FreeRDP
Loading...
Searching...
No Matches
ncacn_http.c
1
20#include <freerdp/config.h>
21
22#include "../settings.h"
23#include "ncacn_http.h"
24
25#include <winpr/crt.h>
26#include <winpr/tchar.h>
27#include <winpr/stream.h>
28#include <winpr/dsparse.h>
29
30#include "../utils.h"
31
32#define TAG FREERDP_TAG("core.gateway.ntlm")
33
34#define AUTH_PKG NTLM_SSP_NAME
35
36static wStream* rpc_auth_http_request(HttpContext* http, const char* method, size_t contentLength,
37 const SecBuffer* authToken, const char* auth_scheme)
38{
39 wStream* s = nullptr;
40 HttpRequest* request = nullptr;
41 char* base64AuthToken = nullptr;
42 const char* uri = nullptr;
43
44 if (!http || !method)
45 goto fail;
46
47 request = http_request_new();
48
49 if (!request)
50 goto fail;
51
52 if (authToken)
53 base64AuthToken = crypto_base64_encode(authToken->pvBuffer, authToken->cbBuffer);
54
55 uri = http_context_get_uri(http);
56
57 if (!http_request_set_method(request, method) ||
58 !http_request_set_content_length(request, contentLength) ||
59 !http_request_set_uri(request, uri))
60 goto fail;
61
62 if (base64AuthToken)
63 {
64 if (!http_request_set_auth_scheme(request, auth_scheme) ||
65 !http_request_set_auth_param(request, base64AuthToken))
66 goto fail;
67 }
68
69 s = http_request_write(http, request);
70fail:
71 http_request_free(request);
72 free(base64AuthToken);
73 return s;
74}
75
76BOOL rpc_ncacn_http_send_in_channel_request(RpcChannel* inChannel)
77{
78 wStream* s = nullptr;
79 SSIZE_T status = 0;
80 rdpCredsspAuth* auth = nullptr;
81 HttpContext* http = nullptr;
82 const SecBuffer* buffer = nullptr;
83 int rc = 0;
84
85 if (!inChannel || !inChannel->auth || !inChannel->http)
86 return FALSE;
87
88 auth = inChannel->auth;
89 http = inChannel->http;
90
91 rc = credssp_auth_authenticate(auth);
92 if (rc < 0)
93 return FALSE;
94
95 const size_t contentLength = (rc == 0) ? 0 : 0x40000000;
96 buffer = credssp_auth_have_output_token(auth) ? credssp_auth_get_output_buffer(auth) : nullptr;
97 s = rpc_auth_http_request(http, "RPC_IN_DATA", contentLength, buffer,
98 credssp_auth_pkg_name(auth));
99
100 if (!s)
101 return -1;
102
103 status = rpc_channel_write(inChannel, Stream_Buffer(s), Stream_Length(s));
104 Stream_Free(s, TRUE);
105 return (status > 0) ? 1 : -1;
106}
107
108BOOL rpc_ncacn_http_recv_in_channel_response(RpcChannel* inChannel, HttpResponse* response)
109{
110 size_t authTokenLength = 0;
111 BYTE* authTokenData = nullptr;
112
113 if (!inChannel || !response || !inChannel->auth)
114 return FALSE;
115
116 rdpCredsspAuth* auth = inChannel->auth;
117 const char* token64 = http_response_get_auth_token(response, credssp_auth_pkg_name(auth));
118
119 if (token64)
120 crypto_base64_decode(token64, strlen(token64), &authTokenData, &authTokenLength);
121
122 if (authTokenLength > UINT32_MAX)
123 {
124 free(authTokenData);
125 return FALSE;
126 }
127
128 SecBuffer buffer = { .pvBuffer = authTokenData, .cbBuffer = (UINT32)authTokenLength };
129
130 if (authTokenData && authTokenLength)
131 {
132 credssp_auth_take_input_buffer(auth, &buffer);
133 return TRUE;
134 }
135
136 sspi_SecBufferFree(&buffer);
137 return TRUE;
138}
139
140BOOL rpc_ncacn_http_auth_init(rdpContext* context, RpcChannel* channel)
141{
142 rdpTls* tls = nullptr;
143 rdpCredsspAuth* auth = nullptr;
144 rdpSettings* settings = nullptr;
145 freerdp* instance = nullptr;
146 auth_status rc = AUTH_FAILED;
147 SEC_WINNT_AUTH_IDENTITY identity = WINPR_C_ARRAY_INIT;
148
149 if (!context || !channel)
150 return FALSE;
151
152 tls = channel->tls;
153 auth = channel->auth;
154 settings = context->settings;
155 instance = context->instance;
156
157 if (!tls || !auth || !instance || !settings)
158 return FALSE;
159
160 rc = utils_authenticate_gateway(instance, GW_AUTH_HTTP);
161 switch (rc)
162 {
163 case AUTH_SUCCESS:
164 case AUTH_SKIP:
165 break;
166 case AUTH_CANCELLED:
167 freerdp_set_last_error_log(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
168 return FALSE;
169 case AUTH_NO_CREDENTIALS:
170 WLog_INFO(TAG, "No credentials provided - using nullptr identity");
171 break;
172 case AUTH_FAILED:
173 default:
174 return FALSE;
175 }
176
177 if (!credssp_auth_init(auth, AUTH_PKG, tls->Bindings))
178 return FALSE;
179
180 if (!identity_set_from_settings(&identity, settings, FreeRDP_GatewayUsername,
181 FreeRDP_GatewayDomain, FreeRDP_GatewayPassword))
182 return FALSE;
183
184 const char* GatewayHostname = freerdp_settings_get_string(settings, FreeRDP_GatewayHostname);
185 const char* GatewayUsername = freerdp_settings_get_string(settings, FreeRDP_GatewayUsername);
186 SEC_WINNT_AUTH_IDENTITY* identityArg = (GatewayUsername ? &identity : nullptr);
187 const BOOL res = credssp_auth_setup_client(auth, "HTTP", GatewayHostname, identityArg, nullptr);
188
189 sspi_FreeAuthIdentity(&identity);
190
191 credssp_auth_set_flags(auth, ISC_REQ_CONFIDENTIALITY);
192
193 return res;
194}
195
196void rpc_ncacn_http_auth_uninit(RpcChannel* channel)
197{
198 if (!channel)
199 return;
200
201 credssp_auth_free(channel->auth);
202 channel->auth = nullptr;
203}
204
205BOOL rpc_ncacn_http_send_out_channel_request(RpcChannel* outChannel, BOOL replacement)
206{
207 BOOL status = TRUE;
208 wStream* s = nullptr;
209 size_t contentLength = 0;
210 rdpCredsspAuth* auth = nullptr;
211 HttpContext* http = nullptr;
212 const SecBuffer* buffer = nullptr;
213 int rc = 0;
214
215 if (!outChannel || !outChannel->auth || !outChannel->http)
216 return FALSE;
217
218 auth = outChannel->auth;
219 http = outChannel->http;
220
221 rc = credssp_auth_authenticate(auth);
222 if (rc < 0)
223 return FALSE;
224
225 if (!replacement)
226 contentLength = (rc == 0) ? 0 : 76;
227 else
228 contentLength = (rc == 0) ? 0 : 120;
229
230 buffer = credssp_auth_have_output_token(auth) ? credssp_auth_get_output_buffer(auth) : nullptr;
231 s = rpc_auth_http_request(http, "RPC_OUT_DATA", contentLength, buffer,
232 credssp_auth_pkg_name(auth));
233
234 if (!s)
235 return -1;
236
237 if (rpc_channel_write(outChannel, Stream_Buffer(s), Stream_Length(s)) < 0)
238 status = FALSE;
239
240 Stream_Free(s, TRUE);
241 return status;
242}
243
244BOOL rpc_ncacn_http_recv_out_channel_response(RpcChannel* outChannel, HttpResponse* response)
245{
246 size_t authTokenLength = 0;
247 BYTE* authTokenData = nullptr;
248
249 if (!outChannel || !response || !outChannel->auth)
250 return FALSE;
251
252 rdpCredsspAuth* auth = outChannel->auth;
253 const char* token64 = http_response_get_auth_token(response, credssp_auth_pkg_name(auth));
254
255 if (token64)
256 crypto_base64_decode(token64, strlen(token64), &authTokenData, &authTokenLength);
257
258 if (authTokenLength > UINT32_MAX)
259 {
260 free(authTokenData);
261 return FALSE;
262 }
263 SecBuffer buffer = { .pvBuffer = authTokenData, .cbBuffer = (UINT32)authTokenLength };
264
265 if (authTokenData && authTokenLength)
266 {
267 credssp_auth_take_input_buffer(auth, &buffer);
268 return TRUE;
269 }
270
271 sspi_SecBufferFree(&buffer);
272 return TRUE;
273}
274
275BOOL rpc_ncacn_http_is_final_request(RpcChannel* channel)
276{
277 WINPR_ASSERT(channel);
278 return credssp_auth_is_complete(channel->auth);
279}
freerdp_settings_get_string
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.