mirror of
https://github.com/reactos/reactos.git
synced 2024-10-30 19:41:57 +00:00
375 lines
8 KiB
C
375 lines
8 KiB
C
/* -*- c-basic-offset: 8 -*-
|
|
rdesktop: A Remote Desktop Protocol client.
|
|
Protocol services - ISO layer
|
|
Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
|
|
Copyright 2005-2011 Peter Astrand <astrand@cendio.se> for Cendio AB
|
|
Copyright 2012 Henrik Andersson <hean01@cendio.se> for Cendio AB
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include "precomp.h"
|
|
|
|
extern RD_BOOL g_encryption;
|
|
extern RD_BOOL g_encryption_initial;
|
|
extern RDP_VERSION g_rdp_version;
|
|
extern RD_BOOL g_use_password_as_pin;
|
|
|
|
static RD_BOOL g_negotiate_rdp_protocol = True;
|
|
|
|
extern char *g_sc_csp_name;
|
|
extern char *g_sc_reader_name;
|
|
extern char *g_sc_card_name;
|
|
extern char *g_sc_container_name;
|
|
|
|
|
|
/* Send a self-contained ISO PDU */
|
|
static void
|
|
iso_send_msg(uint8 code)
|
|
{
|
|
STREAM s;
|
|
|
|
s = tcp_init(11);
|
|
|
|
out_uint8(s, 3); /* version */
|
|
out_uint8(s, 0); /* reserved */
|
|
out_uint16_be(s, 11); /* length */
|
|
|
|
out_uint8(s, 6); /* hdrlen */
|
|
out_uint8(s, code);
|
|
out_uint16(s, 0); /* dst_ref */
|
|
out_uint16(s, 0); /* src_ref */
|
|
out_uint8(s, 0); /* class */
|
|
|
|
s_mark_end(s);
|
|
tcp_send(s);
|
|
}
|
|
|
|
static void
|
|
iso_send_connection_request(char *username, uint32 neg_proto)
|
|
{
|
|
STREAM s;
|
|
int length = 30 + strlen(username);
|
|
|
|
if (g_rdp_version >= RDP_V5 && g_negotiate_rdp_protocol)
|
|
length += 8;
|
|
|
|
s = tcp_init(length);
|
|
|
|
out_uint8(s, 3); /* version */
|
|
out_uint8(s, 0); /* reserved */
|
|
out_uint16_be(s, length); /* length */
|
|
|
|
out_uint8(s, length - 5); /* hdrlen */
|
|
out_uint8(s, ISO_PDU_CR);
|
|
out_uint16(s, 0); /* dst_ref */
|
|
out_uint16(s, 0); /* src_ref */
|
|
out_uint8(s, 0); /* class */
|
|
|
|
out_uint8p(s, "Cookie: mstshash=", strlen("Cookie: mstshash="));
|
|
out_uint8p(s, username, strlen(username));
|
|
|
|
out_uint8(s, 0x0d); /* cookie termination string: CR+LF */
|
|
out_uint8(s, 0x0a);
|
|
|
|
if (g_rdp_version >= RDP_V5 && g_negotiate_rdp_protocol)
|
|
{
|
|
/* optional rdp protocol negotiation request for RDPv5 */
|
|
out_uint8(s, RDP_NEG_REQ);
|
|
out_uint8(s, 0);
|
|
out_uint16(s, 8);
|
|
out_uint32(s, neg_proto);
|
|
}
|
|
|
|
s_mark_end(s);
|
|
tcp_send(s);
|
|
}
|
|
|
|
/* Receive a message on the ISO layer, return code */
|
|
static STREAM
|
|
iso_recv_msg(uint8 * code, uint8 * rdpver)
|
|
{
|
|
STREAM s;
|
|
uint16 length;
|
|
uint8 version;
|
|
|
|
s = tcp_recv(NULL, 4);
|
|
if (s == NULL)
|
|
return NULL;
|
|
in_uint8(s, version);
|
|
if (rdpver != NULL)
|
|
*rdpver = version;
|
|
if (version == 3)
|
|
{
|
|
in_uint8s(s, 1); /* pad */
|
|
in_uint16_be(s, length);
|
|
}
|
|
else
|
|
{
|
|
in_uint8(s, length);
|
|
if (length & 0x80)
|
|
{
|
|
length &= ~0x80;
|
|
next_be(s, length);
|
|
}
|
|
}
|
|
if (length < 4)
|
|
{
|
|
error("Bad packet header\n");
|
|
return NULL;
|
|
}
|
|
s = tcp_recv(s, length - 4);
|
|
if (s == NULL)
|
|
return NULL;
|
|
if (version != 3)
|
|
return s;
|
|
in_uint8s(s, 1); /* hdrlen */
|
|
in_uint8(s, *code);
|
|
if (*code == ISO_PDU_DT)
|
|
{
|
|
in_uint8s(s, 1); /* eot */
|
|
return s;
|
|
}
|
|
in_uint8s(s, 5); /* dst_ref, src_ref, class */
|
|
return s;
|
|
}
|
|
|
|
/* Initialise ISO transport data packet */
|
|
STREAM
|
|
iso_init(int length)
|
|
{
|
|
STREAM s;
|
|
|
|
s = tcp_init(length + 7);
|
|
s_push_layer(s, iso_hdr, 7);
|
|
|
|
return s;
|
|
}
|
|
|
|
/* Send an ISO data PDU */
|
|
void
|
|
iso_send(STREAM s)
|
|
{
|
|
uint16 length;
|
|
|
|
s_pop_layer(s, iso_hdr);
|
|
length = s->end - s->p;
|
|
|
|
out_uint8(s, 3); /* version */
|
|
out_uint8(s, 0); /* reserved */
|
|
out_uint16_be(s, length);
|
|
|
|
out_uint8(s, 2); /* hdrlen */
|
|
out_uint8(s, ISO_PDU_DT); /* code */
|
|
out_uint8(s, 0x80); /* eot */
|
|
|
|
tcp_send(s);
|
|
}
|
|
|
|
/* Receive ISO transport data packet */
|
|
STREAM
|
|
iso_recv(uint8 * rdpver)
|
|
{
|
|
STREAM s;
|
|
uint8 code = 0;
|
|
|
|
s = iso_recv_msg(&code, rdpver);
|
|
if (s == NULL)
|
|
return NULL;
|
|
if (rdpver != NULL)
|
|
if (*rdpver != 3)
|
|
return s;
|
|
if (code != ISO_PDU_DT)
|
|
{
|
|
error("expected DT, got 0x%x\n", code);
|
|
return NULL;
|
|
}
|
|
return s;
|
|
}
|
|
|
|
/* Establish a connection up to the ISO layer */
|
|
RD_BOOL
|
|
iso_connect(char *server, char *username, char *domain, char *password,
|
|
RD_BOOL reconnect, uint32 * selected_protocol)
|
|
{
|
|
STREAM s;
|
|
uint8 code;
|
|
uint32 neg_proto;
|
|
|
|
g_negotiate_rdp_protocol = True;
|
|
|
|
neg_proto = PROTOCOL_SSL;
|
|
|
|
#ifdef WITH_CREDSSP
|
|
if (!g_use_password_as_pin)
|
|
neg_proto |= PROTOCOL_HYBRID;
|
|
else if (g_sc_csp_name || g_sc_reader_name || g_sc_card_name || g_sc_container_name)
|
|
neg_proto |= PROTOCOL_HYBRID;
|
|
else
|
|
warning("Disables CredSSP due to missing smartcard information for SSO.\n");
|
|
#endif
|
|
|
|
retry:
|
|
*selected_protocol = PROTOCOL_RDP;
|
|
code = 0;
|
|
|
|
if (!tcp_connect(server))
|
|
return False;
|
|
|
|
iso_send_connection_request(username, neg_proto);
|
|
|
|
s = iso_recv_msg(&code, NULL);
|
|
if (s == NULL)
|
|
return False;
|
|
|
|
if (code != ISO_PDU_CC)
|
|
{
|
|
error("expected CC, got 0x%x\n", code);
|
|
tcp_disconnect();
|
|
return False;
|
|
}
|
|
|
|
if (g_rdp_version >= RDP_V5 && s_check_rem(s, 8))
|
|
{
|
|
/* handle RDP_NEG_REQ response */
|
|
const char *reason = NULL;
|
|
|
|
uint8 type = 0, flags = 0;
|
|
uint16 length = 0;
|
|
uint32 data = 0;
|
|
|
|
in_uint8(s, type);
|
|
in_uint8(s, flags);
|
|
in_uint16(s, length);
|
|
in_uint32(s, data);
|
|
|
|
if (type == RDP_NEG_FAILURE)
|
|
{
|
|
RD_BOOL retry_without_neg = False;
|
|
|
|
switch (data)
|
|
{
|
|
case SSL_WITH_USER_AUTH_REQUIRED_BY_SERVER:
|
|
reason = "SSL with user authentication required by server";
|
|
break;
|
|
case SSL_NOT_ALLOWED_BY_SERVER:
|
|
reason = "SSL not allowed by server";
|
|
retry_without_neg = True;
|
|
break;
|
|
case SSL_CERT_NOT_ON_SERVER:
|
|
reason = "no valid authentication certificate on server";
|
|
retry_without_neg = True;
|
|
break;
|
|
case INCONSISTENT_FLAGS:
|
|
reason = "inconsistent negotiation flags";
|
|
break;
|
|
case SSL_REQUIRED_BY_SERVER:
|
|
reason = "SSL required by server";
|
|
break;
|
|
case HYBRID_REQUIRED_BY_SERVER:
|
|
reason = "CredSSP required by server";
|
|
break;
|
|
default:
|
|
reason = "unknown reason";
|
|
}
|
|
|
|
tcp_disconnect();
|
|
|
|
if (retry_without_neg)
|
|
{
|
|
fprintf(stderr,
|
|
"Failed to negotiate protocol, retrying with plain RDP.\n");
|
|
g_negotiate_rdp_protocol = False;
|
|
goto retry;
|
|
}
|
|
|
|
fprintf(stderr, "Failed to connect, %s.\n", reason);
|
|
return False;
|
|
}
|
|
|
|
if (type != RDP_NEG_RSP)
|
|
{
|
|
tcp_disconnect();
|
|
error("Expected RDP_NEG_RSP, got type = 0x%x\n", type);
|
|
return False;
|
|
}
|
|
|
|
/* handle negotiation response */
|
|
if (data == PROTOCOL_SSL)
|
|
{
|
|
#ifdef WITH_SSL
|
|
if (!tcp_tls_connect())
|
|
{
|
|
/* failed to connect using cssp, let retry with plain TLS */
|
|
tcp_disconnect();
|
|
neg_proto = PROTOCOL_RDP;
|
|
goto retry;
|
|
}
|
|
/* do not use encryption when using TLS */
|
|
g_encryption = False;
|
|
fprintf(stderr, "Connection established using SSL.\n");
|
|
#else /* WITH_SSL */
|
|
fprintf(stderr, "SSL not compiled in.\n");
|
|
#endif /* WITH_SSL */
|
|
}
|
|
#ifdef WITH_CREDSSP
|
|
else if (data == PROTOCOL_HYBRID)
|
|
{
|
|
if (!cssp_connect(server, username, domain, password, s))
|
|
{
|
|
/* failed to connect using cssp, let retry with plain TLS */
|
|
tcp_disconnect();
|
|
neg_proto = PROTOCOL_SSL;
|
|
goto retry;
|
|
}
|
|
|
|
/* do not use encryption when using TLS */
|
|
fprintf(stderr, "Connection established using CredSSP.\n");
|
|
g_encryption = False;
|
|
}
|
|
#endif
|
|
else if (data == PROTOCOL_RDP)
|
|
{
|
|
fprintf(stderr, "Connection established using plain RDP.\n");
|
|
}
|
|
else if (data != PROTOCOL_RDP)
|
|
{
|
|
tcp_disconnect();
|
|
error("Unexpected protocol in negotiation response, got data = 0x%x.\n",
|
|
data);
|
|
return False;
|
|
}
|
|
if (length || flags) {}
|
|
|
|
*selected_protocol = data;
|
|
}
|
|
return True;
|
|
}
|
|
|
|
/* Disconnect from the ISO layer */
|
|
void
|
|
iso_disconnect(void)
|
|
{
|
|
iso_send_msg(ISO_PDU_DR);
|
|
tcp_disconnect();
|
|
}
|
|
|
|
/* reset the state to support reconnecting */
|
|
void
|
|
iso_reset_state(void)
|
|
{
|
|
g_encryption = g_encryption_initial;
|
|
tcp_reset_state();
|
|
}
|