3.1.1 Abstract Data Model
Target server names: An array of alias names for a target server. A target server alias name is a string of Unicode characters. The server name applies to the machine to which the RDG server connects.<23>
For RPC over HTTP transport, this is initialized by the RDG server when the RDG client calls TsProxyCreateChannel. This data is passed by the RDG client in the structure TSENDPOINTINFO.
For HTTP transport, this is initialized when the RDG server receives an HTTP_CHANNEL_PACKET (section 2.2.10.2) from the RDG client.
For UDP transport, this is initialized when the RDG server receives a CONNECT_PKT from the RDG client.
An array of resourceName and alternateResourceNames of TSENDPOINTINFO structure makes target server alias names. The RDG server attempts to connect to the target server by each target server alias name until it succeeds or until the array is traversed completely.
Tunnel id: An unsigned long representing the tunnel (2) identifier for tracking purposes on the RDG server. The Tunnel id, which is then generated on the server, is stored by the RDG server and RDG client, and can later be used for subsequent tunnel-related operations.<24>
For RPC over HTTP transport, this is generated after a client call to TsProxyCreateTunnel. The Tunnel id is created by the TsProxyCreateTunnel method and points to a BLOB that stores the ADM elements Tunnel Context handle, Channel id, Nonce, and Number of Connections.
For HTTP transport, this is generated after the RDG server receives HTTP_TUNNEL_REQUEST.
For UDP transport, this is generated after the RDG server receives CONNECT_PKT and the tunnel id is not communicated to RDG client.
Channel id: An unsigned long representing the channel identifier for tracking purposes on the RDG server. The Channel id, which is then generated on the server, is stored by the RDG server and RDG client and can later be used for subsequent channel-related calls.<25>
For RPC over HTTP, this is generated after a client call to TsProxyCreateChannel. The Channel id points to a BLOB that is created by the TsProxyCreateChannel method and that stores the target server name and Channel Context handle ADM element.
For HTTP transport, this is generated after the RDG server receives HTTP_CHANNEL_PACKET.
For UDP transport, this is generated after RDG receives CONNECT_PKT and the Channel id is not communicated to RDG client.
TimeoutAction: A Boolean value that specifies how the RDG server processes the session timeout. If the value is FALSE, the RDG server terminates the connection. If the value is TRUE, the RDG server initiates the process for the client to reauthenticate. The default value is FALSE.
Nonce: A unique GUID created by the RDG server to identify the current connection. This is used to prevent statement of health (SoH) replay attacks.
Number of Connections: An unsigned long representing the number of active connections the RDG server is processing.
For RPC transport, this is incremented on every successful call to TsProxyCreateTunnel and decremented on a TsProxyCloseTunnel call.
For HTTP transport, this is incremented just before sending HTTP_TUNNEL_RESPONSE to the RDG client.
For UDP transport, this is incremented just before sending CONNECT_PKT_RESP to the RDG client.
Reauthentication Connection: A Boolean value representing whether the current connection is a normal connection or a reauthentication connection.
Reauthentication Tunnel Context: A ULONGLONG value representing a unique connection identifier. For normal connections, this value represents the unique connection identifier of the same connection. For a reauthentication connection, this value represents the unique connection identifier of a connection that has initiated the reauthentication request.
Reauthentication Status: An enumeration value representing the reauthentication status of the connection that has initiated the reauthentication.
-
Note Only normal connections can initiate reauthentication. Reauthentication connections cannot initiate reauthentication.
-
Possible values are defined in the table below.
-
Enumeration Value
Description
None
No progress made on the reauthentication.
AuthenticationCompleted
User authentication is done.
UserAuthorizationCompleted
User authorization is done, and if the RDG server is configured for quarantine, the RDG client is quarantine compliant.
UserAuthorizationCompletedButQurantineFailed
User authorization is done, and the RDG server is configured for quarantine but the RDG client is not quarantine compliant.
ResourceAuthorizationCompleted
Resource authorization is done. If Reauthentication Status reaches this state, it means that reauthentication is completed.
-
This ADM element is valid only for normal connection, that is, when Reauthentication Connection is FALSE.
Negotiated Capabilities: A ULONG bitmask value representing the negotiated capabilities between the RDG client and the RDG server. It contains zero or more of the following NAP Capability values.
-
For RPC transport, the values are:
-
NAP Capability Value
-
For HTTP transport its values are:
-
NAP Capability Value
TSG_NAP_CAPABILITY_QUAR_SOH
TSG_NAP_CAPABILITY_IDLE_TIMEOUT
TSG_MESSAGING_CAP_CONSENT_SIGN
TSG_MESSAGING_CAP_SERVICE_MSG
TSG_MESSAGING_CAP_REAUTH
dWResponse: A 32-bit integer for the RDG user and client trust having the following values:
-
Value
Meaning
AA_UNTRUSTED
0x00000000
Both the user and the client are untrusted.
AA_TRUSTEDUSER_UNTRUSTEDCLIENT
0x00000001
The user is trusted. The client is untrusted.
AA_TRUSTEDUSER_TRUSTEDCLIENT
0x00000002
Both the user and the client are trusted.