FreeRDP
Loading...
Searching...
No Matches
tsg.c
1
23#include <freerdp/config.h>
24
25#include "../settings.h"
26
27#include <winpr/assert.h>
28#include <winpr/crt.h>
29#include <winpr/error.h>
30#include <winpr/print.h>
31#include <winpr/stream.h>
32
33#include <freerdp/log.h>
34
35#include "rpc_bind.h"
36#include "rpc_client.h"
37#include "tsg.h"
38#include "../utils.h"
39#include "../../crypto/opensslcompat.h"
40
41#define TAG FREERDP_TAG("core.gateway.tsg")
42
43#define TSG_CAPABILITY_TYPE_NAP 0x00000001
44
45#define TSG_PACKET_TYPE_HEADER 0x00004844
46#define TSG_PACKET_TYPE_VERSIONCAPS 0x00005643
47#define TSG_PACKET_TYPE_QUARCONFIGREQUEST 0x00005143
48#define TSG_PACKET_TYPE_QUARREQUEST 0x00005152
49#define TSG_PACKET_TYPE_RESPONSE 0x00005052
50#define TSG_PACKET_TYPE_QUARENC_RESPONSE 0x00004552
51#define TSG_PACKET_TYPE_CAPS_RESPONSE 0x00004350
52#define TSG_PACKET_TYPE_MSGREQUEST_PACKET 0x00004752
53#define TSG_PACKET_TYPE_MESSAGE_PACKET 0x00004750
54#define TSG_PACKET_TYPE_AUTH 0x00004054
55#define TSG_PACKET_TYPE_REAUTH 0x00005250
56
57typedef WCHAR* RESOURCENAME;
58
59typedef struct
60{
61 RESOURCENAME* resourceName;
62 UINT32 numResourceNames;
63 RESOURCENAME* alternateResourceNames;
64 UINT16 numAlternateResourceNames;
65 UINT32 Port;
66} TSENDPOINTINFO;
67
68typedef struct
69{
70 UINT16 ComponentId;
71 UINT16 PacketId;
72} TSG_PACKET_HEADER;
73
74typedef struct
75{
76 UINT32 capabilities;
77} TSG_CAPABILITY_NAP;
78
79typedef union
80{
81 TSG_CAPABILITY_NAP tsgCapNap;
82} TSG_CAPABILITIES_UNION;
83
84typedef struct
85{
86 UINT32 capabilityType;
87 TSG_CAPABILITIES_UNION tsgPacket;
88} TSG_PACKET_CAPABILITIES;
89
90typedef struct
91{
92 TSG_PACKET_HEADER tsgHeader;
93 TSG_PACKET_CAPABILITIES tsgCaps;
94 UINT32 numCapabilities;
95 UINT16 majorVersion;
96 UINT16 minorVersion;
97 UINT16 quarantineCapabilities;
98} TSG_PACKET_VERSIONCAPS;
99
100typedef struct
101{
102 UINT32 flags;
103} TSG_PACKET_QUARCONFIGREQUEST;
104
105typedef struct
106{
107 UINT32 flags;
108 WCHAR* machineName;
109 UINT32 nameLength;
110 BYTE* data;
111 UINT32 dataLen;
112} TSG_PACKET_QUARREQUEST;
113
114typedef struct
115{
116 BOOL enableAllRedirections;
117 BOOL disableAllRedirections;
118 BOOL driveRedirectionDisabled;
119 BOOL printerRedirectionDisabled;
120 BOOL portRedirectionDisabled;
121 BOOL reserved;
122 BOOL clipboardRedirectionDisabled;
123 BOOL pnpRedirectionDisabled;
124} TSG_REDIRECTION_FLAGS;
125
126typedef struct
127{
128 UINT32 flags;
129 UINT32 reserved;
130 BYTE* responseData;
131 UINT32 responseDataLen;
132 TSG_REDIRECTION_FLAGS redirectionFlags;
133} TSG_PACKET_RESPONSE;
134
135typedef struct
136{
137 UINT32 flags;
138 UINT32 certChainLen;
139 WCHAR* certChainData;
140 GUID nonce;
141 TSG_PACKET_VERSIONCAPS versionCaps;
142} TSG_PACKET_QUARENC_RESPONSE;
143
144typedef struct
145{
146 INT32 isDisplayMandatory;
147 INT32 isConsentMandatory;
148 UINT32 msgBytes;
149 WCHAR* msgBuffer;
150} TSG_PACKET_STRING_MESSAGE;
151
152typedef struct
153{
154 UINT64 tunnelContext;
155} TSG_PACKET_REAUTH_MESSAGE;
156
157typedef struct
158{
159 UINT32 msgID;
160 UINT32 msgType;
161 INT32 isMsgPresent;
162} TSG_PACKET_MSG_RESPONSE;
163
164typedef struct
165{
166 TSG_PACKET_QUARENC_RESPONSE pktQuarEncResponse;
167 TSG_PACKET_MSG_RESPONSE pktConsentMessage;
168} TSG_PACKET_CAPS_RESPONSE;
169
170typedef struct
171{
172 UINT32 maxMessagesPerBatch;
173} TSG_PACKET_MSG_REQUEST;
174
175typedef struct
176{
177 TSG_PACKET_VERSIONCAPS tsgVersionCaps;
178 UINT32 cookieLen;
179 BYTE* cookie;
180} TSG_PACKET_AUTH;
181
182typedef union
183{
184 TSG_PACKET_VERSIONCAPS packetVersionCaps;
185 TSG_PACKET_AUTH packetAuth;
186} TSG_INITIAL_PACKET_TYPE_UNION;
187
188typedef struct
189{
190 UINT64 tunnelContext;
191 UINT32 packetId;
192 TSG_INITIAL_PACKET_TYPE_UNION tsgInitialPacket;
193} TSG_PACKET_REAUTH;
194
195typedef union
196{
197 TSG_PACKET_HEADER packetHeader;
198 TSG_PACKET_VERSIONCAPS packetVersionCaps;
199 TSG_PACKET_QUARCONFIGREQUEST packetQuarConfigRequest;
200 TSG_PACKET_QUARREQUEST packetQuarRequest;
201 TSG_PACKET_RESPONSE packetResponse;
202 TSG_PACKET_QUARENC_RESPONSE packetQuarEncResponse;
203 TSG_PACKET_CAPS_RESPONSE packetCapsResponse;
204 TSG_PACKET_MSG_REQUEST packetMsgRequest;
205 TSG_PACKET_MSG_RESPONSE packetMsgResponse;
206 TSG_PACKET_AUTH packetAuth;
207 TSG_PACKET_REAUTH packetReauth;
208} TSG_PACKET_TYPE_UNION;
209
210typedef struct
211{
212 UINT32 packetId;
213 TSG_PACKET_TYPE_UNION tsgPacket;
214} TSG_PACKET;
215
216struct rdp_tsg
217{
218 BIO* bio;
219 rdpRpc* rpc;
220 UINT16 Port;
221 LPWSTR Hostname;
222 LPWSTR MachineName;
223 TSG_STATE state;
224 UINT32 TunnelId;
225 UINT32 ChannelId;
226 BOOL reauthSequence;
227 rdpTransport* transport;
228 UINT64 ReauthTunnelContext;
229 CONTEXT_HANDLE TunnelContext;
230 CONTEXT_HANDLE ChannelContext;
231 CONTEXT_HANDLE NewTunnelContext;
232 CONTEXT_HANDLE NewChannelContext;
233 wLog* log;
234};
235
236static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
237 TSG_PACKET_STRING_MESSAGE* msg);
238static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align);
239
240static const char* tsg_packet_id_to_string(UINT32 packetId)
241{
242 switch (packetId)
243 {
244 case TSG_PACKET_TYPE_HEADER:
245 return "TSG_PACKET_TYPE_HEADER";
246 case TSG_PACKET_TYPE_VERSIONCAPS:
247 return "TSG_PACKET_TYPE_VERSIONCAPS";
248 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
249 return "TSG_PACKET_TYPE_QUARCONFIGREQUEST";
250 case TSG_PACKET_TYPE_QUARREQUEST:
251 return "TSG_PACKET_TYPE_QUARREQUEST";
252 case TSG_PACKET_TYPE_RESPONSE:
253 return "TSG_PACKET_TYPE_RESPONSE";
254 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
255 return "TSG_PACKET_TYPE_QUARENC_RESPONSE";
256 case TSG_CAPABILITY_TYPE_NAP:
257 return "TSG_CAPABILITY_TYPE_NAP";
258 case TSG_PACKET_TYPE_CAPS_RESPONSE:
259 return "TSG_PACKET_TYPE_CAPS_RESPONSE";
260 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
261 return "TSG_PACKET_TYPE_MSGREQUEST_PACKET";
262 case TSG_PACKET_TYPE_MESSAGE_PACKET:
263 return "TSG_PACKET_TYPE_MESSAGE_PACKET";
264 case TSG_PACKET_TYPE_AUTH:
265 return "TSG_PACKET_TYPE_AUTH";
266 case TSG_PACKET_TYPE_REAUTH:
267 return "TSG_PACKET_TYPE_REAUTH";
268 default:
269 return "UNKNOWN";
270 }
271}
272
273static const char* tsg_component_id_to_string(UINT16 ComponentId, char* buffer, size_t bytelen)
274{
275 const char* str = NULL;
276
277#define ENTRY(x) \
278 case x: \
279 str = #x; \
280 break
281 switch (ComponentId)
282 {
283 ENTRY(TS_GATEWAY_TRANSPORT);
284 default:
285 str = "TS_UNKNOWN";
286 break;
287 }
288#undef ENTRY
289
290 (void)_snprintf(buffer, bytelen, "%s [0x%04" PRIx16 "]", str, ComponentId);
291 return buffer;
292}
293
294static const char* tsg_state_to_string(TSG_STATE state)
295{
296 switch (state)
297 {
298 case TSG_STATE_INITIAL:
299 return "TSG_STATE_INITIAL";
300 case TSG_STATE_CONNECTED:
301 return "TSG_STATE_CONNECTED";
302 case TSG_STATE_AUTHORIZED:
303 return "TSG_STATE_AUTHORIZED";
304 case TSG_STATE_CHANNEL_CREATED:
305 return "TSG_STATE_CHANNEL_CREATED";
306 case TSG_STATE_PIPE_CREATED:
307 return "TSG_STATE_PIPE_CREATED";
308 case TSG_STATE_TUNNEL_CLOSE_PENDING:
309 return "TSG_STATE_TUNNEL_CLOSE_PENDING";
310 case TSG_STATE_CHANNEL_CLOSE_PENDING:
311 return "TSG_STATE_CHANNEL_CLOSE_PENDING";
312 case TSG_STATE_FINAL:
313 return "TSG_STATE_FINAL";
314 default:
315 return "TSG_STATE_UNKNOWN";
316 }
317}
318
319static BOOL TsProxyReadTunnelContext(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext)
320{
321 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 20))
322 return FALSE;
323
324 WINPR_ASSERT(tunnelContext);
325 Stream_Read_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
326 Stream_Read(s, &tunnelContext->ContextUuid,
327 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
328 return TRUE;
329}
330
331static BOOL TsProxyWriteTunnelContext(WINPR_ATTR_UNUSED wLog* log, wStream* s,
332 const CONTEXT_HANDLE* tunnelContext)
333{
334 if (!Stream_EnsureRemainingCapacity(s, 20))
335 return FALSE;
336
337 Stream_Write_UINT32(s, tunnelContext->ContextType); /* ContextType (4 bytes) */
338 Stream_Write(s, &tunnelContext->ContextUuid,
339 sizeof(tunnelContext->ContextUuid)); /* ContextUuid (16 bytes) */
340 return TRUE;
341}
342
343static BOOL tsg_ndr_pointer_write(WINPR_ATTR_UNUSED wLog* log, wStream* s, UINT32* index,
344 DWORD length)
345{
346 WINPR_ASSERT(index);
347 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
348
349 if (!s)
350 return FALSE;
351 if (!Stream_EnsureRemainingCapacity(s, 4))
352 return FALSE;
353
354 if (length > 0)
355 {
356 Stream_Write_UINT32(s, ndrPtr); /* mszGroupsNdrPtr (4 bytes) */
357 (*index) = (*index) + 1;
358 }
359 else
360 Stream_Write_UINT32(s, 0);
361 return TRUE;
362}
363
364static BOOL tsg_ndr_pointer_read(wLog* log, wStream* s, UINT32* index, UINT32* ptrval,
365 BOOL required)
366{
367 WINPR_ASSERT(index);
368 const UINT32 ndrPtr = 0x20000 + (*index) * 4;
369
370 if (!s)
371 return FALSE;
372 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 4))
373 return FALSE;
374
375 DWORD val = 0;
376 Stream_Read_UINT32(s, val);
377 if (ptrval)
378 *ptrval = val;
379
380 if (val != 0)
381 {
382 if (val != ndrPtr)
383 {
384 WLog_Print(log, WLOG_WARN, "Read NDR pointer 0x%04" PRIx32 " but expected 0x%04" PRIx32,
385 val, ndrPtr);
386 if ((val & 0xFFFF0000) != (ndrPtr & 0xFFFF0000))
387 return FALSE;
388 }
389 (*index)++;
390 }
391 else if (required)
392 {
393 WLog_Print(log, WLOG_ERROR, "NDR pointer == 0, but the field is required");
394 return FALSE;
395 }
396
397 return TRUE;
398}
399
400static BOOL tsg_ndr_write_string(WINPR_ATTR_UNUSED wLog* log, wStream* s, const WCHAR* str,
401 size_t length)
402{
403 if (!Stream_EnsureRemainingCapacity(s, 12 + length) || (length > UINT32_MAX))
404 return FALSE;
405
406 Stream_Write_UINT32(s, (UINT32)length); /* MaxCount (4 bytes) */
407 Stream_Write_UINT32(s, 0); /* Offset (4 bytes) */
408 Stream_Write_UINT32(s, (UINT32)length); /* ActualCount (4 bytes) */
409 Stream_Write_UTF16_String(s, str, length); /* Array */
410 return TRUE;
411}
412
413static BOOL tsg_ndr_read_string(wLog* log, wStream* s, WCHAR** str, UINT32 lengthInBytes)
414{
415 UINT32 MaxCount = 0;
416 UINT32 Offset = 0;
417 UINT32 ActualCount = 0;
418
419 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
420 return FALSE;
421
422 Stream_Read_UINT32(s, MaxCount); /* MaxCount (4 bytes) */
423 Stream_Read_UINT32(s, Offset); /* Offset (4 bytes) */
424 Stream_Read_UINT32(s, ActualCount); /* ActualCount (4 bytes) */
425 if (ActualCount > MaxCount)
426 {
427 WLog_Print(log, WLOG_ERROR,
428 "failed to read string, ActualCount (%" PRIu32 ") > MaxCount (%" PRIu32 ")",
429 ActualCount, MaxCount);
430 return FALSE;
431 }
432 if (Offset != 0)
433 {
434 WLog_Print(log, WLOG_ERROR, "Unsupported Offset (%" PRIu32 "), expected 0", Offset);
435 return FALSE;
436 }
437 if (ActualCount > lengthInBytes / sizeof(WCHAR))
438 {
439 WLog_Print(log, WLOG_ERROR,
440 "failed to read string, ActualCount (%" PRIu32
441 ") * sizeof(WCHAR) > lengthInBytes (%" PRIu32 ")",
442 ActualCount, lengthInBytes);
443 return FALSE;
444 }
445 if (str)
446 *str = Stream_PointerAs(s, WCHAR);
447
448 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, ActualCount * sizeof(WCHAR)))
449 return FALSE;
450 Stream_Seek(s, ActualCount * sizeof(WCHAR));
451 return TRUE;
452}
453
454static BOOL tsg_ndr_read_packet_header(wLog* log, wStream* s, TSG_PACKET_HEADER* header)
455{
456 const UINT32 ComponentId = TS_GATEWAY_TRANSPORT;
457
458 WINPR_ASSERT(header);
459 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2, sizeof(UINT16)))
460 return FALSE;
461 Stream_Read_UINT16(s, header->ComponentId);
462 Stream_Read_UINT16(s, header->PacketId);
463
464 if (ComponentId != header->ComponentId)
465 {
466 char buffer[64] = { 0 };
467 char buffer2[64] = { 0 };
468 WLog_Print(log, WLOG_ERROR, "Unexpected ComponentId: %s, Expected %s",
469 tsg_component_id_to_string(header->ComponentId, buffer, sizeof(buffer)),
470 tsg_component_id_to_string(ComponentId, buffer2, sizeof(buffer2)));
471 return FALSE;
472 }
473
474 return TRUE;
475}
476
477static BOOL tsg_ndr_write_packet_header(WINPR_ATTR_UNUSED wLog* log, wStream* s,
478 const TSG_PACKET_HEADER* header)
479{
480 WINPR_ASSERT(header);
481 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT16)))
482 return FALSE;
483 Stream_Write_UINT16(s, header->ComponentId);
484 Stream_Write_UINT16(s, header->PacketId);
485 return TRUE;
486}
487
488static BOOL tsg_ndr_read_nap(wLog* log, wStream* s, TSG_CAPABILITY_NAP* nap)
489{
490 WINPR_ASSERT(nap);
491
492 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(UINT32)))
493 return FALSE;
494 Stream_Read_UINT32(s, nap->capabilities);
495 return TRUE;
496}
497
498static BOOL tsg_ndr_write_nap(WINPR_ATTR_UNUSED wLog* log, wStream* s,
499 const TSG_CAPABILITY_NAP* nap)
500{
501 WINPR_ASSERT(nap);
502
503 if (!Stream_EnsureRemainingCapacity(s, 1 * sizeof(UINT32)))
504 return FALSE;
505 Stream_Write_UINT32(s, nap->capabilities);
506 return TRUE;
507}
508
509static BOOL tsg_ndr_read_tsg_caps(wLog* log, wStream* s, TSG_PACKET_CAPABILITIES* caps)
510{
511 UINT32 capabilityType = 0;
512 UINT32 count = 0;
513 WINPR_ASSERT(caps);
514
515 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 3, sizeof(UINT32)))
516 return FALSE;
517 Stream_Read_UINT32(s, count);
518 Stream_Read_UINT32(s, capabilityType);
519 Stream_Read_UINT32(s, caps->capabilityType);
520 if (capabilityType != caps->capabilityType)
521 {
522 WLog_Print(log, WLOG_ERROR, "Inconsistent data, capabilityType %s != %s",
523 tsg_packet_id_to_string(capabilityType),
524 tsg_packet_id_to_string(caps->capabilityType));
525 return FALSE;
526 }
527 switch (caps->capabilityType)
528 {
529 case TSG_CAPABILITY_TYPE_NAP:
530 if (count < 1)
531 {
532 WLog_Print(log, WLOG_ERROR, "Inconsistent data, capabilityType %s count=%" PRIu32,
533 tsg_packet_id_to_string(capabilityType), count);
534 return FALSE;
535 }
536 return tsg_ndr_read_nap(log, s, &caps->tsgPacket.tsgCapNap);
537 default:
538 WLog_Print(log, WLOG_ERROR,
539 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32
540 " [count=%" PRIu32 "]",
541 caps->capabilityType, count);
542 return FALSE;
543 }
544}
545
546static BOOL tsg_ndr_write_tsg_caps(wLog* log, wStream* s, const TSG_PACKET_CAPABILITIES* caps)
547{
548 WINPR_ASSERT(caps);
549
550 if (!Stream_EnsureRemainingCapacity(s, 2 * sizeof(UINT32)))
551 return FALSE;
552 Stream_Write_UINT32(s, caps->capabilityType);
553 Stream_Write_UINT32(s, caps->capabilityType);
554
555 switch (caps->capabilityType)
556 {
557 case TSG_CAPABILITY_TYPE_NAP:
558 return tsg_ndr_write_nap(log, s, &caps->tsgPacket.tsgCapNap);
559 default:
560 WLog_Print(log, WLOG_ERROR,
561 "unknown TSG_PACKET_CAPABILITIES::capabilityType 0x%04" PRIx32,
562 caps->capabilityType);
563 return FALSE;
564 }
565}
566
567static BOOL tsg_ndr_read_version_caps(wLog* log, wStream* s, UINT32* index,
568 TSG_PACKET_VERSIONCAPS* caps)
569{
570 WINPR_ASSERT(caps);
571 if (!tsg_ndr_read_packet_header(log, s, &caps->tsgHeader))
572 return FALSE;
573
574 UINT32 TSGCapsPtr = 0;
575 if (!tsg_ndr_pointer_read(log, s, index, &TSGCapsPtr, TRUE))
576 return FALSE;
577
578 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 10))
579 return FALSE;
580 Stream_Read_UINT32(s, caps->numCapabilities);
581 Stream_Read_UINT16(s, caps->majorVersion);
582 Stream_Read_UINT16(s, caps->minorVersion);
583 Stream_Read_UINT16(s, caps->quarantineCapabilities);
584 /* 4-byte alignment */
585 if (!tsg_stream_align(log, s, 4))
586 return FALSE;
587
588 if (caps->numCapabilities > 1)
589 {
590 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
591 caps->numCapabilities);
592 return FALSE;
593 }
594
595 return tsg_ndr_read_tsg_caps(log, s, &caps->tsgCaps);
596}
597
598static BOOL tsg_ndr_write_version_caps(wLog* log, wStream* s, UINT32* index,
599 const TSG_PACKET_VERSIONCAPS* caps)
600{
601 WINPR_ASSERT(caps);
602 if (!tsg_ndr_write_packet_header(log, s, &caps->tsgHeader))
603 return FALSE;
604
605 if (!tsg_ndr_pointer_write(log, s, index, 1)) /* TsgCapsPtr (4 bytes) */
606 return FALSE;
607
608 if (!Stream_EnsureRemainingCapacity(s, 10))
609 return FALSE;
610
611 if (caps->numCapabilities > 1)
612 {
613 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
614 caps->numCapabilities);
615 return FALSE;
616 }
617 Stream_Write_UINT32(s, caps->numCapabilities);
618 Stream_Write_UINT16(s, caps->majorVersion);
619 Stream_Write_UINT16(s, caps->minorVersion);
620 Stream_Write_UINT16(s, caps->quarantineCapabilities);
621
622 /* 4-byte alignment (30 + 2) */
623 Stream_Write_UINT16(s, 0x0000); /* pad (2 bytes) */
624 Stream_Write_UINT32(s, caps->numCapabilities); /* MaxCount (4 bytes) */
625 return tsg_ndr_write_tsg_caps(log, s, &caps->tsgCaps);
626}
627
628static BOOL tsg_ndr_read_quarenc_response(wLog* log, wStream* s, UINT32* index,
629 TSG_PACKET_QUARENC_RESPONSE* quarenc)
630{
631 WINPR_ASSERT(quarenc);
632 UINT32 CertChainDataPtr = 0;
633 UINT32 VersionCapsPtr = 0;
634
635 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
636 return FALSE;
637 Stream_Read_UINT32(s, quarenc->flags);
638 Stream_Read_UINT32(s, quarenc->certChainLen);
639
640 if (!tsg_ndr_pointer_read(log, s, index, &CertChainDataPtr, quarenc->certChainLen != 0))
641 return FALSE;
642
643 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 1, sizeof(quarenc->nonce)))
644 return FALSE;
645 Stream_Read(s, &quarenc->nonce, sizeof(quarenc->nonce));
646
647 if (!tsg_ndr_pointer_read(log, s, index, &VersionCapsPtr, TRUE))
648 return FALSE;
649
650 return TRUE;
651}
652
653static BOOL tsg_ndr_read_quarenc_data(wLog* log, wStream* s, UINT32* index,
654 TSG_PACKET_QUARENC_RESPONSE* quarenc)
655{
656 WINPR_ASSERT(quarenc);
657
658 if (quarenc->certChainLen > 0)
659 {
660 /* [MS-TSGU] 2.2.9.2.1.6 TSG_PACKET_QUARENC_RESPONSE::certChainLen number of WCHAR */
661 if (!tsg_ndr_read_string(log, s, &quarenc->certChainData,
662 quarenc->certChainLen * sizeof(WCHAR)))
663 return FALSE;
664 /* 4-byte alignment */
665 if (!tsg_stream_align(log, s, 4))
666 return FALSE;
667 }
668
669 return tsg_ndr_read_version_caps(log, s, index, &quarenc->versionCaps);
670}
671
672static BOOL tsg_ndr_write_auth(wLog* log, wStream* s, UINT32* index, const TSG_PACKET_AUTH* auth)
673{
674 WINPR_ASSERT(auth);
675
676 if (!tsg_ndr_write_version_caps(log, s, index, &auth->tsgVersionCaps))
677 return FALSE;
678
679 if (!Stream_EnsureRemainingCapacity(s, 4))
680 return FALSE;
681
682 Stream_Write_UINT32(s, auth->cookieLen);
683 if (!tsg_ndr_pointer_write(log, s, index, auth->cookieLen))
684 return FALSE;
685
686 if (!Stream_EnsureRemainingCapacity(s, auth->cookieLen))
687 return FALSE;
688 Stream_Write(s, auth->cookie, auth->cookieLen);
689 return TRUE;
690}
691
692static BOOL tsg_ndr_write_reauth(wLog* log, wStream* s, UINT32* index,
693 const TSG_PACKET_REAUTH* auth)
694{
695 WINPR_ASSERT(auth);
696
697 if (!Stream_EnsureRemainingCapacity(s, 12))
698 return FALSE;
699
700 Stream_Write_UINT64(s, auth->tunnelContext); /* TunnelContext (8 bytes) */
701 Stream_Write_UINT32(s, auth->packetId); /* PacketId (4 bytes) */
702
703 switch (auth->packetId)
704 {
705 case TSG_PACKET_TYPE_VERSIONCAPS:
706 return tsg_ndr_write_version_caps(log, s, index,
707 &auth->tsgInitialPacket.packetVersionCaps);
708 case TSG_PACKET_TYPE_AUTH:
709 return tsg_ndr_write_auth(log, s, index, &auth->tsgInitialPacket.packetAuth);
710 default:
711 WLog_Print(log, WLOG_ERROR, "unexpected packetId %s",
712 tsg_packet_id_to_string(auth->packetId));
713 return FALSE;
714 }
715}
716
717static BOOL tsg_ndr_read_packet_response(wLog* log, wStream* s, UINT32* index,
718 TSG_PACKET_RESPONSE* response)
719{
720 UINT32 ResponseDataPtr = 0;
721
722 WINPR_ASSERT(response);
723
724 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 2, sizeof(UINT32)))
725 return FALSE;
726 Stream_Read_UINT32(s, response->flags); /* Flags (4 bytes) */
727 Stream_Seek_UINT32(s); /* Reserved (4 bytes) */
728
729 if (response->flags != TSG_PACKET_TYPE_QUARREQUEST)
730 {
731 WLog_Print(log, WLOG_ERROR,
732 "Unexpected Packet Response Flags: 0x%08" PRIX32
733 ", Expected TSG_PACKET_TYPE_QUARREQUEST",
734 response->flags);
735 return FALSE;
736 }
737
738 if (!tsg_ndr_pointer_read(log, s, index, &ResponseDataPtr, TRUE))
739 return FALSE;
740
741 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, s, 10, sizeof(UINT32)))
742 return FALSE;
743
744 Stream_Read_UINT32(s, response->responseDataLen); /* ResponseDataLength (4 bytes) */
745 Stream_Read_INT32(
746 s, response->redirectionFlags.enableAllRedirections); /* EnableAllRedirections (4 bytes) */
747 Stream_Read_INT32(
748 s,
749 response->redirectionFlags.disableAllRedirections); /* DisableAllRedirections (4 bytes) */
750 Stream_Read_INT32(s, response->redirectionFlags
751 .driveRedirectionDisabled); /* DriveRedirectionDisabled (4 bytes) */
752 Stream_Read_INT32(s,
753 response->redirectionFlags
754 .printerRedirectionDisabled); /* PrinterRedirectionDisabled (4 bytes) */
755 Stream_Read_INT32(
756 s,
757 response->redirectionFlags.portRedirectionDisabled); /* PortRedirectionDisabled (4 bytes) */
758 Stream_Read_INT32(s, response->redirectionFlags.reserved); /* Reserved (4 bytes) */
759 Stream_Read_INT32(
760 s, response->redirectionFlags
761 .clipboardRedirectionDisabled); /* ClipboardRedirectionDisabled (4 bytes) */
762 Stream_Read_INT32(
763 s,
764 response->redirectionFlags.pnpRedirectionDisabled); /* PnpRedirectionDisabled (4 bytes) */
765
766 const UINT32 MaxSizeValue = Stream_Get_UINT32(s); /* (4 bytes) */
767 const UINT32 MaxOffsetValue = Stream_Get_UINT32(s); /* (4 bytes) */
768
769 if (MaxSizeValue != response->responseDataLen)
770 {
771 WLog_Print(log, WLOG_ERROR, "Unexpected size value: %" PRIu32 ", expected: %" PRIu32 "",
772 MaxSizeValue, response->responseDataLen);
773 return FALSE;
774 }
775
776 if (MaxOffsetValue != 0)
777 {
778 WLog_Print(log, WLOG_ERROR, "Unexpected offset value: %" PRIu32 ", expected: 0",
779 MaxOffsetValue);
780 return FALSE;
781 }
782
783 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, MaxSizeValue))
784 return FALSE;
785
786 if (MaxSizeValue >= 4)
787 {
788 const UINT32 idleTimeout = Stream_Get_UINT32(s);
789 WLog_Print(log, WLOG_DEBUG, "[IDLE_TIMEOUT] idleTimeout=%" PRIu32 ": TODO: unused",
790 idleTimeout);
791 Stream_Seek(s, MaxSizeValue - 4);
792 }
793 else
794 Stream_Seek(s, MaxSizeValue); /* ResponseData */
795 return TRUE;
796}
797
798WINPR_ATTR_FORMAT_ARG(3, 4)
799static BOOL tsg_print(char** buffer, size_t* len, WINPR_FORMAT_ARG const char* fmt, ...)
800{
801 int rc = 0;
802 va_list ap = { 0 };
803 if (!buffer || !len || !fmt)
804 return FALSE;
805 va_start(ap, fmt);
806 rc = vsnprintf(*buffer, *len, fmt, ap);
807 va_end(ap);
808 if ((rc < 0) || ((size_t)rc > *len))
809 return FALSE;
810 *len -= (size_t)rc;
811 *buffer += (size_t)rc;
812 return TRUE;
813}
814
815static BOOL tsg_packet_header_to_string(char** buffer, size_t* length,
816 const TSG_PACKET_HEADER* header)
817{
818 WINPR_ASSERT(buffer);
819 WINPR_ASSERT(length);
820 WINPR_ASSERT(header);
821
822 return tsg_print(buffer, length,
823 "header { ComponentId=0x%04" PRIx16 ", PacketId=0x%04" PRIx16 " }",
824 header->ComponentId, header->PacketId);
825}
826
827static BOOL tsg_type_capability_nap_to_string(char** buffer, size_t* length,
828 const TSG_CAPABILITY_NAP* cur)
829{
830 WINPR_ASSERT(buffer);
831 WINPR_ASSERT(length);
832 WINPR_ASSERT(cur);
833
834 return tsg_print(buffer, length, "%s { capabilities=0x%08" PRIx32 " }",
835 tsg_packet_id_to_string(TSG_CAPABILITY_TYPE_NAP), cur->capabilities);
836}
837
838static BOOL tsg_packet_capabilities_to_string(char** buffer, size_t* length,
839 const TSG_PACKET_CAPABILITIES* caps, UINT32 numCaps)
840{
841 WINPR_ASSERT(buffer);
842 WINPR_ASSERT(length);
843 WINPR_ASSERT(caps);
844
845 if (!tsg_print(buffer, length, "capabilities { "))
846 return FALSE;
847
848 for (UINT32 x = 0; x < numCaps; x++)
849 {
850 const TSG_PACKET_CAPABILITIES* cur = &caps[x];
851 switch (cur->capabilityType)
852 {
853 case TSG_CAPABILITY_TYPE_NAP:
854 if (!tsg_type_capability_nap_to_string(buffer, length, &cur->tsgPacket.tsgCapNap))
855 return FALSE;
856 break;
857 default:
858 if (!tsg_print(buffer, length, "TSG_UNKNOWN_CAPABILITY"))
859 return FALSE;
860 break;
861 }
862 }
863 return tsg_print(buffer, length, " }");
864}
865
866static BOOL tsg_packet_versioncaps_to_string(char** buffer, size_t* length,
867 const TSG_PACKET_VERSIONCAPS* caps)
868{
869 WINPR_ASSERT(buffer);
870 WINPR_ASSERT(length);
871 WINPR_ASSERT(caps);
872
873 if (!tsg_print(buffer, length, "versioncaps { "))
874 return FALSE;
875 if (!tsg_packet_header_to_string(buffer, length, &caps->tsgHeader))
876 return FALSE;
877
878 if (!tsg_print(buffer, length, " "))
879 return FALSE;
880
881 if (caps->numCapabilities > 1)
882 {
883 WLog_ERR(TAG, "TSG_PACKET_VERSIONCAPS::numCapabilities > 1 (%" PRIu32 "), not supported!",
884 caps->numCapabilities);
885 return FALSE;
886 }
887
888 if (!tsg_packet_capabilities_to_string(buffer, length, &caps->tsgCaps, caps->numCapabilities))
889 return FALSE;
890
891 if (!tsg_print(buffer, length,
892 " numCapabilities=0x%08" PRIx32 ", majorVersion=0x%04" PRIx16
893 ", minorVersion=0x%04" PRIx16 ", quarantineCapabilities=0x%04" PRIx16,
894 caps->numCapabilities, caps->majorVersion, caps->minorVersion,
895 caps->quarantineCapabilities))
896 return FALSE;
897
898 return tsg_print(buffer, length, " }");
899}
900
901static BOOL tsg_packet_quarconfigrequest_to_string(char** buffer, size_t* length,
902 const TSG_PACKET_QUARCONFIGREQUEST* caps)
903{
904 WINPR_ASSERT(buffer);
905 WINPR_ASSERT(length);
906 WINPR_ASSERT(caps);
907
908 if (!tsg_print(buffer, length, "quarconfigrequest { "))
909 return FALSE;
910
911 if (!tsg_print(buffer, length, " "))
912 return FALSE;
913
914 if (!tsg_print(buffer, length, " flags=0x%08" PRIx32, caps->flags))
915 return FALSE;
916
917 return tsg_print(buffer, length, " }");
918}
919
920static BOOL tsg_packet_quarrequest_to_string(char** buffer, size_t* length,
921 const TSG_PACKET_QUARREQUEST* caps)
922{
923 BOOL rc = FALSE;
924 char* name = NULL;
925 char* strdata = NULL;
926
927 WINPR_ASSERT(buffer);
928 WINPR_ASSERT(length);
929 WINPR_ASSERT(caps);
930
931 if (!tsg_print(buffer, length, "quarrequest { "))
932 return FALSE;
933
934 if (!tsg_print(buffer, length, " "))
935 return FALSE;
936
937 if (caps->nameLength > 0)
938 {
939 if (caps->nameLength > INT_MAX)
940 return FALSE;
941 name = ConvertWCharNToUtf8Alloc(caps->machineName, caps->nameLength, NULL);
942 if (!name)
943 return FALSE;
944 }
945
946 strdata = winpr_BinToHexString(caps->data, caps->dataLen, TRUE);
947 if (strdata || (caps->dataLen == 0))
948 rc = tsg_print(buffer, length,
949 " flags=0x%08" PRIx32 ", machineName=%s [%" PRIu32 "], data[%" PRIu32 "]=%s",
950 caps->flags, name, caps->nameLength, caps->dataLen, strdata);
951 free(name);
952 free(strdata);
953 if (!rc)
954 return FALSE;
955
956 return tsg_print(buffer, length, " }");
957}
958
959static const char* tsg_bool_to_string(BOOL val)
960{
961 if (val)
962 return "true";
963 return "false";
964}
965
966static const char* tsg_redirection_flags_to_string(char* buffer, size_t size,
967 const TSG_REDIRECTION_FLAGS* flags)
968{
969 WINPR_ASSERT(buffer || (size == 0));
970 WINPR_ASSERT(flags);
971
972 (void)_snprintf(
973 buffer, size,
974 "enableAllRedirections=%s, disableAllRedirections=%s, driveRedirectionDisabled=%s, "
975 "printerRedirectionDisabled=%s, portRedirectionDisabled=%s, reserved=%s, "
976 "clipboardRedirectionDisabled=%s, pnpRedirectionDisabled=%s",
977 tsg_bool_to_string(flags->enableAllRedirections),
978 tsg_bool_to_string(flags->disableAllRedirections),
979 tsg_bool_to_string(flags->driveRedirectionDisabled),
980 tsg_bool_to_string(flags->printerRedirectionDisabled),
981 tsg_bool_to_string(flags->portRedirectionDisabled), tsg_bool_to_string(flags->reserved),
982 tsg_bool_to_string(flags->clipboardRedirectionDisabled),
983 tsg_bool_to_string(flags->pnpRedirectionDisabled));
984 return buffer;
985}
986
987static BOOL tsg_packet_response_to_string(char** buffer, size_t* length,
988 const TSG_PACKET_RESPONSE* caps)
989{
990 BOOL rc = FALSE;
991 char* strdata = NULL;
992 char tbuffer[8192] = { 0 };
993
994 WINPR_ASSERT(buffer);
995 WINPR_ASSERT(length);
996 WINPR_ASSERT(caps);
997
998 if (!tsg_print(buffer, length, "response { "))
999 return FALSE;
1000
1001 if (!tsg_print(buffer, length, " "))
1002 return FALSE;
1003
1004 strdata = winpr_BinToHexString(caps->responseData, caps->responseDataLen, TRUE);
1005 if (strdata || (caps->responseDataLen == 0))
1006 rc = tsg_print(
1007 buffer, length,
1008 " flags=0x%08" PRIx32 ", reserved=0x%08" PRIx32 ", responseData[%" PRIu32
1009 "]=%s, redirectionFlags={ %s }",
1010 caps->flags, caps->reserved, caps->responseDataLen, strdata,
1011 tsg_redirection_flags_to_string(tbuffer, ARRAYSIZE(tbuffer), &caps->redirectionFlags));
1012 free(strdata);
1013 if (!rc)
1014 return FALSE;
1015
1016 return tsg_print(buffer, length, " }");
1017}
1018
1019static BOOL tsg_packet_quarenc_response_to_string(char** buffer, size_t* length,
1020 const TSG_PACKET_QUARENC_RESPONSE* caps)
1021{
1022 BOOL rc = FALSE;
1023 char* strdata = NULL;
1024 RPC_CSTR uuid = NULL;
1025 char tbuffer[8192] = { 0 };
1026 size_t size = ARRAYSIZE(tbuffer);
1027 char* ptbuffer = tbuffer;
1028
1029 WINPR_ASSERT(buffer);
1030 WINPR_ASSERT(length);
1031 WINPR_ASSERT(caps);
1032
1033 if (!tsg_print(buffer, length, "quarenc_response { "))
1034 return FALSE;
1035
1036 if (!tsg_print(buffer, length, " "))
1037 return FALSE;
1038
1039 if (caps->certChainLen > 0)
1040 {
1041 if (caps->certChainLen > INT_MAX)
1042 return FALSE;
1043 strdata = ConvertWCharNToUtf8Alloc(caps->certChainData, caps->certChainLen, NULL);
1044 if (!strdata)
1045 return FALSE;
1046 }
1047
1048 tsg_packet_versioncaps_to_string(&ptbuffer, &size, &caps->versionCaps);
1049 UuidToStringA(&caps->nonce, &uuid);
1050 if (strdata || (caps->certChainLen == 0))
1051 rc =
1052 tsg_print(buffer, length,
1053 " flags=0x%08" PRIx32 ", certChain[%" PRIu32 "]=%s, nonce=%s, versionCaps=%s",
1054 caps->flags, caps->certChainLen, strdata, uuid, tbuffer);
1055 free(strdata);
1056 RpcStringFreeA(&uuid);
1057 if (!rc)
1058 return FALSE;
1059
1060 return tsg_print(buffer, length, " }");
1061}
1062
1063static BOOL tsg_packet_message_response_to_string(char** buffer, size_t* length,
1064 const TSG_PACKET_MSG_RESPONSE* caps)
1065{
1066 WINPR_ASSERT(buffer);
1067 WINPR_ASSERT(length);
1068 WINPR_ASSERT(caps);
1069
1070 if (!tsg_print(buffer, length, "msg_response { "))
1071 return FALSE;
1072
1073 if (!tsg_print(buffer, length,
1074 " msgID=0x%08" PRIx32 ", msgType=0x%08" PRIx32 ", isMsgPresent=%" PRId32,
1075 caps->msgID, caps->msgType, caps->isMsgPresent))
1076 return FALSE;
1077
1078 return tsg_print(buffer, length, " }");
1079}
1080
1081static BOOL tsg_packet_caps_response_to_string(char** buffer, size_t* length,
1082 const TSG_PACKET_CAPS_RESPONSE* caps)
1083{
1084 WINPR_ASSERT(buffer);
1085 WINPR_ASSERT(length);
1086 WINPR_ASSERT(caps);
1087
1088 if (!tsg_print(buffer, length, "caps_response { "))
1089 return FALSE;
1090
1091 if (!tsg_packet_quarenc_response_to_string(buffer, length, &caps->pktQuarEncResponse))
1092 return FALSE;
1093
1094 if (!tsg_packet_message_response_to_string(buffer, length, &caps->pktConsentMessage))
1095 return FALSE;
1096
1097 return tsg_print(buffer, length, " }");
1098}
1099
1100static BOOL tsg_packet_message_request_to_string(char** buffer, size_t* length,
1101 const TSG_PACKET_MSG_REQUEST* caps)
1102{
1103 WINPR_ASSERT(buffer);
1104 WINPR_ASSERT(length);
1105 WINPR_ASSERT(caps);
1106
1107 if (!tsg_print(buffer, length, "caps_message_request { "))
1108 return FALSE;
1109
1110 if (!tsg_print(buffer, length, " maxMessagesPerBatch=%" PRIu32, caps->maxMessagesPerBatch))
1111 return FALSE;
1112
1113 return tsg_print(buffer, length, " }");
1114}
1115
1116static BOOL tsg_packet_auth_to_string(char** buffer, size_t* length, const TSG_PACKET_AUTH* caps)
1117{
1118 BOOL rc = FALSE;
1119 char* strdata = NULL;
1120 WINPR_ASSERT(buffer);
1121 WINPR_ASSERT(length);
1122 WINPR_ASSERT(caps);
1123
1124 if (!tsg_print(buffer, length, "caps_message_request { "))
1125 return FALSE;
1126
1127 if (!tsg_packet_versioncaps_to_string(buffer, length, &caps->tsgVersionCaps))
1128 return FALSE;
1129
1130 strdata = winpr_BinToHexString(caps->cookie, caps->cookieLen, TRUE);
1131 if (strdata || (caps->cookieLen == 0))
1132 rc = tsg_print(buffer, length, " cookie[%" PRIu32 "]=%s", caps->cookieLen, strdata);
1133 free(strdata);
1134 if (!rc)
1135 return FALSE;
1136
1137 return tsg_print(buffer, length, " }");
1138}
1139
1140static BOOL tsg_packet_reauth_to_string(char** buffer, size_t* length,
1141 const TSG_PACKET_REAUTH* caps)
1142{
1143 BOOL rc = FALSE;
1144 WINPR_ASSERT(buffer);
1145 WINPR_ASSERT(length);
1146 WINPR_ASSERT(caps);
1147
1148 if (!tsg_print(buffer, length, "caps_message_request { "))
1149 return FALSE;
1150
1151 if (!tsg_print(buffer, length, " tunnelContext=0x%016" PRIx64 ", packetId=%s [0x%08" PRIx32 "]",
1152 caps->tunnelContext, tsg_packet_id_to_string(caps->packetId), caps->packetId))
1153 return FALSE;
1154
1155 switch (caps->packetId)
1156 {
1157 case TSG_PACKET_TYPE_VERSIONCAPS:
1158 rc = tsg_packet_versioncaps_to_string(buffer, length,
1159 &caps->tsgInitialPacket.packetVersionCaps);
1160 break;
1161 case TSG_PACKET_TYPE_AUTH:
1162 rc = tsg_packet_auth_to_string(buffer, length, &caps->tsgInitialPacket.packetAuth);
1163 break;
1164 default:
1165 rc = tsg_print(buffer, length, "TODO: Unhandled packet type %s [0x%08" PRIx32 "]",
1166 tsg_packet_id_to_string(caps->packetId), caps->packetId);
1167 break;
1168 }
1169
1170 if (!rc)
1171 return FALSE;
1172
1173 return tsg_print(buffer, length, " }");
1174}
1175
1176static const char* tsg_packet_to_string(const TSG_PACKET* packet)
1177{
1178 size_t len = 8192;
1179 static char sbuffer[8193] = { 0 };
1180 char* buffer = sbuffer;
1181
1182 if (!tsg_print(&buffer, &len, "TSG_PACKET { packetId=%s [0x%08" PRIx32 "], ",
1183 tsg_packet_id_to_string(packet->packetId), packet->packetId))
1184 goto fail;
1185
1186 switch (packet->packetId)
1187 {
1188 case TSG_PACKET_TYPE_HEADER:
1189 if (!tsg_packet_header_to_string(&buffer, &len, &packet->tsgPacket.packetHeader))
1190 goto fail;
1191 break;
1192 case TSG_PACKET_TYPE_VERSIONCAPS:
1193 if (!tsg_packet_versioncaps_to_string(&buffer, &len,
1194 &packet->tsgPacket.packetVersionCaps))
1195 goto fail;
1196 break;
1197 case TSG_PACKET_TYPE_QUARCONFIGREQUEST:
1198 if (!tsg_packet_quarconfigrequest_to_string(&buffer, &len,
1199 &packet->tsgPacket.packetQuarConfigRequest))
1200 goto fail;
1201 break;
1202 case TSG_PACKET_TYPE_QUARREQUEST:
1203 if (!tsg_packet_quarrequest_to_string(&buffer, &len,
1204 &packet->tsgPacket.packetQuarRequest))
1205 goto fail;
1206 break;
1207 case TSG_PACKET_TYPE_RESPONSE:
1208 if (!tsg_packet_response_to_string(&buffer, &len, &packet->tsgPacket.packetResponse))
1209 goto fail;
1210 break;
1211 case TSG_PACKET_TYPE_QUARENC_RESPONSE:
1212 if (!tsg_packet_quarenc_response_to_string(&buffer, &len,
1213 &packet->tsgPacket.packetQuarEncResponse))
1214 goto fail;
1215 break;
1216 case TSG_PACKET_TYPE_CAPS_RESPONSE:
1217 if (!tsg_packet_caps_response_to_string(&buffer, &len,
1218 &packet->tsgPacket.packetCapsResponse))
1219 goto fail;
1220 break;
1221 case TSG_PACKET_TYPE_MSGREQUEST_PACKET:
1222 if (!tsg_packet_message_request_to_string(&buffer, &len,
1223 &packet->tsgPacket.packetMsgRequest))
1224 goto fail;
1225 break;
1226 case TSG_PACKET_TYPE_MESSAGE_PACKET:
1227 if (!tsg_packet_message_response_to_string(&buffer, &len,
1228 &packet->tsgPacket.packetMsgResponse))
1229 goto fail;
1230 break;
1231 case TSG_PACKET_TYPE_AUTH:
1232 if (!tsg_packet_auth_to_string(&buffer, &len, &packet->tsgPacket.packetAuth))
1233 goto fail;
1234 break;
1235 case TSG_PACKET_TYPE_REAUTH:
1236 if (!tsg_packet_reauth_to_string(&buffer, &len, &packet->tsgPacket.packetReauth))
1237 goto fail;
1238 break;
1239 default:
1240 if (!tsg_print(&buffer, &len, "INVALID"))
1241 goto fail;
1242 break;
1243 }
1244
1245 if (!tsg_print(&buffer, &len, " }"))
1246 goto fail;
1247
1248fail:
1249 return sbuffer;
1250}
1251
1252static BOOL tsg_stream_align(wLog* log, wStream* s, size_t align)
1253{
1254 size_t pos = 0;
1255 size_t offset = 0;
1256
1257 if (!s)
1258 return FALSE;
1259
1260 pos = Stream_GetPosition(s);
1261
1262 if ((pos % align) != 0)
1263 offset = align - pos % align;
1264
1265 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, offset))
1266 return FALSE;
1267 Stream_Seek(s, offset);
1268 return TRUE;
1269}
1270
1271static BIO_METHOD* BIO_s_tsg(void);
1308static int TsProxySendToServer(handle_t IDL_handle, const byte pRpcMessage[], UINT32 count,
1309 const UINT32* lengths)
1310{
1311 wStream* s = NULL;
1312 rdpTsg* tsg = NULL;
1313 size_t length = 0;
1314 const byte* buffer1 = NULL;
1315 const byte* buffer2 = NULL;
1316 const byte* buffer3 = NULL;
1317 UINT32 buffer1Length = 0;
1318 UINT32 buffer2Length = 0;
1319 UINT32 buffer3Length = 0;
1320 UINT32 numBuffers = 0;
1321 UINT32 totalDataBytes = 0;
1322 tsg = (rdpTsg*)IDL_handle;
1323 buffer1Length = buffer2Length = buffer3Length = 0;
1324
1325 if (count > 0)
1326 {
1327 numBuffers++;
1328 buffer1 = &pRpcMessage[0];
1329 buffer1Length = lengths[0];
1330 totalDataBytes += lengths[0] + 4;
1331 }
1332
1333 if (count > 1)
1334 {
1335 numBuffers++;
1336 buffer2 = &pRpcMessage[1];
1337 buffer2Length = lengths[1];
1338 totalDataBytes += lengths[1] + 4;
1339 }
1340
1341 if (count > 2)
1342 {
1343 numBuffers++;
1344 buffer3 = &pRpcMessage[2];
1345 buffer3Length = lengths[2];
1346 totalDataBytes += lengths[2] + 4;
1347 }
1348
1349 length = 28ull + totalDataBytes;
1350 if (length > INT_MAX)
1351 return -1;
1352 s = Stream_New(NULL, length);
1353
1354 if (!s)
1355 {
1356 WLog_Print(tsg->log, WLOG_ERROR, "Stream_New failed!");
1357 return -1;
1358 }
1359
1360 /* PCHANNEL_CONTEXT_HANDLE_NOSERIALIZE_NR (20 bytes) */
1361 if (!TsProxyWriteTunnelContext(tsg->log, s, &tsg->ChannelContext))
1362 goto fail;
1363 Stream_Write_UINT32_BE(s, totalDataBytes); /* totalDataBytes (4 bytes) */
1364 Stream_Write_UINT32_BE(s, numBuffers); /* numBuffers (4 bytes) */
1365
1366 if (buffer1Length > 0)
1367 Stream_Write_UINT32_BE(s, buffer1Length); /* buffer1Length (4 bytes) */
1368
1369 if (buffer2Length > 0)
1370 Stream_Write_UINT32_BE(s, buffer2Length); /* buffer2Length (4 bytes) */
1371
1372 if (buffer3Length > 0)
1373 Stream_Write_UINT32_BE(s, buffer3Length); /* buffer3Length (4 bytes) */
1374
1375 if (buffer1Length > 0)
1376 Stream_Write(s, buffer1, buffer1Length); /* buffer1 (variable) */
1377
1378 if (buffer2Length > 0)
1379 Stream_Write(s, buffer2, buffer2Length); /* buffer2 (variable) */
1380
1381 if (buffer3Length > 0)
1382 Stream_Write(s, buffer3, buffer3Length); /* buffer3 (variable) */
1383
1384 if (!rpc_client_write_call(tsg->rpc, s, TsProxySendToServerOpnum))
1385 return -1;
1386
1387 return (int)length;
1388fail:
1389 Stream_Free(s, TRUE);
1390 return -1;
1391}
1392
1404static BOOL TsProxyCreateTunnelWriteRequest(rdpTsg* tsg, const TSG_PACKET* tsgPacket)
1405{
1406 BOOL rc = FALSE;
1407 BOOL write = TRUE;
1408 UINT16 opnum = 0;
1409 wStream* s = NULL;
1410 rdpRpc* rpc = NULL;
1411
1412 if (!tsg || !tsg->rpc)
1413 return FALSE;
1414
1415 rpc = tsg->rpc;
1416 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_to_string(tsgPacket));
1417 s = Stream_New(NULL, 108);
1418
1419 if (!s)
1420 return FALSE;
1421
1422 switch (tsgPacket->packetId)
1423 {
1424 case TSG_PACKET_TYPE_VERSIONCAPS:
1425 {
1426 UINT32 index = 0;
1427 const TSG_PACKET_VERSIONCAPS* packetVersionCaps =
1428 &tsgPacket->tsgPacket.packetVersionCaps;
1429
1430 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1431 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1432 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketVersionCapsPtr (4 bytes) */
1433 goto fail;
1434
1435 if (!tsg_ndr_write_version_caps(tsg->log, s, &index, packetVersionCaps))
1436 goto fail;
1441 /*
1442 * 8-byte constant (8A E3 13 71 02 F4 36 71) also observed here:
1443 * http://lists.samba.org/archive/cifs-protocol/2010-July/001543.html
1444 */
1445 Stream_Write_UINT8(s, 0x8A);
1446 Stream_Write_UINT8(s, 0xE3);
1447 Stream_Write_UINT8(s, 0x13);
1448 Stream_Write_UINT8(s, 0x71);
1449 Stream_Write_UINT8(s, 0x02);
1450 Stream_Write_UINT8(s, 0xF4);
1451 Stream_Write_UINT8(s, 0x36);
1452 Stream_Write_UINT8(s, 0x71);
1453 Stream_Write_UINT32(s, 0x00040001); /* 1.4 (version?) */
1454 Stream_Write_UINT32(s, 0x00000001); /* 1 (element count?) */
1455 /* p_cont_list_t */
1456 Stream_Write_UINT8(s, 2); /* ncontext_elem */
1457 Stream_Write_UINT8(s, 0x40); /* reserved1 */
1458 Stream_Write_UINT16(s, 0x0028); /* reserved2 */
1459 /* p_syntax_id_t */
1460 Stream_Write(s, &TSGU_UUID, sizeof(p_uuid_t));
1461 Stream_Write_UINT32(s, TSGU_SYNTAX_IF_VERSION);
1462 /* p_syntax_id_t */
1463 Stream_Write(s, &NDR_UUID, sizeof(p_uuid_t));
1464 Stream_Write_UINT32(s, NDR_SYNTAX_IF_VERSION);
1465 opnum = TsProxyCreateTunnelOpnum;
1466 }
1467 break;
1468
1469 case TSG_PACKET_TYPE_REAUTH:
1470 {
1471 const TSG_PACKET_REAUTH* packetReauth = &tsgPacket->tsgPacket.packetReauth;
1472 UINT32 index = 0;
1473 Stream_Write_UINT32(s, tsgPacket->packetId); /* PacketId (4 bytes) */
1474 Stream_Write_UINT32(s, tsgPacket->packetId); /* SwitchValue (4 bytes) */
1475 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketReauthPtr (4 bytes) */
1476 goto fail;
1477 if (!tsg_ndr_write_reauth(tsg->log, s, &index, packetReauth))
1478 goto fail;
1479 opnum = TsProxyCreateTunnelOpnum;
1480 }
1481 break;
1482
1483 default:
1484 WLog_Print(tsg->log, WLOG_WARN, "unexpected packetId %s",
1485 tsg_packet_id_to_string(tsgPacket->packetId));
1486 write = FALSE;
1487 break;
1488 }
1489
1490 rc = TRUE;
1491
1492 if (write)
1493 return rpc_client_write_call(rpc, s, opnum);
1494fail:
1495 Stream_Free(s, TRUE);
1496 return rc;
1497}
1498
1499static BOOL tsg_ndr_read_consent_message(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1500 BOOL isMessagePresent)
1501{
1502 TSG_PACKET_STRING_MESSAGE packetStringMessage = { 0 };
1503
1504 WINPR_ASSERT(context);
1505 WINPR_ASSERT(index);
1506
1507 if (!TsProxyReadPacketSTringMessage(log, s, index, &packetStringMessage))
1508 return FALSE;
1509
1510 if (context->instance && isMessagePresent)
1511 {
1512 return IFCALLRESULT(TRUE, context->instance->PresentGatewayMessage, context->instance,
1513 TSG_ASYNC_MESSAGE_CONSENT_MESSAGE ? GATEWAY_MESSAGE_CONSENT
1514 : TSG_ASYNC_MESSAGE_SERVICE_MESSAGE,
1515 packetStringMessage.isDisplayMandatory != 0,
1516 packetStringMessage.isConsentMandatory != 0,
1517 packetStringMessage.msgBytes, packetStringMessage.msgBuffer);
1518 }
1519
1520 return TRUE;
1521}
1522
1523static BOOL tsg_ndr_read_tunnel_context(wLog* log, wStream* s, CONTEXT_HANDLE* tunnelContext,
1524 UINT32* tunnelId)
1525{
1526 if (!tsg_stream_align(log, s, 4))
1527 return FALSE;
1528
1529 /* TunnelContext (20 bytes) */
1530 if (!TsProxyReadTunnelContext(log, s, tunnelContext))
1531 return FALSE;
1532
1533 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1534 return FALSE;
1535
1536 WINPR_ASSERT(tunnelId);
1537 Stream_Read_UINT32(s, *tunnelId); /* TunnelId (4 bytes) */
1538
1539 INT32 ReturnValue = 0;
1540 Stream_Read_INT32(s, ReturnValue); /* ReturnValue (4 bytes) */
1541 if (ReturnValue != NO_ERROR)
1542 WLog_WARN(TAG, "ReturnValue=%s", NtStatus2Tag(ReturnValue));
1543 return TRUE;
1544}
1545
1546static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(wLog* log, wStream* s,
1547 TSG_PACKET_MSG_RESPONSE* pkt)
1548{
1549
1550 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 16))
1551 return FALSE;
1552
1553 Stream_Read_UINT32(s, pkt->msgID); /* MsgId (4 bytes) */
1554 Stream_Read_UINT32(s, pkt->msgType); /* MsgType (4 bytes) */
1555 Stream_Read_INT32(s, pkt->isMsgPresent); /* IsMsgPresent (4 bytes) */
1556 const uint32_t SwitchValue = Stream_Get_UINT32(s); /* SwitchValue (4 bytes) */
1557
1558 if (pkt->msgType != SwitchValue)
1559 {
1560 WLog_ERR(TAG,
1561 "[MS-TSGU] 2.2.9.2.1.9 TSG_PACKET_MSG_RESPONSE MsgType[0x%08" PRIx32
1562 "] != MessageSwitchValue [0x%08" PRIx32 "]",
1563 pkt->msgType, SwitchValue);
1564 return FALSE;
1565 }
1566
1567 return TRUE;
1568}
1569
1570static BOOL tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(wLog* log, rdpContext* context, wStream* s,
1571 uint32_t* index, uint32_t MsgPtr,
1572 const TSG_PACKET_MSG_RESPONSE* pkg,
1573 uint64_t* reauthContext)
1574{
1575 WINPR_ASSERT(pkg);
1576
1577 if (MsgPtr == 0)
1578 {
1579 WLog_Print(log, WLOG_DEBUG,
1580 "Message {0x%08" PRIx32 "} [%s]::isMsgPresent=%" PRId32 ", MsgPtr=0x%08" PRIx32,
1581 pkg->msgType, tsg_packet_id_to_string(pkg->msgType), pkg->isMsgPresent, MsgPtr);
1582 return TRUE;
1583 }
1584
1585 switch (pkg->msgType)
1586 {
1587 case TSG_ASYNC_MESSAGE_CONSENT_MESSAGE:
1588 case TSG_ASYNC_MESSAGE_SERVICE_MESSAGE:
1589 return tsg_ndr_read_consent_message(log, context, s, index, pkg->isMsgPresent);
1590
1591 case TSG_ASYNC_MESSAGE_REAUTH:
1592 {
1593 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 8))
1594 return FALSE;
1595
1596 WINPR_ASSERT(reauthContext);
1597 const uint64_t val = Stream_Get_UINT64(s); /* TunnelContext (8 bytes) */
1598 if (pkg->isMsgPresent != 0)
1599 *reauthContext = val;
1600 return TRUE;
1601 }
1602
1603 default:
1604 WLog_Print(log, WLOG_ERROR, "Unexpected Message Type: 0x%" PRIx32 "", pkg->msgType);
1605 return FALSE;
1606 }
1607}
1608
1609static BOOL tsg_ndr_read_caps_response(wLog* log, rdpContext* context, wStream* s, UINT32* index,
1610 UINT32 PacketPtr, TSG_PACKET_CAPS_RESPONSE* caps,
1611 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId,
1612 uint64_t* reauthContext)
1613{
1614 UINT32 PacketQuarResponsePtr = 0;
1615
1616 WINPR_ASSERT(context);
1617 WINPR_ASSERT(index);
1618 WINPR_ASSERT(caps);
1619 WINPR_ASSERT(reauthContext);
1620
1621 if (!tsg_ndr_pointer_read(log, s, index, &PacketQuarResponsePtr, TRUE))
1622 goto fail;
1623
1624 if (!tsg_ndr_read_quarenc_response(log, s, index, &caps->pktQuarEncResponse))
1625 goto fail;
1626
1627 if (PacketPtr)
1628 {
1629 TSG_PACKET_MSG_RESPONSE pkg = { 0 };
1630 UINT32 MsgPtr = 0;
1631
1632 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(log, s, &pkg))
1633 goto fail;
1634
1635 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, TRUE))
1636 return FALSE;
1637
1638 if (!tsg_ndr_read_quarenc_data(log, s, index, &caps->pktQuarEncResponse))
1639 goto fail;
1640
1641 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(log, context, s, index, MsgPtr, &pkg,
1642 reauthContext))
1643 goto fail;
1644 }
1645
1646 return tsg_ndr_read_tunnel_context(log, s, tunnelContext, tunnelId);
1647fail:
1648 return FALSE;
1649}
1650
1651static BOOL TsProxyCreateTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu,
1652 CONTEXT_HANDLE* tunnelContext, UINT32* tunnelId)
1653{
1654 BOOL rc = FALSE;
1655 UINT32 index = 0;
1656 TSG_PACKET packet = { 0 };
1657 UINT32 SwitchValue = 0;
1658 rdpContext* context = NULL;
1659 UINT32 PacketPtr = 0;
1660
1661 WINPR_ASSERT(tsg);
1662 WINPR_ASSERT(tsg->rpc);
1663 WINPR_ASSERT(tsg->rpc->transport);
1664
1665 context = transport_get_context(tsg->rpc->transport);
1666 WINPR_ASSERT(context);
1667
1668 if (!pdu)
1669 return FALSE;
1670
1671 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1672 goto fail;
1673
1674 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 8))
1675 goto fail;
1676 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1677 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1678
1679 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1680
1681 if ((packet.packetId == TSG_PACKET_TYPE_CAPS_RESPONSE) &&
1682 (SwitchValue == TSG_PACKET_TYPE_CAPS_RESPONSE))
1683 {
1684 if (!tsg_ndr_read_caps_response(tsg->log, context, pdu->s, &index, PacketPtr,
1685 &packet.tsgPacket.packetCapsResponse, tunnelContext,
1686 tunnelId, &tsg->ReauthTunnelContext))
1687 goto fail;
1688 }
1689 else if ((packet.packetId == TSG_PACKET_TYPE_QUARENC_RESPONSE) &&
1690 (SwitchValue == TSG_PACKET_TYPE_QUARENC_RESPONSE))
1691 {
1692 UINT32 PacketQuarResponsePtr = 0;
1693
1694 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketQuarResponsePtr, TRUE))
1695 goto fail;
1696
1697 if (!tsg_ndr_read_quarenc_response(tsg->log, pdu->s, &index,
1698 &packet.tsgPacket.packetQuarEncResponse))
1699 goto fail;
1700
1701 if (!tsg_ndr_read_quarenc_data(tsg->log, pdu->s, &index,
1702 &packet.tsgPacket.packetQuarEncResponse))
1703 goto fail;
1704
1705 if (!tsg_ndr_read_tunnel_context(tsg->log, pdu->s, tunnelContext, tunnelId))
1706 goto fail;
1707 }
1708 else
1709 {
1710 WLog_Print(tsg->log, WLOG_ERROR,
1711 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_CAPS_RESPONSE "
1712 "or TSG_PACKET_TYPE_QUARENC_RESPONSE",
1713 packet.packetId);
1714 goto fail;
1715 }
1716
1717 {
1718 const size_t rem = Stream_GetRemainingLength(pdu->s);
1719 if (rem != 0)
1720 {
1721 WLog_Print(tsg->log, WLOG_WARN, "Partially parsed %s, %" PRIuz " bytes remain",
1722 tsg_packet_id_to_string(packet.packetId), rem);
1723 }
1724 }
1725
1726 rc = TRUE;
1727fail:
1728 return rc;
1729}
1730
1742static BOOL TsProxyAuthorizeTunnelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
1743{
1744 size_t pad = 0;
1745 wStream* s = NULL;
1746 size_t count = 0;
1747 size_t offset = 0;
1748 rdpRpc* rpc = NULL;
1749
1750 if (!tsg || !tsg->rpc || !tunnelContext || !tsg->MachineName)
1751 return FALSE;
1752
1753 count = _wcslen(tsg->MachineName) + 1;
1754 if (count > UINT32_MAX)
1755 return FALSE;
1756
1757 rpc = tsg->rpc;
1758 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyAuthorizeTunnelWriteRequest");
1759 s = Stream_New(NULL, 1024 + count * 2);
1760
1761 if (!s)
1762 return FALSE;
1763
1764 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1765 {
1766 Stream_Free(s, TRUE);
1767 return FALSE;
1768 }
1769
1770 /* 4-byte alignment */
1771 UINT32 index = 0;
1772 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* PacketId (4 bytes) */
1773 Stream_Write_UINT32(s, TSG_PACKET_TYPE_QUARREQUEST); /* SwitchValue (4 bytes) */
1774 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketQuarRequestPtr (4 bytes) */
1775 goto fail;
1776 Stream_Write_UINT32(s, 0x00000000); /* Flags (4 bytes) */
1777 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* MachineNamePtr (4 bytes) */
1778 goto fail;
1779 Stream_Write_UINT32(s, (UINT32)count); /* NameLength (4 bytes) */
1780 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* DataPtr (4 bytes) */
1781 goto fail;
1782 Stream_Write_UINT32(s, 0); /* DataLength (4 bytes) */
1783 /* MachineName */
1784 if (!tsg_ndr_write_string(tsg->log, s, tsg->MachineName, count))
1785 goto fail;
1786 /* 4-byte alignment */
1787 offset = Stream_GetPosition(s);
1788 pad = rpc_offset_align(&offset, 4);
1789 Stream_Zero(s, pad);
1790 Stream_Write_UINT32(s, 0x00000000); /* MaxCount (4 bytes) */
1791 Stream_SealLength(s);
1792 return rpc_client_write_call(rpc, s, TsProxyAuthorizeTunnelOpnum);
1793fail:
1794 Stream_Free(s, TRUE);
1795 return FALSE;
1796}
1797
1798static UINT32 tsg_redir_to_flags(const TSG_REDIRECTION_FLAGS* redirect)
1799{
1800 UINT32 flags = 0;
1801 if (redirect->enableAllRedirections)
1802 flags |= HTTP_TUNNEL_REDIR_ENABLE_ALL;
1803 if (redirect->disableAllRedirections)
1804 flags |= HTTP_TUNNEL_REDIR_DISABLE_ALL;
1805
1806 if (redirect->driveRedirectionDisabled)
1807 flags |= HTTP_TUNNEL_REDIR_DISABLE_DRIVE;
1808 if (redirect->printerRedirectionDisabled)
1809 flags |= HTTP_TUNNEL_REDIR_DISABLE_PRINTER;
1810 if (redirect->portRedirectionDisabled)
1811 flags |= HTTP_TUNNEL_REDIR_DISABLE_PORT;
1812 if (redirect->clipboardRedirectionDisabled)
1813 flags |= HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD;
1814 if (redirect->pnpRedirectionDisabled)
1815 flags |= HTTP_TUNNEL_REDIR_DISABLE_PNP;
1816 return flags;
1817}
1818
1819static BOOL tsg_redirect_apply(rdpTsg* tsg, const TSG_REDIRECTION_FLAGS* redirect)
1820{
1821 WINPR_ASSERT(tsg);
1822 WINPR_ASSERT(redirect);
1823
1824 rdpTransport* transport = tsg->transport;
1825 WINPR_ASSERT(transport);
1826
1827 rdpContext* context = transport_get_context(transport);
1828 UINT32 redirFlags = tsg_redir_to_flags(redirect);
1829 return utils_apply_gateway_policy(tsg->log, context, redirFlags, "TSG");
1830}
1831
1832static BOOL TsProxyAuthorizeTunnelReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
1833{
1834 BOOL rc = FALSE;
1835 UINT32 SwitchValue = 0;
1836 UINT32 index = 0;
1837 TSG_PACKET packet = { 0 };
1838 UINT32 PacketPtr = 0;
1839 UINT32 PacketResponsePtr = 0;
1840
1841 WINPR_ASSERT(tsg);
1842 WINPR_ASSERT(pdu);
1843
1844 wLog* log = tsg->log;
1845 WINPR_ASSERT(log);
1846
1847 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketPtr, TRUE))
1848 goto fail;
1849
1850 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 8))
1851 goto fail;
1852 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1853 Stream_Read_UINT32(pdu->s, SwitchValue); /* SwitchValue (4 bytes) */
1854
1855 WLog_Print(log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1856
1857 if (packet.packetId == E_PROXY_NAP_ACCESSDENIED)
1858 {
1859 WLog_Print(log, WLOG_ERROR, "status: E_PROXY_NAP_ACCESSDENIED (0x%08X)",
1860 E_PROXY_NAP_ACCESSDENIED);
1861 WLog_Print(log, WLOG_ERROR,
1862 "Ensure that the Gateway Connection Authorization Policy is correct");
1863 goto fail;
1864 }
1865
1866 if ((packet.packetId != TSG_PACKET_TYPE_RESPONSE) || (SwitchValue != TSG_PACKET_TYPE_RESPONSE))
1867 {
1868 WLog_Print(log, WLOG_ERROR,
1869 "Unexpected PacketId: 0x%08" PRIX32 ", Expected TSG_PACKET_TYPE_RESPONSE",
1870 packet.packetId);
1871 goto fail;
1872 }
1873
1874 if (!tsg_ndr_pointer_read(log, pdu->s, &index, &PacketResponsePtr, TRUE))
1875 goto fail;
1876
1877 if (!tsg_ndr_read_packet_response(log, pdu->s, &index, &packet.tsgPacket.packetResponse))
1878 goto fail;
1879
1880 rc = TRUE;
1881
1882 if (packet.tsgPacket.packetResponse.flags & TSG_PACKET_TYPE_QUARREQUEST)
1883 rc = tsg_redirect_apply(tsg, &packet.tsgPacket.packetResponse.redirectionFlags);
1884fail:
1885 return rc;
1886}
1887
1899static BOOL TsProxyMakeTunnelCallWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext,
1900 UINT32 procId)
1901{
1902 wStream* s = NULL;
1903 rdpRpc* rpc = NULL;
1904
1905 if (!tsg || !tsg->rpc || !tunnelContext)
1906 return FALSE;
1907
1908 rpc = tsg->rpc;
1909 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyMakeTunnelCallWriteRequest");
1910 s = Stream_New(NULL, 40);
1911
1912 if (!s)
1913 return FALSE;
1914
1915 /* TunnelContext (20 bytes) */
1916 UINT32 index = 0;
1917 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
1918 goto fail;
1919 Stream_Write_UINT32(s, procId); /* ProcId (4 bytes) */
1920 /* 4-byte alignment */
1921 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* PacketId (4 bytes) */
1922 Stream_Write_UINT32(s, TSG_PACKET_TYPE_MSGREQUEST_PACKET); /* SwitchValue (4 bytes) */
1923 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1)) /* PacketMsgRequestPtr (4 bytes) */
1924 goto fail;
1925 Stream_Write_UINT32(s, 0x00000001); /* MaxMessagesPerBatch (4 bytes) */
1926 return rpc_client_write_call(rpc, s, TsProxyMakeTunnelCallOpnum);
1927fail:
1928 Stream_Free(s, TRUE);
1929 return FALSE;
1930}
1931
1932static BOOL TsProxyReadPacketSTringMessage(wLog* log, wStream* s, uint32_t* index,
1933 TSG_PACKET_STRING_MESSAGE* msg)
1934{
1935 UINT32 MsgPtr = 0;
1936
1937 WINPR_ASSERT(msg);
1938
1939 const TSG_PACKET_STRING_MESSAGE empty = { 0 };
1940 *msg = empty;
1941
1942 if (!Stream_CheckAndLogRequiredLengthWLog(log, s, 12))
1943 return FALSE;
1944
1945 Stream_Read_INT32(s, msg->isDisplayMandatory); /* IsDisplayMandatory (4 bytes) */
1946 Stream_Read_INT32(s, msg->isConsentMandatory); /* IsConsentMandatory (4 bytes) */
1947 Stream_Read_UINT32(s, msg->msgBytes); /* MsgBytes (4 bytes) */
1948
1949 if (!tsg_ndr_pointer_read(log, s, index, &MsgPtr, msg->msgBytes != 0))
1950 return FALSE;
1951
1952 if (msg->msgBytes > TSG_MESSAGING_MAX_MESSAGE_LENGTH)
1953 {
1954 WLog_Print(log, WLOG_ERROR, "Out of Spec Message Length %" PRIu32 "", msg->msgBytes);
1955 return FALSE;
1956 }
1957
1958 if (msg->msgBytes == 0)
1959 {
1960 WLog_Print(log, WLOG_DEBUG, "Empty message, skipping string read");
1961 return TRUE;
1962 }
1963
1964 return tsg_ndr_read_string(log, s, &msg->msgBuffer, msg->msgBytes);
1965}
1966
1967static BOOL TsProxyMakeTunnelCallReadResponse(rdpTsg* tsg, const RPC_PDU* pdu)
1968{
1969 BOOL rc = FALSE;
1970 UINT32 index = 0;
1971 TSG_PACKET packet = { 0 };
1972 rdpContext* context = NULL;
1973 TSG_PACKET_MSG_RESPONSE packetMsgResponse = { 0 };
1974 UINT32 PacketPtr = 0;
1975 UINT32 PacketMsgResponsePtr = 0;
1976
1977 WINPR_ASSERT(tsg);
1978 WINPR_ASSERT(tsg->rpc);
1979
1980 context = transport_get_context(tsg->rpc->transport);
1981 WINPR_ASSERT(context);
1982
1983 /* This is an asynchronous response */
1984
1985 if (!pdu)
1986 return FALSE;
1987
1988 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, 28))
1989 goto fail;
1990
1991 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketPtr, TRUE))
1992 goto fail;
1993
1994 Stream_Read_UINT32(pdu->s, packet.packetId); /* PacketId (4 bytes) */
1995
1996 {
1997 const uint32_t SwitchValue = Stream_Get_UINT32(pdu->s); /* SwitchValue (4 bytes) */
1998 WLog_Print(tsg->log, WLOG_DEBUG, "%s", tsg_packet_id_to_string(packet.packetId));
1999
2000 if ((packet.packetId != TSG_PACKET_TYPE_MESSAGE_PACKET) || (packet.packetId != SwitchValue))
2001 {
2002 WLog_Print(tsg->log, WLOG_ERROR,
2003 "Unexpected PacketId: 0x%08" PRIX32
2004 ", Expected TSG_PACKET_TYPE_MESSAGE_PACKET",
2005 packet.packetId);
2006 goto fail;
2007 }
2008 }
2009
2010 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &PacketMsgResponsePtr, TRUE))
2011 goto fail;
2012
2013 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE_header(tsg->log, pdu->s, &packetMsgResponse))
2014 goto fail;
2015
2016 {
2017 UINT32 MessagePtr = 0;
2018 if (!tsg_ndr_pointer_read(tsg->log, pdu->s, &index, &MessagePtr, TRUE))
2019 goto fail;
2020
2021 if (!tsg_ndr_read_TSG_PACKET_MSG_RESPONSE(tsg->log, context, pdu->s, &index, MessagePtr,
2022 &packetMsgResponse, &tsg->ReauthTunnelContext))
2023 goto fail;
2024 }
2025
2026 rc = TRUE;
2027fail:
2028 return rc;
2029}
2030
2042static BOOL TsProxyCreateChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* tunnelContext)
2043{
2044 WINPR_ASSERT(tsg);
2045 WINPR_ASSERT(tunnelContext);
2046
2047 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCreateChannelWriteRequest");
2048
2049 if (!tsg->rpc || !tsg->Hostname)
2050 return FALSE;
2051
2052 rdpRpc* rpc = tsg->rpc;
2053 const size_t count = _wcslen(tsg->Hostname) + 1;
2054 if (count > UINT32_MAX)
2055 return FALSE;
2056
2057 wStream* s = Stream_New(NULL, 60 + count * 2);
2058 if (!s)
2059 return FALSE;
2060
2061 /* TunnelContext (20 bytes) */
2062 if (!TsProxyWriteTunnelContext(tsg->log, s, tunnelContext))
2063 goto fail;
2064
2065 /* TSENDPOINTINFO */
2066 {
2067 UINT32 index = 0;
2068 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2069 goto fail;
2070 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2071 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 0))
2072 goto fail;
2073 }
2074
2075 Stream_Write_UINT16(s, 0x0000); /* NumAlternateResourceNames (2 bytes) */
2076 Stream_Write_UINT16(s, 0x0000); /* Pad (2 bytes) */
2077 /* Port (4 bytes) */
2078 Stream_Write_UINT16(s, 0x0003); /* ProtocolId (RDP = 3) (2 bytes) */
2079 Stream_Write_UINT16(s, tsg->Port); /* PortNumber (0xD3D = 3389) (2 bytes) */
2080 Stream_Write_UINT32(s, 0x00000001); /* NumResourceNames (4 bytes) */
2081 {
2082 UINT32 index = 0;
2083 if (!tsg_ndr_pointer_write(tsg->log, s, &index, 1))
2084 goto fail;
2085 }
2086 if (!tsg_ndr_write_string(tsg->log, s, tsg->Hostname, (UINT32)count))
2087 goto fail;
2088 return rpc_client_write_call(rpc, s, TsProxyCreateChannelOpnum);
2089
2090fail:
2091 Stream_Free(s, TRUE);
2092 return FALSE;
2093}
2094
2095static BOOL TsProxyCreateChannelReadResponse(wLog* log, const RPC_PDU* pdu,
2096 CONTEXT_HANDLE* channelContext, UINT32* channelId)
2097{
2098 BOOL rc = FALSE;
2099
2100 WINPR_ASSERT(log);
2101 WINPR_ASSERT(pdu);
2102 WINPR_ASSERT(channelId);
2103
2104 WLog_Print(log, WLOG_DEBUG, "TsProxyCreateChannelReadResponse");
2105
2106 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 28))
2107 goto fail;
2108
2109 /* ChannelContext (20 bytes) */
2110 if (!TsProxyReadTunnelContext(log, pdu->s, channelContext))
2111 goto fail;
2112 if (!Stream_CheckAndLogRequiredLengthOfSizeWLog(log, pdu->s, 2, sizeof(UINT32)))
2113 goto fail;
2114 Stream_Read_UINT32(pdu->s, *channelId); /* ChannelId (4 bytes) */
2115 Stream_Seek_UINT32(pdu->s); /* ReturnValue (4 bytes) */
2116 rc = TRUE;
2117fail:
2118 return rc;
2119}
2120
2127static BOOL TsProxyCloseChannelWriteRequest(rdpTsg* tsg, CONTEXT_HANDLE* context)
2128{
2129 WINPR_ASSERT(tsg);
2130 WINPR_ASSERT(context);
2131
2132 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseChannelWriteRequest");
2133
2134 rdpRpc* rpc = tsg->rpc;
2135 WINPR_ASSERT(rpc);
2136
2137 wStream* s = Stream_New(NULL, 20);
2138
2139 if (!s)
2140 return FALSE;
2141
2142 /* ChannelContext (20 bytes) */
2143 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2144 goto fail;
2145 return rpc_client_write_call(rpc, s, TsProxyCloseChannelOpnum);
2146fail:
2147 Stream_Free(s, TRUE);
2148 return FALSE;
2149}
2150
2151static BOOL TsProxyCloseChannelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2152{
2153 BOOL rc = FALSE;
2154 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseChannelReadResponse");
2155
2156 if (!pdu)
2157 return FALSE;
2158
2159 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2160 goto fail;
2161
2162 /* ChannelContext (20 bytes) */
2163 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2164 goto fail;
2165
2166 {
2167 const size_t len = sizeof(UINT32);
2168 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2169 goto fail;
2170 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2171 rc = TRUE;
2172 }
2173fail:
2174 return rc;
2175}
2176
2183static BOOL TsProxyCloseTunnelWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* context)
2184{
2185 WINPR_ASSERT(tsg);
2186 WINPR_ASSERT(context);
2187
2188 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxyCloseTunnelWriteRequest");
2189
2190 rdpRpc* rpc = tsg->rpc;
2191 WINPR_ASSERT(rpc);
2192
2193 wStream* s = Stream_New(NULL, 20);
2194
2195 if (!s)
2196 return FALSE;
2197
2198 /* TunnelContext (20 bytes) */
2199 if (!TsProxyWriteTunnelContext(tsg->log, s, context))
2200 goto fail;
2201 return rpc_client_write_call(rpc, s, TsProxyCloseTunnelOpnum);
2202fail:
2203 Stream_Free(s, TRUE);
2204 return FALSE;
2205}
2206
2207static BOOL TsProxyCloseTunnelReadResponse(wLog* log, const RPC_PDU* pdu, CONTEXT_HANDLE* context)
2208{
2209 BOOL rc = FALSE;
2210
2211 WINPR_ASSERT(log);
2212 WINPR_ASSERT(pdu);
2213 WINPR_ASSERT(context);
2214
2215 WLog_Print(log, WLOG_DEBUG, "TsProxyCloseTunnelReadResponse");
2216
2217 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, 24))
2218 goto fail;
2219
2220 /* TunnelContext (20 bytes) */
2221 if (!TsProxyReadTunnelContext(log, pdu->s, context))
2222 goto fail;
2223 {
2224 const size_t len = sizeof(UINT32);
2225 if (!Stream_CheckAndLogRequiredLengthWLog(log, pdu->s, len))
2226 goto fail;
2227 Stream_Seek(pdu->s, len); /* ReturnValue (4 bytes) */
2228 rc = TRUE;
2229 }
2230fail:
2231 return rc;
2232}
2233
2242static BOOL TsProxySetupReceivePipeWriteRequest(rdpTsg* tsg, const CONTEXT_HANDLE* channelContext)
2243{
2244 wStream* s = NULL;
2245 rdpRpc* rpc = NULL;
2246 WLog_Print(tsg->log, WLOG_DEBUG, "TsProxySetupReceivePipeWriteRequest");
2247
2248 WINPR_ASSERT(tsg);
2249 WINPR_ASSERT(tsg->rpc);
2250
2251 if (!channelContext)
2252 return FALSE;
2253
2254 rpc = tsg->rpc;
2255 s = Stream_New(NULL, 20);
2256
2257 if (!s)
2258 return FALSE;
2259
2260 /* ChannelContext (20 bytes) */
2261 if (!TsProxyWriteTunnelContext(tsg->log, s, channelContext))
2262 goto fail;
2263 return rpc_client_write_call(rpc, s, TsProxySetupReceivePipeOpnum);
2264fail:
2265 Stream_Free(s, TRUE);
2266 return FALSE;
2267}
2268
2269static BOOL tsg_transition_to_state(rdpTsg* tsg, TSG_STATE state)
2270{
2271 WINPR_ASSERT(tsg);
2272 const char* oldState = tsg_state_to_string(tsg->state);
2273 const char* newState = tsg_state_to_string(state);
2274
2275 WLog_Print(tsg->log, WLOG_DEBUG, "%s -> %s", oldState, newState);
2276 return tsg_set_state(tsg, state);
2277}
2278
2279static BOOL tsg_initialize_version_caps(TSG_PACKET_VERSIONCAPS* packetVersionCaps)
2280{
2281 WINPR_ASSERT(packetVersionCaps);
2282
2283 packetVersionCaps->tsgHeader.ComponentId = TS_GATEWAY_TRANSPORT;
2284 packetVersionCaps->tsgHeader.PacketId = TSG_PACKET_TYPE_VERSIONCAPS;
2285 packetVersionCaps->numCapabilities = 1;
2286 packetVersionCaps->majorVersion = 1;
2287 packetVersionCaps->minorVersion = 1;
2288 packetVersionCaps->quarantineCapabilities = 0;
2289 packetVersionCaps->tsgCaps.capabilityType = TSG_CAPABILITY_TYPE_NAP;
2290 /*
2291 * Using reduced capabilities appears to trigger
2292 * TSG_PACKET_TYPE_QUARENC_RESPONSE instead of TSG_PACKET_TYPE_CAPS_RESPONSE
2293 *
2294 * However, reduced capabilities may break connectivity with servers enforcing features, such as
2295 * "Only allow connections from Remote Desktop Services clients that support RD Gateway
2296 * messaging"
2297 */
2298
2299 packetVersionCaps->tsgCaps.tsgPacket.tsgCapNap.capabilities =
2300 TSG_NAP_CAPABILITY_QUAR_SOH | TSG_NAP_CAPABILITY_IDLE_TIMEOUT |
2301 TSG_MESSAGING_CAP_CONSENT_SIGN | TSG_MESSAGING_CAP_SERVICE_MSG | TSG_MESSAGING_CAP_REAUTH;
2302 return TRUE;
2303}
2304
2305BOOL tsg_proxy_begin(rdpTsg* tsg)
2306{
2307 TSG_PACKET tsgPacket = { 0 };
2308
2309 WINPR_ASSERT(tsg);
2310
2311 tsgPacket.packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2312 if (!tsg_initialize_version_caps(&tsgPacket.tsgPacket.packetVersionCaps) ||
2313 !TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2314 {
2315 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2316 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2317 return FALSE;
2318 }
2319
2320 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2321}
2322
2323static BOOL tsg_proxy_reauth(rdpTsg* tsg)
2324{
2325 TSG_PACKET tsgPacket = { 0 };
2326
2327 WINPR_ASSERT(tsg);
2328
2329 tsg->reauthSequence = TRUE;
2330 TSG_PACKET_REAUTH* packetReauth = &tsgPacket.tsgPacket.packetReauth;
2331
2332 tsgPacket.packetId = TSG_PACKET_TYPE_REAUTH;
2333 packetReauth->tunnelContext = tsg->ReauthTunnelContext;
2334 packetReauth->packetId = TSG_PACKET_TYPE_VERSIONCAPS;
2335
2336 if (!tsg_initialize_version_caps(&packetReauth->tsgInitialPacket.packetVersionCaps))
2337 return FALSE;
2338
2339 if (!TsProxyCreateTunnelWriteRequest(tsg, &tsgPacket))
2340 {
2341 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnel failure");
2342 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2343 return FALSE;
2344 }
2345
2346 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2347 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2348 {
2349 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2350 tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2351 return FALSE;
2352 }
2353
2354 return tsg_transition_to_state(tsg, TSG_STATE_INITIAL);
2355}
2356
2357BOOL tsg_recv_pdu(rdpTsg* tsg, const RPC_PDU* pdu)
2358{
2359 BOOL rc = FALSE;
2360 RpcClientCall* call = NULL;
2361 rdpRpc* rpc = NULL;
2362
2363 WINPR_ASSERT(tsg);
2364 WINPR_ASSERT(pdu);
2365 WINPR_ASSERT(tsg->rpc);
2366
2367 rpc = tsg->rpc;
2368
2369 if (!(pdu->Flags & RPC_PDU_FLAG_STUB))
2370 {
2371 const size_t len = 24;
2372 if (!Stream_CheckAndLogRequiredLengthWLog(tsg->log, pdu->s, len))
2373 return FALSE;
2374 Stream_Seek(pdu->s, len);
2375 }
2376
2377 switch (tsg->state)
2378 {
2379 case TSG_STATE_INITIAL:
2380 {
2381 CONTEXT_HANDLE* TunnelContext = NULL;
2382 TunnelContext = (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2383
2384 if (!TsProxyCreateTunnelReadResponse(tsg, pdu, TunnelContext, &tsg->TunnelId))
2385 {
2386 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateTunnelReadResponse failure");
2387 return FALSE;
2388 }
2389
2390 if (!tsg_transition_to_state(tsg, TSG_STATE_CONNECTED))
2391 return FALSE;
2392
2393 if (!TsProxyAuthorizeTunnelWriteRequest(tsg, TunnelContext))
2394 {
2395 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnel failure");
2396 return FALSE;
2397 }
2398
2399 rc = TRUE;
2400 }
2401 break;
2402
2403 case TSG_STATE_CONNECTED:
2404 {
2405 CONTEXT_HANDLE* TunnelContext =
2406 (tsg->reauthSequence) ? &tsg->NewTunnelContext : &tsg->TunnelContext;
2407
2408 if (!TsProxyAuthorizeTunnelReadResponse(tsg, pdu))
2409 {
2410 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyAuthorizeTunnelReadResponse failure");
2411 return FALSE;
2412 }
2413
2414 if (!tsg_transition_to_state(tsg, TSG_STATE_AUTHORIZED))
2415 return FALSE;
2416
2417 if (!tsg->reauthSequence)
2418 {
2419 if (!TsProxyMakeTunnelCallWriteRequest(tsg, TunnelContext,
2420 TSG_TUNNEL_CALL_ASYNC_MSG_REQUEST))
2421 {
2422 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2423 return FALSE;
2424 }
2425 }
2426
2427 if (!TsProxyCreateChannelWriteRequest(tsg, TunnelContext))
2428 {
2429 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannel failure");
2430 return FALSE;
2431 }
2432
2433 rc = TRUE;
2434 }
2435 break;
2436
2437 case TSG_STATE_AUTHORIZED:
2438 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2439
2440 if (!call)
2441 return FALSE;
2442
2443 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2444 {
2445 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2446 {
2447 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2448 return FALSE;
2449 }
2450
2451 rc = TRUE;
2452 }
2453 else if (call->OpNum == TsProxyCreateChannelOpnum)
2454 {
2455 CONTEXT_HANDLE ChannelContext;
2456
2457 if (!TsProxyCreateChannelReadResponse(tsg->log, pdu, &ChannelContext,
2458 &tsg->ChannelId))
2459 {
2460 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCreateChannelReadResponse failure");
2461 return FALSE;
2462 }
2463
2464 if (!tsg->reauthSequence)
2465 CopyMemory(&tsg->ChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2466 else
2467 CopyMemory(&tsg->NewChannelContext, &ChannelContext, sizeof(CONTEXT_HANDLE));
2468
2469 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CREATED))
2470 return FALSE;
2471
2472 if (!tsg->reauthSequence)
2473 {
2474 if (!TsProxySetupReceivePipeWriteRequest(tsg, &tsg->ChannelContext))
2475 {
2476 WLog_Print(tsg->log, WLOG_ERROR, "TsProxySetupReceivePipe failure");
2477 return FALSE;
2478 }
2479 }
2480 else
2481 {
2482 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->NewChannelContext))
2483 {
2484 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2485 return FALSE;
2486 }
2487
2488 if (!TsProxyCloseTunnelWriteRequest(tsg, &tsg->NewTunnelContext))
2489 {
2490 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelWriteRequest failure");
2491 return FALSE;
2492 }
2493 }
2494
2495 rc = tsg_transition_to_state(tsg, TSG_STATE_PIPE_CREATED);
2496 tsg->reauthSequence = FALSE;
2497 }
2498 else
2499 {
2500 WLog_Print(tsg->log, WLOG_ERROR,
2501 "TSG_STATE_AUTHORIZED unexpected OpNum: %" PRIu32 "\n", call->OpNum);
2502 }
2503
2504 break;
2505
2506 case TSG_STATE_CHANNEL_CREATED:
2507 break;
2508
2509 case TSG_STATE_PIPE_CREATED:
2510 call = rpc_client_call_find_by_id(rpc->client, pdu->CallId);
2511
2512 if (!call)
2513 return FALSE;
2514
2515 if (call->OpNum == TsProxyMakeTunnelCallOpnum)
2516 {
2517 if (!TsProxyMakeTunnelCallReadResponse(tsg, pdu))
2518 {
2519 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCallReadResponse failure");
2520 return FALSE;
2521 }
2522
2523 rc = TRUE;
2524
2525 if (tsg->ReauthTunnelContext)
2526 rc = tsg_proxy_reauth(tsg);
2527 }
2528 else if (call->OpNum == TsProxyCloseChannelOpnum)
2529 {
2530 CONTEXT_HANDLE ChannelContext;
2531
2532 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2533 {
2534 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2535 return FALSE;
2536 }
2537
2538 rc = TRUE;
2539 }
2540 else if (call->OpNum == TsProxyCloseTunnelOpnum)
2541 {
2542 CONTEXT_HANDLE TunnelContext;
2543
2544 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2545 {
2546 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2547 return FALSE;
2548 }
2549
2550 rc = TRUE;
2551 }
2552
2553 break;
2554
2555 case TSG_STATE_TUNNEL_CLOSE_PENDING:
2556 {
2557 CONTEXT_HANDLE ChannelContext;
2558
2559 if (!TsProxyCloseChannelReadResponse(tsg->log, pdu, &ChannelContext))
2560 {
2561 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelReadResponse failure");
2562 return FALSE;
2563 }
2564
2565 if (!tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING))
2566 return FALSE;
2567
2568 if (!TsProxyCloseChannelWriteRequest(tsg, NULL))
2569 {
2570 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseChannelWriteRequest failure");
2571 return FALSE;
2572 }
2573
2574 if (!TsProxyMakeTunnelCallWriteRequest(tsg, &tsg->TunnelContext,
2575 TSG_TUNNEL_CANCEL_ASYNC_MSG_REQUEST))
2576 {
2577 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyMakeTunnelCall failure");
2578 return FALSE;
2579 }
2580
2581 rc = TRUE;
2582 }
2583 break;
2584
2585 case TSG_STATE_CHANNEL_CLOSE_PENDING:
2586 {
2587 CONTEXT_HANDLE TunnelContext;
2588
2589 if (!TsProxyCloseTunnelReadResponse(tsg->log, pdu, &TunnelContext))
2590 {
2591 WLog_Print(tsg->log, WLOG_ERROR, "TsProxyCloseTunnelReadResponse failure");
2592 return FALSE;
2593 }
2594
2595 rc = tsg_transition_to_state(tsg, TSG_STATE_FINAL);
2596 }
2597 break;
2598
2599 case TSG_STATE_FINAL:
2600 break;
2601 default:
2602 break;
2603 }
2604
2605 return rc;
2606}
2607
2608BOOL tsg_check_event_handles(rdpTsg* tsg)
2609{
2610 WINPR_ASSERT(tsg);
2611 if (rpc_client_in_channel_recv(tsg->rpc) < 0)
2612 return FALSE;
2613
2614 if (rpc_client_out_channel_recv(tsg->rpc) < 0)
2615 return FALSE;
2616
2617 return TRUE;
2618}
2619
2620DWORD tsg_get_event_handles(rdpTsg* tsg, HANDLE* events, DWORD count)
2621{
2622 UINT32 nCount = 0;
2623 rdpRpc* rpc = tsg->rpc;
2624 RpcVirtualConnection* connection = rpc->VirtualConnection;
2625
2626 if (events && (nCount < count))
2627 {
2628 events[nCount] = rpc->client->PipeEvent;
2629 nCount++;
2630 }
2631 else
2632 return 0;
2633
2634 if (connection->DefaultInChannel && connection->DefaultInChannel->common.tls)
2635 {
2636 if (events && (nCount < count))
2637 {
2638 BIO_get_event(connection->DefaultInChannel->common.tls->bio, &events[nCount]);
2639 nCount++;
2640 }
2641 else
2642 return 0;
2643 }
2644
2645 if (connection->NonDefaultInChannel && connection->NonDefaultInChannel->common.tls)
2646 {
2647 if (events && (nCount < count))
2648 {
2649 BIO_get_event(connection->NonDefaultInChannel->common.tls->bio, &events[nCount]);
2650 nCount++;
2651 }
2652 else
2653 return 0;
2654 }
2655
2656 if (connection->DefaultOutChannel && connection->DefaultOutChannel->common.tls)
2657 {
2658 if (events && (nCount < count))
2659 {
2660 BIO_get_event(connection->DefaultOutChannel->common.tls->bio, &events[nCount]);
2661 nCount++;
2662 }
2663 else
2664 return 0;
2665 }
2666
2667 if (connection->NonDefaultOutChannel && connection->NonDefaultOutChannel->common.tls)
2668 {
2669 if (events && (nCount < count))
2670 {
2671 BIO_get_event(connection->NonDefaultOutChannel->common.tls->bio, &events[nCount]);
2672 nCount++;
2673 }
2674 else
2675 return 0;
2676 }
2677
2678 return nCount;
2679}
2680
2681static BOOL tsg_set_hostname(rdpTsg* tsg, const char* hostname)
2682{
2683 WINPR_ASSERT(tsg);
2684 free(tsg->Hostname);
2685 tsg->Hostname = ConvertUtf8ToWCharAlloc(hostname, NULL);
2686 return tsg->Hostname != NULL;
2687}
2688
2689static BOOL tsg_set_machine_name(rdpTsg* tsg, const char* machineName)
2690{
2691 WINPR_ASSERT(tsg);
2692 free(tsg->MachineName);
2693 tsg->MachineName = ConvertUtf8ToWCharAlloc(machineName, NULL);
2694 return tsg->MachineName != NULL;
2695}
2696
2697BOOL tsg_connect(rdpTsg* tsg, const char* hostname, UINT16 port, DWORD timeout)
2698{
2699 UINT64 looptimeout = timeout * 1000ULL;
2700 DWORD nCount = 0;
2701 HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 };
2702
2703 WINPR_ASSERT(tsg);
2704
2705 rdpRpc* rpc = tsg->rpc;
2706 WINPR_ASSERT(rpc);
2707
2708 rdpTransport* transport = rpc->transport;
2709 rdpContext* context = transport_get_context(transport);
2710 WINPR_ASSERT(context);
2711
2712 rdpSettings* settings = context->settings;
2713
2714 freerdp_set_last_error(context, ERROR_SUCCESS);
2715
2716 tsg->Port = port;
2717 tsg->transport = transport;
2718
2719 if (!settings->GatewayPort)
2720 settings->GatewayPort = 443;
2721
2722 if (!tsg_set_hostname(tsg, hostname))
2723 return FALSE;
2724
2725 if (!tsg_set_machine_name(tsg, settings->ComputerName))
2726 return FALSE;
2727
2728 if (!rpc_connect(rpc, timeout))
2729 {
2730 WLog_Print(tsg->log, WLOG_ERROR, "rpc_connect error!");
2731 return FALSE;
2732 }
2733
2734 nCount = tsg_get_event_handles(tsg, events, ARRAYSIZE(events));
2735
2736 if (nCount == 0)
2737 return FALSE;
2738
2739 while (tsg->state != TSG_STATE_PIPE_CREATED)
2740 {
2741 const DWORD polltimeout = 250;
2742 DWORD status = WaitForMultipleObjects(nCount, events, FALSE, polltimeout);
2743 if (status == WAIT_TIMEOUT)
2744 {
2745 if (timeout > 0)
2746 {
2747 if (looptimeout < polltimeout)
2748 return FALSE;
2749 looptimeout -= polltimeout;
2750 }
2751 }
2752 else
2753 looptimeout = timeout * 1000ULL;
2754
2755 if (!tsg_check_event_handles(tsg))
2756 {
2757 WLog_Print(tsg->log, WLOG_ERROR, "tsg_check failure");
2758 transport_set_layer(transport, TRANSPORT_LAYER_CLOSED);
2759 return FALSE;
2760 }
2761 }
2762
2763 WLog_Print(tsg->log, WLOG_INFO, "TS Gateway Connection Success");
2764 tsg->bio = BIO_new(BIO_s_tsg());
2765
2766 if (!tsg->bio)
2767 return FALSE;
2768
2769 BIO_set_data(tsg->bio, (void*)tsg);
2770 return TRUE;
2771}
2772
2773BOOL tsg_disconnect(rdpTsg* tsg)
2774{
2794 if (!tsg)
2795 return FALSE;
2796
2797 if (tsg->state != TSG_STATE_TUNNEL_CLOSE_PENDING)
2798 {
2799 if (!TsProxyCloseChannelWriteRequest(tsg, &tsg->ChannelContext))
2800 return FALSE;
2801
2802 return tsg_transition_to_state(tsg, TSG_STATE_CHANNEL_CLOSE_PENDING);
2803 }
2804
2805 return TRUE;
2806}
2807
2818static int tsg_read(rdpTsg* tsg, BYTE* data, size_t length)
2819{
2820 rdpRpc* rpc = NULL;
2821 int status = 0;
2822
2823 if (!tsg || !data)
2824 return -1;
2825
2826 rpc = tsg->rpc;
2827
2828 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
2829 {
2830 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
2831 return -1;
2832 }
2833
2834 do
2835 {
2836 status = rpc_client_receive_pipe_read(rpc->client, data, length);
2837
2838 if (status < 0)
2839 return -1;
2840
2841 if (!status && !transport_get_blocking(rpc->transport))
2842 return 0;
2843
2844 if (transport_get_layer(rpc->transport) == TRANSPORT_LAYER_CLOSED)
2845 {
2846 WLog_Print(tsg->log, WLOG_ERROR, "tsg_read error: connection lost");
2847 return -1;
2848 }
2849
2850 if (status > 0)
2851 break;
2852
2853 if (transport_get_blocking(rpc->transport))
2854 {
2855 while (WaitForSingleObject(rpc->client->PipeEvent, 0) != WAIT_OBJECT_0)
2856 {
2857 if (!tsg_check_event_handles(tsg))
2858 return -1;
2859
2860 (void)WaitForSingleObject(rpc->client->PipeEvent, 100);
2861 }
2862 }
2863 } while (transport_get_blocking(rpc->transport));
2864
2865 return status;
2866}
2867
2868static int tsg_write(rdpTsg* tsg, const BYTE* data, UINT32 length)
2869{
2870 int status = 0;
2871
2872 if (!tsg || !data || !tsg->rpc || !tsg->rpc->transport)
2873 return -1;
2874
2875 if (transport_get_layer(tsg->rpc->transport) == TRANSPORT_LAYER_CLOSED)
2876 {
2877 WLog_Print(tsg->log, WLOG_ERROR, "error, connection lost");
2878 return -1;
2879 }
2880
2881 status = TsProxySendToServer((handle_t)tsg, data, 1, &length);
2882
2883 if (status < 0)
2884 return -1;
2885
2886 return (int)length;
2887}
2888
2889rdpTsg* tsg_new(rdpTransport* transport)
2890{
2891 rdpTsg* tsg = (rdpTsg*)calloc(1, sizeof(rdpTsg));
2892
2893 if (!tsg)
2894 return NULL;
2895 tsg->log = WLog_Get(TAG);
2896 tsg->transport = transport;
2897 tsg->rpc = rpc_new(tsg->transport);
2898
2899 if (!tsg->rpc)
2900 goto out_free;
2901
2902 return tsg;
2903out_free:
2904 free(tsg);
2905 return NULL;
2906}
2907
2908void tsg_free(rdpTsg* tsg)
2909{
2910 if (tsg)
2911 {
2912 rpc_free(tsg->rpc);
2913 free(tsg->Hostname);
2914 free(tsg->MachineName);
2915 free(tsg);
2916 }
2917}
2918
2919static int transport_bio_tsg_write(BIO* bio, const char* buf, int num)
2920{
2921 int status = 0;
2922 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2923 BIO_clear_flags(bio, BIO_FLAGS_WRITE);
2924
2925 if (num < 0)
2926 return -1;
2927 status = tsg_write(tsg, (const BYTE*)buf, (UINT32)num);
2928
2929 if (status < 0)
2930 {
2931 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2932 return -1;
2933 }
2934 else if (status == 0)
2935 {
2936 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2937 WSASetLastError(WSAEWOULDBLOCK);
2938 }
2939 else
2940 {
2941 BIO_set_flags(bio, BIO_FLAGS_WRITE);
2942 }
2943
2944 return status >= 0 ? status : -1;
2945}
2946
2947static int transport_bio_tsg_read(BIO* bio, char* buf, int size)
2948{
2949 int status = 0;
2950 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2951
2952 if (!tsg || (size < 0))
2953 {
2954 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2955 return -1;
2956 }
2957
2958 BIO_clear_flags(bio, BIO_FLAGS_READ);
2959 status = tsg_read(tsg, (BYTE*)buf, (size_t)size);
2960
2961 if (status < 0)
2962 {
2963 BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY);
2964 return -1;
2965 }
2966 else if (status == 0)
2967 {
2968 BIO_set_flags(bio, BIO_FLAGS_READ);
2969 WSASetLastError(WSAEWOULDBLOCK);
2970 }
2971 else
2972 {
2973 BIO_set_flags(bio, BIO_FLAGS_READ);
2974 }
2975
2976 return status > 0 ? status : -1;
2977}
2978
2979static int transport_bio_tsg_puts(BIO* bio, const char* str)
2980{
2981 WINPR_UNUSED(bio);
2982 WINPR_UNUSED(str);
2983 return -2;
2984}
2985
2986// NOLINTNEXTLINE(readability-non-const-parameter)
2987static int transport_bio_tsg_gets(BIO* bio, char* str, int size)
2988{
2989 WINPR_UNUSED(bio);
2990 WINPR_UNUSED(str);
2991 WINPR_UNUSED(size);
2992 return 1;
2993}
2994
2995static long transport_bio_tsg_ctrl(BIO* bio, int cmd, long arg1, void* arg2)
2996{
2997 long status = -1;
2998 rdpTsg* tsg = (rdpTsg*)BIO_get_data(bio);
2999 RpcVirtualConnection* connection = tsg->rpc->VirtualConnection;
3000 RpcInChannel* inChannel = connection->DefaultInChannel;
3001 RpcOutChannel* outChannel = connection->DefaultOutChannel;
3002
3003 switch (cmd)
3004 {
3005 case BIO_CTRL_FLUSH:
3006 (void)BIO_flush(inChannel->common.tls->bio);
3007 (void)BIO_flush(outChannel->common.tls->bio);
3008 status = 1;
3009 break;
3010
3011 case BIO_C_GET_EVENT:
3012 if (arg2)
3013 {
3014 *((HANDLE*)arg2) = tsg->rpc->client->PipeEvent;
3015 status = 1;
3016 }
3017
3018 break;
3019
3020 case BIO_C_SET_NONBLOCK:
3021 status = 1;
3022 break;
3023
3024 case BIO_C_READ_BLOCKED:
3025 {
3026 BIO* cbio = outChannel->common.bio;
3027 status = BIO_read_blocked(cbio);
3028 }
3029 break;
3030
3031 case BIO_C_WRITE_BLOCKED:
3032 {
3033 BIO* cbio = inChannel->common.bio;
3034 status = BIO_write_blocked(cbio);
3035 }
3036 break;
3037
3038 case BIO_C_WAIT_READ:
3039 {
3040 int timeout = (int)arg1;
3041 BIO* cbio = outChannel->common.bio;
3042
3043 if (BIO_read_blocked(cbio))
3044 return BIO_wait_read(cbio, timeout);
3045 else if (BIO_write_blocked(cbio))
3046 return BIO_wait_write(cbio, timeout);
3047 else
3048 status = 1;
3049 }
3050 break;
3051
3052 case BIO_C_WAIT_WRITE:
3053 {
3054 int timeout = (int)arg1;
3055 BIO* cbio = inChannel->common.bio;
3056
3057 if (BIO_write_blocked(cbio))
3058 status = BIO_wait_write(cbio, timeout);
3059 else if (BIO_read_blocked(cbio))
3060 status = BIO_wait_read(cbio, timeout);
3061 else
3062 status = 1;
3063 }
3064 break;
3065#if OPENSSL_VERSION_NUMBER >= 0x30000000L
3066 case BIO_CTRL_GET_KTLS_SEND:
3067 status = 0;
3068 break;
3069 case BIO_CTRL_GET_KTLS_RECV:
3070 status = 0;
3071 break;
3072#endif
3073 default:
3074 break;
3075 }
3076
3077 return status;
3078}
3079
3080static int transport_bio_tsg_new(BIO* bio)
3081{
3082 WINPR_ASSERT(bio);
3083 BIO_set_init(bio, 1);
3084 BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY);
3085 return 1;
3086}
3087
3088static int transport_bio_tsg_free(BIO* bio)
3089{
3090 WINPR_ASSERT(bio);
3091 WINPR_UNUSED(bio);
3092 return 1;
3093}
3094
3095BIO_METHOD* BIO_s_tsg(void)
3096{
3097 static BIO_METHOD* bio_methods = NULL;
3098
3099 if (bio_methods == NULL)
3100 {
3101 if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway")))
3102 return NULL;
3103
3104 BIO_meth_set_write(bio_methods, transport_bio_tsg_write);
3105 BIO_meth_set_read(bio_methods, transport_bio_tsg_read);
3106 BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts);
3107 BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets);
3108 BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl);
3109 BIO_meth_set_create(bio_methods, transport_bio_tsg_new);
3110 BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free);
3111 }
3112
3113 return bio_methods;
3114}
3115
3116TSG_STATE tsg_get_state(rdpTsg* tsg)
3117{
3118 if (!tsg)
3119 return TSG_STATE_INITIAL;
3120
3121 return tsg->state;
3122}
3123
3124BIO* tsg_get_bio(rdpTsg* tsg)
3125{
3126 if (!tsg)
3127 return NULL;
3128
3129 return tsg->bio;
3130}
3131
3132BOOL tsg_set_state(rdpTsg* tsg, TSG_STATE state)
3133{
3134 if (!tsg)
3135 return FALSE;
3136
3137 tsg->state = state;
3138 return TRUE;
3139}
CONTEXT_HANDLE
Definition winpr/include/winpr/rpc.h:26
RPC_PDU
Definition libfreerdp/core/gateway/rpc.h:66
p_uuid_t
Definition libfreerdp/core/gateway/rpc.h:150