FreeRDP
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Modules Pages
connection.c
1/*
2 * FreeRDP: A Remote Desktop Protocol Implementation
3 * Connection Sequence
4 *
5 * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6 * Copyright 2015 Thincast Technologies GmbH
7 * Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
8 * Copyright 2023 Armin Novak <anovak@thincast.com>
9 * Copyright 2023 Thincast Technologies GmbH
10 *
11 * Licensed under the Apache License, Version 2.0 (the "License");
12 * you may not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 */
23
24#include <freerdp/config.h>
25
26#include "settings.h"
27
28#include "info.h"
29#include "input.h"
30#include "rdp.h"
31#include "peer.h"
32
33#include "connection.h"
34#include "transport.h"
35
36#include <winpr/crt.h>
37#include <winpr/crypto.h>
38#include <winpr/ssl.h>
39
40#include <freerdp/log.h>
41#include <freerdp/error.h>
42#include <freerdp/listener.h>
43
44#include "../cache/pointer.h"
45#include "../crypto/crypto.h"
46#include "../crypto/privatekey.h"
47#include "../crypto/certificate.h"
48#include "gateway/arm.h"
49
50#include "utils.h"
51
52#define TAG FREERDP_TAG("core.connection")
53
197static BOOL rdp_set_state(rdpRdp* rdp, CONNECTION_STATE state);
198
199static BOOL rdp_client_reset_codecs(rdpContext* context)
200{
201 rdpSettings* settings = NULL;
202
203 if (!context || !context->settings)
204 return FALSE;
205
206 settings = context->settings;
207
208 if (!freerdp_settings_get_bool(settings, FreeRDP_DeactivateClientDecoding))
209 {
210 const UINT32 flags = freerdp_settings_get_uint32(settings, FreeRDP_ThreadingFlags);
211 freerdp_client_codecs_free(context->codecs);
212 context->codecs = freerdp_client_codecs_new(flags);
213
214 if (!context->codecs)
215 return FALSE;
216
217 if (!freerdp_client_codecs_prepare(context->codecs,
218 freerdp_settings_get_codecs_flags(settings),
219 settings->DesktopWidth, settings->DesktopHeight))
220 return FALSE;
221
222/* Runtime H264 detection. (only available if dynamic backend loading is defined)
223 * If no backend is available disable it before the channel is loaded.
224 */
225#if defined(WITH_GFX_H264) && defined(WITH_OPENH264_LOADING)
226 if (!context->codecs->h264)
227 {
228 settings->GfxH264 = FALSE;
229 settings->GfxAVC444 = FALSE;
230 settings->GfxAVC444v2 = FALSE;
231 }
232#endif
233 }
234
235 return TRUE;
236}
237
238static BOOL rdp_client_wait_for_activation(rdpRdp* rdp)
239{
240 BOOL timedout = FALSE;
241 WINPR_ASSERT(rdp);
242
243 const rdpSettings* settings = rdp->settings;
244 WINPR_ASSERT(settings);
245
246 UINT64 now = GetTickCount64();
247 UINT64 dueDate = now + freerdp_settings_get_uint32(settings, FreeRDP_TcpAckTimeout);
248
249 for (; (now < dueDate) && !timedout; now = GetTickCount64())
250 {
251 HANDLE events[MAXIMUM_WAIT_OBJECTS] = { 0 };
252 DWORD wstatus = 0;
253 DWORD nevents = freerdp_get_event_handles(rdp->context, events, ARRAYSIZE(events));
254 if (!nevents)
255 {
256 WLog_ERR(TAG, "error retrieving connection events");
257 return FALSE;
258 }
259
260 const UINT64 timeout = (dueDate - now);
261 WINPR_ASSERT(timeout <= UINT32_MAX);
262 wstatus = WaitForMultipleObjectsEx(nevents, events, FALSE, (UINT32)timeout, TRUE);
263 switch (wstatus)
264 {
265 case WAIT_TIMEOUT:
266 /* will make us quit with a timeout */
267 timedout = TRUE;
268 break;
269 case WAIT_ABANDONED:
270 case WAIT_FAILED:
271 return FALSE;
272 case WAIT_IO_COMPLETION:
273 break;
274 case WAIT_OBJECT_0:
275 default:
276 /* handles all WAIT_OBJECT_0 + [0 .. MAXIMUM_WAIT_OBJECTS-1] cases */
277 if (rdp_check_fds(rdp) < 0)
278 {
279 freerdp_set_last_error_if_not(rdp->context,
280 FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
281 return FALSE;
282 }
283 break;
284 }
285
286 if (rdp_is_active_state(rdp))
287 return TRUE;
288 }
289
290 WLog_ERR(TAG, "Timeout waiting for activation");
291 freerdp_set_last_error_if_not(rdp->context, FREERDP_ERROR_CONNECT_ACTIVATION_TIMEOUT);
292 return FALSE;
293}
301BOOL rdp_client_connect(rdpRdp* rdp)
302{
303 UINT32 SelectedProtocol = 0;
304 BOOL status = 0;
305 rdpSettings* settings = NULL;
306 /* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL
307 * FIPS flag for openssl initialization */
308 DWORD flags = WINPR_SSL_INIT_DEFAULT;
309
310 WINPR_ASSERT(rdp);
311
312 settings = rdp->settings;
313 WINPR_ASSERT(settings);
314
315 if (!rdp_client_reset_codecs(rdp->context))
316 return FALSE;
317
318 if (settings->FIPSMode)
319 flags |= WINPR_SSL_INIT_ENABLE_FIPS;
320
321 winpr_InitializeSSL(flags);
322 rdp_log_build_warnings(rdp);
323
324 /* FIPS Mode forces the following and overrides the following(by happening later */
325 /* in the command line processing): */
326 /* 1. Disables NLA Security since NLA in freerdp uses NTLM(no Kerberos support yet) which uses
327 * algorithms */
328 /* not allowed in FIPS for sensitive data. So, we disallow NLA when FIPS is required. */
329 /* 2. Forces the only supported RDP encryption method to be FIPS. */
330 if (settings->FIPSMode || winpr_FIPSMode())
331 {
332 settings->NlaSecurity = FALSE;
333 settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
334 }
335
336 UINT32 TcpConnectTimeout = freerdp_settings_get_uint32(settings, FreeRDP_TcpConnectTimeout);
337 if (settings->GatewayArmTransport)
338 {
339 if (!arm_resolve_endpoint(rdp->log, rdp->context, TcpConnectTimeout))
340 {
341 WLog_ERR(TAG, "error retrieving ARM configuration");
342 return FALSE;
343 }
344 }
345
346 const char* hostname = settings->ServerHostname;
347 if (!hostname)
348 {
349 WLog_ERR(TAG, "Missing hostname, can not connect to NULL target");
350 return FALSE;
351 }
352
353 const UINT32 port = settings->ServerPort;
354 WINPR_ASSERT(port <= UINT32_MAX);
355
356 nego_init(rdp->nego);
357 nego_set_target(rdp->nego, hostname, (UINT16)port);
358
359 if (settings->GatewayEnabled)
360 {
361 char* user = NULL;
362 char* domain = NULL;
363 size_t user_length = 0;
364
365 if (settings->Username)
366 {
367 user = settings->Username;
368 user_length = strlen(settings->Username);
369 }
370
371 if (settings->Domain)
372 domain = settings->Domain;
373 else
374 domain = settings->ComputerName;
375
376 const size_t domain_length = strlen(domain);
377 const size_t cookie_length = domain_length + 1 + user_length;
378 char* cookie = malloc(cookie_length + 1);
379
380 if (!cookie)
381 return FALSE;
382
383 CopyMemory(cookie, domain, domain_length);
384 WINPR_ASSERT(domain_length <= UINT32_MAX);
385 CharUpperBuffA(cookie, (UINT32)domain_length);
386 cookie[domain_length] = '\\';
387
388 if (settings->Username)
389 CopyMemory(&cookie[domain_length + 1], user, user_length);
390
391 cookie[cookie_length] = '\0';
392 status = nego_set_cookie(rdp->nego, cookie);
393 free(cookie);
394 }
395 else
396 {
397 status = nego_set_cookie(rdp->nego, settings->Username);
398 }
399
400 if (!status)
401 return FALSE;
402
403 nego_set_childsession_enabled(rdp->nego, settings->ConnectChildSession);
404 nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
405 nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
406 nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
407 nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
408 nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
409 nego_set_RCG_required(rdp->nego, settings->RemoteCredentialGuard);
410 nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
411 nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
412 nego_enable_rdp(rdp->nego, settings->RdpSecurity);
413 nego_enable_tls(rdp->nego, settings->TlsSecurity);
414 nego_enable_nla(rdp->nego, settings->NlaSecurity);
415 nego_enable_ext(rdp->nego, settings->ExtSecurity);
416 nego_enable_rdstls(rdp->nego, settings->RdstlsSecurity);
417 nego_enable_aad(rdp->nego, settings->AadSecurity);
418
419 if (settings->MstscCookieMode)
420 settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
421
422 nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
423
424 if (settings->LoadBalanceInfo && (settings->LoadBalanceInfoLength > 0))
425 {
426 if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo,
427 settings->LoadBalanceInfoLength))
428 return FALSE;
429 }
430
431 if (!freerdp_settings_get_bool(settings, FreeRDP_TransportDumpReplay))
432 {
433 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO))
434 return FALSE;
435
436 if (!nego_connect(rdp->nego))
437 {
438 if (!freerdp_get_last_error(rdp->context))
439 {
440 freerdp_set_last_error_log(rdp->context,
441 FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
442 WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
443 }
444
445 return FALSE;
446 }
447
448 SelectedProtocol = nego_get_selected_protocol(rdp->nego);
449
450 if ((SelectedProtocol & PROTOCOL_SSL) || (SelectedProtocol == PROTOCOL_RDP) ||
451 (SelectedProtocol == PROTOCOL_RDSTLS))
452 {
453 wStream s = { 0 };
454
455 if ((settings->Username != NULL) &&
456 ((freerdp_settings_get_string(settings, FreeRDP_Password) != NULL) ||
457 (settings->RedirectionPassword != NULL &&
458 settings->RedirectionPasswordLength > 0)))
459 settings->AutoLogonEnabled = TRUE;
460
461 if (rdp_recv_callback(rdp->transport, &s, rdp) < 0)
462 return FALSE;
463 }
464
465 transport_set_blocking_mode(rdp->transport, FALSE);
466 }
467 else
468 {
469 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CREATE_REQUEST))
470 return FALSE;
471 }
472
473 /* everything beyond this point is event-driven and non blocking */
474 if (!transport_set_recv_callbacks(rdp->transport, rdp_recv_callback, rdp))
475 return FALSE;
476
477 return rdp_client_wait_for_activation(rdp);
478}
479
480BOOL rdp_client_disconnect(rdpRdp* rdp)
481{
482 rdpContext* context = NULL;
483
484 if (!rdp || !rdp->settings || !rdp->context)
485 return FALSE;
486
487 context = rdp->context;
488
489 if (rdp->nego)
490 {
491 if (!nego_disconnect(rdp->nego))
492 return FALSE;
493 }
494
495 if (!transport_disconnect(rdp->transport))
496 return FALSE;
497
498 if (!rdp_reset(rdp))
499 return FALSE;
500
501 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_INITIAL))
502 return FALSE;
503
504 if (freerdp_channels_disconnect(context->channels, context->instance) != CHANNEL_RC_OK)
505 return FALSE;
506
507 freerdp_client_codecs_free(context->codecs);
508 context->codecs = NULL;
509 return TRUE;
510}
511
512BOOL rdp_client_disconnect_and_clear(rdpRdp* rdp)
513{
514 rdpContext* context = NULL;
515
516 if (!rdp_client_disconnect(rdp))
517 return FALSE;
518
519 WINPR_ASSERT(rdp);
520
521 context = rdp->context;
522 WINPR_ASSERT(context);
523
524 if (freerdp_get_last_error(context) == FREERDP_ERROR_CONNECT_CANCELLED)
525 return FALSE;
526
527 context->LastError = FREERDP_ERROR_SUCCESS;
528 clearChannelError(context);
529 return utils_reset_abort(rdp);
530}
531
532static BOOL rdp_client_reconnect_channels(rdpRdp* rdp, BOOL redirect)
533{
534 BOOL status = FALSE;
535 rdpContext* context = NULL;
536
537 if (!rdp || !rdp->context || !rdp->context->channels)
538 return FALSE;
539
540 context = rdp->context;
541
542 if (context->instance->ConnectionCallbackState == CLIENT_STATE_INITIAL)
543 return FALSE;
544
545 if (context->instance->ConnectionCallbackState == CLIENT_STATE_PRECONNECT_PASSED)
546 {
547 if (redirect)
548 return TRUE;
549
550 pointer_cache_register_callbacks(context->update);
551
552 if (!IFCALLRESULT(FALSE, context->instance->PostConnect, context->instance))
553 return FALSE;
554
555 context->instance->ConnectionCallbackState = CLIENT_STATE_POSTCONNECT_PASSED;
556 }
557
558 if (context->instance->ConnectionCallbackState == CLIENT_STATE_POSTCONNECT_PASSED)
559 status =
560 (freerdp_channels_post_connect(context->channels, context->instance) == CHANNEL_RC_OK);
561
562 return status;
563}
564
565static BOOL rdp_client_redirect_resolvable(const char* host)
566{
567 struct addrinfo* result = freerdp_tcp_resolve_host(host, -1, 0);
568
569 if (!result)
570 return FALSE;
571
572 freeaddrinfo(result);
573 return TRUE;
574}
575
576static BOOL rdp_client_redirect_try_fqdn(rdpSettings* settings)
577{
578 if (settings->RedirectionFlags & LB_TARGET_FQDN)
579 {
580 if (settings->GatewayEnabled ||
581 rdp_client_redirect_resolvable(settings->RedirectionTargetFQDN))
582 {
583 if (!freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
584 settings->RedirectionTargetFQDN))
585 return FALSE;
586
587 return TRUE;
588 }
589 }
590
591 return FALSE;
592}
593
594static BOOL rdp_client_redirect_try_ip(rdpSettings* settings)
595{
596 if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESS)
597 {
598 if (!freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
599 settings->TargetNetAddress))
600 return FALSE;
601
602 return TRUE;
603 }
604
605 return FALSE;
606}
607
608static BOOL rdp_client_redirect_try_netbios(rdpSettings* settings)
609{
610 if (settings->RedirectionFlags & LB_TARGET_NETBIOS_NAME)
611 {
612 if (settings->GatewayEnabled ||
613 rdp_client_redirect_resolvable(settings->RedirectionTargetNetBiosName))
614 {
615 if (!freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
616 settings->RedirectionTargetNetBiosName))
617 return FALSE;
618
619 return TRUE;
620 }
621 }
622
623 return FALSE;
624}
625
626BOOL rdp_client_redirect(rdpRdp* rdp)
627{
628 BOOL status = 0;
629 rdpSettings* settings = NULL;
630
631 if (!rdp_client_disconnect_and_clear(rdp))
632 return FALSE;
633
634 /* Only disconnect & close the channels here.
635 * they will be discarded and recreated after the new settings have been applied. */
636 freerdp_channels_disconnect(rdp->context->channels, rdp->context->instance);
637 freerdp_channels_close(rdp->context->channels, rdp->context->instance);
638
639 if (rdp_redirection_apply_settings(rdp) != 0)
640 return FALSE;
641
642 WINPR_ASSERT(rdp);
643
644 settings = rdp->settings;
645 WINPR_ASSERT(settings);
646
647 if ((settings->RedirectionFlags & LB_LOAD_BALANCE_INFO) == 0)
648 {
649 BOOL haveRedirectAddress = FALSE;
650 UINT32 redirectionMask = settings->RedirectionPreferType;
651
652 do
653 {
654 const BOOL tryFQDN = (redirectionMask & 0x01) == 0;
655 const BOOL tryNetAddress = (redirectionMask & 0x02) == 0;
656 const BOOL tryNetbios = (redirectionMask & 0x04) == 0;
657
658 if (tryFQDN && !haveRedirectAddress)
659 haveRedirectAddress = rdp_client_redirect_try_fqdn(settings);
660
661 if (tryNetAddress && !haveRedirectAddress)
662 haveRedirectAddress = rdp_client_redirect_try_ip(settings);
663
664 if (tryNetbios && !haveRedirectAddress)
665 haveRedirectAddress = rdp_client_redirect_try_netbios(settings);
666
667 redirectionMask >>= 3;
668 } while (!haveRedirectAddress && (redirectionMask != 0));
669 }
670
671 if (settings->RedirectionFlags & LB_USERNAME)
672 {
673 if (!freerdp_settings_set_string(
674 settings, FreeRDP_Username,
675 freerdp_settings_get_string(settings, FreeRDP_RedirectionUsername)))
676 return FALSE;
677 }
678
679 if (settings->RedirectionFlags & LB_DOMAIN)
680 {
681 if (!freerdp_settings_set_string(
682 settings, FreeRDP_Domain,
683 freerdp_settings_get_string(settings, FreeRDP_RedirectionDomain)))
684 return FALSE;
685 }
686
687 settings->RdstlsSecurity =
688 (settings->RedirectionFlags & LB_PASSWORD_IS_PK_ENCRYPTED) != 0 ? TRUE : FALSE;
689
690 WINPR_ASSERT(rdp->context);
691 WINPR_ASSERT(rdp->context->instance);
692 if (!IFCALLRESULT(TRUE, rdp->context->instance->Redirect, rdp->context->instance))
693 return FALSE;
694
695 BOOL ok = utils_reload_channels(rdp->context);
696 if (!ok)
697 return FALSE;
698
699 status = rdp_client_connect(rdp);
700
701 if (status)
702 status = rdp_client_reconnect_channels(rdp, TRUE);
703
704 return status;
705}
706
707BOOL rdp_client_reconnect(rdpRdp* rdp)
708{
709 BOOL status = 0;
710
711 if (!rdp_client_disconnect_and_clear(rdp))
712 return FALSE;
713
714 status = rdp_client_connect(rdp);
715
716 if (status)
717 status = rdp_client_reconnect_channels(rdp, FALSE);
718
719 return status;
720}
721
722static const BYTE fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
723
724static BOOL rdp_client_establish_keys(rdpRdp* rdp)
725{
726 wStream* s = NULL;
727 int status = 0;
728 BOOL ret = FALSE;
729
730 WINPR_ASSERT(rdp);
731 rdpSettings* settings = rdp->settings;
732 BYTE* crypt_client_random = NULL;
733
734 WINPR_ASSERT(settings);
735 if (!settings->UseRdpSecurityLayer)
736 {
737 /* no RDP encryption */
738 return TRUE;
739 }
740
741 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT))
742 return FALSE;
743
744 /* encrypt client random */
745 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ClientRandom, NULL,
746 CLIENT_RANDOM_LENGTH))
747 return FALSE;
748 winpr_RAND(settings->ClientRandom, settings->ClientRandomLength);
749
750 const rdpCertInfo* info = freerdp_certificate_get_info(settings->RdpServerCertificate);
751 if (!info)
752 {
753 WLog_ERR(TAG, "Failed to get rdpCertInfo from RdpServerCertificate");
754 return FALSE;
755 }
756
757 /*
758 * client random must be (bitlen / 8) + 8 - see [MS-RDPBCGR] 5.3.4.1
759 * for details
760 */
761 crypt_client_random = calloc(info->ModulusLength, 1);
762
763 if (!crypt_client_random)
764 return FALSE;
765
766 crypto_rsa_public_encrypt(settings->ClientRandom, settings->ClientRandomLength, info,
767 crypt_client_random, info->ModulusLength);
768 /* send crypt client random to server */
769 const size_t length = RDP_PACKET_HEADER_MAX_LENGTH + RDP_SECURITY_HEADER_LENGTH + 4ULL +
770 info->ModulusLength + 8ULL;
771 if (length > UINT16_MAX)
772 return FALSE;
773
774 s = Stream_New(NULL, length);
775
776 if (!s)
777 {
778 WLog_ERR(TAG, "Stream_New failed!");
779 goto end;
780 }
781
782 UINT16 sec_flags = SEC_EXCHANGE_PKT | SEC_LICENSE_ENCRYPT_SC;
783 if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID, sec_flags))
784 goto end;
785 if (!rdp_write_security_header(rdp, s, sec_flags))
786 goto end;
787
788 Stream_Write_UINT32(s, info->ModulusLength + 8);
789 Stream_Write(s, crypt_client_random, info->ModulusLength);
790 Stream_Zero(s, 8);
791 Stream_SealLength(s);
792 status = transport_write(rdp->mcs->transport, s);
793
794 if (status < 0)
795 goto end;
796
797 rdp->do_crypt_license = TRUE;
798
799 /* now calculate encrypt / decrypt and update keys */
800 if (!security_establish_keys(rdp))
801 goto end;
802
803 rdp->do_crypt = TRUE;
804
805 if (settings->SaltedChecksum)
806 rdp->do_secure_checksum = TRUE;
807
808 if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
809 {
810 rdp->fips_encrypt =
811 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
812 sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
813
814 if (!rdp->fips_encrypt)
815 {
816 WLog_ERR(TAG, "unable to allocate des3 encrypt key");
817 goto end;
818 }
819
820 rdp->fips_decrypt =
821 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
822 sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
823
824 if (!rdp->fips_decrypt)
825 {
826 WLog_ERR(TAG, "unable to allocate des3 decrypt key");
827 goto end;
828 }
829
830 ret = TRUE;
831 goto end;
832 }
833
834 if (!rdp_reset_rc4_encrypt_keys(rdp))
835 goto end;
836 if (!rdp_reset_rc4_decrypt_keys(rdp))
837 goto end;
838
839 ret = TRUE;
840end:
841 Stream_Free(s, TRUE);
842 free(crypt_client_random);
843
844 if (!ret)
845 {
846 winpr_Cipher_Free(rdp->fips_decrypt);
847 winpr_Cipher_Free(rdp->fips_encrypt);
848 rdp->fips_decrypt = NULL;
849 rdp->fips_encrypt = NULL;
850
851 rdp_free_rc4_decrypt_keys(rdp);
852 rdp_free_rc4_encrypt_keys(rdp);
853 }
854
855 return ret;
856}
857
858static BOOL rdp_update_client_random(rdpSettings* settings, const BYTE* crypt_random,
859 size_t crypt_random_len)
860{
861 const size_t length = 32;
862 WINPR_ASSERT(settings);
863
864 const rdpPrivateKey* rsa = freerdp_settings_get_pointer(settings, FreeRDP_RdpServerRsaKey);
865 WINPR_ASSERT(rsa);
866
867 const rdpCertInfo* cinfo = freerdp_key_get_info(rsa);
868 WINPR_ASSERT(cinfo);
869
870 if (crypt_random_len != cinfo->ModulusLength + 8)
871 {
872 WLog_ERR(TAG, "invalid encrypted client random length");
873 return FALSE;
874 }
875 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ClientRandom, NULL, length))
876 return FALSE;
877
878 BYTE* client_random = freerdp_settings_get_pointer_writable(settings, FreeRDP_ClientRandom);
879 WINPR_ASSERT(client_random);
880 return crypto_rsa_private_decrypt(crypt_random, crypt_random_len - 8, rsa, client_random,
881 length) > 0;
882}
883
884BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
885{
886 UINT32 rand_len = 0;
887 UINT16 channel_id = 0;
888 UINT16 length = 0;
889 UINT16 sec_flags = 0;
890 BOOL ret = FALSE;
891
892 WINPR_ASSERT(rdp);
893
894 if (!rdp->settings->UseRdpSecurityLayer)
895 {
896 /* No RDP Security. */
897 return TRUE;
898 }
899
900 if (!rdp_read_header(rdp, s, &length, &channel_id))
901 return FALSE;
902
903 if (!rdp_read_security_header(rdp, s, &sec_flags, NULL))
904 {
905 WLog_Print(rdp->log, WLOG_ERROR, "invalid security header");
906 return FALSE;
907 }
908
909 if ((sec_flags & SEC_EXCHANGE_PKT) == 0)
910 {
911 WLog_Print(rdp->log, WLOG_ERROR, "missing SEC_EXCHANGE_PKT in security header");
912 return FALSE;
913 }
914
915 rdp->do_crypt_license = (sec_flags & SEC_LICENSE_ENCRYPT_SC) != 0 ? TRUE : FALSE;
916
917 if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, 4))
918 return FALSE;
919
920 Stream_Read_UINT32(s, rand_len);
921
922 /* rand_len already includes 8 bytes of padding */
923 if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, rand_len))
924 return FALSE;
925
926 const BYTE* crypt_random = Stream_ConstPointer(s);
927 if (!Stream_SafeSeek(s, rand_len))
928 goto end;
929 if (!rdp_update_client_random(rdp->settings, crypt_random, rand_len))
930 goto end;
931
932 /* now calculate encrypt / decrypt and update keys */
933 if (!security_establish_keys(rdp))
934 goto end;
935
936 rdp->do_crypt = TRUE;
937
938 if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
939 {
940 rdp->fips_encrypt =
941 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
942 sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
943
944 if (!rdp->fips_encrypt)
945 {
946 WLog_Print(rdp->log, WLOG_ERROR, "unable to allocate des3 encrypt key");
947 goto end;
948 }
949
950 rdp->fips_decrypt =
951 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
952 sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
953
954 if (!rdp->fips_decrypt)
955 {
956 WLog_Print(rdp->log, WLOG_ERROR, "unable to allocate des3 decrypt key");
957 goto end;
958 }
959
960 ret = TRUE;
961 goto end;
962 }
963
964 if (!rdp_reset_rc4_encrypt_keys(rdp))
965 goto end;
966
967 if (!rdp_reset_rc4_decrypt_keys(rdp))
968 goto end;
969
970 ret = tpkt_ensure_stream_consumed(rdp->log, s, length);
971end:
972
973 if (!ret)
974 {
975 winpr_Cipher_Free(rdp->fips_encrypt);
976 winpr_Cipher_Free(rdp->fips_decrypt);
977 rdp->fips_encrypt = NULL;
978 rdp->fips_decrypt = NULL;
979
980 rdp_free_rc4_encrypt_keys(rdp);
981 rdp_free_rc4_decrypt_keys(rdp);
982 }
983
984 return ret;
985}
986
987static BOOL rdp_client_send_client_info_and_change_state(rdpRdp* rdp)
988{
989 WINPR_ASSERT(rdp);
990 if (!rdp_client_establish_keys(rdp))
991 return FALSE;
992 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE))
993 return FALSE;
994 if (!rdp_send_client_info(rdp))
995 return FALSE;
996 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST))
997 return FALSE;
998 return TRUE;
999}
1000
1001BOOL rdp_client_skip_mcs_channel_join(rdpRdp* rdp)
1002{
1003 WINPR_ASSERT(rdp);
1004
1005 rdpMcs* mcs = rdp->mcs;
1006 WINPR_ASSERT(mcs);
1007
1008 mcs->userChannelJoined = TRUE;
1009 mcs->globalChannelJoined = TRUE;
1010 mcs->messageChannelJoined = TRUE;
1011
1012 for (UINT32 i = 0; i < mcs->channelCount; i++)
1013 {
1014 rdpMcsChannel* cur = &mcs->channels[i];
1015 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1016 cur->joined = TRUE;
1017 }
1018
1019 return rdp_client_send_client_info_and_change_state(rdp);
1020}
1021
1022static BOOL rdp_client_join_channel(rdpRdp* rdp, UINT16 ChannelId)
1023{
1024 WINPR_ASSERT(rdp);
1025
1026 rdpMcs* mcs = rdp->mcs;
1027 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST))
1028 return FALSE;
1029 if (!mcs_send_channel_join_request(mcs, ChannelId))
1030 return FALSE;
1031 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE))
1032 return FALSE;
1033 return TRUE;
1034}
1035
1036BOOL rdp_client_connect_mcs_channel_join_confirm(rdpRdp* rdp, wStream* s)
1037{
1038 UINT16 channelId = 0;
1039 BOOL allJoined = TRUE;
1040
1041 WINPR_ASSERT(rdp);
1042 rdpMcs* mcs = rdp->mcs;
1043
1044 if (!mcs_recv_channel_join_confirm(mcs, s, &channelId))
1045 return FALSE;
1046
1047 if (!mcs->userChannelJoined)
1048 {
1049 if (channelId != mcs->userId)
1050 {
1051 WLog_ERR(TAG, "expected user channel id %" PRIu16 ", but received %" PRIu16,
1052 mcs->userId, channelId);
1053 return FALSE;
1054 }
1055
1056 mcs->userChannelJoined = TRUE;
1057 if (!rdp_client_join_channel(rdp, MCS_GLOBAL_CHANNEL_ID))
1058 return FALSE;
1059 }
1060 else if (!mcs->globalChannelJoined)
1061 {
1062 if (channelId != MCS_GLOBAL_CHANNEL_ID)
1063 {
1064 WLog_ERR(TAG, "expected uglobalser channel id %" PRIu16 ", but received %" PRIu16,
1065 MCS_GLOBAL_CHANNEL_ID, channelId);
1066 return FALSE;
1067 }
1068 mcs->globalChannelJoined = TRUE;
1069
1070 if (mcs->messageChannelId != 0)
1071 {
1072 if (!rdp_client_join_channel(rdp, mcs->messageChannelId))
1073 return FALSE;
1074 allJoined = FALSE;
1075 }
1076 else
1077 {
1078 if (mcs->channelCount > 0)
1079 {
1080 const rdpMcsChannel* cur = &mcs->channels[0];
1081 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1082 return FALSE;
1083 allJoined = FALSE;
1084 }
1085 }
1086 }
1087 else if ((mcs->messageChannelId != 0) && !mcs->messageChannelJoined)
1088 {
1089 if (channelId != mcs->messageChannelId)
1090 {
1091 WLog_ERR(TAG, "expected messageChannelId=%" PRIu16 ", got %" PRIu16,
1092 mcs->messageChannelId, channelId);
1093 return FALSE;
1094 }
1095
1096 mcs->messageChannelJoined = TRUE;
1097
1098 if (mcs->channelCount > 0)
1099 {
1100 const rdpMcsChannel* cur = &mcs->channels[0];
1101 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1102 return FALSE;
1103 allJoined = FALSE;
1104 }
1105 }
1106 else
1107 {
1108 UINT32 i = 0;
1109 for (; i < mcs->channelCount; i++)
1110 {
1111 rdpMcsChannel* cur = &mcs->channels[i];
1112 if (cur->joined)
1113 continue;
1114
1115 if (cur->ChannelId != channelId)
1116 {
1117 WLog_ERR(TAG, "expected channel id %" PRIu16 ", but received %" PRIu16,
1118 MCS_GLOBAL_CHANNEL_ID, channelId);
1119 return FALSE;
1120 }
1121 cur->joined = TRUE;
1122 break;
1123 }
1124
1125 if (i + 1 < mcs->channelCount)
1126 {
1127 const rdpMcsChannel* cur = &mcs->channels[i + 1];
1128 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1129 return FALSE;
1130 allJoined = FALSE;
1131 }
1132 }
1133
1134 if (mcs->userChannelJoined && mcs->globalChannelJoined && allJoined)
1135 {
1136 if (!rdp_client_send_client_info_and_change_state(rdp))
1137 return FALSE;
1138 }
1139
1140 return TRUE;
1141}
1142
1143state_run_t rdp_handle_message_channel(rdpRdp* rdp, wStream* s, UINT16 channelId, UINT16 length)
1144{
1145 WINPR_ASSERT(rdp);
1146 WINPR_ASSERT(rdp->mcs);
1147
1148 if (!rdp->mcs->messageChannelJoined)
1149 {
1150 WLog_Print(rdp->log, WLOG_WARN, "MCS message channel not joined!");
1151 return STATE_RUN_FAILED;
1152 }
1153 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1154 if (messageChannelId == 0)
1155 {
1156 WLog_Print(rdp->log, WLOG_WARN, "MCS message channel id == 0");
1157 return STATE_RUN_FAILED;
1158 }
1159
1160 if ((channelId != messageChannelId) && (channelId != MCS_GLOBAL_CHANNEL_ID))
1161 {
1162 WLog_Print(rdp->log, WLOG_WARN,
1163 "MCS message channel expected id=[%" PRIu16 "|%d], got %" PRIu16,
1164 messageChannelId, MCS_GLOBAL_CHANNEL_ID, channelId);
1165 return STATE_RUN_FAILED;
1166 }
1167
1168 UINT16 securityFlags = 0;
1169 if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
1170 return STATE_RUN_FAILED;
1171
1172 if (securityFlags & SEC_ENCRYPT)
1173 {
1174 if (!rdp_decrypt(rdp, s, &length, securityFlags))
1175 return STATE_RUN_FAILED;
1176 }
1177
1178 const state_run_t rc = rdp_recv_message_channel_pdu(rdp, s, securityFlags);
1179 if (state_run_success(rc))
1180 {
1181 if (!tpkt_ensure_stream_consumed(rdp->log, s, length))
1182 return STATE_RUN_FAILED;
1183 }
1184 return rc;
1185}
1186
1187BOOL rdp_client_connect_auto_detect(rdpRdp* rdp, wStream* s)
1188{
1189 WINPR_ASSERT(rdp);
1190 WINPR_ASSERT(rdp->mcs);
1191
1192 const size_t pos = Stream_GetPosition(s);
1193 UINT16 length = 0;
1194 UINT16 channelId = 0;
1195
1196 if (rdp_read_header(rdp, s, &length, &channelId))
1197 {
1198 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1199 /* If the MCS message channel has been joined... */
1200
1201 /* Process any MCS message channel PDUs. */
1202 if (rdp->mcs->messageChannelJoined && (channelId == messageChannelId))
1203 {
1204 const state_run_t rc = rdp_handle_message_channel(rdp, s, channelId, length);
1205 return state_run_success(rc);
1206 }
1207 else
1208 {
1209 WLog_WARN(TAG, "expected messageChannelId=%" PRIu16 ", got %" PRIu16, messageChannelId,
1210 channelId);
1211 }
1212 }
1213
1214 Stream_SetPosition(s, pos);
1215 return FALSE;
1216}
1217
1218state_run_t rdp_client_connect_license(rdpRdp* rdp, wStream* s)
1219{
1220 state_run_t status = STATE_RUN_FAILED;
1221 LICENSE_STATE state = LICENSE_STATE_ABORTED;
1222 UINT16 length = 0;
1223 UINT16 channelId = 0;
1224 UINT16 securityFlags = 0;
1225
1226 WINPR_ASSERT(rdp);
1227 if (!rdp_read_header(rdp, s, &length, &channelId))
1228 return STATE_RUN_FAILED;
1229
1230 /* there might be autodetect messages mixed in between licensing messages.
1231 * that has been observed with 2k12 R2 and 2k19
1232 */
1233 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1234 if (rdp->mcs->messageChannelJoined && (channelId == messageChannelId))
1235 {
1236 return rdp_handle_message_channel(rdp, s, channelId, length);
1237 }
1238
1239 if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
1240 return STATE_RUN_FAILED;
1241
1242 if (securityFlags & SEC_ENCRYPT)
1243 {
1244 if (!rdp_decrypt(rdp, s, &length, securityFlags))
1245 return STATE_RUN_FAILED;
1246 }
1247
1248 if (channelId != MCS_GLOBAL_CHANNEL_ID)
1249 WLog_WARN(TAG, "unexpected message for channel %u, expected %u", channelId,
1250 MCS_GLOBAL_CHANNEL_ID);
1251
1252 if ((securityFlags & SEC_LICENSE_PKT) == 0)
1253 {
1254 char buffer[512] = { 0 };
1255 char lbuffer[32] = { 0 };
1256 WLog_ERR(TAG, "securityFlags=%s, missing required flag %s",
1257 rdp_security_flag_string(securityFlags, buffer, sizeof(buffer)),
1258 rdp_security_flag_string(SEC_LICENSE_PKT, lbuffer, sizeof(lbuffer)));
1259 return STATE_RUN_FAILED;
1260 }
1261
1262 status = license_recv(rdp->license, s);
1263
1264 if (state_run_failed(status))
1265 return status;
1266
1267 state = license_get_state(rdp->license);
1268 switch (state)
1269 {
1270 case LICENSE_STATE_ABORTED:
1271 WLog_ERR(TAG, "license connection sequence aborted.");
1272 return STATE_RUN_FAILED;
1273 case LICENSE_STATE_COMPLETED:
1274 if (rdp->settings->MultitransportFlags)
1275 {
1276 if (!rdp_client_transition_to_state(
1277 rdp, CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST))
1278 return STATE_RUN_FAILED;
1279 }
1280 else
1281 {
1282 if (!rdp_client_transition_to_state(
1283 rdp, CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE))
1284 return STATE_RUN_FAILED;
1285 }
1286 return STATE_RUN_SUCCESS;
1287 default:
1288 return STATE_RUN_SUCCESS;
1289 }
1290}
1291
1292state_run_t rdp_client_connect_demand_active(rdpRdp* rdp, wStream* s)
1293{
1294 UINT16 length = 0;
1295 UINT16 channelId = 0;
1296 UINT16 pduType = 0;
1297 UINT16 pduSource = 0;
1298
1299 WINPR_ASSERT(rdp);
1300 WINPR_ASSERT(s);
1301 WINPR_ASSERT(rdp->settings);
1302
1303 if (!rdp_recv_get_active_header(rdp, s, &channelId, &length))
1304 return STATE_RUN_FAILED;
1305
1306 if (freerdp_shall_disconnect_context(rdp->context))
1307 return STATE_RUN_QUIT_SESSION;
1308
1309 if (rdp->mcs->messageChannelId && (channelId == rdp->mcs->messageChannelId))
1310 {
1311 rdp->inPackets++;
1312 return rdp_handle_message_channel(rdp, s, channelId, length);
1313 }
1314
1315 if (!rdp_handle_optional_rdp_decryption(rdp, s, &length, NULL))
1316 return STATE_RUN_FAILED;
1317
1318 if (!rdp_read_share_control_header(rdp, s, NULL, NULL, &pduType, &pduSource))
1319 return STATE_RUN_FAILED;
1320
1321 switch (pduType)
1322 {
1323 case PDU_TYPE_DEMAND_ACTIVE:
1324 if (!rdp_recv_demand_active(rdp, s, pduSource, length))
1325 return STATE_RUN_FAILED;
1326 return STATE_RUN_ACTIVE;
1327 default:
1328 return rdp_recv_out_of_sequence_pdu(rdp, s, pduType, length);
1329 }
1330}
1331
1332state_run_t rdp_client_connect_finalize(rdpRdp* rdp)
1333{
1334 WINPR_ASSERT(rdp);
1341 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_SYNC))
1342 return STATE_RUN_FAILED;
1343
1344 if (!rdp_send_client_synchronize_pdu(rdp))
1345 return STATE_RUN_FAILED;
1346
1347 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_COOPERATE))
1348 return STATE_RUN_FAILED;
1349 if (!rdp_send_client_control_pdu(rdp, CTRLACTION_COOPERATE))
1350 return STATE_RUN_FAILED;
1351
1352 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL))
1353 return STATE_RUN_FAILED;
1354 if (!rdp_send_client_control_pdu(rdp, CTRLACTION_REQUEST_CONTROL))
1355 return STATE_RUN_FAILED;
1356
1364 if (!rdp_finalize_is_flag_set(rdp, FINALIZE_DEACTIVATE_REACTIVATE) &&
1365 freerdp_settings_get_bool(rdp->settings, FreeRDP_BitmapCachePersistEnabled))
1366 {
1367 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST))
1368 return STATE_RUN_FAILED;
1369 if (!rdp_send_client_persistent_key_list_pdu(rdp))
1370 return STATE_RUN_FAILED;
1371 }
1372
1373 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_FONT_LIST))
1374 return STATE_RUN_FAILED;
1375 if (!rdp_send_client_font_list_pdu(rdp, FONTLIST_FIRST | FONTLIST_LAST))
1376 return STATE_RUN_FAILED;
1377
1378 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_SYNC))
1379 return STATE_RUN_FAILED;
1380 return STATE_RUN_SUCCESS;
1381}
1382
1383BOOL rdp_client_transition_to_state(rdpRdp* rdp, CONNECTION_STATE state)
1384{
1385 const char* name = rdp_state_string(state);
1386
1387 WINPR_ASSERT(rdp);
1388 WLog_Print(rdp->log, WLOG_DEBUG, "%s --> %s", rdp_get_state_string(rdp), name);
1389
1390 if (!rdp_set_state(rdp, state))
1391 return FALSE;
1392
1393 switch (state)
1394 {
1395 case CONNECTION_STATE_FINALIZATION_SYNC:
1396 case CONNECTION_STATE_FINALIZATION_COOPERATE:
1397 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
1398 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
1399 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
1400 update_reset_state(rdp->update);
1401 break;
1402
1403 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE:
1404 {
1405 ActivatedEventArgs activatedEvent = { 0 };
1406 rdpContext* context = rdp->context;
1407 EventArgsInit(&activatedEvent, "libfreerdp");
1408 activatedEvent.firstActivation =
1409 !rdp_finalize_is_flag_set(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1410 PubSub_OnActivated(rdp->pubSub, context, &activatedEvent);
1411 }
1412
1413 break;
1414
1415 default:
1416 break;
1417 }
1418
1419 {
1420 ConnectionStateChangeEventArgs stateEvent = { 0 };
1421 rdpContext* context = rdp->context;
1422 EventArgsInit(&stateEvent, "libfreerdp");
1423 stateEvent.state = WINPR_ASSERTING_INT_CAST(int32_t, rdp_get_state(rdp));
1424 stateEvent.active = rdp_is_active_state(rdp);
1425 PubSub_OnConnectionStateChange(rdp->pubSub, context, &stateEvent);
1426 }
1427
1428 return TRUE;
1429}
1430
1431BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
1432{
1433 UINT32 SelectedProtocol = 0;
1434 UINT32 RequestedProtocols = 0;
1435 BOOL status = 0;
1436 rdpSettings* settings = NULL;
1437 rdpNego* nego = NULL;
1438
1439 WINPR_ASSERT(rdp);
1440 WINPR_ASSERT(s);
1441
1442 settings = rdp->settings;
1443 WINPR_ASSERT(settings);
1444
1445 nego = rdp->nego;
1446 WINPR_ASSERT(nego);
1447
1448 transport_set_blocking_mode(rdp->transport, TRUE);
1449
1450 if (!nego_read_request(nego, s))
1451 return FALSE;
1452
1453 RequestedProtocols = nego_get_requested_protocols(nego);
1454 WLog_DBG(TAG, "Client Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
1455 (RequestedProtocols & PROTOCOL_RDSTLS) ? 1 : 0,
1456 (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0,
1457 (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0,
1458 (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0);
1459 WLog_DBG(TAG,
1460 "Server Security: RDSTLS:%" PRId32 " NLA:%" PRId32 " TLS:%" PRId32 " RDP:%" PRId32 "",
1461 settings->RdstlsSecurity, settings->NlaSecurity, settings->TlsSecurity,
1462 settings->RdpSecurity);
1463
1464 if ((settings->RdstlsSecurity) && (RequestedProtocols & PROTOCOL_RDSTLS))
1465 {
1466 SelectedProtocol = PROTOCOL_RDSTLS;
1467 }
1468 else if ((settings->NlaSecurity) && (RequestedProtocols & PROTOCOL_HYBRID))
1469 {
1470 SelectedProtocol = PROTOCOL_HYBRID;
1471 }
1472 else if ((settings->TlsSecurity) && (RequestedProtocols & PROTOCOL_SSL))
1473 {
1474 SelectedProtocol = PROTOCOL_SSL;
1475 }
1476 else if ((settings->RdpSecurity) && (RequestedProtocols == PROTOCOL_RDP))
1477 {
1478 SelectedProtocol = PROTOCOL_RDP;
1479 }
1480 else
1481 {
1482 /*
1483 * when here client and server aren't compatible, we select the right
1484 * error message to return to the client in the nego failure packet
1485 */
1486 SelectedProtocol = PROTOCOL_FAILED_NEGO;
1487
1488 if (settings->RdpSecurity)
1489 {
1490 WLog_ERR(TAG, "server supports only Standard RDP Security");
1491 SelectedProtocol |= SSL_NOT_ALLOWED_BY_SERVER;
1492 }
1493 else
1494 {
1495 if (settings->NlaSecurity && !settings->TlsSecurity)
1496 {
1497 WLog_WARN(TAG, "server supports only NLA Security");
1498 SelectedProtocol |= HYBRID_REQUIRED_BY_SERVER;
1499 }
1500 else
1501 {
1502 WLog_WARN(TAG, "server supports only a SSL based Security (TLS or NLA)");
1503 SelectedProtocol |= SSL_REQUIRED_BY_SERVER;
1504 }
1505 }
1506
1507 WLog_ERR(TAG, "Protocol security negotiation failure");
1508 }
1509
1510 if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO))
1511 {
1512 WLog_DBG(TAG, "Negotiated Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
1513 (SelectedProtocol & PROTOCOL_RDSTLS) ? 1 : 0,
1514 (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0,
1515 (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0,
1516 (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0);
1517 }
1518
1519 if (!nego_set_selected_protocol(nego, SelectedProtocol))
1520 return FALSE;
1521
1522 if (!nego_send_negotiation_response(nego))
1523 return FALSE;
1524
1525 SelectedProtocol = nego_get_selected_protocol(nego);
1526 status = FALSE;
1527
1528 if (SelectedProtocol & PROTOCOL_RDSTLS)
1529 status = transport_accept_rdstls(rdp->transport);
1530 else if (SelectedProtocol & PROTOCOL_HYBRID)
1531 status = transport_accept_nla(rdp->transport);
1532 else if (SelectedProtocol & PROTOCOL_SSL)
1533 status = transport_accept_tls(rdp->transport);
1534 else if (SelectedProtocol == PROTOCOL_RDP) /* 0 */
1535 status = transport_accept_rdp(rdp->transport);
1536
1537 if (!status)
1538 return FALSE;
1539
1540 transport_set_blocking_mode(rdp->transport, FALSE);
1541
1542 return TRUE;
1543}
1544
1545static BOOL rdp_update_encryption_level(rdpSettings* settings)
1546{
1547 WINPR_ASSERT(settings);
1548
1549 UINT32 EncryptionLevel = freerdp_settings_get_uint32(settings, FreeRDP_EncryptionLevel);
1550 UINT32 EncryptionMethods = freerdp_settings_get_uint32(settings, FreeRDP_EncryptionMethods);
1551
1562 if (!settings->UseRdpSecurityLayer)
1563 {
1564 /* TLS/NLA is used: disable rdp style encryption */
1565 EncryptionLevel = ENCRYPTION_LEVEL_NONE;
1566 }
1567 else
1568 {
1569 /* verify server encryption level value */
1570 switch (EncryptionLevel)
1571 {
1572 case ENCRYPTION_LEVEL_NONE:
1573 WLog_INFO(TAG, "Active rdp encryption level: NONE");
1574 break;
1575
1576 case ENCRYPTION_LEVEL_FIPS:
1577 WLog_INFO(TAG, "Active rdp encryption level: FIPS Compliant");
1578 break;
1579
1580 case ENCRYPTION_LEVEL_HIGH:
1581 WLog_INFO(TAG, "Active rdp encryption level: HIGH");
1582 break;
1583
1584 case ENCRYPTION_LEVEL_LOW:
1585 WLog_INFO(TAG, "Active rdp encryption level: LOW");
1586 break;
1587
1588 case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
1589 WLog_INFO(TAG, "Active rdp encryption level: CLIENT-COMPATIBLE");
1590 break;
1591
1592 default:
1593 WLog_ERR(TAG, "Invalid server encryption level 0x%08" PRIX32 "", EncryptionLevel);
1594 WLog_ERR(TAG, "Switching to encryption level CLIENT-COMPATIBLE");
1595 EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
1596 }
1597 }
1598
1599 /* choose rdp encryption method based on server level and client methods */
1600 switch (EncryptionLevel)
1601 {
1602 case ENCRYPTION_LEVEL_NONE:
1603 /* The only valid method is NONE in this case */
1604 EncryptionMethods = ENCRYPTION_METHOD_NONE;
1605 break;
1606
1607 case ENCRYPTION_LEVEL_FIPS:
1608
1609 /* The only valid method is FIPS in this case */
1610 if (!(EncryptionMethods & ENCRYPTION_METHOD_FIPS))
1611 {
1612 WLog_WARN(TAG, "client does not support FIPS as required by server configuration");
1613 }
1614
1615 EncryptionMethods = ENCRYPTION_METHOD_FIPS;
1616 break;
1617
1618 case ENCRYPTION_LEVEL_HIGH:
1619
1620 /* Maximum key strength supported by the server must be used (128 bit)*/
1621 if (!(EncryptionMethods & ENCRYPTION_METHOD_128BIT))
1622 {
1623 WLog_WARN(TAG, "client does not support 128 bit encryption method as required by "
1624 "server configuration");
1625 }
1626
1627 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1628 break;
1629
1630 case ENCRYPTION_LEVEL_LOW:
1631 case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
1632
1633 /* Maximum key strength supported by the client must be used */
1634 if (EncryptionMethods & ENCRYPTION_METHOD_128BIT)
1635 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1636 else if (EncryptionMethods & ENCRYPTION_METHOD_56BIT)
1637 EncryptionMethods = ENCRYPTION_METHOD_56BIT;
1638 else if (EncryptionMethods & ENCRYPTION_METHOD_40BIT)
1639 EncryptionMethods = ENCRYPTION_METHOD_40BIT;
1640 else if (EncryptionMethods & ENCRYPTION_METHOD_FIPS)
1641 EncryptionMethods = ENCRYPTION_METHOD_FIPS;
1642 else
1643 {
1644 WLog_WARN(TAG, "client has not announced any supported encryption methods");
1645 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1646 }
1647
1648 break;
1649
1650 default:
1651 WLog_ERR(TAG, "internal error: unknown encryption level");
1652 return FALSE;
1653 }
1654
1655 /* log selected encryption method */
1656 if (settings->UseRdpSecurityLayer)
1657 {
1658 switch (EncryptionMethods)
1659 {
1660 case ENCRYPTION_METHOD_NONE:
1661 WLog_INFO(TAG, "Selected rdp encryption method: NONE");
1662 break;
1663
1664 case ENCRYPTION_METHOD_40BIT:
1665 WLog_INFO(TAG, "Selected rdp encryption method: 40BIT");
1666 break;
1667
1668 case ENCRYPTION_METHOD_56BIT:
1669 WLog_INFO(TAG, "Selected rdp encryption method: 56BIT");
1670 break;
1671
1672 case ENCRYPTION_METHOD_128BIT:
1673 WLog_INFO(TAG, "Selected rdp encryption method: 128BIT");
1674 break;
1675
1676 case ENCRYPTION_METHOD_FIPS:
1677 WLog_INFO(TAG, "Selected rdp encryption method: FIPS");
1678 break;
1679
1680 default:
1681 WLog_ERR(TAG, "internal error: unknown encryption method");
1682 return FALSE;
1683 }
1684 }
1685
1686 if (!freerdp_settings_set_uint32(settings, FreeRDP_EncryptionLevel, EncryptionLevel))
1687 return FALSE;
1688 if (!freerdp_settings_set_uint32(settings, FreeRDP_EncryptionMethods, EncryptionMethods))
1689 return FALSE;
1690 return TRUE;
1691}
1692
1693BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s)
1694{
1695 WINPR_ASSERT(rdp);
1696 WINPR_ASSERT(s);
1697
1698 rdpMcs* mcs = rdp->mcs;
1699 WINPR_ASSERT(mcs);
1700
1701 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_CREATE_REQUEST);
1702 if (!mcs_recv_connect_initial(mcs, s))
1703 return FALSE;
1704 WINPR_ASSERT(rdp->settings);
1705
1706 if (!mcs_server_apply_to_settings(mcs, rdp->settings))
1707 return FALSE;
1708
1709 WLog_DBG(TAG, "Accepted client: %s", rdp->settings->ClientHostname);
1710 WLog_DBG(TAG, "Accepted channels:");
1711
1712 WINPR_ASSERT(mcs->channels || (mcs->channelCount == 0));
1713 for (UINT32 i = 0; i < mcs->channelCount; i++)
1714 {
1715 ADDIN_ARGV* arg = NULL;
1716 rdpMcsChannel* cur = &mcs->channels[i];
1717 const char* params[1] = { cur->Name };
1718 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1719 arg = freerdp_addin_argv_new(ARRAYSIZE(params), params);
1720 if (!arg)
1721 return FALSE;
1722
1723 if (!freerdp_static_channel_collection_add(rdp->settings, arg))
1724 {
1725 freerdp_addin_argv_free(arg);
1726 return FALSE;
1727 }
1728 }
1729
1730 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CREATE_RESPONSE))
1731 return FALSE;
1732 if (!rdp_update_encryption_level(rdp->settings))
1733 return FALSE;
1734 if (!mcs_send_connect_response(mcs))
1735 return FALSE;
1736 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ERECT_DOMAIN))
1737 return FALSE;
1738
1739 return TRUE;
1740}
1741
1742BOOL rdp_server_accept_mcs_erect_domain_request(rdpRdp* rdp, wStream* s)
1743{
1744 WINPR_ASSERT(rdp);
1745 WINPR_ASSERT(s);
1746 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_ERECT_DOMAIN);
1747
1748 if (!mcs_recv_erect_domain_request(rdp->mcs, s))
1749 return FALSE;
1750
1751 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ATTACH_USER);
1752}
1753
1754static BOOL rdp_server_skip_mcs_channel_join(rdpRdp* rdp)
1755{
1756 WINPR_ASSERT(rdp);
1757
1758 rdpMcs* mcs = rdp->mcs;
1759 WINPR_ASSERT(mcs);
1760
1761 mcs->userChannelJoined = TRUE;
1762 mcs->globalChannelJoined = TRUE;
1763 mcs->messageChannelJoined = TRUE;
1764
1765 for (UINT32 i = 0; i < mcs->channelCount; i++)
1766 {
1767 rdpMcsChannel* cur = &mcs->channels[i];
1768 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1769 cur->joined = TRUE;
1770 }
1771 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT);
1772}
1773
1774BOOL rdp_server_accept_mcs_attach_user_request(rdpRdp* rdp, wStream* s)
1775{
1776 if (!mcs_recv_attach_user_request(rdp->mcs, s))
1777 return FALSE;
1778
1779 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM))
1780 return FALSE;
1781
1782 if (!mcs_send_attach_user_confirm(rdp->mcs))
1783 return FALSE;
1784
1785 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_SupportSkipChannelJoin))
1786 return rdp_server_skip_mcs_channel_join(rdp);
1787 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST);
1788}
1789
1790BOOL rdp_server_accept_mcs_channel_join_request(rdpRdp* rdp, wStream* s)
1791{
1792 UINT16 channelId = 0;
1793 BOOL allJoined = TRUE;
1794 rdpMcs* mcs = NULL;
1795
1796 WINPR_ASSERT(rdp);
1797 WINPR_ASSERT(rdp->context);
1798
1799 mcs = rdp->mcs;
1800 WINPR_ASSERT(mcs);
1801
1802 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST);
1803
1804 if (!mcs_recv_channel_join_request(mcs, rdp->settings, s, &channelId))
1805 return FALSE;
1806
1807 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE))
1808 return FALSE;
1809
1810 if (!mcs_send_channel_join_confirm(mcs, channelId))
1811 return FALSE;
1812
1813 if (channelId == mcs->userId)
1814 mcs->userChannelJoined = TRUE;
1815 if (channelId == MCS_GLOBAL_CHANNEL_ID)
1816 mcs->globalChannelJoined = TRUE;
1817 if (channelId == mcs->messageChannelId)
1818 mcs->messageChannelJoined = TRUE;
1819
1820 for (UINT32 i = 0; i < mcs->channelCount; i++)
1821 {
1822 rdpMcsChannel* cur = &mcs->channels[i];
1823 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1824 if (cur->ChannelId == channelId)
1825 cur->joined = TRUE;
1826
1827 if (!cur->joined)
1828 allJoined = FALSE;
1829 }
1830
1831 CONNECTION_STATE rc = CONNECTION_STATE_INITIAL;
1832 if ((mcs->userChannelJoined) && (mcs->globalChannelJoined) &&
1833 (mcs->messageChannelId == 0 || mcs->messageChannelJoined) && allJoined)
1834 rc = CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT;
1835 else
1836 rc = CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST;
1837
1838 return rdp_server_transition_to_state(rdp, rc);
1839}
1840
1841static BOOL rdp_server_send_sync(rdpRdp* rdp)
1842{
1843 WINPR_ASSERT(rdp);
1844
1845 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_SYNC))
1846 return FALSE;
1847 if (!rdp_send_server_synchronize_pdu(rdp))
1848 return FALSE;
1849 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE))
1850 return FALSE;
1851 if (!rdp_send_server_control_cooperate_pdu(rdp))
1852 return FALSE;
1853 if (!rdp_finalize_reset_flags(rdp, FALSE))
1854 return FALSE;
1855 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_SYNC);
1856}
1857
1858BOOL rdp_server_accept_confirm_active(rdpRdp* rdp, wStream* s, UINT16 pduLength)
1859{
1860 WINPR_ASSERT(rdp);
1861 WINPR_ASSERT(rdp->context);
1862 WINPR_ASSERT(rdp->settings);
1863 WINPR_ASSERT(s);
1864
1865 freerdp_peer* peer = rdp->context->peer;
1866 WINPR_ASSERT(peer);
1867
1868 if (rdp_get_state(rdp) != CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE)
1869 {
1870 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_TransportDumpReplay))
1871 rdp_finalize_set_flag(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1872 else
1873 {
1874 WLog_WARN(TAG, "Invalid state, got %s, expected %s", rdp_get_state_string(rdp),
1875 rdp_state_string(CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE));
1876 return FALSE;
1877 }
1878 }
1879
1880 if (!rdp_recv_confirm_active(rdp, s, pduLength))
1881 return FALSE;
1882
1883 if (peer->ClientCapabilities && !peer->ClientCapabilities(peer))
1884 {
1885 WLog_WARN(TAG, "peer->ClientCapabilities failed");
1886 return FALSE;
1887 }
1888
1889 if (rdp->settings->SaltedChecksum)
1890 rdp->do_secure_checksum = TRUE;
1891
1892 return rdp_server_send_sync(rdp);
1893}
1894
1895BOOL rdp_server_reactivate(rdpRdp* rdp)
1896{
1897 freerdp_peer* client = NULL;
1898
1899 if (rdp->context && rdp->context->peer)
1900 client = rdp->context->peer;
1901
1902 if (client)
1903 client->activated = FALSE;
1904
1905 if (!rdp_send_deactivate_all(rdp))
1906 return FALSE;
1907
1908 rdp_finalize_set_flag(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1909 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE))
1910 return FALSE;
1911
1912 state_run_t rc = rdp_peer_handle_state_demand_active(client);
1913 return state_run_success(rc);
1914}
1915
1916static BOOL rdp_is_active_peer_state(CONNECTION_STATE state)
1917{
1918 /* [MS-RDPBCGR] 1.3.1.1 Connection Sequence states:
1919 * 'upon receipt of the Font List PDU the server can start sending graphics
1920 * output to the client'
1921 */
1922 switch (state)
1923 {
1924 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
1925 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
1926 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
1927 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
1928 case CONNECTION_STATE_ACTIVE:
1929 return TRUE;
1930 default:
1931 return FALSE;
1932 }
1933}
1934
1935static BOOL rdp_is_active_client_state(CONNECTION_STATE state)
1936{
1937 /* [MS-RDPBCGR] 1.3.1.1 Connection Sequence states:
1938 * 'Once the client has sent the Confirm Active PDU, it can start sending
1939 * mouse and keyboard input to the server'
1940 */
1941 switch (state)
1942 {
1943 case CONNECTION_STATE_FINALIZATION_SYNC:
1944 case CONNECTION_STATE_FINALIZATION_COOPERATE:
1945 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
1946 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
1947 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
1948 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
1949 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
1950 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
1951 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
1952 case CONNECTION_STATE_ACTIVE:
1953 return TRUE;
1954 default:
1955 return FALSE;
1956 }
1957}
1958
1959BOOL rdp_is_active_state(const rdpRdp* rdp)
1960{
1961 WINPR_ASSERT(rdp);
1962 WINPR_ASSERT(rdp->context);
1963
1964 const CONNECTION_STATE state = rdp_get_state(rdp);
1965 if (freerdp_settings_get_bool(rdp->context->settings, FreeRDP_ServerMode))
1966 return rdp_is_active_peer_state(state);
1967 else
1968 return rdp_is_active_client_state(state);
1969}
1970
1971BOOL rdp_server_transition_to_state(rdpRdp* rdp, CONNECTION_STATE state)
1972{
1973 BOOL status = FALSE;
1974 freerdp_peer* client = NULL;
1975 const CONNECTION_STATE cstate = rdp_get_state(rdp);
1976
1977 if (cstate >= CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT)
1978 {
1979 WINPR_ASSERT(rdp->context);
1980 client = rdp->context->peer;
1981 }
1982
1983 if (!rdp_is_active_peer_state(cstate))
1984 {
1985 if (client)
1986 client->activated = FALSE;
1987 }
1988
1989 WLog_Print(rdp->log, WLOG_DEBUG, "%s --> %s", rdp_get_state_string(rdp),
1990 rdp_state_string(state));
1991 if (!rdp_set_state(rdp, state))
1992 goto fail;
1993
1994 status = TRUE;
1995fail:
1996 return status;
1997}
1998
1999const char* rdp_client_connection_state_string(UINT state)
2000{
2001 switch (state)
2002 {
2003 case CLIENT_STATE_INITIAL:
2004 return "CLIENT_STATE_INITIAL";
2005 case CLIENT_STATE_PRECONNECT_PASSED:
2006 return "CLIENT_STATE_PRECONNECT_PASSED";
2007 case CLIENT_STATE_POSTCONNECT_PASSED:
2008 return "CLIENT_STATE_POSTCONNECT_PASSED";
2009 default:
2010 return "UNKNOWN";
2011 }
2012}
2013
2014const char* rdp_state_string(CONNECTION_STATE state)
2015{
2016 switch (state)
2017 {
2018 case CONNECTION_STATE_INITIAL:
2019 return "CONNECTION_STATE_INITIAL";
2020 case CONNECTION_STATE_NEGO:
2021 return "CONNECTION_STATE_NEGO";
2022 case CONNECTION_STATE_NLA:
2023 return "CONNECTION_STATE_NLA";
2024 case CONNECTION_STATE_AAD:
2025 return "CONNECTION_STATE_AAD";
2026 case CONNECTION_STATE_MCS_CREATE_REQUEST:
2027 return "CONNECTION_STATE_MCS_CREATE_REQUEST";
2028 case CONNECTION_STATE_MCS_CREATE_RESPONSE:
2029 return "CONNECTION_STATE_MCS_CREATE_RESPONSE";
2030 case CONNECTION_STATE_MCS_ERECT_DOMAIN:
2031 return "CONNECTION_STATE_MCS_ERECT_DOMAIN";
2032 case CONNECTION_STATE_MCS_ATTACH_USER:
2033 return "CONNECTION_STATE_MCS_ATTACH_USER";
2034 case CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM:
2035 return "CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM";
2036 case CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST:
2037 return "CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST";
2038 case CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE:
2039 return "CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE";
2040 case CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT:
2041 return "CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT";
2042 case CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE:
2043 return "CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE";
2044 case CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST:
2045 return "CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST";
2046 case CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_RESPONSE:
2047 return "CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_RESPONSE";
2048 case CONNECTION_STATE_LICENSING:
2049 return "CONNECTION_STATE_LICENSING";
2050 case CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST:
2051 return "CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST";
2052 case CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_RESPONSE:
2053 return "CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_RESPONSE";
2054 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE:
2055 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE";
2056 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT:
2057 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT";
2058 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE:
2059 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE";
2060 case CONNECTION_STATE_FINALIZATION_SYNC:
2061 return "CONNECTION_STATE_FINALIZATION_SYNC";
2062 case CONNECTION_STATE_FINALIZATION_COOPERATE:
2063 return "CONNECTION_STATE_FINALIZATION_COOPERATE";
2064 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
2065 return "CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL";
2066 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
2067 return "CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST";
2068 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
2069 return "CONNECTION_STATE_FINALIZATION_FONT_LIST";
2070 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
2071 return "CONNECTION_STATE_FINALIZATION_CLIENT_SYNC";
2072 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
2073 return "CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE";
2074 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
2075 return "CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL";
2076 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
2077 return "CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP";
2078 case CONNECTION_STATE_ACTIVE:
2079 return "CONNECTION_STATE_ACTIVE";
2080 default:
2081 return "UNKNOWN";
2082 }
2083}
2084
2085CONNECTION_STATE rdp_get_state(const rdpRdp* rdp)
2086{
2087 WINPR_ASSERT(rdp);
2088 return rdp->state;
2089}
2090
2091BOOL rdp_set_state(rdpRdp* rdp, CONNECTION_STATE state)
2092{
2093 WINPR_ASSERT(rdp);
2094 rdp->state = state;
2095 return TRUE;
2096}
2097
2098const char* rdp_get_state_string(const rdpRdp* rdp)
2099{
2100 CONNECTION_STATE state = rdp_get_state(rdp);
2101 return rdp_state_string(state);
2102}
2103
2104BOOL rdp_channels_from_mcs(rdpSettings* settings, const rdpRdp* rdp)
2105{
2106 const rdpMcs* mcs = NULL;
2107
2108 WINPR_ASSERT(rdp);
2109
2110 mcs = rdp->mcs;
2111 WINPR_ASSERT(mcs);
2112
2113 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ChannelDefArray, NULL,
2114 CHANNEL_MAX_COUNT))
2115 return FALSE;
2116
2117 for (UINT32 x = 0; x < mcs->channelCount; x++)
2118 {
2119 const rdpMcsChannel* mchannel = &mcs->channels[x];
2120 CHANNEL_DEF cur = { 0 };
2121
2122 memcpy(cur.name, mchannel->Name, sizeof(cur.name));
2123 cur.options = mchannel->options;
2124 if (!freerdp_settings_set_pointer_array(settings, FreeRDP_ChannelDefArray, x, &cur))
2125 return FALSE;
2126 }
2127
2128 return freerdp_settings_set_uint32(settings, FreeRDP_ChannelCount, mcs->channelCount);
2129}
2130
2131/* Here we are in client state CONFIRM_ACTIVE.
2132 *
2133 * This means:
2134 * 1. send the CONFIRM_ACTIVE PDU to the server
2135 * 2. register callbacks, the server can now start sending stuff
2136 */
2137state_run_t rdp_client_connect_confirm_active(rdpRdp* rdp, WINPR_ATTR_UNUSED wStream* s)
2138{
2139 WINPR_ASSERT(rdp);
2140 WINPR_ASSERT(rdp->settings);
2141 WINPR_ASSERT(s);
2142
2143 const UINT32 width = rdp->settings->DesktopWidth;
2144 const UINT32 height = rdp->settings->DesktopHeight;
2145
2146 if (!rdp_send_confirm_active(rdp))
2147 return STATE_RUN_FAILED;
2148
2149 if (!input_register_client_callbacks(rdp->input))
2150 {
2151 WLog_ERR(TAG, "error registering client callbacks");
2152 return STATE_RUN_FAILED;
2153 }
2154
2159 const BOOL deactivate_reactivate =
2160 rdp->was_deactivated && ((rdp->deactivated_width != rdp->settings->DesktopWidth) ||
2161 (rdp->deactivated_height != rdp->settings->DesktopHeight));
2162 const BOOL resolution_change =
2163 ((width != rdp->settings->DesktopWidth) || (height != rdp->settings->DesktopHeight));
2164 if (deactivate_reactivate || resolution_change)
2165 {
2166 BOOL status = TRUE;
2167 IFCALLRET(rdp->update->DesktopResize, status, rdp->update->context);
2168
2169 if (!status)
2170 {
2171 WLog_ERR(TAG, "client desktop resize callback failed");
2172 return STATE_RUN_FAILED;
2173 }
2174 }
2175
2176 WINPR_ASSERT(rdp->context);
2177 if (freerdp_shall_disconnect_context(rdp->context))
2178 return STATE_RUN_SUCCESS;
2179
2180 state_run_t status = STATE_RUN_SUCCESS;
2181 if (!rdp->settings->SupportMonitorLayoutPdu)
2182 status = rdp_client_connect_finalize(rdp);
2183 else
2184 {
2185 if (!rdp_client_transition_to_state(rdp,
2186 CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT))
2187 status = STATE_RUN_FAILED;
2188 }
2189 if (!rdp_finalize_reset_flags(rdp, FALSE))
2190 status = STATE_RUN_FAILED;
2191 return status;
2192}
2193
2194BOOL rdp_handle_optional_rdp_decryption(rdpRdp* rdp, wStream* s, UINT16* length,
2195 UINT16* pSecurityFlags)
2196{
2197 BOOL rc = FALSE;
2198 WINPR_ASSERT(rdp);
2199 WINPR_ASSERT(rdp->settings);
2200
2201 UINT16 securityFlags = 0;
2202 if (rdp->settings->UseRdpSecurityLayer)
2203 {
2204 if (!rdp_read_security_header(rdp, s, &securityFlags, length))
2205 goto fail;
2206
2207 if (securityFlags & SEC_ENCRYPT)
2208 {
2209 if (!rdp_decrypt(rdp, s, length, securityFlags))
2210 goto fail;
2211 }
2212 }
2213
2214 rc = TRUE;
2215
2216fail:
2217 if (pSecurityFlags)
2218 *pSecurityFlags = securityFlags;
2219 return rc;
2220}
freerdp_settings_get_uint32
FREERDP_API UINT32 freerdp_settings_get_uint32(const rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id)
Returns a UINT32 settings value.
freerdp_settings_set_string
FREERDP_API BOOL freerdp_settings_set_string(rdpSettings *settings, FreeRDP_Settings_Keys_String id, const char *param)
Sets a string settings value. The param is copied.
Definition settings_getters.c:3685
freerdp_settings_get_bool
FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
freerdp_settings_set_pointer_len
FREERDP_API BOOL freerdp_settings_set_pointer_len(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id, const void *data, size_t len)
Set a pointer to value data.
Definition common/settings.c:1344
freerdp_settings_get_pointer_writable
FREERDP_API void * freerdp_settings_get_pointer_writable(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a mutable pointer settings value.
Definition settings_getters.c:4026
freerdp_settings_get_pointer
FREERDP_API const void * freerdp_settings_get_pointer(const rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a immutable pointer settings value.
Definition common/settings.c:1332
freerdp_settings_get_codecs_flags
FREERDP_API UINT32 freerdp_settings_get_codecs_flags(const rdpSettings *settings)
helper function to get a mask of supported codec flags.
Definition common/settings.c:1849
freerdp_settings_set_uint32
FREERDP_API BOOL freerdp_settings_set_uint32(rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id, UINT32 param)
Sets a UINT32 settings value.
freerdp_settings_get_string
FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.
ADDIN_ARGV
Definition settings_types.h:367
CHANNEL_DEF
Definition wtsapi.h:78