FreeRDP
Loading...
Searching...
No Matches
utils.c
1
21#include <freerdp/config.h>
22
23#include "settings.h"
24
25#include <winpr/assert.h>
26
27#include <freerdp/freerdp.h>
28#include <freerdp/channels/cliprdr.h>
29#include <freerdp/channels/rdpdr.h>
30
31#include <freerdp/log.h>
32#define TAG FREERDP_TAG("core.gateway.utils")
33
34#include "utils.h"
35
36#include "../core/rdp.h"
37
38BOOL utils_str_copy(const char* value, char** dst)
39{
40 WINPR_ASSERT(dst);
41
42 free(*dst);
43 *dst = NULL;
44 if (!value)
45 return TRUE;
46
47 (*dst) = _strdup(value);
48 return (*dst) != NULL;
49}
50
51static BOOL utils_copy_smartcard_settings(const rdpSettings* settings, rdpSettings* origSettings)
52{
53 /* update original settings with provided smart card settings */
54 origSettings->SmartcardLogon = settings->SmartcardLogon;
55 origSettings->PasswordIsSmartcardPin = settings->PasswordIsSmartcardPin;
56 if (!utils_str_copy(settings->ReaderName, &origSettings->ReaderName))
57 return FALSE;
58 if (!utils_str_copy(settings->CspName, &origSettings->CspName))
59 return FALSE;
60 if (!utils_str_copy(settings->ContainerName, &origSettings->ContainerName))
61 return FALSE;
62
63 return TRUE;
64}
65
66auth_status utils_authenticate_gateway(freerdp* instance, rdp_auth_reason reason)
67{
68 rdpSettings* settings = NULL;
69 rdpSettings* origSettings = NULL;
70 BOOL prompt = FALSE;
71 BOOL proceed = 0;
72
73 WINPR_ASSERT(instance);
74 WINPR_ASSERT(instance->context);
75 WINPR_ASSERT(instance->context->settings);
76 WINPR_ASSERT(instance->context->rdp);
77 WINPR_ASSERT(instance->context->rdp->originalSettings);
78
79 settings = instance->context->settings;
80 origSettings = instance->context->rdp->originalSettings;
81
82 if (freerdp_shall_disconnect_context(instance->context))
83 return AUTH_FAILED;
84
85 if (utils_str_is_empty(freerdp_settings_get_string(settings, FreeRDP_GatewayPassword)))
86 prompt = TRUE;
87 if (utils_str_is_empty(freerdp_settings_get_string(settings, FreeRDP_GatewayUsername)))
88 prompt = TRUE;
89
90 if (!prompt)
91 return AUTH_SKIP;
92
93 if (!instance->GatewayAuthenticate && !instance->AuthenticateEx)
94 return AUTH_NO_CREDENTIALS;
95
96 if (!instance->GatewayAuthenticate)
97 {
98 proceed =
99 instance->AuthenticateEx(instance, &settings->GatewayUsername,
100 &settings->GatewayPassword, &settings->GatewayDomain, reason);
101 if (!proceed)
102 return AUTH_CANCELLED;
103 }
104 else
105 {
106 proceed =
107 instance->GatewayAuthenticate(instance, &settings->GatewayUsername,
108 &settings->GatewayPassword, &settings->GatewayDomain);
109 if (!proceed)
110 return AUTH_CANCELLED;
111 }
112
113 if (utils_str_is_empty(settings->GatewayUsername) ||
114 utils_str_is_empty(settings->GatewayPassword))
115 return AUTH_NO_CREDENTIALS;
116
117 if (!utils_sync_credentials(settings, FALSE))
118 return AUTH_FAILED;
119
120 /* update original settings with provided user credentials */
121 if (!utils_str_copy(settings->GatewayUsername, &origSettings->GatewayUsername))
122 return AUTH_FAILED;
123 if (!utils_str_copy(settings->GatewayDomain, &origSettings->GatewayDomain))
124 return AUTH_FAILED;
125 if (!utils_str_copy(settings->GatewayPassword, &origSettings->GatewayPassword))
126 return AUTH_FAILED;
127 if (!utils_sync_credentials(origSettings, FALSE))
128 return AUTH_FAILED;
129
130 if (!utils_copy_smartcard_settings(settings, origSettings))
131 return AUTH_FAILED;
132
133 return AUTH_SUCCESS;
134}
135
136auth_status utils_authenticate(freerdp* instance, rdp_auth_reason reason, BOOL override)
137{
138 rdpSettings* settings = NULL;
139 rdpSettings* origSettings = NULL;
140 BOOL prompt = !override;
141 BOOL proceed = 0;
142
143 WINPR_ASSERT(instance);
144 WINPR_ASSERT(instance->context);
145 WINPR_ASSERT(instance->context->settings);
146 WINPR_ASSERT(instance->context->rdp);
147 WINPR_ASSERT(instance->context->rdp->originalSettings);
148
149 settings = instance->context->settings;
150 origSettings = instance->context->rdp->originalSettings;
151
152 if (freerdp_shall_disconnect_context(instance->context))
153 return AUTH_FAILED;
154
155 if (settings->ConnectChildSession)
156 return AUTH_NO_CREDENTIALS;
157
158 /* Ask for auth data if no or an empty username was specified or no password was given */
159 if (utils_str_is_empty(freerdp_settings_get_string(settings, FreeRDP_Username)) ||
160 (settings->Password == NULL && settings->RedirectionPassword == NULL))
161 prompt = TRUE;
162
163 if (!prompt)
164 return AUTH_SKIP;
165
166 switch (reason)
167 {
168 case AUTH_RDP:
169 case AUTH_TLS:
170 if (settings->SmartcardLogon)
171 {
172 if (!utils_str_is_empty(settings->Password))
173 {
174 WLog_INFO(TAG, "Authentication via smartcard");
175 return AUTH_SUCCESS;
176 }
177 reason = AUTH_SMARTCARD_PIN;
178 }
179 break;
180 case AUTH_NLA:
181 if (settings->SmartcardLogon)
182 reason = AUTH_SMARTCARD_PIN;
183 break;
184 case AUTH_RDSTLS:
185 default:
186 break;
187 }
188
189 /* If no callback is specified still continue connection */
190 if (!instance->Authenticate && !instance->AuthenticateEx)
191 return AUTH_NO_CREDENTIALS;
192
193 if (!instance->Authenticate)
194 {
195 proceed = instance->AuthenticateEx(instance, &settings->Username, &settings->Password,
196 &settings->Domain, reason);
197 if (!proceed)
198 return AUTH_CANCELLED;
199 }
200 else
201 {
202 proceed = instance->Authenticate(instance, &settings->Username, &settings->Password,
203 &settings->Domain);
204 if (!proceed)
205 return AUTH_NO_CREDENTIALS;
206 }
207
208 if (utils_str_is_empty(settings->Username) || utils_str_is_empty(settings->Password))
209 return AUTH_NO_CREDENTIALS;
210
211 if (!utils_sync_credentials(settings, TRUE))
212 return AUTH_FAILED;
213
214 /* update original settings with provided user credentials */
215 if (!utils_str_copy(settings->Username, &origSettings->Username))
216 return AUTH_FAILED;
217 if (!utils_str_copy(settings->Domain, &origSettings->Domain))
218 return AUTH_FAILED;
219 if (!utils_str_copy(settings->Password, &origSettings->Password))
220 return AUTH_FAILED;
221 if (!utils_sync_credentials(origSettings, TRUE))
222 return AUTH_FAILED;
223
224 if (!utils_copy_smartcard_settings(settings, origSettings))
225 return AUTH_FAILED;
226
227 return AUTH_SUCCESS;
228}
229
230BOOL utils_sync_credentials(rdpSettings* settings, BOOL toGateway)
231{
232 WINPR_ASSERT(settings);
233 if (!settings->GatewayUseSameCredentials)
234 return TRUE;
235
236 if (toGateway)
237 {
238 if (!utils_str_copy(settings->Username, &settings->GatewayUsername))
239 return FALSE;
240 if (!utils_str_copy(settings->Domain, &settings->GatewayDomain))
241 return FALSE;
242 if (!utils_str_copy(settings->Password, &settings->GatewayPassword))
243 return FALSE;
244 }
245 else
246 {
247 if (!utils_str_copy(settings->GatewayUsername, &settings->Username))
248 return FALSE;
249 if (!utils_str_copy(settings->GatewayDomain, &settings->Domain))
250 return FALSE;
251 if (!utils_str_copy(settings->GatewayPassword, &settings->Password))
252 return FALSE;
253 }
254 return TRUE;
255}
256
257BOOL utils_persist_credentials(rdpSettings* settings, const rdpSettings* current)
258{
259 if (!settings || !current)
260 return FALSE;
261
262 const SSIZE_T keys[] = { FreeRDP_GatewayUsername, FreeRDP_GatewayDomain,
263 FreeRDP_GatewayPassword, FreeRDP_Username,
264 FreeRDP_Domain, FreeRDP_Password };
265
266 for (size_t x = 0; x < ARRAYSIZE(keys); x++)
267 {
268 const SSIZE_T key = keys[x];
269 if (!freerdp_settings_copy_item(settings, current, key))
270 {
271 WLog_ERR(TAG, "Failed to copy %s from current to backup settings",
273 return FALSE;
274 }
275 }
276
277 return TRUE;
278}
279
280BOOL utils_str_is_empty(const char* str)
281{
282 if (!str)
283 return TRUE;
284 if (*str == '\0')
285 return TRUE;
286 return FALSE;
287}
288
289BOOL utils_abort_connect(rdpRdp* rdp)
290{
291 if (!rdp)
292 return FALSE;
293
294 return SetEvent(rdp->abortEvent);
295}
296
297BOOL utils_reset_abort(rdpRdp* rdp)
298{
299 WINPR_ASSERT(rdp);
300
301 return ResetEvent(rdp->abortEvent);
302}
303
304HANDLE utils_get_abort_event(rdpRdp* rdp)
305{
306 WINPR_ASSERT(rdp);
307 return rdp->abortEvent;
308}
309
310BOOL utils_abort_event_is_set(const rdpRdp* rdp)
311{
312 DWORD status = 0;
313 WINPR_ASSERT(rdp);
314 status = WaitForSingleObject(rdp->abortEvent, 0);
315 return status == WAIT_OBJECT_0;
316}
317
318const char* utils_is_vsock(const char* hostname)
319{
320 if (!hostname)
321 return NULL;
322
323 const char vsock[8] = "vsock://";
324 if (strncmp(hostname, vsock, sizeof(vsock)) == 0)
325 return &hostname[sizeof(vsock)];
326 return NULL;
327}
328
329static BOOL remove_rdpdr_type(rdpSettings* settings, UINT32 type)
330{
331 RDPDR_DEVICE* printer = NULL;
332 do
333 {
334 printer = freerdp_device_collection_find_type(settings, type);
335 freerdp_device_collection_del(settings, printer);
336 freerdp_device_free(printer);
337 } while (printer);
338 return TRUE;
339}
340
341static BOOL disable_clipboard(rdpSettings* settings)
342{
343 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectClipboard, FALSE))
344 return FALSE;
345 freerdp_static_channel_collection_del(settings, CLIPRDR_SVC_CHANNEL_NAME);
346 return TRUE;
347}
348
349static BOOL disable_drive(rdpSettings* settings)
350{
351 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectDrives, FALSE))
352 return FALSE;
353 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectHomeDrive, FALSE))
354 return FALSE;
355
356 return remove_rdpdr_type(settings, RDPDR_DTYP_FILESYSTEM);
357}
358
359static BOOL disable_printers(rdpSettings* settings)
360{
361 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectPrinters, FALSE))
362 return FALSE;
363
364 return remove_rdpdr_type(settings, RDPDR_DTYP_PRINT);
365}
366
367static BOOL disable_port(rdpSettings* settings)
368{
369 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectParallelPorts, FALSE))
370 return FALSE;
371 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectSerialPorts, FALSE))
372 return FALSE;
373 if (!remove_rdpdr_type(settings, RDPDR_DTYP_SERIAL))
374 return FALSE;
375 return remove_rdpdr_type(settings, RDPDR_DTYP_PARALLEL);
376}
377
378static BOOL disable_pnp(WINPR_ATTR_UNUSED rdpSettings* settings)
379{
380 // TODO(akallabeth): [MS-RDPEPNP] related stuff is disabled.
381 return TRUE;
382}
383
384static BOOL apply_gw_policy(rdpContext* context)
385{
386 WINPR_ASSERT(context);
387 return utils_reload_channels(context);
388}
389
390BOOL utils_apply_gateway_policy(wLog* log, rdpContext* context, UINT32 flags, const char* module)
391{
392 WINPR_ASSERT(log);
393 WINPR_ASSERT(context);
394
395 rdpSettings* settings = context->settings;
396 WINPR_ASSERT(settings);
397
398 if (flags & HTTP_TUNNEL_REDIR_ENABLE_ALL)
399 {
400 WLog_Print(log, WLOG_DEBUG, "[%s] policy allows all redirections", module);
401 }
402 else if (freerdp_settings_get_bool(settings, FreeRDP_GatewayIgnoreRedirectionPolicy))
403 {
404 char buffer[128] = { 0 };
405 WLog_Print(log, WLOG_INFO, "[%s] policy ignored on user request %s", module,
406 utils_redir_flags_to_string(flags, buffer, sizeof(buffer)));
407 }
408 else if (flags & HTTP_TUNNEL_REDIR_DISABLE_ALL)
409 {
410 WLog_Print(log, WLOG_INFO, "[%s] policy denies all redirections", module);
411 if (!disable_drive(settings))
412 return FALSE;
413 if (!disable_printers(settings))
414 return FALSE;
415 if (!disable_clipboard(settings))
416 return FALSE;
417 if (!disable_port(settings))
418 return FALSE;
419 if (!disable_pnp(settings))
420 return FALSE;
421 if (!apply_gw_policy(context))
422 return FALSE;
423 }
424 else
425 {
426 if (flags & HTTP_TUNNEL_REDIR_DISABLE_DRIVE)
427 {
428 WLog_Print(log, WLOG_INFO, "[%s] policy denies drive redirections", module);
429 if (!disable_drive(settings))
430 return FALSE;
431 }
432 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PRINTER)
433 {
434 WLog_Print(log, WLOG_INFO, "[%s] policy denies printer redirections", module);
435 if (!disable_printers(settings))
436 return FALSE;
437 }
438 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PORT)
439 {
440 WLog_Print(log, WLOG_INFO, "[%s] policy denies port redirections", module);
441 if (!disable_port(settings))
442 return FALSE;
443 }
444 if (flags & HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD)
445 {
446 WLog_Print(log, WLOG_INFO, "[%s] policy denies clipboard redirections", module);
447 if (!disable_clipboard(settings))
448 return FALSE;
449 }
450 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PNP)
451 {
452 WLog_Print(log, WLOG_INFO, "[%s] policy denies PNP redirections", module);
453 if (!disable_pnp(settings))
454 return FALSE;
455 }
456 if (flags != 0)
457 {
458 if (!apply_gw_policy(context))
459 return FALSE;
460 }
461 }
462 return TRUE;
463}
464
465char* utils_redir_flags_to_string(UINT32 flags, char* buffer, size_t size)
466{
467 winpr_str_append("{", buffer, size, "");
468 if (flags & HTTP_TUNNEL_REDIR_ENABLE_ALL)
469 winpr_str_append("ENABLE_ALL", buffer, size, "|");
470 if (flags & HTTP_TUNNEL_REDIR_DISABLE_ALL)
471 winpr_str_append("DISABLE_ALL", buffer, size, "|");
472 if (flags & HTTP_TUNNEL_REDIR_DISABLE_DRIVE)
473 winpr_str_append("DISABLE_DRIVE", buffer, size, "|");
474 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PRINTER)
475 winpr_str_append("DISABLE_PRINTER", buffer, size, "|");
476 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PORT)
477 winpr_str_append("DISABLE_PORT", buffer, size, "|");
478 if (flags & HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD)
479 winpr_str_append("DISABLE_CLIPBOARD", buffer, size, "|");
480 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PNP)
481 winpr_str_append("DISABLE_PNP", buffer, size, "|");
482
483 char fbuffer[16] = { 0 };
484 (void)_snprintf(fbuffer, sizeof(fbuffer), "[0x%08" PRIx32 "]", flags);
485
486 winpr_str_append(fbuffer, buffer, size, " ");
487 winpr_str_append("{", buffer, size, "}");
488 return buffer;
489}
490
491BOOL utils_reload_channels(rdpContext* context)
492{
493 WINPR_ASSERT(context);
494
495 freerdp_channels_disconnect(context->channels, context->instance);
496 freerdp_channels_close(context->channels, context->instance);
497 freerdp_channels_free(context->channels);
498 context->channels = freerdp_channels_new(context->instance);
499 WINPR_ASSERT(context->channels);
500 freerdp_channels_register_instance(context->channels, context->instance);
501
502 BOOL rc = TRUE;
503 IFCALLRET(context->instance->LoadChannels, rc, context->instance);
504 if (rc)
505 return freerdp_channels_pre_connect(context->channels, context->instance) == CHANNEL_RC_OK;
506 return rc;
507}
FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
FREERDP_API BOOL freerdp_settings_copy_item(rdpSettings *dst, const rdpSettings *src, SSIZE_T id)
copies one setting identified by id from src to dst
FREERDP_API BOOL freerdp_device_collection_del(rdpSettings *settings, const RDPDR_DEVICE *device)
Removed a device from the settings, returns ownership of the allocated device to caller.
FREERDP_API const char * freerdp_settings_get_name_for_key(SSIZE_T key)
Returns the type name for a key.
FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.
FREERDP_API BOOL freerdp_settings_set_bool(rdpSettings *settings, FreeRDP_Settings_Keys_Bool id, BOOL param)
Sets a BOOL settings value.