s, caps->minorVersion);
678 Stream_Write_UINT16(s, caps->quarantineCapabilities);
679
680 /* 4-byte alignment (30 + 2) */
681 Stream_Write_UINT16(s, 0x0000); /* pad (2 bytes) */
682 Stream_Write_UINT32(s, caps->numCapabilities); /* MaxCount (4 bytes) */
683 return tsg_ndr_write_tsg_caps(log, s, &caps->tsgCaps);
684}
685
686static BOOL tsg_ndr_read_quarenc_response(wLog* log, wStream* s, UINT32* index,
687 TSG_PACKET_QUARENC_RESPONSE* quarenc)
688{
689 WINPR_ASSERT(quarenc);
690 UINT32 CertChainDataPtr = 0;
691 UINT32 VersionCapsPtr = 0;
692
693 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
694 return FALSE;
695 Stream_Read_UINT32(s, quarenc->flags);
696 Stream_Read_UINT32(s, quarenc->certChainLen);
697
698 if (!tsg_ndr_pointer_read(log, s, index, &CertChainDataPtr, quarenc->certChainLen != 0))
699 return FALSE;
700
701 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(quarenc->nonce)))
702 return FALSE;
703 Stream_Read(s, &quarenc->nonce, sizeof(quarenc->nonce));
704
705 return (tsg_ndr_pointer_read(log, s, index, &VersionCapsPtr, TRUE));
706}
707
708static BOOL tsg_ndr_read_quarenc_data(wLog* log, wStream* s, UINT32* index,
709 TSG_PACKET_QUARENC_RESPONSE* quarenc)
710{
711 WINPR_ASSERT(quarenc);
712
713 if (quarenc->certChainLen > 0)
714 {
715 /* [MS-TSGU] 2.2.9.2.1.6 TSG_PACKET_QUARENC_RESPONSE::certChainLen number of WCHAR */
716 if (!tsg_ndr_read_string(log, s, &quarenc->certChainData,
717 quarenc->certChainLen * sizeof(WCHAR)))
718 return FALSE;
719 /* 4-byte alignment */
720 if (!tsg_stream_align(log, s, 4))
721 return FALSE;
722 }
723
724 return tsg_ndr_read_version_caps(log, s, index, &quarenc->versionCaps);
725}
726
727static BOOL tsg_ndr_write_auth(wLog* log, wStream* s, UINT32* index, const TSG_PACKET_AUTH* auth)
728{
729 WINPR_ASSERT(auth);
730
731 if (!tsg_ndr_write_version_caps(log, s, index, &auth->tsgVersionCaps))
732 return FALSE;
733
734 if (!Stream_EnsureRemainingCapacity(s, 4))
735 return FALSE;
736
737 Stream_Write_UINT32(s, auth->cookieLen);
738 if (!tsg_ndr_pointer_write(log, s, index, auth->cookieLen))
739 return FALSE;
740
741 if (!Stream_EnsureRemainingCapacity(s, auth->cookieLen))
742 return FALSE;
743 Stream_Write(s, auth->cookie, auth->cookieLen);
744 return TRUE;
745}
746
747static BOOL tsg_ndr_write_reauth(wLog* log, wStream* s, UINT32* index,
748 const TSG_PACKET_REAUTH* auth)
749{
750 WINPR_ASSERT(auth);
751
752 if (!Stream_EnsureRemainingCapacity(s, 12))
753 return FALSE;
754
755 Stream_Write_UINT64(s, auth->tunnelContext); /* TunnelContext (8 bytes) */
756 Stream_Write_UINT32(s, auth->packetId); /* PacketId (4 bytes) */
757
758 switch (auth->packetId)
759 {
760 case TSG_PACKET_TYPE_VERSIONCAPS:
761 return tsg_ndr_write_version_caps(log, s, index,
762 &auth->tsgInitialPacket.packetVersionCaps);
763 case TSG_PACKET_TYPE_AUTH:
764 return tsg_ndr_write_auth(log, s, index, &auth->tsgInitialPacket.packetAuth);
765 default:
766 WLog_Print(log, WLOG_ERROR, "unexpected packetId %s",
767 tsg_packet_id_to_string(auth->packetId));
768 return FALSE;
769 }
770}
771
772static BOOL tsg_ndr_read_packet_redirection_flags(wLog* log, wStream* s,
773 TSG_REDIRECTION_FLAGS* redirectionFlags)
774{
775 WINPR_ASSERT(redirectionFlags);
776
777 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 8, sizeof(UINT32)))
778 return FALSE;
779
780 redirectionFlags->enableAllRedirections =
781 Stream_Get_INT32(s); /* EnableAllRedirections (4 bytes) */
782 redirectionFlags->disableAllRedirections =
783 Stream_Get_INT32(s); /* DisableAllRedirections (4 bytes) */
784 redirectionFlags->driveRedirectionDisabled =
785 Stream_Get_INT32(s); /* DriveRedirectionDisabled (4 bytes) */
786 redirectionFlags->printerRedirectionDisabled =
787 Stream_Get_INT32(s); /* PrinterRedirectionDisabled (4 bytes) */
788 redirectionFlags->portRedirectionDisabled =
789 Stream_Get_INT32(s); /* PortRedirectionDisabled (4 bytes) */
790 redirectionFlags->reserved = Stream_Get_INT32(s); /* Reserved (4 bytes) */
791 redirectionFlags->clipboardRedirectionDisabled =
792 Stream_Get_INT32(s); /* ClipboardRedirectionDisabled (4 bytes) */
793 redirectionFlags->pnpRedirectionDisabled =
794 Stream_Get_INT32(s); /* PnpRedirectionDisabled (4 bytes) */
795 return TRUE;
796}
797
798WINPR_ATTR_FORMAT_ARG(3, 4)
799static BOOL tsg_print(char** buffer, size_t* len, WINPR_FORMAT_ARG const char* fmt, ...)
800{
801 int rc = 0;
802 va_list ap = WINPR_C_ARRAY_INIT;
803 if (!buffer || !len || !fmt)
804 return FALSE;
805 va_start(ap, fmt);
806 rc = vsnprintf(*buffer, *len, fmt, ap);
807 va_end(ap);
808 if ((rc < 0) || ((size_t)rc > *len))
809 return FALSE;
810 *len -= (size_t)rc;
811 *buffer += (size_t)rc;
812 return TRUE;
813}
814
815static BOOL tsg_packet_header_to_string(char** buffer, size_t* length,
816 const TSG_PACKET_HEADER* header)
817{
818 WINPR_ASSERT(buffer);
819 WINPR_ASSERT(length);
820 WINPR_ASSERT(header);
821
822 return tsg_print(buffer, length,
823 "header { ComponentId=0x%04" PRIx16 ", PacketId=0x%04" PRIx16 " }",
824 header->ComponentId, header->PacketId);
825}
826
827static BOOL tsg_type_capability_nap_to_string(char** buffer, size_t* length,
828 const TSG_CAPABILITY_NAP* cur)
829{
830 WINPR_ASSERT(buffer);
831 WINPR_ASSERT(length);
832 WINPR_ASSERT(cur);
833
834 return tsg_print(buffer, length, "%s { capabilities=0x%08" PRIx32 " }",
835 tsg_packet_id_to_string(TSG_CAPABILITY_TYPE_NAP), cur->capabilities);
836}
837
838static BOOL tsg_packet_capabilities_to_string(char** buffer, size_t* length,
839 const TSG_PACKET_CAPABILITIES* caps, UINT32 numCaps)
840{
841 WINPR_ASSERT(buffer);
842 WINPR_ASSERT(length);
843 WINPR_ASSERT(caps);
844
845 if (!tsg_print(buffer, length, "capabilities { "))
846 return FALSE;
847
848 for (UINT32 x = 0; x < numCaps; x++)
849 {
850 const TSG_PACKET_CAPABILITIES* cur = &caps[x];
851 switch (cur->capabilityType)
852 {
853 case TSG_CAPABILITY_TYPE_NAP:
854 if (!tsg_type_capability_nap_to_string(buffer, length, &cur->tsgPacket.tsgCapNap))
855 return FALSE;
856 break;
857 default:
858 if (!tsg_print(buffer, length, "TSG_UNKNOWN_CAPABILITY"))
859 return FALSE;
860 break;
861 }
862 }
863 return tsg_print(buffer, length, " }");
864}
865
866static BOOL tsg_packet_versioncaps_to_string(char** buffer, size_t* length,
867 const TSG_PACKET_VERSIONCAPS* caps)
868{
869 WINPR_ASSERT(buffer);
870 WINPR_ASSERT(length);
871 WINPR_ASSERT(caps);
872
873 if (!tsg_print(buffer, length, "versioncaps { "))
874 return FALSE;
875 if (!tsg_packet_header_to_string(buffer, length, &caps->tsgHeader))
876 return FALSE;
877
878 if (!tsg_print(buffer, length, " "))
879 return FALSE;
880
881 if (caps->numCapabilities > 1)
882 {
883 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
884 caps->numCapabilities);
885 return FALSE;
886 }
887
888 if (!tsg_packet_capabilities_to_string(buffer, length, &caps->tsgCaps, caps->numCapabilities))
889 return FALSE;
890
891 if (!tsg_print(buffer, length,
892 " numCapabilities=0x%08" PRIx32 ", majorVersion=0x%04" PRIx16
893 ", minorVersion=0x%04" PRIx16 ", quarantineCapabilities=0x%04" PRIx16,
894 caps->numCapabilities, caps->majorVersion, caps->minorVersion,
895 caps->quarantineCapabilities))
896 return FALSE;
897
898 return tsg_print(buffer, length, " }");
899}
900
901static BOOL tsg_packet_quarconfigrequest_to_string(char** buffer, size_t* length,
902 const TSG_PACKET_QUARCONFIGREQUEST* caps)
903{
904 WINPR_ASSERT(buffer);
905 WINPR_ASSERT(length);
906 WINPR_ASSERT(caps);
907
908 if (!tsg_print(buffer, length, "quarconfigrequest { "))
909 return FALSE;
910
911 if (!tsg_print(buffer, length, " "))
912 return FALSE;
913
914 if (!tsg_print(buffer, length, " flags=0x%08" PRIx32, caps->flags))
915 return FALSE;
916
917 return tsg_print(buffer, length, " }");
918}
919
920static BOOL tsg_packet_quarrequest_to_string(char** buffer, size_t* length,
921 const TSG_PACKET_QUARREQUEST* caps)
922{
923 BOOL rc = FALSE;
924 char* name = nullptr;
925 char* strdata = nullptr;
926
927 WINPR_ASSERT(buffer);
928 WINPR_ASSERT(length);
929 WINPR_ASSERT(caps);
930
931 if (!tsg_print(buffer, length, "quarrequest { "))
932 return FALSE;
933
934 if (!tsg_print(buffer, length, " "))
935 return FALSE;
936
937 if (caps->nameLength > 0)
938 {
939 if (caps->nameLength > INT_MAX)
940 return FALSE;
941 name = ConvertWCharNToUtf8Alloc(caps->machineName, caps->nameLength, nullptr);
942 if (!name)
943 return FALSE;
944 }
945
946 strdata = winpr_BinToHexString(caps->data, caps->dataLen, TRUE);
947 if (strdata || (caps->dataLen == 0))
948 rc = tsg_print(buffer, length,
949 " flags=0x%08" PRIx32 ", machineName=%s [%" PRIu32 "], data[%" PRIu32 "]=%s",
950 caps->flags, name, caps->nameLength, caps->dataLen, strdata);
951 free(name);
952 free(strdata);
953 if (!rc)
954 return FALSE;
955
956 return tsg_print(buffer, length, " }");
957}
958
959static const char* tsg_bool_to_string(BOOL val)
960{
961 if (val)
962 return "true";
963 return "false";
964}
965
966static const char* tsg_redirection_flags_to_string(char* buffer, size_t size,
967 const TSG_REDIRECTION_FLAGS* flags)
968{
969 WINPR_ASSERT(buffer || (size == 0));
970 WINPR_ASSERT(flags);
971
972 (void)_snprintf(
973 buffer, size,
974 "enableAllRedirections=%s, disableAllRedirections=%s, driveRedirectionDisabled=%s, "
975 "printerRedirectionDisabled=%s, portRedirectionDisabled=%s, reserved=%s, "
976 "clipboardRedirectionDisabled=%s, pnpRedirectionDisabled=%s",
977 tsg_bool_to_string(flags->enableAllRedirections),
978 tsg_bool_to_string(flags->disableAllRedirections),
979 tsg_bool_to_string(flags->driveRedirectionDisabled),
980 tsg_bool_to_string(flags->printerRedirectionDisabled),
981 tsg_bool_to_string(flags->portRedirectionDisabled), tsg_bool_to_string(flags->reserved),
982 tsg_bool_to_string(flags->clipboardRedirectionDisabled),
983 tsg_bool_to_string(flags->pnpRedirectionDisabled));
984 return buffer;
985}
986
987static BOOL tsg_packet_response_to_string(char** buffer, size_t* length,
988 const TSG_PACKET_RESPONSE* caps)
989{
990 BOOL rc = FALSE;
991 char* strdata = nullptr;
992 char tbuffer[8192] = WINPR_C_ARRAY_INIT;
993
994 WINPR_ASSERT(buffer);
995 WINPR_ASSERT(length);
996 WINPR_ASSERT(caps);
997
998 if (!tsg_print(buffer, length, "response { "))
999 return FALSE;
1000
1001 if (!tsg_print(buffer, length, " "))
1002 return FALSE;
1003
1004 strdata = winpr_BinToHexString(caps->responseData, caps->responseDataLen, TRUE);
1005 if (strdata || (caps->responseDataLen == 0))
1006 rc = tsg_print(
1007 buffer, length,
1008 " flags=0x%08" PRIx32 ", reserved=0x%08" PRIx32 ", responseData[%" PRIu32
1009 "]=%s, redirectionFlags={ %s }",
1010 caps->flags, caps->reserved, caps->responseDataLen, strdata,
1011 tsg_redirection_flags_to_string(tbuffer, ARRAYSIZE(tbuffer), &caps->redirectionFlags));
1012 free(strdata);
1013 if (!rc)
1014 return FALSE;
1015
1016 return tsg_print(buffer, length, " }");
1017}
1018
1019static BOOL tsg_packet_quarenc_response_to_string(char** buffer, size_t* length,
1020 const TSG_PACKET_QUARENC_RESPONSE* caps)
1021{
1022 BOOL rc = FALSE;
1023 char* strdata = nullptr;
1024 RPC_CSTR uuid = nullptr;
1025 char tbuffer[8192] = WINPR_C_ARRAY_INIT;
1026 size_t size = ARRAYSIZE(tbuffer);
1027 char* ptbuffer = tbuffer;
1028
1029 WINPR_ASSERT(buffer);
1030 WINPR_ASSERT(length);
1031 WINPR_ASSERT(caps);
1032
1033 if (!tsg_print(buffer, length, "quarenc_response { "))
1034 return FALSE;
1035
1036 if (!tsg_print(buffer, length, " "))
1037 return FALSE;
1038
1039 if (caps->certChainLen > 0)
1040 {
1041 if (caps->certChainLen > INT_MAX)
1042 return FALSE;
1043 strdata = ConvertWCharNToUtf8Alloc(caps->certChainData, caps->certChainLen, nullptr);
1044 if (!strdata)
1045 return FALSE;
1046 }
1047
1048 tsg_packet_versioncaps_to_string(&ptbuffer, &size, &caps->versionCaps);
1049 UuidToStringA(&caps->nonce, &uuid);
1050 if (strdata || (caps->certChainLen == 0))
1051 rc =
1052 tsg_print(buffer, length,
1053 " flags=0x%08" PRIx32 ", certChain[%" PRIu32 "]=%s, nonce=%s, versionCaps=%s",
1054 caps->flags, caps->certChainLen, strdata, uuid, tbuffer);
1055 free(strdata);
1056 RpcStringFreeA(&uuid);
1057 if (!rc)
1058 return FALSE;
1059
1060 return tsg_print(buffer, length, " }");
1061}
1062
1063static BOOL tsg_packet_message_response_to_string(char** buffer, size_t* length,
1064 const TSG_PACKET_MSG_RESPONSE* caps)
1065{
1066 WINPR_ASSERT(buffer);
1067 WINPR_ASSERT(length);
1068 WINPR_ASSERT(caps);
1069
1070 if (!tsg_print(buffer, length, "msg_response { "))
1071 return FALSE;
1072
1073 if (!tsg_print(buffer, length,
1074 " msgID=0x%08" PRIx32 ", msgType=0x%08" PRIx32 ", isMsgPresent=%" PRId32,
1075 caps->msgID, caps->msgType, caps->isMsgPresent))
1076 return FALSE;
1077
1078 return tsg_print(buffer, length, " }");
1079}
1080
1081static BOOL tsg_packet_caps_response_to_string(char** buffer, size_t* length,
1082 const TSG_PACKET_CAPS_RESPONSE* caps)
1083{
1084 WINPR_ASSERT(buffer);
1085 WINPR_ASSERT(length);
1086 WINPR_ASSERT(caps);
1087
1088 if (!tsg_print(buffer, length, "caps_response { "))
1089 return FALSE;
1090
1091 if (!tsg_packet_quarenc_response_to_string(buffer, length, &caps->pktQuarEncResponse))
1092 return FALSE;
1093
1094 if (!tsg_packet_message_response_to_string(buffer, length, &caps->pktConsentMessage))
1095 return FALSE;
1096
1097 return tsg_print(buffer, length, " }");
1098}
1099
1100static BOOL tsg_packet_message_request_to_string(char** buffer, size_t* length,
1101 const TSG_PACKET_MSG_REQUEST* caps)
1102{
1103 WINPR_ASSERT(buffer);
1104 WINPR_ASSERT(length);
1105 WINPR_ASSERT(caps);
1106
1107 if (!tsg_print(buffer, length, "caps_message_request { "))
1108 return FALSE;
1109
1110 if (!tsg_print(buffer, length, " maxMessagesPerBatch=%" PRIu32, caps->maxMessagesPerBatch))
1111 return FALSE;
1112
1113 return tsg_print(buffer, length, " }");
1114}
1115
1116static BOOL tsg_packet_auth_to_string(char** buffer, size_t* length, const TSG_PACKET_AUTH* caps)
1117{
1118 BOOL rc = FALSE;
1119 char* strdata = nullptr;
1120 WINPR_ASSERT(buffer);
1121 WINPR_ASSERT(length);
1122 WINPR_ASSERT(caps);
1123
1124 if (!tsg_print(buffer, length, "caps_message_request { "))
1125 return FALSE;
1126
1127 if (!tsg_packet_versioncaps_to_string(buffer, length, &caps->tsgVersionCaps))
1128 return FALSE;
1129
1130 strdata = winpr_BinToHexString(caps->cookie, caps->cookieLen, TRUE);
1131 if (strdata || (caps->cookieLen == 0))
1132 rc = tsg_print(buffer, length, " cookie[%" PRIu32 "]=%s", caps->cookieLen, strdata);
1133 free(strdata);
1134 if (!rc)
1135 return FALSE;
1136
1137 return tsg_print(buffer, length, " }");
1138}
1139
1140static BOOL tsg_packet_reauth_to_string(char** buffer, size_t* length,
1141 const TSG_PACKET_REAUTH* caps)
1142{
1143 BOOL rc = FALSE;
1144 WINPR_ASSERT(buffer);
1145 WINPR_ASSERT(length);
1146 WINPR_ASSERT(caps);
1147
1148 if (!tsg_print(buffer, length, "caps_message_request { "))
1149 return FALSE;
1150
1151 if (!tsg_print(buffer, length, " tunnelContext=0x%016" PRIx64 ", packetId=%s [0x%08" PRIx32 "]",
1152 caps->tunnelContext, tsg_packet_id_to_string(caps->packetId), caps->packetId))
1153 return FALSE;
1154
1155 switch (caps->packetId)
1156 {
1157 case TSG_PACKET_TYPE_VERSIONCAPS:
1158 rc = tsg_packet_versioncaps_to_string(buffer, length,
1159 &caps->tsgInitialPacket.packetVersionCaps);
1160 break;
1161 case TSG_PACKET_TYPE_AUTH:
1162 rc = tsg_packet_auth_to_string(buffer, length, &caps->tsgInitialPacket.packetAuth);
1163 break;
1164 default:
1165 rc = tsg_print(buffer, length, "TODO: Unhandled packet type %s [0x%08" PRIx32 "]",
1166 tsg_packet_id_to_string(caps->packetId), caps->packetId);
1167 break;
1168 }
1169
1170 if (!rc)
1171 return FALSE;
1172
1173 return tsg_print(buffer, length, " }");
1174}
1175
1176static const char* tsg_packet_to_string(const TSG_PACKET* packet)
1177{
1178 size_t len = 8192;
1179 static char sbuffer[8193] = WINPR_C_ARRAY_INIT;
1180 char* buffer = sbuffer;
1181
1182 if (!tsg_print(&buffer, &len, "TSG_PACKET { packetId=%s [0x%08" PRIx32 "], ",
1183 tsg_packet_id_to_string(packet->packetId), packet->packetId))
1184 goto fail;
1185
1186 switch (packet->packetId)
1187 {
1188 case TSG_PACKET_TYPE_HEADER:
1189 if (!tsg_packet_header_to_string(&buffer, &len, &packet->tsgPacket.packetHeader))
1190 goto fail;
1191 break;
1192 case TSG_PACKET_TYPE_VERSIONCAPS:
1193 if (!tsg_packet_versioncaps_to_string(&buffer, &len,
1194 &packet->tsgPacket.packetVersionCaps))
1195 goto fail;
1196 break;
1197 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
1198 if (!tsg_packet_quarconfigrequest_to_string(&buffer, &len,
1199 &packet->tsgPacket.packetQuarConfigRequest))
1200 goto fail;
1201 break;
1202 case TSG_PACKET_TYPE_QUARREQUEST:
1203 if (!tsg_packet_quarrequest_to_string(&buffer, &len,
1204 &packet->tsgPacket.packetQuarRequest))
1205 goto fail;
1206 break;
1207 case TSG_PACKET_TYPE_RESPONSE:
1208 if (!tsg_packet_response_to_string(&buffer, &len, &packet->tsgPacket.packetResponse))
1209 goto fail;
1210 break;
1211 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
1212 if (!tsg_packet_quarenc_response_to_string(&buffer, &len,
1213 &packet->tsgPacket.packetQuarEncResponse))
1214 goto fail;
1215 break;
1216 case TSG_PACKET_TYPE_CAPS_RESPONSE:
1217 if (!tsg_packet_caps_response_to_string(&buffer, &len,
1218 &packet->tsgPacket.packetCapsResponse))
1219 goto fail;
1220 break;
1221 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
1222 if (!tsg_packet_message_request_to_string(&buffer, &len,
1223 &packet->tsgPacket.packetMsgRequest))
1224 goto fail;
1225 break;
1226 case TSG_PACKET_TYPE_MESSAGE_PACKET:
1227 if (!tsg_packet_message_response_to_string(&buffer, &len,
1228 &packet->tsgPacket.packetMsgResponse))
1229 goto fail;
1230 break;
1231 case TSG_PACKET_TYPE_AUTH:
1232 if (!tsg_packet_auth_to_string(&buffer, &len, &packet->tsgPacket.packetAuth))
1233 goto fail;
1234 break;
1235 case TSG_PACKET_TYPE_REAUTH:
1236 if (!tsg_packet_reauth_to_string(&buffer, &len, &packet->tsgPacket.packetReauth))
1237 goto fail;
1238 break;
1239 default:
1240 if (!tsg_print(&buffer, &len, "INVALID"))
1241 goto fail;
1242 break;
1243 }
1244
1245 if (!tsg_print(&buffer, &len, " }"))
1246 goto fail;
1247
1248fail:
1249 return sbuffer;
1250}
1251
1252static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align)
1253{
1254 size_t pos = 0;
1255 size_t offset = 0;
1256
1257 if (!s)
1258 return FALSE;
1259
1260 pos = Stream_GetPosition(s);
1261
1262 if ((pos % align) != 0)
1263 offset = align - pos % align;
1264
1265 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, offset))
1266 return FALSE;
1267 Stream_Seek(s, offset);
1268 return TRUE;
1269}
1270
1271static BIO_METHOD* BIO_s_tsg(void);
1308static int TsProxySendToServer(handle_t IDL_handle, const byte pRpcMessage[], UINT32 count,
1309 const UINT32* lengths)
1310{
1311 wStream* s = nullptr;
1312 rdpTsg* tsg = nullptr;
1313 size_t length = 0;
1314 const byte* buffer1 = nullptr;
1315 const byte* buffer2 = nullptr;
1316 const byte* buffer3 = nullptr;
1317 UINT32 buffer1Length = 0;
1318 UINT32 buffer2Length = 0;
1319 UINT32 buffer3Length = 0;
1320 UINT32 numBuffers = 0;
1321 UINT32 totalDataBytes = 0;
1322 tsg = (rdpTsg*)IDL_handle;
1323 buffer1Length = buffer2Length = buffer3Length = 0;
1324
1325 if (count > 0)
1326 {
1327 numBuffers++;
1328 buffer1 = &pRpcMessage[0];
1329 buffer1Length = lengths[0];
1330 totalDataBytes += lengths[0] + 4;
1331 }
1332
1333 if (count > 1)
1334 {
1335 numBuffers++;
1336 buffer2 = &pRpcMessage[1];
1337 buffer2Length = lengths[1];
1338 totalDataBytes += lengths[1] + 4;
1339 }
1340
1341 if (count > 2)
1342 {
1343 numBuffers++;
1344 buffer3 = &pRpcMessage[2];
1345 buffer3Length = lengths[2];
1346 totalDataBytes += lengths[2] + 4;
1347 }
1348
1349 length = 28ull + totalDataBytes;
1350 if (length > INT_MAX)
1351 return -1;
1352 s = Stream_New(nullptr, length);
1353
1354 if (!s)
1355 {
1356 WLog_Print(tsg->log, WLOG_ERROR, "Stream_New failed!");
1357 return -1;
1358 }
1359
1360 /* PCHANNEL_CONTEXT_HANDLE_NOSERIALIZE_NR (20 bytes) */
1361 if (!TsProxyWriteTunnelContext(tsg->log, s, &tsg->ChannelContext))
1362 goto fail;
1363 Stream_Write_UINT32_BE(s, totalDataBytes); /* totalDataBytes (4 bytes) */
1364 Stream_Write_UINT32_BE(s, numBuffers); /* numBuffers (4 bytes) */
1365
1366 if (buffer1Length > 0)
1367 Stream_Write_UINT32_BE(s, buffer1Length); /* buffer1Length (4 bytes) */
1368
1369 if (buffer2Length > 0)
1370 Stream_Write_UINT32_BE(s, buffer2Length); /* buffer2Length (4 bytes) */
1371
1372 if (buffer3Length > 0)
1373 Stream_Write_UINT32_BE(s, buffer3Length); /* buffer3Length (4 bytes) */
1374
1375 if (buffer1Length > 0)
1376 Stream_Write(s, buffer1, buffer1Length); /* buffer1 (variable) */
1377
1378 if (buffer2Length > 0)
1379 Stream_Write(s, buffer2, buffer2Length); /* buffer2 (variable) */
1380
1381 if (buffer3Length > 0)
1382 Stream_Write(s, buffer3, buffer3Length); /* buffer3 (variable) */
1383
1384 if (!rpc_client_write_call(tsg->rpc, s, TsProxySendToServerOpnum))
1385 return -1;
1386
1387 return (int)length;
1388fail:
1389 Stream_Free(s, TRUE);
1390 return -1;
1391}
1392
1404static BOOL TsProxyCreateTunnelWriteRequest(rdpTsg* tsg, const TSG_PACKET* tsgPacket)
1405{
1406 BOOL rc = FALSE;
1407 BOOL write = TRUE;
1408 UINT16 opnum = 0;
1409 wStream* s = nullptr;
1410 rdpRpc* rpc = nullptr;
1411
1412 if (!tsg || !tsg->rpc)
1413 return FALSE;
1414
1415 rpc = tsg->rpc;
1416 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_to_string(tsgPacket));
1417 s = Stream_New(nullptr, 108);
1418
1419 if (!s)
1420 return FALSE;
1421
1422 switch (tsgPacket->packetId)
1423 {
1424 case TSG_PACKET_TYPE_VERSIONCAPS:
1425 {
1426 UINT32 index = 0;
1427 const TSG_PACKET_VERSIONCAPS* packetVersionCaps =
1428 &tsgPacket->tsgPacket.packetVersionCaps;
1429
1430 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1431 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1432 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketVersionCapsPtr (4 bytes) */
1433 goto fail;
1434
1435 if (!tsg_ndr_write_version_caps(tsg->log, s, &index, packetVersionCaps))
1436 goto fail;
1441 /*
1442 * 8-byte constant (8A E3 13 71 02 F4 36 71) also observed here:
1443 * http://lists.samba.org/archive/cifs-protocol/2010-July/001543.html
1444 */
1445 Stream_Write_UINT8(s, 0x8A);
1446 Stream_Write_UINT8(s, 0xE3);
1447 Stream_Write_UINT8(s, 0x13);
1448 Stream_Write_UINT8(s, 0x71);
1449 Stream_Write_UINT8(s, 0x02);
1450 Stream_Write_UINT8(s, 0xF4);
1451 Stream_Write_UINT8(s, 0x36);
1452 Stream_Write_UINT8(s, 0x71);
1453 Stream_Write_UINT32(s, 0x00040001); /* 1.4 (version?) */
1454 Stream_Write_UINT32(s, 0x00000001); /* 1 (element count?) */
1455 /* p_cont_list_t */
1456 Stream_Write_UINT8(s, 2); /* ncontext_elem */
1457 Stream_Write_UINT8(s, 0x40); /* reserved1 */
1458 Stream_Write_UINT16(s, 0x0028); /* reserved2 */
1459 /* p_syntax_id_t */
1460 Stream_Write(s, &TSGU_UUID, sizeof(p_uuid_t));
1461 Stream_Write_UINT32(s, TSGU_SYNTAX_IF_VERSION);
1462 /* p_syntax_id_t */
1463 Stream_Write(s, &NDR_UUID, sizeof(p_uuid_t));
1464 Stream_Write_UINT32(s, NDR_SYNTAX_IF_VERSION);
1465 opnum = TsProxyCreateTunnelOpnum;
1466 }
1467 break;
1468
1469 case TSG_PACKET_TYPE_REAUTH:
1470 {
1471 const TSG_PACKET_REAUTH* packetReauth = &tsgPacket->tsgPacket.packetReauth;
1472 UINT32 index = 0;
1473 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1474 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1475 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketReauthPtr (4 bytes) */
1476 goto fail;
1477 if (!tsg_ndr_write_reauth(tsg->log, s, &index, packetReauth))
1478 goto fail;
1479 opnum = TsProxyCreateTunnelOpnum;
1480 }
1481 break;
1482
1483 default:
1484 WLog_Print(tsg->log, WLOG_WARN, "unexpected packetId %s",
1485 tsg_packet_id_to_string(tsgPacket->packetId));
1486 write = FALSE;
1487 break;
1488 }
1489
1490 rc = TRUE;
1491
1492 if (write)
1493 return rpc_client_write_call(rpc, s, opnum);
1494fail:
1495 Stream_Free(s, TRUE);
1496 return rc;
1497}
1498
1499static BOOL tsg_ndr_read_consent_message(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1500 BOOL isMessagePresent)
1501{
1502 TSG_PACKET_STRING_MESSAGE packetStringMessage = WINPR_C_ARRAY_INIT;
1503
1504 WINPR_ASSERT(context);
1505 WINPR_ASSERT(index);
1506
1507 if (!TsProxyReadPacketSTringMessage(log, s, index, &packetStringMessage))
1508 return FALSE;
1509
1510 if (context->instance && isMessagePresent)
1511 {
1512 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1513 TSG_ASYNC_MESSAGE_CONSENT_MESSAGE ? GATEWAY_MESSAGE_CONSENT
1514 : TSG_ASYNC_MESSAGE_SERVICE_MESSAGE,
1515 packetStringMessage.isDisplayMandatory != 0,
1516 packetStringMessage.isConsentMandatory != 0,
1517 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1518 }
1519
1520 return TRUE;
1521}
1522
1523static BOOL tsg_ndr_read_tunnel_context(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext,
1524 UINT32* tunnelId)
1525{
1526 if (!tsg_stream_align(log, s, 4))
1527 return FALSE;
1528
1529 /* TunnelContext (20 bytes) */
1530 if (!TsProxyReadTunnelContext(log, s, tunnelContext))
1531 return FALSE;
1532
1533 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1534 return FALSE;
1535
1536 WINPR_ASSERT(tunnelId);
1537 Stream_Read_UINT32(s, *tunnelId); /* TunnelId (4 bytes) */
1538
1539 INT32 ReturnValue = 0;
1540 Stream_Read_INT32(s, ReturnValue); /* ReturnValue (4 bytes) */
1541 if (ReturnValue != NO_ERROR)
1542 WLog_WARN(TAG, "ReturnValue=%s", NtStatus2Tag(ReturnValue));
1543 return TRUE;
1544}
1545
1546static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(wLog* log, wStream* s,
1547 TSG_PACKET_MSG_RESPONSE* pkt)
1548{
1549
1550 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 16))
1551 return FALSE;
1552
1553 Stream_Read_UINT32(s, pkt->msgID); /* MsgId (4 bytes) */
1554 Stream_Read_UINT32(s, pkt->msgType); /* MsgType (4 bytes) */
1555 Stream_Read_INT32(s, pkt->isMsgPresent); /* IsMsgPresent (4 bytes) */
1556 const uint32_t SwitchValue = Stream_Get_UINT32(s); /* SwitchValue (4 bytes) */
1557
1558 if (pkt->msgType != SwitchValue)
1559 {
1560 WLog_ERR(TAG,
1561 "[MS-TSGU] 2.2.9.2.1.9 TSG_PACKET_MSG_RESPONSE MsgType[0x%08" PRIx32
1562 "] != MessageSwitchValue [0x%08" PRIx32 "]",
1563 pkt->msgType, SwitchValue);
1564 return FALSE;
1565 }
1566
1567 return TRUE;
1568}
1569
1570static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(wLog* log, rdpContext* context, wStream* s,
1571 uint32_t* index, uint32_t MsgPtr,
1572 const TSG_PACKET_MSG_RESPONSE* pkg,
1573 uint64_t* reauthContext)
1574{
1575 WINPR_ASSERT(pkg);
1576
1577 if (MsgPtr == 0)
1578 {
1579 WLog_Print(log, WLOG_DEBUG,
1580 "Message {0x%08" PRIx32 "} [%s]::isMsgPresent=%" PRId32 ", MsgPtr=0x%08" PRIx32,
1581 pkg->msgType, tsg_packet_id_to_string(pkg->msgType), pkg->isMsgPresent, MsgPtr);
1582 return TRUE;
1583 }
1584
1585 switch (pkg->msgType)
1586 {
1587 case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
1588 case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
1589 return tsg_ndr_read_consent_message(log, context, s, index, pkg->isMsgPresent);
1590
1591 case TSG_ASYNC_MESSAGE_REAUTH:
1592 {
1593 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1594 return FALSE;
1595
1596 WINPR_ASSERT(reauthContext);
1597 const uint64_t val = Stream_Get_UINT64(s); /* TunnelContext (8 bytes) */
1598 if (pkg->isMsgPresent != 0)
1599 *reauthContext = val;
1600 return TRUE;
1601 }
1602
1603 default:
1604 WLog_Print(log, WLOG_ERROR, "Unexpected Message Type: 0x%" PRIx32 "", pkg->msgType);
1605 return FALSE;
1606 }
1607}
1608
1609static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1610 UINT32 PacketPtr, TSG_PACKET_CAPS_RESPONSE* caps,
1611 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId,
1612 uint64_t* reauthContext)
1613{
1614 UINT32 PacketQuarResponsePtr = 0;
1615
1616 WINPR_ASSERT(context);
1617 WINPR_ASSERT(index);
1618 WINPR_ASSERT(caps);
1619 WINPR_ASSERT(reauthContext);
1620
1621 if (!tsg_ndr_pointer_read(log, s, index, &PacketQuarResponsePtr, TRUE))
1622 goto fail;
1623
1624 if (!tsg_ndr_read_quarenc_response(log, s, index, &caps->pktQuarEncResponse))
1625 goto fail;
1626
1627 if (PacketPtr)
1628 {
1629 TSG_PACKET_MSG_RESPONSE pkg = WINPR_C_ARRAY_INIT;
1630 UINT32 MsgPtr = 0;
1631
1632 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(log, s, &pkg))
1633 goto fail;
1634
1635 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, TRUE))
1636 return FALSE;
1637
1638 if (!tsg_ndr_read_quarenc_data(log, s, index, &caps->pktQuarEncResponse))
1639 goto fail;
1640
1641 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(log, context, s, index, MsgPtr, &pkg,
1642 reauthContext))
1643 goto fail;
1644 }
1645
1646 return tsg_ndr_read_tunnel_context(log, s, tunnelContext, tunnelId);
1647fail:
1648 return FALSE;
1649}
1650
1651static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu,
1652 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId)
1653{
1654 BOOL rc = FALSE;
1655 UINT32 index = 0;
1656 TSG_PACKET packet = WINPR_C_ARRAY_INIT;
1657 UINT32 SwitchValue = 0;
1658 rdpContext* context = nullptr;
1659 UINT32 PacketPtr = 0;
1660
1661 WINPR_ASSERT(tsg);
1662 WINPR_ASSERT(tsg->rpc);
1663 WINPR_ASSERT(tsg->rpc->transport);
1664
1665 context = transport_get_context(tsg->rpc->transport);
1666 WINPR_ASSERT(context);
1667
1668 if (!pdu)
1669 return FALSE;
1670
1671 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1672 goto fail;
1673
1674 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 8))
1675 goto fail;
1676 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1677 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1678
1679 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1680
1681 if ((packet.packetId == TSG_PACKET_TYPE_CAPS_RESPONSE) &&
1682 (SwitchValue == TSG_PACKET_TYPE_CAPS_RESPONSE))
1683 {
1684 if (!tsg_ndr_read_caps_response(tsg->log, context, pdu->s, &index, PacketPtr,
1685 &packet.tsgPacket.packetCapsResponse, tunnelContext,
1686 tunnelId, &tsg->ReauthTunnelContext))
1687 goto fail;
1688 tsg->CapsResponse = packet.tsgPacket.packetCapsResponse.pktQuarEncResponse;
1689 }
1690 else if ((packet.packetId == TSG_PACKET_TYPE_QUARENC_RESPONSE) &&
1691 (SwitchValue == TSG_PACKET_TYPE_QUARENC_RESPONSE))
1692 {
1693 UINT32 PacketQuarResponsePtr = 0;
1694
1695 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketQuarResponsePtr, TRUE))
1696 goto fail;
1697
1698 if (!tsg_ndr_read_quarenc_response(tsg->log, pdu->s, &index,
1699 &packet.tsgPacket.packetQuarEncResponse))
1700 goto fail;
1701
1702 if (!tsg_ndr_read_quarenc_data(tsg->log, pdu->s, &index,
1703 &packet.tsgPacket.packetQuarEncResponse))
1704 goto fail;
1705
1706 if (!tsg_ndr_read_tunnel_context(tsg->log, pdu->s, tunnelContext, tunnelId))
1707 goto fail;
1708
1709 tsg->CapsResponse = packet.tsgPacket.packetQuarEncResponse;
1710 }
1711 else
1712 {
1713 WLog_Print(tsg->log, WLOG_ERROR,
1714 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_CAPS_RESPONSE "
1715 "or TSG_PACKET_TYPE_QUARENC_RESPONSE",
1716 packet.packetId);
1717 goto fail;
1718 }
1719
1720 {
1721 const size_t rem = Stream_GetRemainingLength(pdu->s);
1722 if (rem != 0)
1723 {
1724 WLog_Print(tsg->log, WLOG_WARN, "Partially parsed %s, %" PRIuz " bytes remain",
1725 tsg_packet_id_to_string(packet.packetId), rem);
1726 }
1727 }
1728
1729 rc = TRUE;
1730fail:
1731 return rc;
1732}
1733
1745static BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
1746{
1747 if (!tsg || !tsg->rpc || !tunnelContext)
1748 return FALSE;
1749
1750 rdpRpc* rpc = tsg->rpc;
1751
1752 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyAuthorizeTunnelWriteRequest");
1753 wStream* s = Stream_New(nullptr, 1024 + sizeof(WCHAR) * tsg->QuarreQuest.nameLength +
1754 tsg->QuarreQuest.dataLen);
1755
1756 if (!s)
1757 return FALSE;
1758
1759 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1760 {
1761 Stream_Free(s, TRUE);
1762 return FALSE;
1763 }
1764
1765 /* 4-byte alignment */
1766 UINT32 index = 0;
1767 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* PacketId (4 bytes) */
1768 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* SwitchValue (4 bytes) */
1769 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketQuarRequestPtr (4 bytes) */
1770 goto fail;
1771 Stream_Write_UINT32(s, tsg->QuarreQuest.flags); /* Flags (4 bytes) */
1772 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* MachineNamePtr (4 bytes) */
1773 goto fail;
1774 Stream_Write_UINT32(s, tsg->QuarreQuest.nameLength); /* NameLength (4 bytes) */
1775 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* DataPtr (4 bytes) */
1776 goto fail;
1777 Stream_Write_UINT32(s, tsg->QuarreQuest.dataLen); /* DataLength (4 bytes) */
1778 /* MachineName */
1779 if (!tsg_ndr_write_string(tsg->log, s, tsg->QuarreQuest.machineName,
1780 tsg->QuarreQuest.nameLength))
1781 goto fail;
1782 /* data */
1783 if (!tsg_ndr_write_conformant_array(tsg->log, s, tsg->QuarreQuest.data,
1784 tsg->QuarreQuest.dataLen))
1785 goto fail;
1786
1787 Stream_SealLength(s);
1788 return rpc_client_write_call(rpc, s, TsProxyAuthorizeTunnelOpnum);
1789fail:
1790 Stream_Free(s, TRUE);
1791 return FALSE;
1792}
1793
1794static UINT32 tsg_redir_to_flags(const TSG_REDIRECTION_FLAGS* redirect)
1795{
1796 UINT32 flags = 0;
1797 if (redirect->enableAllRedirections)
1798 flags |= HTTP_TUNNEL_REDIR_ENABLE_ALL;
1799 if (redirect->disableAllRedirections)
1800 flags |= HTTP_TUNNEL_REDIR_DISABLE_ALL;
1801
1802 if (redirect->driveRedirectionDisabled)
1803 flags |= HTTP_TUNNEL_REDIR_DISABLE_DRIVE;
1804 if (redirect->printerRedirectionDisabled)
1805 flags |= HTTP_TUNNEL_REDIR_DISABLE_PRINTER;
1806 if (redirect->portRedirectionDisabled)
1807 flags |= HTTP_TUNNEL_REDIR_DISABLE_PORT;
1808 if (redirect->clipboardRedirectionDisabled)
1809 flags |= HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD;
1810 if (redirect->pnpRedirectionDisabled)
1811 flags |= HTTP_TUNNEL_REDIR_DISABLE_PNP;
1812 return flags;
1813}
1814
1815static BOOL tsg_redirect_apply(rdpTsg* tsg, const TSG_REDIRECTION_FLAGS* redirect)
1816{
1817 WINPR_ASSERT(tsg);
1818 WINPR_ASSERT(redirect);
1819
1820 rdpTransport* transport = tsg->transport;
1821 WINPR_ASSERT(transport);
1822
1823 rdpContext* context = transport_get_context(transport);
1824 UINT32 redirFlags = tsg_redir_to_flags(redirect);
1825 return utils_apply_gateway_policy(tsg->log, context, redirFlags, "TSG");
1826}
1827
1828static BOOL tsg_ndr_read_timeout(wLog* log, wStream* s, size_t tlen)
1829{
1830 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
1831 return FALSE;
1832
1833 if (tlen < sizeof(UINT32))
1834 {
1835 WLog_Print(log, WLOG_ERROR, "[IDLE_TIMEOUT] array element length %" PRIuz ", expected 4",
1836 tlen);
1837 return FALSE;
1838 }
1839
1840 const UINT32 idleTimeout = Stream_Get_UINT32(s);
1841 WLog_Print(log, WLOG_DEBUG, "[IDLE_TIMEOUT] idleTimeout=%" PRIu32 ": TODO: unused",
1842 idleTimeout);
1843 return TRUE;
1844}
1845
1846static BOOL tsg_ndr_read_sohr(wLog* log, wStream* s, BOOL expected)
1847{
1848 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
1849 return FALSE;
1850
1851 const UINT32 len = Stream_Get_UINT32(s);
1852 if (!expected)
1853 {
1854 if (len != 0)
1855 {
1856 WLog_Print(log, WLOG_DEBUG, "[SOH] len=%" PRIu32 ": skipping", len);
1857 return FALSE;
1858 }
1859 return TRUE;
1860 }
1861 else if (len == 0)
1862 {
1863 WLog_Print(log, WLOG_WARN, "[SOH] len=%" PRIu32 ": expected length > 0", len);
1864 }
1865
1866 WLog_Print(log, WLOG_DEBUG, "[SOH] len=%" PRIu32 ": TODO: unused", len);
1867 if (!Stream_SafeSeek(s, len))
1868 return FALSE;
1869
1870 winpr_HexLogDump(log, WLOG_DEBUG, Stream_Pointer(s), len);
1871 return TRUE;
1872}
1873
1874static BOOL tsg_ndr_read_packet_response_data(rdpTsg* tsg, wStream* s,
1875 const TSG_PACKET_RESPONSE* response)
1876{
1877 WINPR_ASSERT(tsg);
1878
1879 if (!Stream_CheckAndLogRequiredCapacityOfSizeWLog(tsg->log, s, 1, 4))
1880 return FALSE;
1881
1882 const uint32_t arrayMaxLen = Stream_Get_UINT32(s);
1883 const size_t rem = Stream_GetRemainingLength(s);
1884 if (arrayMaxLen != response->responseDataLen)
1885 {
1886 WLog_Print(tsg->log, WLOG_ERROR,
1887 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1888 " != NDR array len %" PRIu32,
1889 response->responseDataLen, arrayMaxLen);
1890 }
1891 if (response->responseDataLen > 0)
1892 {
1893 if (!Stream_CheckAndLogRequiredCapacityOfSizeWLog(tsg->log, s, 1, 4))
1894 return FALSE;
1895
1896 if (tsg->CapsResponse.versionCaps.tsgCaps.capabilityType != TSG_CAPABILITY_TYPE_NAP)
1897 {
1898 WLog_Print(
1899 tsg->log, WLOG_ERROR,
1900 "2.2.9.2.1.5 TSG_PACKET_RESPONSE Negotiated Capabilities type is 0x%08" PRIx32
1901 ", expected TSG_CAPABILITY_TYPE_NAP[0x00000001]",
1902 tsg->CapsResponse.versionCaps.tsgCaps.capabilityType);
1903 return FALSE;
1904 }
1905 const UINT32 mask = (TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT);
1906 const UINT32 val =
1907 (tsg->CapsResponse.versionCaps.tsgCaps.tsgPacket.tsgCapNap.capabilities & mask);
1908 if ((val == mask) && (tsg->QuarreQuest.dataLen > 0))
1909 {
1910 if (!tsg_ndr_read_timeout(tsg->log, s, arrayMaxLen))
1911 return FALSE;
1912 if (!tsg_ndr_read_sohr(tsg->log, s, TRUE))
1913 return FALSE;
1914 }
1915 else if ((val == TSG_NAP_CAPABILITY_QUAR_SOH) && (tsg->QuarreQuest.dataLen > 0))
1916 {
1917 if (!tsg_ndr_read_sohr(tsg->log, s, TRUE))
1918 return FALSE;
1919 }
1920 else if ((val & TSG_NAP_CAPABILITY_IDLE_TIMEOUT) != 0)
1921 {
1922 if (!tsg_ndr_read_timeout(tsg->log, s, arrayMaxLen))
1923 return FALSE;
1924 if (!tsg_ndr_read_sohr(tsg->log, s, FALSE))
1925 return FALSE;
1926 }
1927 else
1928 {
1929 WLog_Print(
1930 tsg->log, WLOG_ERROR,
1931 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1932 ", but neither TSG_NAP_CAPABILITY_QUAR_SOH nor "
1933 "TSG_NAP_CAPABILITY_IDLE_TIMEOUT are set, so expecting 0 (actually got %" PRIuz ")",
1934 response->responseDataLen, rem);
1935 return FALSE;
1936 }
1937 }
1938 else if (rem > 0)
1939 {
1940 char buffer[256] = WINPR_C_ARRAY_INIT;
1941 WLog_Print(tsg->log, WLOG_WARN,
1942 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen=%" PRIu32
1943 ", but actually got %" PRIuz " [flags=%s], ignoring.",
1944 response->responseDataLen, rem,
1945 tsg_caps_to_string(
1946 tsg->CapsResponse.versionCaps.tsgCaps.tsgPacket.tsgCapNap.capabilities,
1947 buffer, sizeof(buffer)));
1948 if (!Stream_SafeSeek(s, rem))
1949 return FALSE;
1950 }
1951
1952 {
1953 const size_t trem = Stream_GetRemainingLength(s);
1954 if (trem > 0)
1955 {
1956 WLog_Print(tsg->log, WLOG_WARN,
1957 "2.2.9.2.1.5 TSG_PACKET_RESPONSE %" PRIuz " unhandled bytes remain", trem);
1958 }
1959 }
1960 return TRUE;
1961}
1962
1963static BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
1964{
1965 BOOL rc = FALSE;
1966 UINT32 SwitchValue = 0;
1967 UINT32 index = 0;
1968 TSG_PACKET packet = WINPR_C_ARRAY_INIT;
1969 UINT32 PacketPtr = 0;
1970 UINT32 PacketResponseDataPtr = 0;
1971
1972 WINPR_ASSERT(tsg);
1973 WINPR_ASSERT(pdu);
1974
1975 wLog* log = tsg->log;
1976 WINPR_ASSERT(log);
1977
1978 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketPtr, TRUE))
1979 goto fail;
1980
1981 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
1982 goto fail;
1983 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1984 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1985
1986 WLog_Print(log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1987
1988 if (packet.packetId == E_PROXY_NAP_ACCESSDENIED)
1989 {
1990 WLog_Print(log, WLOG_ERROR, "status: E_PROXY_NAP_ACCESSDENIED (0x%08X)",
1991 E_PROXY_NAP_ACCESSDENIED);
1992 WLog_Print(log, WLOG_ERROR,
1993 "Ensure that the Gateway Connection Authorization Policy is correct");
1994 goto fail;
1995 }
1996
1997 if ((packet.packetId != TSG_PACKET_TYPE_RESPONSE) || (SwitchValue != TSG_PACKET_TYPE_RESPONSE))
1998 {
1999 WLog_Print(log, WLOG_ERROR,
2000 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_RESPONSE",
2001 packet.packetId);
2002 goto fail;
2003 }
2004
2005 if (!tsg_ndr_pointer_read(log, pdu->s, &index, nullptr, TRUE))
2006 goto fail;
2007
2008 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
2009 goto fail;
2010
2011 packet.tsgPacket.packetResponse.flags = Stream_Get_UINT32(pdu->s);
2012 if (packet.tsgPacket.packetResponse.flags != TSG_PACKET_TYPE_QUARREQUEST)
2013 {
2014 WLog_Print(log, WLOG_ERROR,
2015 "Unexpected Packet Response flags: 0x%08" PRIX32
2016 ", Expected TSG_PACKET_TYPE_QUARREQUEST",
2017 packet.tsgPacket.packetResponse.flags);
2018 goto fail;
2019 }
2020
2021 packet.tsgPacket.packetResponse.reserved = Stream_Get_UINT32(pdu->s);
2022
2023 packet.tsgPacket.packetResponse.responseData = nullptr;
2024 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketResponseDataPtr, FALSE))
2025 goto fail;
2026
2027 packet.tsgPacket.packetResponse.responseDataLen = Stream_Get_UINT32(pdu->s);
2028 if (packet.tsgPacket.packetResponse.responseDataLen > 24000)
2029 {
2030 WLog_Print(log, WLOG_ERROR,
2031 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen %" PRIu32 " > maximum(24000)",
2032 packet.tsgPacket.packetResponse.responseDataLen);
2033 goto fail;
2034 }
2035 if ((PacketResponseDataPtr == 0) && (packet.tsgPacket.packetResponse.responseDataLen != 0))
2036 {
2037 WLog_Print(log, WLOG_ERROR,
2038 "2.2.9.2.1.5 TSG_PACKET_RESPONSE::responseDataLen %" PRIu32
2039 " but responseData = nullptr",
2040 packet.tsgPacket.packetResponse.responseDataLen);
2041 goto fail;
2042 }
2043
2044 if (!tsg_ndr_read_packet_redirection_flags(log, pdu->s,
2045 &packet.tsgPacket.packetResponse.redirectionFlags))
2046 goto fail;
2047
2048 packet.tsgPacket.packetResponse.responseData = Stream_Pointer(pdu->s);
2049 if (!tsg_ndr_read_packet_response_data(tsg, pdu->s, &packet.tsgPacket.packetResponse))
2050 goto fail;
2051
2052 rc = tsg_redirect_apply(tsg, &packet.tsgPacket.packetResponse.redirectionFlags);
2053
2054fail:
2055 return rc;
2056}
2057
2069static BOOL TsProxyMakeTunnelCallWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext,
2070 UINT32 procId)
2071{
2072 wStream* s = nullptr;
2073 rdpRpc* rpc = nullptr;
2074
2075 if (!tsg || !tsg->rpc || !tunnelContext)
2076 return FALSE;
2077
2078 rpc = tsg->rpc;
2079 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyMakeTunnelCallWriteRequest");
2080 s = Stream_New(nullptr, 40);
2081
2082 if (!s)
2083 return FALSE;
2084
2085 /* TunnelContext (20 bytes) */
2086 UINT32 index = 0;
2087 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2088 goto fail;
2089 Stream_Write_UINT32(s, procId); /* ProcId (4 bytes) */
2090 /* 4-byte alignment */
2091 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* PacketId (4 bytes) */
2092 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* SwitchValue (4 bytes) */
2093 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketMsgRequestPtr (4 bytes) */
2094 goto fail;
2095 Stream_Write_UINT32(s, 0x00000001); /* MaxMessagesPerBatch (4 bytes) */
2096 return rpc_client_write_call(rpc, s, TsProxyMakeTunnelCallOpnum);
2097fail:
2098 Stream_Free(s, TRUE);
2099 return FALSE;
2100}
2101
2102static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
2103 TSG_PACKET_STRING_MESSAGE* msg)
2104{
2105 UINT32 MsgPtr = 0;
2106
2107 WINPR_ASSERT(msg);
2108
2109 const TSG_PACKET_STRING_MESSAGE empty = WINPR_C_ARRAY_INIT;
2110 *msg = empty;
2111
2112 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
2113 return FALSE;
2114
2115 Stream_Read_INT32(s, msg->isDisplayMandatory); /* IsDisplayMandatory (4 bytes) */
2116 Stream_Read_INT32(s, msg->isConsentMandatory); /* IsConsentMandatory (4 bytes) */
2117 Stream_Read_UINT32(s, msg->msgBytes); /* MsgBytes (4 bytes) */
2118
2119 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, msg->msgBytes != 0))
2120 return FALSE;
2121
2122 if (msg->msgBytes > TSG_MESSAGING_MAX_MESSAGE_LENGTH)
2123 {
2124 WLog_Print(log, WLOG_ERROR, "Out of Spec Message Length %" PRIu32 "", msg->msgBytes);
2125 return FALSE;
2126 }
2127
2128 if (msg->msgBytes == 0)
2129 {
2130 WLog_Print(log, WLOG_DEBUG, "Empty message, skipping string read");
2131 return TRUE;
2132 }
2133
2134 return tsg_ndr_read_string(log, s, &msg->msgBuffer, msg->msgBytes);
2135}
2136
2137static BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
2138{
2139 BOOL rc = FALSE;
2140 UINT32 index = 0;
2141 TSG_PACKET packet = WINPR_C_ARRAY_INIT;
2142 rdpContext* context = nullptr;
2143 TSG_PACKET_MSG_RESPONSE packetMsgResponse = WINPR_C_ARRAY_INIT;
2144 UINT32 PacketPtr = 0;
2145 UINT32 PacketMsgResponsePtr = 0;
2146
2147 WINPR_ASSERT(tsg);
2148 WINPR_ASSERT(tsg->rpc);
2149
2150 context = transport_get_context(tsg->rpc->transport);
2151 WINPR_ASSERT(context);
2152
2153 /* This is an asynchronous response */
2154
2155 if (!pdu)
2156 return FALSE;
2157
2158 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 28))
2159 goto fail;
2160
2161 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
2162 goto fail;
2163
2164 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
2165
2166 {
2167 const uint32_t SwitchValue = Stream_Get_UINT32(pdu->s); /* SwitchValue (4 bytes) */
2168 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
2169
2170 if ((packet.packetId != TSG_PACKET_TYPE_MESSAGE_PACKET) || (packet.packetId != SwitchValue))
2171 {
2172 WLog_Print(tsg->log, WLOG_ERROR,
2173 "Unexpected PacketId: 0x%08" PRIX32
2174 ", Expected TSG_PACKET_TYPE_MESSAGE_PACKET",
2175 packet.packetId);
2176 goto fail;
2177 }
2178 }
2179
2180 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketMsgResponsePtr, TRUE))
2181 goto fail;
2182
2183 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(tsg->log, pdu->s, &packetMsgResponse))
2184 goto fail;
2185
2186 {
2187 UINT32 MessagePtr = 0;
2188 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &MessagePtr, TRUE))
2189 goto fail;
2190
2191 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(tsg->log, context, pdu->s, &index, MessagePtr,
2192 &packetMsgResponse, &tsg->ReauthTunnelContext))
2193 goto fail;
2194 }
2195
2196 rc = TRUE;
2197fail:
2198 return rc;
2199}
2200
2212static BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
2213{
2214 WINPR_ASSERT(tsg);
2215 WINPR_ASSERT(tunnelContext);
2216
2217 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCreateChannelWriteRequest");
2218
2219 if (!tsg->rpc || !tsg->Hostname)
2220 return FALSE;
2221
2222 rdpRpc* rpc = tsg->rpc;
2223 const size_t count = _wcslen(tsg->Hostname) + 1;
2224 if (count > UINT32_MAX)
2225 return FALSE;
2226
2227 wStream* s = Stream_New(nullptr, 60 + count * 2);
2228 if (!s)
2229 return FALSE;
2230
2231 /* TunnelContext (20 bytes) */
2232 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2233 goto fail;
2234
2235 /* TSENDPOINTINFO */
2236 {
2237 UINT32 index = 0;
2238 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2239 goto fail;
2240 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2241 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 0))
2242 goto fail;
2243 }
2244
2245 Stream_Write_UINT16(s, 0x0000); /* NumAlternateResourceNames (2 bytes) */
2246 Stream_Write_UINT16(s, 0x0000); /* Pad (2 bytes) */
2247 /* Port (4 bytes) */
2248 Stream_Write_UINT16(s, 0x0003); /* ProtocolId (RDP = 3) (2 bytes) */
2249 Stream_Write_UINT16(s, tsg->Port); /* PortNumber (0xD3D = 3389) (2 bytes) */
2250 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2251 {
2252 UINT32 index = 0;
2253 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2254 goto fail;
2255 }
2256 if (!tsg_ndr_write_string(tsg->log, s, tsg->Hostname, count))
2257 goto fail;
2258 return rpc_client_write_call(rpc, s, TsProxyCreateChannelOpnum);
2259
2260fail:
2261 Stream_Free(s, TRUE);
2262 return FALSE;
2263}
2264
2265static BOOL TsProxyCreateChannelReadResponse(wLog* log, const RPC_PDU* pdu,
2266 CONTEXT_HANDLE* channelContext, UINT32* channelId)
2267{
2268 BOOL rc = FALSE;
2269
2270 WINPR_ASSERT(log);
2271 WINPR_ASSERT(pdu);
2272 WINPR_ASSERT(channelId);
2273
2274 WLog_Print(log, WLOG_DEBUG, "TsProxyCreateChannelReadResponse");
2275
2276 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 28))
2277 goto fail;
2278
2279 /* ChannelContext (20 bytes) */
2280 if (!TsProxyReadTunnelContext(log, pdu->s, channelContext))
2281 goto fail;
2282 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, pdu->s, 2, sizeof(UINT32)))
2283 goto fail;
2284 Stream_Read_UINT32(pdu->s, *channelId); /* ChannelId (4 bytes) */
2285 Stream_Seek_UINT32(pdu->s); /* ReturnValue (4 bytes) */
2286 rc = TRUE;
2287fail:
2288 return rc;
2289}
2290
2297static BOOL TsProxyCloseChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* context)
2298{
2299 WINPR_ASSERT(tsg);
2300 WINPR_ASSERT(context);
2301
2302 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseChannelWriteRequest");
2303
2304 rdpRpc* rpc = tsg->rpc;
2305 WINPR_ASSERT(rpc);
2306
2307 wStream* s = Stream_New(nullptr, 20);
2308
2309 if (!s)
2310 return FALSE;
2311
2312 /* ChannelContext (20 bytes) */
2313 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2314 goto fail;
2315 return rpc_client_write_call(rpc, s, TsProxyCloseChannelOpnum);
2316fail:
2317 Stream_Free(s, TRUE);
2318 return FALSE;
2319}
2320
2321static BOOL TsProxyCloseChannelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2322{
2323 BOOL rc = FALSE;
2324 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseChannelReadResponse");
2325
2326 if (!pdu)
2327 return FALSE;
2328
2329 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2330 goto fail;
2331
2332 /* ChannelContext (20 bytes) */
2333 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2334 goto fail;
2335
2336 {
2337 const size_t len = sizeof(UINT32);
2338 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2339 goto fail;
2340 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2341 rc = TRUE;
2342 }
2343fail:
2344 return rc;
2345}
2346
2353static BOOL TsProxyCloseTunnelWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* context)
2354{
2355 WINPR_ASSERT(tsg);
2356 WINPR_ASSERT(context);
2357
2358 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseTunnelWriteRequest");
2359
2360 rdpRpc* rpc = tsg->rpc;
2361 WINPR_ASSERT(rpc);
2362
2363 wStream* s = Stream_New(nullptr, 20);
2364
2365 if (!s)
2366 return FALSE;
2367
2368 /* TunnelContext (20 bytes) */
2369 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2370 goto fail;
2371 return rpc_client_write_call(rpc, s, TsProxyCloseTunnelOpnum);
2372fail:
2373 Stream_Free(s, TRUE);
2374 return FALSE;
2375}
2376
2377static BOOL TsProxyCloseTunnelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2378{
2379 BOOL rc = FALSE;
2380
2381 WINPR_ASSERT(log);
2382 WINPR_ASSERT(pdu);
2383 WINPR_ASSERT(context);
2384
2385 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseTunnelReadResponse");
2386
2387 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2388 goto fail;
2389
2390 /* TunnelContext (20 bytes) */
2391 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2392 goto fail;
2393 {
2394 const size_t len = sizeof(UINT32);
2395 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2396 goto fail;
2397 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2398 rc = TRUE;
2399 }
2400fail:
2401 return rc;
2402}
2403
2412static BOOL TsProxySetupReceivePipeWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* channelContext)
2413{
2414 wStream* s = nullptr;
2415 rdpRpc* rpc = nullptr;
2416 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxySetupReceivePipeWriteRequest");
2417
2418 WINPR_ASSERT(tsg);
2419 WINPR_ASSERT(tsg->rpc);
2420
2421 if (!channelContext)
2422 return FALSE;
2423
2424 rpc = tsg->rpc;
2425 s = Stream_New(nullptr, 20);
2426
2427 if (!s)
2428 return FALSE;
2429
2430 /* ChannelContext (20 bytes) */
2431 if (!TsProxyWriteTunnelContext(tsg->log, s, channelContext))
2432 goto fail;
2433 return rpc_client_write_call(rpc, s, TsProxySetupReceivePipeOpnum);
2434fail:
2435 Stream_Free(s, TRUE);
2436 return FALSE;
2437}
2438
2439static BOOL tsg_transition_to_state(rdpTsg* tsg, TSG_STATE state)
2440{
2441 WINPR_ASSERT(tsg);
2442 const char* oldState = tsg_state_to_string(tsg->state);
2443 const char* newState = tsg_state_to_string(state);
2444
2445 WLog_Print(tsg->log, WLOG_DEBUG, "%s -> %s", oldState, newState);
2446 return tsg_set_state(tsg, state);
2447}
2448
2449static BOOL tsg_initialize_version_caps(const rdpTsg* tsg,
2450 TSG_PACKET_VERSIONCAPS* packetVersionCaps)
2451{
2452 WINPR_ASSERT(tsg);
2453 WINPR_ASSERT(packetVersionCaps);
2454
2455 packetVersionCaps->tsgHeader.ComponentId = TS_GATEWAY_TRANSPORT;
2456 packetVersionCaps->tsgHeader.PacketId = TSG_PACKET_TYPE_VERSIONCAPS;
2457 packetVersionCaps->numCapabilities = 1;
2458 packetVersionCaps->majorVersion = 1;
2459 packetVersionCaps->minorVersion = 1;
2460 packetVersionCaps->quarantineCapabilities = 0;
2461 packetVersionCaps->tsgCaps.capabilityType = TSG_CAPABILITY_TYPE_NAP;
2462 /*
2463 * Using reduced capabilities appears to trigger
2464 * TSG_PACKET_TYPE_QUARENC_RESPONSE instead of TSG_PACKET_TYPE_CAPS_RESPONSE
2465 *
2466 * However, reduced capabilities may break connectivity with servers enforcing features,
2467 * such as "Only allow connections from Remote Desktop Services clients that support RD
2468 * Gateway messaging"
2469 */
2470
2471 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities =
2472 TSG_NAP_CAPABILITY_IDLE_TIMEOUT | TSG_MESSAGING_CAP_CONSENT_SIGN |
2473 TSG_MESSAGING_CAP_SERVICE_MSG | TSG_MESSAGING_CAP_REAUTH;
2474 if (tsg->QuarreQuest.dataLen > 0)
2475 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities |= TSG_NAP_CAPABILITY_QUAR_SOH;
2476
2477 return TRUE;
2478}
2479
2480static void resetCaps(rdpTsg* tsg)
2481{
2482 WINPR_ASSERT(tsg);
2483 const TSG_PACKET_QUARENC_RESPONSE empty = WINPR_C_ARRAY_INIT;
2484 tsg->CapsResponse = empty;
2485}
2486
2487BOOL tsg_proxy_begin(rdpTsg* tsg)
2488{
2489 TSG_PACKET tsgPacket = WINPR_C_ARRAY_INIT;
2490
2491 WINPR_ASSERT(tsg);
2492
2493 tsgPacket.packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2494 if (!tsg_initialize_version_caps(tsg, &tsgPacket.tsgPacket.packetVersionCaps) ||
2495 !TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2496 {
2497 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2498 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2499 return FALSE;
2500 }
2501
2502 resetCaps(tsg);
2503
2504 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2505}
2506
2507static BOOL tsg_proxy_reauth(rdpTsg* tsg)
2508{
2509 TSG_PACKET tsgPacket = WINPR_C_ARRAY_INIT;
2510
2511 WINPR_ASSERT(tsg);
2512
2513 tsg->reauthSequence = TRUE;
2514 TSG_PACKET_REAUTH* packetReauth = &tsgPacket.tsgPacket.packetReauth;
2515
2516 tsgPacket.packetId = TSG_PACKET_TYPE_REAUTH;
2517 packetReauth->tunnelContext = tsg->ReauthTunnelContext;
2518 packetReauth->packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2519
2520 if (!tsg_initialize_version_caps(tsg, &packetReauth->tsgInitialPacket.packetVersionCaps))
2521 return FALSE;
2522
2523 if (!TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2524 {
2525 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2526 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2527 return FALSE;
2528 }
2529
2530 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2531 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2532 {
2533 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2534 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2535 return FALSE;
2536 }
2537
2538 resetCaps(tsg);
2539 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2540}
2541
2542BOOL tsg_recv_pdu(rdpTsg* tsg, const RPC_PDU* pdu)
2543{
2544 BOOL rc = FALSE;
2545 RpcClientCall* call = nullptr;
2546 rdpRpc* rpc = nullptr;
2547
2548 WINPR_ASSERT(tsg);
2549 WINPR_ASSERT(pdu);
2550 WINPR_ASSERT(tsg->rpc);
2551
2552 rpc = tsg->rpc;
2553
2554 if (!(pdu->Flags & RPC_PDU_FLAG_STUB))
2555 {
2556 const size_t len = 24;
2557 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, len))
2558 return FALSE;
2559 Stream_Seek(pdu->s, len);
2560 }
2561
2562 const TSG_STATE oldState = tsg->state;
2563 switch (tsg->state)
2564 {
2565 case TSG_STATE_INITIAL:
2566 {
2567 CONTEXT_HANDLE* TunnelContext = nullptr;
2568 TunnelContext = (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2569
2570 if (!TsProxyCreateTunnelReadResponse(tsg, pdu, TunnelContext, &tsg->TunnelId))
2571 {
2572 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnelReadResponse failure");
2573 return FALSE;
2574 }
2575
2576 if (!tsg_transition_to_state(tsg, TSG_STATE_CONNECTED))
2577 return FALSE;
2578
2579 if (!TsProxyAuthorizeTunnelWriteRequest(tsg, TunnelContext))
2580 {
2581 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnel failure");
2582 return FALSE;
2583 }
2584
2585 rc = TRUE;
2586 }
2587 break;
2588
2589 case TSG_STATE_CONNECTED:
2590 {
2591 CONTEXT_HANDLE* TunnelContext =
2592 (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2593
2594 if (!TsProxyAuthorizeTunnelReadResponse(tsg, pdu))
2595 {
2596 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnelReadResponse failure");
2597 return FALSE;
2598 }
2599
2600 if (!tsg_transition_to_state(tsg, TSG_STATE_AUTHORIZED))
2601 return FALSE;
2602
2603 if (!tsg->reauthSequence)
2604 {
2605 if (!TsProxyMakeTunnelCallWriteRequest(tsg, TunnelContext,
2606 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2607 {
2608 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2609 return FALSE;
2610 }
2611 }
2612
2613 if (!TsProxyCreateChannelWriteRequest(tsg, TunnelContext))
2614 {
2615 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannel failure");
2616 return FALSE;
2617 }
2618
2619 rc = TRUE;
2620 }
2621 break;
2622
2623 case TSG_STATE_AUTHORIZED:
2624 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2625
2626 if (!call)
2627 return FALSE;
2628
2629 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2630 {
2631 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2632 {
2633 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2634 return FALSE;
2635 }
2636
2637 rc = TRUE;
2638 }
2639 else if (call->OpNum == TsProxyCreateChannelOpnum)
2640 {
2641 CONTEXT_HANDLE ChannelContext;
2642
2643 if (!TsProxyCreateChannelReadResponse(tsg->log, pdu, &ChannelContext,
2644 &tsg->ChannelId))
2645 {
2646 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannelReadResponse failure");
2647 return FALSE;
2648 }
2649
2650 if (!tsg->reauthSequence)
2651 CopyMemory(&tsg->ChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2652 else
2653 CopyMemory(&tsg->NewChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2654
2655 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CREATED))
2656 return FALSE;
2657
2658 if (!tsg->reauthSequence)
2659 {
2660 if (!TsProxySetupReceivePipeWriteRequest(tsg, &tsg->ChannelContext))
2661 {
2662 WLog_Print(tsg->log, WLOG_ERROR, "TsProxySetupReceivePipe failure");
2663 return FALSE;
2664 }
2665 }
2666 else
2667 {
2668 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->NewChannelContext))
2669 {
2670 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2671 return FALSE;
2672 }
2673
2674 if (!TsProxyCloseTunnelWriteRequest(tsg, &tsg->NewTunnelContext))
2675 {
2676 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelWriteRequest failure");
2677 return FALSE;
2678 }
2679 }
2680
2681 rc = tsg_transition_to_state(tsg, TSG_STATE_PIPE_CREATED);
2682 tsg->reauthSequence = FALSE;
2683 }
2684 else
2685 {
2686 WLog_Print(tsg->log, WLOG_ERROR,
2687 "TSG_STATE_AUTHORIZED unexpected OpNum: %" PRIu32 "\n", call->OpNum);
2688 }
2689
2690 break;
2691
2692 case TSG_STATE_CHANNEL_CREATED:
2693 break;
2694
2695 case TSG_STATE_PIPE_CREATED:
2696 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2697
2698 if (!call)
2699 return FALSE;
2700
2701 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2702 {
2703 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2704 {
2705 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2706 return FALSE;
2707 }
2708
2709 rc = TRUE;
2710
2711 if (tsg->ReauthTunnelContext)
2712 rc = tsg_proxy_reauth(tsg);
2713 }
2714 else if (call->OpNum == TsProxyCloseChannelOpnum)
2715 {
2716 CONTEXT_HANDLE ChannelContext;
2717
2718 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2719 {
2720 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2721 return FALSE;
2722 }
2723
2724 rc = TRUE;
2725 }
2726 else if (call->OpNum == TsProxyCloseTunnelOpnum)
2727 {
2728 CONTEXT_HANDLE TunnelContext;
2729
2730 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2731 {
2732 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2733 return FALSE;
2734 }
2735
2736 rc = TRUE;
2737 }
2738
2739 break;
2740
2741 case TSG_STATE_TUNNEL_CLOSE_PENDING:
2742 {
2743 CONTEXT_HANDLE ChannelContext;
2744
2745 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2746 {
2747 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2748 return FALSE;
2749 }
2750
2751 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING))
2752 return FALSE;
2753
2754 if (!TsProxyCloseChannelWriteRequest(tsg, nullptr))
2755 {
2756 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2757 return FALSE;
2758 }
2759
2760 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2761 TSG_TUNNEL_CANCEL_ASYNC_MSG_REQUEST))
2762 {
2763 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2764 return FALSE;
2765 }
2766
2767 rc = TRUE;
2768 }
2769 break;
2770
2771 case TSG_STATE_CHANNEL_CLOSE_PENDING:
2772 {
2773 CONTEXT_HANDLE TunnelContext;
2774
2775 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2776 {
2777 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2778 return FALSE;
2779 }
2780
2781 rc = tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2782 }
2783 break;
2784
2785 case TSG_STATE_FINAL:
2786 break;
2787 default:
2788 break;
2789 }
2790
2791 {
2792 const size_t rem = Stream_GetRemainingLength(pdu->s);
2793 if (rem > 0)
2794 {
2795 WLog_Print(tsg->log, WLOG_WARN, "[%s] unparsed bytes: %" PRIuz,
2796 tsg_state_to_string(oldState), rem);
2797 }
2798 }
2799 return rc;
2800}
2801
2802BOOL tsg_check_event_handles(rdpTsg* tsg)
2803{
2804 WINPR_ASSERT(tsg);
2805 if (rpc_client_in_channel_recv(tsg->rpc) < 0)
2806 return FALSE;
2807
2808 if (rpc_client_out_channel_recv(tsg->rpc) < 0)
2809 return FALSE;
2810
2811 return TRUE;
2812}
2813
2814DWORD tsg_get_event_handles(rdpTsg* tsg, HANDLE* events, DWORD count)
2815{
2816 UINT32 nCount = 0;
2817 rdpRpc* rpc = tsg->rpc;
2818 RpcVirtualConnection* connection = rpc->VirtualConnection;
2819
2820 if (events && (nCount < count))
2821 {
2822 events[nCount] = rpc->client->PipeEvent;
2823 nCount++;
2824 }
2825 else
2826 return 0;
2827
2828 if (connection->DefaultInChannel && connection->DefaultInChannel->common.tls)
2829 {
2830 if (events && (nCount < count))
2831 {
2832 BIO_get_event(connection->DefaultInChannel->common.tls->bio, &events[nCount]);
2833 nCount++;
2834 }
2835 else
2836 return 0;
2837 }
2838
2839 if (connection->NonDefaultInChannel && connection->NonDefaultInChannel->common.tls)
2840 {
2841 if (events && (nCount < count))
2842 {
2843 BIO_get_event(connection->NonDefaultInChannel->common.tls->bio, &events[nCount]);
2844 nCount++;
2845 }
2846 else
2847 return 0;
2848 }
2849
2850 if (connection->DefaultOutChannel && connection->DefaultOutChannel->common.tls)
2851 {
2852 if (events && (nCount < count))
2853 {
2854 BIO_get_event(connection->DefaultOutChannel->common.tls->bio, &events[nCount]);
2855 nCount++;
2856 }
2857 else
2858 return 0;
2859 }
2860
2861 if (connection->NonDefaultOutChannel && connection->NonDefaultOutChannel->common.tls)
2862 {
2863 if (events && (nCount < count))
2864 {
2865 BIO_get_event(connection->NonDefaultOutChannel->common.tls->bio, &events[nCount]);
2866 nCount++;
2867 }
2868 else
2869 return 0;
2870 }
2871
2872 return nCount;
2873}
2874
2875static BOOL tsg_set_hostname(rdpTsg* tsg, const char* hostname)
2876{
2877 WINPR_ASSERT(tsg);
2878 free(tsg->Hostname);
2879 tsg->Hostname = ConvertUtf8ToWCharAlloc(hostname, nullptr);
2880 return tsg->Hostname != nullptr;
2881}
2882
2883static BOOL tsg_set_machine_name(rdpTsg* tsg, const char* machineName)
2884{
2885 WINPR_ASSERT(tsg);
2886
2887 free(tsg->QuarreQuest.machineName);
2888 tsg->QuarreQuest.machineName = nullptr;
2889 tsg->QuarreQuest.nameLength = 0;
2890 if (!machineName)
2891 return FALSE;
2892
2893 size_t size = 0;
2894 tsg->QuarreQuest.machineName = ConvertUtf8ToWCharAlloc(machineName, &size);
2895 tsg->QuarreQuest.nameLength = WINPR_ASSERTING_INT_CAST(uint32_t, size + 1ull);
2896 return tsg->QuarreQuest.machineName && (size > 0);
2897}
2898
2899BOOL tsg_connect(rdpTsg* tsg, const char* hostname, UINT16 port, DWORD timeout)
2900{
2901 UINT64 looptimeout = timeout * 1000ULL;
2902 DWORD nCount = 0;
2903 HANDLE events[MAXIMUM_WAIT_OBJECTS] = WINPR_C_ARRAY_INIT;
2904
2905 WINPR_ASSERT(tsg);
2906
2907 rdpRpc* rpc = tsg->rpc;
2908 WINPR_ASSERT(rpc);
2909
2910 rdpTransport* transport = rpc->transport;
2911 rdpContext* context = transport_get_context(transport);
2912 WINPR_ASSERT(context);
2913
2914 rdpSettings* settings = context->settings;
2915
2916 freerdp_set_last_error(context, ERROR_SUCCESS);
2917
2918 tsg->Port = port;
2919 tsg->transport = transport;
2920
2921 if (!settings->GatewayPort)
2922 settings->GatewayPort = 443;
2923
2924 if (!tsg_set_hostname(tsg, hostname))
2925 return FALSE;
2926
2927 if (!tsg_set_machine_name(tsg, settings->ComputerName))
2928 return FALSE;
2929
2930 if (!rpc_connect(rpc, timeout))
2931 {
2932 WLog_Print(tsg->log, WLOG_ERROR, "rpc_connect error!");
2933 return FALSE;
2934 }
2935
2936 nCount = tsg_get_event_handles(tsg, events, ARRAYSIZE(events));
2937
2938 if (nCount == 0)
2939 return FALSE;
2940
2941 while (tsg->state != TSG_STATE_PIPE_CREATED)
2942 {
2943 const DWORD polltimeout = 250;
2944 DWORD status = WaitForMultipleObjects(nCount, events, FALSE, polltimeout);
2945 if (status == WAIT_TIMEOUT)
2946 {
2947 if (timeout > 0)
2948 {
2949 if (looptimeout < polltimeout)
2950 return FALSE;
2951 looptimeout -= polltimeout;
2952 }
2953 }
2954 else
2955 looptimeout = timeout * 1000ULL;
2956
2957 if (!tsg_check_event_handles(tsg))
2958 {
2959 WLog_Print(tsg->log, WLOG_ERROR, "tsg_check failure");
2960 transport_set_layer(transport, TRANSPORT_LAYER_CLOSED);
2961 return FALSE;
2962 }
2963 }
2964
2965 WLog_Print(tsg->log, WLOG_INFO, "TS Gateway Connection Success");
2966 tsg->bio = BIO_new(BIO_s_tsg());
2967
2968 if (!tsg->bio)
2969 return FALSE;
2970
2971 BIO_set_data(tsg->bio, (void*)tsg);
2972 return TRUE;
2973}
2974
2975BOOL tsg_disconnect(rdpTsg* tsg)
2976{
2996 if (!tsg)
2997 return FALSE;
2998
2999 if (tsg->state != TSG_STATE_TUNNEL_CLOSE_PENDING)
3000 {
3001 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->ChannelContext))
3002 return FALSE;
3003
3004 return tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING);
3005 }
3006
3007 return TRUE;
3008}
3009
3021static int tsg_read(rdpTsg* tsg, BYTE* data, size_t length)
3022{
3023 rdpRpc* rpc = nullptr;
3024 int status = 0;
3025
3026 if (!tsg || !data)
3027 return -1;
3028
3029 rpc = tsg->rpc;
3030
3031 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
3032 {
3033 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
3034 return -1;
3035 }
3036
3037 do
3038 {
3039 status = rpc_client_receive_pipe_read(rpc->client, data, length);
3040
3041 if (status < 0)
3042 return -1;
3043
3044 if (!status && !transport_get_blocking(rpc->transport))
3045 return 0;
3046
3047 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
3048 {
3049 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
3050 return -1;
3051 }
3052
3053 if (status > 0)
3054 break;
3055
3056 if (transport_get_blocking(rpc->transport))
3057 {
3058 while (WaitForSingleObject(rpc->client->PipeEvent, 0) != WAIT_OBJECT_0)
3059 {
3060 if (!tsg_check_event_handles(tsg))
3061 return -1;
3062
3063 (void)WaitForSingleObject(rpc->client->PipeEvent, 100);
3064 }
3065 }
3066 } while (transport_get_blocking(rpc->transport));
3067
3068 return status;
3069}
3070
3071static int tsg_write(rdpTsg* tsg, const BYTE* data, UINT32 length)
3072{
3073 int status = 0;
3074
3075 if (!tsg || !data || !tsg->rpc || !tsg->rpc->transport)
3076 return -1;
3077
3078 if (transport_get_layer(tsg->rpc->transport) == TRANSPORT_LAYER_CLOSED)
3079 {
3080 WLog_Print(tsg->log, WLOG_ERROR, "error, connection lost");
3081 return -1;
3082 }
3083
3084 status = TsProxySendToServer((handle_t)tsg, data, 1, &length);
3085
3086 if (status < 0)
3087 return -1;
3088
3089 return (int)length;
3090}
3091
3092rdpTsg* tsg_new(rdpTransport* transport)
3093{
3094 rdpTsg* tsg = (rdpTsg*)calloc(1, sizeof(rdpTsg));
3095
3096 if (!tsg)
3097 return nullptr;
3098 tsg->log = WLog_Get(TAG);
3099 tsg->transport = transport;
3100 tsg->rpc = rpc_new(tsg->transport);
3101
3102 if (!tsg->rpc)
3103 goto out_free;
3104
3105 return tsg;
3106out_free:
3107 free(tsg);
3108 return nullptr;
3109}
3110
3111void tsg_free(rdpTsg* tsg)
3112{
3113 if (tsg)
3114 {
3115 rpc_free(tsg->rpc);
3116 free(tsg->Hostname);
3117 free(tsg->QuarreQuest.machineName);
3118 free(tsg->QuarreQuest.data);
3119 free(tsg);
3120 }
3121}
3122
3123static int transport_bio_tsg_write(BIO* bio, const char* buf, int num)
3124{
3125 int status = 0;
3126 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3127 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
3128
3129 if (num < 0)
3130 return -1;
3131 status = tsg_write(tsg, (const BYTE*)buf, (UINT32)num);
3132
3133 if (status < 0)
3134 {
3135 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3136 return -1;
3137 }
3138 else if (status == 0)
3139 {
3140 BIO_set_flags(bio, BIO_FLAGS_WRITE);
3141 WSASetLastError(WSAEWOULDBLOCK);
3142 }
3143 else
3144 {
3145 BIO_set_flags(bio, BIO_FLAGS_WRITE);
3146 }
3147
3148 return status >= 0 ? status : -1;
3149}
3150
3151static int transport_bio_tsg_read(BIO* bio, char* buf, int size)
3152{
3153 int status = 0;
3154 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3155
3156 if (!tsg || (size < 0))
3157 {
3158 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3159 return -1;
3160 }
3161
3162 BIO_clear_flags(bio, BIO_FLAGS_READ);
3163 status = tsg_read(tsg, (BYTE*)buf, (size_t)size);
3164
3165 if (status < 0)
3166 {
3167 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3168 return -1;
3169 }
3170 else if (status == 0)
3171 {
3172 BIO_set_flags(bio, BIO_FLAGS_READ);
3173 WSASetLastError(WSAEWOULDBLOCK);
3174 }
3175 else
3176 {
3177 BIO_set_flags(bio, BIO_FLAGS_READ);
3178 }
3179
3180 return status > 0 ? status : -1;
3181}
3182
3183static int transport_bio_tsg_puts(BIO* bio, const char* str)
3184{
3185 WINPR_UNUSED(bio);
3186 WINPR_UNUSED(str);
3187 return -2;
3188}
3189
3190// NOLINTNEXTLINE(readability-non-const-parameter)
3191static int transport_bio_tsg_gets(BIO* bio, char* str, int size)
3192{
3193 WINPR_UNUSED(bio);
3194 WINPR_UNUSED(str);
3195 WINPR_UNUSED(size);
3196 return 1;
3197}
3198
3199static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
3200{
3201 long status = -1;
3202 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
3203 RpcVirtualConnection* connection = tsg->rpc->VirtualConnection;
3204 RpcInChannel* inChannel = connection->DefaultInChannel;
3205 RpcOutChannel* outChannel = connection->DefaultOutChannel;
3206
3207 switch (cmd)
3208 {
3209 case BIO_CTRL_FLUSH:
3210 (void)BIO_flush(inChannel->common.tls->bio);
3211 (void)BIO_flush(outChannel->common.tls->bio);
3212 status = 1;
3213 break;
3214
3215 case BIO_C_GET_EVENT:
3216 if (arg2)
3217 {
3218 *((HANDLE*)arg2) = tsg->rpc->client->PipeEvent;
3219 status = 1;
3220 }
3221
3222 break;
3223
3224 case BIO_C_SET_NONBLOCK:
3225 status = 1;
3226 break;
3227
3228 case BIO_C_READ_BLOCKED:
3229 {
3230 BIO* cbio = outChannel->common.bio;
3231 status = BIO_read_blocked(cbio);
3232 }
3233 break;
3234
3235 case BIO_C_WRITE_BLOCKED:
3236 {
3237 BIO* cbio = inChannel->common.bio;
3238 status = BIO_write_blocked(cbio);
3239 }
3240 break;
3241
3242 case BIO_C_WAIT_READ:
3243 {
3244 int timeout = (int)arg1;
3245 BIO* cbio = outChannel->common.bio;
3246
3247 if (BIO_read_blocked(cbio))
3248 return BIO_wait_read(cbio, timeout);
3249 else if (BIO_write_blocked(cbio))
3250 return BIO_wait_write(cbio, timeout);
3251 else
3252 status = 1;
3253 }
3254 break;
3255
3256 case BIO_C_WAIT_WRITE:
3257 {
3258 int timeout = (int)arg1;
3259 BIO* cbio = inChannel->common.bio;
3260
3261 if (BIO_write_blocked(cbio))
3262 status = BIO_wait_write(cbio, timeout);
3263 else if (BIO_read_blocked(cbio))
3264 status = BIO_wait_read(cbio, timeout);
3265 else
3266 status = 1;
3267 }
3268 break;
3269#if OPENSSL_VERSION_NUMBER >= 0x30000000L
3270 case BIO_CTRL_GET_KTLS_SEND:
3271 status = 0;
3272 break;
3273 case BIO_CTRL_GET_KTLS_RECV:
3274 status = 0;
3275 break;
3276#endif
3277 default:
3278 break;
3279 }
3280
3281 return status;
3282}
3283
3284static int transport_bio_tsg_new(BIO* bio)
3285{
3286 WINPR_ASSERT(bio);
3287 BIO_set_init(bio, 1);
3288 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3289 return 1;
3290}
3291
3292static int transport_bio_tsg_free(BIO* bio)
3293{
3294 WINPR_ASSERT(bio);
3295 WINPR_UNUSED(bio);
3296 return 1;
3297}
3298
3299BIO_METHOD* BIO_s_tsg(void)
3300{
3301 static BIO_METHOD* bio_methods = nullptr;
3302
3303 if (bio_methods == nullptr)
3304 {
3305 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway")))
3306 return nullptr;
3307
3308 BIO_meth_set_write(bio_methods, transport_bio_tsg_write);
3309 BIO_meth_set_read(bio_methods, transport_bio_tsg_read);
3310 BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts);
3311 BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets);
3312 BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl);
3313 BIO_meth_set_create(bio_methods, transport_bio_tsg_new);
3314 BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free);
3315 }
3316
3317 return bio_methods;
3318}
3319
3320TSG_STATE tsg_get_state(rdpTsg* tsg)
3321{
3322 if (!tsg)
3323 return TSG_STATE_INITIAL;
3324
3325 return tsg->state;
3326}
3327
3328BIO* tsg_get_bio(rdpTsg* tsg)
3329{
3330 if (!tsg)
3331 return nullptr;
3332
3333 return tsg->bio;
3334}
3335
3336BOOL tsg_set_state(rdpTsg* tsg, TSG_STATE state)
3337{
3338 WINPR_ASSERT(tsg);
3339 tsg->state = state;
3340 return TRUE;
3341}
CONTEXT_HANDLE
Definition winpr/include/winpr/rpc.h:26
RPC_PDU
Definition libfreerdp/core/gateway/rpc.h:66
p_uuid_t
Definition libfreerdp/core/gateway/rpc.h:150