Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
R
Rdpgw
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
mirror
Rdpgw
Commits
1cc66789
Commit
1cc66789
authored
Aug 8, 2022
by
Bolke de Bruin
Browse files
Options
Downloads
Patches
Plain Diff
Fix errors and use correct error codes
parent
dfb82889
Branches
Branches containing commit
Tags
Tags containing commit
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
cmd/rdpgw/protocol/errors.go
+31
-0
31 additions, 0 deletions
cmd/rdpgw/protocol/errors.go
cmd/rdpgw/protocol/server.go
+20
-20
20 additions, 20 deletions
cmd/rdpgw/protocol/server.go
with
51 additions
and
20 deletions
cmd/rdpgw/protocol/errors.go
+
31
−
0
View file @
1cc66789
package
protocol
/*
const (
ERROR_NO = 0x0000000
ERROR_CLIENT_DISCONNECT = 0x0000001
...
...
@@ -122,3 +123,33 @@ const (
ERROR_AZURE_TRIAL = 0x300004F
ERROR_AZURE_EXPIRED = 0x3000050
)
*/
/* Common Error Code */
const
(
ERROR_SUCCESS
=
0x00000000
ERROR_ACCESS_DENIED
=
0x00000005
E_PROXY_INTERNALERROR
=
0x800759D8
E_PROXY_RAP_ACCESSDENIED
=
0x800759DA
E_PROXY_NAP_ACCESSDENIED
=
0x800759DB
E_PROXY_ALREADYDISCONNECTED
=
0x800759DF
E_PROXY_QUARANTINE_ACCESSDENIED
=
0x800759ED
E_PROXY_NOCERTAVAILABLE
=
0x800759EE
E_PROXY_COOKIE_BADPACKET
=
0x800759F7
E_PROXY_COOKIE_AUTHENTICATION_ACCESS_DENIED
=
0x800759F8
E_PROXY_UNSUPPORTED_AUTHENTICATION_METHOD
=
0x800759F9
E_PROXY_CAPABILITYMISMATCH
=
0x800759E9
E_PROXY_TS_CONNECTFAILED
=
0x000059DD
E_PROXY_MAXCONNECTIONSREACHED
=
0x000059E6
// E_PROXY_INTERNALERROR = 0x000059D8
ERROR_GRACEFUL_DISCONNECT
=
0x000004CA
E_PROXY_NOTSUPPORTED
=
0x000059E8
SEC_E_LOGON_DENIED
=
0x8009030C
E_PROXY_SESSIONTIMEOUT
=
0x000059F6
E_PROXY_REAUTH_AUTHN_FAILED
=
0x000059FA
E_PROXY_REAUTH_CAP_FAILED
=
0x000059FB
E_PROXY_REAUTH_RAP_FAILED
=
0x000059FC
E_PROXY_SDR_NOT_SUPPORTED_BY_TS
=
0x000059FD
E_PROXY_REAUTH_NAP_FAILED
=
0x00005A00
E_PROXY_CONNECTIONABORTED
=
0x000004D4
)
This diff is collapsed.
Click to expand it.
cmd/rdpgw/protocol/server.go
+
20
−
20
View file @
1cc66789
...
...
@@ -74,12 +74,12 @@ func (s *Server) Process(ctx context.Context) error {
log
.
Printf
(
"Client handshakeRequest from %s"
,
common
.
GetClientIp
(
ctx
))
if
s
.
State
!=
SERVER_STATE_INITIALIZED
{
log
.
Printf
(
"Handshake attempted while in wrong state %d != %d"
,
s
.
State
,
SERVER_STATE_INITIALIZED
)
msg
:=
s
.
handshakeResponse
(
0x0
,
0x0
,
E
RROR_GENERIC
)
msg
:=
s
.
handshakeResponse
(
0x0
,
0x0
,
E
_PROXY_INTERNALERROR
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
return
fmt
.
Errorf
(
"%x: wrong state"
,
E
RROR_GENERIC
)
return
fmt
.
Errorf
(
"%x: wrong state"
,
E
_PROXY_INTERNALERROR
)
}
major
,
minor
,
_
,
_
:=
s
.
handshakeRequest
(
pkt
)
// todo check if auth matches what the handler can do
msg
:=
s
.
handshakeResponse
(
major
,
minor
,
ERROR_
NO
)
msg
:=
s
.
handshakeResponse
(
major
,
minor
,
ERROR_
SUCCESS
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
s
.
State
=
SERVER_STATE_HANDSHAKE
case
PKT_TYPE_TUNNEL_CREATE
:
...
...
@@ -87,20 +87,20 @@ func (s *Server) Process(ctx context.Context) error {
if
s
.
State
!=
SERVER_STATE_HANDSHAKE
{
log
.
Printf
(
"Tunnel create attempted while in wrong state %d != %d"
,
s
.
State
,
SERVER_STATE_HANDSHAKE
)
msg
:=
s
.
tunnelResponse
(
E
RROR_SECURITY_GATEWAY_COOKIE_REJECTED
)
msg
:=
s
.
tunnelResponse
(
E
_PROXY_INTERNALERROR
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
return
fmt
.
Errorf
(
"%x: PAA cookie rejected, wrong state"
,
E
RROR_SECURITY_GATEWAY_COOKIE_REJECTED
)
return
fmt
.
Errorf
(
"%x: PAA cookie rejected, wrong state"
,
E
_PROXY_INTERNALERROR
)
}
_
,
cookie
:=
s
.
tunnelRequest
(
pkt
)
if
s
.
VerifyTunnelCreate
!=
nil
{
if
ok
,
_
:=
s
.
VerifyTunnelCreate
(
ctx
,
cookie
);
!
ok
{
log
.
Printf
(
"Invalid PAA cookie received from client %s"
,
common
.
GetClientIp
(
ctx
))
msg
:=
s
.
tunnelResponse
(
E
RROR_SECURITY_GATEWAY_COOKIE_INVALI
D
)
msg
:=
s
.
tunnelResponse
(
E
_PROXY_COOKIE_AUTHENTICATION_ACCESS_DENIE
D
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
return
fmt
.
Errorf
(
"%x: invalid PAA cookie"
,
E
RROR_SECURITY_GATEWAY_COOKIE_INVALI
D
)
return
fmt
.
Errorf
(
"%x: invalid PAA cookie"
,
E
_PROXY_COOKIE_AUTHENTICATION_ACCESS_DENIE
D
)
}
}
msg
:=
s
.
tunnelResponse
(
ERROR_
NO
)
msg
:=
s
.
tunnelResponse
(
ERROR_
SUCCESS
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
s
.
State
=
SERVER_STATE_TUNNEL_CREATE
case
PKT_TYPE_TUNNEL_AUTH
:
...
...
@@ -108,20 +108,20 @@ func (s *Server) Process(ctx context.Context) error {
if
s
.
State
!=
SERVER_STATE_TUNNEL_CREATE
{
log
.
Printf
(
"Tunnel auth attempted while in wrong state %d != %d"
,
s
.
State
,
SERVER_STATE_TUNNEL_CREATE
)
msg
:=
s
.
tunnelAuthResponse
(
E
RROR_GENERIC
)
msg
:=
s
.
tunnelAuthResponse
(
E
_PROXY_INTERNALERROR
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
return
fmt
.
Errorf
(
"%x: Tunnel auth rejected, wrong state"
,
E
RROR_GENERIC
)
return
fmt
.
Errorf
(
"%x: Tunnel auth rejected, wrong state"
,
E
_PROXY_INTERNALERROR
)
}
client
:=
s
.
tunnelAuthRequest
(
pkt
)
if
s
.
VerifyTunnelAuthFunc
!=
nil
{
if
ok
,
_
:=
s
.
VerifyTunnelAuthFunc
(
ctx
,
client
);
!
ok
{
log
.
Printf
(
"Invalid client name: %s"
,
client
)
msg
:=
s
.
tunnelAuthResponse
(
ERROR_
SECURITY
)
msg
:=
s
.
tunnelAuthResponse
(
ERROR_
ACCESS_DENIED
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
return
fmt
.
Errorf
(
"%x: Tunnel auth rejected, invalid client name"
,
ERROR_
SECURITY
)
return
fmt
.
Errorf
(
"%x: Tunnel auth rejected, invalid client name"
,
ERROR_
ACCESS_DENIED
)
}
}
msg
:=
s
.
tunnelAuthResponse
(
ERROR_
NO
)
msg
:=
s
.
tunnelAuthResponse
(
ERROR_
SUCCESS
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
s
.
State
=
SERVER_STATE_TUNNEL_AUTHORIZE
case
PKT_TYPE_CHANNEL_CREATE
:
...
...
@@ -129,30 +129,30 @@ func (s *Server) Process(ctx context.Context) error {
if
s
.
State
!=
SERVER_STATE_TUNNEL_AUTHORIZE
{
log
.
Printf
(
"Channel create attempted while in wrong state %d != %d"
,
s
.
State
,
SERVER_STATE_TUNNEL_AUTHORIZE
)
msg
:=
s
.
channelResponse
(
E
RROR_GENERIC
)
msg
:=
s
.
channelResponse
(
E
_PROXY_INTERNALERROR
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
return
fmt
.
Errorf
(
"%x: Channel create rejected, wrong state"
,
E
RROR_GENERIC
)
return
fmt
.
Errorf
(
"%x: Channel create rejected, wrong state"
,
E
_PROXY_INTERNALERROR
)
}
server
,
port
:=
s
.
channelRequest
(
pkt
)
host
:=
net
.
JoinHostPort
(
server
,
strconv
.
Itoa
(
int
(
port
)))
if
s
.
VerifyServerFunc
!=
nil
{
if
ok
,
_
:=
s
.
VerifyServerFunc
(
ctx
,
host
);
!
ok
{
log
.
Printf
(
"Not allowed to connect to %s by policy handler"
,
host
)
msg
:=
s
.
channelResponse
(
E
RROR_SECURITY_GATEWAY_POLICY
)
msg
:=
s
.
channelResponse
(
E
_PROXY_RAP_ACCESSDENIED
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
return
fmt
.
Errorf
(
"%x: denied by security policy"
,
E
RROR_SECURITY_GATEWAY_POLICY
)
return
fmt
.
Errorf
(
"%x: denied by security policy"
,
E
_PROXY_RAP_ACCESSDENIED
)
}
}
log
.
Printf
(
"Establishing connection to RDP server: %s"
,
host
)
s
.
Remote
,
err
=
net
.
DialTimeout
(
"tcp"
,
host
,
time
.
Second
*
15
)
if
err
!=
nil
{
log
.
Printf
(
"Error connecting to %s, %s"
,
host
,
err
)
msg
:=
s
.
channelResponse
(
E
RROR_GENERIC
)
msg
:=
s
.
channelResponse
(
E
_PROXY_INTERNALERROR
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
return
err
}
log
.
Printf
(
"Connection established"
)
msg
:=
s
.
channelResponse
(
ERROR
_NO
)
msg
:=
s
.
channelResponse
(
E
_PROXY_INTERNALE
RROR
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
// Make sure to start the flow from the RDP server first otherwise connections
...
...
@@ -181,7 +181,7 @@ func (s *Server) Process(ctx context.Context) error {
log
.
Printf
(
"Channel closed while in wrong state %d != %d"
,
s
.
State
,
SERVER_STATE_OPENED
)
return
errors
.
New
(
"wrong state"
)
}
msg
:=
s
.
channelCloseResponse
(
ERROR_
NO
)
msg
:=
s
.
channelCloseResponse
(
ERROR_
SUCCESS
)
s
.
Session
.
TransportOut
.
WritePacket
(
msg
)
//s.Session.TransportIn.Close()
//s.Session.TransportOut.Close()
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment