4.1.3 Reauthentication

  • Reauthentication is possible only if both the client and the server have the capability to handle the same. This capability is found out during the capability exchange during tunnel creation. This capability is based on capability to support Service Messages. As noted in section 4.1.1, a message request is queued up on the server using the TsProxyMakeTunnelCall method. The following sequence of calls takes place when the server expects the client to reauthenticate.

  • The server completes the pending call. In the message type, it specifies that reauthentication is required. It also passes in the specific tunnel context so that when the client actually reauthenticates, the server can find out which client is doing the same.

  • The client follows the steps 1, 2, 3, 4, 6, and 7 as specified in section 4.1.1. Only the initial packet is different, because it contains the tunnel context information that was passed back by the server.

The RDG server completes the pending TsProxyMakeTunnel calls as follows:

 HRESULT = S_OK
 TsProxyMakeTunnelCall( 
    [in] PTUNNEL_CONTEXT_HANDLE_NOSERIALIZE tunnelContext = unchanged;
    [in] unsigned long procId = unchanged,
    [in, ref] PTSG_PACKET TSGPacket = unchanged,
    [out, ref] PTSG_PACKET* TSGPacketResponse = { filled in as below }
 );
  

Where the TSG_PACKET_RESPONSE is set as follows:

 typedef struct _TSG_PACKET
 {
    unsigned long packetId = TSG_PACKET_TYPE_MESSAGE_PACKET;
    TSG_PACKET_TYPE_UNION TSGPacket 
       {=PTSG_PACKET_MSG_RESPONSE packetMsgResponse};
 } TSG_PACKET;
  

Where the packetMsgResponse is set as follows:

 typedef struct _TSG_PACKET_MSG_RESPONSE
     {
         unsigned long msgID = 1;
         unsigned long msgType = TSG_ASYNC_MESSAGE_REAUTH = 3;
         long isMsgPresent = 1;
         [switch_is(msgType)] TSG_PACKET_TYPE_MESSAGE_UNION messagePacket;
     } TSG_PACKET_MSG_RESPONSE;
  

Where the messagePacket is set as follows:

 typedef [switch_type(unsigned long)] union
     {
         [case (TSG_ASYNC_MESSAGE_CONSENT_MESSAGE)] 
 PTSG_PACKET_STRING_MESSAGE consentMessage;
         [case (TSG_ASYNC_MESSAGE_SERVICE_MESSAGE)] 
 PTSG_PACKET_STRING_MESSAGE serviceMessage;
         [case (TSG_ASYNC_MESSAGE_REAUTH)] 
 PTSG_PACKET_REAUTH_MESSAGE reauthMessage;
     } TSG_PACKET_TYPE_MESSAGE_UNION;
  

Where the reauthPacket is set as follows:

 typedef struct _TSG_PACKET_REAUTH_MESSAGE
     {
         __int64 tunnelContext = 0x00123456;
     } TSG_PACKET_REAUTH_MESSAGE, *PTSG_PACKET_REAUTH_MESSAGE;
  

The client responds with the following call:

 HRESULT = {to be filled in by server}
 TsProxyCreateTunnel(
     [in, ref] PTSG_PACKET TSGPacket;
     [out, ref] PTSG_PACKET* TSGPacketResponse = 
       {to be filled in by server};
     [out] PTUNNEL_CONTEXT_HANDLE_SERIALIZE* tunnelContext = 
       {to be filled in by server, 
        and saved as m_tunnelcontext by client};
     [out] unsigned long* tunnelid = 
       {to be filled in by server and saved as m_tunnelid by client};
     );
  

Where TSG_PACKET is set as follows:

 typedef struct _TSG_PACKET
 {
    unsigned long packetId = TSG_PACKET_TYPE_REAUTH;
    TSG_PACKET_TYPE_UNION TSGPacket {= packetReauth};
 } TSG_PACKET;
  

Where packetReauth is set as follows:

 typedef struct _TSG_PACKET_REAUTH
     {
         __int64 tunnelContext = 0x00123456;
         unsigned long packetId = 0x5250;
         [switch_is(packetId)] TSG_INITIAL_PACKET_TYPE_UNION TSGInitialPacket;
     } TSG_PACKET_REAUTH, *PTSG_PACKET_REAUTH;
  

Where TSGInitialPacket is set as follows:

 typedef [switch_type(unsigned long)] union
     {
         [case (TSG_PACKET_TYPE_VERSIONCAPS)] 
             PTSG_PACKET_VERSIONCAPS packetVersionCaps;
         [case (TSG_PACKET_TYPE_AUTH)] 
             PTSG_PACKET_AUTH packetAuth;
     } TSG_INITIAL_PACKET_TYPE_UNION;
  

Where TSG_PACKET_VERSIONCAPS is set as follows:

  • packetVersionCaps has been specified as defined in section 4.1.1.

  • packetAuth has been specified as defined in section 4.1.2.