int nla_recv_pdu(rdpNla* nla, wStream* s)
{
if (nla_decode_ts_request(nla, s) < 1)
return -1;
if (nla->errorCode)
{
WLog_ERR(TAG, "SPNEGO failed with NTSTATUS: %08X", nla->errorCode);
freerdp_set_last_error(nla->instance->context, nla->errorCode);
return -1;
}
if (nla_client_recv(nla) < 1)
return -1;
return 1;
}
BOOL transport_connect_nla(rdpTransport* transport)
{
rdpContext* context = transport->context;
rdpSettings* settings = context->settings;
freerdp* instance = context->instance;
rdpRdp* rdp = context->rdp;
if (!transport_connect_tls(transport))
return FALSE;
if (!settings->Authentication)
return TRUE;
rdp->nla = nla_new(instance, transport, settings);
if (!rdp->nla)
return FALSE;
transport_set_nla_mode(transport, TRUE);
if (settings->AuthenticationServiceClass)
{
rdp->nla->ServicePrincipalName =
nla_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname);
if (!rdp->nla->ServicePrincipalName)
return FALSE;
}
if (nla_client_begin(rdp->nla) < 0)
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
transport_set_nla_mode(transport, FALSE);
return FALSE;
}
rdp_client_transition_to_state(rdp, CONNECTION_STATE_NLA);
return TRUE;
}
static BOOL freerdp_tcp_resolve_hostname(rdpContext* context, const char* hostname)
{
int status;
struct addrinfo hints = { 0 };
struct addrinfo* result = NULL;
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
status = getaddrinfo(hostname, NULL, &hints, &result);
if (status)
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_DNS_NAME_NOT_FOUND);
return FALSE;
}
freeaddrinfo(result);
return TRUE;
}
int nla_client_init(rdpNla* nla)
{
char* spn;
int length;
rdpTls* tls = NULL;
BOOL PromptPassword = FALSE;
freerdp* instance = nla->instance;
rdpSettings* settings = nla->settings;
WINPR_SAM* sam;
WINPR_SAM_ENTRY* entry;
nla->state = NLA_STATE_INITIAL;
if (settings->RestrictedAdminModeRequired)
settings->DisableCredentialsDelegation = TRUE;
if ((!settings->Password) || (!settings->Username)
|| (!strlen(settings->Username)))
{
PromptPassword = TRUE;
}
if (PromptPassword && settings->Username && strlen(settings->Username))
{
sam = SamOpen(TRUE);
if (sam)
{
entry = SamLookupUserA(sam, settings->Username, strlen(settings->Username), NULL, 0);
if (entry)
{
/**
* The user could be found in SAM database.
* Use entry in SAM database later instead of prompt
*/
PromptPassword = FALSE;
SamFreeEntry(sam, entry);
}
SamClose(sam);
}
}
#ifndef _WIN32
if (PromptPassword)
{
if (settings->RestrictedAdminModeRequired)
{
if ((settings->PasswordHash) && (strlen(settings->PasswordHash) > 0))
PromptPassword = FALSE;
}
}
#endif
if (PromptPassword)
{
if (instance->Authenticate)
{
BOOL proceed = instance->Authenticate(instance,
&settings->Username, &settings->Password, &settings->Domain);
if (!proceed)
{
freerdp_set_last_error(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
return 0;
}
}
}
if (!settings->Username)
{
nla_identity_free(nla->identity);
nla->identity = NULL;
}
else
sspi_SetAuthIdentity(nla->identity, settings->Username, settings->Domain,
settings->Password);
#ifndef _WIN32
{
SEC_WINNT_AUTH_IDENTITY* identity = nla->identity;
if (!identity)
{
WLog_ERR(TAG, "NLA identity=%p", identity);
return -1;
}
if (settings->RestrictedAdminModeRequired)
{
if (settings->PasswordHash)
{
if (strlen(settings->PasswordHash) == 32)
{
free(identity->Password);
identity->PasswordLength = ConvertToUnicode(CP_UTF8, 0,
settings->PasswordHash, -1, &identity->Password, 0) - 1;
/**
* Multiply password hash length by 64 to obtain a length exceeding
* the maximum (256) and use it this for hash identification in WinPR.
*/
identity->PasswordLength = 32 * 64; /* 2048 */
}
}
}
}
#endif
tls = nla->transport->tls;
if (!tls)
{
WLog_ERR(TAG, "Unknown NLA transport layer");
return -1;
}
if (!sspi_SecBufferAlloc(&nla->PublicKey, tls->PublicKeyLength))
{
WLog_ERR(TAG, "Failed to allocate sspic secBuffer");
return -1;
}
CopyMemory(nla->PublicKey.pvBuffer, tls->PublicKey, tls->PublicKeyLength);
length = sizeof(TERMSRV_SPN_PREFIX) + strlen(settings->ServerHostname);
spn = (SEC_CHAR*) malloc(length + 1);
if (!spn)
return -1;
sprintf(spn, "%s%s", TERMSRV_SPN_PREFIX, settings->ServerHostname);
#ifdef UNICODE
nla->ServicePrincipalName = NULL;
ConvertToUnicode(CP_UTF8, 0, spn, -1, &nla->ServicePrincipalName, 0);
free(spn);
#else
nla->ServicePrincipalName = spn;
#endif
nla->table = InitSecurityInterfaceEx(0);
nla->status = nla->table->QuerySecurityPackageInfo(NLA_PKG_NAME, &nla->pPackageInfo);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "QuerySecurityPackageInfo status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
nla->cbMaxToken = nla->pPackageInfo->cbMaxToken;
nla->status = nla->table->AcquireCredentialsHandle(NULL, NLA_PKG_NAME,
SECPKG_CRED_OUTBOUND, NULL, nla->identity, NULL, NULL, &nla->credentials,
&nla->expiration);
if (nla->status != SEC_E_OK)
{
WLog_ERR(TAG, "AcquireCredentialsHandle status %s [%08X]",
GetSecurityStatusString(nla->status), nla->status);
return -1;
}
nla->haveContext = FALSE;
nla->haveInputBuffer = FALSE;
nla->havePubKeyAuth = FALSE;
ZeroMemory(&nla->inputBuffer, sizeof(SecBuffer));
ZeroMemory(&nla->outputBuffer, sizeof(SecBuffer));
ZeroMemory(&nla->ContextSizes, sizeof(SecPkgContext_Sizes));
/*
* from tspkg.dll: 0x00000132
* ISC_REQ_MUTUAL_AUTH
* ISC_REQ_CONFIDENTIALITY
* ISC_REQ_USE_SESSION_KEY
* ISC_REQ_ALLOCATE_MEMORY
*/
nla->fContextReq = ISC_REQ_MUTUAL_AUTH | ISC_REQ_CONFIDENTIALITY | ISC_REQ_USE_SESSION_KEY;
return 1;
}
BOOL rdp_client_connect(rdpRdp* rdp)
{
BOOL ret;
rdpSettings* settings = rdp->settings;
if (rdp->settingsCopy)
{
freerdp_settings_free(rdp->settingsCopy);
rdp->settingsCopy = NULL;
}
rdp->settingsCopy = freerdp_settings_clone(settings);
if (!rdp->settingsCopy)
return FALSE;
nego_init(rdp->nego);
nego_set_target(rdp->nego, settings->ServerHostname, settings->ServerPort);
if (settings->GatewayEnabled)
{
char* user = NULL;
char* domain = NULL;
char* cookie = NULL;
int user_length = 0;
int domain_length = 0;
int cookie_length = 0;
if (settings->Username)
{
user = settings->Username;
user_length = strlen(settings->Username);
}
if (settings->Domain)
domain = settings->Domain;
else
domain = settings->ComputerName;
domain_length = strlen(domain);
cookie_length = domain_length + 1 + user_length;
cookie = (char*) malloc(cookie_length + 1);
if (!cookie)
return FALSE;
CopyMemory(cookie, domain, domain_length);
CharUpperBuffA(cookie, domain_length);
cookie[domain_length] = '\\';
if (settings->Username)
CopyMemory(&cookie[domain_length + 1], user, user_length);
cookie[cookie_length] = '\0';
ret = nego_set_cookie(rdp->nego, cookie);
free(cookie);
}
else
{
ret = nego_set_cookie(rdp->nego, settings->Username);
}
if (!ret)
return FALSE;
nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
nego_enable_rdp(rdp->nego, settings->RdpSecurity);
nego_enable_tls(rdp->nego, settings->TlsSecurity);
nego_enable_nla(rdp->nego, settings->NlaSecurity);
nego_enable_ext(rdp->nego, settings->ExtSecurity);
if (settings->MstscCookieMode)
settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
if (settings->LoadBalanceInfo)
{
if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength))
return FALSE;
}
if (!nego_connect(rdp->nego))
{
if (!freerdp_get_last_error(rdp->context))
{
freerdp_set_last_error(rdp->context, FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
}
WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
return FALSE;
}
if ((rdp->nego->selected_protocol & PROTOCOL_TLS) || (rdp->nego->selected_protocol == PROTOCOL_RDP))
{
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
settings->AutoLogonEnabled = TRUE;
}
rdp_set_blocking_mode(rdp, FALSE);
rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO);
rdp->finalize_sc_pdus = 0;
if (!mcs_send_connect_initial(rdp->mcs))
{
if (!connectErrorCode)
{
connectErrorCode = MCSCONNECTINITIALERROR;
}
if (!freerdp_get_last_error(rdp->context))
{
freerdp_set_last_error(rdp->context, FREERDP_ERROR_MCS_CONNECT_INITIAL_ERROR);
}
WLog_ERR(TAG, "Error: unable to send MCS Connect Initial");
return FALSE;
}
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
if (rdp_check_fds(rdp) < 0)
{
if (!freerdp_get_last_error(rdp->context))
{
freerdp_set_last_error(rdp->context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
}
return FALSE;
}
}
return TRUE;
}
/** Creates a new connection based on the settings found in the "instance" parameter
* It will use the callbacks registered on the structure to process the pre/post connect operations
* that the caller requires.
* @see struct rdp_freerdp in freerdp.h
*
* @param instance - pointer to a rdp_freerdp structure that contains base information to establish the connection.
* On return, this function will be initialized with the new connection's settings.
*
* @return TRUE if successful. FALSE otherwise.
*
*/
BOOL freerdp_connect(freerdp* instance)
{
rdpRdp* rdp;
rdpSettings* settings;
BOOL status = FALSE;
ConnectionResultEventArgs e;
/* We always set the return code to 0 before we start the connect sequence*/
connectErrorCode = 0;
freerdp_set_last_error(instance->context, FREERDP_ERROR_SUCCESS);
rdp = instance->context->rdp;
settings = instance->settings;
IFCALLRET(instance->PreConnect, status, instance);
if (settings->KeyboardLayout == KBD_JAPANESE_INPUT_SYSTEM_MS_IME2002)
{
settings->KeyboardType = 7;
settings->KeyboardSubType = 2;
settings->KeyboardFunctionKey = 12;
}
extension_load_and_init_plugins(rdp->extension);
extension_pre_connect(rdp->extension);
if (!status)
{
if (!connectErrorCode)
{
connectErrorCode = PREECONNECTERROR;
}
if (!freerdp_get_last_error(rdp->context))
{
freerdp_set_last_error(instance->context, FREERDP_ERROR_PRE_CONNECT_FAILED);
}
fprintf(stderr, "%s:%d: freerdp_pre_connect failed\n", __FILE__, __LINE__);
goto freerdp_connect_finally;
}
status = rdp_client_connect(rdp);
/* --authonly tests the connection without a UI */
if (instance->settings->AuthenticationOnly)
{
fprintf(stderr, "%s:%d: Authentication only, exit status %d\n", __FILE__, __LINE__, !status);
goto freerdp_connect_finally;
}
if (status)
{
if (instance->settings->DumpRemoteFx)
{
instance->update->pcap_rfx = pcap_open(instance->settings->DumpRemoteFxFile, TRUE);
if (instance->update->pcap_rfx)
instance->update->dump_rfx = TRUE;
}
extension_post_connect(rdp->extension);
IFCALLRET(instance->PostConnect, status, instance);
update_post_connect(instance->update);
if (!status)
{
fprintf(stderr, "freerdp_post_connect failed\n");
if (!connectErrorCode)
{
connectErrorCode = POSTCONNECTERROR;
}
if (!freerdp_get_last_error(rdp->context))
{
freerdp_set_last_error(instance->context, FREERDP_ERROR_POST_CONNECT_FAILED);
}
goto freerdp_connect_finally;
}
if (instance->settings->PlayRemoteFx)
{
wStream* s;
rdpUpdate* update;
pcap_record record;
update = instance->update;
update->pcap_rfx = pcap_open(settings->PlayRemoteFxFile, FALSE);
if (!update->pcap_rfx)
{
status = FALSE;
goto freerdp_connect_finally;
}
else
{
update->play_rfx = TRUE;
}
while (pcap_has_next_record(update->pcap_rfx))
{
pcap_get_next_record_header(update->pcap_rfx, &record);
s = StreamPool_Take(rdp->transport->ReceivePool, record.length);
record.data = Stream_Buffer(s);
pcap_get_next_record_content(update->pcap_rfx, &record);
Stream_SetLength(s,record.length);
Stream_SetPosition(s, 0);
update->BeginPaint(update->context);
update_recv_surfcmds(update, Stream_Length(s) , s);
update->EndPaint(update->context);
Stream_Release(s);
StreamPool_Return(rdp->transport->ReceivePool, s);
}
pcap_close(update->pcap_rfx);
update->pcap_rfx = NULL;
status = TRUE;
goto freerdp_connect_finally;
}
}
if (rdp->errorInfo == ERRINFO_SERVER_INSUFFICIENT_PRIVILEGES)
{
connectErrorCode = INSUFFICIENTPRIVILEGESERROR;
freerdp_set_last_error(instance->context, FREERDP_ERROR_INSUFFICIENT_PRIVILEGES);
}
SetEvent(rdp->transport->connectedEvent);
freerdp_connect_finally:
EventArgsInit(&e, "freerdp");
e.result = status ? 0 : -1;
PubSub_OnConnectionResult(instance->context->pubSub, instance->context, &e);
return status;
}
BOOL transport_tsg_connect(rdpTransport* transport, const char* hostname, UINT16 port)
{
rdpTsg* tsg;
int tls_status;
freerdp* instance;
rdpContext* context;
rdpSettings *settings = transport->settings;
instance = (freerdp*) transport->settings->instance;
context = instance->context;
tsg = tsg_new(transport);
if (!tsg)
return FALSE;
tsg->transport = transport;
transport->tsg = tsg;
transport->SplitInputOutput = TRUE;
if (!transport->TlsIn)
{
transport->TlsIn = tls_new(settings);
if (!transport->TlsIn)
return FALSE;
}
if (!transport->TlsOut)
{
transport->TlsOut = tls_new(settings);
if (!transport->TlsOut)
return FALSE;
}
/* put a decent default value for gateway port */
if (!settings->GatewayPort)
settings->GatewayPort = 443;
transport->TlsIn->hostname = transport->TlsOut->hostname = settings->GatewayHostname;
transport->TlsIn->port = transport->TlsOut->port = settings->GatewayPort;
transport->TlsIn->isGatewayTransport = TRUE;
tls_status = tls_connect(transport->TlsIn, transport->TcpIn->bufferedBio);
if (tls_status < 1)
{
if (tls_status < 0)
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
}
else
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_CONNECT_CANCELLED);
}
return FALSE;
}
transport->TlsOut->isGatewayTransport = TRUE;
tls_status = tls_connect(transport->TlsOut, transport->TcpOut->bufferedBio);
if (tls_status < 1)
{
if (tls_status < 0)
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
}
else
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_CONNECT_CANCELLED);
}
return FALSE;
}
if (!tsg_connect(tsg, hostname, port))
return FALSE;
transport->frontBio = BIO_new(BIO_s_tsg());
transport->frontBio->ptr = tsg;
return TRUE;
}
BOOL transport_connect_nla(rdpTransport* transport)
{
freerdp* instance;
rdpSettings* settings;
rdpCredssp *credSsp;
settings = transport->settings;
instance = (freerdp*) settings->instance;
if (!transport_connect_tls(transport))
return FALSE;
/* Network Level Authentication */
if (!settings->Authentication)
return TRUE;
if (!transport->credssp)
{
transport->credssp = credssp_new(instance, transport, settings);
if (!transport->credssp)
return FALSE;
transport_set_nla_mode(transport, TRUE);
if (settings->AuthenticationServiceClass)
{
transport->credssp->ServicePrincipalName =
credssp_make_spn(settings->AuthenticationServiceClass, settings->ServerHostname);
if (!transport->credssp->ServicePrincipalName)
return FALSE;
}
}
credSsp = transport->credssp;
if (credssp_authenticate(credSsp) < 0)
{
if (!connectErrorCode)
connectErrorCode = AUTHENTICATIONERROR;
if (!freerdp_get_last_error(instance->context))
{
freerdp_set_last_error(instance->context, FREERDP_ERROR_AUTHENTICATION_FAILED);
}
fprintf(stderr, "Authentication failure, check credentials.\n"
"If credentials are valid, the NTLMSSP implementation may be to blame.\n");
transport_set_nla_mode(transport, FALSE);
credssp_free(credSsp);
transport->credssp = NULL;
return FALSE;
}
transport_set_nla_mode(transport, FALSE);
credssp_free(credSsp);
transport->credssp = NULL;
return TRUE;
}
BOOL transport_connect_tls(rdpTransport* transport)
{
rdpSettings *settings = transport->settings;
rdpTls *targetTls;
BIO *targetBio;
int tls_status;
freerdp* instance;
rdpContext* context;
instance = (freerdp*) transport->settings->instance;
context = instance->context;
if (transport->layer == TRANSPORT_LAYER_TSG)
{
transport->TsgTls = tls_new(transport->settings);
transport->layer = TRANSPORT_LAYER_TSG_TLS;
targetTls = transport->TsgTls;
targetBio = transport->frontBio;
}
else
{
if (!transport->TlsIn)
transport->TlsIn = tls_new(settings);
if (!transport->TlsOut)
transport->TlsOut = transport->TlsIn;
targetTls = transport->TlsIn;
targetBio = transport->TcpIn->bufferedBio;
transport->layer = TRANSPORT_LAYER_TLS;
}
targetTls->hostname = settings->ServerHostname;
targetTls->port = settings->ServerPort;
if (targetTls->port == 0)
targetTls->port = 3389;
targetTls->isGatewayTransport = FALSE;
tls_status = tls_connect(targetTls, targetBio);
if (tls_status < 1)
{
if (tls_status < 0)
{
if (!connectErrorCode)
connectErrorCode = TLSCONNECTERROR;
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
}
else
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_CONNECT_CANCELLED);
}
return FALSE;
}
transport->frontBio = targetTls->bio;
if (!transport->frontBio)
{
fprintf(stderr, "%s: unable to prepend a filtering TLS bio", __FUNCTION__);
return FALSE;
}
return TRUE;
}
static int freerdp_tcp_connect_multi(rdpContext* context, char** hostnames,
UINT32* ports, int count, int port,
int timeout)
{
int index;
int sindex;
int status;
SOCKET sockfd = -1;
SOCKET* sockfds;
HANDLE* events;
DWORD waitStatus;
char port_str[16];
struct addrinfo hints;
struct addrinfo* addr;
struct addrinfo* result;
struct addrinfo** addrs;
struct addrinfo** results;
sprintf_s(port_str, sizeof(port_str) - 1, "%d", port);
sockfds = (SOCKET*) calloc(count, sizeof(SOCKET));
events = (HANDLE*) calloc(count + 1, sizeof(HANDLE));
addrs = (struct addrinfo**) calloc(count, sizeof(struct addrinfo*));
results = (struct addrinfo**) calloc(count, sizeof(struct addrinfo*));
if (!sockfds || !events || !addrs || !results)
{
free(sockfds);
free(events);
free(addrs);
free(results);
return -1;
}
for (index = 0; index < count; index++)
{
ZeroMemory(&hints, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if (ports)
sprintf_s(port_str, sizeof(port_str) - 1, "%"PRIu32"", ports[index]);
status = getaddrinfo(hostnames[index], port_str, &hints, &result);
if (status)
{
continue;
}
addr = result;
if ((addr->ai_family == AF_INET6) && (addr->ai_next != 0))
{
while ((addr = addr->ai_next))
{
if (addr->ai_family == AF_INET)
break;
}
if (!addr)
addr = result;
}
sockfds[index] = _socket(addr->ai_family, addr->ai_socktype, addr->ai_protocol);
if (sockfds[index] == INVALID_SOCKET)
{
freeaddrinfo(result);
sockfds[index] = 0;
continue;
}
addrs[index] = addr;
results[index] = result;
}
for (index = 0; index < count; index++)
{
if (!sockfds[index])
continue;
sockfd = sockfds[index];
addr = addrs[index];
/* set socket in non-blocking mode */
events[index] = WSACreateEvent();
if (!events[index])
{
WLog_ERR(TAG, "WSACreateEvent returned 0x%08X", WSAGetLastError());
continue;
}
if (WSAEventSelect(sockfd, events[index], FD_READ | FD_WRITE | FD_CONNECT | FD_CLOSE))
{
WLog_ERR(TAG, "WSAEventSelect returned 0x%08X", WSAGetLastError());
continue;
}
/* non-blocking tcp connect */
status = _connect(sockfd, addr->ai_addr, addr->ai_addrlen);
if (status >= 0)
{
/* connection success */
break;
}
}
events[count] = context->abortEvent;
waitStatus = WaitForMultipleObjects(count + 1, events, FALSE, timeout * 1000);
sindex = waitStatus - WAIT_OBJECT_0;
for (index = 0; index < count; index++)
{
u_long arg = 0;
if (!sockfds[index])
continue;
sockfd = sockfds[index];
/* set socket in blocking mode */
if (WSAEventSelect(sockfd, NULL, 0))
{
WLog_ERR(TAG, "WSAEventSelect returned 0x%08X", WSAGetLastError());
continue;
}
if (_ioctlsocket(sockfd, FIONBIO, &arg))
{
WLog_ERR(TAG, "_ioctlsocket failed");
}
}
if ((sindex >= 0) && (sindex < count))
{
sockfd = sockfds[sindex];
}
if (sindex == count)
freerdp_set_last_error(context, FREERDP_ERROR_CONNECT_CANCELLED);
for (index = 0; index < count; index++)
{
if (results[index])
freeaddrinfo(results[index]);
CloseHandle(events[index]);
}
free(addrs);
free(results);
free(sockfds);
free(events);
return sockfd;
}
static BOOL freerdp_tcp_connect_timeout(rdpContext* context, int sockfd,
struct sockaddr* addr,
socklen_t addrlen, int timeout)
{
HANDLE handles[2];
int status = 0;
int count = 0;
u_long arg = 0;
DWORD tout = (timeout) ? timeout * 1000 : INFINITE;
handles[count] = CreateEvent(NULL, TRUE, FALSE, NULL);
if (!handles[count])
return FALSE;
status = WSAEventSelect(sockfd, handles[count++], FD_READ | FD_WRITE | FD_CONNECT | FD_CLOSE);
if (status < 0)
{
WLog_ERR(TAG, "WSAEventSelect failed with %d", WSAGetLastError());
return FALSE;
}
handles[count++] = context->abortEvent;
status = _connect(sockfd, addr, addrlen);
if (status < 0)
{
status = WSAGetLastError();
switch(status)
{
case WSAEINPROGRESS:
case WSAEWOULDBLOCK:
break;
default:
return FALSE;
}
}
status = WaitForMultipleObjects(count, handles, FALSE, tout);
if (WAIT_OBJECT_0 != status)
{
if (status == WAIT_OBJECT_0 + 1)
freerdp_set_last_error(context, FREERDP_ERROR_CONNECT_CANCELLED);
return FALSE;
}
status = recv(sockfd, NULL, 0, 0);
if (status == SOCKET_ERROR)
{
if (WSAGetLastError() == WSAECONNRESET)
return FALSE;
}
status = WSAEventSelect(sockfd, handles[0], 0);
CloseHandle(handles[0]);
if (status < 0)
{
WLog_ERR(TAG, "WSAEventSelect failed with %d", WSAGetLastError());
return FALSE;
}
if (_ioctlsocket(sockfd, FIONBIO, &arg) != 0)
return FALSE;
return TRUE;
}
/** Creates a new connection based on the settings found in the "instance" parameter
* It will use the callbacks registered on the structure to process the pre/post connect operations
* that the caller requires.
* @see struct rdp_freerdp in freerdp.h
*
* @param instance - pointer to a rdp_freerdp structure that contains base information to establish the connection.
* On return, this function will be initialized with the new connection's settings.
*
* @return TRUE if successful. FALSE otherwise.
*
*/
BOOL freerdp_connect(freerdp* instance)
{
UINT status2 = CHANNEL_RC_OK;
rdpRdp* rdp;
BOOL status = TRUE;
rdpSettings* settings;
ConnectionResultEventArgs e;
if (!instance)
return FALSE;
/* We always set the return code to 0 before we start the connect sequence*/
connectErrorCode = 0;
freerdp_set_last_error(instance->context, FREERDP_ERROR_SUCCESS);
clearChannelError(instance->context);
ResetEvent(instance->context->abortEvent);
rdp = instance->context->rdp;
settings = instance->settings;
instance->context->codecs = codecs_new(instance->context);
IFCALLRET(instance->PreConnect, status, instance);
if (status)
status2 = freerdp_channels_pre_connect(instance->context->channels,
instance);
if (settings->KeyboardLayout == KBD_JAPANESE_INPUT_SYSTEM_MS_IME2002)
{
settings->KeyboardType = 7;
settings->KeyboardSubType = 2;
settings->KeyboardFunctionKey = 12;
}
if (!status || (status2 != CHANNEL_RC_OK))
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(instance->context, FREERDP_ERROR_PRE_CONNECT_FAILED);
WLog_ERR(TAG, "freerdp_pre_connect failed");
goto freerdp_connect_finally;
}
status = rdp_client_connect(rdp);
/* --authonly tests the connection without a UI */
if (instance->settings->AuthenticationOnly)
{
WLog_ERR(TAG, "Authentication only, exit status %"PRId32"", !status);
goto freerdp_connect_finally;
}
if (!status)
goto freerdp_connect_finally;
if (status)
{
UINT status2;
if (instance->settings->DumpRemoteFx)
{
instance->update->pcap_rfx = pcap_open(instance->settings->DumpRemoteFxFile,
TRUE);
if (instance->update->pcap_rfx)
instance->update->dump_rfx = TRUE;
}
IFCALLRET(instance->PostConnect, status, instance);
if (status)
status2 = freerdp_channels_post_connect(instance->context->channels, instance);
if (!status || (status2 != CHANNEL_RC_OK)
|| !update_post_connect(instance->update))
{
WLog_ERR(TAG, "freerdp_post_connect failed");
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(instance->context, FREERDP_ERROR_POST_CONNECT_FAILED);
status = FALSE;
goto freerdp_connect_finally;
}
if (instance->settings->PlayRemoteFx)
{
wStream* s;
rdpUpdate* update;
pcap_record record;
update = instance->update;
update->pcap_rfx = pcap_open(settings->PlayRemoteFxFile, FALSE);
if (!update->pcap_rfx)
{
status = FALSE;
goto freerdp_connect_finally;
}
else
{
update->play_rfx = TRUE;
}
while (pcap_has_next_record(update->pcap_rfx))
{
pcap_get_next_record_header(update->pcap_rfx, &record);
if (!(s = StreamPool_Take(rdp->transport->ReceivePool, record.length)))
break;
record.data = Stream_Buffer(s);
pcap_get_next_record_content(update->pcap_rfx, &record);
Stream_SetLength(s, record.length);
Stream_SetPosition(s, 0);
update->BeginPaint(update->context);
update_recv_surfcmds(update, Stream_Length(s), s);
update->EndPaint(update->context);
Stream_Release(s);
}
pcap_close(update->pcap_rfx);
update->pcap_rfx = NULL;
status = TRUE;
goto freerdp_connect_finally;
}
}
if (rdp->errorInfo == ERRINFO_SERVER_INSUFFICIENT_PRIVILEGES)
freerdp_set_last_error(instance->context,
FREERDP_ERROR_INSUFFICIENT_PRIVILEGES);
SetEvent(rdp->transport->connectedEvent);
freerdp_connect_finally:
EventArgsInit(&e, "freerdp");
e.result = status ? 0 : -1;
PubSub_OnConnectionResult(instance->context->pubSub, instance->context, &e);
return status;
}
BOOL rts_connect(rdpRpc* rpc)
{
RPC_PDU* pdu;
rpcconn_rts_hdr_t* rts;
HttpResponse* http_response;
freerdp* instance = (freerdp*) rpc->settings->instance;
rdpContext* context = instance->context;
/**
* Connection Opening
*
* When opening a virtual connection to the server, an implementation of this protocol MUST perform
* the following sequence of steps:
*
* 1. Send an IN channel request as specified in section 2.1.2.1.1, containing the connection timeout,
* ResourceType UUID, and Session UUID values, if any, supplied by the higher-layer protocol or application.
*
* 2. Send an OUT channel request as specified in section 2.1.2.1.2.
*
* 3. Send a CONN/A1 RTS PDU as specified in section 2.2.4.2
*
* 4. Send a CONN/B1 RTS PDU as specified in section 2.2.4.5
*
* 5. Wait for the connection establishment protocol sequence as specified in 3.2.1.5.3.1 to complete
*
* An implementation MAY execute steps 1 and 2 in parallel. An implementation SHOULD execute steps
* 3 and 4 in parallel. An implementation MUST execute step 3 after completion of step 1 and execute
* step 4 after completion of step 2.
*
*/
rpc->VirtualConnection->State = VIRTUAL_CONNECTION_STATE_INITIAL;
WLog_DBG(TAG, "VIRTUAL_CONNECTION_STATE_INITIAL");
rpc->client->SynchronousSend = TRUE;
rpc->client->SynchronousReceive = TRUE;
if (!rpc_ntlm_http_out_connect(rpc))
{
WLog_ERR(TAG, "rpc_out_connect_http error!");
return FALSE;
}
if (rts_send_CONN_A1_pdu(rpc) != 0)
{
WLog_ERR(TAG, "rpc_send_CONN_A1_pdu error!");
return FALSE;
}
if (!rpc_ntlm_http_in_connect(rpc))
{
WLog_ERR(TAG, "rpc_in_connect_http error!");
return FALSE;
}
if (rts_send_CONN_B1_pdu(rpc) < 0)
{
WLog_ERR(TAG, "rpc_send_CONN_B1_pdu error!");
return FALSE;
}
rpc->VirtualConnection->State = VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT;
WLog_DBG(TAG, "VIRTUAL_CONNECTION_STATE_OUT_CHANNEL_WAIT");
/**
* Receive OUT Channel Response
*
* A client implementation MUST NOT accept the OUT channel HTTP response in any state other than
* Out Channel Wait. If received in any other state, this HTTP response is a protocol error. Therefore,
* the client MUST consider the virtual connection opening a failure and indicate this to higher layers
* in an implementation-specific way. The Microsoft Windows® implementation returns
* RPC_S_PROTOCOL_ERROR, as specified in [MS-ERREF], to higher-layer protocols.
*
* If this HTTP response is received in Out Channel Wait state, the client MUST process the fields of
* this response as defined in this section.
*
* First, the client MUST determine whether the response indicates a success or a failure. If the status
* code is set to 200, the client MUST interpret this as a success, and it MUST do the following:
*
* 1. Ignore the values of all other header fields.
*
* 2. Transition to Wait_A3W state.
*
* 3. Wait for network events.
*
* 4. Skip the rest of the processing in this section.
*
* If the status code is not set to 200, the client MUST interpret this as a failure and follow the same
* processing rules as specified in section 3.2.2.5.6.
*
*/
http_response = http_response_recv(rpc->TlsOut);
if (!http_response)
{
WLog_ERR(TAG, "unable to retrieve OUT Channel Response!");
return FALSE;
}
if (http_response->StatusCode != HTTP_STATUS_OK)
{
WLog_ERR(TAG, "error! Status Code: %d", http_response->StatusCode);
http_response_print(http_response);
http_response_free(http_response);
if (http_response->StatusCode == HTTP_STATUS_DENIED)
{
if (!connectErrorCode)
{
connectErrorCode = AUTHENTICATIONERROR;
}
if (!freerdp_get_last_error(context))
{
freerdp_set_last_error(context, FREERDP_ERROR_AUTHENTICATION_FAILED);
}
}
return FALSE;
}
if (http_response->bodyLen)
{
/* inject bytes we have read in the body as a received packet for the RPC client */
rpc->client->RecvFrag = rpc_client_fragment_pool_take(rpc);
Stream_EnsureCapacity(rpc->client->RecvFrag, http_response->bodyLen);
CopyMemory(rpc->client->RecvFrag, http_response->BodyContent, http_response->bodyLen);
}
//http_response_print(http_response);
http_response_free(http_response);
rpc->VirtualConnection->State = VIRTUAL_CONNECTION_STATE_WAIT_A3W;
WLog_DBG(TAG, "VIRTUAL_CONNECTION_STATE_WAIT_A3W");
/**
* Receive CONN_A3 RTS PDU
*
* A client implementation MUST NOT accept the CONN/A3 RTS PDU in any state other than
* Wait_A3W. If received in any other state, this PDU is a protocol error and the client
* MUST consider the virtual connection opening a failure and indicate this to higher
* layers in an implementation-specific way.
*
* Set the ConnectionTimeout in the Ping Originator of the Client's IN Channel to the
* ConnectionTimeout in the CONN/A3 PDU.
*
* If this RTS PDU is received in Wait_A3W state, the client MUST transition the state
* machine to Wait_C2 state and wait for network events.
*
*/
rpc_client_start(rpc);
pdu = rpc_recv_dequeue_pdu(rpc);
if (!pdu)
return FALSE;
rts = (rpcconn_rts_hdr_t*) Stream_Buffer(pdu->s);
if (!rts_match_pdu_signature(rpc, &RTS_PDU_CONN_A3_SIGNATURE, rts))
{
WLog_ERR(TAG, "unexpected RTS PDU: Expected CONN/A3");
return FALSE;
}
rts_recv_CONN_A3_pdu(rpc, Stream_Buffer(pdu->s), Stream_Length(pdu->s));
rpc_client_receive_pool_return(rpc, pdu);
rpc->VirtualConnection->State = VIRTUAL_CONNECTION_STATE_WAIT_C2;
WLog_DBG(TAG, "VIRTUAL_CONNECTION_STATE_WAIT_C2");
/**
* Receive CONN_C2 RTS PDU
*
* A client implementation MUST NOT accept the CONN/C2 RTS PDU in any state other than Wait_C2.
* If received in any other state, this PDU is a protocol error and the client MUST consider the virtual
* connection opening a failure and indicate this to higher layers in an implementation-specific way.
*
* If this RTS PDU is received in Wait_C2 state, the client implementation MUST do the following:
*
* 1. Transition the state machine to opened state.
*
* 2. Set the connection time-out protocol variable to the value of the ConnectionTimeout field from
* the CONN/C2 RTS PDU.
*
* 3. Set the PeerReceiveWindow value in the SendingChannel of the Client IN Channel to the
* ReceiveWindowSize value in the CONN/C2 PDU.
*
* 4. Indicate to higher-layer protocols that the virtual connection opening is a success.
*
*/
pdu = rpc_recv_dequeue_pdu(rpc);
if (!pdu)
return FALSE;
rts = (rpcconn_rts_hdr_t*) Stream_Buffer(pdu->s);
if (!rts_match_pdu_signature(rpc, &RTS_PDU_CONN_C2_SIGNATURE, rts))
{
WLog_ERR(TAG, "unexpected RTS PDU: Expected CONN/C2");
return FALSE;
}
rts_recv_CONN_C2_pdu(rpc, Stream_Buffer(pdu->s), Stream_Length(pdu->s));
rpc_client_receive_pool_return(rpc, pdu);
rpc->VirtualConnection->State = VIRTUAL_CONNECTION_STATE_OPENED;
WLog_DBG(TAG, "VIRTUAL_CONNECTION_STATE_OPENED");
rpc->client->SynchronousSend = TRUE;
rpc->client->SynchronousReceive = TRUE;
return TRUE;
}
static int rpc_channel_tls_connect(RpcChannel* channel, int timeout)
{
int sockfd;
rdpTls* tls;
int tlsStatus;
BIO* socketBio;
BIO* bufferedBio;
rdpRpc* rpc = channel->rpc;
rdpContext* context = rpc->context;
rdpSettings* settings = context->settings;
const char* peerHostname = settings->GatewayHostname;
UINT16 peerPort = settings->GatewayPort;
const char *proxyUsername = settings->ProxyUsername, *proxyPassword = settings->ProxyPassword;
BOOL isProxyConnection = proxy_prepare(settings, &peerHostname, &peerPort, &proxyUsername, &proxyPassword);
sockfd = freerdp_tcp_connect(context, settings, peerHostname,
peerPort, timeout);
if (sockfd < 1)
return -1;
socketBio = BIO_new(BIO_s_simple_socket());
if (!socketBio)
return FALSE;
BIO_set_fd(socketBio, sockfd, BIO_CLOSE);
bufferedBio = BIO_new(BIO_s_buffered_socket());
if (!bufferedBio)
return FALSE;
bufferedBio = BIO_push(bufferedBio, socketBio);
if (!BIO_set_nonblock(bufferedBio, TRUE))
return -1;
if (isProxyConnection)
{
if (!proxy_connect(settings, bufferedBio, proxyUsername, proxyPassword, settings->GatewayHostname, settings->GatewayPort))
return -1;
}
channel->bio = bufferedBio;
tls = channel->tls = tls_new(settings);
if (!tls)
return -1;
tls->hostname = settings->GatewayHostname;
tls->port = settings->GatewayPort;
tls->isGatewayTransport = TRUE;
tlsStatus = tls_connect(tls, bufferedBio);
if (tlsStatus < 1)
{
if (tlsStatus < 0)
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_TLS_CONNECT_FAILED);
}
else
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_CONNECT_CANCELLED);
}
return -1;
}
return 1;
}
BOOL rdp_client_connect(rdpRdp* rdp)
{
BOOL status;
rdpSettings* settings = rdp->settings;
/* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL FIPS flag for openssl initialization */
DWORD flags = WINPR_SSL_INIT_DEFAULT;
if (settings->FIPSMode)
flags |= WINPR_SSL_INIT_ENABLE_FIPS;
winpr_InitializeSSL(flags);
/* FIPS Mode forces the following and overrides the following(by happening later */
/* in the command line processing): */
/* 1. Disables NLA Security since NLA in freerdp uses NTLM(no Kerberos support yet) which uses algorithms */
/* not allowed in FIPS for sensitive data. So, we disallow NLA when FIPS is required. */
/* 2. Forces the only supported RDP encryption method to be FIPS. */
if (settings->FIPSMode || winpr_FIPSMode())
{
settings->NlaSecurity = FALSE;
settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
}
nego_init(rdp->nego);
nego_set_target(rdp->nego, settings->ServerHostname, settings->ServerPort);
if (settings->GatewayEnabled)
{
char* user = NULL;
char* domain = NULL;
char* cookie = NULL;
int user_length = 0;
int domain_length = 0;
int cookie_length = 0;
if (settings->Username)
{
user = settings->Username;
user_length = strlen(settings->Username);
}
if (settings->Domain)
domain = settings->Domain;
else
domain = settings->ComputerName;
domain_length = strlen(domain);
cookie_length = domain_length + 1 + user_length;
cookie = (char*) malloc(cookie_length + 1);
if (!cookie)
return FALSE;
CopyMemory(cookie, domain, domain_length);
CharUpperBuffA(cookie, domain_length);
cookie[domain_length] = '\\';
if (settings->Username)
CopyMemory(&cookie[domain_length + 1], user, user_length);
cookie[cookie_length] = '\0';
status = nego_set_cookie(rdp->nego, cookie);
free(cookie);
}
else
{
status = nego_set_cookie(rdp->nego, settings->Username);
}
if (!status)
return FALSE;
nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
nego_enable_rdp(rdp->nego, settings->RdpSecurity);
nego_enable_tls(rdp->nego, settings->TlsSecurity);
nego_enable_nla(rdp->nego, settings->NlaSecurity);
nego_enable_ext(rdp->nego, settings->ExtSecurity);
if (settings->MstscCookieMode)
settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
if (settings->LoadBalanceInfo)
{
if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo, settings->LoadBalanceInfoLength))
return FALSE;
}
rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO);
if (!nego_connect(rdp->nego))
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(rdp->context, FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
return FALSE;
}
if ((rdp->nego->SelectedProtocol & PROTOCOL_TLS) || (rdp->nego->SelectedProtocol == PROTOCOL_RDP))
{
if ((settings->Username != NULL) && ((settings->Password != NULL) ||
(settings->RedirectionPassword != NULL && settings->RedirectionPasswordLength > 0)))
settings->AutoLogonEnabled = TRUE;
}
/* everything beyond this point is event-driven and non blocking */
rdp->transport->ReceiveCallback = rdp_recv_callback;
rdp->transport->ReceiveExtra = rdp;
transport_set_blocking_mode(rdp->transport, FALSE);
if (rdp->state != CONNECTION_STATE_NLA)
{
if (!mcs_client_begin(rdp->mcs))
return FALSE;
}
while (rdp->state != CONNECTION_STATE_ACTIVE)
{
if (rdp_check_fds(rdp) < 0)
{
if (!freerdp_get_last_error(rdp->context))
freerdp_set_last_error(rdp->context, FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
return FALSE;
}
}
return TRUE;
}
int rpc_send_bind_pdu(rdpRpc* rpc)
{
BYTE* buffer;
UINT32 offset;
UINT32 length;
RpcClientCall* clientCall;
p_cont_elem_t* p_cont_elem;
rpcconn_bind_hdr_t* bind_pdu;
rdpSettings* settings = rpc->settings;
BOOL promptPassword = FALSE;
freerdp* instance = (freerdp*) settings->instance;
DEBUG_RPC("Sending bind PDU");
rpc->ntlm = ntlm_new();
if (!rpc->ntlm)
return -1;
if ((!settings->GatewayPassword) || (!settings->GatewayUsername)
|| (!strlen(settings->GatewayPassword)) || (!strlen(settings->GatewayUsername)))
{
promptPassword = TRUE;
}
if (promptPassword)
{
if (instance->GatewayAuthenticate)
{
BOOL proceed = instance->GatewayAuthenticate(instance,
&settings->GatewayUsername, &settings->GatewayPassword, &settings->GatewayDomain);
if (!proceed)
{
connectErrorCode = CANCELEDBYUSER;
freerdp_set_last_error(instance->context, FREERDP_ERROR_CONNECT_CANCELLED);
return 0;
}
if (settings->GatewayUseSameCredentials)
{
settings->Username = _strdup(settings->GatewayUsername);
settings->Domain = _strdup(settings->GatewayDomain);
settings->Password = _strdup(settings->GatewayPassword);
if (!settings->Username || !settings->Domain || settings->Password)
return -1;
}
}
}
if (!ntlm_client_init(rpc->ntlm, FALSE, settings->GatewayUsername, settings->GatewayDomain, settings->GatewayPassword, NULL) ||
!ntlm_client_make_spn(rpc->ntlm, NULL, settings->GatewayHostname) ||
!ntlm_authenticate(rpc->ntlm)
)
return -1;
bind_pdu = (rpcconn_bind_hdr_t*) calloc(1, sizeof(rpcconn_bind_hdr_t));
if (!bind_pdu)
return -1;
rpc_pdu_header_init(rpc, (rpcconn_hdr_t*) bind_pdu);
bind_pdu->auth_length = (UINT16) rpc->ntlm->outputBuffer[0].cbBuffer;
bind_pdu->auth_verifier.auth_value = rpc->ntlm->outputBuffer[0].pvBuffer;
bind_pdu->ptype = PTYPE_BIND;
bind_pdu->pfc_flags = PFC_FIRST_FRAG | PFC_LAST_FRAG | PFC_SUPPORT_HEADER_SIGN | PFC_CONC_MPX;
bind_pdu->call_id = 2;
bind_pdu->max_xmit_frag = rpc->max_xmit_frag;
bind_pdu->max_recv_frag = rpc->max_recv_frag;
bind_pdu->assoc_group_id = 0;
bind_pdu->p_context_elem.n_context_elem = 2;
bind_pdu->p_context_elem.reserved = 0;
bind_pdu->p_context_elem.reserved2 = 0;
bind_pdu->p_context_elem.p_cont_elem = malloc(sizeof(p_cont_elem_t) * bind_pdu->p_context_elem.n_context_elem);
if (!bind_pdu->p_context_elem.p_cont_elem)
return -1;
p_cont_elem = &bind_pdu->p_context_elem.p_cont_elem[0];
p_cont_elem->p_cont_id = 0;
p_cont_elem->n_transfer_syn = 1;
p_cont_elem->reserved = 0;
CopyMemory(&(p_cont_elem->abstract_syntax.if_uuid), &TSGU_UUID, sizeof(p_uuid_t));
p_cont_elem->abstract_syntax.if_version = TSGU_SYNTAX_IF_VERSION;
p_cont_elem->transfer_syntaxes = malloc(sizeof(p_syntax_id_t));
CopyMemory(&(p_cont_elem->transfer_syntaxes[0].if_uuid), &NDR_UUID, sizeof(p_uuid_t));
p_cont_elem->transfer_syntaxes[0].if_version = NDR_SYNTAX_IF_VERSION;
p_cont_elem = &bind_pdu->p_context_elem.p_cont_elem[1];
p_cont_elem->p_cont_id = 1;
p_cont_elem->n_transfer_syn = 1;
p_cont_elem->reserved = 0;
CopyMemory(&(p_cont_elem->abstract_syntax.if_uuid), &TSGU_UUID, sizeof(p_uuid_t));
p_cont_elem->abstract_syntax.if_version = TSGU_SYNTAX_IF_VERSION;
p_cont_elem->transfer_syntaxes = malloc(sizeof(p_syntax_id_t));
CopyMemory(&(p_cont_elem->transfer_syntaxes[0].if_uuid), &BTFN_UUID, sizeof(p_uuid_t));
p_cont_elem->transfer_syntaxes[0].if_version = BTFN_SYNTAX_IF_VERSION;
offset = 116;
bind_pdu->auth_verifier.auth_pad_length = rpc_offset_align(&offset, 4);
bind_pdu->auth_verifier.auth_type = RPC_C_AUTHN_WINNT;
bind_pdu->auth_verifier.auth_level = RPC_C_AUTHN_LEVEL_PKT_INTEGRITY;
bind_pdu->auth_verifier.auth_reserved = 0x00;
bind_pdu->auth_verifier.auth_context_id = 0x00000000;
offset += (8 + bind_pdu->auth_length);
bind_pdu->frag_length = offset;
buffer = (BYTE*) malloc(bind_pdu->frag_length);
if (!buffer)
return -1;
CopyMemory(buffer, bind_pdu, 24);
CopyMemory(&buffer[24], &bind_pdu->p_context_elem, 4);
CopyMemory(&buffer[28], &bind_pdu->p_context_elem.p_cont_elem[0], 24);
CopyMemory(&buffer[52], bind_pdu->p_context_elem.p_cont_elem[0].transfer_syntaxes, 20);
CopyMemory(&buffer[72], &bind_pdu->p_context_elem.p_cont_elem[1], 24);
CopyMemory(&buffer[96], bind_pdu->p_context_elem.p_cont_elem[1].transfer_syntaxes, 20);
offset = 116;
rpc_offset_pad(&offset, bind_pdu->auth_verifier.auth_pad_length);
CopyMemory(&buffer[offset], &bind_pdu->auth_verifier.auth_type, 8);
CopyMemory(&buffer[offset + 8], bind_pdu->auth_verifier.auth_value, bind_pdu->auth_length);
offset += (8 + bind_pdu->auth_length);
length = bind_pdu->frag_length;
clientCall = rpc_client_call_new(bind_pdu->call_id, 0);
if (!clientCall)
return -1;
if (ArrayList_Add(rpc->client->ClientCallList, clientCall) < 0)
return -1;
if (rpc_send_enqueue_pdu(rpc, buffer, length) != 0)
length = -1;
free(bind_pdu->p_context_elem.p_cont_elem[0].transfer_syntaxes);
free(bind_pdu->p_context_elem.p_cont_elem[1].transfer_syntaxes);
free(bind_pdu->p_context_elem.p_cont_elem);
free(bind_pdu);
return length;
}
int freerdp_tcp_connect(rdpContext* context, rdpSettings* settings,
const char* hostname, int port, int timeout)
{
int status;
int sockfd;
UINT32 optval;
socklen_t optlen;
BOOL ipcSocket = FALSE;
BOOL useExternalDefinedSocket = FALSE;
if (!hostname)
return -1;
if (hostname[0] == '/')
ipcSocket = TRUE;
if (hostname[0] == '|')
useExternalDefinedSocket = TRUE;
if (ipcSocket)
{
sockfd = freerdp_uds_connect(hostname);
if (sockfd < 0)
return -1;
}
else if (useExternalDefinedSocket)
sockfd = port;
else
{
sockfd = -1;
if (!settings->GatewayEnabled)
{
if (!freerdp_tcp_resolve_hostname(context, hostname) || settings->RemoteAssistanceMode)
{
if (settings->TargetNetAddressCount > 0)
{
sockfd = freerdp_tcp_connect_multi(
context,
settings->TargetNetAddresses,
settings->TargetNetPorts,
settings->TargetNetAddressCount,
port, timeout);
}
}
}
if (sockfd <= 0)
{
char port_str[16];
struct addrinfo hints;
struct addrinfo* addr;
struct addrinfo* result;
ZeroMemory(&hints, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
sprintf_s(port_str, sizeof(port_str) - 1, "%d", port);
status = getaddrinfo(hostname, port_str, &hints, &result);
if (status)
{
if (!freerdp_get_last_error(context))
freerdp_set_last_error(context, FREERDP_ERROR_DNS_NAME_NOT_FOUND);
WLog_ERR(TAG, "getaddrinfo: %s", gai_strerror(status));
return -1;
}
addr = result;
if ((addr->ai_family == AF_INET6) && (addr->ai_next != 0) && !settings->PreferIPv6OverIPv4)
{
while ((addr = addr->ai_next))
{
if (addr->ai_family == AF_INET)
break;
}
if (!addr)
addr = result;
}
sockfd = socket(addr->ai_family, addr->ai_socktype, addr->ai_protocol);
if (sockfd < 0)
{
freeaddrinfo(result);
return -1;
}
if (!freerdp_tcp_connect_timeout(context, sockfd, addr->ai_addr,
addr->ai_addrlen, timeout))
{
freeaddrinfo(result);
close(sockfd);
WLog_ERR(TAG, "failed to connect to %s", hostname);
return -1;
}
freeaddrinfo(result);
}
}
free(settings->ClientAddress);
settings->ClientAddress = freerdp_tcp_get_ip_address(sockfd, &settings->IPv6Enabled);
if (!settings->ClientAddress)
{
if (!useExternalDefinedSocket)
close(sockfd);
WLog_ERR(TAG, "Couldn't get socket ip address");
return -1;
}
optval = 1;
optlen = sizeof(optval);
if (!ipcSocket && !useExternalDefinedSocket)
{
if (setsockopt(sockfd, IPPROTO_TCP, TCP_NODELAY, (void*) &optval, optlen) < 0)
WLog_ERR(TAG, "unable to set TCP_NODELAY");
}
/* receive buffer must be a least 32 K */
if (getsockopt(sockfd, SOL_SOCKET, SO_RCVBUF, (void*) &optval, &optlen) == 0)
{
if (optval < (1024 * 32))
{
optval = 1024 * 32;
optlen = sizeof(optval);
if (setsockopt(sockfd, SOL_SOCKET, SO_RCVBUF, (void*) &optval, optlen) < 0)
{
close(sockfd);
WLog_ERR(TAG, "unable to set receive buffer len");
return -1;
}
}
}
if (!ipcSocket && !useExternalDefinedSocket)
{
if (!freerdp_tcp_set_keep_alive_mode(sockfd))
{
close(sockfd);
WLog_ERR(TAG, "Couldn't set keep alive mode.");
return -1;
}
}
if (WaitForSingleObject(context->abortEvent, 0) == WAIT_OBJECT_0)
{
close(sockfd);
return -1;
}
return sockfd;
}
