FreeRDP
Loading...
Searching...
No Matches
utils.c
1
21#include <freerdp/config.h>
22
23#include "settings.h"
24
25#include <winpr/assert.h>
26
27#include <freerdp/freerdp.h>
28#include <freerdp/channels/cliprdr.h>
29#include <freerdp/channels/rdpdr.h>
30
31#include <freerdp/log.h>
32#define TAG FREERDP_TAG("core.gateway.utils")
33
34#include "utils.h"
35
36#include "../core/rdp.h"
37
38BOOL utils_str_copy(const char* value, char** dst)
39{
40 WINPR_ASSERT(dst);
41
42 free(*dst);
43 *dst = nullptr;
44 if (!value)
45 return TRUE;
46
47 (*dst) = _strdup(value);
48 return (*dst) != nullptr;
49}
50
51static BOOL utils_copy_smartcard_settings(const rdpSettings* settings, rdpSettings* origSettings)
52{
53 /* update original settings with provided smart card settings */
54 origSettings->SmartcardLogon = settings->SmartcardLogon;
55 origSettings->PasswordIsSmartcardPin = settings->PasswordIsSmartcardPin;
56 if (!utils_str_copy(settings->ReaderName, &origSettings->ReaderName))
57 return FALSE;
58 if (!utils_str_copy(settings->CspName, &origSettings->CspName))
59 return FALSE;
60 if (!utils_str_copy(settings->ContainerName, &origSettings->ContainerName))
61 return FALSE;
62
63 return TRUE;
64}
65
66auth_status utils_authenticate_gateway(freerdp* instance, rdp_auth_reason reason)
67{
68 rdpSettings* settings = nullptr;
69 rdpSettings* origSettings = nullptr;
70 BOOL prompt = FALSE;
71 BOOL proceed = 0;
72
73 WINPR_ASSERT(instance);
74 WINPR_ASSERT(instance->context);
75 WINPR_ASSERT(instance->context->settings);
76 WINPR_ASSERT(instance->context->rdp);
77 WINPR_ASSERT(instance->context->rdp->originalSettings);
78
79 settings = instance->context->settings;
80 origSettings = instance->context->rdp->originalSettings;
81
82 if (freerdp_shall_disconnect_context(instance->context))
83 return AUTH_FAILED;
84
85 if (utils_str_is_empty(freerdp_settings_get_string(settings, FreeRDP_GatewayPassword)))
86 prompt = TRUE;
87 if (utils_str_is_empty(freerdp_settings_get_string(settings, FreeRDP_GatewayUsername)))
88 prompt = TRUE;
89
90 if (!prompt)
91 return AUTH_SKIP;
92
93 if (!instance->GatewayAuthenticate && !instance->AuthenticateEx)
94 return AUTH_NO_CREDENTIALS;
95
96 if (!instance->GatewayAuthenticate)
97 {
98 proceed =
99 instance->AuthenticateEx(instance, &settings->GatewayUsername,
100 &settings->GatewayPassword, &settings->GatewayDomain, reason);
101 if (!proceed)
102 return AUTH_CANCELLED;
103 }
104 else
105 {
106 proceed =
107 instance->GatewayAuthenticate(instance, &settings->GatewayUsername,
108 &settings->GatewayPassword, &settings->GatewayDomain);
109 if (!proceed)
110 return AUTH_CANCELLED;
111 }
112
113 if (utils_str_is_empty(settings->GatewayUsername) ||
114 utils_str_is_empty(settings->GatewayPassword))
115 return AUTH_NO_CREDENTIALS;
116
117 if (!utils_sync_credentials(settings, FALSE))
118 return AUTH_FAILED;
119
120 /* update original settings with provided user credentials */
121 if (!utils_str_copy(settings->GatewayUsername, &origSettings->GatewayUsername))
122 return AUTH_FAILED;
123 if (!utils_str_copy(settings->GatewayDomain, &origSettings->GatewayDomain))
124 return AUTH_FAILED;
125 if (!utils_str_copy(settings->GatewayPassword, &origSettings->GatewayPassword))
126 return AUTH_FAILED;
127 if (!utils_sync_credentials(origSettings, FALSE))
128 return AUTH_FAILED;
129
130 if (!utils_copy_smartcard_settings(settings, origSettings))
131 return AUTH_FAILED;
132
133 return AUTH_SUCCESS;
134}
135
136auth_status utils_authenticate(freerdp* instance, rdp_auth_reason reason, BOOL override)
137{
138 rdpSettings* settings = nullptr;
139 rdpSettings* origSettings = nullptr;
140 BOOL prompt = !override;
141 BOOL proceed = 0;
142
143 WINPR_ASSERT(instance);
144 WINPR_ASSERT(instance->context);
145 WINPR_ASSERT(instance->context->settings);
146 WINPR_ASSERT(instance->context->rdp);
147 WINPR_ASSERT(instance->context->rdp->originalSettings);
148
149 settings = instance->context->settings;
150 origSettings = instance->context->rdp->originalSettings;
151
152 if (freerdp_shall_disconnect_context(instance->context))
153 return AUTH_FAILED;
154
155 if (settings->ConnectChildSession)
156 return AUTH_NO_CREDENTIALS;
157
158 /* Ask for auth data if no or an empty username was specified or no password was given */
159 if (utils_str_is_empty(freerdp_settings_get_string(settings, FreeRDP_Username)) ||
160 (settings->Password == nullptr && settings->RedirectionPassword == nullptr))
161 prompt = TRUE;
162
163 if (!prompt)
164 return AUTH_SKIP;
165
166 switch (reason)
167 {
168 case AUTH_RDP:
169 case AUTH_TLS:
170 if (settings->SmartcardLogon)
171 {
172 if (!utils_str_is_empty(settings->Password))
173 {
174 WLog_INFO(TAG, "Authentication via smartcard");
175 return AUTH_SUCCESS;
176 }
177 reason = AUTH_SMARTCARD_PIN;
178 }
179 break;
180 case AUTH_NLA:
181 if (settings->SmartcardLogon)
182 reason = AUTH_SMARTCARD_PIN;
183 break;
184 case AUTH_RDSTLS:
185 default:
186 break;
187 }
188
189 /* If no callback is specified still continue connection */
190 if (!instance->Authenticate && !instance->AuthenticateEx)
191 return AUTH_NO_CREDENTIALS;
192
193 if (!instance->Authenticate)
194 {
195 proceed = instance->AuthenticateEx(instance, &settings->Username, &settings->Password,
196 &settings->Domain, reason);
197 if (!proceed)
198 return AUTH_CANCELLED;
199 }
200 else
201 {
202 proceed = instance->Authenticate(instance, &settings->Username, &settings->Password,
203 &settings->Domain);
204 if (!proceed)
205 return AUTH_NO_CREDENTIALS;
206 }
207
208 if (utils_str_is_empty(settings->Username) || utils_str_is_empty(settings->Password))
209 return AUTH_NO_CREDENTIALS;
210
211 if (!utils_sync_credentials(settings, TRUE))
212 return AUTH_FAILED;
213
214 /* update original settings with provided user credentials */
215 if (!utils_str_copy(settings->Username, &origSettings->Username))
216 return AUTH_FAILED;
217 if (!utils_str_copy(settings->Domain, &origSettings->Domain))
218 return AUTH_FAILED;
219 if (!utils_str_copy(settings->Password, &origSettings->Password))
220 return AUTH_FAILED;
221 if (!utils_sync_credentials(origSettings, TRUE))
222 return AUTH_FAILED;
223
224 if (!utils_copy_smartcard_settings(settings, origSettings))
225 return AUTH_FAILED;
226
227 return AUTH_SUCCESS;
228}
229
230BOOL utils_sync_credentials(rdpSettings* settings, BOOL toGateway)
231{
232 WINPR_ASSERT(settings);
233 if (!settings->GatewayUseSameCredentials)
234 return TRUE;
235
236 if (toGateway)
237 {
238 if (!utils_str_copy(settings->Username, &settings->GatewayUsername))
239 return FALSE;
240 if (!utils_str_copy(settings->Domain, &settings->GatewayDomain))
241 return FALSE;
242 if (!utils_str_copy(settings->Password, &settings->GatewayPassword))
243 return FALSE;
244 }
245 else
246 {
247 if (!utils_str_copy(settings->GatewayUsername, &settings->Username))
248 return FALSE;
249 if (!utils_str_copy(settings->GatewayDomain, &settings->Domain))
250 return FALSE;
251 if (!utils_str_copy(settings->GatewayPassword, &settings->Password))
252 return FALSE;
253 }
254 return TRUE;
255}
256
257BOOL utils_persist_credentials(rdpSettings* settings, const rdpSettings* current)
258{
259 if (!settings || !current)
260 return FALSE;
261
262 const SSIZE_T keys[] = { FreeRDP_GatewayUsername, FreeRDP_GatewayDomain,
263 FreeRDP_GatewayPassword, FreeRDP_Username,
264 FreeRDP_Domain, FreeRDP_Password };
265
266 for (size_t x = 0; x < ARRAYSIZE(keys); x++)
267 {
268 const SSIZE_T key = keys[x];
269 if (!freerdp_settings_copy_item(settings, current, key))
270 {
271 WLog_ERR(TAG, "Failed to copy %s from current to backup settings",
272 freerdp_settings_get_name_for_key(key));
273 return FALSE;
274 }
275 }
276
277 return TRUE;
278}
279
280BOOL utils_str_is_empty(const char* str)
281{
282 if (!str)
283 return TRUE;
284 if (*str == '\0')
285 return TRUE;
286 return FALSE;
287}
288
289BOOL utils_abort_connect(rdpRdp* rdp)
290{
291 if (!rdp)
292 return FALSE;
293
294 return SetEvent(rdp->abortEvent);
295}
296
297BOOL utils_reset_abort(rdpRdp* rdp)
298{
299 WINPR_ASSERT(rdp);
300
301 return ResetEvent(rdp->abortEvent);
302}
303
304HANDLE utils_get_abort_event(rdpRdp* rdp)
305{
306 WINPR_ASSERT(rdp);
307 return rdp->abortEvent;
308}
309
310BOOL utils_abort_event_is_set(const rdpRdp* rdp)
311{
312 DWORD status = 0;
313 WINPR_ASSERT(rdp);
314 status = WaitForSingleObject(rdp->abortEvent, 0);
315 return status == WAIT_OBJECT_0;
316}
317
318const char* utils_is_vsock(const char* hostname)
319{
320 if (!hostname)
321 return nullptr;
322
323 const char vsock[8] = { 'v', 's', 'o', 'c', 'k', ':', '/', '/' };
324 if (strncmp(hostname, vsock, sizeof(vsock)) == 0)
325 return &hostname[sizeof(vsock)];
326 return nullptr;
327}
328
329static BOOL remove_rdpdr_type(rdpSettings* settings, UINT32 type)
330{
331 BOOL rc = TRUE;
332 RDPDR_DEVICE* printer = nullptr;
333 do
334 {
335 printer = freerdp_device_collection_find_type(settings, type);
336 if (printer)
337 {
338 if (!freerdp_device_collection_del(settings, printer))
339 rc = FALSE;
340 }
341 freerdp_device_free(printer);
342 } while (printer);
343 return rc;
344}
345
346static BOOL disable_clipboard(rdpSettings* settings)
347{
348 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectClipboard, FALSE))
349 return FALSE;
350 freerdp_static_channel_collection_del(settings, CLIPRDR_SVC_CHANNEL_NAME);
351 return TRUE;
352}
353
354static BOOL disable_drive(rdpSettings* settings)
355{
356 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectDrives, FALSE))
357 return FALSE;
358 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectHomeDrive, FALSE))
359 return FALSE;
360
361 return remove_rdpdr_type(settings, RDPDR_DTYP_FILESYSTEM);
362}
363
364static BOOL disable_printers(rdpSettings* settings)
365{
366 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectPrinters, FALSE))
367 return FALSE;
368
369 return remove_rdpdr_type(settings, RDPDR_DTYP_PRINT);
370}
371
372static BOOL disable_port(rdpSettings* settings)
373{
374 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectParallelPorts, FALSE))
375 return FALSE;
376 if (!freerdp_settings_set_bool(settings, FreeRDP_RedirectSerialPorts, FALSE))
377 return FALSE;
378 if (!remove_rdpdr_type(settings, RDPDR_DTYP_SERIAL))
379 return FALSE;
380 return remove_rdpdr_type(settings, RDPDR_DTYP_PARALLEL);
381}
382
383static BOOL disable_pnp(WINPR_ATTR_UNUSED rdpSettings* settings)
384{
385 // TODO(akallabeth): [MS-RDPEPNP] related stuff is disabled.
386 return TRUE;
387}
388
389static BOOL apply_gw_policy(rdpContext* context)
390{
391 WINPR_ASSERT(context);
392 return utils_reload_channels(context);
393}
394
395BOOL utils_apply_gateway_policy(wLog* log, rdpContext* context, UINT32 flags, const char* module)
396{
397 WINPR_ASSERT(log);
398 WINPR_ASSERT(context);
399
400 rdpSettings* settings = context->settings;
401 WINPR_ASSERT(settings);
402
403 if (flags & HTTP_TUNNEL_REDIR_ENABLE_ALL)
404 {
405 WLog_Print(log, WLOG_DEBUG, "[%s] policy allows all redirections", module);
406 }
407 else if (freerdp_settings_get_bool(settings, FreeRDP_GatewayIgnoreRedirectionPolicy))
408 {
409 char buffer[128] = WINPR_C_ARRAY_INIT;
410 WLog_Print(log, WLOG_INFO, "[%s] policy ignored on user request %s", module,
411 utils_redir_flags_to_string(flags, buffer, sizeof(buffer)));
412 }
413 else if (flags & HTTP_TUNNEL_REDIR_DISABLE_ALL)
414 {
415 WLog_Print(log, WLOG_INFO, "[%s] policy denies all redirections", module);
416 if (!disable_drive(settings))
417 return FALSE;
418 if (!disable_printers(settings))
419 return FALSE;
420 if (!disable_clipboard(settings))
421 return FALSE;
422 if (!disable_port(settings))
423 return FALSE;
424 if (!disable_pnp(settings))
425 return FALSE;
426 if (!apply_gw_policy(context))
427 return FALSE;
428 }
429 else
430 {
431 if (flags & HTTP_TUNNEL_REDIR_DISABLE_DRIVE)
432 {
433 WLog_Print(log, WLOG_INFO, "[%s] policy denies drive redirections", module);
434 if (!disable_drive(settings))
435 return FALSE;
436 }
437 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PRINTER)
438 {
439 WLog_Print(log, WLOG_INFO, "[%s] policy denies printer redirections", module);
440 if (!disable_printers(settings))
441 return FALSE;
442 }
443 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PORT)
444 {
445 WLog_Print(log, WLOG_INFO, "[%s] policy denies port redirections", module);
446 if (!disable_port(settings))
447 return FALSE;
448 }
449 if (flags & HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD)
450 {
451 WLog_Print(log, WLOG_INFO, "[%s] policy denies clipboard redirections", module);
452 if (!disable_clipboard(settings))
453 return FALSE;
454 }
455 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PNP)
456 {
457 WLog_Print(log, WLOG_INFO, "[%s] policy denies PNP redirections", module);
458 if (!disable_pnp(settings))
459 return FALSE;
460 }
461 if (flags != 0)
462 {
463 if (!apply_gw_policy(context))
464 return FALSE;
465 }
466 }
467 return TRUE;
468}
469
470char* utils_redir_flags_to_string(UINT32 flags, char* buffer, size_t size)
471{
472 winpr_str_append("{", buffer, size, "");
473 if (flags & HTTP_TUNNEL_REDIR_ENABLE_ALL)
474 winpr_str_append("ENABLE_ALL", buffer, size, "|");
475 if (flags & HTTP_TUNNEL_REDIR_DISABLE_ALL)
476 winpr_str_append("DISABLE_ALL", buffer, size, "|");
477 if (flags & HTTP_TUNNEL_REDIR_DISABLE_DRIVE)
478 winpr_str_append("DISABLE_DRIVE", buffer, size, "|");
479 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PRINTER)
480 winpr_str_append("DISABLE_PRINTER", buffer, size, "|");
481 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PORT)
482 winpr_str_append("DISABLE_PORT", buffer, size, "|");
483 if (flags & HTTP_TUNNEL_REDIR_DISABLE_CLIPBOARD)
484 winpr_str_append("DISABLE_CLIPBOARD", buffer, size, "|");
485 if (flags & HTTP_TUNNEL_REDIR_DISABLE_PNP)
486 winpr_str_append("DISABLE_PNP", buffer, size, "|");
487
488 char fbuffer[16] = WINPR_C_ARRAY_INIT;
489 (void)_snprintf(fbuffer, sizeof(fbuffer), "[0x%08" PRIx32 "]", flags);
490
491 winpr_str_append(fbuffer, buffer, size, " ");
492 winpr_str_append("{", buffer, size, "}");
493 return buffer;
494}
495
496BOOL utils_reload_channels(rdpContext* context)
497{
498 WINPR_ASSERT(context);
499
500 freerdp_channels_disconnect(context->channels, context->instance);
501 freerdp_channels_close(context->channels, context->instance);
502 freerdp_channels_free(context->channels);
503 context->channels = freerdp_channels_new(context->instance);
504 WINPR_ASSERT(context->channels);
505 freerdp_channels_register_instance(context->channels, context->instance);
506
507 BOOL rc = TRUE;
508 IFCALLRET(context->instance->LoadChannels, rc, context->instance);
509 if (rc)
510 return freerdp_channels_pre_connect(context->channels, context->instance) == CHANNEL_RC_OK;
511 return rc;
512}
freerdp_settings_set_bool
FREERDP_API BOOL freerdp_settings_set_bool(rdpSettings *settings, FreeRDP_Settings_Keys_Bool id, BOOL val)
Sets a BOOL settings value.
freerdp_settings_get_string
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.
freerdp_settings_copy_item
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_copy_item(rdpSettings *dst, const rdpSettings *src, SSIZE_T id)
copies one setting identified by id from src to dst
Definition settings_str.c:432
freerdp_device_collection_del
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_device_collection_del(rdpSettings *settings, const RDPDR_DEVICE *device)
Removed a device from the settings, returns ownership of the allocated device to caller.
Definition common/settings.c:240
freerdp_settings_get_bool
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
freerdp_settings_get_name_for_key
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_name_for_key(SSIZE_T key)
Returns the type name for a key.
Definition settings_str.c:421
RDPDR_DEVICE
Definition settings_types.h:452