FreeRDP
Loading...
Searching...
No Matches
connection.c
1/*
2 * FreeRDP: A Remote Desktop Protocol Implementation
3 * Connection Sequence
4 *
5 * Copyright 2011 Marc-Andre Moreau <marcandre.moreau@gmail.com>
6 * Copyright 2015 Thincast Technologies GmbH
7 * Copyright 2015 DI (FH) Martin Haimberger <martin.haimberger@thincast.com>
8 * Copyright 2023 Armin Novak <anovak@thincast.com>
9 * Copyright 2023 Thincast Technologies GmbH
10 *
11 * Licensed under the Apache License, Version 2.0 (the "License");
12 * you may not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 */
23
24#include <freerdp/config.h>
25
26#include "settings.h"
27
28#include "info.h"
29#include "input.h"
30#include "rdp.h"
31#include "peer.h"
32
33#include "connection.h"
34#include "transport.h"
35
36#include <winpr/crt.h>
37#include <winpr/crypto.h>
38#include <winpr/ssl.h>
39
40#include <freerdp/log.h>
41#include <freerdp/error.h>
42#include <freerdp/listener.h>
43
44#include "../cache/pointer.h"
45#include "../crypto/crypto.h"
46#include "../crypto/privatekey.h"
47#include "../crypto/certificate.h"
48#include "gateway/arm.h"
49
50#include "utils.h"
51
52#define TAG FREERDP_TAG("core.connection")
53
197static BOOL rdp_set_state(rdpRdp* rdp, CONNECTION_STATE state);
198
199static BOOL rdp_client_reset_codecs(rdpContext* context)
200{
201 rdpSettings* settings = nullptr;
202
203 if (!context || !context->settings)
204 return FALSE;
205
206 settings = context->settings;
207
208 if (!freerdp_settings_get_bool(settings, FreeRDP_DeactivateClientDecoding))
209 {
210 const UINT32 flags = freerdp_settings_get_uint32(settings, FreeRDP_ThreadingFlags);
211 freerdp_client_codecs_free(context->codecs);
212 context->codecs = freerdp_client_codecs_new(flags);
213
214 if (!context->codecs)
215 return FALSE;
216
217 if (!freerdp_client_codecs_prepare(context->codecs,
218 freerdp_settings_get_codecs_flags(settings),
219 settings->DesktopWidth, settings->DesktopHeight))
220 return FALSE;
221
222/* Runtime H264 detection. (only available if dynamic backend loading is defined)
223 * If no backend is available disable it before the channel is loaded.
224 */
225#if defined(WITH_GFX_H264) && defined(WITH_OPENH264_LOADING)
226 if (!context->codecs->h264)
227 {
228 settings->GfxH264 = FALSE;
229 settings->GfxAVC444 = FALSE;
230 settings->GfxAVC444v2 = FALSE;
231 }
232#endif
233 }
234
235 return TRUE;
236}
237
238static BOOL rdp_client_wait_for_activation(rdpRdp* rdp)
239{
240 BOOL timedout = FALSE;
241 WINPR_ASSERT(rdp);
242
243 const rdpSettings* settings = rdp->settings;
244 WINPR_ASSERT(settings);
245
246 UINT64 now = GetTickCount64();
247 UINT64 dueDate = now + freerdp_settings_get_uint32(settings, FreeRDP_TcpAckTimeout);
248
249 for (; (now < dueDate) && !timedout; now = GetTickCount64())
250 {
251 HANDLE events[MAXIMUM_WAIT_OBJECTS] = WINPR_C_ARRAY_INIT;
252 DWORD wstatus = 0;
253 DWORD nevents = freerdp_get_event_handles(rdp->context, events, ARRAYSIZE(events));
254 if (!nevents)
255 {
256 WLog_ERR(TAG, "error retrieving connection events");
257 return FALSE;
258 }
259
260 const UINT64 timeout = (dueDate - now);
261 WINPR_ASSERT(timeout <= UINT32_MAX);
262 wstatus = WaitForMultipleObjectsEx(nevents, events, FALSE, (UINT32)timeout, TRUE);
263 switch (wstatus)
264 {
265 case WAIT_TIMEOUT:
266 /* will make us quit with a timeout */
267 timedout = TRUE;
268 break;
269 case WAIT_ABANDONED:
270 case WAIT_FAILED:
271 return FALSE;
272 case WAIT_IO_COMPLETION:
273 break;
274 case WAIT_OBJECT_0:
275 default:
276 /* handles all WAIT_OBJECT_0 + [0 .. MAXIMUM_WAIT_OBJECTS-1] cases */
277 if (rdp_check_fds(rdp) < 0)
278 {
279 freerdp_set_last_error_if_not(rdp->context,
280 FREERDP_ERROR_CONNECT_TRANSPORT_FAILED);
281 return FALSE;
282 }
283 break;
284 }
285
286 if (rdp_is_active_state(rdp))
287 return TRUE;
288 }
289
290 WLog_ERR(TAG, "Timeout waiting for activation");
291 freerdp_set_last_error_if_not(rdp->context, FREERDP_ERROR_CONNECT_ACTIVATION_TIMEOUT);
292 return FALSE;
293}
301BOOL rdp_client_connect(rdpRdp* rdp)
302{
303 UINT32 SelectedProtocol = 0;
304 BOOL status = 0;
305 /* make sure SSL is initialize for earlier enough for crypto, by taking advantage of winpr SSL
306 * FIPS flag for openssl initialization */
307 DWORD flags = WINPR_SSL_INIT_DEFAULT;
308
309 WINPR_ASSERT(rdp);
310
311 rdpSettings* settings = rdp->settings;
312 WINPR_ASSERT(settings);
313
314 if (!rdp_client_reset_codecs(rdp->context))
315 return FALSE;
316
317 if (settings->FIPSMode)
318 flags |= WINPR_SSL_INIT_ENABLE_FIPS;
319
320 if (!winpr_InitializeSSL(flags))
321 return FALSE;
322
323 rdp_log_build_warnings(rdp);
324
325 /* FIPS Mode forces the following and overrides the following(by happening later */
326 /* in the command line processing): */
327 /* 1. Disables NLA Security since NLA in freerdp uses NTLM(no Kerberos support yet) which uses
328 * algorithms */
329 /* not allowed in FIPS for sensitive data. So, we disallow NLA when FIPS is required. */
330 /* 2. Forces the only supported RDP encryption method to be FIPS. */
331 if (settings->FIPSMode || winpr_FIPSMode())
332 {
333 settings->NlaSecurity = FALSE;
334 settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
335 }
336
337 UINT32 TcpConnectTimeout = freerdp_settings_get_uint32(settings, FreeRDP_TcpConnectTimeout);
338 if (settings->GatewayArmTransport)
339 {
340 if (!arm_resolve_endpoint(rdp->log, rdp->context, TcpConnectTimeout))
341 {
342 WLog_ERR(TAG, "error retrieving ARM configuration");
343 return FALSE;
344 }
345 }
346
347 const char* hostname = settings->ServerHostname;
348 if (!hostname)
349 {
350 WLog_ERR(TAG, "Missing hostname, can not connect to nullptr target");
351 return FALSE;
352 }
353
354 const UINT32 port = settings->ServerPort;
355 WINPR_ASSERT(port <= UINT32_MAX);
356
357 if (!rdp->nego)
358 return FALSE;
359
360 nego_init(rdp->nego);
361 nego_set_target(rdp->nego, hostname, (UINT16)port);
362
363 if (settings->GatewayEnabled)
364 {
365 char* user = nullptr;
366 char* domain = nullptr;
367 size_t user_length = 0;
368
369 if (settings->Username)
370 {
371 user = settings->Username;
372 user_length = strlen(settings->Username);
373 }
374
375 if (settings->Domain)
376 domain = settings->Domain;
377 else
378 domain = settings->ComputerName;
379
380 const size_t domain_length = strlen(domain);
381 const size_t cookie_length = domain_length + 1 + user_length;
382 char* cookie = malloc(cookie_length + 1);
383
384 if (!cookie)
385 return FALSE;
386
387 CopyMemory(cookie, domain, domain_length);
388 WINPR_ASSERT(domain_length <= UINT32_MAX);
389 CharUpperBuffA(cookie, (UINT32)domain_length);
390 cookie[domain_length] = '\\';
391
392 if (settings->Username)
393 CopyMemory(&cookie[domain_length + 1], user, user_length);
394
395 cookie[cookie_length] = '\0';
396 status = nego_set_cookie(rdp->nego, cookie);
397 free(cookie);
398 }
399 else
400 {
401 status = nego_set_cookie(rdp->nego, settings->Username);
402 }
403
404 if (!status)
405 return FALSE;
406
407 nego_set_childsession_enabled(rdp->nego, settings->ConnectChildSession);
408 nego_set_send_preconnection_pdu(rdp->nego, settings->SendPreconnectionPdu);
409 nego_set_preconnection_id(rdp->nego, settings->PreconnectionId);
410 nego_set_preconnection_blob(rdp->nego, settings->PreconnectionBlob);
411 nego_set_negotiation_enabled(rdp->nego, settings->NegotiateSecurityLayer);
412 nego_set_restricted_admin_mode_required(rdp->nego, settings->RestrictedAdminModeRequired);
413 nego_set_RCG_required(rdp->nego, settings->RemoteCredentialGuard);
414 nego_set_gateway_enabled(rdp->nego, settings->GatewayEnabled);
415 nego_set_gateway_bypass_local(rdp->nego, settings->GatewayBypassLocal);
416 nego_enable_rdp(rdp->nego, settings->RdpSecurity);
417 nego_enable_tls(rdp->nego, settings->TlsSecurity);
418 nego_enable_nla(rdp->nego, settings->NlaSecurity);
419 nego_enable_ext(rdp->nego, settings->ExtSecurity);
420 nego_enable_rdstls(rdp->nego, settings->RdstlsSecurity);
421 nego_enable_aad(rdp->nego, settings->AadSecurity);
422
423 if (settings->MstscCookieMode)
424 settings->CookieMaxLength = MSTSC_COOKIE_MAX_LENGTH;
425
426 nego_set_cookie_max_length(rdp->nego, settings->CookieMaxLength);
427
428 if (settings->LoadBalanceInfo && (settings->LoadBalanceInfoLength > 0))
429 {
430 if (!nego_set_routing_token(rdp->nego, settings->LoadBalanceInfo,
431 settings->LoadBalanceInfoLength))
432 return FALSE;
433 }
434
435 if (!freerdp_settings_get_bool(settings, FreeRDP_TransportDumpReplay))
436 {
437 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_NEGO))
438 return FALSE;
439
440 if (!nego_connect(rdp->nego))
441 {
442 if (!freerdp_get_last_error(rdp->context))
443 {
444 freerdp_set_last_error_log(rdp->context,
445 FREERDP_ERROR_SECURITY_NEGO_CONNECT_FAILED);
446 WLog_ERR(TAG, "Error: protocol security negotiation or connection failure");
447 }
448
449 return FALSE;
450 }
451
452 SelectedProtocol = nego_get_selected_protocol(rdp->nego);
453
454 if ((SelectedProtocol & PROTOCOL_SSL) || (SelectedProtocol == PROTOCOL_RDP) ||
455 (SelectedProtocol == PROTOCOL_RDSTLS))
456 {
457 wStream s = WINPR_C_ARRAY_INIT;
458
459 if ((settings->Username != nullptr) &&
460 ((freerdp_settings_get_string(settings, FreeRDP_Password) != nullptr) ||
461 (settings->RedirectionPassword != nullptr &&
462 settings->RedirectionPasswordLength > 0)))
463 settings->AutoLogonEnabled = TRUE;
464
465 if (rdp_recv_callback(rdp->transport, &s, rdp) < 0)
466 return FALSE;
467 }
468
469 if (!transport_set_blocking_mode(rdp->transport, FALSE))
470 return FALSE;
471 }
472 else
473 {
474 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CREATE_REQUEST))
475 return FALSE;
476 }
477
478 /* everything beyond this point is event-driven and non blocking */
479 if (!transport_set_recv_callbacks(rdp->transport, rdp_recv_callback, rdp))
480 return FALSE;
481
482 return rdp_client_wait_for_activation(rdp);
483}
484
485BOOL rdp_client_disconnect(rdpRdp* rdp)
486{
487 rdpContext* context = nullptr;
488
489 if (!rdp || !rdp->settings || !rdp->context)
490 return FALSE;
491
492 context = rdp->context;
493
494 if (rdp->nego)
495 {
496 if (!nego_disconnect(rdp->nego))
497 return FALSE;
498 }
499
500 if (!transport_disconnect(rdp->transport))
501 return FALSE;
502
503 if (!rdp_reset(rdp))
504 return FALSE;
505
506 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_INITIAL))
507 return FALSE;
508
509 if (context->channels)
510 {
511 if (freerdp_channels_disconnect(context->channels, context->instance) != CHANNEL_RC_OK)
512 return FALSE;
513 }
514
515 freerdp_client_codecs_free(context->codecs);
516 context->codecs = nullptr;
517 return TRUE;
518}
519
520BOOL rdp_client_disconnect_and_clear(rdpRdp* rdp)
521{
522 rdpContext* context = nullptr;
523
524 if (!rdp_client_disconnect(rdp))
525 return FALSE;
526
527 WINPR_ASSERT(rdp);
528
529 context = rdp->context;
530 WINPR_ASSERT(context);
531
532 if (freerdp_get_last_error(context) == FREERDP_ERROR_CONNECT_CANCELLED)
533 return FALSE;
534
535 context->LastError = FREERDP_ERROR_SUCCESS;
536 clearChannelError(context);
537 return utils_reset_abort(rdp);
538}
539
540static BOOL rdp_client_reconnect_channels(rdpRdp* rdp, BOOL redirect)
541{
542 BOOL status = FALSE;
543 rdpContext* context = nullptr;
544
545 if (!rdp || !rdp->context || !rdp->context->channels)
546 return FALSE;
547
548 context = rdp->context;
549
550 if (context->instance->ConnectionCallbackState == CLIENT_STATE_INITIAL)
551 return FALSE;
552
553 if (context->instance->ConnectionCallbackState == CLIENT_STATE_PRECONNECT_PASSED)
554 {
555 if (redirect)
556 return TRUE;
557
558 pointer_cache_register_callbacks(context->update);
559
560 if (!IFCALLRESULT(FALSE, context->instance->PostConnect, context->instance))
561 return FALSE;
562
563 context->instance->ConnectionCallbackState = CLIENT_STATE_POSTCONNECT_PASSED;
564 }
565
566 if (context->instance->ConnectionCallbackState == CLIENT_STATE_POSTCONNECT_PASSED)
567 status =
568 (freerdp_channels_post_connect(context->channels, context->instance) == CHANNEL_RC_OK);
569
570 return status;
571}
572
573static BOOL rdp_client_redirect_resolvable(const char* host)
574{
575 struct addrinfo* result = freerdp_tcp_resolve_host(host, -1, 0);
576
577 if (!result)
578 return FALSE;
579
580 freeaddrinfo(result);
581 return TRUE;
582}
583
584static BOOL rdp_client_redirect_try_fqdn(rdpSettings* settings)
585{
586 if (settings->RedirectionFlags & LB_TARGET_FQDN)
587 {
588 if (settings->GatewayEnabled ||
589 rdp_client_redirect_resolvable(settings->RedirectionTargetFQDN))
590 {
591 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
592 settings->RedirectionTargetFQDN));
593 }
594 }
595
596 return FALSE;
597}
598
599static BOOL rdp_client_redirect_try_ip(rdpSettings* settings)
600{
601 if (settings->RedirectionFlags & LB_TARGET_NET_ADDRESS)
602 {
603 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
604 settings->TargetNetAddress));
605 }
606
607 return FALSE;
608}
609
610static BOOL rdp_client_redirect_try_netbios(rdpSettings* settings)
611{
612 if (settings->RedirectionFlags & LB_TARGET_NETBIOS_NAME)
613 {
614 if (settings->GatewayEnabled ||
615 rdp_client_redirect_resolvable(settings->RedirectionTargetNetBiosName))
616 {
617 return (freerdp_settings_set_string(settings, FreeRDP_ServerHostname,
618 settings->RedirectionTargetNetBiosName));
619 }
620 }
621
622 return FALSE;
623}
624
625BOOL rdp_client_redirect(rdpRdp* rdp)
626{
627 BOOL status = 0;
628 rdpSettings* settings = nullptr;
629
630 if (!rdp_client_disconnect_and_clear(rdp))
631 return FALSE;
632
633 /* Only disconnect & close the channels here.
634 * they will be discarded and recreated after the new settings have been applied. */
635 freerdp_channels_disconnect(rdp->context->channels, rdp->context->instance);
636 freerdp_channels_close(rdp->context->channels, rdp->context->instance);
637
638 if (rdp_redirection_apply_settings(rdp) != 0)
639 return FALSE;
640
641 WINPR_ASSERT(rdp);
642
643 settings = rdp->settings;
644 WINPR_ASSERT(settings);
645
646 if ((settings->RedirectionFlags & LB_LOAD_BALANCE_INFO) == 0)
647 {
648 BOOL haveRedirectAddress = FALSE;
649 UINT32 redirectionMask = settings->RedirectionPreferType;
650
651 do
652 {
653 const BOOL tryFQDN = (redirectionMask & 0x01) == 0;
654 const BOOL tryNetAddress = (redirectionMask & 0x02) == 0;
655 const BOOL tryNetbios = (redirectionMask & 0x04) == 0;
656
657 if (tryFQDN && !haveRedirectAddress)
658 haveRedirectAddress = rdp_client_redirect_try_fqdn(settings);
659
660 if (tryNetAddress && !haveRedirectAddress)
661 haveRedirectAddress = rdp_client_redirect_try_ip(settings);
662
663 if (tryNetbios && !haveRedirectAddress)
664 haveRedirectAddress = rdp_client_redirect_try_netbios(settings);
665
666 redirectionMask >>= 3;
667 } while (!haveRedirectAddress && (redirectionMask != 0));
668 }
669
670 if (settings->RedirectionFlags & LB_USERNAME)
671 {
672 if (!freerdp_settings_set_string(
673 settings, FreeRDP_Username,
674 freerdp_settings_get_string(settings, FreeRDP_RedirectionUsername)))
675 return FALSE;
676 }
677
678 if (settings->RedirectionFlags & LB_DOMAIN)
679 {
680 if (!freerdp_settings_set_string(
681 settings, FreeRDP_Domain,
682 freerdp_settings_get_string(settings, FreeRDP_RedirectionDomain)))
683 return FALSE;
684 }
685
686 settings->RdstlsSecurity = ((settings->RedirectionFlags & LB_PASSWORD_IS_PK_ENCRYPTED) != 0);
687
688 WINPR_ASSERT(rdp->context);
689 WINPR_ASSERT(rdp->context->instance);
690 if (!IFCALLRESULT(TRUE, rdp->context->instance->Redirect, rdp->context->instance))
691 return FALSE;
692
693 BOOL ok = utils_reload_channels(rdp->context);
694 if (!ok)
695 return FALSE;
696
697 status = rdp_client_connect(rdp);
698
699 if (status)
700 status = rdp_client_reconnect_channels(rdp, TRUE);
701
702 return status;
703}
704
705BOOL rdp_client_reconnect(rdpRdp* rdp)
706{
707 BOOL status = 0;
708
709 if (!rdp_client_disconnect_and_clear(rdp))
710 return FALSE;
711
712 status = rdp_client_connect(rdp);
713
714 if (status)
715 status = rdp_client_reconnect_channels(rdp, FALSE);
716
717 return status;
718}
719
720static const BYTE fips_ivec[8] = { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF };
721
722static BOOL rdp_client_establish_keys(rdpRdp* rdp)
723{
724 wStream* s = nullptr;
725 BOOL ret = FALSE;
726
727 WINPR_ASSERT(rdp);
728 rdpSettings* settings = rdp->settings;
729 BYTE* crypt_client_random = nullptr;
730
731 WINPR_ASSERT(settings);
732 if (!settings->UseRdpSecurityLayer)
733 {
734 /* no RDP encryption */
735 return TRUE;
736 }
737
738 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT))
739 return FALSE;
740
741 /* encrypt client random */
742 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ClientRandom, nullptr,
743 CLIENT_RANDOM_LENGTH))
744 return FALSE;
745 if (winpr_RAND(settings->ClientRandom, settings->ClientRandomLength) < 0)
746 return FALSE;
747
748 const rdpCertInfo* info = freerdp_certificate_get_info(settings->RdpServerCertificate);
749 if (!info)
750 {
751 WLog_ERR(TAG, "Failed to get rdpCertInfo from RdpServerCertificate");
752 return FALSE;
753 }
754
755 /*
756 * client random must be (bitlen / 8) + 8 - see [MS-RDPBCGR] 5.3.4.1
757 * for details
758 */
759 crypt_client_random = calloc(info->ModulusLength, 1);
760
761 if (!crypt_client_random)
762 return FALSE;
763
764 if (crypto_rsa_public_encrypt(settings->ClientRandom, settings->ClientRandomLength, info,
765 crypt_client_random, info->ModulusLength) < 0)
766 return FALSE;
767 /* send crypt client random to server */
768 const size_t length = RDP_PACKET_HEADER_MAX_LENGTH + RDP_SECURITY_HEADER_LENGTH + 4ULL +
769 info->ModulusLength + 8ULL;
770 if (length > UINT16_MAX)
771 return FALSE;
772
773 s = Stream_New(nullptr, length);
774
775 if (!s)
776 {
777 WLog_ERR(TAG, "Stream_New failed!");
778 goto end;
779 }
780
781 {
782 const UINT16 sec_flags = SEC_EXCHANGE_PKT | SEC_LICENSE_ENCRYPT_SC;
783 if (!rdp_write_header(rdp, s, length, MCS_GLOBAL_CHANNEL_ID, sec_flags))
784 goto end;
785 if (!rdp_write_security_header(rdp, s, sec_flags))
786 goto end;
787 }
788
789 Stream_Write_UINT32(s, info->ModulusLength + 8);
790 Stream_Write(s, crypt_client_random, info->ModulusLength);
791 Stream_Zero(s, 8);
792 Stream_SealLength(s);
793
794 {
795 rdpTransport* transport = freerdp_get_transport(rdp->context);
796 const int status = transport_write(transport, s);
797
798 if (status < 0)
799 goto end;
800 }
801
802 rdp->do_crypt_license = TRUE;
803
804 /* now calculate encrypt / decrypt and update keys */
805 if (!security_establish_keys(rdp))
806 goto end;
807
808 rdp->do_crypt = TRUE;
809
810 if (settings->SaltedChecksum)
811 rdp->do_secure_checksum = TRUE;
812
813 if (settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
814 {
815 rdp->fips_encrypt =
816 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
817 sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
818
819 if (!rdp->fips_encrypt)
820 {
821 WLog_ERR(TAG, "unable to allocate des3 encrypt key");
822 goto end;
823 }
824
825 rdp->fips_decrypt =
826 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
827 sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
828
829 if (!rdp->fips_decrypt)
830 {
831 WLog_ERR(TAG, "unable to allocate des3 decrypt key");
832 goto end;
833 }
834
835 ret = TRUE;
836 goto end;
837 }
838
839 if (!rdp_reset_rc4_encrypt_keys(rdp))
840 goto end;
841 if (!rdp_reset_rc4_decrypt_keys(rdp))
842 goto end;
843
844 ret = TRUE;
845end:
846 Stream_Free(s, TRUE);
847 free(crypt_client_random);
848
849 if (!ret)
850 {
851 winpr_Cipher_Free(rdp->fips_decrypt);
852 winpr_Cipher_Free(rdp->fips_encrypt);
853 rdp->fips_decrypt = nullptr;
854 rdp->fips_encrypt = nullptr;
855
856 rdp_free_rc4_decrypt_keys(rdp);
857 rdp_free_rc4_encrypt_keys(rdp);
858 }
859
860 return ret;
861}
862
863static BOOL rdp_update_client_random(rdpSettings* settings, const BYTE* crypt_random,
864 size_t crypt_random_len)
865{
866 const size_t length = 32;
867 WINPR_ASSERT(settings);
868
869 const rdpPrivateKey* rsa = freerdp_settings_get_pointer(settings, FreeRDP_RdpServerRsaKey);
870 WINPR_ASSERT(rsa);
871
872 const rdpCertInfo* cinfo = freerdp_key_get_info(rsa);
873 WINPR_ASSERT(cinfo);
874
875 if (crypt_random_len != cinfo->ModulusLength + 8)
876 {
877 WLog_ERR(TAG, "invalid encrypted client random length");
878 return FALSE;
879 }
880 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ClientRandom, nullptr, length))
881 return FALSE;
882
883 BYTE* client_random = freerdp_settings_get_pointer_writable(settings, FreeRDP_ClientRandom);
884 WINPR_ASSERT(client_random);
885 return crypto_rsa_private_decrypt(crypt_random, crypt_random_len - 8, rsa, client_random,
886 length) > 0;
887}
888
889BOOL rdp_server_establish_keys(rdpRdp* rdp, wStream* s)
890{
891 UINT32 rand_len = 0;
892 UINT16 channel_id = 0;
893 UINT16 length = 0;
894 UINT16 sec_flags = 0;
895 BOOL ret = FALSE;
896
897 WINPR_ASSERT(rdp);
898
899 if (!rdp->settings->UseRdpSecurityLayer)
900 {
901 /* No RDP Security. */
902 return TRUE;
903 }
904
905 if (!rdp_read_header(rdp, s, &length, &channel_id))
906 return FALSE;
907
908 if (!rdp_read_security_header(rdp, s, &sec_flags, nullptr))
909 {
910 WLog_Print(rdp->log, WLOG_ERROR, "invalid security header");
911 return FALSE;
912 }
913
914 if ((sec_flags & SEC_EXCHANGE_PKT) == 0)
915 {
916 WLog_Print(rdp->log, WLOG_ERROR, "missing SEC_EXCHANGE_PKT in security header");
917 return FALSE;
918 }
919
920 rdp->do_crypt_license = ((sec_flags & SEC_LICENSE_ENCRYPT_SC) != 0);
921
922 if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, 4))
923 return FALSE;
924
925 Stream_Read_UINT32(s, rand_len);
926
927 /* rand_len already includes 8 bytes of padding */
928 if (!Stream_CheckAndLogRequiredLengthWLog(rdp->log, s, rand_len))
929 return FALSE;
930
931 const BYTE* crypt_random = Stream_ConstPointer(s);
932 if (!Stream_SafeSeek(s, rand_len))
933 goto end;
934 if (!rdp_update_client_random(rdp->settings, crypt_random, rand_len))
935 goto end;
936
937 /* now calculate encrypt / decrypt and update keys */
938 if (!security_establish_keys(rdp))
939 goto end;
940
941 rdp->do_crypt = TRUE;
942
943 if (rdp->settings->EncryptionMethods == ENCRYPTION_METHOD_FIPS)
944 {
945 rdp->fips_encrypt =
946 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_ENCRYPT, rdp->fips_encrypt_key,
947 sizeof(rdp->fips_encrypt_key), fips_ivec, sizeof(fips_ivec));
948
949 if (!rdp->fips_encrypt)
950 {
951 WLog_Print(rdp->log, WLOG_ERROR, "unable to allocate des3 encrypt key");
952 goto end;
953 }
954
955 rdp->fips_decrypt =
956 winpr_Cipher_NewEx(WINPR_CIPHER_DES_EDE3_CBC, WINPR_DECRYPT, rdp->fips_decrypt_key,
957 sizeof(rdp->fips_decrypt_key), fips_ivec, sizeof(fips_ivec));
958
959 if (!rdp->fips_decrypt)
960 {
961 WLog_Print(rdp->log, WLOG_ERROR, "unable to allocate des3 decrypt key");
962 goto end;
963 }
964
965 ret = TRUE;
966 goto end;
967 }
968
969 if (!rdp_reset_rc4_encrypt_keys(rdp))
970 goto end;
971
972 if (!rdp_reset_rc4_decrypt_keys(rdp))
973 goto end;
974
975 ret = tpkt_ensure_stream_consumed(rdp->log, s, length);
976end:
977
978 if (!ret)
979 {
980 winpr_Cipher_Free(rdp->fips_encrypt);
981 winpr_Cipher_Free(rdp->fips_decrypt);
982 rdp->fips_encrypt = nullptr;
983 rdp->fips_decrypt = nullptr;
984
985 rdp_free_rc4_encrypt_keys(rdp);
986 rdp_free_rc4_decrypt_keys(rdp);
987 }
988
989 return ret;
990}
991
992static BOOL rdp_client_send_client_info_and_change_state(rdpRdp* rdp)
993{
994 WINPR_ASSERT(rdp);
995 if (!rdp_client_establish_keys(rdp))
996 return FALSE;
997 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE))
998 return FALSE;
999 if (!rdp_send_client_info(rdp))
1000 return FALSE;
1001 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST))
1002 return FALSE;
1003 return TRUE;
1004}
1005
1006BOOL rdp_client_skip_mcs_channel_join(rdpRdp* rdp)
1007{
1008 WINPR_ASSERT(rdp);
1009
1010 rdpMcs* mcs = rdp->mcs;
1011 WINPR_ASSERT(mcs);
1012
1013 mcs->userChannelJoined = TRUE;
1014 mcs->globalChannelJoined = TRUE;
1015 mcs->messageChannelJoined = TRUE;
1016
1017 for (UINT32 i = 0; i < mcs->channelCount; i++)
1018 {
1019 rdpMcsChannel* cur = &mcs->channels[i];
1020 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1021 cur->joined = TRUE;
1022 }
1023
1024 return rdp_client_send_client_info_and_change_state(rdp);
1025}
1026
1027static BOOL rdp_client_join_channel(rdpRdp* rdp, UINT16 ChannelId)
1028{
1029 WINPR_ASSERT(rdp);
1030
1031 rdpMcs* mcs = rdp->mcs;
1032 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST))
1033 return FALSE;
1034 if (!mcs_send_channel_join_request(mcs, ChannelId))
1035 return FALSE;
1036 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE))
1037 return FALSE;
1038 return TRUE;
1039}
1040
1041BOOL rdp_client_connect_mcs_channel_join_confirm(rdpRdp* rdp, wStream* s)
1042{
1043 UINT16 channelId = 0;
1044 BOOL allJoined = TRUE;
1045
1046 WINPR_ASSERT(rdp);
1047 rdpMcs* mcs = rdp->mcs;
1048
1049 if (!mcs_recv_channel_join_confirm(mcs, s, &channelId))
1050 return FALSE;
1051
1052 if (!mcs->userChannelJoined)
1053 {
1054 if (channelId != mcs->userId)
1055 {
1056 WLog_ERR(TAG, "expected user channel id %" PRIu16 ", but received %" PRIu16,
1057 mcs->userId, channelId);
1058 return FALSE;
1059 }
1060
1061 mcs->userChannelJoined = TRUE;
1062 if (!rdp_client_join_channel(rdp, MCS_GLOBAL_CHANNEL_ID))
1063 return FALSE;
1064 }
1065 else if (!mcs->globalChannelJoined)
1066 {
1067 if (channelId != MCS_GLOBAL_CHANNEL_ID)
1068 {
1069 WLog_ERR(TAG, "expected uglobalser channel id %d, but received %" PRIu16,
1070 MCS_GLOBAL_CHANNEL_ID, channelId);
1071 return FALSE;
1072 }
1073 mcs->globalChannelJoined = TRUE;
1074
1075 if (mcs->messageChannelId != 0)
1076 {
1077 if (!rdp_client_join_channel(rdp, mcs->messageChannelId))
1078 return FALSE;
1079 allJoined = FALSE;
1080 }
1081 else
1082 {
1083 if (mcs->channelCount > 0)
1084 {
1085 const rdpMcsChannel* cur = &mcs->channels[0];
1086 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1087 return FALSE;
1088 allJoined = FALSE;
1089 }
1090 }
1091 }
1092 else if ((mcs->messageChannelId != 0) && !mcs->messageChannelJoined)
1093 {
1094 if (channelId != mcs->messageChannelId)
1095 {
1096 WLog_ERR(TAG, "expected messageChannelId=%" PRIu16 ", got %" PRIu16,
1097 mcs->messageChannelId, channelId);
1098 return FALSE;
1099 }
1100
1101 mcs->messageChannelJoined = TRUE;
1102
1103 if (mcs->channelCount > 0)
1104 {
1105 const rdpMcsChannel* cur = &mcs->channels[0];
1106 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1107 return FALSE;
1108 allJoined = FALSE;
1109 }
1110 }
1111 else
1112 {
1113 UINT32 i = 0;
1114 for (; i < mcs->channelCount; i++)
1115 {
1116 rdpMcsChannel* cur = &mcs->channels[i];
1117 if (cur->joined)
1118 continue;
1119
1120 if (cur->ChannelId != channelId)
1121 {
1122 WLog_ERR(TAG, "expected channel id %d, but received %" PRIu16,
1123 MCS_GLOBAL_CHANNEL_ID, channelId);
1124 return FALSE;
1125 }
1126 cur->joined = TRUE;
1127 break;
1128 }
1129
1130 if (i + 1 < mcs->channelCount)
1131 {
1132 const rdpMcsChannel* cur = &mcs->channels[i + 1];
1133 if (!rdp_client_join_channel(rdp, cur->ChannelId))
1134 return FALSE;
1135 allJoined = FALSE;
1136 }
1137 }
1138
1139 if (mcs->userChannelJoined && mcs->globalChannelJoined && allJoined)
1140 {
1141 if (!rdp_client_send_client_info_and_change_state(rdp))
1142 return FALSE;
1143 }
1144
1145 return TRUE;
1146}
1147
1148state_run_t rdp_handle_message_channel(rdpRdp* rdp, wStream* s, UINT16 channelId, UINT16 length)
1149{
1150 WINPR_ASSERT(rdp);
1151 WINPR_ASSERT(rdp->mcs);
1152
1153 if (!rdp->mcs->messageChannelJoined)
1154 {
1155 WLog_Print(rdp->log, WLOG_WARN, "MCS message channel not joined!");
1156 return STATE_RUN_FAILED;
1157 }
1158 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1159 if (messageChannelId == 0)
1160 {
1161 WLog_Print(rdp->log, WLOG_WARN, "MCS message channel id == 0");
1162 return STATE_RUN_FAILED;
1163 }
1164
1165 if ((channelId != messageChannelId) && (channelId != MCS_GLOBAL_CHANNEL_ID))
1166 {
1167 WLog_Print(rdp->log, WLOG_WARN,
1168 "MCS message channel expected id=[%" PRIu16 "|%d], got %" PRIu16,
1169 messageChannelId, MCS_GLOBAL_CHANNEL_ID, channelId);
1170 return STATE_RUN_FAILED;
1171 }
1172
1173 UINT16 securityFlags = 0;
1174 if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
1175 return STATE_RUN_FAILED;
1176
1177 if (securityFlags & SEC_ENCRYPT)
1178 {
1179 if (!rdp_decrypt(rdp, s, &length, securityFlags))
1180 return STATE_RUN_FAILED;
1181 }
1182
1183 const state_run_t rc = rdp_recv_message_channel_pdu(rdp, s, securityFlags);
1184 if (state_run_success(rc))
1185 {
1186 if (!tpkt_ensure_stream_consumed(rdp->log, s, length))
1187 return STATE_RUN_FAILED;
1188 }
1189 return rc;
1190}
1191
1192BOOL rdp_client_connect_auto_detect(rdpRdp* rdp, wStream* s, DWORD logLevel)
1193{
1194 BOOL res = TRUE;
1195 WINPR_ASSERT(rdp);
1196 WINPR_ASSERT(rdp->mcs);
1197
1198 size_t pos = Stream_GetPosition(s);
1199 UINT16 length = 0;
1200 UINT16 channelId = 0;
1201
1202 if (!rdp_read_header(rdp, s, &length, &channelId))
1203 res = FALSE;
1204 else
1205 {
1206 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1207 /* If the MCS message channel has been joined... */
1208
1209 /* Process any MCS message channel PDUs. */
1210 if (rdp->mcs->messageChannelJoined && (channelId == messageChannelId))
1211 {
1212 const state_run_t rc = rdp_handle_message_channel(rdp, s, channelId, length);
1213 res = state_run_success(rc);
1214 pos = Stream_GetPosition(s);
1215 }
1216 else
1217 {
1218 wLog* log = WLog_Get(TAG);
1219 WLog_Print(log, logLevel, "expected messageChannelId=%" PRIu16 ", got %" PRIu16,
1220 messageChannelId, channelId);
1221 res = FALSE;
1222 }
1223 }
1224
1225 if (!Stream_SetPosition(s, pos))
1226 res = FALSE;
1227 return res;
1228}
1229
1230state_run_t rdp_client_connect_license(rdpRdp* rdp, wStream* s)
1231{
1232 state_run_t status = STATE_RUN_FAILED;
1233 LICENSE_STATE state = LICENSE_STATE_ABORTED;
1234 UINT16 length = 0;
1235 UINT16 channelId = 0;
1236 UINT16 securityFlags = 0;
1237
1238 WINPR_ASSERT(rdp);
1239 if (!rdp_read_header(rdp, s, &length, &channelId))
1240 return STATE_RUN_FAILED;
1241
1242 /* there might be autodetect messages mixed in between licensing messages.
1243 * that has been observed with 2k12 R2 and 2k19
1244 */
1245 const UINT16 messageChannelId = rdp->mcs->messageChannelId;
1246 if (rdp->mcs->messageChannelJoined && (channelId == messageChannelId))
1247 {
1248 return rdp_handle_message_channel(rdp, s, channelId, length);
1249 }
1250
1251 if (!rdp_read_security_header(rdp, s, &securityFlags, &length))
1252 return STATE_RUN_FAILED;
1253
1254 if (securityFlags & SEC_ENCRYPT)
1255 {
1256 if (!rdp_decrypt(rdp, s, &length, securityFlags))
1257 return STATE_RUN_FAILED;
1258 }
1259
1260 if (channelId != MCS_GLOBAL_CHANNEL_ID)
1261 WLog_WARN(TAG, "unexpected message for channel %u, expected %d", channelId,
1262 MCS_GLOBAL_CHANNEL_ID);
1263
1264 if ((securityFlags & SEC_LICENSE_PKT) == 0)
1265 {
1266 char buffer[512] = WINPR_C_ARRAY_INIT;
1267 char lbuffer[32] = WINPR_C_ARRAY_INIT;
1268 WLog_ERR(TAG, "securityFlags=%s, missing required flag %s",
1269 rdp_security_flag_string(securityFlags, buffer, sizeof(buffer)),
1270 rdp_security_flag_string(SEC_LICENSE_PKT, lbuffer, sizeof(lbuffer)));
1271 return STATE_RUN_FAILED;
1272 }
1273
1274 status = license_recv(rdp->license, s);
1275
1276 if (state_run_failed(status))
1277 return status;
1278
1279 state = license_get_state(rdp->license);
1280 switch (state)
1281 {
1282 case LICENSE_STATE_ABORTED:
1283 WLog_ERR(TAG, "license connection sequence aborted.");
1284 return STATE_RUN_FAILED;
1285 case LICENSE_STATE_COMPLETED:
1286 if (rdp->settings->MultitransportFlags)
1287 {
1288 if (!rdp_client_transition_to_state(
1289 rdp, CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST))
1290 return STATE_RUN_FAILED;
1291 }
1292 else
1293 {
1294 if (!rdp_client_transition_to_state(
1295 rdp, CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE))
1296 return STATE_RUN_FAILED;
1297 }
1298 return STATE_RUN_SUCCESS;
1299 default:
1300 return STATE_RUN_SUCCESS;
1301 }
1302}
1303
1304state_run_t rdp_client_connect_demand_active(rdpRdp* rdp, wStream* s)
1305{
1306 UINT16 length = 0;
1307 UINT16 channelId = 0;
1308 UINT16 pduType = 0;
1309 UINT16 pduSource = 0;
1310
1311 WINPR_ASSERT(rdp);
1312 WINPR_ASSERT(s);
1313 WINPR_ASSERT(rdp->settings);
1314
1315 if (!rdp_recv_get_active_header(rdp, s, &channelId, &length))
1316 return STATE_RUN_FAILED;
1317
1318 if (freerdp_shall_disconnect_context(rdp->context))
1319 return STATE_RUN_QUIT_SESSION;
1320
1321 if (rdp->mcs->messageChannelId && (channelId == rdp->mcs->messageChannelId))
1322 {
1323 rdp->inPackets++;
1324 return rdp_handle_message_channel(rdp, s, channelId, length);
1325 }
1326
1327 if (!rdp_handle_optional_rdp_decryption(rdp, s, &length, nullptr))
1328 return STATE_RUN_FAILED;
1329
1330 if (!rdp_read_share_control_header(rdp, s, nullptr, nullptr, &pduType, &pduSource))
1331 return STATE_RUN_FAILED;
1332
1333 switch (pduType)
1334 {
1335 case PDU_TYPE_DEMAND_ACTIVE:
1336 if (!rdp_recv_demand_active(rdp, s, pduSource, length))
1337 return STATE_RUN_FAILED;
1338 return STATE_RUN_ACTIVE;
1339 default:
1340 return rdp_recv_out_of_sequence_pdu(rdp, s, pduType, length);
1341 }
1342}
1343
1344state_run_t rdp_client_connect_finalize(rdpRdp* rdp)
1345{
1346 WINPR_ASSERT(rdp);
1353 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_SYNC))
1354 return STATE_RUN_FAILED;
1355
1356 if (!rdp_send_client_synchronize_pdu(rdp))
1357 return STATE_RUN_FAILED;
1358
1359 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_COOPERATE))
1360 return STATE_RUN_FAILED;
1361 if (!rdp_send_client_control_pdu(rdp, CTRLACTION_COOPERATE))
1362 return STATE_RUN_FAILED;
1363
1364 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL))
1365 return STATE_RUN_FAILED;
1366 if (!rdp_send_client_control_pdu(rdp, CTRLACTION_REQUEST_CONTROL))
1367 return STATE_RUN_FAILED;
1368
1376 if (!rdp_finalize_is_flag_set(rdp, FINALIZE_DEACTIVATE_REACTIVATE) &&
1377 freerdp_settings_get_bool(rdp->settings, FreeRDP_BitmapCachePersistEnabled))
1378 {
1379 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST))
1380 return STATE_RUN_FAILED;
1381 if (!rdp_send_client_persistent_key_list_pdu(rdp))
1382 return STATE_RUN_FAILED;
1383 }
1384
1385 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_FONT_LIST))
1386 return STATE_RUN_FAILED;
1387 if (!rdp_send_client_font_list_pdu(rdp, FONTLIST_FIRST | FONTLIST_LAST))
1388 return STATE_RUN_FAILED;
1389
1390 if (!rdp_client_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_SYNC))
1391 return STATE_RUN_FAILED;
1392 return STATE_RUN_SUCCESS;
1393}
1394
1395BOOL rdp_client_transition_to_state(rdpRdp* rdp, CONNECTION_STATE state)
1396{
1397 const char* name = rdp_state_string(state);
1398
1399 WINPR_ASSERT(rdp);
1400 WLog_Print(rdp->log, WLOG_DEBUG, "%s --> %s", rdp_get_state_string(rdp), name);
1401
1402 if (!rdp_set_state(rdp, state))
1403 return FALSE;
1404
1405 switch (state)
1406 {
1407 case CONNECTION_STATE_FINALIZATION_SYNC:
1408 case CONNECTION_STATE_FINALIZATION_COOPERATE:
1409 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
1410 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
1411 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
1412 update_reset_state(rdp->update);
1413 break;
1414
1415 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE:
1416 {
1417 ActivatedEventArgs activatedEvent = WINPR_C_ARRAY_INIT;
1418 rdpContext* context = rdp->context;
1419 EventArgsInit(&activatedEvent, "libfreerdp");
1420 activatedEvent.firstActivation =
1421 !rdp_finalize_is_flag_set(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1422 if (PubSub_OnActivated(rdp->pubSub, context, &activatedEvent) < 0)
1423 return FALSE;
1424 }
1425
1426 break;
1427
1428 default:
1429 break;
1430 }
1431
1432 {
1433 ConnectionStateChangeEventArgs stateEvent = WINPR_C_ARRAY_INIT;
1434 rdpContext* context = rdp->context;
1435 EventArgsInit(&stateEvent, "libfreerdp");
1436 stateEvent.state = WINPR_ASSERTING_INT_CAST(int32_t, rdp_get_state(rdp));
1437 stateEvent.active = rdp_is_active_state(rdp);
1438 if (PubSub_OnConnectionStateChange(rdp->pubSub, context, &stateEvent) < 0)
1439 return FALSE;
1440 }
1441
1442 return TRUE;
1443}
1444
1445BOOL rdp_server_accept_nego(rdpRdp* rdp, wStream* s)
1446{
1447 UINT32 SelectedProtocol = 0;
1448 UINT32 RequestedProtocols = 0;
1449 BOOL status = 0;
1450 rdpSettings* settings = nullptr;
1451 rdpNego* nego = nullptr;
1452
1453 WINPR_ASSERT(rdp);
1454 WINPR_ASSERT(s);
1455
1456 settings = rdp->settings;
1457 WINPR_ASSERT(settings);
1458
1459 nego = rdp->nego;
1460 WINPR_ASSERT(nego);
1461
1462 if (!transport_set_blocking_mode(rdp->transport, TRUE))
1463 return FALSE;
1464
1465 if (!nego_read_request(nego, s))
1466 return FALSE;
1467
1468 RequestedProtocols = nego_get_requested_protocols(nego);
1469 WLog_DBG(TAG, "Client Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
1470 (RequestedProtocols & PROTOCOL_RDSTLS) ? 1 : 0,
1471 (RequestedProtocols & PROTOCOL_HYBRID) ? 1 : 0,
1472 (RequestedProtocols & PROTOCOL_SSL) ? 1 : 0,
1473 (RequestedProtocols == PROTOCOL_RDP) ? 1 : 0);
1474 WLog_DBG(TAG,
1475 "Server Security: RDSTLS:%" PRId32 " NLA:%" PRId32 " TLS:%" PRId32 " RDP:%" PRId32 "",
1476 settings->RdstlsSecurity, settings->NlaSecurity, settings->TlsSecurity,
1477 settings->RdpSecurity);
1478
1479 if ((settings->RdstlsSecurity) && (RequestedProtocols & PROTOCOL_RDSTLS))
1480 {
1481 SelectedProtocol = PROTOCOL_RDSTLS;
1482 }
1483 else if ((settings->NlaSecurity) && (RequestedProtocols & PROTOCOL_HYBRID))
1484 {
1485 SelectedProtocol = PROTOCOL_HYBRID;
1486 }
1487 else if ((settings->TlsSecurity) && (RequestedProtocols & PROTOCOL_SSL))
1488 {
1489 SelectedProtocol = PROTOCOL_SSL;
1490 }
1491 else if ((settings->RdpSecurity) && (RequestedProtocols == PROTOCOL_RDP))
1492 {
1493 SelectedProtocol = PROTOCOL_RDP;
1494 }
1495 else
1496 {
1497 /*
1498 * when here client and server aren't compatible, we select the right
1499 * error message to return to the client in the nego failure packet
1500 */
1501 SelectedProtocol = PROTOCOL_FAILED_NEGO;
1502
1503 if (settings->RdpSecurity)
1504 {
1505 WLog_ERR(TAG, "server supports only Standard RDP Security");
1506 SelectedProtocol |= SSL_NOT_ALLOWED_BY_SERVER;
1507 }
1508 else
1509 {
1510 if (settings->NlaSecurity && !settings->TlsSecurity)
1511 {
1512 WLog_WARN(TAG, "server supports only NLA Security");
1513 SelectedProtocol |= HYBRID_REQUIRED_BY_SERVER;
1514 }
1515 else
1516 {
1517 WLog_WARN(TAG, "server supports only a SSL based Security (TLS or NLA)");
1518 SelectedProtocol |= SSL_REQUIRED_BY_SERVER;
1519 }
1520 }
1521
1522 WLog_ERR(TAG, "Protocol security negotiation failure");
1523 }
1524
1525 if (!(SelectedProtocol & PROTOCOL_FAILED_NEGO))
1526 {
1527 WLog_DBG(TAG, "Negotiated Security: RDSTLS:%d NLA:%d TLS:%d RDP:%d",
1528 (SelectedProtocol & PROTOCOL_RDSTLS) ? 1 : 0,
1529 (SelectedProtocol & PROTOCOL_HYBRID) ? 1 : 0,
1530 (SelectedProtocol & PROTOCOL_SSL) ? 1 : 0,
1531 (SelectedProtocol == PROTOCOL_RDP) ? 1 : 0);
1532 }
1533
1534 if (!nego_set_selected_protocol(nego, SelectedProtocol))
1535 return FALSE;
1536
1537 if (!nego_send_negotiation_response(nego))
1538 return FALSE;
1539
1540 SelectedProtocol = nego_get_selected_protocol(nego);
1541 status = FALSE;
1542
1543 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_VmConnectMode) &&
1544 SelectedProtocol != PROTOCOL_RDP)
1545 /* When behind a Hyper-V proxy, security != RDP is handled by the host. */
1546 status = TRUE;
1547 else if (SelectedProtocol & PROTOCOL_RDSTLS)
1548 status = transport_accept_rdstls(rdp->transport);
1549 else if (SelectedProtocol & PROTOCOL_HYBRID)
1550 status = transport_accept_nla(rdp->transport);
1551 else if (SelectedProtocol & PROTOCOL_SSL)
1552 status = transport_accept_tls(rdp->transport);
1553 else if (SelectedProtocol == PROTOCOL_RDP) /* 0 */
1554 status = transport_accept_rdp(rdp->transport);
1555
1556 if (!status)
1557 return FALSE;
1558
1559 return transport_set_blocking_mode(rdp->transport, FALSE);
1560}
1561
1562static BOOL rdp_update_encryption_level(rdpSettings* settings)
1563{
1564 WINPR_ASSERT(settings);
1565
1566 UINT32 EncryptionLevel = freerdp_settings_get_uint32(settings, FreeRDP_EncryptionLevel);
1567 UINT32 EncryptionMethods = freerdp_settings_get_uint32(settings, FreeRDP_EncryptionMethods);
1568
1579 if (!settings->UseRdpSecurityLayer)
1580 {
1581 /* TLS/NLA is used: disable rdp style encryption */
1582 EncryptionLevel = ENCRYPTION_LEVEL_NONE;
1583 }
1584 else
1585 {
1586 /* verify server encryption level value */
1587 switch (EncryptionLevel)
1588 {
1589 case ENCRYPTION_LEVEL_NONE:
1590 WLog_INFO(TAG, "Active rdp encryption level: NONE");
1591 break;
1592
1593 case ENCRYPTION_LEVEL_FIPS:
1594 WLog_INFO(TAG, "Active rdp encryption level: FIPS Compliant");
1595 break;
1596
1597 case ENCRYPTION_LEVEL_HIGH:
1598 WLog_INFO(TAG, "Active rdp encryption level: HIGH");
1599 break;
1600
1601 case ENCRYPTION_LEVEL_LOW:
1602 WLog_INFO(TAG, "Active rdp encryption level: LOW");
1603 break;
1604
1605 case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
1606 WLog_INFO(TAG, "Active rdp encryption level: CLIENT-COMPATIBLE");
1607 break;
1608
1609 default:
1610 WLog_ERR(TAG, "Invalid server encryption level 0x%08" PRIX32 "", EncryptionLevel);
1611 WLog_ERR(TAG, "Switching to encryption level CLIENT-COMPATIBLE");
1612 EncryptionLevel = ENCRYPTION_LEVEL_CLIENT_COMPATIBLE;
1613 }
1614 }
1615
1616 /* choose rdp encryption method based on server level and client methods */
1617 switch (EncryptionLevel)
1618 {
1619 case ENCRYPTION_LEVEL_NONE:
1620 /* The only valid method is NONE in this case */
1621 EncryptionMethods = ENCRYPTION_METHOD_NONE;
1622 break;
1623
1624 case ENCRYPTION_LEVEL_FIPS:
1625
1626 /* The only valid method is FIPS in this case */
1627 if (!(EncryptionMethods & ENCRYPTION_METHOD_FIPS))
1628 {
1629 WLog_WARN(TAG, "client does not support FIPS as required by server configuration");
1630 }
1631
1632 EncryptionMethods = ENCRYPTION_METHOD_FIPS;
1633 break;
1634
1635 case ENCRYPTION_LEVEL_HIGH:
1636
1637 /* Maximum key strength supported by the server must be used (128 bit)*/
1638 if (!(EncryptionMethods & ENCRYPTION_METHOD_128BIT))
1639 {
1640 WLog_WARN(TAG, "client does not support 128 bit encryption method as required by "
1641 "server configuration");
1642 }
1643
1644 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1645 break;
1646
1647 case ENCRYPTION_LEVEL_LOW:
1648 case ENCRYPTION_LEVEL_CLIENT_COMPATIBLE:
1649
1650 /* Maximum key strength supported by the client must be used */
1651 if (EncryptionMethods & ENCRYPTION_METHOD_128BIT)
1652 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1653 else if (EncryptionMethods & ENCRYPTION_METHOD_56BIT)
1654 EncryptionMethods = ENCRYPTION_METHOD_56BIT;
1655 else if (EncryptionMethods & ENCRYPTION_METHOD_40BIT)
1656 EncryptionMethods = ENCRYPTION_METHOD_40BIT;
1657 else if (EncryptionMethods & ENCRYPTION_METHOD_FIPS)
1658 EncryptionMethods = ENCRYPTION_METHOD_FIPS;
1659 else
1660 {
1661 WLog_WARN(TAG, "client has not announced any supported encryption methods");
1662 EncryptionMethods = ENCRYPTION_METHOD_128BIT;
1663 }
1664
1665 break;
1666
1667 default:
1668 WLog_ERR(TAG, "internal error: unknown encryption level");
1669 return FALSE;
1670 }
1671
1672 /* log selected encryption method */
1673 if (settings->UseRdpSecurityLayer)
1674 {
1675 switch (EncryptionMethods)
1676 {
1677 case ENCRYPTION_METHOD_NONE:
1678 WLog_INFO(TAG, "Selected rdp encryption method: NONE");
1679 break;
1680
1681 case ENCRYPTION_METHOD_40BIT:
1682 WLog_INFO(TAG, "Selected rdp encryption method: 40BIT");
1683 break;
1684
1685 case ENCRYPTION_METHOD_56BIT:
1686 WLog_INFO(TAG, "Selected rdp encryption method: 56BIT");
1687 break;
1688
1689 case ENCRYPTION_METHOD_128BIT:
1690 WLog_INFO(TAG, "Selected rdp encryption method: 128BIT");
1691 break;
1692
1693 case ENCRYPTION_METHOD_FIPS:
1694 WLog_INFO(TAG, "Selected rdp encryption method: FIPS");
1695 break;
1696
1697 default:
1698 WLog_ERR(TAG, "internal error: unknown encryption method");
1699 return FALSE;
1700 }
1701 }
1702
1703 if (!freerdp_settings_set_uint32(settings, FreeRDP_EncryptionLevel, EncryptionLevel))
1704 return FALSE;
1705 if (!freerdp_settings_set_uint32(settings, FreeRDP_EncryptionMethods, EncryptionMethods))
1706 return FALSE;
1707 return TRUE;
1708}
1709
1710BOOL rdp_server_accept_mcs_connect_initial(rdpRdp* rdp, wStream* s)
1711{
1712 WINPR_ASSERT(rdp);
1713 WINPR_ASSERT(s);
1714
1715 rdpMcs* mcs = rdp->mcs;
1716 WINPR_ASSERT(mcs);
1717
1718 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_CREATE_REQUEST);
1719 if (!mcs_recv_connect_initial(mcs, s))
1720 return FALSE;
1721 WINPR_ASSERT(rdp->settings);
1722
1723 if (!mcs_server_apply_to_settings(mcs, rdp->settings))
1724 return FALSE;
1725
1726 WLog_DBG(TAG, "Accepted client: %s", rdp->settings->ClientHostname);
1727 WLog_DBG(TAG, "Accepted channels:");
1728
1729 WINPR_ASSERT(mcs->channels || (mcs->channelCount == 0));
1730 for (UINT32 i = 0; i < mcs->channelCount; i++)
1731 {
1732 ADDIN_ARGV* arg = nullptr;
1733 rdpMcsChannel* cur = &mcs->channels[i];
1734 const char* params[1] = { cur->Name };
1735 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1736 arg = freerdp_addin_argv_new(ARRAYSIZE(params), params);
1737 if (!arg)
1738 return FALSE;
1739
1740 if (!freerdp_static_channel_collection_add(rdp->settings, arg))
1741 {
1742 freerdp_addin_argv_free(arg);
1743 return FALSE;
1744 }
1745 }
1746
1747 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CREATE_RESPONSE))
1748 return FALSE;
1749 if (!rdp_update_encryption_level(rdp->settings))
1750 return FALSE;
1751 if (!mcs_send_connect_response(mcs))
1752 return FALSE;
1753 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ERECT_DOMAIN))
1754 return FALSE;
1755
1756 return TRUE;
1757}
1758
1759BOOL rdp_server_accept_mcs_erect_domain_request(rdpRdp* rdp, wStream* s)
1760{
1761 WINPR_ASSERT(rdp);
1762 WINPR_ASSERT(s);
1763 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_ERECT_DOMAIN);
1764
1765 if (!mcs_recv_erect_domain_request(rdp->mcs, s))
1766 return FALSE;
1767
1768 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ATTACH_USER);
1769}
1770
1771static BOOL rdp_server_skip_mcs_channel_join(rdpRdp* rdp)
1772{
1773 WINPR_ASSERT(rdp);
1774
1775 rdpMcs* mcs = rdp->mcs;
1776 WINPR_ASSERT(mcs);
1777
1778 mcs->userChannelJoined = TRUE;
1779 mcs->globalChannelJoined = TRUE;
1780 mcs->messageChannelJoined = TRUE;
1781
1782 for (UINT32 i = 0; i < mcs->channelCount; i++)
1783 {
1784 rdpMcsChannel* cur = &mcs->channels[i];
1785 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1786 cur->joined = TRUE;
1787 }
1788 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT);
1789}
1790
1791BOOL rdp_server_accept_mcs_attach_user_request(rdpRdp* rdp, wStream* s)
1792{
1793 if (!mcs_recv_attach_user_request(rdp->mcs, s))
1794 return FALSE;
1795
1796 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM))
1797 return FALSE;
1798
1799 if (!mcs_send_attach_user_confirm(rdp->mcs))
1800 return FALSE;
1801
1802 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_SupportSkipChannelJoin))
1803 return rdp_server_skip_mcs_channel_join(rdp);
1804 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST);
1805}
1806
1807BOOL rdp_server_accept_mcs_channel_join_request(rdpRdp* rdp, wStream* s)
1808{
1809 UINT16 channelId = 0;
1810 BOOL allJoined = TRUE;
1811 rdpMcs* mcs = nullptr;
1812
1813 WINPR_ASSERT(rdp);
1814 WINPR_ASSERT(rdp->context);
1815
1816 mcs = rdp->mcs;
1817 WINPR_ASSERT(mcs);
1818
1819 WINPR_ASSERT(rdp_get_state(rdp) == CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST);
1820
1821 if (!mcs_recv_channel_join_request(mcs, rdp->settings, s, &channelId))
1822 return FALSE;
1823
1824 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE))
1825 return FALSE;
1826
1827 if (!mcs_send_channel_join_confirm(mcs, channelId))
1828 return FALSE;
1829
1830 if (channelId == mcs->userId)
1831 mcs->userChannelJoined = TRUE;
1832 if (channelId == MCS_GLOBAL_CHANNEL_ID)
1833 mcs->globalChannelJoined = TRUE;
1834 if (channelId == mcs->messageChannelId)
1835 mcs->messageChannelJoined = TRUE;
1836
1837 for (UINT32 i = 0; i < mcs->channelCount; i++)
1838 {
1839 rdpMcsChannel* cur = &mcs->channels[i];
1840 WLog_DBG(TAG, " %s [%" PRIu16 "]", cur->Name, cur->ChannelId);
1841 if (cur->ChannelId == channelId)
1842 cur->joined = TRUE;
1843
1844 if (!cur->joined)
1845 allJoined = FALSE;
1846 }
1847
1848 CONNECTION_STATE rc = CONNECTION_STATE_INITIAL;
1849 if ((mcs->userChannelJoined) && (mcs->globalChannelJoined) &&
1850 (mcs->messageChannelId == 0 || mcs->messageChannelJoined) && allJoined)
1851 rc = CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT;
1852 else
1853 rc = CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST;
1854
1855 return rdp_server_transition_to_state(rdp, rc);
1856}
1857
1858static BOOL rdp_server_send_sync(rdpRdp* rdp)
1859{
1860 WINPR_ASSERT(rdp);
1861
1862 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_SYNC))
1863 return FALSE;
1864 if (!rdp_send_server_synchronize_pdu(rdp))
1865 return FALSE;
1866 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE))
1867 return FALSE;
1868 if (!rdp_send_server_control_cooperate_pdu(rdp))
1869 return FALSE;
1870 if (!rdp_finalize_reset_flags(rdp, FALSE))
1871 return FALSE;
1872 return rdp_server_transition_to_state(rdp, CONNECTION_STATE_FINALIZATION_SYNC);
1873}
1874
1875BOOL rdp_server_accept_confirm_active(rdpRdp* rdp, wStream* s, UINT16 pduLength)
1876{
1877 WINPR_ASSERT(rdp);
1878 WINPR_ASSERT(rdp->context);
1879 WINPR_ASSERT(rdp->settings);
1880 WINPR_ASSERT(s);
1881
1882 freerdp_peer* peer = rdp->context->peer;
1883 WINPR_ASSERT(peer);
1884
1885 if (rdp_get_state(rdp) != CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE)
1886 {
1887 if (freerdp_settings_get_bool(rdp->settings, FreeRDP_TransportDumpReplay))
1888 rdp_finalize_set_flag(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1889 else
1890 {
1891 WLog_WARN(TAG, "Invalid state, got %s, expected %s", rdp_get_state_string(rdp),
1892 rdp_state_string(CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE));
1893 return FALSE;
1894 }
1895 }
1896
1897 if (!rdp_recv_confirm_active(rdp, s, pduLength))
1898 return FALSE;
1899
1900 if (peer->ClientCapabilities && !peer->ClientCapabilities(peer))
1901 {
1902 WLog_WARN(TAG, "peer->ClientCapabilities failed");
1903 return FALSE;
1904 }
1905
1906 if (rdp->settings->SaltedChecksum)
1907 rdp->do_secure_checksum = TRUE;
1908
1909 return rdp_server_send_sync(rdp);
1910}
1911
1912BOOL rdp_server_reactivate(rdpRdp* rdp)
1913{
1914 freerdp_peer* client = nullptr;
1915
1916 if (rdp->context && rdp->context->peer)
1917 client = rdp->context->peer;
1918
1919 if (client)
1920 client->activated = FALSE;
1921
1922 if (!rdp_send_deactivate_all(rdp))
1923 return FALSE;
1924
1925 rdp_finalize_set_flag(rdp, FINALIZE_DEACTIVATE_REACTIVATE);
1926 if (!rdp_server_transition_to_state(rdp, CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE))
1927 return FALSE;
1928
1929 state_run_t rc = rdp_peer_handle_state_demand_active(client);
1930 return state_run_success(rc);
1931}
1932
1933static BOOL rdp_is_active_peer_state(CONNECTION_STATE state)
1934{
1935 /* [MS-RDPBCGR] 1.3.1.1 Connection Sequence states:
1936 * 'upon receipt of the Font List PDU the server can start sending graphics
1937 * output to the client'
1938 */
1939 switch (state)
1940 {
1941 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
1942 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
1943 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
1944 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
1945 case CONNECTION_STATE_ACTIVE:
1946 return TRUE;
1947 default:
1948 return FALSE;
1949 }
1950}
1951
1952static BOOL rdp_is_active_client_state(CONNECTION_STATE state)
1953{
1954 /* [MS-RDPBCGR] 1.3.1.1 Connection Sequence states:
1955 * 'Once the client has sent the Confirm Active PDU, it can start sending
1956 * mouse and keyboard input to the server'
1957 */
1958 switch (state)
1959 {
1960 case CONNECTION_STATE_FINALIZATION_SYNC:
1961 case CONNECTION_STATE_FINALIZATION_COOPERATE:
1962 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
1963 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
1964 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
1965 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
1966 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
1967 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
1968 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
1969 case CONNECTION_STATE_ACTIVE:
1970 return TRUE;
1971 default:
1972 return FALSE;
1973 }
1974}
1975
1976BOOL rdp_is_active_state(const rdpRdp* rdp)
1977{
1978 WINPR_ASSERT(rdp);
1979 WINPR_ASSERT(rdp->context);
1980
1981 const CONNECTION_STATE state = rdp_get_state(rdp);
1982 if (freerdp_settings_get_bool(rdp->context->settings, FreeRDP_ServerMode))
1983 return rdp_is_active_peer_state(state);
1984 else
1985 return rdp_is_active_client_state(state);
1986}
1987
1988BOOL rdp_server_transition_to_state(rdpRdp* rdp, CONNECTION_STATE state)
1989{
1990 BOOL status = FALSE;
1991 freerdp_peer* client = nullptr;
1992 const CONNECTION_STATE cstate = rdp_get_state(rdp);
1993
1994 if (cstate >= CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT)
1995 {
1996 WINPR_ASSERT(rdp->context);
1997 client = rdp->context->peer;
1998 }
1999
2000 if (!rdp_is_active_peer_state(cstate))
2001 {
2002 if (client)
2003 client->activated = FALSE;
2004 }
2005
2006 WLog_Print(rdp->log, WLOG_DEBUG, "%s --> %s", rdp_get_state_string(rdp),
2007 rdp_state_string(state));
2008 if (!rdp_set_state(rdp, state))
2009 goto fail;
2010
2011 status = TRUE;
2012fail:
2013 return status;
2014}
2015
2016const char* rdp_client_connection_state_string(UINT state)
2017{
2018 switch (state)
2019 {
2020 case CLIENT_STATE_INITIAL:
2021 return "CLIENT_STATE_INITIAL";
2022 case CLIENT_STATE_PRECONNECT_PASSED:
2023 return "CLIENT_STATE_PRECONNECT_PASSED";
2024 case CLIENT_STATE_POSTCONNECT_PASSED:
2025 return "CLIENT_STATE_POSTCONNECT_PASSED";
2026 default:
2027 return "UNKNOWN";
2028 }
2029}
2030
2031const char* rdp_state_string(CONNECTION_STATE state)
2032{
2033 switch (state)
2034 {
2035 case CONNECTION_STATE_INITIAL:
2036 return "CONNECTION_STATE_INITIAL";
2037 case CONNECTION_STATE_NEGO:
2038 return "CONNECTION_STATE_NEGO";
2039 case CONNECTION_STATE_NLA:
2040 return "CONNECTION_STATE_NLA";
2041 case CONNECTION_STATE_AAD:
2042 return "CONNECTION_STATE_AAD";
2043 case CONNECTION_STATE_MCS_CREATE_REQUEST:
2044 return "CONNECTION_STATE_MCS_CREATE_REQUEST";
2045 case CONNECTION_STATE_MCS_CREATE_RESPONSE:
2046 return "CONNECTION_STATE_MCS_CREATE_RESPONSE";
2047 case CONNECTION_STATE_MCS_ERECT_DOMAIN:
2048 return "CONNECTION_STATE_MCS_ERECT_DOMAIN";
2049 case CONNECTION_STATE_MCS_ATTACH_USER:
2050 return "CONNECTION_STATE_MCS_ATTACH_USER";
2051 case CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM:
2052 return "CONNECTION_STATE_MCS_ATTACH_USER_CONFIRM";
2053 case CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST:
2054 return "CONNECTION_STATE_MCS_CHANNEL_JOIN_REQUEST";
2055 case CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE:
2056 return "CONNECTION_STATE_MCS_CHANNEL_JOIN_RESPONSE";
2057 case CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT:
2058 return "CONNECTION_STATE_RDP_SECURITY_COMMENCEMENT";
2059 case CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE:
2060 return "CONNECTION_STATE_SECURE_SETTINGS_EXCHANGE";
2061 case CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST:
2062 return "CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_REQUEST";
2063 case CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_RESPONSE:
2064 return "CONNECTION_STATE_CONNECT_TIME_AUTO_DETECT_RESPONSE";
2065 case CONNECTION_STATE_LICENSING:
2066 return "CONNECTION_STATE_LICENSING";
2067 case CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST:
2068 return "CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_REQUEST";
2069 case CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_RESPONSE:
2070 return "CONNECTION_STATE_MULTITRANSPORT_BOOTSTRAPPING_RESPONSE";
2071 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE:
2072 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_DEMAND_ACTIVE";
2073 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT:
2074 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT";
2075 case CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE:
2076 return "CONNECTION_STATE_CAPABILITIES_EXCHANGE_CONFIRM_ACTIVE";
2077 case CONNECTION_STATE_FINALIZATION_SYNC:
2078 return "CONNECTION_STATE_FINALIZATION_SYNC";
2079 case CONNECTION_STATE_FINALIZATION_COOPERATE:
2080 return "CONNECTION_STATE_FINALIZATION_COOPERATE";
2081 case CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL:
2082 return "CONNECTION_STATE_FINALIZATION_REQUEST_CONTROL";
2083 case CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST:
2084 return "CONNECTION_STATE_FINALIZATION_PERSISTENT_KEY_LIST";
2085 case CONNECTION_STATE_FINALIZATION_FONT_LIST:
2086 return "CONNECTION_STATE_FINALIZATION_FONT_LIST";
2087 case CONNECTION_STATE_FINALIZATION_CLIENT_SYNC:
2088 return "CONNECTION_STATE_FINALIZATION_CLIENT_SYNC";
2089 case CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE:
2090 return "CONNECTION_STATE_FINALIZATION_CLIENT_COOPERATE";
2091 case CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL:
2092 return "CONNECTION_STATE_FINALIZATION_CLIENT_GRANTED_CONTROL";
2093 case CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP:
2094 return "CONNECTION_STATE_FINALIZATION_CLIENT_FONT_MAP";
2095 case CONNECTION_STATE_ACTIVE:
2096 return "CONNECTION_STATE_ACTIVE";
2097 default:
2098 return "UNKNOWN";
2099 }
2100}
2101
2102CONNECTION_STATE rdp_get_state(const rdpRdp* rdp)
2103{
2104 WINPR_ASSERT(rdp);
2105 return rdp->state;
2106}
2107
2108BOOL rdp_set_state(rdpRdp* rdp, CONNECTION_STATE state)
2109{
2110 WINPR_ASSERT(rdp);
2111 rdp->state = state;
2112 return TRUE;
2113}
2114
2115const char* rdp_get_state_string(const rdpRdp* rdp)
2116{
2117 CONNECTION_STATE state = rdp_get_state(rdp);
2118 return rdp_state_string(state);
2119}
2120
2121BOOL rdp_channels_from_mcs(rdpSettings* settings, const rdpRdp* rdp)
2122{
2123 const rdpMcs* mcs = nullptr;
2124
2125 WINPR_ASSERT(rdp);
2126
2127 mcs = rdp->mcs;
2128 WINPR_ASSERT(mcs);
2129
2130 if (!freerdp_settings_set_pointer_len(settings, FreeRDP_ChannelDefArray, nullptr,
2131 CHANNEL_MAX_COUNT))
2132 return FALSE;
2133
2134 for (UINT32 x = 0; x < mcs->channelCount; x++)
2135 {
2136 const rdpMcsChannel* mchannel = &mcs->channels[x];
2137 CHANNEL_DEF cur = WINPR_C_ARRAY_INIT;
2138
2139 memcpy(cur.name, mchannel->Name, sizeof(cur.name));
2140 cur.options = mchannel->options;
2141 if (!freerdp_settings_set_pointer_array(settings, FreeRDP_ChannelDefArray, x, &cur))
2142 return FALSE;
2143 }
2144
2145 return freerdp_settings_set_uint32(settings, FreeRDP_ChannelCount, mcs->channelCount);
2146}
2147
2148/* Here we are in client state CONFIRM_ACTIVE.
2149 *
2150 * This means:
2151 * 1. send the CONFIRM_ACTIVE PDU to the server
2152 * 2. register callbacks, the server can now start sending stuff
2153 */
2154state_run_t rdp_client_connect_confirm_active(rdpRdp* rdp, WINPR_ATTR_UNUSED wStream* s)
2155{
2156 WINPR_ASSERT(rdp);
2157 WINPR_ASSERT(rdp->settings);
2158 WINPR_ASSERT(s);
2159
2160 const UINT32 width = rdp->settings->DesktopWidth;
2161 const UINT32 height = rdp->settings->DesktopHeight;
2162
2163 if (!rdp_send_confirm_active(rdp))
2164 return STATE_RUN_FAILED;
2165
2166 if (!input_register_client_callbacks(rdp->input))
2167 {
2168 WLog_ERR(TAG, "error registering client callbacks");
2169 return STATE_RUN_FAILED;
2170 }
2171
2176 const BOOL deactivate_reactivate =
2177 rdp->was_deactivated && ((rdp->deactivated_width != rdp->settings->DesktopWidth) ||
2178 (rdp->deactivated_height != rdp->settings->DesktopHeight));
2179 const BOOL resolution_change =
2180 ((width != rdp->settings->DesktopWidth) || (height != rdp->settings->DesktopHeight));
2181 if (deactivate_reactivate || resolution_change)
2182 {
2183 BOOL status = TRUE;
2184 IFCALLRET(rdp->update->DesktopResize, status, rdp->update->context);
2185
2186 if (!status)
2187 {
2188 WLog_ERR(TAG, "client desktop resize callback failed");
2189 return STATE_RUN_FAILED;
2190 }
2191 }
2192
2193 WINPR_ASSERT(rdp->context);
2194 if (freerdp_shall_disconnect_context(rdp->context))
2195 return STATE_RUN_SUCCESS;
2196
2197 state_run_t status = STATE_RUN_SUCCESS;
2198 if (!rdp->settings->SupportMonitorLayoutPdu)
2199 status = rdp_client_connect_finalize(rdp);
2200 else
2201 {
2202 if (!rdp_client_transition_to_state(rdp,
2203 CONNECTION_STATE_CAPABILITIES_EXCHANGE_MONITOR_LAYOUT))
2204 status = STATE_RUN_FAILED;
2205 }
2206 if (!rdp_finalize_reset_flags(rdp, FALSE))
2207 status = STATE_RUN_FAILED;
2208 return status;
2209}
2210
2211BOOL rdp_handle_optional_rdp_decryption(rdpRdp* rdp, wStream* s, UINT16* length,
2212 UINT16* pSecurityFlags)
2213{
2214 BOOL rc = FALSE;
2215 WINPR_ASSERT(rdp);
2216 WINPR_ASSERT(rdp->settings);
2217
2218 UINT16 securityFlags = 0;
2219 if (rdp->settings->UseRdpSecurityLayer)
2220 {
2221 if (!rdp_read_security_header(rdp, s, &securityFlags, length))
2222 goto fail;
2223
2224 if (securityFlags & SEC_ENCRYPT)
2225 {
2226 if (!rdp_decrypt(rdp, s, length, securityFlags))
2227 goto fail;
2228 }
2229 }
2230
2231 rc = TRUE;
2232
2233fail:
2234 if (pSecurityFlags)
2235 *pSecurityFlags = securityFlags;
2236 return rc;
2237}
freerdp_settings_get_pointer
WINPR_ATTR_NODISCARD FREERDP_API const void * freerdp_settings_get_pointer(const rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a immutable pointer settings value.
Definition common/settings.c:1419
freerdp_settings_set_uint32
FREERDP_API BOOL freerdp_settings_set_uint32(rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id, UINT32 val)
Sets a UINT32 settings value.
freerdp_settings_get_string
WINPR_ATTR_NODISCARD FREERDP_API const char * freerdp_settings_get_string(const rdpSettings *settings, FreeRDP_Settings_Keys_String id)
Returns a immutable string settings value.
freerdp_settings_set_pointer_len
FREERDP_API BOOL freerdp_settings_set_pointer_len(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id, const void *data, size_t len)
Set a pointer to value data.
Definition common/settings.c:1431
freerdp_settings_get_pointer_writable
WINPR_ATTR_NODISCARD FREERDP_API void * freerdp_settings_get_pointer_writable(rdpSettings *settings, FreeRDP_Settings_Keys_Pointer id)
Returns a mutable pointer settings value.
Definition settings_getters.c:4088
freerdp_settings_get_codecs_flags
WINPR_ATTR_NODISCARD FREERDP_API UINT32 freerdp_settings_get_codecs_flags(const rdpSettings *settings)
helper function to get a mask of supported codec flags.
Definition common/settings.c:1999
freerdp_settings_get_uint32
WINPR_ATTR_NODISCARD FREERDP_API UINT32 freerdp_settings_get_uint32(const rdpSettings *settings, FreeRDP_Settings_Keys_UInt32 id)
Returns a UINT32 settings value.
freerdp_settings_get_bool
WINPR_ATTR_NODISCARD FREERDP_API BOOL freerdp_settings_get_bool(const rdpSettings *settings, FreeRDP_Settings_Keys_Bool id)
Returns a boolean settings value.
freerdp_settings_set_string
FREERDP_API BOOL freerdp_settings_set_string(rdpSettings *settings, FreeRDP_Settings_Keys_String id, const char *val)
Sets a string settings value. The param is copied.
Definition settings_getters.c:3729
ADDIN_ARGV
Definition settings_types.h:375
CHANNEL_DEF
Definition wtsapi.h:78