Blob Blame History Raw
/**
 * FreeRDP: A Remote Desktop Protocol Implementation
 * Remote Assistance
 *
 * Copyright 2014 Marc-Andre Moreau <marcandre.moreau@gmail.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <errno.h>

#include <winpr/wtypes.h>
#include <winpr/crt.h>
#include <winpr/crypto.h>
#include <winpr/print.h>
#include <winpr/windows.h>
#include <winpr/ssl.h>

#include <freerdp/log.h>
#include <freerdp/client/file.h>
#include <freerdp/client/cmdline.h>

#include <freerdp/assistance.h>

#define TAG FREERDP_TAG("common")

struct rdp_assistance_file
{
	UINT32 Type;

	char* Username;
	char* LHTicket;
	char* RCTicket;
	char* PassStub;
	UINT32 DtStart;
	UINT32 DtLength;
	BOOL LowSpeed;
	BOOL RCTicketEncrypted;

	char* ConnectionString1;
	char* ConnectionString2;

	BYTE* EncryptedPassStub;
	size_t EncryptedPassStubLength;

	BYTE* EncryptedLHTicket;
	size_t EncryptedLHTicketLength;

	UINT32 MachineCount;
	char** MachineAddresses;
	UINT32* MachinePorts;

	char* RASessionId;
	char* RASpecificParams;

	char* filename;
	char* password;
};

/**
 * Password encryption in establishing a remote assistance session of type 1:
 * http://blogs.msdn.com/b/openspecification/archive/2011/10/31/password-encryption-in-establishing-a-remote-assistance-session-of-type-1.aspx
 *
 * Creation of PassStub for the Remote Assistance Ticket:
 * http://social.msdn.microsoft.com/Forums/en-US/6316c3f4-ea09-4343-a4a1-9cca46d70d28/creation-of-passstub-for-the-remote-assistance-ticket?forum=os_windowsprotocols
 */

/**
 * CryptDeriveKey Function:
 * http://msdn.microsoft.com/en-us/library/windows/desktop/aa379916/
 *
 * Let n be the required derived key length, in bytes.
 * The derived key is the first n bytes of the hash value after the hash computation
 * has been completed by CryptDeriveKey. If the hash is not a member of the SHA-2
 * family and the required key is for either 3DES or AES, the key is derived as follows:
 *
 * Form a 64-byte buffer by repeating the constant 0x36 64 times.
 * Let k be the length of the hash value that is represented by the input parameter hBaseData.
 * Set the first k bytes of the buffer to the result of an XOR operation of the first k bytes
 * of the buffer with the hash value that is represented by the input parameter hBaseData.
 *
 * Form a 64-byte buffer by repeating the constant 0x5C 64 times.
 * Set the first k bytes of the buffer to the result of an XOR operation of the first k bytes
 * of the buffer with the hash value that is represented by the input parameter hBaseData.
 *
 * Hash the result of step 1 by using the same hash algorithm as that used to compute the hash
 * value that is represented by the hBaseData parameter.
 *
 * Hash the result of step 2 by using the same hash algorithm as that used to compute the hash
 * value that is represented by the hBaseData parameter.
 *
 * Concatenate the result of step 3 with the result of step 4.
 * Use the first n bytes of the result of step 5 as the derived key.
 */

static BOOL freerdp_assistance_crypt_derive_key_sha1(BYTE* hash, size_t hashLength, BYTE* key,
                                                     size_t keyLength)
{
	BOOL rc = FALSE;
	size_t i;
	BYTE* buffer;
	BYTE pad1[64];
	BYTE pad2[64];
	memset(pad1, 0x36, 64);
	memset(pad2, 0x5C, 64);

	for (i = 0; i < hashLength; i++)
	{
		pad1[i] ^= hash[i];
		pad2[i] ^= hash[i];
	}

	buffer = (BYTE*)calloc(hashLength, 2);

	if (!buffer)
		goto fail;

	if (!winpr_Digest(WINPR_MD_SHA1, pad1, 64, buffer, hashLength))
		goto fail;

	if (!winpr_Digest(WINPR_MD_SHA1, pad2, 64, &buffer[hashLength], hashLength))
		goto fail;

	CopyMemory(key, buffer, keyLength);
	rc = TRUE;
fail:
	free(buffer);
	return rc;
}

static BOOL reallocate(rdpAssistanceFile* file, const char* host, UINT32 port)
{
	void *tmp1, *tmp2;
	file->MachineCount++;
	tmp1 = realloc(file->MachinePorts, sizeof(UINT32) * file->MachineCount);
	tmp2 = realloc(file->MachineAddresses, sizeof(char*) * file->MachineCount);

	if (!tmp1 || !tmp2)
	{
		free(tmp1);
		free(tmp2);
		return FALSE;
	}

	file->MachinePorts = tmp1;
	file->MachineAddresses = tmp2;
	file->MachinePorts[file->MachineCount - 1] = port;
	file->MachineAddresses[file->MachineCount - 1] = _strdup(host);
	return TRUE;
}

static BOOL append_address(rdpAssistanceFile* file, const char* host, const char* port)
{
	unsigned long p;
	errno = 0;
	p = strtoul(port, NULL, 0);

	if ((errno != 0) || (p == 0) || (p > UINT16_MAX))
	{
		WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid port value %s",
		         port);
		return FALSE;
	}

	return reallocate(file, host, (UINT16)p);
}

static BOOL freerdp_assistance_parse_address_list(rdpAssistanceFile* file, char* list)
{
	BOOL rc = FALSE;
	char* p;

	if (!file || !list)
		return FALSE;

	p = list;

	while ((p = strchr(p, ';')) != NULL)
	{
		char* q = strchr(p, ':');

		if (!q)
			goto out;

		*q = '\0';
		q++;

		if (!append_address(file, p, q))
			goto out;

		p = q;
	}

	rc = TRUE;
out:
	return rc;
}

static BOOL freerdp_assistance_parse_connection_string1(rdpAssistanceFile* file)
{
	size_t i;
	char* str;
	int count;
	size_t length;
	char* tokens[8];
	BOOL rc = FALSE;

	if (!file || !file->RCTicket)
		return FALSE;

	/**
	 * <ProtocolVersion>,<protocolType>,<machineAddressList>,<assistantAccountPwd>,
	 * <RASessionID>,<RASessionName>,<RASessionPwd>,<protocolSpecificParms>
	 */
	count = 1;
	str = _strdup(file->RCTicket);

	if (!str)
		goto error;

	length = strlen(str);

	for (i = 0; i < length; i++)
	{
		if (str[i] == ',')
			count++;
	}

	if (count != 8)
		goto error;

	count = 0;
	tokens[count++] = str;

	for (i = 0; i < length; i++)
	{
		if (str[i] == ',')
		{
			str[i] = '\0';
			tokens[count++] = &str[i + 1];
		}
	}

	if (strcmp(tokens[0], "65538") != 0)
		goto error;

	if (strcmp(tokens[1], "1") != 0)
		goto error;

	if (strcmp(tokens[3], "*") != 0)
		goto error;

	if (strcmp(tokens[5], "*") != 0)
		goto error;

	if (strcmp(tokens[6], "*") != 0)
		goto error;

	file->RASessionId = _strdup(tokens[4]);

	if (!file->RASessionId)
		goto error;

	file->RASpecificParams = _strdup(tokens[7]);

	if (!file->RASpecificParams)
		goto error;

	if (!freerdp_assistance_parse_address_list(file, tokens[2]))
		goto error;

	rc = TRUE;
error:
	free(str);
	return rc;
}

/**
 * Decrypted Connection String 2:
 *
 * <E>
 * <A KH="BNRjdu97DyczQSRuMRrDWoue+HA="
 * ID="+ULZ6ifjoCa6cGPMLQiGHRPwkg6VyJqGwxMnO6GcelwUh9a6/FBq3It5ADSndmLL"/> <C> <T ID="1" SID="0"> <L
 * P="49228" N="fe80::1032:53d9:5a01:909b%3"/> <L P="49229" N="fe80::3d8f:9b2d:6b4e:6aa%6"/> <L
 * P="49230" N="192.168.1.200"/> <L P="49231" N="169.254.6.170"/>
 * </T>
 * </C>
 * </E>
 */

static BOOL freerdp_assistance_parse_connection_string2(rdpAssistanceFile* file)
{
	char* str;
	char* tag;
	char* end;
	char* p;
	BOOL rc = FALSE;

	if (!file || !file->ConnectionString2)
		return FALSE;

	str = file->ConnectionString2;

	if (!strstr(str, "<E>"))
	{
		WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 missing field <E>");
		return FALSE;
	}

	if (!strstr(str, "<C>"))
	{
		WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 missing field <C>");
		return FALSE;
	}

	str = _strdup(file->ConnectionString2);

	if (!str)
		goto out_fail;

	if (!(tag = strstr(str, "<A")))
	{
		WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 missing field <A");
		goto out_fail;
	}

	/* Parse Auth String Node (<A>) */
	end = strstr(tag, "/>");

	if (!end)
		goto out_fail;

	*end = '\0';
	p = strstr(tag, "KH=\"");

	if (p)
	{
		char* q;
		size_t length;
		p += sizeof("KH=\"") - 1;
		q = strchr(p, '"');

		if (!q)
		{
			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid field KH=%s",
			         q);
			goto out_fail;
		}

		length = q - p;
		free(file->RASpecificParams);
		file->RASpecificParams = (char*)malloc(length + 1);

		if (!file->RASpecificParams)
			goto out_fail;

		CopyMemory(file->RASpecificParams, p, length);
		file->RASpecificParams[length] = '\0';
	}

	p = strstr(tag, "ID=\"");

	if (p)
	{
		char* q;
		size_t length;
		p += sizeof("ID=\"") - 1;
		q = strchr(p, '"');

		if (!q)
		{
			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid field ID=%s",
			         q);
			goto out_fail;
		}

		length = q - p;
		free(file->RASessionId);
		file->RASessionId = (char*)malloc(length + 1);

		if (!file->RASessionId)
			goto out_fail;

		CopyMemory(file->RASessionId, p, length);
		file->RASessionId[length] = '\0';
	}

	*end = '/';
	/* Parse <L  last address is used */
	p = strstr(str, "<L P=\"");

	while (p)
	{
		char* port;
		char* q;
		size_t length;
		p += sizeof("<L P=\"") - 1;
		q = strchr(p, '"');

		if (!q)
		{
			WLog_ERR(TAG,
			         "Failed to parse ASSISTANCE file: ConnectionString2 invalid field <L P=%s", q);
			goto out_fail;
		}

		q[0] = '\0';
		q++;
		port = p;
		p = strstr(q, " N=\"");

		if (!p)
		{
			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid field N=%s",
			         p);
			goto out_fail;
		}

		p += sizeof(" N=\"") - 1;
		q = strchr(p, '"');

		if (!q)
		{
			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: ConnectionString2 invalid field N=%s",
			         q);
			goto out_fail;
		}

		q[0] = '\0';
		q++;
		length = strlen(p);

		if (length > 8)
		{
			if (!append_address(file, p, port))
				goto out_fail;
		}

		p = strstr(q, "<L P=\"");
	}

	rc = TRUE;
out_fail:
	free(str);
	return rc;
}

char* freerdp_assistance_construct_expert_blob(const char* name, const char* pass)
{
	size_t size;
	size_t nameLength;
	size_t passLength;
	char* ExpertBlob = NULL;

	if (!name || !pass)
		return NULL;

	nameLength = strlen(name) + strlen("NAME=");
	passLength = strlen(pass) + strlen("PASS=");
	size = nameLength + passLength + 64;
	ExpertBlob = (char*)calloc(1, size);

	if (!ExpertBlob)
		return NULL;

	sprintf_s(ExpertBlob, size, "%" PRIdz ";NAME=%s%" PRIdz ";PASS=%s", nameLength, name,
	          passLength, pass);
	return ExpertBlob;
}

char* freerdp_assistance_generate_pass_stub(DWORD flags)
{
	UINT32 nums[14];
	char* passStub = NULL;
	char set1[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789*_";
	char set2[12] = "!@#$&^*()-+=";
	char set3[10] = "0123456789";
	char set4[26] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
	char set5[26] = "abcdefghijklmnopqrstuvwxyz";
	passStub = (char*)malloc(15);

	if (!passStub)
		return NULL;

	/**
	 * PassStub generation:
	 *
	 * Characters 0 and 5-13 are from the set A-Z a-z 0-9 * _
	 * Character 1 is from the set !@#$&^*()-+=
	 * Character 2 is from the set 0-9
	 * Character 3 is from the set A-Z
	 * Character 4 is from the set a-z
	 *
	 * Example: WB^6HsrIaFmEpi
	 */
	winpr_RAND((BYTE*)nums, sizeof(nums));
	passStub[0] = set1[nums[0] % sizeof(set1)];   /* character 0 */
	passStub[1] = set2[nums[1] % sizeof(set2)];   /* character 1 */
	passStub[2] = set3[nums[2] % sizeof(set3)];   /* character 2 */
	passStub[3] = set4[nums[3] % sizeof(set4)];   /* character 3 */
	passStub[4] = set5[nums[4] % sizeof(set5)];   /* character 4 */
	passStub[5] = set1[nums[5] % sizeof(set1)];   /* character 5 */
	passStub[6] = set1[nums[6] % sizeof(set1)];   /* character 6 */
	passStub[7] = set1[nums[7] % sizeof(set1)];   /* character 7 */
	passStub[8] = set1[nums[8] % sizeof(set1)];   /* character 8 */
	passStub[9] = set1[nums[9] % sizeof(set1)];   /* character 9 */
	passStub[10] = set1[nums[10] % sizeof(set1)]; /* character 10 */
	passStub[11] = set1[nums[11] % sizeof(set1)]; /* character 11 */
	passStub[12] = set1[nums[12] % sizeof(set1)]; /* character 12 */
	passStub[13] = set1[nums[13] % sizeof(set1)]; /* character 13 */
	passStub[14] = '\0';
	return passStub;
}

BYTE* freerdp_assistance_encrypt_pass_stub(const char* password, const char* passStub,
                                           size_t* pEncryptedSize)
{
	BOOL rc;
	int status;
	size_t cbPasswordW;
	size_t cbPassStubW;
	size_t EncryptedSize;
	BYTE PasswordHash[WINPR_MD5_DIGEST_LENGTH];
	WINPR_CIPHER_CTX* rc4Ctx = NULL;
	BYTE* pbIn = NULL;
	BYTE* pbOut = NULL;
	size_t cbOut, cbIn, cbFinal;
	WCHAR* PasswordW = NULL;
	WCHAR* PassStubW = NULL;
	status = ConvertToUnicode(CP_UTF8, 0, password, -1, &PasswordW, 0);

	if (status <= 0)
		return NULL;

	cbPasswordW = (size_t)(status - 1) * 2UL;

	if (!winpr_Digest(WINPR_MD_MD5, (BYTE*)PasswordW, cbPasswordW, (BYTE*)PasswordHash,
	                  sizeof(PasswordHash)))
		goto fail;

	status = ConvertToUnicode(CP_UTF8, 0, passStub, -1, &PassStubW, 0);

	if (status <= 0)
		goto fail;

	cbPassStubW = (size_t)(status - 1) * 2UL;
	EncryptedSize = cbPassStubW + 4;
	pbIn = (BYTE*)calloc(1, EncryptedSize);
	pbOut = (BYTE*)calloc(1, EncryptedSize);

	if (!pbIn || !pbOut)
		goto fail;

	*((UINT32*)pbIn) = (UINT32)cbPassStubW;
	CopyMemory(&pbIn[4], PassStubW, cbPassStubW);
	rc4Ctx = winpr_Cipher_New(WINPR_CIPHER_ARC4_128, WINPR_ENCRYPT, PasswordHash, NULL);

	if (!rc4Ctx)
	{
		WLog_ERR(TAG, "winpr_Cipher_New failure");
		goto fail;
	}

	cbOut = cbFinal = 0;
	cbIn = EncryptedSize;
	rc = winpr_Cipher_Update(rc4Ctx, pbIn, cbIn, pbOut, &cbOut);

	if (!rc)
	{
		WLog_ERR(TAG, "winpr_Cipher_Update failure");
		goto fail;
	}

	if (!winpr_Cipher_Final(rc4Ctx, pbOut + cbOut, &cbFinal))
	{
		WLog_ERR(TAG, "winpr_Cipher_Final failure");
		goto fail;
	}

	winpr_Cipher_Free(rc4Ctx);
	free(pbIn);
	free(PasswordW);
	free(PassStubW);
	*pEncryptedSize = EncryptedSize;
	return pbOut;
fail:
	winpr_Cipher_Free(rc4Ctx);
	free(PasswordW);
	free(PassStubW);
	free(pbIn);
	free(pbOut);
	return NULL;
}

static BOOL freerdp_assistance_decrypt2(rdpAssistanceFile* file, const char* password)
{
	BOOL rc = FALSE;
	int status = 0;
	size_t cbPasswordW;
	int cchOutW = 0;
	WCHAR* pbOutW = NULL;
	WINPR_CIPHER_CTX* aesDec = NULL;
	WCHAR* PasswordW = NULL;
	BYTE* pbIn = NULL;
	BYTE* pbOut = NULL;
	size_t cbOut, cbIn, cbFinal;
	BYTE DerivedKey[WINPR_AES_BLOCK_SIZE];
	BYTE InitializationVector[WINPR_AES_BLOCK_SIZE];
	BYTE PasswordHash[WINPR_SHA1_DIGEST_LENGTH];

	if (!file || !password)
		return FALSE;

	status = ConvertToUnicode(CP_UTF8, 0, password, -1, &PasswordW, 0);

	if (status <= 0)
	{
		WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Conversion from UCS2 to UTF8 failed");
		return FALSE;
	}

	cbPasswordW = (size_t)(status - 1) * 2UL;

	if (!winpr_Digest(WINPR_MD_SHA1, (BYTE*)PasswordW, cbPasswordW, PasswordHash,
	                  sizeof(PasswordHash)))
		goto fail;

	if (!freerdp_assistance_crypt_derive_key_sha1(PasswordHash, sizeof(PasswordHash), DerivedKey,
	                                              sizeof(DerivedKey)))
		goto fail;

	ZeroMemory(InitializationVector, sizeof(InitializationVector));
	aesDec =
	    winpr_Cipher_New(WINPR_CIPHER_AES_128_CBC, WINPR_DECRYPT, DerivedKey, InitializationVector);

	if (!aesDec)
		goto fail;

	cbOut = cbFinal = 0;
	cbIn = (size_t)file->EncryptedLHTicketLength;
	pbIn = (BYTE*)file->EncryptedLHTicket;
	pbOut = (BYTE*)calloc(1, cbIn + WINPR_AES_BLOCK_SIZE + 2);

	if (!pbOut)
		goto fail;

	if (!winpr_Cipher_Update(aesDec, pbIn, cbIn, pbOut, &cbOut))
		goto fail;

	if (!winpr_Cipher_Final(aesDec, pbOut + cbOut, &cbFinal))
	{
		WLog_ERR(TAG, "winpr_Cipher_Final failure");
		goto fail;
	}

	cbOut += cbFinal;
	cbFinal = 0;
	pbOutW = (WCHAR*)pbOut;

	if (cbOut > INT_MAX / 2)
		goto fail;

	cchOutW = (int)cbOut / 2;
	file->ConnectionString2 = NULL;
	status =
	    ConvertFromUnicode(CP_UTF8, 0, pbOutW, cchOutW, &file->ConnectionString2, 0, NULL, NULL);

	if (status <= 0)
	{
		WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Conversion from UCS2 to UTF8 failed");
		goto fail;
	}

	if (!freerdp_assistance_parse_connection_string2(file))
		goto fail;

	rc = TRUE;
fail:
	winpr_Cipher_Free(aesDec);
	free(PasswordW);
	free(pbOut);
	WLog_DBG(TAG, "freerdp_assistance_parse_connection_string2: %d", status);
	return rc;
}

BYTE* freerdp_assistance_hex_string_to_bin(const void* raw, size_t* size)
{
	size_t length;
	BYTE* buffer;
	size_t i;
	const char* str = (const char*)raw;
	length = strlen(str);

	if ((length % 2) != 0)
		return NULL;

	length /= 2;
	*size = length;
	buffer = (BYTE*)malloc(length);

	if (!buffer)
		return NULL;

	for (i = 0; i < length; i++)
	{
		int hn, ln;
		char c;
		hn = ln = 0;
		c = str[(i * 2) + 0];

		if ((c >= '0') && (c <= '9'))
			hn = c - '0';
		else if ((c >= 'a') && (c <= 'f'))
			hn = (c - 'a') + 10;
		else if ((c >= 'A') && (c <= 'F'))
			hn = (c - 'A') + 10;

		c = str[(i * 2) + 1];

		if ((c >= '0') && (c <= '9'))
			ln = c - '0';
		else if ((c >= 'a') && (c <= 'f'))
			ln = (c - 'a') + 10;
		else if ((c >= 'A') && (c <= 'F'))
			ln = (c - 'A') + 10;

		buffer[i] = ((hn << 4) | ln) & 0xFF;
	}

	return buffer;
}

char* freerdp_assistance_bin_to_hex_string(const void* raw, size_t size)
{
	size_t i;
	char* p;
	int ln, hn;
	const char* data = (const char*)raw;
	char bin2hex[] = "0123456789ABCDEF";
	p = (char*)calloc((size + 1), 2);

	if (!p)
		return NULL;

	for (i = 0; i < size; i++)
	{
		ln = data[i] & 0xF;
		hn = (data[i] >> 4) & 0xF;
		p[i * 2] = bin2hex[hn];
		p[(i * 2) + 1] = bin2hex[ln];
	}

	p[size * 2] = '\0';
	return p;
}

int freerdp_assistance_parse_file_buffer(rdpAssistanceFile* file, const char* buffer, size_t size,
                                         const char* password)
{
	char* p;
	char* q;
	char* r;
	int status;
	size_t length;
	p = strstr(buffer, "UPLOADINFO");

	if (p)
	{
		p = strstr(p + sizeof("UPLOADINFO") - 1, "TYPE=\"");

		if (!p)
		{
			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Missing UPLOADINFO TYPE");
			return -1;
		}

		p = strstr(buffer, "UPLOADDATA");

		if (!p)
		{
			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Missing UPLOADDATA");
			return -1;
		}

		/* Parse USERNAME */
		p = strstr(buffer, "USERNAME=\"");

		if (p)
		{
			p += sizeof("USERNAME=\"") - 1;
			q = strchr(p, '"');

			if (!q)
			{
				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid USERNAME=%s", p);
				return -1;
			}

			length = q - p;
			file->Username = (char*)malloc(length + 1);

			if (!file->Username)
				return -1;

			CopyMemory(file->Username, p, length);
			file->Username[length] = '\0';
		}

		/* Parse LHTICKET */
		p = strstr(buffer, "LHTICKET=\"");

		if (p)
		{
			p += sizeof("LHTICKET=\"") - 1;
			q = strchr(p, '"');

			if (!q)
			{
				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid LHTICKET=%s", p);
				return -1;
			}

			length = q - p;
			file->LHTicket = (char*)malloc(length + 1);

			if (!file->LHTicket)
				return -1;

			CopyMemory(file->LHTicket, p, length);
			file->LHTicket[length] = '\0';
		}

		/* Parse RCTICKET */
		p = strstr(buffer, "RCTICKET=\"");

		if (p)
		{
			p += sizeof("RCTICKET=\"") - 1;
			q = strchr(p, '"');

			if (!q)
			{
				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid RCTICKET=%s", p);
				return -1;
			}

			length = q - p;
			file->RCTicket = (char*)malloc(length + 1);

			if (!file->RCTicket)
				return -1;

			CopyMemory(file->RCTicket, p, length);
			file->RCTicket[length] = '\0';
		}

		/* Parse RCTICKETENCRYPTED */
		p = strstr(buffer, "RCTICKETENCRYPTED=\"");

		if (p)
		{
			p += sizeof("RCTICKETENCRYPTED=\"") - 1;
			q = strchr(p, '"');

			if (!q)
			{
				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid RCTICKETENCRYPTED=%s", p);
				return -1;
			}

			length = q - p;

			if ((length == 1) && (p[0] == '1'))
				file->RCTicketEncrypted = TRUE;
		}

		/* Parse PassStub */
		p = strstr(buffer, "PassStub=\"");

		if (p)
		{
			p += sizeof("PassStub=\"") - 1;
			q = strchr(p, '"');

			if (!q)
			{
				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid PassStub=%s", p);
				return -1;
			}

			length = q - p;
			file->PassStub = (char*)malloc(length + 1);

			if (!file->PassStub)
				return -1;

			CopyMemory(file->PassStub, p, length);
			file->PassStub[length] = '\0';
		}

		/* Parse DtStart */
		p = strstr(buffer, "DtStart=\"");

		if (p)
		{
			p += sizeof("DtStart=\"") - 1;
			q = strchr(p, '"');

			if (!q)
			{
				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid DtStart=%s", p);
				return -1;
			}

			length = q - p;
			r = (char*)malloc(length + 1);

			if (!r)
				return -1;

			CopyMemory(r, p, length);
			r[length] = '\0';
			errno = 0;
			{
				unsigned long val = strtoul(r, NULL, 0);

				if ((errno != 0) || (val > UINT32_MAX))
				{
					WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid DtStart value %s", r);
					free(r);
					return -1;
				}

				free(r);
				file->DtStart = val;
			}
		}

		/* Parse DtLength */
		p = strstr(buffer, "DtLength=\"");

		if (p)
		{
			p += sizeof("DtLength=\"") - 1;
			q = strchr(p, '"');

			if (!q)
			{
				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid DtLength=%s", p);
				return -1;
			}

			length = q - p;
			r = (char*)malloc(length + 1);

			if (!r)
				return -1;

			CopyMemory(r, p, length);
			r[length] = '\0';
			errno = 0;
			{
				unsigned long val = strtoul(r, NULL, 0);

				if ((errno != 0) || (val > UINT32_MAX))
				{
					WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid DtLength value %s", r);
					free(r);
					return -1;
				}

				free(r);
				file->DtLength = val;
			}
		}

		/* Parse L (LowSpeed) */
		p = strstr(buffer, " L=\"");

		if (p)
		{
			p += sizeof(" L=\"") - 1;
			q = strchr(p, '"');

			if (!q)
			{
				WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Invalid L=%s", p);
				return -1;
			}

			length = q - p;

			if ((length == 1) && (p[0] == '1'))
				file->LowSpeed = TRUE;
		}

		file->Type = (file->LHTicket) ? 2 : 1;
		status = 0;

		switch (file->Type)
		{
			case 2:
			{
				file->EncryptedLHTicket = freerdp_assistance_hex_string_to_bin(
				    file->LHTicket, &file->EncryptedLHTicketLength);

				if (!freerdp_assistance_decrypt2(file, password))
					status = -1;
			}
			break;

			case 1:
			{
				if (!freerdp_assistance_parse_connection_string1(file))
					status = -1;
			}
			break;

			default:
				return -1;
		}

		if (status < 0)
		{
			WLog_ERR(TAG, "freerdp_assistance_parse_connection_string1 failure: %d", status);
			return -1;
		}

		file->EncryptedPassStub = freerdp_assistance_encrypt_pass_stub(
		    password, file->PassStub, &file->EncryptedPassStubLength);

		if (!file->EncryptedPassStub)
			return -1;

		return 1;
	}

	p = strstr(buffer, "<E>");

	if (p)
	{
		q = strstr(buffer, "</E>");

		if (!q)
		{
			WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Missing </E> tag");
			return -1;
		}

		q += sizeof("</E>") - 1;
		length = q - p;
		file->ConnectionString2 = (char*)malloc(length + 1);

		if (!file->ConnectionString2)
			return -1;

		CopyMemory(file->ConnectionString2, p, length);
		file->ConnectionString2[length] = '\0';

		if (!freerdp_assistance_parse_connection_string2(file))
			return -1;

		return 1;
	}

	WLog_ERR(TAG, "Failed to parse ASSISTANCE file: Neither UPLOADINFO nor <E> found");
	return -1;
}

int freerdp_assistance_parse_file(rdpAssistanceFile* file, const char* name, const char* password)
{
	int status;
	BYTE* buffer;
	FILE* fp = NULL;
	size_t readSize;
	INT64 fileSize;

	if (!name)
	{
		WLog_ERR(TAG, "ASSISTANCE file %s invalid name", name);
		return -1;
	}

	free(file->filename);
	free(file->password);
	file->filename = _strdup(name);
	file->password = _strdup(password);
	fp = fopen(name, "r");

	if (!fp)
	{
		WLog_ERR(TAG, "Failed to open ASSISTANCE file %s ", name);
		return -1;
	}

	_fseeki64(fp, 0, SEEK_END);
	fileSize = _ftelli64(fp);
	_fseeki64(fp, 0, SEEK_SET);

	if (fileSize < 1)
	{
		WLog_ERR(TAG, "Failed to read ASSISTANCE file %s ", name);
		fclose(fp);
		return -1;
	}

	buffer = (BYTE*)malloc(fileSize + 2);

	if (!buffer)
	{
		fclose(fp);
		return -1;
	}

	readSize = fread(buffer, fileSize, 1, fp);

	if (!readSize)
	{
		if (!ferror(fp))
			readSize = fileSize;
	}

	fclose(fp);

	if (readSize < 1)
	{
		WLog_ERR(TAG, "Failed to read ASSISTANCE file %s ", name);
		free(buffer);
		buffer = NULL;
		return -1;
	}

	buffer[fileSize] = '\0';
	buffer[fileSize + 1] = '\0';
	status = freerdp_assistance_parse_file_buffer(file, (char*)buffer, fileSize, password);
	free(buffer);
	return status;
}

BOOL freerdp_assistance_populate_settings_from_assistance_file(rdpAssistanceFile* file,
                                                               rdpSettings* settings)
{
	UINT32 i;

	if (!freerdp_settings_set_bool(settings, FreeRDP_RemoteAssistanceMode, TRUE))
		return FALSE;

	if (!file->RASessionId || !file->MachineAddresses)
		return FALSE;

	if (!freerdp_settings_set_string(settings, FreeRDP_RemoteAssistanceSessionId,
	                                 file->RASessionId))
		return FALSE;

	if (file->RCTicket)
	{
		if (!freerdp_settings_set_string(settings, FreeRDP_RemoteAssistanceRCTicket,
		                                 file->RCTicket))
			return FALSE;
	}
	else
	{
		if (!freerdp_settings_set_string(settings, FreeRDP_RemoteAssistanceRCTicket,
		                                 file->ConnectionString2))
			return FALSE;
	}

	if (file->PassStub)
	{
		if (!freerdp_settings_set_string(settings, FreeRDP_RemoteAssistancePassStub,
		                                 file->PassStub))
			return FALSE;
	}

	if (!freerdp_settings_set_string(settings, FreeRDP_ServerHostname, file->MachineAddresses[0]))
		return FALSE;

	if (!freerdp_settings_set_string(settings, FreeRDP_AssistanceFile, file->filename))
		return FALSE;

	if (!freerdp_settings_set_string(settings, FreeRDP_RemoteAssistancePassword, file->password))
		return FALSE;

	if (file->Username)
	{
		if (!freerdp_settings_set_string(settings, FreeRDP_Username, file->Username))
			return FALSE;
	}

	settings->RemoteAssistanceMode = TRUE;

	if (!freerdp_settings_set_uint32(settings, FreeRDP_ServerPort, file->MachinePorts[0]))
		return FALSE;

	freerdp_target_net_addresses_free(settings);
	settings->TargetNetAddressCount = file->MachineCount;

	if (settings->TargetNetAddressCount)
	{
		settings->TargetNetAddresses = (char**)calloc(file->MachineCount, sizeof(char*));
		settings->TargetNetPorts = (UINT32*)calloc(file->MachineCount, sizeof(UINT32));

		if (!settings->TargetNetAddresses || !settings->TargetNetPorts)
			return FALSE;

		for (i = 0; i < settings->TargetNetAddressCount; i++)
		{
			settings->TargetNetAddresses[i] = _strdup(file->MachineAddresses[i]);
			settings->TargetNetPorts[i] = file->MachinePorts[i];

			if (!settings->TargetNetAddresses[i])
				return FALSE;
		}
	}

	return TRUE;
}

rdpAssistanceFile* freerdp_assistance_file_new(void)
{
	winpr_InitializeSSL(WINPR_SSL_INIT_DEFAULT);
	return (rdpAssistanceFile*)calloc(1, sizeof(rdpAssistanceFile));
}

void freerdp_assistance_file_free(rdpAssistanceFile* file)
{
	UINT32 i;

	if (!file)
		return;

	free(file->filename);
	free(file->password);
	free(file->Username);
	free(file->LHTicket);
	free(file->RCTicket);
	free(file->PassStub);
	free(file->ConnectionString1);
	free(file->ConnectionString2);
	free(file->EncryptedLHTicket);
	free(file->RASessionId);
	free(file->RASpecificParams);
	free(file->EncryptedPassStub);

	for (i = 0; i < file->MachineCount; i++)
	{
		free(file->MachineAddresses[i]);
	}

	free(file->MachineAddresses);
	free(file->MachinePorts);
	free(file);
}

void freerdp_assistance_print_file(rdpAssistanceFile* file, wLog* log, DWORD level)
{
	size_t x;
	WLog_Print(log, level, "Username: %s", file->Username);
	WLog_Print(log, level, "LHTicket: %s", file->LHTicket);
	WLog_Print(log, level, "RCTicket: %s", file->RCTicket);
	WLog_Print(log, level, "RCTicketEncrypted: %" PRId32, file->RCTicketEncrypted);
	WLog_Print(log, level, "PassStub: %s", file->PassStub);
	WLog_Print(log, level, "DtStart: %" PRIu32, file->DtStart);
	WLog_Print(log, level, "DtLength: %" PRIu32, file->DtLength);
	WLog_Print(log, level, "LowSpeed: %" PRId32, file->LowSpeed);
	WLog_Print(log, level, "RASessionId: %s", file->RASessionId);
	WLog_Print(log, level, "RASpecificParams: %s", file->RASpecificParams);

	for (x = 0; x < file->MachineCount; x++)
	{
		WLog_Print(log, level, "MachineAddress [%" PRIdz ": %s", x, file->MachineAddresses[x]);
		WLog_Print(log, level, "MachinePort    [%" PRIdz ": %" PRIu32, x, file->MachinePorts[x]);
	}
}

BOOL freerdp_assistance_get_encrypted_pass_stub(rdpAssistanceFile* file, const char** pwd,
                                                size_t* size)
{
	if (!file || !pwd || !size)
		return FALSE;

	*pwd = (const char*)file->EncryptedPassStub;
	*size = file->EncryptedPassStubLength;
	return TRUE;
}

int freerdp_assistance_set_connection_string2(rdpAssistanceFile* file, const char* string,
                                              const char* password)
{
	if (!file || !string || !password)
		return -1;

	free(file->ConnectionString2);
	free(file->password);
	file->ConnectionString2 = _strdup(string);
	file->password = _strdup(password);
	return freerdp_assistance_parse_connection_string2(file);
}