|
Packit Service |
fa4841 |
/**
|
|
Packit Service |
fa4841 |
* FreeRDP: A Remote Desktop Protocol Implementation
|
|
Packit Service |
fa4841 |
* RPC over HTTP (ncacn_http)
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
Packit Service |
fa4841 |
* you may not use this file except in compliance with the License.
|
|
Packit Service |
fa4841 |
* You may obtain a copy of the License at
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit Service |
fa4841 |
*
|
|
Packit Service |
fa4841 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit Service |
fa4841 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit Service |
fa4841 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit Service |
fa4841 |
* See the License for the specific language governing permissions and
|
|
Packit Service |
fa4841 |
* limitations under the License.
|
|
Packit Service |
fa4841 |
*/
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#ifdef HAVE_CONFIG_H
|
|
Packit Service |
fa4841 |
#include "config.h"
|
|
Packit Service |
fa4841 |
#endif
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#include "ncacn_http.h"
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#include <winpr/crt.h>
|
|
Packit Service |
fa4841 |
#include <winpr/tchar.h>
|
|
Packit Service |
fa4841 |
#include <winpr/stream.h>
|
|
Packit Service |
fa4841 |
#include <winpr/dsparse.h>
|
|
Packit Service |
fa4841 |
#include <winpr/winhttp.h>
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
#define TAG FREERDP_TAG("core.gateway.ntlm")
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
static wStream* rpc_ntlm_http_request(HttpContext* http, const char* method, int contentLength,
|
|
Packit Service |
b1ea74 |
const SecBuffer* ntlmToken)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
wStream* s = NULL;
|
|
Packit Service |
fa4841 |
HttpRequest* request = NULL;
|
|
Packit Service |
fa4841 |
char* base64NtlmToken = NULL;
|
|
Packit Service |
fa4841 |
const char* uri;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!http || !method || !ntlmToken)
|
|
Packit Service |
fa4841 |
goto fail;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
request = http_request_new();
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!request)
|
|
Packit Service |
fa4841 |
goto fail;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (ntlmToken)
|
|
Packit Service |
fa4841 |
base64NtlmToken = crypto_base64_encode(ntlmToken->pvBuffer, ntlmToken->cbBuffer);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
uri = http_context_get_uri(http);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!http_request_set_method(request, method) ||
|
|
Packit Service |
fa4841 |
!http_request_set_content_length(request, contentLength) ||
|
|
Packit Service |
fa4841 |
!http_request_set_uri(request, uri))
|
|
Packit Service |
fa4841 |
goto fail;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (base64NtlmToken)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
if (!http_request_set_auth_scheme(request, "NTLM") ||
|
|
Packit Service |
fa4841 |
!http_request_set_auth_param(request, base64NtlmToken))
|
|
Packit Service |
fa4841 |
goto fail;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
s = http_request_write(http, request);
|
|
Packit Service |
fa4841 |
fail:
|
|
Packit Service |
fa4841 |
http_request_free(request);
|
|
Packit Service |
fa4841 |
free(base64NtlmToken);
|
|
Packit Service |
fa4841 |
return s;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
BOOL rpc_ncacn_http_send_in_channel_request(RpcChannel* inChannel)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
wStream* s;
|
|
Packit Service |
fa4841 |
int status;
|
|
Packit Service |
fa4841 |
int contentLength;
|
|
Packit Service |
fa4841 |
BOOL continueNeeded = FALSE;
|
|
Packit Service |
fa4841 |
rdpNtlm* ntlm;
|
|
Packit Service |
fa4841 |
HttpContext* http;
|
|
Packit Service |
fa4841 |
const SecBuffer* buffer;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!inChannel || !inChannel->ntlm || !inChannel->http)
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
ntlm = inChannel->ntlm;
|
|
Packit Service |
fa4841 |
http = inChannel->http;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!ntlm_authenticate(ntlm, &continueNeeded))
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
contentLength = (continueNeeded) ? 0 : 0x40000000;
|
|
Packit Service |
fa4841 |
buffer = ntlm_client_get_output_buffer(ntlm);
|
|
Packit Service |
fa4841 |
s = rpc_ntlm_http_request(http, "RPC_IN_DATA", contentLength, buffer);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!s)
|
|
Packit Service |
fa4841 |
return -1;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
status = rpc_channel_write(inChannel, Stream_Buffer(s), Stream_Length(s));
|
|
Packit Service |
fa4841 |
Stream_Free(s, TRUE);
|
|
Packit Service |
fa4841 |
return (status > 0) ? 1 : -1;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
BOOL rpc_ncacn_http_recv_in_channel_response(RpcChannel* inChannel, HttpResponse* response)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
const char* token64 = NULL;
|
|
Packit Service |
fa4841 |
int ntlmTokenLength = 0;
|
|
Packit Service |
fa4841 |
BYTE* ntlmTokenData = NULL;
|
|
Packit Service |
fa4841 |
rdpNtlm* ntlm;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!inChannel || !response || !inChannel->ntlm)
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
ntlm = inChannel->ntlm;
|
|
Packit Service |
fa4841 |
token64 = http_response_get_auth_token(response, "NTLM");
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (token64)
|
|
Packit Service |
fa4841 |
crypto_base64_decode(token64, strlen(token64), &ntlmTokenData, &ntlmTokenLength);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (ntlmTokenData && ntlmTokenLength)
|
|
Packit Service |
fa4841 |
return ntlm_client_set_input_buffer(ntlm, FALSE, ntlmTokenData, ntlmTokenLength);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
BOOL rpc_ncacn_http_ntlm_init(rdpContext* context, RpcChannel* channel)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
rdpTls* tls;
|
|
Packit Service |
fa4841 |
rdpNtlm* ntlm;
|
|
Packit Service |
fa4841 |
rdpSettings* settings;
|
|
Packit Service |
fa4841 |
freerdp* instance;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!context || !channel)
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
tls = channel->tls;
|
|
Packit Service |
fa4841 |
ntlm = channel->ntlm;
|
|
Packit Service |
fa4841 |
settings = context->settings;
|
|
Packit Service |
fa4841 |
instance = context->instance;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!tls || !ntlm || !instance || !settings)
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!settings->GatewayPassword || !settings->GatewayUsername ||
|
|
Packit Service |
fa4841 |
!strlen(settings->GatewayPassword) || !strlen(settings->GatewayUsername))
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
b1ea74 |
if (freerdp_shall_disconnect(instance))
|
|
Packit Service |
b1ea74 |
return FALSE;
|
|
Packit Service |
b1ea74 |
|
|
Packit Service |
b1ea74 |
if (!instance->GatewayAuthenticate)
|
|
Packit Service |
b1ea74 |
{
|
|
Packit Service |
b1ea74 |
freerdp_set_last_error_log(context, FREERDP_ERROR_CONNECT_NO_OR_MISSING_CREDENTIALS);
|
|
Packit Service |
b1ea74 |
return TRUE;
|
|
Packit Service |
b1ea74 |
}
|
|
Packit Service |
b1ea74 |
else
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
b1ea74 |
BOOL proceed =
|
|
Packit Service |
b1ea74 |
instance->GatewayAuthenticate(instance, &settings->GatewayUsername,
|
|
Packit Service |
b1ea74 |
&settings->GatewayPassword, &settings->GatewayDomain);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!proceed)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
b1ea74 |
freerdp_set_last_error_log(context,
|
|
Packit Service |
b1ea74 |
FREERDP_ERROR_CONNECT_NO_OR_MISSING_CREDENTIALS);
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (settings->GatewayUseSameCredentials)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
if (settings->GatewayUsername)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
free(settings->Username);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!(settings->Username = _strdup(settings->GatewayUsername)))
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (settings->GatewayDomain)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
free(settings->Domain);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!(settings->Domain = _strdup(settings->GatewayDomain)))
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (settings->GatewayPassword)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
free(settings->Password);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!(settings->Password = _strdup(settings->GatewayPassword)))
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
if (!ntlm_client_init(ntlm, TRUE, settings->GatewayUsername, settings->GatewayDomain,
|
|
Packit Service |
b1ea74 |
settings->GatewayPassword, tls->Bindings))
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!ntlm_client_make_spn(ntlm, _T("HTTP"), settings->GatewayHostname))
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
void rpc_ncacn_http_ntlm_uninit(RpcChannel* channel)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
if (!channel)
|
|
Packit Service |
fa4841 |
return;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
ntlm_free(channel->ntlm);
|
|
Packit Service |
fa4841 |
channel->ntlm = NULL;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
BOOL rpc_ncacn_http_send_out_channel_request(RpcChannel* outChannel, BOOL replacement)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
BOOL rc = TRUE;
|
|
Packit Service |
fa4841 |
wStream* s;
|
|
Packit Service |
fa4841 |
int contentLength;
|
|
Packit Service |
fa4841 |
BOOL continueNeeded = FALSE;
|
|
Packit Service |
fa4841 |
rdpNtlm* ntlm;
|
|
Packit Service |
fa4841 |
HttpContext* http;
|
|
Packit Service |
fa4841 |
const SecBuffer* buffer;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!outChannel || !outChannel->ntlm || !outChannel->http)
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
ntlm = outChannel->ntlm;
|
|
Packit Service |
fa4841 |
http = outChannel->http;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!ntlm_authenticate(ntlm, &continueNeeded))
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!replacement)
|
|
Packit Service |
fa4841 |
contentLength = (continueNeeded) ? 0 : 76;
|
|
Packit Service |
fa4841 |
else
|
|
Packit Service |
fa4841 |
contentLength = (continueNeeded) ? 0 : 120;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
buffer = ntlm_client_get_output_buffer(ntlm);
|
|
Packit Service |
fa4841 |
s = rpc_ntlm_http_request(http, "RPC_OUT_DATA", contentLength, buffer);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!s)
|
|
Packit Service |
fa4841 |
return -1;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (rpc_channel_write(outChannel, Stream_Buffer(s), Stream_Length(s)) < 0)
|
|
Packit Service |
fa4841 |
rc = FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
Stream_Free(s, TRUE);
|
|
Packit Service |
fa4841 |
return rc;
|
|
Packit Service |
fa4841 |
}
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
b1ea74 |
BOOL rpc_ncacn_http_recv_out_channel_response(RpcChannel* outChannel, HttpResponse* response)
|
|
Packit Service |
fa4841 |
{
|
|
Packit Service |
fa4841 |
const char* token64 = NULL;
|
|
Packit Service |
fa4841 |
int ntlmTokenLength = 0;
|
|
Packit Service |
fa4841 |
BYTE* ntlmTokenData = NULL;
|
|
Packit Service |
fa4841 |
rdpNtlm* ntlm;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (!outChannel || !response || !outChannel->ntlm)
|
|
Packit Service |
fa4841 |
return FALSE;
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
ntlm = outChannel->ntlm;
|
|
Packit Service |
fa4841 |
token64 = http_response_get_auth_token(response, "NTLM");
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (token64)
|
|
Packit Service |
fa4841 |
crypto_base64_decode(token64, strlen(token64), &ntlmTokenData, &ntlmTokenLength);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
if (ntlmTokenData && ntlmTokenLength)
|
|
Packit Service |
fa4841 |
return ntlm_client_set_input_buffer(ntlm, FALSE, ntlmTokenData, ntlmTokenLength);
|
|
Packit Service |
fa4841 |
|
|
Packit Service |
fa4841 |
return TRUE;
|
|
Packit Service |
fa4841 |
}
|