FreeRDP
Loading...
Searching...
No Matches
pf_client.c
1
24#include <winpr/assert.h>
25#include <winpr/cast.h>
26
27#include <freerdp/config.h>
28
29#include <freerdp/freerdp.h>
30#include <freerdp/gdi/gdi.h>
31#include <freerdp/client/cmdline.h>
32
33#include <freerdp/server/proxy/proxy_log.h>
34#include <freerdp/channels/drdynvc.h>
35#include <freerdp/channels/encomsp.h>
36#include <freerdp/channels/rdpdr.h>
37#include <freerdp/channels/rdpsnd.h>
38#include <freerdp/channels/cliprdr.h>
39#include <freerdp/channels/channels.h>
40
41#include "pf_client.h"
42#include "pf_channel.h"
43#include <freerdp/server/proxy/proxy_context.h>
44#include "pf_update.h"
45#include "pf_input.h"
46#include <freerdp/server/proxy/proxy_config.h>
47#include "proxy_modules.h"
48#include "pf_utils.h"
49#include "channels/pf_channel_rdpdr.h"
50#include "channels/pf_channel_smartcard.h"
51
52#define TAG PROXY_TAG("client")
53
54static void channel_data_free(void* obj);
55
56WINPR_ATTR_NODISCARD
57static BOOL proxy_server_reactivate(rdpContext* ps, const rdpContext* pc)
58{
59 WINPR_ASSERT(ps);
60 WINPR_ASSERT(pc);
61
62 if (!pf_context_copy_settings(ps->settings, pc->settings))
63 return FALSE;
64
65 /*
66 * DesktopResize causes internal function rdp_server_reactivate to be called,
67 * which causes the reactivation.
68 */
69 WINPR_ASSERT(ps->update);
70 return (ps->update->DesktopResize(ps));
71}
72
73static void pf_client_on_error_info(void* ctx, const ErrorInfoEventArgs* e)
74{
75 pClientContext* pc = (pClientContext*)ctx;
76 pServerContext* ps = nullptr;
77
78 WINPR_ASSERT(pc);
79 WINPR_ASSERT(pc->pdata);
80 WINPR_ASSERT(e);
81 ps = pc->pdata->ps;
82 WINPR_ASSERT(ps);
83
84 if (e->code == ERRINFO_NONE)
85 return;
86
87 PROXY_LOG_WARN(TAG, pc, "received ErrorInfo PDU. code=0x%08" PRIu32 ", message: %s", e->code,
88 freerdp_get_error_info_string(e->code));
89
90 /* forward error back to client */
91 freerdp_set_error_info(ps->context.rdp, e->code);
92 if (!freerdp_send_error_info(ps->context.rdp))
93 {
94 PROXY_LOG_WARN(TAG, pc, "[fail] reply ErrorInfo PDU. code=0x%08" PRIu32 ", message: %s",
95 e->code, freerdp_get_error_info_string(e->code));
96 }
97}
98
99static void pf_client_on_activated(WINPR_ATTR_UNUSED void* ctx,
100 WINPR_ATTR_UNUSED const ActivatedEventArgs* e)
101{
102}
103
104WINPR_ATTR_NODISCARD
105static BOOL pf_client_load_rdpsnd(pClientContext* pc)
106{
107 rdpContext* context = (rdpContext*)pc;
108
109 WINPR_ASSERT(pc);
110 WINPR_ASSERT(pc->pdata);
111 /*
112 * if AudioOutput is enabled in proxy and client connected with rdpsnd, use proxy as rdpsnd
113 * backend. Otherwise, use sys:fake.
114 */
115 if (!freerdp_static_channel_collection_find(context->settings, RDPSND_CHANNEL_NAME))
116 {
117 const char* params[2] = { RDPSND_CHANNEL_NAME, "sys:fake" };
118
119 if (!freerdp_client_add_static_channel(context->settings, ARRAYSIZE(params), params))
120 return FALSE;
121 }
122
123 return TRUE;
124}
125
126WINPR_ATTR_NODISCARD
127static BOOL pf_client_use_peer_load_balance_info(pClientContext* pc)
128{
129 pServerContext* ps = nullptr;
130 rdpSettings* settings = nullptr;
131 DWORD lb_info_len = 0;
132 const char* lb_info = nullptr;
133
134 WINPR_ASSERT(pc);
135 WINPR_ASSERT(pc->pdata);
136 ps = pc->pdata->ps;
137 WINPR_ASSERT(ps);
138 settings = pc->context.settings;
139 WINPR_ASSERT(settings);
140
141 lb_info = freerdp_nego_get_routing_token(&ps->context, &lb_info_len);
142 if (!lb_info)
143 return TRUE;
144
145 return freerdp_settings_set_pointer_len(settings, FreeRDP_LoadBalanceInfo, lb_info,
146 lb_info_len);
147}
148
149WINPR_ATTR_NODISCARD
150static BOOL str_is_empty(const char* str)
151{
152 if (!str)
153 return TRUE;
154 if (strlen(str) == 0)
155 return TRUE;
156 return FALSE;
157}
158
159WINPR_ATTR_NODISCARD
160static BOOL pf_client_use_proxy_smartcard_auth(const rdpSettings* settings)
161{
162 BOOL enable = freerdp_settings_get_bool(settings, FreeRDP_SmartcardLogon);
163 const char* key = freerdp_settings_get_string(settings, FreeRDP_SmartcardPrivateKey);
164 const char* cert = freerdp_settings_get_string(settings, FreeRDP_SmartcardCertificate);
165
166 if (!enable)
167 return FALSE;
168
169 if (str_is_empty(key))
170 return FALSE;
171
172 if (str_is_empty(cert))
173 return FALSE;
174
175 return TRUE;
176}
177
178WINPR_ATTR_NODISCARD
179static BOOL pf_client_pre_connect(freerdp* instance)
180{
181 pClientContext* pc = nullptr;
182 pServerContext* ps = nullptr;
183 const proxyConfig* config = nullptr;
184 rdpSettings* settings = nullptr;
185
186 WINPR_ASSERT(instance);
187 pc = (pClientContext*)instance->context;
188 WINPR_ASSERT(pc);
189 WINPR_ASSERT(pc->pdata);
190 ps = pc->pdata->ps;
191 WINPR_ASSERT(ps);
192 WINPR_ASSERT(ps->pdata);
193 config = ps->pdata->config;
194 WINPR_ASSERT(config);
195 settings = instance->context->settings;
196 WINPR_ASSERT(settings);
197
198 /*
199 * as the client's settings are copied from the server's, GlyphSupportLevel might not be
200 * GLYPH_SUPPORT_NONE. the proxy currently do not support GDI & GLYPH_SUPPORT_CACHE, so
201 * GlyphCacheSupport must be explicitly set to GLYPH_SUPPORT_NONE.
202 *
203 * Also, OrderSupport need to be zeroed, because it is currently not supported.
204 */
205 if (!freerdp_settings_set_uint32(settings, FreeRDP_GlyphSupportLevel, GLYPH_SUPPORT_NONE))
206 return FALSE;
207
208 void* OrderSupport = freerdp_settings_get_pointer_writable(settings, FreeRDP_OrderSupport);
209 ZeroMemory(OrderSupport, 32);
210
211 if (WTSVirtualChannelManagerIsChannelJoined(ps->vcm, DRDYNVC_SVC_CHANNEL_NAME))
212 {
213 if (!freerdp_settings_set_bool(settings, FreeRDP_SupportDynamicChannels, TRUE))
214 return FALSE;
215 }
216
217 /* Multimon */
218 if (!freerdp_settings_set_bool(settings, FreeRDP_UseMultimon, TRUE))
219 return FALSE;
220
221 /* Sound */
222 if (!freerdp_settings_set_bool(settings, FreeRDP_AudioCapture, config->AudioInput) ||
223 !freerdp_settings_set_bool(settings, FreeRDP_AudioPlayback, config->AudioOutput) ||
224 !freerdp_settings_set_bool(settings, FreeRDP_DeviceRedirection,
225 config->DeviceRedirection) ||
226 !freerdp_settings_set_bool(settings, FreeRDP_MultiTouchInput, config->Multitouch))
227 return FALSE;
228
229 if (config->RemoteApp)
230 {
231 if (WTSVirtualChannelManagerIsChannelJoined(ps->vcm, RAIL_SVC_CHANNEL_NAME))
232 {
233 if (!freerdp_settings_set_bool(settings, FreeRDP_RemoteApplicationMode, TRUE))
234 return FALSE;
235 }
236 }
237
238 if (config->DeviceRedirection)
239 {
240 if (WTSVirtualChannelManagerIsChannelJoined(ps->vcm, RDPDR_SVC_CHANNEL_NAME))
241 {
242 if (!freerdp_settings_set_bool(settings, FreeRDP_DeviceRedirection, TRUE))
243 return FALSE;
244 }
245 }
246
247 /* Display control */
248 if (!freerdp_settings_set_bool(settings, FreeRDP_SupportDisplayControl, config->DisplayControl))
249 return FALSE;
250 if (!freerdp_settings_set_bool(settings, FreeRDP_DynamicResolutionUpdate,
251 config->DisplayControl))
252 return FALSE;
253
254 if (WTSVirtualChannelManagerIsChannelJoined(ps->vcm, ENCOMSP_SVC_CHANNEL_NAME))
255 {
256 if (!freerdp_settings_set_bool(settings, FreeRDP_EncomspVirtualChannel, TRUE))
257 return FALSE;
258 }
259
260 if (config->Clipboard)
261 {
262 if (WTSVirtualChannelManagerIsChannelJoined(ps->vcm, CLIPRDR_SVC_CHANNEL_NAME))
263 {
264 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectClipboard, config->Clipboard))
265 return FALSE;
266 }
267 }
268
269 if (!freerdp_settings_set_bool(settings, FreeRDP_AutoReconnectionEnabled, TRUE))
270 return FALSE;
271
272 if (PubSub_SubscribeErrorInfo(instance->context->pubSub, pf_client_on_error_info) < 0)
273 return FALSE;
274 if (PubSub_SubscribeActivated(instance->context->pubSub, pf_client_on_activated) < 0)
275 return FALSE;
276 if (!pf_client_use_peer_load_balance_info(pc))
277 return FALSE;
278
279 return pf_modules_run_hook(pc->pdata->module, HOOK_TYPE_CLIENT_PRE_CONNECT, pc->pdata, pc);
280}
281
283typedef struct
284{
285 pServerContext* ps;
286 const char* name;
287 UINT32 backId;
288} UpdateBackIdArgs;
289
290WINPR_ATTR_NODISCARD
291static BOOL updateBackIdFn(WINPR_ATTR_UNUSED const void* key, void* value, void* arg)
292{
293 pServerStaticChannelContext* current = (pServerStaticChannelContext*)value;
294 UpdateBackIdArgs* updateArgs = (UpdateBackIdArgs*)arg;
295
296 if (strcmp(updateArgs->name, current->channel_name) != 0)
297 return TRUE;
298
299 current->back_channel_id = updateArgs->backId;
300 if (!HashTable_Insert(updateArgs->ps->channelsByBackId, &current->back_channel_id, current))
301 {
302 WLog_ERR(TAG, "error inserting channel in channelsByBackId table");
303 }
304 return FALSE;
305}
306
307WINPR_ATTR_NODISCARD
308static BOOL pf_client_update_back_id(pServerContext* ps, const char* name, UINT32 backId)
309{
310 UpdateBackIdArgs res = { ps, name, backId };
311
312 return HashTable_Foreach(ps->channelsByFrontId, updateBackIdFn, &res) == FALSE;
313}
314
315WINPR_ATTR_NODISCARD
316static BOOL pf_client_load_channels(freerdp* instance)
317{
318 pClientContext* pc = nullptr;
319 pServerContext* ps = nullptr;
320 const proxyConfig* config = nullptr;
321 rdpSettings* settings = nullptr;
322
323 WINPR_ASSERT(instance);
324 pc = (pClientContext*)instance->context;
325 WINPR_ASSERT(pc);
326 WINPR_ASSERT(pc->pdata);
327 ps = pc->pdata->ps;
328 WINPR_ASSERT(ps);
329 WINPR_ASSERT(ps->pdata);
330 config = ps->pdata->config;
331 WINPR_ASSERT(config);
332 settings = instance->context->settings;
333 WINPR_ASSERT(settings);
338 PROXY_LOG_INFO(TAG, pc, "Loading addins");
339
340 if (!pf_client_load_rdpsnd(pc))
341 {
342 PROXY_LOG_ERR(TAG, pc, "Failed to load rdpsnd client");
343 return FALSE;
344 }
345
346 if (!pf_utils_is_passthrough(config))
347 {
348 if (!freerdp_client_load_addins(instance->context->channels, settings))
349 {
350 PROXY_LOG_ERR(TAG, pc, "Failed to load addins");
351 return FALSE;
352 }
353 }
354 else
355 {
356 if (!pf_channel_rdpdr_client_new(pc))
357 return FALSE;
358#if defined(WITH_PROXY_EMULATE_SMARTCARD)
359 if (!pf_channel_smartcard_client_new(pc))
360 return FALSE;
361#endif
362 /* Copy the current channel settings from the peer connection to the client. */
363 if (!freerdp_channels_from_mcs(settings, &ps->context))
364 return FALSE;
365
366 /* Filter out channels we do not want */
367 {
368 CHANNEL_DEF* channels = (CHANNEL_DEF*)freerdp_settings_get_pointer_array_writable(
369 settings, FreeRDP_ChannelDefArray, 0);
370 UINT32 size = freerdp_settings_get_uint32(settings, FreeRDP_ChannelCount);
371 UINT32 id = MCS_GLOBAL_CHANNEL_ID + 1;
372
373 WINPR_ASSERT(channels || (size == 0));
374
375 UINT32 x = 0;
376 for (; x < size;)
377 {
378 CHANNEL_DEF* cur = &channels[x];
379 proxyChannelDataEventInfo dev = WINPR_C_ARRAY_INIT;
380
381 dev.channel_name = cur->name;
382 dev.flags = cur->options;
383
384 /* Filter out channels blocked by config */
385 if (!pf_modules_run_filter(pc->pdata->module,
386 FILTER_TYPE_CLIENT_PASSTHROUGH_CHANNEL_CREATE, pc->pdata,
387 &dev))
388 {
389 const size_t s = size - MIN(size, x + 1);
390 memmove(cur, &cur[1], sizeof(CHANNEL_DEF) * s);
391 size--;
392 }
393 else
394 {
395 if (!pf_client_update_back_id(ps, cur->name, id++))
396 {
397 WLog_ERR(TAG, "unable to update backid for channel %s", cur->name);
398 return FALSE;
399 }
400 x++;
401 }
402 }
403
404 if (!freerdp_settings_set_uint32(settings, FreeRDP_ChannelCount, x))
405 return FALSE;
406 }
407 }
408 return pf_modules_run_hook(pc->pdata->module, HOOK_TYPE_CLIENT_LOAD_CHANNELS, pc->pdata, pc);
409}
410
411WINPR_ATTR_NODISCARD
412static BOOL pf_client_receive_channel_data_hook(freerdp* instance, UINT16 channelId,
413 const BYTE* xdata, size_t xsize, UINT32 flags,
414 size_t totalSize)
415{
416 pClientContext* pc = nullptr;
417 pServerContext* ps = nullptr;
418 proxyData* pdata = nullptr;
419 pServerStaticChannelContext* channel = nullptr;
420 UINT64 channelId64 = channelId;
421
422 WINPR_ASSERT(instance);
423 WINPR_ASSERT(xdata || (xsize == 0));
424
425 pc = (pClientContext*)instance->context;
426 WINPR_ASSERT(pc);
427 WINPR_ASSERT(pc->pdata);
428
429 ps = pc->pdata->ps;
430 WINPR_ASSERT(ps);
431
432 pdata = ps->pdata;
433 WINPR_ASSERT(pdata);
434
435 channel = HashTable_GetItemValue(ps->channelsByBackId, &channelId64);
436 if (!channel)
437 return TRUE;
438
439 WINPR_ASSERT(channel->onBackData);
440 switch (channel->onBackData(pdata, channel, xdata, xsize, flags, totalSize))
441 {
442 case PF_CHANNEL_RESULT_PASS:
443 /* Ignore messages for channels that can not be mapped.
444 * The client might not have enabled support for this specific channel,
445 * so just drop the message. */
446 if (channel->front_channel_id == 0)
447 return TRUE;
448
449 return ps->context.peer->SendChannelPacket(
450 ps->context.peer, WINPR_ASSERTING_INT_CAST(UINT16, channel->front_channel_id),
451 totalSize, flags, xdata, xsize);
452 case PF_CHANNEL_RESULT_DROP:
453 return TRUE;
454 case PF_CHANNEL_RESULT_ERROR:
455 default:
456 return FALSE;
457 }
458}
459
460WINPR_ATTR_NODISCARD
461static BOOL pf_client_on_server_heartbeat(freerdp* instance, BYTE period, BYTE count1, BYTE count2)
462{
463 pClientContext* pc = nullptr;
464 pServerContext* ps = nullptr;
465
466 WINPR_ASSERT(instance);
467 pc = (pClientContext*)instance->context;
468 WINPR_ASSERT(pc);
469 WINPR_ASSERT(pc->pdata);
470 ps = pc->pdata->ps;
471 WINPR_ASSERT(ps);
472
473 return freerdp_heartbeat_send_heartbeat_pdu(ps->context.peer, period, count1, count2);
474}
475
476WINPR_ATTR_NODISCARD
477static BOOL pf_client_send_channel_data(pClientContext* pc, const proxyChannelDataEventInfo* ev)
478{
479 WINPR_ASSERT(pc);
480 WINPR_ASSERT(ev);
481
482 return Queue_Enqueue(pc->cached_server_channel_data, ev);
483}
484
485WINPR_ATTR_NODISCARD
486static BOOL sendQueuedChannelData(pClientContext* pc)
487{
488 BOOL rc = TRUE;
489
490 WINPR_ASSERT(pc);
491
492 if (pc->connected)
493 {
494 proxyChannelDataEventInfo* ev = nullptr;
495
496 Queue_Lock(pc->cached_server_channel_data);
497 while (rc && (ev = Queue_Dequeue(pc->cached_server_channel_data)))
498 {
499 UINT16 channelId = 0;
500 WINPR_ASSERT(pc->context.instance);
501
502 channelId = freerdp_channels_get_id_by_name(pc->context.instance, ev->channel_name);
503 /* Ignore unmappable channels */
504 if ((channelId == 0) || (channelId == UINT16_MAX))
505 rc = TRUE;
506 else
507 {
508 WINPR_ASSERT(pc->context.instance->SendChannelPacket);
509 rc = pc->context.instance->SendChannelPacket(pc->context.instance, channelId,
510 ev->total_size, ev->flags, ev->data,
511 ev->data_len);
512 }
513 channel_data_free(ev);
514 }
515
516 Queue_Unlock(pc->cached_server_channel_data);
517 }
518
519 return rc;
520}
521
531WINPR_ATTR_NODISCARD
532static BOOL pf_client_post_connect(freerdp* instance)
533{
534 WINPR_ASSERT(instance);
535 rdpContext* context = instance->context;
536 WINPR_ASSERT(context);
537 rdpUpdate* update = context->update;
538 WINPR_ASSERT(update);
539 pClientContext* pc = (pClientContext*)context;
540 WINPR_ASSERT(pc);
541 WINPR_ASSERT(pc->pdata);
542 rdpContext* ps = (rdpContext*)pc->pdata->ps;
543 WINPR_ASSERT(ps);
544
545 if (!pf_modules_run_hook(pc->pdata->module, HOOK_TYPE_CLIENT_POST_CONNECT, pc->pdata, pc))
546 return FALSE;
547
548 if (!gdi_init(instance, PIXEL_FORMAT_BGRA32))
549 return FALSE;
550
551 WINPR_ASSERT(freerdp_settings_get_bool(context->settings, FreeRDP_SoftwareGdi));
552
553 pf_client_register_update_callbacks(update);
554
555 /* virtual channels receive data hook */
556 pc->client_receive_channel_data_original = instance->ReceiveChannelData;
557 instance->ReceiveChannelData = pf_client_receive_channel_data_hook;
558
559 instance->heartbeat->ServerHeartbeat = pf_client_on_server_heartbeat;
560
561 pc->connected = TRUE;
562
563 /* Send cached channel data */
564 if (!sendQueuedChannelData(pc))
565 return FALSE;
566
567 /*
568 * after the connection fully established and settings were negotiated with target server,
569 * send a reactivation sequence to the client with the negotiated settings. This way,
570 * settings are synchorinized between proxy's peer and and remote target.
571 */
572 return proxy_server_reactivate(ps, context);
573}
574
575/* This function is called whether a session ends by failure or success.
576 * Clean up everything allocated by pre_connect and post_connect.
577 */
578static void pf_client_post_disconnect(freerdp* instance)
579{
580 pClientContext* pc = nullptr;
581 proxyData* pdata = nullptr;
582
583 if (!instance)
584 return;
585
586 if (!instance->context)
587 return;
588
589 pc = (pClientContext*)instance->context;
590 WINPR_ASSERT(pc);
591 pdata = pc->pdata;
592 WINPR_ASSERT(pdata);
593
594#if defined(WITH_PROXY_EMULATE_SMARTCARD)
595 pf_channel_smartcard_client_free(pc);
596#endif
597
598 pf_channel_rdpdr_client_free(pc);
599
600 pc->connected = FALSE;
601 (void)pf_modules_run_hook(pc->pdata->module, HOOK_TYPE_CLIENT_POST_DISCONNECT, pc->pdata, pc);
602
603 PubSub_UnsubscribeErrorInfo(instance->context->pubSub, pf_client_on_error_info);
604 gdi_free(instance);
605
606 /* Only close the connection if NLA fallback process is done */
607 if (!pc->allow_next_conn_failure)
608 proxy_data_abort_connect(pdata);
609}
610
611WINPR_ATTR_NODISCARD
612static BOOL pf_client_redirect(freerdp* instance)
613{
614 if (!instance)
615 return FALSE;
616
617 if (!instance->context)
618 return FALSE;
619
620 pClientContext* pc = (pClientContext*)instance->context;
621 WINPR_ASSERT(pc);
622
623#if defined(WITH_PROXY_EMULATE_SMARTCARD)
624 pf_channel_smartcard_client_reset(pc);
625#endif
626 pf_channel_rdpdr_client_reset(pc);
627
628 return pf_modules_run_hook(pc->pdata->module, HOOK_TYPE_CLIENT_REDIRECT, pc->pdata, pc);
629}
630
631/*
632 * pf_client_should_retry_without_nla:
633 *
634 * returns TRUE if in case of connection failure, the client should try again without NLA.
635 * Otherwise, returns FALSE.
636 */
637WINPR_ATTR_NODISCARD
638static BOOL pf_client_should_retry_without_nla(pClientContext* pc)
639{
640 rdpSettings* settings = nullptr;
641 const proxyConfig* config = nullptr;
642
643 WINPR_ASSERT(pc);
644 WINPR_ASSERT(pc->pdata);
645 settings = pc->context.settings;
646 WINPR_ASSERT(settings);
647 config = pc->pdata->config;
648 WINPR_ASSERT(config);
649
650 if (!config->ClientAllowFallbackToTls ||
651 !freerdp_settings_get_bool(settings, FreeRDP_NlaSecurity))
652 return FALSE;
653
654 return config->ClientTlsSecurity || config->ClientRdpSecurity;
655}
656
657WINPR_ATTR_NODISCARD
658static BOOL pf_client_set_security_settings(pClientContext* pc)
659{
660 WINPR_ASSERT(pc);
661 WINPR_ASSERT(pc->pdata);
662 rdpSettings* settings = pc->context.settings;
663 WINPR_ASSERT(settings);
664 const proxyConfig* config = pc->pdata->config;
665 WINPR_ASSERT(config);
666
667 if (!freerdp_settings_set_bool(settings, FreeRDP_RdpSecurity, config->ClientRdpSecurity))
668 return FALSE;
669 if (!freerdp_settings_set_bool(settings, FreeRDP_TlsSecurity, config->ClientTlsSecurity))
670 return FALSE;
671 if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, config->ClientNlaSecurity))
672 return FALSE;
673
674 if (pf_client_use_proxy_smartcard_auth(settings))
675 {
676 /* Smartcard authentication requires smartcard redirection to be enabled */
677 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectSmartCards, TRUE))
678 return FALSE;
679
680 /* Reset username/domain, we will get that info later from the sc cert */
681 if (!freerdp_settings_set_string(settings, FreeRDP_Username, nullptr))
682 return FALSE;
683 if (!freerdp_settings_set_string(settings, FreeRDP_Domain, nullptr))
684 return FALSE;
685 }
686
687 return TRUE;
688}
689
690WINPR_ATTR_NODISCARD
691static BOOL pf_client_connect_without_nla(pClientContext* pc)
692{
693 freerdp* instance = nullptr;
694 rdpSettings* settings = nullptr;
695
696 WINPR_ASSERT(pc);
697 instance = pc->context.instance;
698 WINPR_ASSERT(instance);
699
700 if (!freerdp_context_reset(instance))
701 return FALSE;
702
703 settings = pc->context.settings;
704 WINPR_ASSERT(settings);
705
706 /* If already disabled abort early. */
707 if (!freerdp_settings_get_bool(settings, FreeRDP_NlaSecurity))
708 return FALSE;
709
710 /* disable NLA */
711 if (!freerdp_settings_set_bool(settings, FreeRDP_NlaSecurity, FALSE))
712 return FALSE;
713
714 /* do not allow next connection failure */
715 pc->allow_next_conn_failure = FALSE;
716 return freerdp_connect(instance);
717}
718
719WINPR_ATTR_NODISCARD
720static BOOL pf_client_connect(freerdp* instance)
721{
722 pClientContext* pc = nullptr;
723 rdpSettings* settings = nullptr;
724 BOOL rc = FALSE;
725 BOOL retry = FALSE;
726
727 WINPR_ASSERT(instance);
728 pc = (pClientContext*)instance->context;
729 WINPR_ASSERT(pc);
730 settings = instance->context->settings;
731 WINPR_ASSERT(settings);
732
733 if (!pf_client_set_security_settings(pc))
734 return FALSE;
735
736 if (pf_client_should_retry_without_nla(pc))
737 retry = pc->allow_next_conn_failure = TRUE;
738
739 PROXY_LOG_INFO(TAG, pc, "connecting using client info: Username: %s, Domain: %s",
740 freerdp_settings_get_string(settings, FreeRDP_Username),
741 freerdp_settings_get_string(settings, FreeRDP_Domain));
742 PROXY_LOG_INFO(TAG, pc, "connecting using security settings: rdp=%d, tls=%d, nla=%d",
743 freerdp_settings_get_bool(settings, FreeRDP_RdpSecurity),
744 freerdp_settings_get_bool(settings, FreeRDP_TlsSecurity),
745 freerdp_settings_get_bool(settings, FreeRDP_NlaSecurity));
746
747 if (!freerdp_connect(instance))
748 {
749 if (!pf_modules_run_hook(pc->pdata->module, HOOK_TYPE_CLIENT_LOGIN_FAILURE, pc->pdata, pc))
750 goto out;
751
752 if (!retry)
753 goto out;
754
755 PROXY_LOG_ERR(TAG, pc, "failed to connect with NLA. retrying to connect without NLA");
756 if (!pf_client_connect_without_nla(pc))
757 {
758 PROXY_LOG_ERR(TAG, pc, "pf_client_connect_without_nla failed!");
759 goto out;
760 }
761 }
762
763 rc = TRUE;
764out:
765 pc->allow_next_conn_failure = FALSE;
766 return rc;
767}
768
774WINPR_ATTR_NODISCARD
775static DWORD WINAPI pf_client_thread_proc(pClientContext* pc)
776{
777 freerdp* instance = nullptr;
778 proxyData* pdata = nullptr;
779 DWORD nCount = 0;
780 DWORD status = 0;
781 HANDLE handles[MAXIMUM_WAIT_OBJECTS] = WINPR_C_ARRAY_INIT;
782
783 WINPR_ASSERT(pc);
784
785 instance = pc->context.instance;
786 WINPR_ASSERT(instance);
787
788 pdata = pc->pdata;
789 WINPR_ASSERT(pdata);
790 /*
791 * during redirection, freerdp's abort event might be overridden (reset) by the library, after
792 * the server set it in order to shutdown the connection. it means that the server might signal
793 * the client to abort, but the library code will override the signal and the client will
794 * continue its work instead of exiting. That's why the client must wait on `pdata->abort_event`
795 * too, which will never be modified by the library.
796 */
797 handles[nCount++] = pdata->abort_event;
798
799 if (!pf_modules_run_hook(pdata->module, HOOK_TYPE_CLIENT_INIT_CONNECT, pdata, pc))
800 {
801 proxy_data_abort_connect(pdata);
802 goto end;
803 }
804
805 if (!pf_client_connect(instance))
806 {
807 proxy_data_abort_connect(pdata);
808 goto end;
809 }
810 handles[nCount++] = Queue_Event(pc->cached_server_channel_data);
811
812 while (!freerdp_shall_disconnect_context(instance->context))
813 {
814 UINT32 tmp = freerdp_get_event_handles(instance->context, &handles[nCount],
815 ARRAYSIZE(handles) - nCount);
816
817 if (tmp == 0)
818 {
819 PROXY_LOG_ERR(TAG, pc, "freerdp_get_event_handles failed!");
820 break;
821 }
822
823 status = WaitForMultipleObjects(nCount + tmp, handles, FALSE, INFINITE);
824
825 if (status == WAIT_FAILED)
826 {
827 WLog_ERR(TAG, "WaitForMultipleObjects failed with %" PRIu32 "", status);
828 break;
829 }
830
831 /* abort_event triggered */
832 if (status == WAIT_OBJECT_0)
833 break;
834
835 if (freerdp_shall_disconnect_context(instance->context))
836 break;
837
838 if (proxy_data_shall_disconnect(pdata))
839 break;
840
841 if (!freerdp_check_event_handles(instance->context))
842 {
843 if (freerdp_get_last_error(instance->context) == FREERDP_ERROR_SUCCESS)
844 WLog_ERR(TAG, "Failed to check FreeRDP event handles");
845
846 break;
847 }
848 if (!sendQueuedChannelData(pc))
849 break;
850 }
851
852 freerdp_disconnect(instance);
853
854end:
855 (void)pf_modules_run_hook(pdata->module, HOOK_TYPE_CLIENT_UNINIT_CONNECT, pdata, pc);
856
857 return 0;
858}
859
860WINPR_ATTR_NODISCARD
861static int pf_logon_error_info(freerdp* instance, UINT32 data, UINT32 type)
862{
863 const char* str_data = freerdp_get_logon_error_info_data(data);
864 const char* str_type = freerdp_get_logon_error_info_type(type);
865
866 if (!instance || !instance->context)
867 return -1;
868
869 WLog_INFO(TAG, "Logon Error Info %s [%s]", str_data, str_type);
870 return 1;
871}
872
873static void pf_client_context_free(freerdp* instance, rdpContext* context)
874{
875 pClientContext* pc = (pClientContext*)context;
876 WINPR_UNUSED(instance);
877
878 if (!pc)
879 return;
880
881 pc->sendChannelData = nullptr;
882 Queue_Free(pc->cached_server_channel_data);
883 Stream_Free(pc->remote_pem, TRUE);
884 free(pc->remote_hostname);
885 free(pc->computerName.v);
886 HashTable_Free(pc->interceptContextMap);
887}
888
889WINPR_ATTR_NODISCARD
890static int pf_client_verify_X509_certificate(freerdp* instance, const BYTE* data, size_t length,
891 const char* hostname, UINT16 port, DWORD flags)
892{
893 pClientContext* pc = nullptr;
894
895 WINPR_ASSERT(instance);
896 WINPR_ASSERT(data);
897 WINPR_ASSERT(length > 0);
898 WINPR_ASSERT(hostname);
899
900 pc = (pClientContext*)instance->context;
901 WINPR_ASSERT(pc);
902
903 if (!Stream_EnsureCapacity(pc->remote_pem, length))
904 return 0;
905 Stream_ResetPosition(pc->remote_pem);
906
907 free(pc->remote_hostname);
908 pc->remote_hostname = nullptr;
909
910 if (length > 0)
911 Stream_Write(pc->remote_pem, data, length);
912
913 if (hostname)
914 pc->remote_hostname = _strdup(hostname);
915 pc->remote_port = port;
916 pc->remote_flags = flags;
917
918 Stream_SealLength(pc->remote_pem);
919 if (!pf_modules_run_hook(pc->pdata->module, HOOK_TYPE_CLIENT_VERIFY_X509, pc->pdata, pc))
920 return 0;
921 return 1;
922}
923
924WINPR_ATTR_NODISCARD
925static BOOL pf_client_choose_smartcard(WINPR_ATTR_UNUSED freerdp* instance,
926 WINPR_ATTR_UNUSED SmartcardCertInfo** cert_list,
927 WINPR_ATTR_UNUSED DWORD count, DWORD* choice,
928 WINPR_ATTR_UNUSED BOOL gateway)
929{
930 if (count < 1)
931 return FALSE;
932 *choice = 0;
933 return TRUE;
934}
935
936WINPR_ATTR_NODISCARD
937static BOOL pf_client_authenticate_ex(WINPR_ATTR_UNUSED freerdp* instance,
938 WINPR_ATTR_UNUSED char** username,
939 WINPR_ATTR_UNUSED char** password,
940 WINPR_ATTR_UNUSED char** domain, rdp_auth_reason reason)
941{
942 WINPR_ASSERT(instance);
943 WINPR_ASSERT(username);
944 WINPR_ASSERT(password);
945 WINPR_ASSERT(domain);
946
947 /* Here just return success, if the remote does require some non empty credentials
948 * then it will fail, otherwise a login prompt will be shown. */
949 switch (reason)
950 {
951 case AUTH_RDSTLS:
952 case AUTH_NLA:
953 case AUTH_TLS:
954 case AUTH_RDP:
955 case AUTH_SMARTCARD_PIN: /* in this case password is pin code */
956 case GW_AUTH_HTTP:
957 case GW_AUTH_RDG:
958 case GW_AUTH_RPC:
959 return TRUE;
960 default:
961 return FALSE;
962 }
963}
964
965WINPR_ATTR_NODISCARD
966static BOOL pf_client_present_gateway_message(WINPR_ATTR_UNUSED freerdp* instance,
967 WINPR_ATTR_UNUSED UINT32 type,
968 WINPR_ATTR_UNUSED BOOL isDisplayMandatory,
969 WINPR_ATTR_UNUSED BOOL isConsentMandatory,
970 WINPR_ATTR_UNUSED size_t length,
971 WINPR_ATTR_UNUSED const WCHAR* message)
972{
973 WLog_WARN(TAG, "TODO: Implement gateway message forwarding");
974 return TRUE;
975}
976
977void channel_data_free(void* obj)
978{
979 union
980 {
981 const void* cpv;
982 void* pv;
983 } cnv;
984 proxyChannelDataEventInfo* dst = obj;
985 if (dst)
986 {
987 cnv.cpv = dst->data;
988 free(cnv.pv);
989
990 cnv.cpv = dst->channel_name;
991 free(cnv.pv);
992 free(dst);
993 }
994}
995
996WINPR_ATTR_MALLOC(channel_data_free, 1)
997WINPR_ATTR_NODISCARD
998static void* channel_data_copy(const void* obj)
999{
1000 union
1001 {
1002 const void* cpv;
1003 void* pv;
1004 } cnv;
1005 const proxyChannelDataEventInfo* src = obj;
1006 proxyChannelDataEventInfo* dst = nullptr;
1007
1008 WINPR_ASSERT(src);
1009
1010 dst = calloc(1, sizeof(proxyChannelDataEventInfo));
1011 if (!dst)
1012 goto fail;
1013
1014 *dst = *src;
1015 if (src->channel_name)
1016 {
1017 dst->channel_name = _strdup(src->channel_name);
1018 if (!dst->channel_name)
1019 goto fail;
1020 }
1021 dst->data = malloc(src->data_len);
1022 if (!dst->data)
1023 goto fail;
1024
1025 cnv.cpv = dst->data;
1026 memcpy(cnv.pv, src->data, src->data_len);
1027 return dst;
1028
1029fail:
1030 channel_data_free(dst);
1031 return nullptr;
1032}
1033
1034WINPR_ATTR_NODISCARD
1035static BOOL pf_client_client_new(freerdp* instance, rdpContext* context)
1036{
1037 wObject* obj = nullptr;
1038 pClientContext* pc = (pClientContext*)context;
1039
1040 if (!instance || !context)
1041 return FALSE;
1042
1043 instance->LoadChannels = pf_client_load_channels;
1044 instance->PreConnect = pf_client_pre_connect;
1045 instance->PostConnect = pf_client_post_connect;
1046 instance->PostDisconnect = pf_client_post_disconnect;
1047 instance->Redirect = pf_client_redirect;
1048 instance->LogonErrorInfo = pf_logon_error_info;
1049 instance->GetAccessToken = nullptr;
1050 instance->RetryDialog = nullptr;
1051 instance->VerifyCertificateEx = nullptr;
1052 instance->VerifyChangedCertificateEx = nullptr;
1053 instance->VerifyX509Certificate = pf_client_verify_X509_certificate;
1054 instance->AuthenticateEx = pf_client_authenticate_ex;
1055 instance->ChooseSmartcard = pf_client_choose_smartcard;
1056 instance->PresentGatewayMessage = pf_client_present_gateway_message;
1057
1058 pc->remote_pem = Stream_New(nullptr, 4096);
1059 if (!pc->remote_pem)
1060 return FALSE;
1061
1062 pc->sendChannelData = pf_client_send_channel_data;
1063 pc->cached_server_channel_data = Queue_New(TRUE, -1, -1);
1064 if (!pc->cached_server_channel_data)
1065 return FALSE;
1066 obj = Queue_Object(pc->cached_server_channel_data);
1067 WINPR_ASSERT(obj);
1068 obj->fnObjectNew = channel_data_copy;
1069 obj->fnObjectFree = channel_data_free;
1070
1071 pc->interceptContextMap = HashTable_New(FALSE);
1072 if (!pc->interceptContextMap)
1073 return FALSE;
1074
1075 if (!HashTable_SetupForStringData(pc->interceptContextMap, FALSE))
1076 return FALSE;
1077
1078 obj = HashTable_ValueObject(pc->interceptContextMap);
1079 WINPR_ASSERT(obj);
1080 obj->fnObjectFree = intercept_context_entry_free;
1081
1082 return TRUE;
1083}
1084
1085WINPR_ATTR_NODISCARD
1086static int pf_client_client_stop(rdpContext* context)
1087{
1088 pClientContext* pc = (pClientContext*)context;
1089 proxyData* pdata = nullptr;
1090
1091 WINPR_ASSERT(pc);
1092 pdata = pc->pdata;
1093 WINPR_ASSERT(pdata);
1094
1095 PROXY_LOG_DBG(TAG, pc, "aborting client connection");
1096 proxy_data_abort_connect(pdata);
1097 freerdp_abort_connect_context(context);
1098
1099 return 0;
1100}
1101
1102int RdpClientEntry(RDP_CLIENT_ENTRY_POINTS* pEntryPoints)
1103{
1104 WINPR_ASSERT(pEntryPoints);
1105
1106 ZeroMemory(pEntryPoints, sizeof(RDP_CLIENT_ENTRY_POINTS));
1107 pEntryPoints->Version = RDP_CLIENT_INTERFACE_VERSION;
1108 pEntryPoints->Size = sizeof(RDP_CLIENT_ENTRY_POINTS_V1);
1109 pEntryPoints->ContextSize = sizeof(pClientContext);
1110 /* Client init and finish */
1111 pEntryPoints->ClientNew = pf_client_client_new;
1112 pEntryPoints->ClientFree = pf_client_context_free;
1113 pEntryPoints->ClientStop = pf_client_client_stop;
1114 return 0;
1115}
1116
1120DWORD WINAPI pf_client_start(LPVOID arg)
1121{
1122 DWORD rc = 1;
1123 pClientContext* pc = (pClientContext*)arg;
1124
1125 WINPR_ASSERT(pc);
1126 if (freerdp_client_start(&pc->context) == 0)
1127 rc = pf_client_thread_proc(pc);
1128 freerdp_client_stop(&pc->context);
1129 return rc;
1130}
freerdp_settings_get_string
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.
freerdp_settings_set_bool
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_bool(rdpSettings *settings, FreeRDP_Settings_Keys_Bool id, BOOL val)
Sets a BOOL settings value.
freerdp_settings_get_pointer_writable
WINPR_ATTR_NODISCARD FREERDP_API void * freerdp_settings_get_pointer_writable(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a mutable pointer settings value.
Definition settings_getters.c:4113
freerdp_settings_set_uint32
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_uint32(rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id, UINT32 val)
Sets a UINT32 settings value.
freerdp_settings_set_pointer_len
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_pointer_len(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id, const void *data, size_t len)
Set a pointer to value data.
Definition common/settings.c:1487
freerdp_settings_get_uint32
WINPR_ATTR_NODISCARD FREERDP_API UINT32 freerdp_settings_get_uint32(const rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id)
Returns a UINT32 settings value.
freerdp_settings_set_string
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_set_string(rdpSettings *settings, FreeRDP_Settings_Keys_String id, const char *val)
Sets a string settings value. The param is copied.
Definition settings_getters.c:3754
freerdp_settings_get_bool
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
CHANNEL_DEF
Definition wtsapi.h:78
wObject
This struct contains function pointer to initialize/free objects.
Definition collections.h:52
wObject::fnObjectFree
OBJECT_FREE_FN fnObjectFree
Definition collections.h:59
wObject::fnObjectNew
WINPR_ATTR_NODISCARD OBJECT_NEW_FN fnObjectNew
Definition collections.h:54